A. In NT Workstation, User Manager/Policies/User Rights... assigns the privileges (e.g. the Shutdown or Log On Locally privilege) for the local machine. However, in NT Server the User Rights you assign with User Manager for Domains affect the Domain Controller(s). To modify privileges for the local machine, first choose Select Domain... from the User menu, and type in the name of the computer at the Domain prompt (you cannot browse the domain).
Q. I can't FTP to my server, although the FTP service is running?
A. Have you unchecked the "Allow only anonymous connections" option, but still receive a "530 User xyz cannot log in. Login failed." message? To log on to the FTP server with your domain account, it is not sufficient to specify your name at the User prompt. The FTP service checks local accounts only, even if the computer is participating in a domain. Use domainname\username instead, e.g. if the domain name was savilltech and the user was john, enter savilltech\john as the username.
Q. How do I validate my NT Logon against a UNIX account?
A. There is software to do this available at
http://www.cis.ksu.edu/~mikhail/Passwd
http://www.arch.usyd.edu.au/~doug/gina.html
http://www.dcs.qmw.ac.uk/~williams
Q. Can I synchronize the time of a NT Workstation with a NT Server?
A. Yes, enter the command
NET TIME \\<name of the server to set time to> /SET /YES
Please note that users will require "Change System Time" user right, via User Manager\User rights. There is a utility on the resource kit called TimeServ which runs the time synchronization as a service and works even when there are no logged on users.
Also see Q. How do I configure a user so it can change the system time?
Q. How can I send a message to all users?
A. Ensure the "Messenger" service is started (Control Panel - Services
- Messenger - Auto). To send a message type:
c:> net send <machine name> "<message>"
Or instead of a machine name type * to broadcast to all stations
There are also various GUI utilities, and one of the best is NT Hail at http://www.geocities.com/SiliconValley/Bay/1999/NT_Hail.html
Q. How do I change a Workstations Name?
A. Follow the steps below
Logon to the NT server and in Server Manager add the new computer name (Computer
- Add to Domain)
On the Workstation from Control Panel double click Network (or right click on
Network Neighborhood and select properties)
Click Change and type the new computer name
Press OK and accept reboot
The machine should then reboot with the new name
On the NT server you should now delete the OLD computer name (select and press
DEL)
Q. How do I stop the default admin shares from being created?
A. This can be done through the registry.
Start the registry editor
Move to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
If you are using Workstation create a value (Edit - Add Value) called AutoShareWks
(AutoShareServer for server) of type DWORD and press OK. It will ask for a value,
type the number 0.
Close the registry editor
Reboot
This can also be done using the policy editor. Start the policy editor (poledit.exe),
load the default computer profile, and expand the Windows NT Network tree, then
Sharing and set "Create hidden drive shares" to blank for server/workstation.
There are a few other options though. The first is to use NTFS and set protections
on the files so people may be able to connect to the share, but they will not
be able to see anything. The second is to delete the shares each time you logon,
this can be done through explorer, but it would be better to have a command
file run each time with the lines
net share c$ /delete
and for all the other shares, however these shares are there for a reason so
your machine can be administered by the servers, so if you delete them system
managers may have something to say about it!
Q. How do I disconnect all network drives?
A. Use net use * /del /yes
Q. How do I hide a machine from Network Browsers?
A. Using the registry editor set the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters and set value Hidden from 0 to 1. You should then reboot. You can also type
net config server /hidden:yes
You can still connect to the computer, but it is not displayed on the browser.
Q. How do I remote Boot NT?
A. NT does not support remote boot. It is possible to reboot a machine from another computer using the Shutdown Manager that comes with the NT resource kit.
You could also reboot by using the shutdown.exe resource kit utility and specify another machine name.
C:\>shutdown \\<machine name> /l /r /y /c
Software such as PC Anywhere can also remotely reboot machines.
Q. How can I get a list of users currently logged on?
A. Use the net sessions command, however this will only work if you are an Administrator. You can also use control panel and choose server.
Q. How do I configure NT to be a gateway to an ISP?
A. Firstly the hardware required would be a network and a modem. The network card would be so the other clients in the network can communicate with the "to be" gateway, and the modem to connect to the gateway. Dial-up networking is not covered here, and you should first be confident with dial-up networking before attempting this.
Start the registry editor (regedit.exe) and add a value of type DWORD called
DisableOtherSrcPackets in the HKey_Local_Machine\System\CurrentControlSet\Services\RasArp\Parameters
area, and set to a value of 0. This is so packets that are sent through the
NT gateway, the original IP address stored in each packet is retained, i.e.
of machine a is sending a packet through b, then the packet retains the IP address
of a, rather then be automatically changed to b. Also change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter
to a value of 1.
On the gateway machine ensure TCP/IP is installed with a static IP address,
and a correct subnet address (usually 255.0.0.0 for a class a, 255.255.0.0 for
class b, and 255.255.255.0 for class c). Make sure the default gateway address
is blank.
Install Dial Up networking and configure for NT to dial out only. You will have
to reboot
Add a phonebook entry for your ISP as you would as normal, however uncheck the
"Use default gateway".
Enable the PC to be able to forward IP packets, by starting control panel, double
click Network and choose the protocols tab. Select TCP/IP and then routing.
Check the Enable IP Forwarding. You will need to reboot
If when you connect to your ISP you are given an IP address, you will need to
connect to your ISP, and then find out which IP address you are given. To get
the address type
IPCONFIG
Look for a Wan adapter and write down the IP address. If you know your IP address
before you connect you can forget this step.
Add a route for the IP address used when connecting to the ISP (the one identified
in step 6)
route add 0.0.0.0 mask 0.0.0.0 <ip address> metric 2
Configure all clients gateway as the network card IP address of the NT gateway.
This would enable the machines to send out IP packets to the internet, however
the packets would have no way of finding there way back, as the ISP would not
know to route them through the gateway, so you ISP will have to either a) have
host entries for each of the machines or b) point to the gateway as another
DNS.
Other things to check are as follows:
Make sure your ISP routes packets to you otherwise you will be able to send
packets out but the replies will never be get to you
Make sure your local IP networks (each machine can ping each other) and that
all PC's have a valid internet address. If you do not have internet addresses
for each PC that have been assigned from InterNic then you will need something
like Proxy Server instead.
Have a look at http://support.microsoft.com/support/kb/articles/q121/8/77.asp
for more information.
Q. How do I install the FTP server service?
A. In prior version of NT, the FTP server service was installed as part of TCP/IP, however as of NT 4.0, it became part of IIS/PWS, so it needs to be installed manually. Before you install the FTP server, TCP/IP must be installed.
In Control Panel, double-click Network.
Click Services, click Add, and then click Microsoft Peer Web Services if you
are using NT Workstation or click Microsoft Internet Information Server 2.0
if you are using NT Server.
Click OK, and then type the path for the Windows NT source files. For example,
if you are using the Windows NT CD-ROM in drive E, type the following line:
E:\i386
Click OK to start the Microsoft Peer Web Services Setup or Internet Information
Server.
The FTP Service is selected by default, but you should clear the check boxes
for options you do not want to install.
Q. How do I get a list of all connections to my PC?
A. Use the command netstat -a
Q. Is it possible to create non-NT PPTP connections to an NT Server?
A. Yes. A third party product called TunnelBuilder by Network TeleSystems lets you create encrypted tunnels over the Internet using PPTP. The TunnelBuilder client talks to a PPTP server, available with NT Server 4.0. TunnelBuilder can be used with any ISP -- the ISP isn't even aware that encrypted tunnels are being built across their network. TunnelBuilder is available for Windows 95, WFW 3.11, 3.1, and Mac OS computers. More information on the product can be found at http://www.nts.com/.
Q. How can I get the Ethernet address of my Network card?
A. Type ipconfig /all from a command box.
Q. How can I configure the preferred Master Browser?
A. On the NT server you want to be the preferred master browser change the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster to True
Q. Is it possible to protect against Telnet attacks?
A. There was a recent well-known problem that a telnet client could connect to an NT machine on port 135, type 10 characters and it would hang NT. There is no simple way to protect NT from a certain port attack. It is possible to configure NT to only accept incoming packets from a set of configured ports, however you have to name the ports you want to accept input from:
From Control Panel, Double click on Network
Click the Protocols tab
Select TCP/IP and click Properties
Click Advanced (bottom right)
Check the "Enable Security" and click configure
For TCP select "Permit Only" and enable only the ports you want to
work (e.g. Web Browser is 80, FTP 21)
Exit
Reboot NT
To protect against the port 135 attack, install the RPC hotfix for Service Pack
2.
Service Pack 3 and some its Hotfixes are also highly desirable, and address a number of Internet attack methods.
Q. What Telnet Servers/Daemons are available for Windows NT?
A. A Telnet Server on NT allows connection to an NT machine using a Telnet client from any hardware platform. Products are available from:
http://www.ataman.com/
http://www.georgiasoftworks.com/
http://www.hummingbird.com/realindex.html
http://www.pragmasys.com/
http://www.seattlelab.com/
There is a beta version of a Telnet Server on the resource kit, and an updated
oemsetup.inf is available from ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/telnetd/oemsetup.inf
which fixes an installation problem.
Q. How do I install MSN under NT?
A. The new MSN 2.0 only runs under Windows 95, however a version for NT 4.0 is being developed. In the mean time it is possible to use MSN to connect to the Internet, however you cannot read Mail
Phone Microsoft and request for a manual Internet PPP access to be setup.
Assuming RAS is already installed, select Add New phonebook entry
Type in a name for the phone book entry, e.g. "MSN connection"
Clear the "I know about phone book entries" and click Next
Check "I am calling the Internet" and click Next
Click Finish
Select your new "MSN" and click Edit from More
Click the Server tab, and select TCP/IP, Enable PPP LCP, and clear NetBEUI and
IPX
Click the TCP/IP settings box and check "Server assigned IP addresses"
and "Use default gateway"
Click OK and exit back to the main dial screen
Select MSN and click Dial
When prompted for username/password enter
Username : MSN/<user name>
Password : <MSN password>
Domain : <blank>
Q. What FireWall products are available for NT?
A. Below are a selection of FireWall systems for NT:
FireWall/Plus from http://www.network-1.com/
Interware from http://www.consensys.com/
KyberPASS from http://www.kyberpass.com/
Open Sesame from http://www.csm-usa.com/sesame.htm
SessionWall from http://www.abirnet.com/
Firewall-1 from http://www.checkpoint.com/
Guardian from http://www.ntguard.com/
AltaVista FireWall from http://altavista.software.digital.com/firewall/index.htm
Microsoft Proxy Server 2.0 from http://www.microsoft.com/proxy/default.asp
Q. How do I install the Remoteboot Service?
A. Before installing the Remoteboot service you must have both the NetBEUI and DLC protocols installed. The remoteboot service will only run on NT server.
Start Control Panel (Start - Settings - Control Panel)
Double click the Network icon
Click on the services tab and click Add
Select "Remoteboot Service"
Check the path where Remoteboot will be installed (by default %systemroot%\RPL)
Click OK and complete the installation
After installation has completed start Remoteboot Manager
Click "Fix Security" from the Configuration menu, which will create
the RPLUSER local group and assign the permissions to the RPL directory.
Q. How many connections can NT have?
A. NT workstation can have up to 10 concurrent connections, with one exception, Peer Web Services which allows unlimited concurrent connections.
Q. How can I secure a server that will be a Web Server on the Internet?
A. Below are points to be aware of
Disable the creation of Admin shares (see How do I stop the default admin shares
from being created?)
Use NTFS and remove Everyone access except for the directories that are part
of the web documents, and for those directories only have Read access
It is possible to disable TCP ports on NT, and you could restrict the NT server
to only accept packets on port 80 (web browser). This is discussed in "Is
it possible to protect against Telnet attacks?"
If the server is part of your internal intranet use a firewall
Q. How can I stop a user logging on more than once?
A. There is no way in NT to stop a user logging on more than once, however it is possible to restrict a workstation so that only a certain user can login, and with this method each user would be tied to one workstation and thus could only logon once.
Logon to the Workstation as the Domain Administrator
Start User Manager (Start - Administrative Tools - User Manager)
Double click the Users group and select the Domain\Everyone and click remove
Next click add and select the specific domain user and click Add
Close User Manager
Logoff and only that specific user will be able to logon (be careful that Administrators
still include Domain\Administrators or you will not be able to logon)
This solution is far from ideal, and it may be plausible to write a login script
that checked if a user was currently logged on and if so, logoff straight away
(using the logout command line tool).
Q. How can I get information about my domain account?
A. From the command prompt type
net user <username> /domain
And all your user information will be displayed including last logon time, password change etc.
Q. A machine is shown as Inactive in Server manager when it is not.
A. Sometimes Server Manager fails to see a machine has become active, you can
attempt to force it to see the machine by typing
net use \\<machine name>\IPC$
If this fails it may be the machine has been configured to be invisible to the
network.
Q. How do I automatically FTP using NT?
A. I use a basic script to update my main site and the mirrors using two batch files. The first consists of a few lines:
d:
cd \savilltechhomepage
ftp -i -s:d:\savmanagement\goftp.bat
The -i suppresses the prompt when performing a multiple put, and the -s defines an input file for the FTP like:
open ftp.savilltech.com - the name of the FTP server
johnny - username
secret - password
cd /www - remotely move to a base directory
lcd download - locally change directory
cd download - remotely move to a sub directory of the current directory
binary - set mode to binary
put faqcomp.zip - send a file
cd .. - move down a directory remotely
lcd .. - move down a directory locally
cd ntfaq
lcd ntfaq
mput *.html - send multiple files (this is why we needed -i)
close - close the connection
Q. How can I change the time period used for displaying the password expiration message?
A. Follow Instructions below:
Start the Registry editor (regedit.exe)
Goto the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
From the Edit Menu, click New - DWord
Type the name PasswordExpiryWarning and press enter
Double click on the new value you have created and set to the number of days
prior to the expiration you want the message to appear.
Q. How can I modify share permissions from the command line?
A. The Windows NT resource kit ships with a utility called RMTSHARE.EXE that is used to modify permissions on shares, the syntax to grant access to a share is as follows
rmtshare \\<server name>\<share> /grant <username>:<permission>,
e.g.
rmtshare \\bugsbunny\movies /grant savillj:f
Valid permissions are f for full, r for read, c for change and n for none. To revoke access to a share type
rmtshare \\<server name>\<share> /grant <username>, e.g.
rmtshare \\bugsbunny\movies /grant savillj
This would remove savillj's access to the share. To view share permissions enter:
rmtshare \\<server name>\<share> /users, e.g.
rmtshare \\bugsbunny\movies /grant
RMTSHARE.EXE also allows the creation and deletion of shares. Type rmtshare /? for help.
Q. How can I change the protocol binding order?
A. Network bindings are links that enable communication between the network adapter(s), protocols and services. If you have multiple protocols installed on a machine you can configure NT to try a certain protocol first for communication:
Log on to the machine as a member of the Administrators group
Start the Network control panel applet (Start - settings - control panel - network,
or right click Network Neighborhood and select properties)
Click the bindings tab
Select "all services" from the drop down list of bindings
Select the service you wish to change the binding order for by clicking its
plus sign (usually you should change the workstation service as this is used
for connecting to resources etc.)
A list of all the protocols installed will be shown, and can be ordered by selecting
the protocol and clicking "move up" or "move down".
Click OK when finished, and you will have to reboot for the changes to take
effect.
Q. What criteria are used to decide which machine will be the Master Browser?
A. There are 5 roles a machine can have
Master Browser - This machine maintains the list of resources on the network
and listens for announcements from other machines to add to the browse list.
Preferred Master Browser - A machine can be designated as the preferred master
browser and when this machine starts it will force a browser election and will
win unless one of the other machines is the PDC or also has the preferred master
browser flag set.
Backup Browser - This type receives a copy of the browse list from the master
browser, if it cannot find the Master Browser it will force an election.
Potential Browser - This does not receive a copy of the browse list, but can
be promoted to a backup browser by the master browser, or actually become the
master browser as the result of an election.
Non-Browser - A non-browser does not maintain a browse list.
When an election takes place, a number or criteria are used. Firstly the browser
type
Preferred master
Master
Backup browser
Potential browser
If two machines have the same role then the operating system is used
Windows NT Server that is the PDC
Windows NT Server that is a BDC
Windows NT Server
Windows NT Workstation
Windows 95
Windows for Workgroups
If there is still a tie, the Windows NT version is used
4.0
3.51
3.5
3.1
To set a machine as a certain type of browser perform the following
Start the registry editor (regedit.exe)
Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters
Double click on MaintainServerList
Set to
No - for the computer to be a non-browser
Yes - the computer will be a master or backup browser
Auto - will be a master, backup or potential depending on the number of browser
currently in action
Click OK
Close the registry editor and reboot
Q. How can I get a list of MAC to IP addresses on the network?
A. An easy way to get a list of MAC to IP addresses on the local subnet is to ping every host on the subnet and then check you ARP cache, however pinging every individual node would take ages and the entries only stay in the ARP cache for 2 minutes. An alternative is to ping the broadcast mask of your subnet which will ping every host on the local subnet (you can't ping the entire network as you only communicate directly with nodes on the same subnet, all other requests are via the gateway so you would just get a ARP entry for the gateway).
What is the broadcast mask? The broadcast mask is easy to calculate if the subnet mask is in the format 255.255.255.0 or 255.255.0.0 etc. (multiples of 8 bits). For example if the IP address was 134.189.23.42 and the subnet mask was 255.255.0.0 the broadcast mask would be 134.189.255.255, where 255 is in the subnet mask the number from the IP address is copied over, where 0 it is replaced with 255, basically the network id part is kept. If the subnet mask is not the basic 255.255 format, you should use the following, all you need is the IP address and the subnet mask
For each bit set to 1 in the subnet mask, copy the corresponding but from the
IP address to the broadcast mask
For each bit set to 0 in the subnet mask, copy a 1 into the corresponding bit
of the broadcast mask
for example, IP address 158.234.24.98 and subnet mask 255.255.248.0
Network
Host
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0
1 0 0 1 1 1 1 0 1 1 1 0 1 0 1 0 0 0 0 1 1 0 0 0 0 1 1 0 0 0 1 0
1 0 0 1 1 1 1 0 1 1 1 0 1 0 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1
Byte 1
Byte 2
Byte 3
Byte 4
The first row is the subnet mask 255.255.248.0, the second row the IP address 158.234.24.98 and the third row is the broadcast mask, 158.234.31.255.
To get the MAC to IP addresses, you would therefore perform the following
ping <broadcast mask>
arp -a
Voila, a list of IP addresses and their MAC address (you can add > filename to get the list to a file, e.g. arp -a > iptomac.lst). You could repeat this exercise on the various subnets of your organization.
Q. How can I control the list of connections shown when mapping a network drive?
A. When you map a network drive (Explorer - Tools - Map network drive), if you click the down arrow on the path, a list of previous connections will be shown. These are stored on the registry and can be edited
Start the registry editor (regedit.exe)
Move to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent
Connections
You will notice in the left pane is a number of string values called a,b,c etc.
For the connections you do not want shown, click on the entry and then either
press the Del key and say yes to the confirmation or select delete from the
edit menu.
Once you have deleted entries you need to update which ones explorer will show
by double clicking on order and remove the letters of the entries you deleted
Click OK
Close the registry editor
Q. How do I grant users access to a network printer?
A. The same way as files have security information, so do printers, and you need to set which users can perform actions on each network printer
Logon as an Administrator
Double click "My Computer" and then select printers
Right click on the printer whose permissions you wish to change and select properties
Click the security tag and select permissions
You can now add users/groups and grant them the appropriate privilege
Click OK when finished
Q. How can I create a share on another machine over the network?
A. From a Windows NT Server machine a share can be created by opening Server Manager, highlight the target system, select Computer, Shared Directories, and click on New Share.
The Windows NT Resource kit comes with a utility called RMTSHARE.EXE and this can be used to create shares on other machines providing you have sufficient privilege. The basic syntax is as follows
rmtshare \\<computer name>\"<share name to be created>"="<path>"
/remark="<share description>"
e.g. rmtshare \\savillmain\miscfiles=d:\files\misc /remark="General files"
You only need to use double quotes around the share to be created and the path if there are spaces in the share/file name, e.g. if the share was to be called misc files instead of miscfiles it would have to be in quotes, e.g.
rmtshare \\savillmain\"misc files"="d:\my files\misc" /remark="With space share"
Q. I get errors accessing a Windows NT FTP Server from a non Internet Explorer browser.
A. If you run the Microsoft FTP Server Service then you may find problems accessing an area other than the root from a non Internet Explorer browser. This is because most other FTP Servers use the UNIX type naming conventions and that is what browsers such as Netscape expect, however the Microsoft FTP service outputs using dos naming conventions. This can be resolved by forcing the FTP server service to use Unix conventions rather than dos
Start the registry editor (regedit.exe)
Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ftpsvc\Parameters
If the value MsdosDirOutput exists double click on it and set it to 0, click
OK
If it does not exist from the Edit menu select New - DWord value and enter the
name MsdosDirOutput and click OK, then perform step 3
You will need to stop and start the FTP server service for this change to take
effect (Start - Settings - Control Panel - Services - FTP Service - stop - start)
Q. How can I view which machines are acting as browse masters?
A. There are 2 utilities shipped with the NT resource kit (one GUI, on command line) which can be used to view current browse master status.
BROWMON.EXE - Select from the Diagnostics Resource Kit menu. The master browser will then be displayed for each domain. Double clicking on a machine will then list the other machines that are browsers and a subsequent double click on these machines will tell their status, e.g. backup browser.
BROWSTAT.EXE - Start a command session. There are a number of commands that
can be used, however to get a general view enter the command
browstat status <domain name>
Browsing is active on domain.
Master browser name is: PDC
Master browser is running build 1381
2 backup servers retrieved from master PDC
\\PDC
\\WORKSTATION
As can be seen the master browser name is shown, as are backup servers.
Q. Is there any way to improve the performance of my modem internet connection?
A. By default, NT will use a Maximum Transmission Unit (MTU) (packet size) over the path to a remote host of 576. Problems can arise if the data is sent over routes etc that cannot handle data of this size and the packets get fragmented.
The parameter EnablePMTUDiscovery set to 1 forces NT to discover the maximum MTU of all connections that are not on the local subnet. To change this perform the following:
Start the registry editor (regedit.exe)
Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
From the Edit menu select New-DWord value
Enter a name of EnablePMTUDiscovery and press enter
Double click on this new value and set to 1 then click OK
Close the registry editor and reboot the machine.
By discovering the Path MTU and limiting TCP segments to this size, TCP can
eliminate fragmentation at routers along the path that connect networks with
different MTUs. Fragmentation adversely affects TCP throughput and network congestion.
Q. How can I remotely tell who is logged on at a machine?
A. The easiest way to do this is to use the NBTSTAT command. There are two ways to use this command depending on if you know the machines name or just its IP address. If you know the machines name enter the command
nbtstat -a <machine name>
e.g. nbtstat -a pdc
The output will be of the format:
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
PDC <00> UNIQUE Registered
PDC <20> UNIQUE Registered
SAVILLTECH <00> GROUP Registered
SAVILLTECH <1C> GROUP Registered
SAVILLTECH <1B> UNIQUE Registered
SAVILLTECH <1E> GROUP Registered
PDC <03> UNIQUE Registered
SAVILLJ <03> UNIQUE Registered
SAVILLTECH <1D> UNIQUE Registered
INet~Services <1C> GROUP Registered
..__MSBROWSE__.<01> GROUP Registered
IS~PDC.........<00> UNIQUE Registered
MAC Address = 00-A0-24-B8-11-F3
The user name is the <03>.
If you only know the IP address use the command
nbtstat -A <IP address>
e.g. nbtstat -A 10.23.23.12
The output is the same and notice we just use a capital A instead of a lowercase a.
Q. How do I remove a NT computer from a domain?
A. The first way would be to logon to the machine you wish to remove from the domain and start the Network Control Panel Applet (Start - Settings - Control Panel - Network or just right click on Network Neighborhood and select properties). Select the Identification tab and click Change. Just enter a different domain or workgroup, you will receive a notice welcoming you to the new domain/workgroup. The problem with this is the machine can still rejoin the domain as its account has not been removed from the domain.
To actually remove the computer account from the domain perform the following:
Logon to the PDC as an Administrator
Start Server Manager (Start - Programs - Administrative Tools - Server Manager)
Select the machine you wish to remove and click Delete (or select "Remove
from Domain" from the Computer menu)
Click Yes to the confirmation
Alternatively you can remove a computer from the command line using the Resource
Kit utility NETDOM
netdom /Domain:<domain> MEMBER <machine name> /delete
e.g. netdom /Domain:savilltech MEMBER kevinpc /delete
You can use this command from any machine workstation or server as long as you are logged on as an administrator. When you enter the command it will find the PDC and delete, the output is as follows:
Searching PDC for domain SAVILLTECH ...
Found PDC \\PDC
Member \\KEVINPC successfully deleted.
Q. How can I shutdown a number of machines without going to each machine?
A. I have a number of machines setup in my Lab and at the end of an entertaining evening of computing I don't want to have to goto each machine and shut them down so I wrote a small batch file that uses the shutdown.exe resource kit utility. Just enter the following into a file with a .bat extension:
rem Batch file to shutdown local machine and the PDC, BDC
shutdown \\pdc /t:2 /y /c this shuts down a machine called PDC in 2 seconds,
repeat with other machine names
shutdown \\bdc /t:2 /y /c this shuts down a machine called BDC in 2 seconds
shutdown /l /y /c /t:5 this line shuts down the local machine in 5 seconds
You can then just right click the file in explorer and drag onto the desktop, release and select "Create shortcut". Clicking this icon will then shutdown all the machines in the file.
Q. How can I close all network sessions/connections?
A. The command below will close all network sessions
net session /delete
Q. How can I connect to a server using different user accounts?
A. It is possible to specify a user account to use when connecting to a share using the /user switch, e.g.
C:\> net use k: \\server\share /user:domain\user
If you then attempt to connect to the server again with a different username an error will be given. A workaround is to connect to the server using its IP address rather than its NetBIOS name, e.g.
C:\> net use l: \\<ip address>\share /user:domain\user
Q. How do I set the comment for my machine that is displayed in Network Neighborhood?
A. There are 3 ways to set this, from the command line, edit the registry or via the GUI.
The easiest way is via the Server control panel applet
Start the server control panel applet (Start - Settings - Control Panel - Server)
Enter the new description of the machine in the Description field
Click OK
An alternative method is from the command prompt using the "net config"
command.
C:\> net config server /srvcomment:"machine comment"
Note that even if you are performing this on a workstation machine you still use "net config server" as this is a configuration on the server service of the machine.
Both of the methods shown update a single registry value so this can also be edited directly.
Start the registry editor (regedit.exe)
Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Double click on srvcomment
In the "Value data" box enter the new description and click OK
Close the registry editor
You can remotely change the comment of other machines by using the NT Server
utility "Server Manager". Double click on a machine and you will then
be presented with the same dialog box as with the Server control panel applet.
This has the advantage of allowing the Administrator to set a common description
format.
Q. How can I define multiple NetBIOS names for a machine?
A. This would be useful if, for instance, you wanted to migrate a number of shares to a different machine and rather than having to switch all clients to the new machine instantly you could define the new machine to also answer to the old machines NetBIOS name and then slowly migrate the machines. To define extra names for a machine perform the following:
Start the registry editor (regedt32.exe)
Move to HKEY_Local_Machine\System\CurrentControlSet\Services\LanmanServer\Parameters
From the Edit menu select "Add Value"
Set the type to REG_SZ is you want one extra name or REG_MULTI_SZ if you want
more than one and enter a name of OptionalNames. Click OK
You will then be prompted for a value. Enter the other name (or names if type
REG_MULTI_SZ, one on each line) you want it to be known as and click OK.
Close the registry editor
Reboot the machine
Q. How can I manage my NT domain over the net?
A. Microsoft have released "Web Administrator 2.0 for Microsoft Windows NT Server" which allows you to use to manager the following via the web
Account Management
Ras Management
Share Management
Session Management
Server Management
Printer Management
The additional software required has to be installed on a server (though it
does not have to be a domain controller) with
Service Pack 3 or later (it does not currently work with the beta versions
of Service Pack 4)
Internet Information Server 4.0
Internet Information Server 4.0 is available as part of Option Pack 4 which
can be obtained from http://www.microsoft.com/windows/downloads/contents/updates/nt40ptpk/default.asp
or as part of MSDN. Option Pack 4 has its own requirement that Internet Explorer
4.0 be installed.
Once all the software is installed you can download the Web Admin tools from
http://www.microsoft.com/windows/downloads/bin/NTSwebadmin20_x86.exe for i386
http://www.microsoft.com/windows/downloads/bin/NTSwebadmin20_axp.exe for Alpha
To begin the installation just execute the required executable and the installation
wizard will begin.
Once the installation is complete you will be able to administer your domain by connecting to http://<the server name>/ntadmin/default.asp. For example if I had installed the software on titanic in the savilltech.com I would connect to http://titanic.savilltech.com/ntadmin/default.asp.
You will need Internet Explorer 4.0 or above to use the site and once connected you can perform a number of options. Below is an example of viewing/changing users.
Q. How can I remotely manage services?
A. The Windows NT Resource kit has two utilities, SC.EXE and NETSVC.EXE, which allow remote services to be managed. The resource kit has help on both on these but we will only look at NETSVC.EXE.
To view the services on a remote machine use
C:\> netsvc /query \\<server name> /list
To see the current state of a service use
C:\> netsvc <service name> \\<server> /query
You can then modify the state of the service using the /start, /stop, /pause and /continue switches, e.g.
C:\> netsvc <service name> \\<server> /stop