cut and pasted these from a web site quite a while ago now and still refer to some of them today!

Unfortunately, it was that long ago I cant remember where I got them from.

I divided them up into various O/S's, so I will post them in seperate threads to make searching easier!

Windows 2000 tips

Move Portions of Your Start Menu

You can make shortcuts on the taskbar that bring up frequently used items from your Start menu. This is also helpful if you want easy access to Start menu items on a different part of the screen.

Right click on an empty section of the taskbar point to Toolbars and then click New Toolbar...

In the New Toolbar window, browse to your Start menu directory (c:\documents and settings\USERNAME\Start Menu\Programs\). Choose the folder you want. Click on OK.
Rearrange your taskbar by dragging on the vertical bars until only the folder title is showing. All the actual links will disappear into a double arrow.
Click the double arrow to bring up the menu. You can drag the menu to another edge of the display to act as a second Start menu. For long titles, you might want to rename them to something shorter before you create the shortcut.

--------------------------------------------------------------------------------

Desktop Shortcut to Device Manager

For those who find themselves frequently swapping and replacing their computer’s internal hardware, creating an easy desktop shortcut to Device Manager saves several steps over the route through Control Panel.
To create a shortcut to Device Manager:
Right-click anywhere in your desktop.
Point to New, and then click Shortcut.
In the Create Shortcut wizard, type c:\winnt\system32\mmc.exe c:\winnt\system32\devmgmt.msc in the location of the item box (c:\winnt is the default system directory).
Click Next.
Enter a name for the shortcut, and then click Finish.
You can also use this procedure to create a desktop shortcut to Computer Management, a utility that includes Device Manager as well as Event Viewer, System Information, Performance Logs and Alerts, and other useful management tools. To do this, just replace devmgmt.msc with compmgmt.msc.

--------------------------------------------------------------------------------

What About Administration Tools?

If you’re looking for administration tools folder on your Microsoft Windows® 2000 Professional computer, you'll find it in Control Panel. Through customer feedback, the Administrative Tools folder was moved to Control Panel, where the majority of operating-system configuration and management tools are located.
However, if you miss having the Administrative Tools folder on the Start Menu, you can easily move it back to the Start Menu:
To move the Administrative Tools folder to your Start menu:
Click Start, point to Settings, then click Taskbar & Start Menu.
Click the Advanced tab.
In the list of Start Menu Settings, ensure that the Display Administrative Tools check box is selected, then click OK.

--------------------------------------------------------------------------------

WinXP USB 2.0 driver slides out, Win2k version MIA?

The Windows XP USB 2.0 driver that leaked last week does seem to be the finished item, and it's also available for download from Intel and Microsoft - in the latter case, only sort of. But for some strange reason, the Windows 2000 implementation seems to have gone missing.

Jeff Roberts of USBMan tells us that Win2k USB 2.0 drivers were in beta at the same time as the WinXP ones, but that his last three emails enquiring as to their whereabouts have gone unanswered. Microsoft is still committed to shipping USB 2.0 drivers for Win2k (earlier OSes won't be supported), but hasn't said when. Jeff does however note that there are no plans to include them in Win2k Service Pack 3, which is currently in beta.

--------------------------------------------------------------------------------

More W2K Service Pack 3 Detail

SP3 is in beta testing right now and it is expected that at least one more "build" or update to the SP3 beta will be released. (there has only been a single version released to the technical beta testers so far, and that was in December). It looks clear that there will be another version sometime soon, and that MS is planning at least one more chat session with SP3 testers.
Since the initial SP3 beta release several security patches have been released, and a roll-up security fix for W2K was recently released to the beta Windows Update site before being pulled abruptly because of problems reported with it. I would expect that "roll-up" fix to go into SP3 and in fact maybe that's the delay right now. SP3 could be soon but it may take a month or so.

--------------------------------------------------------------------------------

Where's MSINFO?

For frequent users of the utility MSINFO, you can now find it in the Computer Management console.

To open and use MSINFO:
Right-click the My Computer icon.
To open the Computer Management console, select Manage.
In the list of items under System Tools, expand the items under System Information, and you’ll recognize the sections you’re accustomed to seeing.
As before, you can export these details as a System Information File, which can be sent to Microsoft support professionals who request it. You can also open or print a System Information file.

--------------------------------------------------------------------------------

Use Device Manager to Switch from Uniprocessor to Multiprocessor Support

You can easily go from uniprocessor (UP) to multiprocessor (MP) support in Windows 2000 by using the Device Manager.

Here's how to do this in Windows 2000:
In Control Panel, open System, choose the Hardware tab, then click the Device Manager button.

Select the Computer node and expand it.

Double-click the first object listed below the computer node—on some systems, it is called "Standard PC". It might have a different name on your particular system.
Choose the Driver tab, and then click the Update Driver button.
On the Upgrade Device Driver Wizard, click the Next button, then select "Display a known list of drivers for this device so that I can choose a specific driver." Click the Next button.

On the Select Device Driver page, select "Show all hardware of this device class."
Select the HAL that matches your new configuration, multiprocessor or uniprocessor. Click the Next button. Check that the wizard is showing the configuration you want.

To install the driver, click the Next button.

To complete the wizard, click the Finish button.

Note: To switch from uniprocessor (UP) to multiprocessor (MP) support in Windows NT 4.0, use a Resource Kit utility called uptomp, or reinstall the operating system.

--------------------------------------------------------------------------------

Opening a Command Prompt from Windows Explorer

With previous versions of Microsoft Windows NT, to open a command prompt, the Cmd.exe command was always associated with Windows Explorer folders. The old technique was to go to the Windows NT Explorer Options/File Types and associate the File Folder item with Cmd.exe. With Windows 2000, you can use the Registry to activate this feature.

To enable the command prompt feature:
Create a new text file and call it "command.reg" (select any appropriate name for the .reg file).

Right-click the file and select Edit.

Copy and paste the following code into the file. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\shell\Command] @="Command &Prompt" [HKEY_CLASSES_ROOT\Directory\shell\Command\command] @="cmd.exe \\\"%1\\\""

Save and close the file.

To merge the file into the registry, right-click the file and select Merge.
When prompted to confirm your intended actions, click Yes.
When informed that your actions were successful, click OK.
To confirm your actions:
Right-click on a folder.
Confirm that an item labelled Command displays.
Select that item which will open a command prompt in that particular directory.


--------------------------------------------------------------------------------

Computer or software acting up? Need low cost Technical Help? Want FREE help to
learn a program? Printer or CD Writer broken? The Newbie Club now has 90 FULL TIME trained technicians on hand to advise you - at 8 cents a day. Their new site is now bigger and better than ever with so many Free Tutorials, Courses eBooks and Expert Articles, it will make your head shake in disbelief. And Membership is TOTALLY FREE. Go see what they're offering at TheNewbieClub You just won't believe it!


--------------------------------------------------------------------------------
Activate Network Monitor icon

Since the Network Monitor icon is not always activated by default, you may want to activate it yourself.

To activate the icon and its indicator "lights":

On the desktop, right-click My Network Places, then choose Properties.
In the Network and Dial-up Connections window, double-click Local Area Connection. On some computers, Local Area Connection (LAN) may be listed as Wide Area Network (WAN).
Click Properties. Select the "Show icon in taskbar when connected" check box at the bottom. Click OK.
An icon will display on your taskbar with a set of lights that show network activity. It's a great way to tell if your network is transferring any data.

Bonus Tip

To display a pop-up window that provides data on the current status of your connection—including speed and packets sent and received—place the cursor over the Network Monitor icon. To display a full Status window or to disconnect the network connection, double-click the icon.

--------------------------------------------------------------------------------

Quick E-mail

If you want to send a quick e-mail, perform one of the following steps:
Type mailto: in the Run: box (found in the Start menu).
Type mailto: in the Address: box of Internet Explorer.
Create a shortcut (for starting a new mail message) by typing mailto: in the Location text box of the Create Shortcut wizard.
You'll save yourself a few steps by not going into your default e-mail application and starting a new mail message.

--------------------------------------------------------------------------------

Immediate Queries with Indexing Service

By default, Indexing Service only indexes when applications and peripherals are not in use. If you type or move the mouse, indexing ceases for a couple of minutes. Also, if there are changes on the disk, Indexing Service won't index them for up to five minutes. This can be frustrating if you want to immediately query for files you just changed. To update as soon as possible:
In the Indexing Service MMC, right click Indexing Service, and then click Stop the service.
Right click Indexing Service, and then select All Tasks/Tune Performance.
Click the Customize radio button, and then click the Customize button.
Click and drag Indexing over to Instant.
Press OK twice.
Right click Indexing Service, and then click Start.
Now your changed files will be indexed in a few seconds or less.

--------------------------------------------------------------------------------

Control the Eject Function and More from Your Taskbar

If you have a computer tower case that rests on the floor, it may be bothersome to reach down and push the Eject button on your CD-ROM drive. Windows 2000 Professional allows you to play, pause, stop, and eject CDs from the taskbar. By right clicking the CD Player icon, you can also select any track, jump to the previous or next track, and create and edit play lists.
To add this capability to your taskbar:
On the Start menu, point to Programs, point to Accessories, point to Entertainment, and then click CD Player.
On the Options menu in CD Player, click Preferences.
In the Preferences dialog box, on the Player Options tab, click the Show control on task bar check box.
Click OK.

--------------------------------------------------------------------------------

Folder Shortcuts

Folder shortcuts are a new feature of the Windows 2000 shell, allowing you to make any folder on the user's machine act as if it were another folder. Unlike traditional shortcuts, Folder shortcuts integrate the target into the shell namespace, allowing you to present a direct hierarchy.
For example, if you drag and drop an icon for a folder or disk drive to your Start menu, Windows 2000 creates a shortcut that cascades to expose the contents of the target of the shortcut.
To create a folder shortcut:
Drag and drop a folder or disk drive icon onto your Start menu.
Click the Start menu, then point to the folder or drive that you just moved.
The target of the folder or drive shortcut has been grafted into the shell namespace. This reduces user confusion, because the Up button actually goes back up to the folder that contained the folder shortcut.
Note: If you open an Explorer window on the Start menu, you will see that the tree view expands through the folder shortcut.

--------------------------------------------------------------------------------

Folder Shortcuts on a Network

One useful way of exploiting a folder shortcut is to install it onto your Start menu, targeting a network share under the control of a system administrator. The administrator could then update the files on that share, and the changes are automatically reflected on the Start menu.
If you combine this feature with the ability to customize the icon and ToolTip for subfolders, you can deploy a customized, centrally controlled Start menu to all your users.

--------------------------------------------------------------------------------

More Details in My Documents and Windows Explorer View Mode

When scanning your folder contents in Windows Explorer, if you set the view mode to Details, you can usually view such default details as:
Name
Size
Type
Modified
If you’re interested in seeing additional file information in Windows Explorer when your files are set to Details mode, right-click on one of the column titles in Windows Explorer and you can add columns that display such fields as:
Attributes
Comment
Author
If you select the More... option at the bottom, a dialog box displays with additional fields that you can select.
Comment Column
With Windows Explorer set to Details view, if you open the file properties of certain file types such as Word documents or Excel spreadsheets, you can add explanatory text or comments to the Comment column.
To add comments to a file that you can view in Windows Explorer:
Right-click the file name and open the Properties dialog box.
Select the Summary tab.
Select the Comments icon and type your comments in the text box.
When finished, click OK.
You can also use a Customize This Folder wizard to enable a folder to display information in the Comment column.
To enable a folder to display information in the Comment column:
Open Windows Explorer and select a folder for which you want to add comments.
To launch the wizard, from the View menu, select Customize This Folder.
When the Welcome to the Customize This Folder Wizard window displays, click Next.
Select the Add Folder Comment check box. Clear all remaining check boxes, and then click Next.
In the Folder comment: text box, enter your comments. When completed, click Next.
To complete the wizard and have your changes take effect, click Finish.

--------------------------------------------------------------------------------

Removing and Personalizing Desktop Icons

Quick Launch

If you want to streamline your desktop and frequently used applications, simply drag a desktop icon to the Quick Launch portion of the taskbar. The re-located icon appears next to the other Quick Launch icons (e.g., Internet Explorer, Outlook Express).
To remove the icon that still remains on the desktop, locate the icon again and drag it to the recycle bin. With this icon removed from the desktop, it’ll be one less desktop icon to hunt for when you need to start a commonly used program.
My Computer icon
If you need to access My Computer on a regular basis, drag the My Computer icon to the Start button, and you will automatically create a cascading shortcut to My Computer that will expand to reveal your drives, folders, and files. With Windows 2000 incorporating the use of tooltips, you can also hold your cursor over a partition in the Start Menu for a moment to view its free space and capacity. You can execute a file just by single clicking on it in the Start Menu, and open a folder by double clicking.

--------------------------------------------------------------------------------

Use Network Connection Wizard to Transfer Data

If you need to transfer data between two computers that are running Windows 2000 Professional, the direct-connection method is very easy to set up. You can set up a parallel port connection in just a couple of minutes, then move files and folders to a new machine without a hitch.
To set up a parallel port connection between two computers:
In Control Panel, open the Networking and Dial-up Connections folder.
Double-click Make New Connection to start the Network Connection Wizard, then click Next.
On the Network Connection Type page, click Connect directly to another computer, then click Next.
In the Host or Guest page, specify the role of your computer:
Host: This computer has the information you want to access.
Guest: This computer will be used to access information on the host computer.
In the Connection Device page, identify the appropriate connection device (from one of the following items in the drop-down list), then click Next:
Infrared
Serial
Parallel port
In the Allowed Users page, select who may use the connection, then click Next.
In the Completing the Network Connection page, the default name for the enter a name for the connection, then click Finish.

--------------------------------------------------------------------------------

Windows 2000 Service Pack 2

Windows 2000 Service Pack 2 (SP2) provides the latest updates to the Windows 2000 family of operating systems. These updates are a collection of fixes in the following areas: application compatibility, operating system reliability, security, and setup. Windows 2000 SP2 includes the updates contained in Windows 2000 Service Pack 1 (SP1). Windows 2000 SP2 is not considered a required upgrade. To determine whether to install Windows 2000 SP2, Microsoft recommends that customers review the Windows 2000 SP2 documentation found under Learn More.
Windows 2000 SP2 automatically upgrades your system to 128-bit encryption. It is not possible to disable or uninstall this feature. If you remove Windows 2000 SP2 after installation, your system will continue to use 128-bit encryption; it will not revert to back to 56-bit encryption.
Windows 2000 SP2 adds high encryption support for all Windows 2000 encryption-based services, including Kerberos, Encrypting File System, RAS, RPC, SSL/TLS, CryptoAPI, Terminal Services RDP, and IPSec. High encryption support improves the security of local data and online transactions, as well as any other content you share over networks or the Internet. Get it and

--------------------------------------------------------------------------------

Windows 2000 drivers

Need to reinstall Windows 2000, or want to upgrade your current windows 2000 drivers? The first two places I would check for windows 2000 drivers would be driverhq.com, which has a comprehensive driver listing from audio to video, and they also have a program called Driver detective, which will help you find your current driver verion and manufacturer, and driverguide.com, which was created to make finding driver updates a whole lot easier. With the help of thousands of our members, we have compiled a massive database of drivers and resources that is by far the largest and most comprehensive on the Web.

--------------------------------------------------------------------------------

New and improved DUN, in Windows 2000

Microsoft has added some things to windows 2000 Dial Up Networking. From the first page of the DUN properties you can click on an alternates button. This window allows you to put in alternate numbers to try, you can also specify that the successful number will be moved to the top of the list. Helpful when fighting busy signals with your ISP . A second button on the DUN window allows you to set up dialing rules, for 10-digit dialing or for using a calling card. This can be set at the specific DUN level, which is nice for laptops and traveling! The network tab allows you to set network protocols at the DUN level too, with a lot more granularity than previously allowed, also good for traveling, or for setting up the dial in for the RAS server at work. And for the security conscious, you can enable or disable file and print sharing at the DUN level also.

--------------------------------------------------------------------------------

Use System File Checker to Solve Problems

I have found that many problems with Windows 2000 can be solved using the utility "sfc" with the Command Prompt. Sometimes, in the course of installing a program in Windows 2000, the program will overwrite or modify Win 2000's system files i.e. ".dll's" with their own version. If Windows 2000 misbehaves after a program installation, read the following and run "sfc" with the Command Prompt.
System File Checker (sfc.exe) is a command line utility that scans and verifies the versions of all protected system files after you restart your computer. If System File Checker discovers that a protected file has been overwritten, it retrieves the correct version of the file from the %systemroot%\system32\dllcache folder, and then replaces the incorrect file.
Syntax:
sfc [/scannow] [/scanonce] [/scanboot] [/cancel] [/quiet] [/enable] [/purgecache] [/cachesize=x]
Parameters:
/scannow
Scans all protected system files immediately.
/scanonce
Scans all protected system files once.
/scanboot
Scans all protected system files every time the computer is restarted.
/cancel
Cancels all pending scans of protected system files.
/quiet
Replaces all incorrect file versions without prompting the user.
/enable
Returns Windows File Protection to default operation, prompting the user to restore protected system files when files with incorrect versions are detected.
/purgecache
Purges the Windows File Protection file cache and scans all protected system files immediately.
/cachesize=x
Sets the size, in MB, of the Windows File Protection file cache.
You must be logged on as an administrator or as a member of the Administrators group to run System File Checker. If the %systemroot%\system32\dllcache folder becomes corrupt or unusable, use Sfc /scannow, Sfc /scanonce, or Sfc /scanboot to repair the contents of the Dllcache directory.

--------------------------------------------------------------------------------

Application Compatibility tool

If you are trying to run a program and it won't run because it states you are using the wrong OS try using the Application Compatibility tool. It is located in the support folder on your Win2000 CD.
"The Application Compatibility tool (Apcompat.exe) is a tool that attempts to convince programs that perform compliance checking in Windows 2000 that they are actually running under an earlier operating system."

--------------------------------------------------------------------------------

Thorough Scandisk in Windows 2000

The easy way is to open the Run box and type "chkdsk (drive/f" and you'll be asked if you would like to run it during the next startup. Say yes and reboot. If you do this without the "/f" parameter it will check your disk on the spot but won't fix anything. Good for information purposes.
The GUI way to do it is as follows...
Right-click on your drive, select Properties, Tools tab, Check Now button. Check both of the boxes and click Ok. You'll get a message saying it cannot perform the check as it cannot obtain exclusive access to the drive. It will then ask if you would like to run this during the next startup. Say Yes. Now reboot and Windows 2000 will do a multi-stage check on your drive.

--------------------------------------------------------------------------------

Windows 2000 Web services

Frustrated with the Personal Web Server that comes with Front Page and Windows 98? Windows 2000 comes bundled with a full-featured web server -IIS 5.0. You can run a personal or small business intranet with it, and yes, it comes with Front Page Extensions, so you can use those cool toys at home. IIS also has a built in FTP server, SMTP (mail) server and NNTP (news) server. IIS 5.0 is installed on Windows 2000 server by default. You can add, remove or install additional components from the Control Panel-add/remove programs icon.
IIS 5.0 is not installed on Windows 2000 Professional by default. Go to Add/Remove Programs, Add/Remove Windows Components, Mark the box, IIS.
To manage your web server, use the Internet Information Services console found at:
Start
Programs
Administrative tools
Internet Services Manager

--------------------------------------------------------------------------------

Shut down does not turn off computer

If the APM mode is enabled go to the device manager and from the view menu select "show hidden devices". NT APM/legacy support should appear. Just enable it and hopefully your problem will be solved.

--------------------------------------------------------------------------------

Windows 2000 Security

Windows 2000 strives to improve security policies over the previous versions, to make this process less of a headache for System Administrators, Windows 2000 offers a number of prebuilt and basic templates in the form of inf files that offer varying forms of security setting policies. All one has to do is browse to the Local Security Policy in Administrative Tools, then highlight Security settings and choose import policy. In most cases these templates will cover your needs, if not you can always customize them to your specific organization.

--------------------------------------------------------------------------------

Windows 2000 now offers one stop networking

Being an operating system designed for networks, all your network connections are now accessible from the start menu (start, settings, network and dial up connections). Clicking on any of the listed connections will give you a status window on the connection, which includes uptime/connect time and the speed of the connection. From this window you can disable the connection (or hang up a dial in connection), and also, click on the properties button to view/change the connection properties. Another cool thing, Windows has finally grown up in the world of networking and changing a network setting does not require a reboot any more.

--------------------------------------------------------------------------------

What About Administration Tools?

If you’re looking for administration tools folder on your Microsoft Windows® 2000 Professional computer, you'll find it in Control Panel. Through customer feedback, the Administrative Tools folder was moved to Control Panel, where the majority of operating-system configuration and management tools are located.
However, if you miss having the Administrative Tools folder on the Start Menu, you can easily move it back to the Start Menu, To move the Administrative Tools folder to your Start menu:
Click Start, point to Settings, then click Taskbar & Start Menu.
Click the Advanced tab.
In the list of Start Menu Settings, ensure that the Display Administrative Tools check box is selected, then click OK.

--------------------------------------------------------------------------------

Slow Network Browsing?

Windows 2000 has a problem where when you browse network drives, it would search the scheduled tasks folder, thus slowing down the response when browsing your network drives. Deleting a key from your registry will speed up network access, but, as always, be sure to back up your registry before making any changes.
Open up regedit.
Navigate to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace.
Find the key named {D6277990-4C6A-11CF-8D87-00AA0060F5BF}.
Right click on it and select delete, ok to confirm.
Restart your machine to allow the change to take affect.
Enjoy the improved response from your network drives.

--------------------------------------------------------------------------------

Want to speed up the start menu?

This involves editing your registry, please back it up before modifying.
Open regedit.
Navigate to HKEY_CURRENT_USER\Control Panel\Desktop
Select MenuShowDelay from the list on the right.
Right click on it and select Modify.
Change the value to 0.
Reboot your computer your computer to allow the change to take affect.
The start menu should be blazing fast and display almost immediately.

--------------------------------------------------------------------------------

Use Device Manager to Switch from Uniprocessor to Multiprocessor Support in Windows
2000

You can easily go from uniprocessor (UP) to multiprocessor (MP) support in Windows 2000 by using the Device Manager.
Here's how to do this in Windows 2000:
In Control Panel, open System, choose the Hardware tab, then click the Device Manager button.
Select the Computer node and expand it.
Double-click the first object listed below the computer node—on some systems, it is called "Standard PC". It might have a different name on your particular system.
Choose the Driver tab, and then click the Update Driver button.
On the Upgrade Device Driver Wizard, click the Next button, then select "Display a known list of drivers for this device so that I can choose a specific driver." Click the Next button.
On the Select Device Driver page, select "Show all hardware of this device class."
Select the HAL that matches your new configuration, multiprocessor or uniprocessor. Click the Next button. Check that the wizard is showing the configuration you want.

--------------------------------------------------------------------------------

Description of Safe Boot Mode in Windows 2000 (Q202485)

To use a Safe Boot option, follow these steps:
Restart your computer, and when the Boot menu appears, press F8 .
When the Windows Advanced Options menu appears, select an option, and then press ENTER.
When the Boot menu appears again, with the words "Safe Mode" displayed in red at the bottom, select the installation you want to start, and then press ENTER.

WARNING : Do not select a Microsoft Windows NT 4.0 installation.

--------------------------------------------------------------------------------

Desktop Cycler

Desktop Cycler for Windows 98/95/NT/2000 is a special utility to manage and cycle your desktop goodies. Using easy to use interface you can cycle hundreds of selected wallpapers, screensavers, desktop themes, windows logo, IE's toolbar skins or even Start Menu icons automatically on specific time. Plus access hundreds of selected resources sites for great and free desktop goodies

--------------------------------------------------------------------------------

A Tool for a Mature Active Directory

Mar 6 2003-Aelita Software this week introduced an infrastructure tool to help deal with the problems facing enterprises with mature Active Directories.
One of the first companies to anticipate the need for tools to help with the massive domain restructurings necessary four years ago prior to the launch of Windows 2000 and the Active Directory, Aelita is now looking ahead to the second-generation of problems enterprises need help resolving with their Active Directory infrastructures.

--------------------------------------------------------------------------------

Security Operations Guide for Windows 2000 Server

Mar 3 2003-Are you looking for ways to lock down Windows 2000 Server and minimize vulnerabilities? Are you looking for best practices on effectively managing patches? Are you looking for guidance on auditing and intrusion detection?
If you answered yes to these questions, this resource is for you. The Security Operations Guide for Windows 2000 Server delivers the guidance necessary for IT Pros to securely operate a Windows 2000 environment while ensuring the right access to the right content by the right people. This guide delivers procedures and best practices for system administrators to lock down their Windows 2000-based servers and maintain secure operations once they're up and running. Through effective use of Group Policy, proper patch management, and auditing and intrusion detection tactics, this guide provides administrators with the key information to manage risk of attack from avoidable malicious code (such as viruses and Trojan horses), unauthorized access, and data theft. Cosponsored by the Windows group, this guide is part of the Windows Strategic Technology Protection Program (STPP). The STPP is split into two primary phases: "Get Secure" and "Stay Secure". This guide briefly discusses Get Secure with server lockdown roles, and then focuses on the Stay Secure aspects.

--------------------------------------------------------------------------------

Flaw in Windows Me Help and Support Center Could Enable Code Execution (812709)

Feb 26 2003-Help and Support Center provides a centralized facility through which users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, and other assistance. Users and programs can execute URL links to Help and Support Center by using the "hcp://" prefix in a URL link instead of "http://".
A security vulnerability is present in the Windows Me version of Help and Support Center, and results because the URL Handler for the "hcp://" prefix contains an unchecked buffer.
An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, would execute code of the attacker’s choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine. In the case of an e-mail borne attack, if the user was using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, then an attack could not be automated and the user would still need to click on a URL sent in e-mail. However if the user was not using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, the attacker could cause an attack to trigger automatically without the user having to click on a URL contained in an e-mail.

--------------------------------------------------------------------------------

Securing Windows 2000 Server

Jan 16 2002-The Securing Windows 2000 Server solution is delivered in eleven chapters, plus a Test Guide, a Delivery Guide, and a Support Readiness Guide, each with applicable job aids, script files and test cases.
Securing Windows 2000 Server provides customers with comprehensive information and analysis tools to assess security risks specific to Windows 2000 Servers. By using the principles of MSF and MOF, and by applying the lessons of the Security Risk Management Discipline, customers learn how to identify the threats and vulnerabilities that exist within their organization and determine which risks have the most potential impact on their domain infrastructure. Recommendations regarding the use of IPSEC filters to fully lock down specific server roles are also provided. In addition, the solution incorporates material on Patch Management, Auditing and Intrusion Detection, and Responding to Incidents from the Windows 2000 Security Operations Guide.

--------------------------------------------------------------------------------

Technical Overview of Internet Information Services (IIS) 6.0

This article introduces the next generation of Web infrastructure capabilities that are available in the Windows Server 2003 family. It also describes the benefits and new technical features that are available when you deploy IIS 6.0.
Included in this Document
Introduction
The Application Server Role
IIS 6.0 Architecture—A New Request Processing Architecture
New Security Features
New Manageability Features
New Performance and Scalability Features
Enhanced Development Experience and New Programmatic Features
Platform Improvements
Summary

--------------------------------------------------------------------------------

Introducing the Windows Server 2003 Family

Microsoft Windows Server 2003 is now available for customer preview. The Windows Server 2003 family takes the best of Windows 2000 Server technology and makes it easier to deploy, manage, and use. The result: A highly productive infrastructure that helps make your network a strategic asset for your organization.
Evolutionary Improvements to Windows 2000
Windows Server 2003 includes all the functionality customers expect from a mission-critical Windows server operating system, such as security, reliability, availability, and scalability. In addition, Microsoft has improved and extended the Windows server operating systems to enable your organization to experience the benefits of Microsoft .NET—software for connecting information, people, systems, and devices.
Server Roles
Windows Server 2003 is a multipurpose operating system capable of handling a diverse set of server roles, depending on your needs, in either a centralized or distributed fashion. Some of these server roles include:
File and print server.
Web server and Web application server.
Mail server.
Terminal Server.
Remote access/virtual private network (VPN) server.
Directory services, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP) server, and Windows Internet
Naming Service (WINS).
Streaming media server.
This product overview explains the basics of the Windows Server 2003 family and includes links to more detailed information.

--------------------------------------------------------------------------------
Memory Leak in Services.exe

When Checking Arcname Services.exe may leak memory at a rate of about 40 MB per day. A Perfmon.exe trace may show the Private Bytes counter rising at a 45-degree angle. If you do not restart the server, the server may display an "out of virtual memory" error message.
Memory is being reserved for the NEWSTRING string variable and the "\ Arcname" constant is prepended to a driver path and then checked for validity. The problem is that NEWSTRING is not freed with LocalFree(NEWSTRING).

--------------------------------------------------------------------------------
UK Keyboard Layout CTRL+(left)ALT+E Produces Euro Symbol Along with Accented Letter E

On a computer that is running Windows 2000, with the English United Kingdom (UK) keyboard layout in use, pressing CTRL+(left)ALT+E produces both the symbol for the Euro and an accented e, where you expect only the accented e. This issue can occur in WordPad.exe.

--------------------------------------------------------------------------------

Win2k SP3, the 'snooper' licence, and the workaround

We've had quite a few emails from Windows 2000 Service Pack refuseniks who propose not to go anywhere near SP3 on the grounds that the installation insists you agree to the new-look Microsoft 'snooper's charter' supplementary licence in order to apply it. The critical clauses seem to be becoming standard for Microsoft products, and although they can be presented as helpful/necessary for updates, they could also be used for DRM purposes, and provide cover for more widespread snooping.

--------------------------------------------------------------------------------

How to defang Win2k SP3's auto updating

The register is reporting now they can tell you how to remove the "features" Microsoft has added to prevent the possibility of snooping on you in the future with Windows 2000.
Go to Start, then run services.msc. You can also do this via Control Panel, Administrative Tools, Services. Find Automatic Updates, and change startup type to disabled.
Then run gpedit.msc, the group policy editor. Go to User Configuration, Administrative Templates, Windows Components, Windows Update. On a fresh installation with SP3 applied this will show up as not configured, and somewhat counter-intuitively, in order to remove access to Windows Update, you enable it. Notice in passing that it's tagged Remove access to use all Windows Update "featues," which we presume is one they can fix in SP4.

--------------------------------------------------------------------------------

Win2K SP3 Available

On July 30, Microsoft released Windows 2000 Service Pack 3 (SP3). Users should consider loading the new service pack for a variety of reasons, including the fact that the new service pack contains all the fixes presented in the Win2K Security Rollup Package 1 (SRP1). In addition, when you install SP3 over a previously installed SP1, your systems will support 128-bit encryption. Also note that according to the README file on Microsoft's Web site, "beginning with Service Pack 2, 128-bit encryption is supported as the default, so if you previously installed Service Pack 2 (SP2), your computer has already been upgraded to this level of encryption. Furthermore, if you revert to SP1 or earlier, your computer will retain 128-bit encryption ...." Note, however, that after you install SP3, the Windows 2000 Protected Store is not upgraded to 128-bit encryption. Microsoft has released a patch and tool to upgrade the Protected Store. You can obtain these from Microsoft Security Bulletin MS00-032 (Patch and Tool Available for "Protected Store Key Length" Vulnerability). The FAQ for this security bulletin provides more information about Protected Store, the patch, and the tool.

--------------------------------------------------------------------------------

Windows 2000 benchmarks

Microsoft has posted a bunch of links to benchmarks of them beating the Unix variants from testing done at the Transaction Processing Performance Council.
The Windows server operating systems have repeatedly demonstrated performance advantages over UNIX variants in a wide range of industry benchmarks. The tables below summarize recent Windows Server family benchmark results and provide links to more information.

--------------------------------------------------------------------------------

SP3: More Rumors, More Delays

In response to my plea for Windows 2000 Service Pack 3 (SP3) news last week, one reader indicated that the new release-to-manufacturing (RTM) date is July 15. Paul Thurrott also sent a message in which he stated that Microsoft folks recently indicated that the final version of SP3 is slated for July 17 or July 24. However, yesterday Paul Thurrott published a news story on his Wininformant site ( http://www.wininformant.com ) stating that bugs in the Microsoft Installer (MSI) 2.0 code will likely further delay SP3's release. So who knows when we'll have access to this monster update, which I estimate will contain nearly 1000 bug fixes. Even so, you might want to ramp up your test environment and review your service pack testing, troubleshooting, and reporting procedures.
Here’s a quick summary of blue screens you might encounter after you upgrade to SP3, plus a short rehash of two nagging browse problems I discussed last month. You might see numerous blue screens from win32k.sys, wdmaud.sys, RRAS, the fault-tolerant disk driver, and a function in the registry API. Some crashes are predictable and consistent; others occur almost randomly. Both browse problems cause a lengthy delay when you attempt to open or save a file on a system with persistent network connections and when you attempt to browse for printers on a print server. I’m including the browse problems again because they have a significant effect on user frustration levels.

--------------------------------------------------------------------------------

WebCast: Support WebCast: Windows 2000, The Setup Process (Q325553)

This presentation is a basic overview of the installation process for Windows 2000. We will discuss the process in general and make note of changes made between the installation of Windows 2000 and Windows NT 4.0. The objective of this presentation is to inform the customer of what installation options are available, what they would encounter during an installation and what new features are available to assist the customer.

--------------------------------------------------------------------------------

WebCast: Windows 2000 Installing and Configuring the DNS Dynamic Update Protocol (Q325110)

During the presentation, we will cover some fundamental concepts of domain name
host resolution and why it is important. We will also talk about how to install and configure Windows 2000 DNS dynamic update protocol for use in both native and mixed modes in enterprise domains. We will explain how Dynamic Host Configuration Protocol (DHCP) will interoperate with DNS dynamic update protocol under Windows 2000. We will briefly discuss the process for dynamically updating resource records in the DNS database zone file.

--------------------------------------------------------------------------------

Microsoft releases Software Update Services

Microsoft Software Update Services (SUS) is designed to greatly simplify the process of keeping Windows-based systems up-to-date with the latest critical updates. SUS enables administrators to quickly and reliably deploy critical updates to their Windows 2000-based servers as well as desktop computers running Windows 2000 Professional or Windows XP Professional.

--------------------------------------------------------------------------------

Third Version of FRS Hotfix Corrects Replication Problems

The File Replication Service (FRS) is an essential component of Windows 2000 networks. The FRS code in the Win2K gold version didn't perform well on systems with large replication sets. To address the FRS performance problems, Microsoft released an important FRS update in October of 2001. As I explained in a previous column on this subject (see "New Multiprocessor Issues; More Desktop Shortcuts,"), the FRS update added intelligence to replication and file management algorithms that significantly enhanced the performance of file replication. See Microsoft article "Changes to the File Replication Service" for a detailed description of the enhancements in the original release.

In March, Microsoft released a second version of the FRS update to correct problems with Microsoft Office data files in the original FRS release. In a recently posted article, Microsoft admits to yet a third version of the FRS hotfix, which eliminates a host of replication concerns caused by the modified file system driver ntfs.sys packaged with the second version. The NTFS bug prevents some rename operations and prevents the FRS from fully replicating files and directories on systems where the replicated directory tree doesn't grant the System account full control.

--------------------------------------------------------------------------------

Service Pack 3

Looks like service pack 3 will be hitting us soon, some of the latest hot fixes show as being pre-sp4, so that usually means service pack 3 is nearing completion. It will definately be large, with almost 800 post sp2 updates, it will probably be massive. Happy updating.

--------------------------------------------------------------------------------

Slow Network Performance Occurs If You Copy Files to a Windows 2000 Domain Controller (Q321098)

If you copy files from a Windows 2000-based or a Microsoft Windows XP-based client computer to a network share on a Windows 2000-based domain controller, network performance is slower than if you copy the same files to a Windows 2000-based member server. You may notice this problem if you copy many small files; however, you may not notice this problem if you copy a few large files. This problem only occurs if you either use Microsoft Windows Explorer to copy the files or if a Windows Explorer window is open and connected to the target server. However, if you use Xcopy.exe to copy the files and all of the Windows Explorer windows are closed, you do not experience this problem.
If you review a trace of the problem, you notice that the delay occurs after the client sends the server an SMB Notify Change command with the FID entry that matches the FID entry of the target folder. Windows Explorer posts a Notify Change request on the network share, which asks to be notified if something changes in the folder that appears in the right pane of Windows Explorer. If a domain controller receives the Notify Change request, it does not respond to it immediately; it does not send packets for up to 200 milliseconds. At that point, a simple Transmission Control Protocol (TCP) acknowledgement (ACK) packet is sent and the file operation resumes as usual.

--------------------------------------------------------------------------------

You May Not Be Able to Copy Large Files on Computers That Are Running Windows NT 4.0 or Windows 2000 (Q259837)

When attempting to copy a large file, the copy process does not work and you may receive an error message.
When you try to copy / paste using Explorer GUI:
Cannot copy : Insufficient system resources exist to complete the requested service.
When you try to use xcopy or copy from a command prompt:
Insufficient system resources exist to complete the requested service.
-or-
When you try to send the file via FTP command, you receive the following misleading message which results in a zero byte file being created on the destination FTP server:
ftp> send
Local file f:\bigfile.bin
Remote file bigfile.bin
200 PORT command successful.
150 Opening BINARY mode data connection for bigfile.bin.
> f:\bigfile.bin:Invalid argument
226 Transfer complete.

--------------------------------------------------------------------------------

Troubleshooting Network Connections

With little news in the Windows 2000 bug and hotfix space this week, I decided to share some simple network troubleshooting techniques. I spent most of the past 2 weeks troubleshooting network connectivity and mail access problems on my network and for a client, and you can use the same tools and procedures to diagnose these problems on your networks. Most people don't realize that a network is a fluid, ever-changing structure with millions of parts, and that network connectivity, whether local or through the Internet, undergoes multiple daily hiccups (outages) that last a few minutes to an hour or more. Most of the hiccups are transitory—they’re caused by a link that’s down because a network administrator is rebooting, replacing, or reconfiguring a box that your message or request requires to identify or locate its destination. A network infrastructure is similar to our road system: When a cone zone (outage) pops up, we either wait until the cones come down, or we take a detour to get to our destination.

--------------------------------------------------------------------------------

Denial of Service Attack on Port 445 May Cause Excessive CPU Use (Q320751)

When you run a program on your Windows 2000-based server, the memory usage may substantially increase, you may receive virtual memory messages, and most server functions may be disabled. Computers that have a single CPU seem to be more susceptible to the CPU usage staying constant at 100 percent. After you quit the program, the CPU usage stays at 100 percent for a couple of minutes, and then idles out. On a computer that has more than one CPU, the CPU usage may stay at 100 percent for about 30 seconds, and then idles out.
This behavior can occur when a malicious user sends a Denial of Service (DoS) attack to port 445. This leads to high CPU and Kernel mode memory usage.
Top

--------------------------------------------------------------------------------

Microsoft releases new Windows 2000 Security Operations Guide

Are you looking for ways to lock down Windows 2000 Server and minimize vulnerabilities?
Are you looking for best practices on effectively managing patches?
Are you looking for guidance on auditing and intrusion detection?
If you answered yes to these questions, this resource is for you. The Security Operations Guide for Windows 2000 Server delivers the guidance necessary for IT Pros to securely operate a Windows 2000 environment while ensuring the right access to the right content by the right people. This guide delivers procedures and best practices for system administrators to lock down their Windows 2000-based servers and maintain secure operations once they're up and running. Through effective use of Group Policy, proper patch management, and auditing and intrusion detection tactics, this guide provides administrators with the key information to manage risk of attack from avoidable malicious code (such as viruses and Trojan horses), unauthorized access, and data theft. Cosponsored by the Windows group, this guide is part of the Windows Secure Technology Protection Program (STPP). The STPP is split into two primary phases: "Get Secure" and "Stay Secure". This guide briefly discusses Get Secure with server lockdown roles, and then focuses on the Stay Secure aspects.

--------------------------------------------------------------------------------

Troubleshooting Problems Communicating on the Internet (Q163391)

This article describes how to troubleshoot problems communicating with servers on the Internet using an Internet browser, FTP, or Telnet. This article assumes that you are able to connect and log on to your Internet service provider (ISP) successfully.
You may experience problems communicating with a server on the Internet for any of the following reasons:
The server is not functioning properly or has been temporarily removed from the Internet.
Your Internet browser is not configured properly.
The TCP/IP configuration for your dial-up connection to your ISP is incorrect.
Your ISP's Domain Name Service (DNS) server is not working properly.
To determine and resolve the problem you are experiencing, follow the procedures in each of the following sections in order. After you finish each procedure, check to see if you can communicate with servers on the Internet successfully.

--------------------------------------------------------------------------------

The Function of Native Win2K Processes

When you start Windows Task Manager and click the Processes tab, you see approximately 30 processes that Windows 2000 runs at startup, plus Microsoft and third-party processes that implement antivirus protection and other running applications. Some Task Manager processes (e.g., alertsvc.exe, Iexplore.exe, dns.exe, wins.exe) correlate one-for-one with a specific Win2K service; other processes, such as the System Idle Process, services.exe, and svchost.exe, are core OS components, or they coordinate multiple services. Processes that correlate directly with a native service appear in the Task Manager process list only when you've configured the service and the service is running. So, unless you've installed Win2K Server Tools on a Win2K Professional machine, you won't see dns.exe or wins.exe on the Win2K Pro system. These same native processes will appear on Win2K Server only if you have configured and started the service.

--------------------------------------------------------------------------------

Description of the Windows 2000 Recovery Console (Q229716)

This article describes the functionality and limitations of the Windows Recovery Console. The Windows Recovery Console is designed to help you recover when your Windows-based computer does not start properly or does not start at all.
When you use the Windows Recovery Console, you can obtain limited access to NTFS, FAT, and FAT32 volumes without starting the Windows graphical interface. In the Windows Recovery Console you can:
Use, copy, rename or replace operating system files and folders.
Enable or disable services or devices from starting when you next start your computer.
Repair the file system boot sector or the Master Boot Record (MBR).
Create and format partitions on drives.
Note that only an administrator can obtain access to the Windows Recovery Console so that unauthorized users cannot use any NTFS volume.

--------------------------------------------------------------------------------

How to Check the Video Driver (Q200435)

If you are having problems loading the video driver on your computer, you may have a program that has replaced some files. Symptoms of this problem include:
The system continues to default to VGA mode or only boots in VGA mode from the boot menu.
Your video driver is not loading properly.

--------------------------------------------------------------------------------

Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols

Found this at the IETF.org website.
This memo specifies Microsoft's Windows 2000 Kerberos change password and set password protocols. The Windows 2000 Kerberos change password protocol interoperates with the original Kerberos change password protocol. Change password is a request reply protocol that includes a KRB_PRIV message that contains the new password for the user.
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

--------------------------------------------------------------------------------

PPPoE with ICS Requires MTU Setting Below 1492 on the ICS Clients (Q259783)

If you are using Internet Connection Sharing (ICS) and the outbound connection uses PPP over Ethernet (PPPoE), the clients that are using the ICS connection may not be able to browse some Web sites or send e-mail messages that contain attachments.
PPPoE requires lowering the Maximum Transmission Unit (MTU) setting on all client computers to a value no larger than 1,492. (The default is 1,500.) In some cases, a value less than 1,492 may be necessary.

--------------------------------------------------------------------------------

Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution

The Telnet protocol provides remote shell capabilities. Microsoft has implemented the Telnet protocol by providing a Telnet Server in several products. The implementations in two of these products – Windows 2000 and Interix 2.2 – contain unchecked buffers in the code that handles the processing of telnet protocol options.
An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.

--------------------------------------------------------------------------------

A USB Device May Not Work on a Computer That Has Multiple Processors (Q306788)

When you USB device under the following conditions, the USB device may stop responding and you may need to restart your computer:
If the USB device has multiple ports
If you are using the USB device to perform bulk transfers (bulk read or write transfers)
If the computer has multiple processors
If the computer is running Windows 2000
A supported fix is now available from Microsoft, but it is only intended to correct the problem described in this article and should be applied only to systems experiencing this specific problem. This fix may receive additional testing at a later time, to further ensure product quality. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this fix. To resolve this problem immediately, contact Microsoft Product Support
Services to obtain the fix.

--------------------------------------------------------------------------------

Windows 2000 Shuts Down When You Try to Restart Your Computer (Q298925)

When you try to restart your computer, your computer may not restart; instead, your computer may shut down.
If you use the Power Options tool in Control Panel to configure your computer power button for shutdown and an attempt to shutdown your computer is denied by application, your computer does no restart when you click Restart on the Start menu.
Windows 2000 does not reset the Power Policy action after an application denial to a power management request occurs, and because of this, the following restart request is treated as a shut down request.

--------------------------------------------------------------------------------

Error Message When You Run fixmbr Command (Q266745)

When you attempt to run the fixmbr command in the Microsoft Windows 2000 recovery console, your computer system may display the following error message:
This computer appears to have a non-standard or invalid master boot record. FIXMBR may damage your partition tables if you proceed. This could cause all the partitions on the current hard disk to become inaccessible. If you are not having problems accessing your drive, do not continue. Are you sure you want to write a new MBR?

--------------------------------------------------------------------------------

Ntldr Cannot Load Fragmented System Hive (Q265509)

Your computer may stop responding (hang) during startup from a hard disk that uses the NTFS file system if the System hive file is too large. The System hive file is located in the %SystemRoot%\System32\Config folder.
Ntldr loads various drivers and system files into memory during an early phase of startup. The System hive is usually the biggest file that is loaded and is likely to be fragmented because it is modified often.
If the System hive file is too fragmented, it is not loaded from an NTFS volume, and the computer hangs. This problem does not occur on volumes that use the FAT or FAT32 file system.
--------------------------------------------------------------------------------