1) To Quickly Lock Your Screen
To lock your XP or 2003 workstation, press the Windows key + L. This trick doesn't work on Windows 2000.
2) Document your software and hardware configuration www.cpuid.com PC Wizzard www.belarc.com Belarc Advisor www.sysinternals.com BGInfo PC info on your desktop wallpaper 3) Upgrade to 2003 Considerations
- Always TEST your upgrade on a none production (non-live) server!
- Put in place a well planned quick Recovery scheme - Ghost the server or take a back up server off line temporarily
- Use the IIS Lockdown tool before Upgrading
- BACKUP – BACKUP – BACKUP (data and the complete Operating System
- When upgrading 2K server convert any basic disks to dynamic (back up first)
- When upgrading NT4 the page file must be on C:\ (after upgrade move it to a seperate drive)
- When upgrading NT4 remove allmulti-disk volumes
- When Upgrading NT4 must have minimum of SP5
- When upgrading 2K server must have minimum of SP4
- When upgrading do not boot from CD - instert your install CD after server is up and running
- When upgrading only from a similar version is allowed ie. 2K Standard -to- 2003 Standard
- Server should meet minimum hardware requirements 4) Private Range IP Addresses
Class A (10.h.h.h)
Class B (172.16.h.h-172.31.h.h)
Class C (192.168.0.h-192.168.255.h)
http://www.learntosubnet.com5) Addressing IPv4 vs. IPv6
IPv4 is a 32 bit Dotted Decimal address with Approx. 4 Billion Addresses - Example of IPv4 = 207.199.155.16
IPv6 is a 128 bit Hexadecimal address - Example A342:0000:0000:0000:123F:0000:0034:EA3D
Approx. 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
That equates to approximately 1500 addresses per square angstrom on the surface of the earth (an angstrom is equal to one one-hundred-millionth of a centimeter)
You can manually configure IPv6 addresses with the (netsh interface ipv6 add address) command
6) Dynamic storage
You no longer have partions, but you now create volumes
Designed to allow management of the disk and its volumes without the need for restarting the OS
Dynamic storage is normally incompatible on laptops (can be changed in the registry)
7) Diskraid Command line utility
Diskraid Command line utility to configure hardware RAID subsystems
It Works with any storage hardware that includes a Virtual Disk Service hardware provider
Windows Server 2003 in Resource Kit DISKRAID list drives
8) When You Delete A File Is It Gone For Good?
- When you delete a File on a NTFS drive it is written to 0’s (normally not recoverable)
- When you sell a computer is the Company Info going with it?
- The FBI says you need to over write a file/sector location more then 9 times
-- Search for File Wiping programs (Clean Sweep OR PGP)
- If a drive is damaged and you are willing to pay big bucks to recover the data try:
-- www.drivesavers.com
-- www.datarec.com
-- www.datarecoverygroup.com9) NTFS File & Share Permissions
Looking at Share Level Permissions alone, they are cumulative except for Deny
Looking at File Level Permissions alone, they are cumulative except for Deny
Combination of File and Share permissions are which ever is most restrictive
10) NTFS File & Share Permissions
In general, the best way to assign permissions is by performing the
following steps:
1. Assign user accounts to global groups within the user's domain.
2. Place global groups from any domain into universal groups.
3. Place universal groups into domain local groups on the domain
controllers (DCs), and place local groups on member servers and
workstations.
4. Assign permissions to the domain local groups or local groups as
necessary to access the network resources.
mnemonic: All Good Users Do Love Permissions
11) Convert from fat To NTFS?
Open a DOS Prompt window , Type:
convert c: /fs:ntfs You will need to restart your computer. This does not
erase the data. NOTE your file permissions will be set to Everyone Full Control
You should run Security Configuration And Analysis - then use the rootsec template to set the default NTFS permissions
12) The Recycle Bin deletes the files immediate
To configure a system to bypasses the
Recycle Bin and deletes the files immediately. follow these steps: 1. Launch
regedit. 2. Open
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket 3.
Change the NukeOnDelete value to 1 to enable immediate deletion or to 0 to
disable immediate deletion If the NukeOnDelete value doesn't exist, create it
as a DWORD value.
13) Public & Private Keys (PKI)
Public Key is provided by authorized by a Certification Authority used company or domain wide
Private or secret Key are attached to user ID account (delete the account - delete the key
Public Key Infrastructure (PKI) or asymmetric cryptography uses both public and private keys
Symmetric cryptography only uses one secret shared key (Week security)
The way it works is the Public Key is used to encrypt and the Private Key is used to decrypts
14) Windows 2003 File Encryption
Right click on the folder - choose properties - click the Advanced button
TechNet# 255742 = Methods for Recovering Encrypted Data
TechNet# 223316 = Best Practices for EFS
TechNet# 324897 = How to manage EFS in a 2003 Server
TechNet# 241201 = How to back up the recovery agent Encrypting File System (EFS) private key
Becareful using Encrypting File System to encrypt any data in a roaming user profile because the certificate required to decrypt a file won't be available on other computers to which the user might roam.
15) When is it Encrypted?
- If an encrypted file is copied or moved to another NTFS folder it stays encrypted
- If an encrypted file is copied or moved to a Fat drive then it is decrypted if it is done by the owner of the file
- If you Backup an encrypted file to tape it stays encrypted
- If you Attached an encrypted file to an email then it is decrypted if it is done by the owner of the file(With Keys)
- If you open a file on the server to your workstation it is not encrypted while Traveling on the Cat5 cable
- NOT for shared access files
- Do NOT reinstall Operating System, all keys are lost unless you export your key
- The only purpose to use EFS is if you are afraid of someone stealing your HD (Laptops)
- Data is stored in the page file unencrypted. Use GPO to clear page file on shut down.
- Data is stored when you hibernate a system in the hiberfil.sys file unencrypted.
16) CyberSafe Log Analyst (CLA)
The valuable CyberSafe Log Analyst (CLA) is included
in the Win2K Server resource kit. CLA is a Microsoft Management Console (MMC)
snap-in that lets you analyze the scattered Security logs of the systems in your
domain as a whole. CLA has 11 prebuilt reports that provide useful views of your
systems' security activity, but you can also design custom reports. On the
resource kit CD-ROM look in \apps\loganalyst directory
17) Auditing Explained
Account Logon = Users logon/off to domain
Account Management = User group management
Directory Services = Modifications of objects in AD
Logon Events = both computer&user net connections
Object Access = File & Registry Access (Set what file)
Policy Change = A User Right was assigned/removed
Privilege Use = GP set by user rights
Process Tracking = Application Development
System Events = startup, shut down, Event log cleared
Checking the Event Log www.webtrends.com ww.mrunix.net/webalizer Free www.boutell.com/wusage www.sans.org www.foundstone.com {Lots of good utilities}
eloglist.exe
dumpevt.exe 18) Recovery Console Commands
Disable (Services) DiskPart (add delete partitions)
Fixboot (install a second OS) FixMBR
ListSvc (lists all services and drivers available) Q25458219) Recovery Console Not Require the Administrator Password
How to configure the Recovery Console (RC) to Not Require Me to Enter the Administrator Password
Do the following steps:
1. Start a regedt32
2. Navigate to the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole
3. Double-click SecurityLevel 4. Set its value to 1 to not require password
entry (or 0 to require the user to enter the password)
5. Then click OK.
4. Close the registry editor.
You can also use the Microsoft Management Console (MMC) Local Security Settings snap-in
go to Local Policies
Security Options
"Recovery console: Allow automatic administrative logon" enable
20) Computer naming Rules
Windows 2003 does not allow computer names containing an
underscore character or all numbers. The underscore is not recognized by the DNS
standard.
21) Do You Logon As the Administrator?
Administrators should have two logon accounts
One account with Administrator right s
A second account with User rights
Don’t read your e-mail with admin rights **Virus now has admin rights**
If many staff logon as the true Administrator and then there is problem, who gets blamed? Try RunAs below
22) Windows RunAs Utility
RunAs available on XP/2000/2003
You do not want to read you e-mail or surf the web logged in with Administrator
rights. If you catch a virus, worm or hack it has Adminitrative rights.
Logon with normal user right for these functions.
Allows you to be logged on as a regular user then run a program as
a user with Administrator rights
1/ Using a Dos command (Prompted for password) RUNAS /user:username command
2/ Hold down SHIFT then RIGHT Click the program
3/ Modify the properties of a short cut Q22503523) What is a Difficult Password?
Upper and Lower case and numeric with some:
Strange characters @ ! - _ $ % * &
Minimum 7 characters
Try the ASCII table
(number pad)
Alt 0188 = ¼
Alt 013 = return char
Don't use just a word - use a phrass
24) How to install System restore on server 2003
With an XP install CD, system Doesn't matter if it's home or pro. Right click on CD\i386\sr.inf and select 'install', to install it on server 2003.
If that does not work try the following
If you have XP installed doesn't matter if it's Home or Pro on another computer/partition
Find the following files on your XP and copy them to a CD or floppy or share
filelist.xml
rstrui.exe
sr.inf
sr.pnf
sr.sys
srclient.dll
srdiag.exe
srframe.mmf
srrstr.dll
srsvc.dll
from the 2003 server right click on sr.inf select 'install'
After doing either of the above two you will need to restart
After restarting you'll get an error saying the service couldn't start. Specifically the error is error 1068. Not to worry, yet.
Opened up regedit and go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
On the right hand double clicked on netsvcs.
to the list added SRService
You must rebooted. Now everything should be fine. But Please test!!!!
25) Command-line Utilities -a- BITSAdmin
Downloading using browser's takes up too much bandwidth, so use Background Intelligent Transfer Service (BITS) instead. Control teh rate of your downloads. You can copy it to WinXP with no problems. -b- Cprofile.exe
Enables you to remove wasted disk space from user profiles. This utility can be especially helpful in reducing the disk space used by Terminal Services user profiles
-c- dcpromo
Demoting or promot a Domain Controller (Active Directory) -d- domainrename
Allow you to rename of any domain. Every DC in forest is updated and needs to be rebooted. Machines in renamed domains must be rebooted. Forest root can be renamed, but forest root role cannot be moved. Only available if all Domain Controllers are 2003 Server (Native) -e- DCDIAG
Analyse state of domain controllers in forest. It runs several tests and report problems
-f- NETDOM
Manages and verifies Windows 2003 domains and trust relationships. Verifies domain controllers have correct credentials, can replicate with partners, etc -g- NTFRSUTL
Examines state of File Replication Service on local or remote computers. Verifies that a server is a member and subscriber of the SYSVOL replica set. The replica set is the set of files and folders specified to replicate. View daily replication schedule. Troubleshoot FRS configuration problems. -h- REPADMIN
Windows 2003 Support Tools utility. Diagnose replication problems between domain controllers.
Show replication partners. Can be used to force replication between domain controllers. Discover from where domain objects are replicated -i- whoami
A quick way to determine exactly the groups to which a user belongs. To view a list of all groups to which the user belongs, enter the command whoami /groups. or /all. 26) How Much Virtual Memory
Control Panel > System > Advanced > Performance Options > Change
Set initial and Max same size > 2.5xRam for Professional
Set initial and Max same size > 3.5xRam for Server
If you have a second hard disk, set it there. Much better performance!
If PC increases the size of the page file, after a restart it goes back to Initial size. Q12374727) A List Of Well-Known Ports
C:\WinNT\System32\Drivers\Etc\Services
28) Install 2003 Server Admin tools on XP
Administrative Snap-ins
Put the 2003 Server CD in your XP workstation after you log in with Domain Admin rights
Using Windows Explorer browse to CD:\i386
Double click on Adminpak.exe and accept all defaults. Don't forget to set proper permissions.
29) Manage Windows 2003 From A Web Browser
Learn how to remotely administer a Windows Server 2003 system without using dedicated remote control software. ct.com.com/click?q=e1-6RmNQxk3EzzkO~dMxdAL3x0q555g 30) Display detailed statistics about your servers' performance
Windows Server 2003's implementation of DHCP includes the ability to display detailed statistics about your servers' performance. To view these statistics, begin by opening the DHCP console.
In the console tree, select your DHCP server.
Next, choose Action | Display Statistics.
You now see information about how long your server has been running, how many requests for IP addresses it has received and how many offers of IP address leases it has sent (Acks).
31) Server 2003 Resource Kit
Download the resource kit @ Microsoft® Windows® Server 2003 Resource Kit Tools
Some new tools in the Resource Kit include:
-Dvdburn.exe, which enables you to burn DVDs.
-Lockoutstatus.exe, which you can use to view the account lockout status of users.
-Memmonitor.exe, for monitoring applications' memory usage.
32) Test the configuration of your Windows 2003 DNS servers
To test your server's configuration, begin by opening the DNS console.
Next, select and right-click on your server, and then choose Properties.
Select the Monitoring tab.
To test a simple query, select the A Simple Query Against This DNS Server check box.
To test a recursive query, select the A Recursive Query To Other DNS Servers check box.
Click Test Now to test your server.
Also
use the Nslookup command nslookup , where is the name of a computer or the fully qualified domain name such as www.dananne.com. nslookup -q=mx gives you a list of mail servers and IP addresses for that domain name .
33) Auto Creating User Accounts
You can type in the user information in Using Excel
and then create a Visual Basic script. Q230750 34) Creating users & other objects with DOS Commands
TO create your accounts in a specific Organizational Unit (OU).
Use the DSADD command in Windows 2003.
This DSADD example creates a user named Joe Shmoe in an OU named Staff in a domain called Company.com:
dsadd user "cn=Joe Shmoe,ou=Staff,dc=Company,dc=com" -samid jshmoe -disabled no -pwd *
This creates the account, enables it and prompts you to enter and confirm the user's password.
The DSADD command is also useful for creating OUs, groups, contacts and other objects.
Change object settings with DSMOD
Move the object to a new OU with DSMOVE
Delete the object with DSRM
35) 10 DHCP Addresses Cashed in RRAS
When a Routing and Remote Access server provides dynamic configuration for dial-up clients, it first performs the following steps:
When the RRAS server starts it obtain 10 IP addresses from a DHCP server.
The RRAS access server utilizes the first IP address for the RRAS interface.
The remaining nine addresses are allocated to TCP/IP-based clients as they dial in to establish a session with the remote access server.
IP addresses that are freed when remote access clients disconnect are reused.
When all 10 IP addresses are used, the RRAS server obtains 10 more.
When the RRAS service is stopped, all 10 addresses are released.
36) Stop NTFS from generating the 8.3 file-naming
This will Speed up file saves
1) bring up the registry
2) goto: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem
3) Change NtfsDisable8dot3NameCreation, value to 1
37) Prevent from updating the date and time stamp of folders
1) bring up the registry
2) goto: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem
3) Change NtfsDisableLastAccess, value to 1
This will speed up disk access. Also this does not prevent an update to the file-access information when a file is opened or changed
38) Remote Desktop Web Connection
You can install the Remote Desktop Web Connection ActiveX control on
a web server so that you can then connect and manage any server on your network.
You can install the Remote Desktop Web Connection utility on any
web server on which you've installed Internet Information Server
4.0 or later. Your next step is to download Remote Desktop Web Connection by
going to www.microsoft.com/downloads/details.aspx?FamilyID=e2ff8fb5-97ff-47bc-bacc-92283b52b310&DisplayLang=en
Install the utility by double-clicking on the tswebsetup.exe installation file.
The setup utility creates a folder named Tsweb within the \Inetpub\wwwroot folder
that contains a sample web page named Default.htm. This web page uses the Remote
Desktop Web Connection ActiveX control.
You can access the Remote Desktop Web Connection web page by entering
"http://web_server_name/tsweb"
(Replace web_server_name with the name of your web server.) When
you connect to the Remote Desktop Web Connection web page, you're
prompted to enter the name of the computer you want to manage. That's it
39) To configure Administrator account to lock out after x number of failed logon attempts
you need a tool called Passprop.exe. You can find this utility in the Netmgmt.cab file on the Windows 2000 Professional Resource Kit or the Windows 2000 Server Resource Kit.
40) Microsoft ® Windows Server ™ 2003 Performance Advisor http://www.microsoft.com/downloads/
the latest version of Server Performance Advisor, which is a simple but robust tool that helps you diagnose the root causes of performance problems in a Microsoft Windows Server 2003. It provides several specialized reports, including a System Overview (focusing on CPU usage, Memory usage, busy files, busy TCP clients, top CPU consumers) and reports for server roles
Back To Main Page
Windows 2003 Information
34) Creating users & other objects with DOS Commands
Back To Main Page
