Resetting rights to system files

When an administrator attempts to secure the Microsoft Windows NT system by changing the default Windows NT file system (NTFS) file and directory permissions set up on the and/or the default system directories and subdirectories, some functions, such as users' ability to log on to the network, may be impaired. In extreme cases, the system may display a blue screen error message on startup.

Reinstall Windows NT into a separate directory. This will allow you to restore your operating system files %systemroot% from a backup tape that contains the correct default permissions to allow the operating system to boot and function normally. After Windows NT is restored and restarted, you can delete the parallel copy of Windows NT.


Use the NT v4.0 Resource Kit utility called FIXACLS.EXE.

FIXACLS.EXE can be found in the NT v4.0 Resource Kit Supplement Two.

When system permissions have been lost, FIXACLS can restore default permissions to the system files. For example, the Windows NT convert command only converts your file system to NTFS. It does not set the default permissions after the conversion. FIXACLS fills this gap.

To use FIXACLS, your user account needs "Backup files and folders" privileges on the computer where the files and folders are stored, and you must be logged on as a member of the Administrators group for the domain or computer where your user account is defined. Otherwise, "Access denied" error messages may occur.

FIXACLS sets the permissions to the values defined in %SYSTEMROOT%\INF\PERMS.INF. Therefore, access to this file is also required to run FIXACLS


How to Install the Windows Recovery Console (Q216417) To install the Windows Recovery Console after Windows is already installed on your computer:
Click Start, click Run, and then type CD-ROM drive letter:\i386\winnt32.exe /cmdcons in the Open box, where CD-ROM drive letter is the drive letter assigned to your CD-ROM drive.
Using REGEDIT to add, remove, and edit registry entries

REGEDIT.EXE [ /L:system ¦ /R:user ] [ /S ] importfile.REG

Export to a (.REG) file:
REGEDIT.EXE [ /L:system ¦ /R:user ] /E exportfile "registry_key"

Compress the registry (Windows 98 only):
REGEDIT.EXE [ /L:system ¦ /R:user ] /C

importfile.REG .REG file to be imported (or "merged")
exportfile File name the information should be written to
"registry_key" Registry key to be exported
e.g. "HKEY_CLASSES\ROOT\*\shell"
/S Silent, i.e. hide confirmation box when importing files
/E Export registry file
/L:system Specify the location of the system.dat to use
/R:user Specify the location of the user.dat to use
/C Compress [filename] (Windows 98 only)

REGEDIT is usually known as a GUI tool to search or edit the Windows registry.
I would not have mentioned it here, however, if it couldn't be used in unattended mode as well.
This page focuses on reading and editing the registry in unattended mode only.
(Microsoft's NT Workstation Resource Kit and NT Server Resource Kit come with REG.EXE, a utility that makes reading (or editing) NT's registry easier
It can read a single key and value directly, without the need for a temporary file.)

Adding and editing (importing) registry entries
Adding items to the registry requires a *.REG file:

REGEDIT /S addsome.REG
The /S switch is optional, it skips the message dialogs before and after the import of the *.REG file.

Removing registry entries
To remove an entire "tree" from the registry using REGEDIT and a .REG file, just add a minus sign before the tree name:



will remove the entire tree "DummyTree".

To remove an individual item from the registry, place the minus sign after the equal sign:


will remove the individual value "ValueToBeRemoved" from "DummyTree".

More info can be found at's Registry FAQ. How to remove an individual registry key or value using *.INF files and RUNDLL is explained here by Bill James.

Reading (exporting) from the registry
REGEDIT's /E switch can be used to export a registry key:

REGEDIT /E d:\path\filename.REG "HKEY_XXXX\Whatever Key"

This will write the registry key "HKEY_XXXX\Whatever Key" and its subkeys to a file named d:\path\filename.REG

TIP: Export a registry key to get an example of the exact required format.
"REGEDIT4" must be at the top followed by a blank line.
A blank line must be at the end of the file.
Multiple keys must be separated by a blank line (not the values, just new keys)


Woodstone bvba Servers Alive
Current version: v3.0.995
Servers Alive is an end-to-end network monitor program. Among the many checks it can do: it can monitor any Winsock service, ping a host, check if an NT service/process is running, check the available disk space on a server, retrieve an URL, check your database engine, and more. When it detects a down condition it can warn you in various ways, including sending you an email (SMTP) saying what is down, or paging you with a numeric or alphanumeric warning. It's also the first monitoring program to support WAP pages viewable with wireless devices. Servers Alive also supports host dependency and can be easily interrogated using a telnet client and/or a web browser.
The program can monitor up to 10 hosts/services in the unregistered version and up to 1000 in the registered version. If your organization only needs monitoring for 10 or less services then use Servers Alive for FREE as long as you want!


NTFS5 vs. FAT32 One somewhat dated argument for using FAT (or FAT32, in the case of Win2K) on server volumes relates to the boot partition. Before Win2K's release, many administrators used FAT on boot partitions because a DOS or Win9x boot disk can easily access and recover FAT volumes in the event of disaster. However, the addition of the Win2K Recovery Console (RC) invalidates this argument. The RC is a special alternative boot selection that you can install on a Win2K system. (To install this option, run winnt32/cmdcons from the Win2K CD-ROM.) You can use the RC to carry out several recovery-related operations on NTFS volumes, such as file copying and renaming. Now that Win2K includes the RC, your best choice of file systems for all Win2K server volumes is NTFS.


Q253912 - "Out of Memory" Error Messages with Large Amounts of RAM Installed The Windows 32-bit protected-mode cache driver (Vcache) determines the maximum cache size based on the amount of RAM that is present when Windows starts. Vcache then reserves enough memory addresses to permit it to access a cache of the maximum size so that it can increase the cache to that size if needed. These addresses are allocated in a range of virtual addresses from 0xC0000000 through 0xFFFFFFFF (3 to 4 gigabytes) known as the system arena.

On computers with large amounts of RAM, the maximum cache size can be large enough that Vcache consumes all of the addresses in the system arena, leaving no virtual memory addresses available for other functions such as opening an MS-DOS prompt (creating a new virtual machine).


High-Tech Dictionary File Types File Types
These extensions at the end of a filename refer to the type of file it is.


20010530 Lockergnome Windows Daily Troubleshooting Video Problems in Windows

"Video problems that occur when Windows is started normally, but do not occur when Windows is started in Safe mode are usually related to the display driver that Windows is attempting to use. To determine whether you are using a Windows 3.1, or Windows 95/98/Me video driver, follow these steps: Use any text editor (such as Notepad) to open the System.ini file in the Windows folder. In the [Boot] section, search for the "Display=" line. If this line reads anything other than the following line, the driver you are using is designed for Windows 3.1 (or an earlier version of Windows): Display.drv=Pnpdrvr.drv"
Browse Windows 2000 and 98 faster. Reader John Kehoe reports on an easy way to speed up your browsing of Windows 98 and Windows Me from Windows 2000 machines.

It turns out that you can experience a delay as long as 30 seconds when you try to view shared files across a local network from Windows 2000. For example, this delay would effect your search if you:

1. Right-click the My Network Places icon on your Windows 2000 desktop, click Search For Computers, and search for a Windows 98 or Windows Me computer name; or

2. Click Start, Run, and then type \\computername in reference to a Windows 98 or Windows Me machine.

Microsoft confirms this is a problem in Windows 2000. See The problem doesn't occur when browsing directly to a named computer share, just when using the computer name as shown above.

Windows 2000 is using the extra time to search the remote computer for Scheduled Tasks, a slow and unnecessary process. Kehoe provides a work-around that dramatically speeds things up.

Step 1. In Windows 2000, click Start, Run, type regedt32, and click OK.

Step 2. In the Registry Editor, navigate to the following branch: HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace.

Step 3. Under that branch, select the key {D6277990-4C6A-11CF-8D87-00AA0060F5BF}. This key instructs Windows Explorer to search for Scheduled Tasks. If you wish, pull down the R


W3C - World Wide Web Consortium

You've probably at least heard of this organization, but may not know the scope of their responsibility, therefore I thought I'd briefly touch on it, then point out some extremely useful links for you web developer types.

The W3C is the group responsible for defining guidelines used on the Internet, including HTML, CSS, XML, etc. The recognized inventor of the Web, Tim Berners-Lee originally founded the organization in 1994 while working at MIT. Once they planted their roots, they began to work on many different specifications for how content should be developed in order to be as compatible as possible with all of the various resources tied to the Internet. If you want to know the "book answer" on a web standard, this is the place to go.

Aside from just defining the specifications, they've developed some extremely useful tools for developers to use in order to be sure their code is as compatible as possible. Here are just a few of the many valuable links you'll find on their site:

Introduction to HTML 4
XML In 10 Points
HTML Validator
CSS Validator
Open Source Software

SSH Secure Shell v2.4 [4.9M] W9x/NT/2K FREE

Secure Shell (SSH) is in common use to perform remote system administration these days, and for good reason. When you're logging into a system as an administrator, protecting your security information is absolutely critical. Since I needed an SSH2-capable client today in order to work with a friend's Linux system from remote, featuring my choice here was a natural. SSH Secure Shell supports RSA SecurID, Kerberos 5, PAM, SSH2, SFTP2, SCP2 and SSH-KEYGEN2, which amounts to a whole ton of security. This thing is loaded with functionality, much of it I haven't even gotten around to using yet, so it promises to keep you busy for a while. The client is free for non-commercial use, but support is only provided for users that have purchased a license.

Doeskey Registry Query Utility v1.3 [39k] W9x/NT/2K FREE

You know me, I love to swim around in the Windows Registry to see what floats to the surface, and once I find a gem, I fancy using my new found wealth in an automated fashion. Doeskey not only queries a registry value, but it can make a direct comparison to a specified value, then return the results to an ERRORLEVEL, which is extremely helpful to those of you that are hooked on batch files, particularly with login scripts. I can think of a hundred ways that a registry value comparison could help an administrator. A couple of quick ideas might be to verify a user or system setting to see if it has been changed, or maybe to detect the value the operating system identifier in order to apply a fix to certain versions of Windows.
Exchange 2000 Static Port Mapping

If you're using Microsoft Exchange 2000 Server, you might be wondering why you cannot connect to the server over the Internet with an Exchange-capable mail client such as Outlook. When an initial connection is made from Outlook to the Exchange server, port 135 is used to establish the session. After that, further communications occur over two randomly selected ports - one for the Information Store and one for the Directory. The problem is that firewalls will block activity on these other ports unless you specifically allow traffic to pass on them. Being that the ports are randomly selected, this obviously makes it fairly difficult. A couple of registry hacks later, and you can force Exchange to use static ports for these sessions, which can then easily be allowed to pass through a firewall.

Exchange Server 5.5 Static Port Mapping

Exchange 5.5 basically works the same way, but it is slightly different, so I decided to toss this one in as well to be sure you have the right set of instructions for your particular server version.

TCP/UDP Ports Used By Exchange 2000 Server

So, we've learned that Exchange can be setup to perform certain communications over specifically assigned ports, but you might be left wondering what other TCP/UDP ports that Exchange is chattering with on the network. This is particularly useful information for those of you that need to make allowances for additional Exchange capabilities in your firewall configuration.
SOAP Toolkit 2.0 Gold Release [1.5M] W9x/NT FREE

I guess SOAP is Microsoft's way of helping to clean up application integration, but they're taking their time about getting a good lather going. The newly ushered SOAP Toolkit 2.0 Gold Release provides a legitimate platform for developing XML applications using the lightweight protocol designed to enable developers to create robust distributed applications with as little data transfer overhead as possible.
IE Connection Limit

The HTTP 1.0 specification allows for 4 concurrent connections from a browser to a web server. HTTP 1.1 decreases this to 2 concurrent connections, which basically means that up to 2 files can be downloaded at the same time. The more images on a site, the longer it can take to download all of them because of the limit in how many connections can be established. You can tweak the maximum number of connections for Microsoft Internet Explorer by modifying a registry entry, though you are breaking the rules a bit. Some web servers are configured to throttle the number of connections, so it may not work entirely, but it could speed up your general surfing ability. The downside is that on slower Internet connections, you'll have more files downloading at the same time, possibly resulting in slower overall surfing, so it may be not for everyone.

HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings

HTTP 1.1 Servers:
Value Name: MaxConnectionsPerServer
Data Type: REG_DWORD
Data: 2
Notes: 2 is the default, suggested max of 8

HTTP 1.0 Servers:
Value Name: MaxConnectionsPer1_0Server
Data Type: REG_DWORD
Data: 4
Notes: 4 is the default, suggested max of 8

Stack Page Overflow

Windows 9x has one gaping flaw that has caused problems with the OS since it's inception - tThe ability for individual applications or drivers to make a mess of the entire operating environment. This usually results in hangs, bizarre application behavior or error messages. One of the common dialogs you may experience relates to spare stack pages being unavailable. This is the result of a driver allocating more than the 4KB it has been allocated for a stack page. In that case, Windows dutifully provides 2 additional 4KB stack pages for temporary use to accommodate the sloppily written driver. Unfortunately, 2 spare pages may not be enough. Increasing the MinSPs value in the System.ini file may be the cure in this case. In the [386Enh], add the following line. If you still experience problems, increase the value in increments of 4 (i.e. 8, 12, 16, etc.).


Default time is 180 minutes
Must be at least 15 minutes
Maximum replication time is 10080 minutes (1 week.)


Word Password Recovery Password Crackers, Inc. offers the most complete range of options to recover Microsoft Word® passwords including our new Absolute Word/Excel recovery (AWE) service. This new service can decrypt password protected Word® ’97/2000 documents in 7 to 10 days regardless of the length of the password. This service is guaranteed and works 100% of the time.


20010419 Lockergnome Windows Daily Coming from Serdar Yegulalp's very awesome Windows 2000 e-mail newsletter (found at THEGLINE.COM), here's an awesome tip for instant shutdown gratification in (duh) Windows 2000. "To shut W2K down fast, hit CTRL-ALT-DEL, and then hold down the CTRL key while clicking the Shut Down button. You'll get a warning dialog: 'If you continue your machine will reboot and any unsaved data will be lost. Use this only as a last resort.' (They're not kidding) If you click OK, the system will reboot IMMEDIATELY -- no shutdown screen, no 'It is now safe to turn off your computer' splash. Upon rebooting, I found all was well, and the 'dirty' bit on my NTFS drives was not set, meaning that any pending writes to those volumes had been flushed." This technique is not recommended unless you're caught between a rock and a hard place. Still, for sticky situations, this click trick is quite slick.


From LockerGnome:

Undocumented Win2K Tools

Even though some functions may not be implemented within the GUI administrative tools, they can still be accessed by directly invoking the functions within a .DLL file. Windows 2000 includes several such tools that you can access by running the Rundll32 command with some arguments as follows:

Network Identification Wizard:
rundll32 netplwiz.dll,NetAccWizRunDll

Add Network Place Wizard:
rundll32 netplwiz.dll,AddNetPlaceRunDll

Share Creation:
rundll32 ntlanui.dll,ShareCreate

Share Management:
rundll32 ntlanui.dll,ShareManage - Shares

Launch Device Manager:
rundll32 devmgr.dll DeviceManager_Execute

Add New TCP/IP Printer:
rundll32 tcpmonui.dll,LocalAddPortUI

Note: The portions after the .dll file name are case-sensitive
HowStuffWorks - Learn how Everything Works! Have you ever wondered how the engine in your car works or what makes your refrigerator cold? Then How Stuff Works is the place for you! Click on the categories below to see hundreds of cool articles.


View Message Here's the concept: Say you have a standard form or set of forms to address
a particular client need--incorporation documents, for example. The forms
need to be created AND maintained. Timekeepers have little motivation to do
that work for the reasons you mention. With the Document Tracking System,
the timekeepers can bill their time for form work to a "document matter."
Then when a client needs the form(s), the client is charged a flat fee, and
the working timekeeper collection credits go back to the document matter and
are proportionately allocated to the timekeepers who did the form work.
Billing, supervising, originating credits go to the so-designated TKs on the
client matter.
(contributed by
Q. Can I use a disk defragger on my Exchange Server system?
A. No. Keep defrag tools and file-based virus scanners far, far away from your Exchange Server systems.


Private and Secure: The VPN Solution The VPN Solution
If you want a better way to connect remote users, offices and servers securely, consider the humble, easy-to-implement virtual private network. Here’s how to make it work in Windows 2000.
Power Protection Basics
You know that thing you have under your desk that you call a surge protector? Odds are, it's not going to protect you from much, should you fall victim to a significant power event. Many devices claiming to protect you are of such low quality that with even normal power events that occur every day, you could be putting your prized PC and peripherals at risk.
While the high quality devices will cost you a bit more, the extra green you dole out will be well worth the peace of mind they offer in addition to the protection. There are some basic terms that you should look for when shopping for such devices. Here are some of the key things to look for:
Clamping Voltage
This is essentially the breaking point at which protection will kick in. Many people consider 330VA the standard clamping voltage for most computing devices, and anything above 330VA and you're certainly leaving yourself vulnerable. Clamping voltages under 200VA are generally better, though they may take action more frequently than you'd prefer. Since computing equipment is more vulnerable to damage, it's likely worth having a low clamping voltage.
Clamping Speed
The speed at which a device reacts to a potential problem is crucial to providing adequate protection. If a unit reacts too slowly, your equipment can be damaged before preventive action can be taken. Though this often isn't published by equipment makers, 10 nanoseconds or less should serve as an a
20010406 Lockergnome Tech Specialist Win2K Command Database
You know how fond I am of my precious command prompt and what good is having that capability if I can't figure out how to use all of the commands. Microsoft has put together an online reference of utilities and commands that can be used, including descriptions of each command's function and all of the syntax specifications.
20010406 Lockergnome Tech Specialist IEEE OUI and Company_ID Database
Every device on a network must be uniquely identified at later 2 of the OSI Reference Model. This identification comes in the form of a Media Access Control (MAC) address consisting of 6 hexadecimal octets (48 bits). All network cards produced by a manufacturer are assigned a permanently installed address to ensure that no two devices occupy the same address on the network. Using the first 3 octets of the MAC address, commonly referred to as the Organizationally Unique Identifier (OUI), you can locate the manufacturer of a particular network device with the help of this online database. This can come in handy when performing network analysis. With some practice, you'll be able to identify certain types of devices by their OUI, which can aid in locating the source of a problem.


20010327 Lockergnome Windows Daily How to Query the Microsoft Knowledge Base Using Keywords

"This article describes how to more effectively query the Microsoft Knowledge Base by using keywords, including Microsoft product-specific keywords. By using keywords, you may be able to find the article or articles that may help to resolve your issue or question. When you perform a query, begin by using a product keyword that relates to your issue, such as "win95" for Microsoft Windows 95, "win98" for Windows 98, "outexw95" for Microsoft Outlook Express for Windows 95, and so on. You can then combine product keywords with other related keywords to help narrow your search, and locate the information you need. Note that if you search by using a small amount of keywords, you may receive a large amount of articles, possibly making it difficult to find the article you are looking for."
20010326 Lockergnome Windows Daily AutoIt v2.51 [305k] W9x/NT/2k FREE

"AutoIt is a simple tool that can simulate key presses, mouse movements and window commands (maximize, minimize, wait for, etc.) in order to automate any windows based task (or even windowed DOS tasks). It was primarily designed to assist in automatically installing software that cannot be automatically installed by other means. This is most useful during a PC rollout where hundreds or thousands of client machines need to be automatically installed. However, AutoIt is not limited to software installation and can be used to automate most simple windows tasks. When AutoIt is executed, it reads a specified script file. This script file allows AutoIt to perform a number of functions."
from lockergnome-
how to clear page file for security:
Navigate to HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ Session Manager \ Memory Management. Now, in the right-hand pane, add a new REG_DWORD value named: "ClearPageFileAtShutdown" (sans quotes). You may already have this value; its default property is 0. Switch that number to 1 and inactive pages (in pagefile.sys) will be overwritten. will be filled with zeros.