Windows NT 4 Information
Microsoft no Longer Updates or Supports
as of January 1, 2005
Microsoft will offer a minimum of 10 years support (5 years of Mainstream support and 5 years of Extended) for Business and Developer products. Self-help online support is available for a minimum of 10 years after the product is released
1) AUTOEXNT - Batch files to run as service at startup
The above allows batch files to run at start up with out logging in. It can be
found on the resource kit Installed as a service
2) Batch Command to Compact or Compresses files on NTFS
compact /c /s d:\data\graphics /i
Compact /c /u /s :Directory /a /i /F /Q filename
/c = compress the specified file or directory
/u = uncompress the specified file or directory
/s = do it on this directory and all subdirectory
/a = Displays Hidden or System files
/i = Ignores any errors that may occur and continues
/f = compress all files and skip the ones already compressed
/Q = reports only most essential information filename or directory to be
compressed but not subs
3) Schedule an Emergency Repair Disk
It automatically creates the repair disk to the repair directory. You need to
create a share on the network called RDISK$. Save this file in that new
directory. Set file permissions for the scheduled user only Script is as follows:
rdisk /S-
xcopy /I
%SystemRoot%\repair\*.*
\\PDC\RDISK$\%Computername%
To schedule automatically you need to allow it to have network access
1) enable the schedule service to run under a user account (easier) -Services
in the control panel - log on as a user
2) enable the remote share to have connections as a NULL System Share - (in
registry) {but More secure} on the PDC
HKEY_LOCAL_MACHINE\SYSTEM|CurrentControlSet\Services\LanmanServer\Parameters\NullSessionShares
add the name of your new share RDISK$
You need to set the schedule service to automatic for both cases
Use the AT Command
at 3:00 /every:m,t,w,th,f \\pdc\rdisk$\makeerd.cmd
4) Stop or start a service from batch and at commands
Batch file that runs with the "at" command to shut or start services,
heres a copy of what would be in stop.bat and start.bat sitting on the root of
c: on the server. It is important (only way) that the command line is written
the same way that it is in the server manager (upper,lower case). Stop.bat =
the following
net stop "Server" /Y
net stop "Microsoft DHCP Server" /Y
net stop "Windows Internet Name Service" /Y
Start.bat = the following
net start "Server" /y
net start "Microsoft DHCP Server" /Y
net start "Windows Internet Name Service" /Y
5) NTFS Conversion from fat
at the DOS command type: convert c: /fs:ntfs
NOTE: Your file level permission will be Everyone Full control
6) DOS Here Right Click
Open Regedit
HKEY_CLASS_ROOT\Directory\Shell
Add a sub-key in Shell called DosHere
Add a sub-key in DosHere called Command
Change default value in Command to read:
cmd.exe /k cd %1 7) Disable Drive Letters
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\Explorer
Add >>REG_DWORD >> NoDriveTypeAutoRun
the mask 10000000000000000000000111 would hide the Z drive and the A, B, &
C drives.
8) Disable Cache Logons
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
REG_SZ >> CachedLogonsCount
Value: 0
9) Disable other Subsystems OS2 & Posix
Open Regedt32 HKEY_LM\System\CCS\Control\Session Manager\Subsystems
Open the string called Optional
Add REM to the beginning of both Os2 & Posix
10) Stop Sharing of CD and Floppy
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\WinLogon
Add Edit Reg_String - AllocateFloppies & AllocateCDRoms = value of 1
11) Force Passwords to be Complex and Administrator
account to be Locked out
At the Dos command Type:
passprop /?
passprop /adminlockout
passprop /noadminlockout
passprop /complex
passprop /simple
12) Stopping Anonymous Enumeration information
Microsoft Knowledge Base Article Q143474
HKLM\System\CCS\Control\Lsa
Add Reg_DWORD RestrictAnonymous and set its value to 1
Stopes null user sessions to remotely download a complete list of usernames, groups and sharenames.
13) Restrict remote access to the registry
Microsoft Knowledge Base article Q186433
HKLM\System\CCS\Control\SecurePipeServers\winreg
Ensure the permissions are Administrators=Full, System=Full
14) To disable the LANMAN protocol
MS. Knowledge Base Q147706
HKLM\System\CCS\Control\Lsa
Add Reg_DWORD LMCompatabilityLevel and give it a value (3-5 need >SP3)
1 Will send LANMAN when server requests it
2 never send LANMAN, but NTLM (56 Bit)
3 the system will use only NTLMv2 authentication
4 domain controllers refuse LM authentication
5 domain controller accept only NTLMv2 (128 Bit) authentication
15) Force complex passwords
Use Regedt32 HKLM\System\CCS\Control\Lsa Edit Notification Packages add
PASSFILT = filter without the .dll extension Upper & Lower Case &
Numbers & 6 Char. Only enforced when you do Ctrl Alt Del MS. Knowledge Base
Q161990 Remove FPNWCLNT - Possible Trojan Horse- Capture password & email
them Write your own password filter KBA Q151082
16) Use a registry edit to see backups and restores in
event viewer audites
HKLM\System\CCS\Control\Lsa
FullPrivilegeAuditing Reg_DWORD 1
Can overwhelm the log so use cautiously
17) Using the Registry to relocate your security log file
HKLM\System\CCS\Services\EventLog\Security
Change File to read the new location
18) Enable SMB Signing security
set both keys
HKLM\System\CCS\Services\LanmanServer\Parameters
HKLM\System\CCS\Services\Rdr\Parametes
Reg_DWORD EnableSecuritySignature set to 1
Reg_DWORD RequireSecuritySignature set to 1
MS. Knowledge Base Q161372
19) A path spoofing example
Copy c:\winnt\system32\cmd.exe to the root directory (C:\)
Rename cmd in the root to explorer
Don’t use the extension (exe), if your extensions are hidden
20) Disable the CD-ROM Auto-run
HKLM\System\CCS\Services\CDROM
Change AutoRun REG_DWORD 0
21) Limit control of print drivers to Administrators and
Print Operators
Printer drives run at the highest privilege level (kernal mode)
HKEY_LOCAL_MACHINE\System\CurrentcontrolSet\Control\Print\Providers\LanManPrintServices\Servers
REG_DWORD >> AddPrintDrivers >> 1
22) View DLL’s Loaded on your system
Using Regedt32
HKLM\System\CCS\Control\Session Manager\KnownDLLs
All DLL’s in your System32 should be listed here
23) Shut down your system when the Audit log fills up
HKEY_LOCAL_MACHINE\System\CurrentcontrolSet\Control\LSA
change REG_Dword CrashOnAuditFail to = 1
24) Auto Logon User
Using Regedt32.exe or regedit.exe go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon
Add REG_SZ = “AutoAdminLogon” = 1
Add REG_SZ = “DefaultPassword” Value = What ever the password is for the user.
Change the value of DefaultUser to the name of the user you want to login.
Hold Shift key down to logon as new user, MS Knowledge base Q253370
You can also Download TweakUI (a free utility) from Microsoft
25) Manually synchronizes SAM
net accounts /sync
To sync BDC’s with PDC use on PDC
To sync one BDC with PDC use on BDC
Server Manager only partially synchronizes
Automatic after 2000 changes to SAM
26) Tricks with RDISK
Normal RDISK only backs up local Administrator account and password
RDISK /S-
/S = Include a full copy of the SAM
- = writes files to C:\Winnt\repair
27) Registry Backup and restore
On the Windows NT Resource Kit
Regback.exe
Backs up registry hives that are open and in use
Regback directory
Regrest.exe
Restores hives, no effect until you reboot
Regrest newfilename savefilename hivetype hivename
28) NT Workstations Not on Browse List
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\
Add Value - Hidden
Dword = 1
29) Not Master Browser - Stop Elections
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browsers\Parameters\MaintainServerList
REG_SZ = No
30) Hide The Last Logged On User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon
Add Value = DontDisplayLastUserName
Data Type = Reg_SZ
String =1
31) Create your ownWelcome Tips
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\tips
C:\WINNT\Welcome.exe
to admire your work!
32) Security Logon Warning
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
Double click on = LegalNoticeCaption
Type = Unauthorized Access Warning
Double click on = LegalNoticetext
Type = WARNING! By accessing and using this system you are consenting to system
monitoring for law enforcement and other purposes. Unauthorized use of this
computer system may subject you to criminal prosecution and penalties!
33) Prevent Changes to Your Desktop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Change Value = NoSaveSettings
Set value to = 1
34) Storing System Policies
In Windows 95, they are stored in \WINDOWS\CONFIG.POL.
In Windows NT Server, they are usually stored in the \NETLOGON share.
C:\WINNT\SYSTEM32\REPL\IMPORT\SCRIPTS\
NTCONFIG.POL
In Novel NetWare, they are stored in SYS:\PUBLIC
35) Disable short file name generation
On any NTFS partitions you have.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem
Add Value = NameNumericTail
Value Type = Binary <> Set value = 1
OR
NTFSDisable8dot3NameCreation = 1
36) Disabled password caching
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network
If password caching is disabled, the DisablePwdCaching string value has a value
data of 1. To enable password caching, change the value data to "0"
(without quotation marks).
37) Clearing the page file
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session\Manager\Memory
Management
Value ClearPageFileAtShutdown REG_DWORD Value = 1
Shutdown time will increase proportional to the amount of installed RAM, so
this change may not be appropriate for installations where server restart time
is at a premium. To force Windows NT to clear the page file at shutdown,
38) Auto Power down at shutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Set PowerDownAfterShutdown to = 1 ??? may actually do restart
Only Works withATX Mother Board And ATX Switch and ATX Power Supply
Need Service pack 4 & updated Hall >> HAL.DLL.SOFTEX >rename
to> HAL.DLL
39) NumLock to start as On
HKEY_CURRENT_USER\ControlPanel\Keyboard\InitialKeyboardIndicators
Value = 2
40) Disable Adminisrtative shares
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/LanmanServer/
Parameters >=> set AutoShareServer value to = 0{zero}
41) Change location of spooler location
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Print/Printers
Set value DefaultSpoolDirectory to new path
If you want to set different Directories per Printer go one level further find
printer you want add new value SpoolDirectory >> REG_SZ type >>then
path
42) How to add a second CPU in NT 4
On the Resource Kit use uptomp.exe for it to recognize more CPU's
43) Windows 16 bit always in there own NTVDM
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/wow
Reg_String DefaultSeperateVDM
valuedata = yes
44) Controling Master browser updates
Master browser contacts domain master browser to update list
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Browser\Parameters
DWord MasterPeriodicity default 720 in seconds
1800 = 30 mins
45) SMB Connections to close
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/LanmanWorkstation/Parameters
DWord KeepConn default 600 = 10 Min
1 to 65535 seconds
46) Netbios Name Resolution Mode
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/NetBT\Parameters
DWord NodeType
4 = M-Node <> Multiple site domain Name resolution - bradcast followed by
name server - this ensures the local domain controler is always contacted first
47) NTFS Last access time ubdate
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem
DWord NTFSDisableLastAccessUpdate = 1
48) Increase TCP Window size
HKEY_LOCAL_MACHINE\System\CurrentControlSet\ServicesTCPIP\Parameters
DWord value TCPWindowSize
data = 00007fff = 32k window
- Normal Lattency
- 100 MS data = 0000ffff = 63k window
- High Lattency - 200 MS
49) NTFS File & Share Permissions
Share Level Permissions are cumulative except for Deny
File Level Permissions are cumulative except for Deny
Combination of File and Share permissions are most restrictive
Back To Main Page
Windows NT 4 Information
Back To Main Page
