Win2K Services There are usually many Windows services started that are not needed for a home user. Telling Windows not to load some of these can speed your machine up considerably. The list below describes some. It's recommended that you set them to "manual" and not "disabled". A manual setting will usually still allow the service to start if the system requires it. When playing with the services, it's usually a good idea to change just one, then reboot, check the functionality of the machine (test it and play around etc) before changing anything else. Going ahead and changing the startup of 10 different services then finding out your machine isn't working properly is no fun to fix! Remember that each PC is different and some situations will require these services and some will not! Use discretion when playing around with them and make sure you have backups, as (like playing with the registry) a wrong move can render your machine unusable! This is not a comprehensive list of Windows services either, as different setup options add different functionality. The suggestions below are aimed at home users who are not part of a domain or workgroup environment. Once you have a stopped unwanted services and you are happy that your machine is functioning correctly, you can check the Services applet in control panel again. Look for any services that you set to manual that have started by themselves -- this usually means that Windows has determined it needs that to start. Changing these services back to Automatic is a good idea. Alerter This feature notifies selected users and computers of administrative alerts. A home user can set this to Manual. Computer Browser This maintains a list of computers on your network for things like My Network Places & such. A home user can set this to Manual. Distributed Link Tracking Client This sends notifications of files moving between NTFS volumes in a network domain. A home user can set this to Manual. Distributed Transaction Coordinator This coordinates transactions that are distributed across two or more databases, message queues, file systems, or other transaction-protected resource managers. A home user can set this to Manual. DHCP Client If you're not using DHCP from a server then set this to manual. DNS client A home user can usually set this to manual, as it's used for when you use a DNS server on your network (i.e., not the Internet or dial up connections). If you have name resolution problems afterwards, put this one back to Automatic. Event Log You might think that this is a prime candidate for turning off for a home user, however for some reason, disabling Event Log can cause Dial Up Networking to not function. So for dial up Internet users, especially, it's best to leave this one on Automatic. Fax Service If you have no intention of using the Modems Fax capabilities, you should set this to Manual. FTP Publishing Service Unless you want an FTP server, set this to manual. IIS Admin Service If you don't use the WWW service or FTP, set this to manual. Indexing Service This feature indexes contents of files on computers. A home user can set this to Manual. Internet Connection Sharing If you are sharing an Internet connection on a small home network, then set this to Automatic. If not, set this to Manual. IPSEC Policy Agent This manages IP security. A home user can set this to Manual. Messenger This sends and receives messages transmitted by administrators or by the Alerter service. A home user can set this to Manual. Net Logon Net Logon supports pass-through authentication of account logon events for computers in a domain. If you are a home user that does not need to log onto a domain, you can set this to manual. However if you do need to logon to a domain, you need to keep this on Automatic. Otherwise, it can cause you to wind up not being able to log on properly. NT LM Security Support Provider This provides security to Remote Procedure Call programs that use transports other than named pipes. A home user can set this to Manual. Performance Logs & Alerts This configures performance logs and alerts. A home user can set this to Manual. Print Spooler If you don't have a printer installed (network or local), you can set this to Manual. Remember to change it back to Automatic if you ever do install a printer. Protected Storage The Protected Storage Service is a service which is related to Internet Explorer. Its best to leave this set to Automatic, as setting it to Manual can cause a delay at startup of 1 to 2 minutes. It also has the odd side effect of causing property pages in the Services tab not to appear. QoS RSVP This feature provides network signaling and local traffic control setup functionality for QoS-aware programs & control applets. A home user can set this to Manual. Remote Registry Service Allows remote registry manipulation. You should set this to Disable. RIP Listener This is a routing-service, set to manual unless you use your machine as a router. Routing & Remote Access This offers routing services to businesses in local area and wide area network environments. A home user can set this to Manual. RunAs Service This enables starting processes under alternate user IDs. A home user can set this to Manual. Security Accounts Manager This stores security information for local user accounts. Unless you have changed some security policies via the Local Security Policy editor, you can set this to Manual. Server Service This Provides RPC support and file, printer and name pipe sharing. You can set this to manual, unless you are running IIS or using offline files (or similar features), which is not that likely for a home desktop user. Smart Card and Smart Card Helper A home user can set these to Manual. SNMP Service Probably set to manual. TCP/IP NetBIOS Helper Service This service enables NetBIOS name resolution. A home user can set this to Manual. Simple Mail Transport Protocol This is a mail server, probably set to manual. Simple TCP/IP Services Probably set to manual. Telnet A home user can Disable it altogether. Workstation Service This service provides network connections and communications. You should be able to set this to Manual unless you use Alerter or Messenger, in which case set this to Automatic. Otherwise. you should be able to safely set this to Manual instead. WMDM PMSP Service This service is apparently part of Media Player, however, setting it to Manual does not seem to have any ill effects. I suggest it's set to manual. If you have any problems with Media Player, set it back to Automatic. WWW Publishing Service If you don't need a web server then set to manual and use a batch file to start and stop as necessary. =================================================================================================================================================== NT Boot Loader When removing Windows 2000 from a dual boot system with Windows 95/98, one of the most important steps is removing NT Boot Loader. NT Boot Loader is special program that allow you to boot to multiple operating systems. Microsoft included it in Windows NT to allow users to dual boot Windows NT with DOS, Windows 95/98 and OS/2. Even if not supported, it also works with Linux. So when you start your computer NT Boot Loader displays you all available operating systems and lets you choose one. Now, let see how this works. When you start your computer it goes trough POST (Power On Self Test). Then the BIOS read the first sector on you primary master hard drive. This sector is called MBR (Master Boot Record) and contains four tables that describe up to four primary partitions. When BIOS transfers the control to MBR, it first scans all tables to find active partition. Operating systems can start only form active partition and only one partition can be flagged as active at one time. When MBR finds active partition it transfers control to its first sector called Partition Boot Sector. The boot sector of Windows 2000 contains small portion of code that understands the partitions file system. This is not the whole driver for file system, but just small code that understands the structure of underlying file system and that can read NTLDR file. Boot sector then calls NTLDR. NTLDR then switches the system to Protected Mode and enables Paging. Now, NTLDR reads BOOT.INI file and display NT loader menu, from where user can select the operating system to boot. If user selects to boot to Windows 95/98, NTLDR opens bootsect.dos, which contain previous boot sector that runs Windows 95/98. Boot Files Windows 2000 places some important files on its system partition. This partition is active partition from where operating system is being loaded. As you have read before, Windows 2000 needs two files to run the system – NTLDR, BOOT.INI and bootsect.dos. Apart from these files, another two files are located on the system partition. These files are ntdetect.com and sometimes ntbootdd.sys. Ntdetect.com collect system information during the boot, and ntbootdd.sys contains SCSI driver. ------------------------------------------------------------------------------- DMA/UDMA and Win2000 Odds are that if you were using the DMA setting successfully for your HD's in Win98 it set up properly in Win2000. However, the CD drive is now, more then likely, in the PIO mode. To check if your drives are in the DMA mode do this: Right click on My Computer Select Manage Device Manager IDE ATA/ATAPI Controller Primary IDE Channel Advance Setting Tab It will show the current transfer mode. If it is not correct try Auto Detect. Reboot and check it again. If it still isn't correct for your drives try selecting DMA mode and then rebooting. Take a look also at the Secondary IDE Channel. Normally this would be where you have your CD drives connected. If they show PIO try changing them to DMA. (The DMA mode will not make the CD drives run any faster but will greatly reduce the CPU load from around 90% to about 10% or lower which will allow other programs running at the same time to run faster.) Note: If you have a VIA chipset and award bios, try changing the udma mode in the bios for the primary and secondary ide controllers to disabled. Then check and see if the drives are now in the DMA mode. ------------------------------------------------------------------------------- CD Drives and Digital Audio New feature in Win2000 for CD drives. You can enable digital audio playback. Now you no longer need a cable going to your sound card. Go into device manager and in the properties for the CD drive go to the properties tab. Mark the box "Enable digital audio. Now you can playback CDs from your CD Writer or CD ROM. ------------------------------------------------------------------------------- Windows Memory Manager quirk: (Don't make your swap file too small or it could cause a performance hit.) One of the little known "quirks" of the Windows Memory Manager is that it starts to swap way before it needs to. For example: System A has 256mb with a 512mb swap file. System B has 256mb with a 1gb swap file. System A will start swapping WAY before System B. ------------------------------------------------------------------------------- Immediate Queries with Indexing Service By default, Indexing Service only indexes when applications and peripherals are not in use. If you type or move the mouse, indexing ceases for a couple of minutes. Also, if there are changes on the disk, Indexing Service won't index them for up to five minutes. This can be frustrating if you want to immediately query for files you just changed. To update as soon as possible: In the Indexing Service MMC, right click Indexing Service, and then click Stop the service. Right click Indexing Service, and then select All Tasks/Tune Performance. Click the Customize radio button, and then click the Customize button. Click and drag Indexing over to Instant. Press OK twice. Right click Indexing Service, and then click Start. Now your changed files will be indexed in a few seconds or less. ------------------------------------------------------------------------------- Turn Diskpref Off: By default, Win2k is set to collect physical drive data. As home users we don't need this. To disable the disk performance counters: Start Programs Command Prompt diskperf -n reboot If you ever want to return to default: diskperf -yd ------------------------------------------------------------------------------- Win2000 Verifier: There is a program called verifier included with all versions of Win2K. Just do a start run - type verifier and away you go. Basically it allows you to monitor and stress test all drivers on the system to determine which are misbehaving! ------------------------------------------------------------------------------- Handy shortcuts Task Manager: Right click on the desktop, select new-->shortcut and enter "taskmgr.exe". Computer Management: We know that you can go to the CMC by right clicking on "My Computer"--->Manage. But we are lazy and this will save one mouse click. Plus it is nice to have the shortcut on the Task Bar where it always visible.) Right click on the desktop, select new-->shortcut and enter "compmgmt.msc". For those who find themselves frequently swapping and replacing their computer’s internal hardware, creating an easy desktop shortcut to Device Manager saves several steps over the route through Control Panel. To create a shortcut to Device Manager: Right-click anywhere in your desktop. Point to New, and then click Shortcut. In the Create Shortcut wizard, type c:\winnt\system32\mmc.exe c:\winnt\system32\devmgmt.msc in the location of the item box (c:\winnt is the default system directory). Click Next. Enter a name for the shortcut, and then click Finish. You can also use this procedure to create a desktop shortcut to Computer Management, a utility that includes Device Manager as well as Event Viewer, System Information, Performance Logs and Alerts, and other useful management tools. To do this, just replace devmgmt.msc with compmgmt.msc. System Properties For instant access, press the Windows key + Break. Device Manager %windir%\System32\mmc.exe %systemroot%\system32\devmgmt.msc Desktop For instant access to the desktop (as well as minimizing all opened applications), press the Windows key + D. ------------------------------------------------------------------------------- Folder Shortcuts Folder shortcuts are a new feature of the Windows 2000 shell, allowing you to make any folder on the user's machine act as if it were another folder. Unlike traditional shortcuts, Folder shortcuts integrate the target into the shell namespace, allowing you to present a direct hierarchy. For example, if you drag and drop an icon for a folder or disk drive to your Start menu, Windows 2000 creates a shortcut that cascades to expose the contents of the target of the shortcut. To create a folder shortcut: Drag and drop a folder or disk drive icon onto your Start menu. Click the Start menu, then point to the folder or drive that you just moved. The target of the folder or drive shortcut has been grafted into the shell namespace. This reduces user confusion, because the Up button actually goes back up to the folder that contained the folder shortcut. Note: If you open an Explorer window on the Start menu, you will see that the tree view expands through the folder shortcut. Using Folder Shortcuts on a Network One useful way of exploiting a folder shortcut is to install it onto your Start menu, targeting a network share under the control of a system administrator. The administrator could then update the files on that share, and the changes are automatically reflected on the Start menu. If you combine this feature with the ability to customize the icon and ToolTip for subfolders, you can deploy a customized, centrally controlled Start menu to all your users. ------------------------------------------------------------------------------- How to get Quake II and SOF running again with the Detonator 2 drivers. (This is tested with a Viper 550 TNT and a Viper 770 TNT2. Not sure about other card.) Go to HKEY_LOCAL_MACHINE /Software /Microsoft /WindowsNT /CurrentVersion /OpenGLDrivers delete the entire sub-key RIVATNT. (This key will currently have in it four values: Dll, DriverVersion, Flags and Version). 2. For HKEY_LOCAL_MACHINE /Software /Microsoft /WindowsNT /CurrentVersion /OpenGLDrivers, create a new string value RIVATNT and set it to "nvoglnt" (without the quotes). Note: It may already be there. ------------------------------------------------------------------------------- Networking a Win9x/ME machine to a Win2K machine. Networking with file and printer sharing works fine accessing the 9x machine from the Win2K machine, however the other way around the Win2K machine requests a password which is unknown to the user (for the resource IPC$). Getting an IPC$ password request when networking to a Win2K machine? This is W2K's way of asking 'are you allowed in here'; are you a member...? - a bit like the doorman/bouncer at an exclusive club... IPC$ = InterProcessControl... You have to create a user account on the W2K machine and then log onto the WinME/9x machine with that userid and password. (If you did a default install with Win98, it probably has your whole name as the userid.) 1) On the 9x/ME machine do start/logoff - now see that username? Make that user account on the W2000 system by following steps 2-5. 2) On the Win2K machine, right click on 'my computer' - than go to 'manage' - after that go to 'Local Users and groups' and then 'users'. Then right click in window and select 'New user'. 3) In user name window type the name of computer that you would like to acess your shared folders, but use the login name of the WinME/9x machine. Enter the password used on the winME/9x machine (if any) here also. 4) Unselect - user must change password at next logon 5) Select - password never expires .. 6) Log back in on the winME/9x machine with the username and password you've set up on the Win2K machine. I hope that helps some of the less experienced users like me out there :-) (You can enable the Guest account on the W2k machine but that causes some security problems.) -------------------------------------------------------------------------------- Recovery Console The Recovery Console is a command-line option that allows you to repair a system that won't start or load Windows 2000. Just about the only thing that will prevent you from loading Windows 2000 will be a bad hard disk or defective memory modules. You have three options for invoking the Recovery Console: booting from the Windows 2000 Setup Disk 1, booting from the Windows 2000 CD, or selecting the Recovery Console option from the list of available startup options. Installing the Recovery Console as a startup option is easier than you think. Begin by inserting the Windows 2000 CD in your CD-ROM drive. Next you'll need to open a Command Prompt window, from Start/Programs/Accessories and type: "d:\i386\winnt32.exe /cmdcons". Be sure to replace d: with the letter you have selected for the CD-ROM drive in your system. Then, just follow the prompts. After a few minutes, the installation process will be complete. The Recovery Console will be available the next time you reboot your system, it will show as an option in the boot menu. Even though you have the Recovery Console as a bootable option, you'll still be able to access it from the CD-ROM drive just in case the hard disk has problems booting. For a system with a bootable CD-ROM drive that won't start using the hard disk, you can boot using the Windows 2000 CD and insert the Windows 2000 Install floppy disks as requested. Select the option to repair your Windows 2000 installation, then select the Recovery Console option when it becomes available. With the Windows 2000 Recovery Console you can obtain limited access to NTFS, FAT, and FAT32 volumes without starting the Windows graphical interface. In the Recovery Console you can: Use, copy, rename or replace operating system files and folders. Enable or disable services or devices from starting when you next start your computer. Repair the file system boot sector or the Master Boot Record (MBR). Create and format partitions on drives. Note that only an administrator can obtain access to the Recovery Console so unauthorised users cannot use any NTFS volume. The following commands are available with the Recovery Console: ATTRIB The ATTRIB command with any of the following parameters can change attributes of a file or folder: -R +R -S +S -H +H + Sets an attribute. - Resets an attribute. R Read-Only file attribute. S System file attribute. H Hidden file attribute. NOTE: At least one attribute must be set or cleared. To View attributes use the DIR command. CD and CHDIR The CD and CHDIR commands change the folder. CD .. specifies that you want to change to the parent folder. Type CD drive: to display the current folder in the specified drive. Type CD without parameters to display the current drive and folder. The CHDIR command treats spaces as delimiters. Because of this, you must enclose a subfolder name that contains a space with quotation marks. For example: CD "\winnt\profiles\username\programs\start menu" The CHDIR command only operates within the system folders of the current installation of Windows 2000, removable media, the root folder of any hard disk partition, or the local installation sources. CHKDSK CHKDSK drive /P /R Checks, and if needed, repairs or recovers a drive. Also marks bad sectors and recovers readable information. drive specifies the drive to check. The /P switch instructs CHKDSK to do an exhaustive check of the drive even if the drive is not marked with problems and corrects any errors found. The /R switch locates bad sectors and recovers readable information. Note that specifying the /R switch implies the /P switch. CHKDSK may be specified without arguments, in which case the current drive is implied with no switches. Optionally, the listed switches are accepted. The CHKDSK command requires the Autochk.exe file. CHKDSK automatically locates this file in the bootup folder. This would typically be the Cmdcons folder if the Command Console was pre-installed. If it cannot be found in the bootup folder, CHKDSK tries to locate the Windows 2000 CD-ROM installation media. If the installation media cannot be found, CHKDSK prompts you to provide the location of the Autochk.exe file. CLS Clears the screen. COPY COPY sourcedestination Copies a file. source: Specifies the file to be copied. Wildcards or folder copies are not permitted. A compressed file from the Windows 2000 CD-ROM is automatically decompressed as it is copied. destination: Specifies the folder or file name for the new file. If this is not specified, it defaults to the current folder. If the file already exists, you are prompted to overwrite it. DEL and DELETE DEL drive: pathfilename DELETE drive: pathfilename Deletes a file drive: pathfilename specifies the file to delete. The DELETE command only operates within the system folders of the current Windows 2000 installation, removable media, the root folder of any hard disk partition, or the local installation sources. The DELETE command does not accept wild card (*) characters. DIR DIR drive: pathfilename Displays a list of files and subfolders in a folder. drive: pathfilename: Specifies drive, folder, and/or files to list. The DIR command lists all files including hidden and system files. Files may have the following attributes: D - Directory R - Read-only file H - Hidden file A - Files ready for archiving S - System file C - Compressed E - Encrypted P - Reparse Point The DIR command only operates within the system folders of the current Windows 2000 installation, removable media, the root folder of any hard disk partition, or the local installation sources. DISABLE DISABLE servicename The DISABLE command disables a Windows 2000 system service or driver. servicename: The name of the service or driver to be disabled. Use the LISTSVC command to display all eligible services or drivers to disable. DISABLE prints the old start_type of the service before resetting it to SERVICE_DISABLED. Because of this, you should record the old start_type, in case it is necessary to re-enable the service. The start_type values that the DISABLE command displays: SERVICE_DISABLED SERVICE_BOOT_START SERVICE_SYSTEM_START SERVICE_AUTO_START SERVICE_DEMAND_START DISKPART DISKPART /add /delete device_name drive_name partition_name size Use the DISKPART command to manage the partitions on your hard disk volumes. /add: Create a new partition. /delete: Delete an existing partition. device_name: Device name for creating a new partition. The name can be obtained from the output of the MAP command. For example: \Device\HardDisk0 drive_name: This is a drive-letter based name for deleting an existing partition. Example D: partition_name: This is a partition-based name for deleting an existing partition and can be used in place of the drive name argument. Example: \Device\HardDisk0\Partition1 size: Size of the new partition in megabytes. NOTE: If no arguments are used, a user interface for managing your partitions appears. WARNING: This command can damage your partition table if the disk has been upgraded to a dynamic disk configuration. Do not modify the structure of dynamic disks unless you are using the Disk Management tool. ENABLE ENABLE servicenamestart_type You can use the ENABLE command to enable a Windows 2000 system service or driver. servicename: The name of the service or driver to be enabled. Use the LISTSVC command to display all eligible services or drivers to enable. The ENABLE command prints the old start_type of the service before resetting it to the new value. You should note the old value, in case it is necessary to restore the start_type of the service. start_type: Valid start_type values are: SERVICE_BOOT_START SERVICE_SYSTEM_START SERVICE_AUTO_START SERVICE_DEMAND_START NOTE: If you do not specify a new start_type, ENABLE prints the old start_type for you. EXIT You can use the EXIT command to quit the Command Console and restart your computer. EXTRACT EXTRACT sourcedestination Extracts a file from the driver .cab file on the installation media, and then copies it to the destination. source: Specifies the name of the file to be extracted. destination: Specifies the folder or file name of the new file. If not specified, this defaults to the current folder. NOTE: This command only works when your computer has been started from the Installation Media CD-ROM. FIXBOOT FIXBOOT drive name: Writes new Windows 2000 boot sector code on the boot partition. This fixes problems where the Windows 2000 boot sector is corrupted. The Emergency Repair process also fixes the boot sector. drive name: Drive letter where the boot sector will be written. This overrides the default of writing to the system boot partition. The FIXBOOT command is only supported on the x86 platform. FIXMBR FIXMBR device name Repairs the master boot record (MBR) of the system partition. This is used in scenarios where a virus has damaged the MBR and Windows 2000 cannot start. WARNING: This command has the potential to damage your partition tables if a virus is present or a hardware problem exists. This command may lead to inaccessible partitions. Microsoft suggests running anti-virus software before using this command. device name: Optional device name that specifies the device that needs a new MBR. The name can be obtained from the output of the MAP command. If this is left blank, the boot device's MBR is fixed. For example: FIXMBR \device\harddisk2 If FIXMBR detects an invalid or non-standard partition table signature, it prompts you for permission before rewriting the MBR. The FIXMBR command is only supported on the x86 platform. FORMAT FORMAT drive:/Q/FS:file-system Formats the specified drive to the specified file system. drive:: Drive letter of the partition to format. /Q: Performs a quick format of the drive. /FS:file-system: Specifies the type of file system to use, FAT, FAT32, or NTFS. If none is specified, then the existing file system format is used, when available. LISTSVC The LISTSVC command lists all available services, drivers and their start types for the current Windows 2000 installation. This may be useful when using the DISABLE and ENABLE commands. NOTE: These are extracted from the %systemroot%\System32\config\SYSTEM hive. Should the SYSTEM hive become damaged or missing, unpredictable results may occur. LOGON The LOGON command lists all detected installations of Windows 2000 and Windows NT, and then requests the local administrator password for the copy of Windows you chose to log on to. If more than three attempts to logon do not succeed, the console quits and your computer restarts. MAP MAP arc The MAP command lists drive letters, file system types, partition sizes and mappings to physical devices. arc: The arc parameter tells MAP to use ARC paths instead of Windows Device paths. MD and MKDIR The MD or MKDIR commands make folders. Wildcard characters are not supported. The MKDIR command only operates within the system folders of the current installation of Windows 2000, removable media, the root folder of any hard disk partition, or the local installation sources. MORE MORE filename The MORE command displays a text file to the screen. RD and RMDIR The RD and RMDIR commands delete a folder. The RMDIR and RD commands only operate within the system folders of the current Windows 2000 installation, removable media, the root folder of any hard disk partition, or the local installation sources. REN and RENAME The REN and RENAME commands can rename a file. Note that you cannot specify a new drive or path for your destination file. The REN and RENAME commands only operate within the system folders of the current Windows 2000 installation, removable media, the root folder of any hard disk partition, or the local installation sources. SET The SET command allows you to display or modify four environment options. AllowWildCards = FALSE AllowAllPaths = FALSE AllowRemovableMedia = FALSE NoCopyPrompt = FALSE SYSTEMROOT The SYSTEMROOT command sets the current working folder to the %SystemRoot% folder of the Windows 2000 installation you are currently logged into. TYPE TYPE filename The TYPE command displays a text file. ------------------------------------------------------------------------------- Opening a Command Prompt from Windows Explorer With previous versions of Microsoft Windows NT, to open a command prompt, the Cmd.exe command was always associated with Windows Explorer folders. The old technique was to go to the Windows NT Explorer Options/File Types and associate the File Folder item with Cmd.exe. With Windows 2000, you can use the Registry to activate this feature. To enable the command prompt feature: Create a new text file and call it "command.reg" (select any appropriate name for the .reg file). Right-click the file and select Edit. Copy and paste the following code into the file. Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\Directory\shell\Command] @="Command &Prompt" [HKEY_CLASSES_ROOT\Directory\shell\Command\command] @="cmd.exe \\\"%1\\\"" Save and close the file. To merge the file into the registry, right-click the file and select Merge. When prompted to confirm your intended actions, click Yes. When informed that your actions were successful, click OK. To confirm your actions: Right-click on a folder. Confirm that an item labelled Command displays. Select that item which will open a command prompt in that particular directory. ------------------------------------------------------------------------------- Use File and Directory Name Completion in Command Prompt If you frequently navigate through the directory structure and file lists using the command prompt, you can speed your navigation by enabling File and Directory Name Completion. File and Directory Name Completion is invoked when you type either of the two control characters (CTRL+D for directory names, CTRL+F for file names) at the command prompt. To enable File and Directory Name Completion for a single command-prompt session: Click Start and then click Run. In the Open: box, type cmd /f:on, then click OK. To enable File and Directory Name Completion for a command prompt session that is launched from a shortcut: Click Start, point to Programs, point to Accessories, then right-click Command Prompt. Select Properties. Under the Shortcut tab in the Target: box, type %SystemRoot%\system32\cmd.exe /f:on. Click OK. Here are some examples of how to use File and Directory Name Completion in Windows 2000: Example Keystrokes/Procedure To view all of the directory names in the current path Type CD and then press CTRL+D. To view the files that begin with specific characters Type the first few characters of a command executable, then press CTRL+F. Note: If file completion is used on any of the built-in directory commands (CD, MD, or RD), directory completion is assumed. Move backward through the list Press and hold the SHIFT key, and then press CTRL. ------------------------------------------------------------------------------- Disable Admin Shares You can manually edit the registry. Edit the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lanmanserver\parameters. On NT Server add the following key AutoShareServer with the REG_DWORD value of 0. On NT Workstation add the following key AutoShareWks with the REG_DWORD value of 0. -------------------------------------------------------------------------------- Disable 8.3 MFT-fragmentation You can download the registry patch above or manually edit the registry. Edit the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem and set the following value NtfsDisable8dot3NameCreation=1 ------------------------------------------------------------------------------- Disable Paging Executive To manually edit the registry. Modify HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management and set the following value DisablePagingExecutive=1 ------------------------------------------------------------------------------- How to Enable Auto-Complete Feature In The Command Prompt Log on as Administrator, Click Start, and then click Run, Type Regedit and OK, Double click HKEY_LOCAL_MACHINE, Double click SOFTWARE, Double click Microsoft, Double click Command Processor, In the right pane of Regedit, double click the 'CompletionChar' DWORD value, Type 9 click OK, Close Regedit, Click start/programs/accessories/command prompt, Type 'cd d' and hit the Tab key: the first folder that matches the 'd' letter is displayed (you can switch from folders pushing several times the Tab key). ------------------------------------------------------------------------------- How to repair a basic RAID-5 volume (stripe set with parity) Open Disk Management. Right-click the RAID-5 volume you want to repair, and then click Repair Volume. The RAID-5 volume's status should change to Regenerating, then Healthy. If the volume does not return to the Healthy status, right-click the volume and then click Regenerate Parity. ------------------------------------------------------------------------------- Microsoft has included a new tool in Win2K Pro called the System File Checker. It's designed to check the files on your system for data corruption, improper versions, and missing files. If the System File Checker finds any questionable files, it will replace the file with a known good copy. Launch the System File Checker by running sfc.exe from a Win2K command prompt. You'll see several options; you'll probably want to choose the /SCANNOW option to immediately scan your system. Sfc.exe checks every protected file on your system (most .sys, .dll, .exe, .ttf, .fon, and .ocx files). If any of the protected files on your system are missing, corrupt, or an incorrect version, SFC retrieves a replacement from the cached copy in the folder %systemroot%\system32\dllcache, or from your Win2K Pro CD-ROM =================================================================================================================================================== System Recovery Console You can run the Recovery Console by booting your system with the Win2K setup disks or CD-ROM and following the instructions to run the Recovery Console, or you can pre- install the console on your system. Personally, I prefer to pre-install the Recovery Console so that I don't have to hunt for my Win2K CD-ROM in an emergency. To pre-install the recovery console, run the command \i386\winnt32.exe /cmdcons from your Win2K CD-ROM. This approach adds the Recovery Console to your boot.ini file and lists it as a startup option on your system. Note: If you're using software mirroring, you must break your mirror before trying this or the console won't install. What can you do with the Recovery Console? After you log on as the local Administrator for your machine, you can copy new files onto your system, disable services or drivers, repair the boot sector, or perform any number of other DOS-related tasks. Type HELP when you're in the Recovery Console to see a list of DOS-style commands that you can use. It's important to note, however, that the Recovery Console will let you access only the root folder, the %systemroot% folder and subfolders, the cmdcons folder, and any removable media such as CD-ROMs. You can't use the Recovery Console to access other areas on your systems--only the crucial areas necessary for system repairs. More info on the recovery console: You can boot Windows 2000 from either the installation disks or CD-ROM and run a Recovery Console that gives you limited access to the system, including - %systemroot% and its subfolders of the installation you actually log on to - the root folder - the CmdCons folder - removable media drives The Recovery Console lets you boot an otherwise unbootable installation. To get to the Recovery Console, perform the following steps 1. Boot from installation disks or CD-ROM. 2. At the Welcome screen, press F10. 3. Select Repair. 4. Select Console. If the SAM is intact, you need to log on to the system with an Administrator password. After the console is active, you can access a subset of the command prompt commands: ATTRIB, CD, CHDIR, CHKDSK, CLS, COPY, DEL, DELETE, DIR, DISABLE, DISKPART, ENABLE, EXIT, EXPAND, FIXBOOT, FIXMBR, FORMAT, HELP, LISTSVC, LOOGN, MAP, MD, MKDIR, MORE, RD, REN, RENAME, RMDIR, SYSTEMROOT, and TYPE. ------------------------------------------------------------------------------- Windows 2000 has a cool new TCP/IP utility in Win2K called PATHPING. PATHPING is a combination of two useful TCP/IP utilities, ping and trace route. Start the program by typing PATHPING at a command prompt, followed by a TCP/IP host name such as a Web site or an FTP server. PATHPING resolves the trace route information first. After PATHPING has counted (and identified) the hops between your system and the remote computer, it runs ping tests against each device in the trace route to find nodes that are dropping packets. For 25 seconds per hop, PATHPING will run 100 ping tests against each node in the trace route. The utility measures the amount of packet loss at each step along the trace route and reports the packet loss as a percentage in a table. Gathering this information takes a while because most trace routes have eight or more hops in them, but the information is invaluable if you're having connectivity problems to remote systems. You might find that one of the routers in the path between your system and the remote host is overloaded and dropping too many of your packets. PATHPING is an extremely useful troubleshooting tool. ------------------------------------------------------------------------------- Windows 2000 RunAs at a command prompt The RUNAS command lets you launch any command on your system as any user account--even as the Administrator. For example, if I want to run a command prompt on my laptop, but do it via the local Administrator account, I type the following command into the Start, Run prompt: runas /user:LAPTOP\Administrator cmd This launches the command prompt (cmd) under the context of the Administrator account for the local accounts database on the machine called LAPTOP. ------------------------------------------------------------------------------- PROVIDING A WIN2K TIME SERVICE If you install Win2K systems in an NT 4.0 domain, you quickly discover that the Win2K systems post repeated errors in the System event log when they can't find an official time source on the network. http://support.microsoft.com/support/kb/articles/q232/2/55.asp Win2K-NT 4.0 Time Synchronization. The timesrv.exe utility from the original Windows NT 4.0 Server Resource Kit doesn't support the Network Time Protocol (NTP) that Win2K systems need. After some exploration, Microsoft has released updates for w32time and timesrv, the tools you need to successfully set up an NT 4.0 system that operates as an official time server. However, the updates are hidden in a most unlikely spot: a folder called Y2kfix at Microsoft's FTP site. You can download the tools and documentation from ftp.microsoft.com/reskit/y2kfix/x86. Microsoft article Q258059 contains all the information you need to create an NT 4.0 NTP server. http://support.microsoft.com/support/kb/articles/q258/0/59.asp ------------------------------------------------------------------------------- One useful Win2K feature is its ability to update itself after you've applied a service pack. Unlike NT, when you update a system-level component after you've applied a service pack, Win2K remembers where you installed the service pack from and returns to that location to get any files it needs to replace or change based on the components you've added. If you need to free up space or you want all of your networked machines to point to the same files, follow these steps: 1. Open regedit. 2. Go to HKEY_LOCAL_MACHINE. 3. Open the value ServicePackSourcePath (on my system it defaults to C:). 4. Enter the path to the service pack files' location, which can be a drive or a network share. ------------------------------------------------------------------------------- The Windows 2000 Server Resource Kit contains several utilities you can use to manage NT 4.0 systems from a Win2K desktop. After installing the resource kit, you'll find a plethora of tools in the Network Management Tools folder. Although most of the tools run only from the command line and have unusually cryptic and poorly documented argument lists, the Win2K versions of User Manager for Domains and Server Manager have the same GUI that NT 4.0's native applets employ. If you prefer to add or modify Win2K or NT 4.0 user accounts from the command line, check out the Console User Manager utility (cusrmgr.exe). And while we're on the subject of user accounts, you might want to try the user status utility usrstat.exe, which displays the full name and last logon time for each user in a domain. If you maintain a large NT 4.0 account database, you should pipe this utility's output to a file. ------------------------------------------------------------------------------- GETTING STARTED WITH REMOTE INSTALLATION SERVICES One of Windows 2000 Server's cool new features--Remote Installation Services--simplifies your admin tasks and offers reduced TCO. Check out a great article here at techrepublic. (Will need to sign up for a free account.) ------------------------------------------------------------------------------- Using Junction Points for drive letters in Win2000 One advantage that Windows 2000 brings to end users is the removal of the 26 drive letter limitation. Under Windows NT, you could access resources under a fully qualified path name (i.e., \\resource\sharename) without having to map a drive letter to that resource if it was storage.If you wanted a persistently available resource, it was usually easiest to map remote storage to a drive letter. But you didn't have that option for local storage; it received a drive letter whether or not you liked it. And adding drives sometimes played with the default order of the drives, requiring care when installing new drives. Win2K adds a feature called NTFS Junction Points. A junction point is a physical location on a local hard disk that points to another location on that disk or another storage device. When you create a mounted drive, you create a junction point. A mounted drive is a device attached to an empty folder on an NTFS volume. It behaves the same as any other drive, but no drive letter is attached to the volume, just a label. You can mount an entire drive to a directory on another drive. When users access that directory, they have access to that entire drive, regardless of size. For example, you could have any number of drives physically installed on one system, but the users and applications might see only a single C drive letter. Win2K has four methods to deal with mounted drives and junction points. Two are contained within the OS, and two are in the Win2KProfessional Resource Kit. In this column, information below is only the two methods found in the base OS. The easiest way to create a mounted drive is to use the Disk Management portion of the Computer Management Console. When you add a drive or want to change existing drives, right-click the drive or partition and select Change Drive Letter and Paths.... From that dialog box, you can add, edit, or remove drive letters and mount points. To add a drive letter, select Add, Add New Drive Letter or Path. Select a drive letter from the drop-down menu of available letters. To select a new mount point, click "Mount in this NTFS folder" and type in the fully qualified path name to the empty folder you want to use as the mount point. The Browse button lets you look at the directory tree for the available volumes that support mount points and lets you select an existing folder or create a new empty folder to use as the junction point. This procedure lets you perform all disk and drive management activities from the same application. But of course, some of us want to do everything the hard way (i.e., from the command line), so Win2K lets us use the MOUNTVOL command. Entering mountvol without any parameters returns information similar to the following: Creates, deletes, or lists a volume mount point. MOUNTVOL [drive:]path VolumeName MOUNTVOL [drive:]path /D MOUNTVOL [drive:]path /L path Specifies the existing NTFS directory where the mount point will reside. VolumeName Specifies the volume name that is the target of the mount point. /D Removes the volume mount point from the specified directory /L Lists the mounted volume name for the specified directory. Possible values for VolumeName along with current mount points are: \\?\Volume{08a4ee15-86cd-11d4-a06e-806d6172696f}\ C:\ \\?\Volume{08a4ee16-86cd-11d4-a06e-806d6172696f}\ D:\ \\?\Volume{08a4ee17-86cd-11d4-a06e-806d6172696f}\ E:\ \\?\Volume{08a4ee14-86cd-11d4-a06e-806d6172696f}\ G:\ \\?\Volume{08a4ee13-86cd-11d4-a06e-806d6172696f}\ F:\ \\?\Volume{08a4ee12-86cd-11d4-a06e-806d6172696f}\ A:\ The command returns all possible values and current mount points for the local system, which means that your system won't return the same response as you see above. You'll also notice that the primary identification of the drive volumes provided is not the drive letter but the Global Unique ID (GUID), which identifies the drive even if you later change the drive letter. Of course, Win2K doesn't require that you use drive letters beyond the boot device. Also remember that you can cut and paste in the command windows, so you don't need to retype the GUID information. The ability to mount drives using junction points is very useful. Even if you don't need to use this functionality now, take a few minutes and play with your existing Win2K NTFS partitions to get a feel for how it works. ------------------------------------------------------------------------------- OPTIMIZING REMOTE INSTALLATION SERVICES Windows 2000 Remote Installation Services (RIS) enables you to pull down complete, customized computer installations from your network server. Trent Cook offers some pointers for fine-tuning RIS and then demonstrates the installation process. Notification If users dislike being continually notified of the status of network print jobs, you can disable the Printing Notification dialogs that are sent by the Spooler Service when a print job's been completed, deleted, or when there's an error. Note that this setting applies globally to all the printers on a particular print server. It isn't possible to set this option on a per-printer basis. This setting must be made on the server that's sending the pop-up in order to affect all clients. The only way to disable a pop-up on an individual client is to disable the Messenger Service on that client. Follow these steps to disable the Printing Notification dialog boxes: 1. Click Start | Settings | Printers. 2. Go to File | Server Properties | Advanced. 3. Deselect the Notify When Remote Documents Are Printed check box. 4. Stop and restart the Spooler Service from the Services portion of Control Panel so the new setting will take effect. Remember, under Windows NT 4.0 and Windows 2000, if the print notification is turned off and the printer is connected by a parallel or serial cable, error messages will appear on the server. While an error is displayed, printing will not resume to the printer, even if the cause of the error is cleared from the printer. Someone must log on to the server and click Retry or Cancel in the Error Message dialog box. This does not affect network-connected printers. ------------------------------------------------------------------------------- * Planning for Active Directory Ready to roll out your company's AD infrastructure? Think again about how many domains you need and what your site topology should be. * Monitoring Your AD-Enabled Network Identify the Win2K network components that you need to monitor and the features you should look for in a monitoring and management tool. * The Active Directory Delegation of Control Wizard Successfully leverage Win2K's ability to safely delegate routine management and support tasks throughout your enterprise. ------------------------------------------------------------------------------- Microsoft's Management services site for Windows 2000 is an excellent site for many Windows 2000 management and installation questions and planning. ------------------------------------------------------------------------------- Tweak UI for WIn2000 For those of you who use TweakUI, Microsoft's handy little UI utility, but now find the earlier version of TweakUI (version 1.1) incompatible on computers running Windows 2000, Windows Millennium Edition (Windows Me), or Windows 98, help is here. Microsoft has an updated version of the utility that runs on these OSs. For those who haven't tried TweakUI, I highly recommend it. It's full of great little utilities such as Logon Automatically at system startup, Covering your tracks, Repairing your icons, Limiting which applets appear in Control Panel, and more. You can download the TweakUI 1.33 update from the following URL. http://www.microsoft.com/ntworkstation/downloads/PowerToys/Networking/NTTweakUI.asp ------------------------------------------------------------------------------- ANOTHER LOCATION FOR DHCP BACKUP DHCP is responsible for significantly easing our workload in managing IP addresses. The DHCP service does back up its database and files. However, it stores them in the Winnt\system32\DHCP\backup directory on the same partition that is running the DHCP service. Obviously, when you back up this server, you get the backup copy as well, but as an additional level of peace of mind, you might want to change the backup location, usually to another physical drive. To change the location of that backup directory, follow these steps: 1. At the Run command, open up regedt32. 2. Once the registry editor is open, navigate to HKLM\System\CurrentControlSet\Services\DHCP Server. 3. Double-click Parameters, then double-click Backup Database Path. 4. Change the first part of the line to indicate a different physical drive on the server, such as E:\System32\dhcp\backup. Don't forget to create the directory structure on that drive. Now the information will be backed up to that different drive. This works in Windows 2000 as well. As always, remember our usual warnings about backing up the registry first. ------------------------------------------------------------------------------- PROVIDE DHCP FAIL-OVER ON YOUR NT NETWORK You can implement continuous DHCP service on your network, even in the event of DHCP failure. You can use this process to free up a DHCP server for maintenance and more, all without service interruptions. ------------------------------------------------------------------------------- CLEANING UP THE SYSTEM TRAY Areas to check when trying to permanently remove items from your system tray: 1. Check the program itself; it might let you unload it and never have it load again. 2. Check your startup folders, and remove any icons you don't want. 3. Check the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. 4. Check win.ini and system.ini files on your computer. A few other places: - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\IniFileMapping\Win.ini, System.ini; and winfile.ini" - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Run - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Load - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon\ParseAutoexec (If you set this value to 1, commands in the autoexec.bat file will run.) So, that's about eight different places that Microsoft lets vendors hide system tray icons that come up at startup. Again, each of these icons takes resources (memory) from your system, so if you don't want 'em, clean 'em out! ------------------------------------------------------------------------------- WINDOWS 2000 PRO TIP: REPAIR BROKEN APPLICATIONS WITH THE WINDOWS INSTALLER Let's face it--application troubles are an annoying part of today's computing environment. Applications have grown so complicated that diagnosing problems quickly is becoming an art. Simply re-installing the application isn't always the best option, and tracking down buggy DLL files can take an excessive amount of time, especially if the product isn't well documented. Applications based on Windows Installer must be self-repairing. I haven't taken time to delve into what Microsoft's definition of self- repairing actually is (never assume too much), but the Windows Installer service does present some nice command-line options for trying to repair buggy applications. At the command prompt, type: MSIEXEC /fe packagename.msi MSIEXEC starts the Windows Installer service. The /f switch informs the Windows Installer service that you want to repair a product. The e option next to the /f switch tells the Windows Installer service to reinstall missing files or tells it whether an equal or older version is installed. A number of options are available for the /f switch, including: c - Reinstall if file is missing or the checksum is invalid a - Force all files to be reinstalled u - Rewrite all required user-specific entries m - Rewrite all required computer-specific entries The packagename.msi file is the .msi file for the application that you want to repair, such as Office 2000. You might still have application problems, but with the ability to easily repair them, you shouldn't have as much of a problem in the future. ------------------------------------------------------------------------------- Use the NetDiag Tool from the Win2K Resource Kit to Diagnose Problems. You can find the support tools package in the Win2K CD-ROM's \SUPPORT\TOOLS directory. After installing the package, you'll see a new menu option on your program's menu called Windows 2000 Support Tools. Although there are about a dozen actual tools available from the Start menu, in reality, there are more than 40 different applications that this package installs on your system. One of the most useful tools is the NetDiag tool (Netdiag.exe). This tool alone is worth digging out your Win2K CD-ROM so you can install the Support Tools. NetDiag performs a series of diagnostic tests on a system to troubleshoot any problems your system might be experiencing. NetDiag tests many networking items, including basic IP connectivity, WAN connectivity, WINS support, and browser and domain availability. Each test category outputs a simple passed or failed result, giving you valuable information about where to look for problems. ------------------------------------------------------------------------------- Setup hangs while inspecting. If setup hangs while it's inspecting your hardware, try this. If setup hangs at the subject screen, use the checked version of NTDETECT.COM to help determine which hardware item is causing the problem: 1. DISKCOPY the first setup disk to a blank formated floppy. 2. Copy \SUPPORT\DEBUG\I386\NTDETECT.CHK to the diskette you created in step 1, and rename it to NTDETECT.COM. 3. Restart setup using the new diskette. NOTE: - The checked version of NTDETECT.COM displays each device as it is detected. Press any key to proceed to the next screen. The problem device should be on screen when setup hangs. You can then use the Knowledge Base to research setup issues with this device. ------------------------------------------------------------------------------- Move your Printer Queue to Another Folder Most organisations running NT- or Windows 2000-based networks use print-server functionality, and it is not uncommon to find at least one or two servers functioning as dedicated print servers on a large network. Even on the smallest LANs, any NT or W2K user who has shared their printer is functioning as a print server. Under Windows NT and Windows 2000, a printer stores (spools) data on disk until the printer is ready to accept data. If a printer is under heavy use or offline, this spooling process can consume large quantities of disk space as documents get backed up in the queue. Windows normally uses the boot volume for this purpose, and files are spooled to %SystemRoot%\system32\spool by default. If you are short of disk space on your boot partition, this can cause major headaches, as well as performance degradation. It is possible to alter the spool folder on a printer-by-printer basis by making a registry change, however. You can even have different printers spooling data to different folders or volumes. This Registry key points to the default spool folder for all printers : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printer s\DefaultSpoolDirectory Changing this value affects all printers on the machine. The following REG_SZ Registry key defines the spool folder for a given printer (where [PrinterName] is the name of your printer. If the key value it is blank, then the default folder from the above key is used. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printer s\[PrinterName]\SpoolDirectory If you change the value of the key, you must ensure that the folder exists and that it is local - no network paths allowed! For any changes to take effect, you must stop and restart the Spooler Service. For further information, refer to KB article Q123747. ------------------------------------------------------------------------------- Keep Your Time Synched! How do you keep all your pc's on an NT (TCP/IP)network synchronized to the right time date? In the your netlogon script, put in the line: net time \\computername /set /yes And on the machine that is synching with "computername" You can run the timeserv from the NT Resource Kit to have the system time synch up with an atomic clock. For more info on TIMESERV, check this article: http://support.microsoft.com/support/kb/articles/Q232/2/55.ASP You can use a PDC or BDC for this purpose, or you can do it with most any server, it doesn't take a lot of resources at all! ------------------------------------------------------------------------------- ACTIVE DIRECTORY CLIENT Windows 2000 shipped with a new and improved directory service called Active Directory. Unfortunately, not all clients can take advantage of its advanced features. Only Windows 2000 includes support for Active Directory; older operating systems don't. Even if clients don't take advantage of the Active Directory service, you can still use them on your network. For example, when you upgrade a Windows NT domain to Windows 2000 Active Directory, you can still use your existing Windows NT 4 client computers and Windows NT 4 servers. To facilitate the integration, Microsoft released a special Active Directory client for Windows NT 4. This client software adds support for some Active Directory features, including: * Site awareness allows clients to log on to the domain controller that's closest to the client. * Active Directory Service Interfaces (ADSI) allow Active Directory scripting. * Distributed file system (DFS) fault-tolerant client provides access to Windows 2000 fault-tolerant DFS shares. * Windows Address Book (WAB) property pages allow users to change properties on user objects, and they include support for display specifiers. * NTLM version 2 authentication allows for stronger authentication. Even with Active Directory client software, Windows NT 4 clients don't support all advanced Active Directory features. Among them are: * Kerberos authentication * Group Policy objects * IPSec and L2TP Microsoft has also released an Active Directory client for Windows 95/98. http://www.microsoft.com/Windows2000/adclients/default.asp ------------------------------------------------------------------------------- Deploying Exchange 2000 in Ten Steps http://www.microsoft.com/education/seminars/default.asp Migrating from Windows NT or NetWare to Windows 2000 in Education Environments http://www.microsoft.com/education/seminars/MigratingWindows2k.asp ------------------------------------------------------------------------------- Update Windows The corporate update site is an excellent site for obtaining updates on Microsoft products. ------------------------------------------------------------------------------- How do I determine which process has TCP ports or UDP ports open? To display which process ID is using a certain TCP port or UDP port, you can start by using the Netstat command with the n (display in numeric form), o (display the owning process ID), and a (display all connections and listening ports) switches as follows: netstat -noa For example, the command C:\>netstat -noa might produce output like the following: Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 888 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 988 TCP 0.0.0.0:1076 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING 1144 TCP 127.0.0.1:1063 0.0.0.0:0 LISTENING 1380 TCP 127.0.0.1:1064 0.0.0.0:0 LISTENING 500 TCP 127.0.0.1:1065 0.0.0.0:0 LISTENING 500 TCP 127.0.0.1:1199 0.0.0.0:0 LISTENING 356 TCP 200.200.200.206:139 0.0.0.0:0 LISTENING 4 TCP 200.200.200.206:1150 0.0.0.0:0 LISTENING 4 TCP 200.200.200.206:1150 200.200.200.1:139 ESTABLISHED 4 TCP 200.200.200.206:1152 0.0.0.0:0 LISTENING 4 TCP 200.200.200.206:1152 200.200.200.200:139 ESTABLISHED 4 UDP 0.0.0.0:135 *:* 888 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 712 UDP 0.0.0.0:1026 *:* 1124 UDP 0.0.0.0:1027 *:* 1124 UDP 0.0.0.0:1028 *:* 712 After you have this information, you can use the Tasklist command to match a particular process ID to a task name. To search for a specific process ID, use the following format: C:\> tasklist | findstr A sample command and output might look like C:\> tasklist | findstr 712 lsass.exe 712 Console 0 1,792 K The sample output indicates that the task lsass.exe is using process ID 712. If you're using Windows 2000, you can accomplish the same task by using Tlist instead of Tasklist. Download the Wntipcfg.exe tool for Windows 2000 from Microsoft's website. This is the GUI tool similar to Window's winipcfg tool. ------------------------------------------------------------------------------- Miscellaneous HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> CurrentVersion -> Run DMA over PIO IDE Transfers Disable IDE Port Scanning Services Manual Serial Port 115200/HW Flow-control Parallel Port Task Manager columns Mouse Speed/Acceleration Device Manager Mouse properites Sample-rate Input-buffer Permanent Swapfile Add memory or 1GB swap D: NTFS + Swap System Monitor peak Swap >+64MB boundary Task Manager Performance Total Commit Charge >+64MB Norton Speed-Disk Swap outer-tracks DirectX 8a Toolbars PowerToys Disable Guest account Rename Administrator Login script + capture IP, append-rights only + quota D: remove Everyone-group Device Manager, CD, Enable digital-audio 98 MSConfig \WINNT\INF\sysoc.inf Disable VSync UPTIME ------------------------------------------------------------------------------- Other tips http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/deploy/prodspecs/Win2Ksvc.asp http://win2000tips.home.att.net/Tipstricks.htm#DMA/UDMA%20and%20Win2000 http://www.win2000mag.com/Articles/Index.cfm?ArticleID=3768&pg=1 http://www.3dspotlight.com/guides.shtml