Windows 2000::WMI

WMI services (winmgmt) is utilizing 100% cpu until manually stopped. Must be disabled because it will startup on it's own later.
Sometimes it works to stop the service and remove the Repository files under: C:\WINNT\SYSTEM32\WBEM\REPOSITORY
Then restart the service.
I am continuting to have this problem recur on several machines.
Any ideas for me? E-Mail Me


Windows 2000/XP::Default Services

From: Microsoft

The following table lists the default services for a typical installation of Windows XP Professional, along with their default startup settings. Your list of services might be different, depending on the components selected during installation and any additional programs that have been installed.

ServiceStartup TypeLog On AsAdditional information
AlerterManualLocal Service
Application Layer GatewayManualLocal Service
Application ManagementManualLocal System
Automatic UpdatesAutomaticLocal System
Background Intelligent Transfer ServiceManualNetwork ServiceFor information about troubleshooting problems associated with this service, see Background Intelligent Transfer Service (BITS) inactive job timeout
ClipBookManualLocal System
COM+ Event SystemManualLocal System
COM+ System ApplicationManualLocal System
Computer BrowserAutomaticLocal System
Cryptographic ServicesAutomaticLocal System
DHCP ClientAutomaticLocal System
Distributed Link Tracking ClientAutomaticLocal System
Distributed Transaction CoordinatorManualNetwork Service
DNS ClientAutomaticNetwork Service
Error ReportingAutomaticLocal System
Event LogAutomaticLocal System
Fast User Switching CompatibilityManualLocal System
Help and SupportAutomaticLocal System
Human Interface Device AccessDisabledLocal System
IMAPI CD-Burning COMManualLocal System
Indexing ServiceManualLocal SystemYou can use Indexing Service to index documents and document properties on your disks and store the information in a catalog. For more information, see Indexing Service
Internet Connection Firewall (ICF)/Internet Connection SharingAutomaticLocal System
Internet Connection SharingManualLocal System
IPSec ServicesAutomaticLocal System
Logical Disk ManagerAutomaticLocal System
Logical Disk Manager Administrative ServiceManualLocal System
MessengerAutomaticLocal Service This service must be running for alert notifications to be received. For more information about performance, see Introduction to Performance This service must be running on recipient computers so that those computers can receive console messages. For more information about console messages, see Send Console Message
MS Software Shadow Copy ProviderManualLocal System
Net LogonAutomaticLocal System
NetMeeting Remote Desktop SharingManualLocal System
Network ConnectionsManualLocal System
Network DDEManualLocal System
Network DDE DSDMManualLocal System
Network Location Awareness (NLA)ManualLocal System
NT LM Security Support ProviderManualLocal System
Performance Logs and AlertsManualNetwork Service
Plug and PlayAutomaticLocal System
Portable media serial numberAutomaticLocal System
Print SpoolerAutomaticLocal SystemIf you are having trouble with a printer not responding, you can try restarting this service. This cancels all pending print jobs.
Protected StorageAutomaticLocal System
QoS RSVPManualLocal System
Remote Access Auto Connection ManagerManualLocal System
Remote Access Connection ManagerManualLocal System
Remote Desktop Help Session ManagerManualLocal System
Remote Procedure Call (RPC)AutomaticLocal System
Remote Procedure Call (RPC) LocatorManualNetwork Service
Remote RegistryAutomaticLocal ServiceFor troubleshooting performance problems relating to this service, see Troubleshooting
Removable StorageManualLocal System
Routing and Remote AccessManualLocal System
Secondary LogonAutomaticLocal SystemFor more information about the Secondary Logon service, see To start the Secondary Logon service
Security Accounts ManagerAutomaticLocal System
ServerAutomaticLocal SystemStopping this service disconnects any open sessions with a remote computer.
Shell Hardware DetectionAutomaticLocal System
Smart CardManualLocal Service
Smart Card HelperManualLocal Service
SSDP DiscoveryManualLocal Service
System Event NotificationAutomaticLocal System
System Restore ServiceAutomaticLocal System
Task SchedulerAutomaticLocal System
TCP/IP NetBIOS HelperAutomaticLocal Service
TelephonyManualLocal System
TelnetManualLocal System
Terminal ServicesManualLocal System
ThemesAutomaticLocal System
Uninterruptable Power SupplyManualLocal Service
Universal Plug and Play Device HostManualLocal System
Upload ManagerAutomaticLocal System
Utility ManagerManualLocal System
Volume Shadow CopyManualLocal System
WebClientAutomaticLocal Service
Windows AudioAutomaticLocal System
Windows Image Acquisition (WIA)ManualLocal System
Windows InstallerManualLocal System
Windows Management InstrumentationAutomaticLocal System
Windows TimeAutomaticLocal System
Wireless Zero Configuration serviceAutomaticLocal System
WMI Performance AdapterManualLocal System
WorkstationAutomaticLocal System

Windows 2000::Disabling Unneeded Services

From: ZDNet
ServiceYou can set it to manual if…
DHCP ClientYou're not connecting to a specific DHCP server on your local network
Distributed Link Tracking ClientYou're not connected to a Windows 2000 domain
DNS ClientYou're not connecting to a specific DNS server on your local network
FTP Publishing ServiceYou don't need your system to act as an FTP server
IIS Admin ServiceYou don't need your system to act as an WWW server
IPSEC Policy AgentYou're not connected to a Windows 2000 domain
MessengerYou're not connected to a Windows 2000 domain
Remote Registry
You don't remotely access the Registry of other systems on your local network
RIP ServiceYou don't need your system to act as a router
RunAs ServiceYou don't use any applications that run as an alias
World Wide Web
Publishing Service
You don't need your system to act as an WWW server


Windows 2000::Disabling Windows File Protection

The value of 4 below sounds promising. This could make the BAT file approach work.
Change the value data for the SFCDisable (REG_DWORD) value to 1 in the
registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

NOTE: For the change to this value to become effective you must restart the
computer. Also, if you are disabling WFP, a kernel debugger must be
connected to
the computer.

Following is a complete list of values for SFCDisable:
- 0 = enabled (default)
- 1 = disabled, prompt at restart to re-enable
- 2 = disabled at next restart only, no prompt to re-enable
- 4 = enabled, with popups disabled

The problem is the restart thing - this complicates the implementation since we have to know the workstation has restarted since the registry change was merged.

Windows 2000::Windows File Protection::Disabling

---------- Forwarded message ----------
Date: Sat, 24 Jun 2000 06:16:46 -0400
From: Jeremy Collake
Reply-To: Windows NTBugtraq Mailing List
Subject: W2k undocumented registry setting fully disables Windows File

6:13am 6/24

Summary: Undocumented registry setting allows for
Windows File Protection (aka System File Checker)
to be fully disabled.

HowTo: Set the SFCDisable value (see Q222473) to

Ok, after spending 6 hours in the guts of sfc.dll, sfcfiles.dll,
and winlogon.exe I have *finally* discovered how to permanently
disable windows file protection. The more I dug into the internals
of SFC, the more I began to think that it would not be as easy as
I first thought it would be - and indeed Microsoft does not want it
to be easy. Windows File Protection, while annoying, does provide
a good degree of system stability and even some level of virus/trojan
protection by preventing system files from being modified without
at least notifying the user. Therefore, I was *very* shocked when
I was looking through a disassembly of sfc.dll and came to the code
that checks the value of the SfcDisable in the WinLogon key.
I see in the code of ordinal 2 (which is the initialization function
that winlogon calls), sticking out like a sore thumb, this:

76986A89 push 1
76986A8B cmp eax, ebx
76986A8D pop esi
76986A8E jz loc_76986B97
76986A94 cmp eax, esi
76986A96 jz loc_76986B7A
76986A9C cmp eax, 2
76986A9F jz loc_76986B69
76986AA5 cmp eax, 3
76986AA8 jz short loc_76986AE0
76986AAA cmp eax, 4
76986AAD jz short loc_76986ACF
76986AAF cmp eax, 0FFFFFF9Dh
76986AB2 push ebx
76986AB3 jz loc_76986B86
76986AB9 push offset byte_76981898
76986ABE push edi
76986ABF call sub_7698877D
76986AC4 mov dword_769901D4, ebx
76986ACA jmp loc_76986B97

Ok, values 0, 1, 2, 3, and 4 are documented at , but
what the heck is this 0ffffff9dh value that it accepts?! As you can
see, any value other than 0,1,2,3,4 and 0ffffff9dh are assumed to be
zero, which is the default of SFC enabled with popups enabled. So,
without further delay, I went and plugged 0ffffff9dh into the SfcDisable
value to see what was up. Rebooted. I'll be darned, Microsoft provided
a very,very simple way to fully disable WFP!

When booting with this value in the SFCDisable value in the WinLogon
key (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon), an
event is written to the system log, ID 64032 from Windows File
Protection, with the description:
"Windows File Protection is not active on this system. ".

All attempts to replace/delete protected system files succeeded,
just as if I were in safe mode :). I rebooted a few more times and
verified that it is the one value (other than 4=popus disabled) that
is not reset to 0 after the first boot.

Windows 2000::Windows File Protection::Automation

Eeeeeviiiil Solitaire
My highest priority today is I must create an invisible automatic "thing" to remove the games from all user machines. In simpler days I would have written a BAT file to remove the EXE files and the menu items. However when you do it that way, SOL.EXE, WINMINE.EXE, FREECELL.EXE mysteriously come back.
This is because Windows File Protection maintains control over the WINNT\SYSTEM32 directory. Since SOL.EXE is such a vital part of the Windows 2000 Professional operating system it was placed in this directory to ensure it is never deleted or overwritten with a different version.
WFP maintains it's "master" copy of these files in C:\WINNT\SYSTEM32\DLLCACHE (which BTW is cleverly flagged as hidden.) If my BAT removes SOL.EXE from that directory first and then from SYSTEM32 then the file doesn't come back, but a warning message comes up during it's execution about something diabolical happening to your system files and prompting for the Windows CD.
A commandline such as: RunDll32 advpack.dll,LaunchINFSection %windir%\INF\games.inf,FreecellUninstall does not run silently and doesn't appear to work either (even though it tells me it's removing files.)
There must be some way to execute the uninstall by whatever method the control panel-add remove programs applet does it.
Any ideas? E-Mail Me PLEEEESE.
Of course if I find an elegant solution I'll put it out here.


Windows 2000::Exchange 2000::Restoring mailbox items

It stinks to restore a single item or single mailbox. Basically, setup a parallel environment and restore the entire server
The following details the process.
Recovering a single Exchange mail item

Document from Live System:

a.  Exchange 2000 organization name

b.  Name of the administrative group

c.  Name of the storage group

d.  The logical database name

e.  The LegacyExchangeDN value for the admin group object


  • Setup the Recovery Server-Install Base Server

  • Setup Forest and run ForestPrep

  • Install Exchange System Management Tools

  • Create Admin Group

  • Install Messaging and Collaboration Services

  • Install Exchange Service Pack

  • Configure Storage Group and Database Names

  • Restore database

  • Connect Mailbox to AD Account

  • Export mailbox items

  • Import mailbox items to the production server

Setup the Recovery Server-Windows 2000 standalone server

  1. Same software versions must be used to build the recovery server.

  2. Set DNS server setting to itself.

  3. NNTP and SMTP must be installed for MS Exchange

Setup Forest and run ForestPrep

Run the Dcpromo promote the server to DC.

The name of the forest doesn't matter.

Might be prompted to install DNS.

Create Forest

  1. Start Menu > Run

  2. Dcpromo

  3. Click Next

  4. Select Domain Controller for a new domain
    and click Next

  5. Select Create a new domain tree and
    click Next

  6. Select Create a new forest of domain trees
    and click Next

  7. Type RECOVER.COM (for example) in Full
    DNS name box and click Next

  8. Click Next on NetBIOS domain screen

  9. Accept defaults, click Next

  10. Accept the default, click Next

  11. Click Ok to DNS information message

  12. Select Yes, Install and configure DNS, click Next

  13. Select Permissions compatible only with
    Windows 2000 servers
    , click Next

  14. On Administrator password screen type password, confirm again, click Next

  15. Click Next on Active Directory
    Installation summary page

  16. When Installation is complete click Finish
    and Restart Now

Run ForestPrep:
If the LegacyExchangeDN is different than the default First Administrative Group
you must alter the LegacyExchangeDN on your recovery server.  You can do this only after the
schema has been extended for Exchange.

  1. Log onto the recovery server as an Administrator

  2. Start menu > Run, browse to CD-Rom, select setup.exe From
    Exch2000\Setup\I386 directory and click Ok

  3. After Install path type /Forestprep and click Okxxx

  1. Welcome screen, click Next

  2. Agreeto license agreement, click Next

  3. Enter the 25-digit Product ID, clickNext

  4. Verify Forestprep will be selected, click Next

  5. Install path must be the same as the production Exchange server. The default directory
    is c:\program files\exchsrvr Select "Create a New Exchange Organization" > click Next.

  6. Type in the Exchange 2000 organization name click Next

  7. Leave the default Administrator account, click Next, After ForestPrep completes click

Install MS Exchange System Management Tools

DO NOT install Microsoft Exchange Messaging and Collaboration services at this time. 
Make sure that you install the management tools into the same drive and path
name as the production server.
1. Start menu > Run, browse to the CD-Rom, select setup.exe
from Exch2000\Setup\I386 directory

2.On the Welcome screen, click next

3.Agree to End User License Agreement and click Next

4.Enter the 25-digit Product ID. Click Next

5.Under the Action Column in Component Selection window, select the following
options and click Next:

-Microsoft Exchange 2000
Install-  Microsoft Exchange System Management Tools

6.Click Next on summary page

7.After Setup is done click Next

8.If prompted to reboot, choose Yes.

Create Admin Group

  1. Log in to the recovery domain as Administrator

  2. Start menu > Programs > Microsoft > Exchange,
    click System Manager

  3. Right Click Administrative Groups Choose New > Administrative

  4. Type in the name of the Administrative group exactly as it appears on the production
    server and click Ok

  5. Close Exchange System Manager

Install Messaging and Collaboration Services

  1. Start menu > Run, browse to the CD-Rom and select setup.exe
    From Exch2000\Setup\I386 and click Ok

  2. Click Next on Welcome screen

  3. Under the Action Column in the Component Selection window select the following options and click Next:

-Microsoft Exchange 2000
Exchange Messaging and Collaboration Services

  1. Agree to licensing agreement, click Next

  2. On the Exchange Summary page click Next

  3. After Setup is complete click Finish

Install MS Exchange Service Pack

  1. Start menu > Run, browse to the CD-Rom and select setup.exe
    From Exch2000\SP2\Setup\I386 and click Ok

  2. Click Next at the Welcome Screen

  3. Verify Update is
    displayed in the Action menu.

  4. - Microsoft Exchange 2000

    - Microsoft Exchange Messaging and Collaboration

    Update- Microsoft Exchange System Management Tools

  5. Click Next

  6. Click Next on summary page to start the installation process

  7. When done, hit Finish

  8. Click Yes if asked to
    reboot the machine

Configure Storage Group and Database Names

  1. Log in to the recovery domain as Administrator

  2. Start menu > Programs > Microsoft Exchange,click System Manager

  3. Highlight Name

  4. click, select Properties

  5. In Administrative Views Check:

    Display routing groups

    Display administrative groups

  6. Click Ok and Ok

  7. Expand Administrative Groups, Administrative Group, Servers, the
    Server,and First Storage Group

  8. click Mailbox store, select rename

  9. Type the name exactly as it appears on the production server and press Return

If restoring a database located in a different Storage group than the default
Storage Group or the First Storage Group name has been
changed, you must rename the Storage Group also.  To rename the Storage
Group, Repeat steps 7-8 (clicking on the storage group, not the store.)

Restore the Database

From the recovery server

  1. Verify the Exchange services are running:

    Microsoft Exchange System Attendant

    Microsoft Exchange Information Store

    Microsoft Exchange MTA Stacks

  2. Start System Manager

  3. Expand Administrator Groups 

  4. Expand the Administrative Group, Servers,Recovery Server
    and the Storage Group where the database is located

  5. click on the database, and choose Dismount store.

  6. Select yes to continue.  The dismount process may take a few minutes

  7. Select properties of the Information Store on the Database tab,
    click This database can be overwritten by a restore

From the backup server

  1. Open Veritas

  2. Select the Restore Selections Tab

  3. Browse to find the production server, Expand the Storage Group to restore

  4. Select the Media Set to restore.  (Click properties to view the backup date and type)

  5. Click Select and Save Selection, type a name for the restore selection

  6. Click Job Definitions Tab and right click, click new and restore job

  7. Under Job name type a name for the restore

  8. Click Selections tab and under selection list names browse to find the selection
    name created in step 7

  9. Select the Redirection tab, check Exchange database sets and type the name of the
    recovery server.

  10. Select the Exchange tab and uncheck all checkboxes under Exchange v5.0, v5.5

  11. Uncheck the No Loss Restore (do not delete existing log files) Option

  12. Click Run Now

  13. To view the progress of the restore Click Job Monitor Tab

Connect Mailbox to Active Directory Account

After the database has been restored, it will automatically be mounted.   Mailboxes will not have an
Active Directory account associated with them.
Create Recovery Account

  1. Start menu > Programs > Microsoft Exchange > Active Directory Users and Computers

  2. Actions > New > select User

  3. Follow the new user wizard (First name and user logon name are the only required names)

  4. Uncheck the option to create an Exchange mailbox for the user

  5. Click Next and then Finish

  6. Close Active Directory Users and Computers

Connect Mailbox to Recovery Account

  1. Open Exchange System Manager

  2. Expand the Administrator Groups

  3. Expand the Administrative Group, Servers, Recovery Server
    and Storage Group

  4. Expand Mailbox Store

  5. click Mailboxes, Select Run Cleanup Agent

  6. Locate the mailbox that you wish to restore data from (with Red X)

  7. Right Click and Select Reconnect

  8. select the recovery account created previously. Click Ok

  9. Click Ok twice

Export mailbox items from the Recovery server

Create a new Outlook profile and export mail items to a .PST file.
Export the Mail Items

  1. Open Outlook against the recovery mail server

  2. Click Import and Export from the File Menu

  3. Follow the Wizard and select Export to a File , clickNext

  4. SelectPersonal Folder File (.pst) and clickNext

  5. Highlight the top level folder

  6. Select Include subfolders

  7. Click Next

  8. The default .PST location is C:\Documents and Settings\%username%\
    Local Settings\Application Data\Microsoft\Outlook

  9. Enter file location then click Ok

  10. Leave the default Options which should be Replace duplicates with items
    and click Finish

  11. Click Ok to summary page and be sure not to change any of the encryption or

  12. Click Exit from the
    File menu to exit Outlook

Import mailbox items to the production server

  • Gain access to the users mailbox & create mail profile

  • Import the Mail Items

    1. Open Outlook on production system

    2. Click Import and Export off File Menu

    3. Follow the Wizard and select Import from another program or file and click Next

    4. Select Personal Folder File (.pst) and click Next

    5. The default location is
      C:\Documents and Settings\%username%\Local Settings\Application

    6. Input file location and click Ok

    7. Change the options to Do not import duplicates and click Next

    8. Leave the default items selected and verify that the items are being imported into the users Mailbox

    9. Click Finish

  • Windows 2000::Automating::Removing Games

    ! Games (and other accessories) don't show up under Add/Remove Programs, Windows Components !
    Go to C:\WINNT\INF\ and find the SYSOC.INF file. Find the section that looks like:


    and remove "HIDE" from the ones you want to make visible. For instance to open up the Games, make it look like this:




    Using Perl::NetAdmin, getserver. These are hex values needed to interpret results.
    # NetBIOS Suffixes (16th Character of the NetBIOS Name)
    my %wins_status = (
    'Workstation Service' => 0x00,
    'Messenger Service' => 0x01,
    'Messenger Service' => 0x03,
    'RAS Server Service' => 0x06,
    'NetDDE Service' => 0x1F,
    'File Server Service' => 0x20,
    'RAS Client Service' => 0x21,
    'Microsoft Exchange Interchange(MSMail Connector)'=> 0x22,
    'Microsoft Exchange Store' => 0x23,
    'Microsoft Exchange Directory' => 0x24,
    'Modem Sharing Server Service' => 0x30,
    'Modem Sharing Client Service' => 0x31,
    'SMS Clients Remote Control' => 0x43,
    'SMS Administrators Remote Control Tool' => 0x44,
    'SMS Clients Remote Chat' => 0x45,
    'SMS Clients Remote Transfer' => 0x46,
    'DEC Pathworks TCPIP service on Windows NT' => 0x4C,
    'DEC Pathworks TCPIP service on Windows NT' => 0x52,
    'Microsoft Exchange MTA' => 0x87,
    'Microsoft Exchange IMC' => 0x6A,
    'Network Monitor Agent' => 0xBE,
    'Network Monitor Application' => 0xBF,
    'Domain Master Browser' => 0x1B,
    'Domain Controllers' => 0x1C,
    'Master Browser' => 0x1D,
    'Browser Service Elections' => 0x1E,
    'IIS' => 0x1C,
    'Lotus Notes Server Service' => [0x2B],
    'Lotus Notes' => [0x2F],
    'Lotus Notes' => [0x33],
    'DCA IrmaLan Gateway Server Service' => [0x20]

    my %sv_flags = (
    WORKSTATION => 0x00000001,
    SERVER => 0x00000002,
    SQLSERVER => 0x00000004,
    DOMAIN_CTRL => 0x00000008,
    DOMAIN_BAKCTRL => 0x00000010,
    TIME_SOURCE => 0x00000020,
    AFP => 0x00000040,
    NOVELL => 0x00000080,
    DOMAIN_MEMBER => 0x00000100,
    PRINTQ_SERVER => 0x00000200,
    DIALIN_SERVER => 0x00000400,
    SERVER_UNIX => 0x00000800,
    NT => 0x00001000,
    WFW => 0x00002000,
    SERVER_MFPN => 0x00004000,
    SERVER_NT => 0x00008000,
    POTENTIAL_BROWSER=> 0x00010000,
    BACKUP_BROWSER => 0x00020000,
    MASTER_BROWSER => 0x00040000,
    DOMAIN_MASTER => 0x00080000,
    SERVER_OSF => 0x00100000,
    SERVER_VMS => 0x00200000,
    WIN95_PLUS => 0x00400000,
    ALTERNATE_XPORT => 0x20000000,
    LOCAL_LIST_ONLY => 0x40000000,
    DOMAIN_ENUM => 0x80000000

    # NetBIOS flags
    my %nb_flags = (
    NB_GROUP => 0x80,
    NB_PERM => 0x02,
    NB_ACTIVE => 0x04,
    NB_CONFL => 0x08,
    NB_DEREG => 0x10,
    'Broadcast node type' => 0x00, # NB_BFLAG
    'Point-to-point node type' => 0x20, # NB_PFLAG
    'Mixed bcast & p-p node type' => 0x40, # NB_MFLAG
    'Microsoft hybrid node type' => 0x60, # NB_HFLAG
    'Mask applied to outgoing NetBIOS flags' => 0xE0 # NB_FLGMSK


    Windows::Automation::Uninstall Games

    rundll32 setupapi.dll,InstallHinfSection FreecellUninstall 132 c:\winnt\inf\games.inf

    repeat for other sections in the games.inf file.

    SPAM::Internet Mail::Link

    Great website:


    Windows::Network Management::Scripting::Get Serial Number of Remote Machine

    I need to query all the machines in Network neighborhood to get their serial numbers.
    This WSH script is a place to start:
    ComputerName = InputBox("Enter the name of the computer you wish to query")
    winmgmt1 = "winmgmts:{impersonationLevel=impersonate}!//"& ComputerName &""
    'WScript.Echo winmgmt1
    Set SNSet = GetObject( winmgmt1 ).InstancesOf ("Win32_BIOS")
    for each SN in SNSet
    MsgBox "The serial number for the specified computer is: " & SN.SerialNumber

    Ideally this would be a perl script that generates an HTML report of all the machine names and serial numbers (and IP numbers.) This could be launched via a weblink on server and get back report.
    The next step would be to compile a txt file with a listing of all the serial numbers found so far and as the discovery is being done only add the new ones to the list.

    Windows 2000::Registry::ComputerName

    Looking for ComputerName in registry. I found it a few places. A good one to query is:

    Name is the current NetBIOS computer name.


    Windows::Networking::Ports & Protocols

    Good resource for what ports are used by what services
    I'm trying to get performance monitor working through a firewall so I can check performance stats on a machine on a "DMZ" segment from another segment. I came across an excellent resource on Microsoft Technet
    Service Name
    WINS Replication
    GRE for PPTP
    DNS Name Resolution
    DHCP Lease (BOOTP)
    DHCP Lease
    Location Service (RPC, RPC EP Mapper, WINS Manager, DHCP Manager, MS DTC)
    NetBIOS Name Service (Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Secure Channel, Pass Through Validation, Browsing, Printing)
    WINS Registration
    NetBIOS Datagram Service (Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Directory Replication, Windows NT 4.0 Secure Channel, Pass Through Validation, NetLogon, Browsing, Printing)
    NetBIOS Session Service (NBT, SMB, File Sharing, Printing, Logon Sequence, Windows NT 4.0 Trusts, Windows NT 4.0 Directory Replication, Windows NT 4.0 Secure Channel, Pass Through Validation, Windows NT 4.0 Administration Tools [Server Manager, User Manager, Event Viewer, Registry Editor, Diagnostics, Performance Monitor, DNS Administrator])
    ISAKMP/Oakley negotiation traffic (IPSec)
    User Location Store
    LDAP (over TLS/SSL)
    Kerberos Authentication
    Kerberos Authentication
    Kerberos Authentication
    Kerberos Authentication
    Kerberos Password Server
    Kerberos User Registration Server
    Kerberos Slave Propagation
    Logon and Environment Passing
    Directory Replication
    POP with Kerberos
    PPTP Control Channel (IP Protocol 47 – GRE)
    Kerberos de-multiplexor
    Kerberos encrypted login

    Global Catalog

    Global Catalog
    Terminal Services
    The following is a list of ports and protocols for Microsoft Exchange 2000 Server services.
    Service Name
    MTA – X.400 over TCP/IP
    Client/Server Communication, RPC, Exchange Administration
    HTTP (SSL)
    SMTP (SSL)
    NNTP (SSL)
    LDAP (SSL)
    IMAP4 (SSL)
    POP3 (SSL)
    H.323 Call Setup
    Audio Call Control
    Instant Messaging Service
    H.323 Call Control
    H.323 Call (RTP Over UDP)



    Test your e-mail system for vulnerabilities
    I don't use the product sold at the link below, so I can't recommend for or against it.
    However, they will automatically generate several test e-mails to determine your level of exposure
    to various exploits commonly sent via e-mail. I found a few adjustments I needed to make to my e-mail gateway.


    Outlook::Exchange::Public Folder::Define default public folder view

    I want to make a custom view the default view for everyone who views my public folder.
    To create a default custom view for a public folder, follow these steps:
  • Log on to the Outlook client as the owner of a public folder, and select the public folder.

  • Customize the public folder to the desired view. This can be done using the menu items for View.

  • Save the custom view by clicking on View menu, then Define Views, and selecting Current View Settings. Click Copy, and then type in your view name. Then select This folder, visible to everyone. Click OK, then Close.

  • To select a custom view for a public folder, follow these steps:
  • Log on to the Outlook client as the owner of a public folder.

  • Right-click on the folder, and select Properties. Select the Administration tab.

  • NOTE:  If users have already customized their view for that public folder, their view will stay until they specifically choose a different view. All users that have not customized the public folder view will receive the newly selected public folder view.

    From: MS KB#202186;en-us;202186



    e-mail autoresponder addresses
    I like to have the ability to do a quick test of my e-mail system a few times throughout the day. I've gotten in the habit of sending a message to an autoresponder.
    The one I liked best,, quit working. It's been quite some time so I've given up hope that it was just a temporary problem. I liked it because it echoed back the message you sent it. I always used a message with the time I sent it as the subject that gave me a response time for comparison without having to figure it out myself.
    Some other options I found while searching:
    1. - a long physical distance from the us so it takes a little while. It also doesn't echo back you exact same message so it is not as helpful or useful in as many ways.
    2. - will send you back a test spam message.
    3. - will send you back a message containing a list of other autoresponders: (I haven't tried them all yet.) - doesn't work. - works - - works
    4. You could setup your own with a yahoo account and a vacation response or a hotmail account with an alert e-mail to your internal e-mail address or pager.

    E-Mail me any others you know of or any other ideas you have for verifying e-mail connectivity.