Network Monitoring
Monitoring tools and tutorials.
Excellent freeware tools and reference information


Internet Explorer Install Files

Thanks to:

If you wish to download the complete IE6 with integrated SP1 to apply to IE 4.0 - IE 6.0:
1. Create C:\IE6SP1
2. Download the Service Pack 1 IE installer and save it in C:\IE6SP1
3. Go to Start click Run and type in EXACTLY or better yet copy and paste
"C:\ie6SP1\ie6setup.exe" /c:"ie6wzd.exe /d /s:""#E"
4. Provide C:\IE6SP1 as your download directory

Outlook::Exchange::Undo Security

Trying to get an Outlook macro/script/add-on to use Outlook to send a message for me and security warning keeps coming up.
When you have the choice, do NOT use MAPI. Develop stuff to send SMTP messages as alerts.
There is a lengthy procedure that needs to be done to Exchange by an administrator to allow security to be adjusted. Then there is a registry key that must be added at the client(s) to tell them to look for the altered security settings.
The procedure is described at:
MS KB 290499
- Get the MS Office Resource Kit
- Create a public folder on the Exchange system named Outlook Security Settings and grant permission to review this folder to all users for which security settings are to be altered.
- Install from the ORK the Outlook E-mail Security Administrator package.
- Use the utility to generate and publish a custom form into the public folder.
- Administer changes to security on this form. Save the form with settings.
- Put registry key and value on the client machines.


Outlook::Corrupt Rules


User gets error processing rules even when all rules are disabled. All rules are removed and still get error.

Export all the rules. Delete them all. Then remove rule items using MDBVU32.
Procedure from Microsoft Article 320022

  1. Start the Mdbvu32.exe utility on the client computer. This utility is located on your Exchange Server CD in the CD-ROM_Drive\Server\Support\Utils\I386 folder.
  2. Click OK, select your profile in the Choose Profile dialog box, and then click OK.
  3. In the MDB Viewer Test Application dialog box, click OpenMessageStore on the MDB menu.
  4. Make sure that your mailbox is selected, and then click Open.
  5. Click Open Root Folder on the MDB menu.
  6. In the MAPI_Folder-Root dialog box, double-click Top of Information Store in the Child Folders list.
  7. In the MAPI_Folder-Top of Information Store dialog box, double-click Inbox in the Child Folders list.
  8. Examine the contents of the Associated Messages in Fld list where all your rules are listed. Click the rule that you want to delete (to examine rule's properties, double-click it).
  9. In the Operations available (Select operation, then push Call Function button) text box, click the down arrow to open the list of available functions.
  10. Click lpFld ->DeleteMessages() (ON SELECTED MSGS), and then click Call Function.
  11. In the MAPI_FOLDER - Inbox ->DeleteMessages() dialog box, click OK to delete the rule that you selected.
  12. Click Close three times.
  13. In the MDB Viewer Test Application dialog box, click Store Logoff on the MDB menu, and then click OK twice.
  14. In the MDB Viewer Test Application dialog box, click Exit on the Session


Windows 2000::Setup::Removing Games Automatically-REVISITED

I need to remove the Windows 2000 games automatically for all my domain's workstations

Best Solution(workaround):
Setup a domain policy restricting users from running the EXE files associated with the games. This will prevent users from playing games even if they manage to reinstall them or copy them to another path or execute them from diskette.

But some bosses don't like elegant workarounds that save IT inordinate amounts of work while at the same time accomplishing more than what their micromanaging minds determine is necessary.


Being required to remove the games (and also do it silently) several sub-problems arise:

1. Most users do not have local administrator permission

2. Window File Protection protects these game files as if they were a vital OS component so you must run an uninstall to remove them or else the files will come back magically. If a BAT file removes them from the DLLCACHE directory in addition to their installed location then users will get a prompt that something tried to alter the system files and prompt them for a CD to remedy the catastrophe.

3. The default view under Control Panel > Add/Remove Programs > Windows Components doesn't even provide the option to remove the games.

Like always, on the way to the real solution I learned a lot of interesting things that *might* have contributed to some resolution that involved custom scripting.

For #2 above, I found that Windows File Protection can be totally disabled. See 2/23 Post
Although I've grow to despise WFP during my "just delete the darn files" stage of research, I doubt that is a good thing. (As I think back a few years to innocently installing Lotus 123v5 for Windows which just overwrites all the DLLs it wants to in C:\WINDOWS\SYSTEM with it's own older versions..... It's been a couple years since I sat down and compared lists of DLL's from working, partially working, and totally screwed up machines...)

Under topic#3 above I learned that under the default location C:\WINNT\INF the file SYSOC.INF can be modifed to remove "HIDE" from components to make them visible in Add/Remove Programs > Windows Components. See my prior post
Searching for resolutions to #1 I found a cool utility at which is quickly becoming one of my favorite sites. The tool is RunasPwd and provides a cmdline way to run a program as another user *and* provide the password (Win2K RUNAS won't let you provide the PW.)
I also found that individual items can be uninstalled using cmdlines:

rundll32.exe setupapi.dll,InstallHinfSection FreecellUninstall 132 c:\winnt\inf\games.inf

rundll32.exe setupapi.dll,InstallHinfSection MinesweeperUninstall 132 c:\winnt\inf\games.inf

rundll32.exe setupapi.dll,InstallHinfSection SolitaireUninstall 132 c:\winnt\inf\games.inf

rundll32.exe setupapi.dll,InstallHinfSection PINBALL.Remove 132 c:\winnt\inf\pinball.inf

However WFP would put the files back (grrrrrrr.)



From: MS KB#222444


Will silently run the Windows Components setup using the install script in UNATTEND.TXT which the article kindly tells the reader:

"can be any Windows answer file and only parses the [Components] and [NetOptionalComponents] sections. An example file is shown below: "

and proceeds to give an example in which the arguments are in lower case. It did not work for me until I used upper case like below:


Pinball = OFF
Solitaire = OFF
FreeCell = OFF
Minesweeper = OFF

And when testing this command line, it should be noted that, if you make a mistake, no matter what you have done wrong, you will always get SAME the error message:

Windows 2000 Setup: The application could not be initialized.


To run this on every machine in the system context (as local administrator) a system startup script can be specified in Active Directory and applied to every machine in the domain. Do this by creating the group policy object and then copying the BAT containing the cmdline to some ungodly location like:


After that it's all just fiddling to get it right.

I hope this can help someone avoid all the fun I had along the way.


Windows::Network Boot Disk Creation

Good FAQ on creating a bootable diskette to access a network share:

PC System Imaging

What should be cleaned up from snapshots before creating system images?
In the list of Registry values below, the specific data for each value may be different than what exists in any given package. However, the Registry key and the value name will be the same.
1. If the entire key is shown below without a value, delete the entire key from the .REG file.
Before: [HKEY\Path]
2. If a Registry key is shown below with a specific value, remove only the value name and data. Do not remove the key.
Before: [HKEY\Path] "Valuename"=data
After: [HKEY\Path]
Common registry entries to remove:
[HKEY_CURRENT_USER\Volatile Environment]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]

Note: There may be more than one Security Identifier (SID) under the ProfileList key in the Registry. Remove the keys for any SIDs, which will also remove any values under these keys.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Note: There may be various keys and values under the Novell key. If they do not relate to the package in question, the entire Novell key should be removed. If any of the login or networking options are changed between snapshots, these types of settings will be picked up,

Note: The line above is an example for a machine with the 3Com Fast EtherLink XL PCI 10/100Mb Adapter (3C905). "EL09x1" represents the network card's short name, specifically the "ServiceName" of the card. Replace "EL09x1" in the above line with the actual ServiceName value.
This value can be found in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\1

The number indicated after NetworkCards depends on the number of NIC cards in the system. The example shows the ServiceName for the 3Com Fast EtherLink card.

Note: There may be various keys and values under the NWCWorkstation key. If they do not relate to the package in question, they should be removed.


The following files should not be included in your installation package. These files are flagged by Microsoft and should not be modified, replaced, or moved. They can and will produce unexpected and undesirable results:

Win16 .dll files:
Win32 .dll files:
Also, you should not include the WININIT.INI file in your installation.

Additionally, the following files have been reported to cause problems:
ATL.DLL, COMCAT.DLL, CTL3D32.DLL exist in different versions for 9x platforms and NT/2000 platforms. When installing the wrong file different and varied problems may occur.

ATL.DLL and CTL3D32.DLL may prevent Windows from booting, and COMCAT.DLL will damage Visual Basic.

MSIMG32.DLL exists in different versions for 98/NT4 and ME/2000.

Windows 2000::PC System Imaging::INACCESSIBLE_BOOT_DEVICE

INACCESSIBLE_BOOT_DEVICE after imaging a machine.
Additional Information:
This error may be from imaging a Windows 2000 disk to a different size drive or different drive location.
Or the drive could be incorrectly configured to use DMA access. Turning off DMA access in PC BIOS may resolve the problem.
Most likely, Windows 2000 cannot access the hard drive due, probably a different device driver on target computer from the model system image.
The target computer may have a hard drive controller that didn't exist on the model imaged system. Windows 2000 loads the old drivers, but cannot find the hardware.
If the original and target computers use the same drivers, but the target system partition is on a different IDE channel than the original model computer - Windows will try to get to the drive, but fails because drivers are not installed for that IDE channel.
To resolve this issue, configure the target machines hardware to match the model machine - this is probably not convenient.
Try editing the SysPrep.inf file and using SysPrep prior to creating the image.
1. Install SysPrep on the source computer.
2. Edit the SysPrep.inf file using notepad or other text editor:
- If the problem is due to which IDE channel is in use, type the following two lines under the [SysprepMassStorage] section:
Primary_IDE_Channel = %windir%\inf\mshdc.inf
Secondary_IDE_Channel = %windir%\inf\mshdc.inf
- If the problem is due to a new hard drive controller, add an entry for that controller to the [SysprepMassStorage] section. Required info will be different for each controller.
3. Save the file
4. Run SysPrep
5. Create and image of the disk

Windows 2000::PC System Imaging

To image from from one type of hardware to another, you can setup the driver for your drive controller to a standard one (not controller-specific). Before uploading image:

In Device Manager > IDE ATA/ATAPI controllers, update the hardware-specific driver labeled PCI Bus Master IDE Controller with a standard/generic driver.
Do not reboot after doing this or Windows will change it back.

Link::Application Deployment

Excellent resource for application deployment tools, tips, etc.

Windows 2000::Group Policy::Refresh Interval

"The interval at which a group policy is refreshed is defined by a refresh interval value and an offset interval value. The refresh interval is an amount of time between 0 (zero) and 64800 minutes (45 days), which is used to determine when the group policy should be applied next. By default, if the administrator does not modify the default setting, Windows 2000-based computers use 90-minute intervals. For domain controllers, the default is 5 minutes. This default for domain controllers is used because when a change to domain policy or rights is made, this reduces the latency in applying the change to domain controllers as replication occurs. If 0 (zero) is specified for the refresh interval, the refresh occurs in 7-second intervals.

To avoid the performance degradation that can occur if many Windows 2000-based computers request a group policy refresh from domain controllers at one time, a random offset interval is added to the refresh interval to determine the total amount of time between group policy application cycles. The valid range for the offset interval can be 0 (zero) to 1,440 minutes (24 hours). The default for Windows 2000-based computers is 30 minutes, while the default for domain controllers is 0 (zero) minutes."

"HOW TO: How to Modify the Default Group Policy Refresh Interval" MS KB 203607

Windows NT/2000::Elevated Privileges Application Launcher
"With EPAL the network administrator now has the ability of only giving the user local user privileges on their systems and have the application execute and some higher privilege level on the local system that they are currently logged on with. "