Page Eleven ...back it up before you break it! 

...select an «Item number» to view a topic, «Title number» to return.
«Item 251» Differences In the User Profiles In Windows
«Item 252» BOOT.INI And ARC Path Naming Conventions And Usage
«Item 253» Memory Subsystem Tweaking
«Item 254» How To Run Windows Explorer As A Separate Process
«Item 255» Using IP Security Policy Management
«Item 256» Select An IPSec Policy For A Workstation
«Item 257» How To Use IPSec Monitor
«Item 258» IPSec and you...
«Item 259» How To Increase Shutdown Time For Services To Close Properly
«Item 260» Configuration Of the My Documents Folder
«Item 261» How To Clear the Windows Paging File At Shutdown
«Item 262» Description of Enhanced Chkdsk, Autochk, and Chkntfs Tools
«Item 263» An Explanation Of CHKDSK and the New /C and /I Switches
«Item 264» How To Disable A Service That Prevents Booting
«Item 265» The Disk Manager Diagnostics (Dmdiag.exe) Command-Line Tool
«Item 266» The Windows File Protection Feature
«Item 267» Registry Settings for Windows File Protection
«Item 268» Description of the Windows System File Checker Tool
«Item 269» Quickly Lock Your Desktop By Clicking a Shortcut On the Taskbar
«Item 270» Description of Device Manager in Windows 2000
«Item 271» Configuring Page Files for Optimization and Recovery
«Item 272» Automating the Disk Cleanup Tool
«Item 273» Reading Small Memory Dump Files Created By Windows
«Item 274» Rescan the SCSI Bus For New Devices
«Item 275» DevCon Command Line Utility Alternative to Device Manager

«251» Differences In the User Profiles In Windows

Windows 95, Windows 98, Windows NT, and Windows 2000 contain and support user profiles and in many respects, they behave the same. However, there are some differences. These differences may cause a Windows 95 or Windows 98 user profile to not be used or transferred to a Windows NT 4.x or Windows 2000 user profile with the exception of Windows 95 and Windows 98 clients that have been upgraded to Windows 2000 Professional. In this case, their user profile are converted.

Following are the key differences in behavior of user profiles for each operating system group.

Windows 95 and 98

When you log on to a Windows 95 or Windows 98 computer, the user profile is copied from the user's home directory to the local machine. When you log off, the user profile is then copied back to the user's home directory. The home directory is set in the user's account on either a Windows NT 4.x Server or Windows 2000 Server, Advanced Server or Data Center. This path must be in the Universal Naming Convention (UNC) and must be created prior to the implementation. Other differences include:

ø No support for common groups.
ø No support for a centrally stored Default User Profile.
ø Different files for the registry portion of User Profiles.
The User.dat file in the various Windows operating systems is not interchangeable with the Ntuser.dat file in Windows NT 4.x or Windows 2000 profiles, primarily because the registry, which is a key component of the User Profile, is incompatible between operating system versions.
ø Windows 95 and Windows 98 User Profiles can be stored on NetWare servers.

Windows NT and Windows 2000

User profiles in Windows NT and Windows 2000, for the most part, function the same. These operating systems support local, roaming and mandatory profiles. However, there are some differences.

ø Windows NT 4.x uses the %SystemRoot%\Profiles folder to store profiles.
ø In Windows 2000, the Systemdrive \Documents and Settings folder is used.
Computers that are upgraded from Windows NT 4.x to Windows 2000 will retain and use the %SystemRoot%\Profiles folder.
ø Windows NT 4.x handled duplicate down-level account names by adding the following to the username of the profile: .000
(where each subsequent logon with a different user of the same name would increment the suffix by one).

¤ Windows 2000 handles duplicate down-level account names as well but in a slightly more intuitive manner. A suffix is placed on the username of the profile that is either the name of the domain, if the user account is a domain account, or the name of the computer, if the user account is a local user account. If, by chance, another user with the same name from the same domain or computer logs onto the machine, Windows 2000 adds a .000 suffix to the domain or computer name. If the action happens again, it then starts incrementing the .000 as well.
¤ Windows NT 4.x profile merge algorithm was not a merge but rather an Xcopy with full synchronization support.

[ Article Q269378 ]

«252» BOOT.INI And ARC Path Naming Conventions And Usage

The path to each Windows NT installation is described in a single line in the BOOT.INI file for x86-based computers;  however, on RISC-based computers a set of four lines is used in the computer firmware BOOT- options to point to a single Windows NT installation. If there are multiple installations of Windows NT on your x86-based computer, the BOOT.INI has one ARC path for each installation in it. You are prompted with a boot menu during the boot process to choose the installation you want to boot.

The KB Article Q102873 explains the conventions in the Advanced RISC Computing (ARC) specifications that are used to define the path to a Windows NT installation on Intel x86-processor-based computers and RISC-based computers. This article consists of the following sections:

» x86-Based and RISC-Based ARC Paths Comparison
» Differences Between the MULTI(X) and SCSI(X) Syntax and Application
» Examples of x86-Based and RISC-Based ARC Paths

«253» Memory Subsystem Tweaking

The memory subsystem is always one of the most important systems to tweak within an OS. Not only does it control the RAM, but it also dictates much of how the other subsystems within the computer communicate with each other.

Several Registry settings can be used to tweak the memory subsystem from within Windows 2000. The following values can be found at:

HKLM/System/CurrentControlSet/Control/Session Manager/Memory Management

DisableExecutivePaging - When enabled, this setting will prevent the paging of the Win2k Executive files to the hard drive, causing the OS and most programs to be more responsive. However, it is advised that people should only perform this tweak if they have a significant amount of RAM on their system (more than 128 MB), because this setting does use a substantial portion of your system resources.  By default, the value of this key is 0. To enable it, set it to 1.

LargeSystemCache - When enabled (the default on Server versions of Windows 2000), this setting tells the OS to devote all but 4 MB of system memory (which is left for disk caching) to the file system cache. The main effect of this is allowing the computer to cache the OS Kernel to memory, making the OS more responsive. The setting is dynamic and if more than 4 MB is needed from the disk cache for some reason, the space will be released to it. By default, 8MB is earmarked for this purpose. This tweak usually makes the OS more responsive. It is a dynamic setting, and the kernel will give up any space deemed necessary for another application (at a performance hit when such changes are needed). As with the previous key, set the value from 0 to 1 to enable. Note that in doing this, you are consuming more of your system RAM than normal. While LargeSystemCache will cut back usage when other apps need more RAM, this process can impede performance in certain intensive situations. According to Microsoft, the "[0] setting is recommended for servers running applications that do their own memory caching, such as Microsoft SQL Server, and for applications that perform best with ample memory, such as Internet Information Services.

IOPageLockLimit - This tweak is of questionable value to people that aren't running some kind of server off of their computer, but we will include it anyway. This tweak boosts the Input/Output performance of your computer when it is doing a large amount of file transfers and other similar operations.  This tweak won't do much of anything for a system without a significant amount of RAM (if you don't have more than 128 MB, don't even bother), but systems with more than 128 MB of RAM will generally find a performance boost by setting this to between 8 and 16 MB. The default is 0.5 MB, or 512 KB. This setting requires a value in bytes, so multiply the desired number of megabytes * 1024 * 1024. That's X * 1048576 (where X is the number, in megabytes). Test out several settings and keep the one which seems to work best for your system.

«254» How To Run Windows Explorer As A Separate Process

By default, the Windows NT Desktop, Taskbar, and Explorer run in a single process using multiple threads. If you modify the Registry, enabling the DesktopProcess entry, the Taskbar and Desktop will run in one process with each instance of Explorer in a separate process. Each new instance of Explorer.exe will use its own thread.

Open Regedit and navigate to this subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer

Create, or modify, the Entry Name: DesktopProcess ; Data Type: DWORD ; and set the Data Value to 1 (default is 0).

This entry will allow access to the taskbar and desktop when Explorer becomes unresponsive.

«255» Using IP Security Policy Management

Windows Internet Protocol Security (IPSec) is a key line of defense against internal, private network, and external (Internet, extranet) attacks. IPSec is designed to encrypt data as it travels between two computers, protecting it from modification and interpretation if anyone were to see it on the network. IPSec is controlled using a policy configuration that you create using the IP Security Policy Management snap-in.

1. Click Start, click Run, type mmc, and then click OK.
2. On the Console menu, click Add/Remove Snap-in.
3. Click Add, and then double-click IP Security Policy Management.

Follow the instructions that appear on the screen.

NOTES:

» For in-depth information about IP Security, open the IP Security Policy Management snap-in, and then on the Help menu, click Help Topics.
» For more information on IP Protocol Security (IPSec) and its implementation in Windows 2000 see the following Microsoft Knowledge Base article:

Q265112 IPSec and L2TP Implementation in Windows 2000

«256» Select An IPSec Policy For A Workstation

1. Open Network and Dial-up Connections.
2. Click Local Area Connection, and on the File menu, click Properties.
3. In the Local Area Connection Properties dialog box, under Components checked are used by this connection, click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced, and then click the Options tab.
5. Under Optional settings, click IP security, and then click Properties.
6. Click Use this IP security policy, and then select the IPSec policy you want from the drop-down list.

NOTES:

ø You must be a member of the Administrators group to set Internet Protocol security (IPSec) policies. If the computer participates in a Windows 2000 domain, the computer may receive the IPSec policy from Active Directory, overriding the local IPSec policy. In this case, the options are disabled and you cannot change them from the local computer.
ø To open Network and Dial-up Connections, click Start, point to Settings, click Control Panel, and then double-click Network and Dial-up Connections.
ø There are three predefined security policies: Client (Respond Only), Server (Request Security), and Secure Server (Require Security).
ø Activating the Client (Respond Only) policy will not secure traffic unless the destination computer requests it. A server policy may need to be customized to work transparently with some programs and networks.
ø For in-depth information about IP Security and the predefined security policies, open the IP Security Policy Management snap-in, and then on the Help menu, click Help Topics.

«257» How To Use IPSec Monitor

Windows 2000 supports the use of Internet Protocol security (IPSec) to secure communications between computers. IPSec is a cross-platform protocol. Windows 2000-based computers use IPSec policies to control which communications require the use of IPSec. A computer can require that IPSec secures all communications, or only a subset of all communications can be required to use IPSec. You use IPSec filters to control when IPSec is applied.

To test the IPSec policies, use IPSec Monitor. IPSec Monitor (Ipsecmon.exe) provides information about which IPSec policy is active and whether a secure channel between computers is established.

To Start IPSec Monitor:

1. Click Start, and then click Run
2. In the Open box, type ipsecmon
3. Click Options.
You can change the Refresh interval in the IP Security Monitor Options dialog box.

To see how IPSec Monitor functions, you need two Windows 2000-based computers that are members of the same Windows 2000 domain. One computer is the IPSec client computer and the other computer is the IPSec server. The following two sections describe how to configure the IPSec client computer and IPSec server to test a security policy.

IPSec Client Computer:

1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
2. Click to expand the Security Settings node in the left pane, and then click the IP Security Policies node.
3. Double-click Client (Responds Only) policy in the right pane.
4. Click to clear the Dynamic check box, and the click to select the All ICMP Traffic check box.
5. Double-click the All ICMP Traffic rule, click the Filter Action tab, and then click Require Security.
6. Click Apply, and then click OK.
7. Click Close.

IPSec Server Computer:

1. Click Start, point to Programs, point to Administrative Tools, and then click Local Security Policy.
2. Click to expand the Security Settings node in the left pane, and then click the IP Security Policies node.
3. Double-click the Secure Server (Require Security) policy in the right pane.
4. Click to clear the All IP Traffic and the Dynamic check boxes, and then click to select the All ICMP Traffic check box.
5. Double-click the All ICMP Traffic rule.
6. Click the Filter Action tab, and then click Require Security.
7. Click Apply, and then click OK.
8. Click Close.
9. On the IPSec client computer, start IPSec Monitor.
10. From a command prompt, type ping -t ipsec_server_ip_address.
For the first few seconds, a "Negotiating IPSec Policy" message is displayed, and then you receive Internet Control Message Protocol (ICMP) echo replies. When you bring IPSec Monitor to the foreground, you see that the IPSec security association is established and the filter name is listed as "ICMP."
11. Close the command window to stop the ping command. Note that the IPSec security association continues for a short period of time before timing out.

To restore the default IPSec policies on each computer:

1. Right-click the IP Security Policies node in the left pane, point to All Tasks, and then click Restore Default Policies
2. Click Yes when you receive the "Are you sure?" message.
3. Click OK to confirm that the default policies have been returned to their default values.

«258» IPSec and you...

An article. Copyright ©1998-2001, AnalogX. All rights reserved.

Introduction

Everyone wants their server to be as secure as possible, but there are many different approaches that can be taken to accomplish this ends. Now Microsoft didn't invent IP Security (or IPSec for short), it was developed by them in conjunction with Cisco and the IETF, but Windows 2000 has a very robust implementation of it built in. The intent of IPSec is to help in creating secure connections between different machines, even when the software that's communicating has no knowledge of the encryption. IPSec can also be used to apply rules as to what kind of IP traffic a machine will accept, akin to a limited firewall - that part of IPSec is what this article deals with.  I'm going to assume that if you're reading this, you already have Win2k installed and know how to get to the IPSec administration portion - if you don't, please check the additional resources section.

[ To see this article in its entirety, go here ]

«259» How To Increase Shutdown Time For Services To Close Properly

The WaitToKillServiceTimeout value name in the Registry allows you to specify a length of time that the service control manager must wait for services to complete the shut-down request.

To specify the wait time, do the following:

1. Start the Registry Editor (Regedt32.exe) and locate the following Registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

2. On the Edit menu, click Add Value.
3. Enter the following:

Value Name: WaitToKillServiceTimeout
Data Type: REG_SZ
String: <In milli-seconds; default is 20,000>

NOTE: Try not to increase the shut-down time. For example, if you lose power, it is possible that your uninterruptible power supply cannot provide backup power for the computer long enough to allow all the services to shut down properly, as well as the operating system.

4. Click OK and then quit the Registry Editor.
5. Shut down, and then restart Windows.

[ Article Q146092 ]

«260» Configuration Of the My Documents Folder

The My Documents folder is a component of the user profile that is used as a unified location for storing personal data. By default, the My Documents folder is a folder in the user's profile that is used as a default storage location for saved documents.

Optionally, an Administrator can use folder redirection in a group policy to modify the location of My Documents to reside on a network share. When users save documents to the My Documents folder, the files are actually saved on an assigned network location and can be backed up by the Administrator.

The path to the My Documents folder is stored in the following Registry key, where path is the complete path to your storage location:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Value Name: Personal
Value Type: REG_SZ
Value Data: path

Any modification from the default is recorded in the following location and the path listed earlier is also updated:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Value Name: Personal
Value Type: REG_SZ
Value Data: path

If the Administrator redirects My Documents by using group policy folder redirection, the path is present in this value and the option to modify the location of the My Documents folder is not available when you view properties of the My Documents folder.

How to Change the My Documents Folder Storage Location

When the properties of the My Documents folder (the desktop icon) are displayed and a group policy has not been established to redirect the folder, you can change the path to the My Documents folder and you can move the contents from the old location to the new location:

1. Right-click My Documents (on the desktop), and then click Properties.
2. In the Target box, type the new path to the My Documents folder, or click Move to browse to the folder and if needed, create a new My Documents folder.  If the path you type does not exist, you are prompted to confirm creating a new folder.
3. Click Yes to move files from the old My Documents location to the new location, or click No if you do not want to move these files. Note that clicking No does not delete the files in the old location, but means they are no longer visible from My Documents after the change.

Restoring the Default My Documents Path

If the current My Documents path is incorrect or is no longer available, the Restore Default option may be used to restore the default path.

NOTE: This option is not displayed when group policy folder redirection is in effect for this folder.

1. Right-click My Documents (on the desktop), and then click Properties.
2. Click Restore Default. The restore operation uses the following registry value (where user ID is the appropriate user ID) to determine the default location based on the user's profile and appends "\My Documents" to form a complete path:

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList\user ID

Value Name: ProfileImagePath
Value Type: REG_EXPAND_SZ

[ Article Q221837 ]

«261» How To Clear the Windows Paging File At Shutdown

This Item documents a method for clearing the Windows paging file (Pagefile.sys) during the shutdown process, so that no unsecured data is contained in the paging file when the shutdown process is complete.

Some third-party programs may temporarily store unencrypted (plain-text) passwords or other sensitive information in memory. Because of Windows virtual memory architecture, this information may be present in the paging file. Although clearing the paging file is not a suitable substitute for physical security of a computer, you may want to increase the security of data on a computer while Windows is not running.

1. Start the Registry Editor (Regedt32.exe).
2. Change the data value of the ClearPageFileAtShutdown value in the following Registry key to a value of 1:

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

If the value does not exist, add the following value:

Value Name: ClearPageFileAtShutdown
Value Type: REG_DWORD
Value: 1

This change will not take effect until you restart the computer.

For additional information about Session Manager memory management settings, click the Microsoft Knowledge Base article number below:

Q102985 REG: CurrentControlSet Entries PART 2: SessionManager

[ Article: Q182086 ]

«262» Description of Enhanced Chkdsk, Autochk, and Chkntfs Tools

The Chkdsk.exe, Autochk.exe, and Chkntfs.exe tools are enhanced in Windows 2000 to allow administrators more precise control over when a file system check is performed on a volume. Note that a volume is defined as: "a partition containing a file system that can be addressed using a drive letter/volume mount point or a Globally Unique Identifier (GUID)".

Autochk.exe in Windows 2000 distinguishes between a volume check that has been manually scheduled and one that is automatically scheduled because the file system found the volume to be in a "dirty" state, and then write an appropriate message in the application event log.

For more information on these tools, see KB Article: Q218461

«263» An Explanation Of CHKDSK and the New /C and /I Switches

Chkdsk.exe is the command-line interface for a program that verifies the logical integrity of a file system on Windows.  When CHKDSK encounters logical inconsistencies it takes actions to repair file system data, provided it is not in read-only mode.

In Windows NT version 4.0 Service Pack 4 (SP4) and Windows 2000, two new switches have been added to Chkdsk.exe. These switches enable users to better manage downtime incurred by running CHKDSK or AUTOCHK.

The switches that are added are /C and /I, and are only valid when the target drive has the NTFS format. Each switch directs the CHKDSK routine to bypass certain actions it would otherwise take to validate the integrity of NTFS data structures. For more information see KB Article: Q187941.

«264» How To Disable A Service That Prevents Booting

If a Service or device driver is started automatically and is incompatible with the current version of Windows, the Service or device driver may not allow Windows to remain running long enough for you to shut down the Service or disable the outdated device driver.

To resolve this issue, start Recovery Console and log on to the computer using the following steps:

1. Start your computer with the Windows boot disks, or with the Windows CD-ROM if your computer supports booting from the CD-ROM drive.
2. When the Welcome to Setup dialog box is displayed, press R to repair, and then press C to start Recovery Console.
3. Choose to install Windows and log on to your computer with the Administrator account.
4. From the %SystemRoot%\System32 folder at the Command prompt, type listsvc, and then press ENTER.
5. Locate the Service or driver that is causing the problem in the list that is provided.

NOTE: Selecting the wrong Service or device could cause further problems.

6. Type disable servicename (where servicename is the name of the Service), and then press ENTER.

NOTE: The disable command prints the old "start_type" of the Service before resetting it to SERVICE_DISABLED. You should record the old start_type, in case you need to re-enable the Service.

7. Type exit, and the computer restarts automatically. Allow the computer to boot normally.

For additional information about installing or using the Recover Console, click on the Item numbers listed below:

Item 56 Recovery Console Tips for System Admins
Item 198 Description of the Windows 2000 Recovery Console
Item 199 How to Install the Windows Recovery Console
Item 200 Description of the SET Command in Recovery Console

«265» The Disk Manager Diagnostics (Dmdiag.exe) Command-Line Tool

The MS Knowledge Base Article Q295406 describes the Disk Manager Diagnostics tool (Dmdiag.exe) that is located in the Support\Tools\Support.cab folder on the Windows CD-ROM or in the Windows Resource Kit.

Dmdiag.exe is a command-line tool that generates computer state and configuration information that describes disk storage.  When you use Dmdiag.exe, the following information is displayed:

» Computer name and operating system version
» Physical disk to disk type
» Mount points
» LDM file versions
» Drive letter usage, GetLogicalDrives(), GetDriveType()
» Device
» Symbolic links
» LDM Size
» Kernel list
» Disk partition information

To learn how to install the Windows 2000 Support Tools go to:

Item 177 Install the Windows 2000 Support Tools

«266» The Windows File Protection Feature

Earlier versions of the Windows operating system do not prevent shared system files from being overwritten by program installations. After these changes are made, the user often experiences unpredictable performance results, ranging from program errors to an unstable operating system. This problem affects several types of files, most commonly dynamic link libraries files (.dll) and program files (.exe).

Windows 2000 includes a new feature called Windows File Protection (WFP) that prevents the replacement of certain monitored system files. By replacing certain monitored system files, file version mismatches can be avoided. The WFP feature uses the file signatures and catalog files that are generated by code signing to verify if protected system files are the correct Microsoft versions. The WFP feature does not generate signatures of any type.

How the WFP Feature Works

The WFP feature provides protection for system files using two mechanisms. The first mechanism runs in the background. The WFP feature is implemented when it is notified that a file that is in a protected folder is modified. After this notification is received, the WFP feature determines which file was changed. If the file is protected, the WFP feature looks up the file signature in a catalog file to determine if the new file is the correct Microsoft version. If it is not, the file is replaced from the Dllcache folder (if it is in the Dllcache folder) or from the distribution media. By default, the WFP feature displays the following dialog box to an Administrator, where file_name is the name of the file:

A file replacement was attempted on the protected system file file_name . To maintain system stability, the file has been restored to the correct Microsoft version. If problems occur with your application, please contact the application vendor for support.

The second protection mechanism that is provided by the WFP feature is the System File Checker (Sfc.exe) tool. At the end of GUI-mode Setup, the System File Checker tool scans all of the protected files to ensure that they are not modified by programs that were installed by using an unattended installation. The System File Checker tool also checks all of the catalog files that are used to track correct file versions.  If any of the catalog files are missing or damaged, the WFP feature renames the affected catalog file and retrieves a cached version of that file from the Dllcache folder. If a cached copy of the catalog file is not available in the Dllcache folder, the WFP feature requests the appropriate media to retrieve a new copy of the catalog file.

The System File Checker tool gives an administrator the ability to scan all of the protected files to verify their versions. The System File Checker tool also checks and repopulates the %SystemRoot%\System32\Dllcache folder. If the Dllcache folder becomes damaged or unusable, you can use either the sfc /scanonce or sfc /scanboot command at a Command prompt to repair the contents of the folder.

All of the .sys, .dll, .exe, .ttf, .fon, and .ocx files that are included on the Windows 2000 CD-ROM are protected; however, due to disk space considerations, maintaining cached versions of all of these files in the Dllcache folder is not desirable on all computers.

Depending on the size of the SFCQuota value in the

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Registry key (the default size is 0xFFFFFFFF, or 400 MB), the WFP feature stores verified file versions cached in the Dllcache folder on the hard disk.  The SFCQuota setting can be made as large or small as needed by the Administrator. Note that if you set the SFCQuota value to 0xFFFFFFFF, the WFP feature will cache all protected system files (approximately 2,700 files).

If a file change is detected by the WFP feature, the affected file is not in the Dllcache folder and the corresponding file that is in use by the operating system is the correct version, the WFP feature copies that version of the file to the Dllcache folder. If the affected file that is in use by the operating system is not the correct version or the file is not cached in the Dllcache folder, the WFP feature attempts to locate the installation media. If the installation media is not found, the WFP feature prompts an Administrator to insert the appropriate media to replace the file or the Dllcache file version.

The SFCDllCacheDir value ( REG_EXPAND_SZ ) in the

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Registry key specifies the location of the Dllcache folder. The default value data for the SFCDllCacheDir value is %SystemRoot%\System32. The SFCDllCacheDir value can be a local path.

By default, the SFCDllCacheDir value is not listed in the

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Registry key. To modify the cache location, you must add this value.

For additional information about the WFP feature,see the following Item: «267» Registry Settings for Windows File Protection
For additional information about the System File Checker tool, see Item 268 Description of the Windows 2000 System File Checker Tool.

«267» Registry Settings for Windows File Protection

All Registry settings for Windows File Protection and System File Checker are located in the following Registry key:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

By default, only users with Administrator or System rights can modify these settings.

Registry Values:

SFCDisable (REG_DWORD)

0 = enabled (default)
1 = disabled, prompt at boot to re-enable
2 = disabled at next boot only, no prompt to re-enable
4 = enabled, with popups disabled

Note: For options 1 and 2: Both of these options require a kernel debugger [see Microsoft Debugging Tools] to be hooked up for those options to become useable. If a kernel debugger is not hooked up, Windows File Protection is not disabled.

SFCScan (REG_DWORD)

0 = do not scan protected files at boot (default)
1 = scan protected files at every boot
2 = scan protected files once

SFCQuota (REG_DWORD)

n = size (in megabytes) of dllcache quota (default is 0xffffffff or approximately 300 MB)
FFFFFFFF = cache all protected system files on the local hard disk

SFCDllCacheDir (REG_EXPAND_SZ)

Path = local or network location of dllcache folder (default is %SystemRoot%\System32)

Note: Network shares for the dllcache directory are no longer supported.

SFCShowProgress (REG_DWORD)

0 = System File Checker progress meter is not displayed (default)
1 = System File Checker progress meter is displayed

NOTE: The Windows 2000 source files location information is stored in the following Registry location and can be modified to point to the drive letter of a volume that has an I386 flat folder of the installation files

HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\SourcePath:REG_SZ:<drive letter>:

and

HKLM\Software\Microsoft\Windows NT\CurrentVersion\SourcePath:REG_SZ:<drive letter>:

where drive letter is the appropriate drive letter.
For example:

If the I386 directory is at C:\I386, the SourcePath value would be C:\.
If the I386 directory is at E:\Directory\I386, the SourcePath value would be E:\Directory.

After you restart the computer, WFP and SFC /SCANNOW uses the new source path instead of prompting for the Windows 2000 installation CD-ROM.

«268» Description of the Windows System File Checker Tool

The System File Checker tool (Sfc.exe) is used with the Windows File Protection (WFP) feature.

The System File Checker tool gives an Administrator the ability to scan all of the protected files to verify their versions. The System File Checker tool also checks and repopulates the %SystemRoot%\System32\Dllcache folder. If the Dllcache folder becomes damaged or unusable, you can use either the sfc /scanonce or sfc /scanboot command to repair the contents of the folder.

System File Checker Tool Syntax:

¤ The /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions. This command requires access to the Windows installation source files.
¤ The /scanonce command scans all protected system files once. This command requires access to the Windows installation source files.
¤ The /scanboot command scans all protected system files every time that you start your computer. This command requires access to the Windows installation source files.
¤ The /cancel command cancels all pending scans of protected system files.
¤ The /enable command enables WFP for normal operation.
¤ The /purgecache command purges the file cache and scans all of the protected system files immediately. This command requires access to the Windows installation source files. This command is required after you run the /cachesize=x command.
¤ The /cachesize= x command sets the file cache size in megabytes (MB).  This command requires a reboot followed by a /purgecache command to adjust the size of the on-disk cache.
¤ The /quiet command replaces all incorrect file versions without prompting the user.

«269» Quickly Lock Your Desktop By Clicking a Shortcut On the Taskbar

You can create a shortcut on your taskbar that immediately locks your computer. When you click this shortcut, you achieve the same the result as you would if you were to press CTRL+ALT+DEL, and then click Lock Computer.

To create a shortcut on the taskbar:

1. Right-click the desktop, point to New, and then click Shortcut.
2. Type %windir%\system32\rundll32.exe user32.dll,lockworkstation in the Type the location of the item box, and then click Next.
3. Type lock computer in the Type a name for this shortcut box, and then click Finish.
4. Drag the new shortcut to the Quick Launch bar that is located next to the Start button.
NOTE: If the Quick Launch bar is not displayed, right-click an empty area on the taskbar, point to Toolbars, and then click Quick Launch.
5. If you right-click an empty area on the taskbar and you do not see the Toolbars option, click Lock the Taskbar.

«270» Description of Device Manager in Windows 2000

Device Manager provides you with a graphical view of the hardware that is installed in your computer. You can use it to change the way your hardware is configured, and the way your hardware interacts with your computer's microprocessor. You can use Device Manager to:

» Determine whether the hardware on your computer is working properly.
» Change hardware configuration settings.
» Identify the device drivers that are loaded for each device and obtain information about each device driver.
» Change advanced settings and properties for devices.
» Install updated device drivers.
» Disable, enable, and uninstall devices.
» Identify device conflicts and manually configure resource settings.
» Print a summary of the devices that are installed in your computer.

Most of the time, you use Device Manager to check the status of your hardware and update device drivers on your computer.  Advanced users that have a thorough understanding of computer hardware may also use Device Manager's diagnostic features to resolve device conflicts and change resource settings.

NOTE: Changing resource settings improperly can disable your hardware and cause your computer to malfunction or be inoperable. Resource settings should be changed only by users who have expert knowledge of computer hardware and hardware configurations.

NOTE: You must be logged on as an Administrator or as a member of the Administrators group to complete procedures by using Device Manager. If your computer is connected to a network, network policy settings may also prevent you from completing the procedures.

Ordinarily, you will not need to use Device Manager to change resource settings because resources are allocated automatically by Windows 2000 and Windows XP during hardware setup.

You can use Device Manager to manage devices only on a local computer. Device Manager only works in read-only mode when you are viewing a remote computer's devices.

For more detailed information about Device Manager tasks, see the following Microsoft web pages:

Configuring Devices.
Uninstalling Devices.
Hardware Profiles Overview.

«271» Configuring Page Files for Optimization and Recovery

By default, Windows places the pagefile on the boot partition where the operating system is installed. To determine the size of the pagefile multiply the amount of physical RAM by 1.5 to a maximum of 4095MB. However, placing the pagefile on the boot partition does not optimize performance because Windows has to perform disk I/O on both the system directory and the pagefile. Therefore, it is recommended that you place the pagefile on a different partition and different physical hard disk drive so that Windows can handle multiple I/O requests more quickly.

However, completely removing the pagefile from the boot partition does not allow Windows to create a crash dump file (Memory.dmp) should a kernel mode STOP error occur. Not having this crash dump file could lead to extended server downtime should the STOP require a debug to be performed.

The optimal solution is to create one pagefile on the boot partition using the default settings and create a second pagefile on another less frequently used partition. The best option is to create the second pagefile so that it is on its own partition, with no data or operating system-specific files.

Windows will use the pagefile on the less frequently used partition over the pagefile on the heavily used boot partition.  Windows uses an internal algorithm to determine which page file to use for virtual memory management. In the above scenario, the following goals of the page file would be served:

ø The system will be properly configured to capture a Memory.dmp file should the computer experience a kernel mode STOP error.
ø The pagefile on the less frequently used partition will be used the majority of the time because it is not on a busy partition.

Another advantage of using a pagefile on its own partition is that the pagefile is less likely to become fragmented. If the pagefile is on a partition with other data, the pagefile might experience fragmentation as it expands to satisfy the extra virtual memory required. A defragmented pagefile leads to faster virtual memory access and improves the

«272» Automating the Disk Cleanup Tool

This Item describes how to run the Disk Cleanup tool (Cleanmgr.exe) by using command-line switches.  Cleanmgr.exe is designed to clear unnecessary files from your computer's hard disk. You can configure Cleanmgr.exe with command-line switches to clean up the files you want. You can then schedule the task to run at a specific time by using the Scheduled Tasks tool.

You can start the Disk Cleanup tool by running Cleanmgr.exe, or by clicking: Start|Programs|Accessories|System Tools|Disk Cleanup. Disk Cleanup supports the following command-line switches:

» /d driveletter : - This switch selects the drive that you want Disk Cleanup to clean.

» /sageset: n - This switch displays the Disk Cleanup Settings dialog box and creates a Registry key to store the settings you select. The n value is stored in the Registry and allows you to specify different tasks for Disk Cleanup to run. The n value can be any integer value from 0 to 65535. To get all the available options when you are using the /sageset switch, you may need to specify the drive letter that contains the Windows installation.

» /sagerun: n - This switch runs the specified tasks that are assigned to the n value by using the \sageset switch. For example, in Scheduled Tasks, you could run the following command after running the cleanmgr /sageset:11 command:

cleanmgr /sagerun:11

This command runs Disk Cleanup with the options that were specified with the cleanmgr /sageset:11 command.

The available options for Disk Cleanup that you can specify by using the /sageset and /sagerun switches include:

« Temporary Setup Files - These files should no longer be needed. They were originally created by a Setup program that is no longer running.

« Downloaded Program Files - Downloaded program files are ActiveX controls and Java programs that are downloaded automatically from the Internet when you view certain pages. They are temporarily stored in the Downloaded Program Files folder on your hard disk. This option includes a View Files button that allows you to see the files that would be removed. The button opens the C:\Winnt\Downloaded Program Files folder.

« Temporary Internet Files - The Temporary Internet Files folder contains Web pages that are stored on your hard disk for quick viewing. Your personalized settings for Web pages are left intact. This option includes a View Files button that displays the files to be deleted.  The button opens the C:\Documents and Settings\ Username \Local Settings\Temporary Internet Files\Content.IE5 folder.

« Old Chkdsk Files - When Chkdsk checks your disk for errors, it might save lost file fragments as files in your disk's root folder. These files are unnecessary and can be removed.

« Recycle Bin - The Recycle Bin contains files you have deleted from your computer. These files are not permanently removed until you empty the Recycle Bin. This option includes a View Files button that opens the Recycle Bin.

« Temporary Files - Programs sometimes store temporary information in a Temp folder.  Before a program quits, it usually deletes this information. You can safely delete temporary files that have not been modified in over a week.

« Temporary Offline Files - Temporary offline files are local copies of recently used network files that are automatically cached for you so that you can use them when you are disconnected from the network. There is a View Files button that opens the Offline Files folder.

« Offline Files - Temporary files are local copies of network files that you specifically made available offline so that you can use them when you are disconnected from the network. There is a View Files button that opens the Offline Files folder.

« Compress Old Files - Windows can compress files that you have not used in a while. Compressing the files saves disk space while still enabling you to use them. No files are deleted. Because files are compressed at different rates, the displayed amount of disk space you will gain is approximate. There is an Options button that you can use to specify the number of days to wait before an unused file is compressed.

« Catalog Files for the Content Indexer - The Indexing service speeds up and improves file searches by maintaining an index of the files on the disk.  These files are left over from a previous indexing operation and can be deleted safely.

If you select the drive that contains the Windows installation, all of these options are available on the Disk Cleanup tab. If you select any other drive, only the Recycle Bin and Catalog files for content index options are available on the Disk Cleanup tab.

The More Options tab contains options for cleaning up Windows components or installed programs. You can use the Windows Components option to create free space by removing optional Windows components that you do not use. Clicking the Clean Up button for this option starts the Windows Components Wizard. You can use the Installed Programs option to free more disk space by removing programs that you do not use. Clicking this Clean Up button starts the Change or Remove Programs option in the Add/Remove Programs tool.

«273» Reading Small Memory Dump Files Created By Windows

One of the options for generating dump files in Windows is the Small Memory Dump (64 KB) option. You can read small memory dump files by using Dumpchk.exe.  Information obtained from the dump file can provide a basic starting point for troubleshooting the cause of the problem.

The debugging tools are supplied with the Windows Customer Support and Diagnostics Tools CD-ROM. The support CD-ROM is included with Windows 2000 Server, Windows 2000 Advanced Server, and Windows 2000 Datacenter Server. You can also find a downloadable version of the tools and symbols at the following Microsoft Web site: Windows 2000 Customer Support Diagnostics

The Microsoft Windows 2000 Customer Support Diagnostics package consists of important tools and data for diagnosing your Windows 2000 system. The complete Diagnostics package is made up of two components: symbols and debugging tools.

For additional information about the dump file options in Windows, click the article number below to view the article in the Microsoft Knowledge Base: Q254649 Windows 2000 Memory Dump Options Overview

Because of the limited information contained in a small memory dump file, the actual binary files must be loaded along with the symbols for the dump file to be properly read.

NOTE: The examples and information below assume that Windows is installed in the Winnt folder on drive C:, the CD-ROM drive is drive D:, and the computer that generated the dump file is the computer that will be used to read the dump file.

1. Install the Windows symbols from the Windows Customer Support and Diagnostics Tools CD-ROM or from the Customer Support Diagnostics Packages obtained from the MS Customer Support Web site.

A. Click Install Symbols from the menu on the right.
B. In the Install Symbols section, click the appropriate type of symbols to install. Typically, this is the Retail Symbols selection.
C. Click Install Retail Symbols. The File Download window appears.
D. Click Run this program from the current location, and then click OK.
E. Click Yes if you are prompted with the Security Warning dialog box.
F. Click Yes in the License dialog box.
G. Click OK in the Microsoft Windows Symbols dialog box. Ensure that the path is the correct path to your installation. The default is C:\Winnt\Symbols.
H. Click Yes to create the folder. You see the File Copy Progress dialog box.
I. Click OK in the Installation is complete dialog box.

NOTE: Symbolsx.exe is the installation program for the Windows symbols. It is located in the D:\Symbols\I386\Retail folder for retail symbols or the D:\Symbols\I386\Debug folder for the debug version of Windows 2000.

2. Install the debugging tools:

A. Click Install debugging tools on the menu on the right.
B. In the Install debugging tools section, click Install Debugging Tools . The File Download window appears.
C. Click Run this program from the current location, and then click OK.
D. Click Yes if you receive the Security Warning dialog box.
E. Click Yes in the License dialog box.
F. Click OK in the Microsoft Debugging Tools Install Directory dialog box.  Typically, the path is C:\Debuggers.
G. Click Yes to create the folder. The File Copy Progress dialog box appears.

After the debugging tools have been installed, a new menu item is added. This item is available by clicking Start, pointing to Programs, and then clicking Debugging Tools.

3. Read the small memory dump file:

A. Small memory dump files are stored by default in the %SystemRoot%\MiniDump folder. Each dump file has a unique name that uses the date and a sequence number. The most recent dump file is the one with the latest date.
At a command prompt, change to the folder that contains the the debugger tools.
B. Change to the Bin folder.
C. Type the following command:

dumpchk -e c:\winnt\minidump\mini xxxxx - yy .dmp

You can redirect the screen output to a log file by adding > minidump.log to the end of the command line.

NOTE: By default, the Dumpchk.exe tool looks for symbols in the %SystemRoot%\Symbols folder and uses the %SystemRoot%\System32 folder for the binaries.

For additional information about Dumpchk.exe or the other tools provided for debugging, refer to the Debugging Help by clicking: Start|Programs|Debugging Tools|Debugging Help.

«274» Rescan the SCSI Bus For New Devices

You can use the Rescan sample program, which is freely available through this article (Q308669), to enumerate all available SCSI adapters on the system and initiate bus rescan. This will find new devices that have been added to the bus since the previous bus scan.

The sample also obtains a handle to the device to send IOCTL commands to get the adapter properties. The sample also demonstrates enumeration of child devices through two different techniques. The first technique gets the inquiry data for each SCSI adapter, and the second technique uses the CM_ xxx APIs.

The sample file (Rescan1.exe) contains the following files:

File (and) Description
Rescan - Implements the Win32 application to enumerate devices
Rescan.h - Header file for rescan.c
Sources - DDK build instructions
Makefile - Standard Windows 2000 makefile
Rescan.txt - The documentation for these samples (this article)
Rescan.exe - Windows 2000 executable program (free build)

«275» DevCon Command Line Utility Alternative to Device Manager

The DevCon utility is a command line utility that acts as an alternative to Device Manager. It allows you to enable, disable, restart, update, remove, and query individual devices or groups of devices. DevCon provides information that is relevant to the developer and is not available in Device Manager.

DevCon is designed for use on Windows 2000 and Windows XP. It will not work on Microsoft Windows 95, Windows 98, or Windows Millennium Edition.

DevCon is not redistributable. It is provided for use as a debugging and development tool. You can freely modify DevCon for private use. The sample demonstrates how to use the SetupAPI and CfgMgr32 APIs together effectively to enumerate devices and perform device operations.

This utility file is freely available for download from the Microsoft Download Center, as described in MS Knowledge Base Article Q311272.

| | |

~ Includes previous work and rights from Ted Quantrill's Tip Quarry ~

Copyright © 2000-2008 treewalkdns.com All rights are reserved