Mark Minasi’s Windows 2000/NT Newsletter

Issue #2 February 2000

To subscribe, visit To unsubscribe, link to Visit the Archives at

What's Inside


It’s been a big five weeks since my last newsletter. We made it through Y2K, Microsoft’s about to release Windows 2000 for real, the Advance Edition is sold out, the second edition’s rolling off the presses, we broke 1000 subscribers, and of course the main event -- bunches of errata for both the NT Server and Windows 2000 books, hence the greater length. This month, I’ll start offering errata for the Mastering Windows NT Server book as well as the Mastering Windows 2000 Server book. 

Windows 2000 Releases 17 February 2000 

On Thursday morning, 17 February, Bill Gates will officially release Windows 2000 to a crowd at the Windows Enterprise conference at the Moscone Center in San Francisco. I’ll be speaking there, doing a three hour tutorial on Intellimirror, a 75 minute overview of Windows 2000, and another 75 minute discussion of Active Directory Planning. I hope to see some of you there; if you’re going to attend the conference, I hope you’ll consider attending one or all of my sessions. You can find out more about the conference at IDG’s site (which, in my experience, isn’t always up and running – they must not be using Windows 2000 Web servers, wink wink.) 

Other Windows 2000 Conferences

I will also be speaking at TechMentor ( and Windows 2000 Connections (, and The Conference and Expo on Windows 2000/Windows NT Security and Control (, all conferences that have kindly asked me to keynote their shows. (And in case you’re wondering, I don’t get a percentage of the gate – I’m just offering the URLs for your convenience and I really hope that some of you get a chance to go to one of these shows. Conferences like these are absolutely great sources of information.) 

Mastering Windows 2000 Server, Second Edition Debuts at Windows 2000 Expo, With a New Cover Look 

Sybex, the publisher of the Mastering Windows 2000 Server book, expects to have the second edition printed and ready for sale at the San Francisco conference. The first edition sold completely out in record time – which took them by surprise – and so you may be asked to hold off a week or two if you order a copy from a vendor. The second edition should be shipping by mid-February. As I said in the last newsletter, if you have the first (“Advance”) edition, there’s no real reason to buy the second edition. We had very little time to work on it if we wanted it to ship concurrently with W2K and so its main differences from the Advance edition is all updated screen shots – the Advance Edition was based on RC2 and some of the screens changed. Amazon is currently taking orders – visit me at to order the Server book, or the new Professional book. 

NOTE: Sybex has changed their branding scheme and so the second edition of Mastering Windows 2000 Server will look completely different. It’s blue cover with a globe on it, which makes it look like every OTHER book that they sell with “Mastering” in the name. If you own a copy of the NT Server or 2000 Advance book then you’re used to seeing a white, black, and red cover with a plant on the cover, the “Network Press” look. That’s all changed, now the 2000 Server book has been assimilated into the Mastering collective. 

Mastering Windows 2000 Professional Now Available 

The successor to my book on NT Workstation is now out. Mastering Windows 2000 Professional is intended to take you from novice to techie in just 1000 short pages. to order. 

We Exceeded 1000 Subscribers 

Welcome to our new subscribers! The first newsletter went to 96 people five weeks ago. This one will go to more than 1000 of you. Many thanks for signing up. 


The past month has brought too many good reviews for me to include them all. Craig Dayton wrote an embarrassingly kind (really!) review on Amazon. Two other people were unhappy that the book was written based on RC2. I’m sorry that they were unhappy but it’s hard to know what ELSE a book that shipped in November could have been based on. Apparently others were pretty happy – at one point we were the 59th best selling book in all of Amazon. (Take THAT, John Grisham.) One of my favorite reviews came from a Microsoft employee who I won’t name because I don’t want to get him/her in trouble: “Mark, this book is awesome! I went through Microsoft training on NT 5/Windows 2000 for over 1 year and I can honestly say I have learned more from this book than that training. Well done and thanks!” 

Other short reviews: 

“… your book has saved my a** more than once …” 

“Keep the great work, I can’t say enough…” 

“In a word, ‘essential!’”

 “… Spent the weekend reading it like a novel.”  (Well, okay, I’m guessing that Stevie King’s not worried.) 

“Will there be a CD in future editions?”  Absolutely. We’re trying to videotape a number of my short presentations and put the tapes on a CD, as well as a full searchable version of the text – but we couldn’t get it done in time for the second edition. 

“… Very readable – I’m a CNE and *I* understand it!!…” 

“Enjoying your book. Have added two inches to my biceps just carrying it around. Who needs weight training?” Very funny, smart guy. You guys complain if it’s not complete, you complain if it’s too big, there’s just no satisfying some people

“… Mark, you’ve done it again…” 

Many, many thanks to all of you, but don’t forget that my co-authors deserve a lot of credit as well. I promise to keep at this and make the third edition even better (but that’s going to take some time … I’ve got to finish my “Linux for NT Experts” book first, coming soon.) 

TechTips / Errata 

Here’s this month’s roundup of errors and a few frequently asked questions. Many thanks to those of you who’ve taken the time to report these errors. 

Errata I: NT Server errors 

Error in Netlogon Registry entry found by Alec Wills: 

In the 6th edition, page 1356, paragraph 3, line 1: we’re trying to tell the workstation to wait longer for a domain controller before giving up and giving the “no domain controller found” error. I included a Registry entry to do that, and ALMOST got it right. “The registry entry you quote should read HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters”. 

Thanks Alec! 

Screen Shots in IIS Goofed Up 

Dawit Taye says: 

“I bought your book to supplement my NT4.0 text book (MS press) and found some discrepancies mainly in the area of IIS. The school's book comes with option pack 4.0. Example- on the default Web site properties sheet, your book has security accounts sheet right next to the web site sheet. The MS IIS book and my computer has the operators sheet next to the web site sheet. To give you one more example, on the application configuration property sheet, your book shows App. Mappings, ASP, ASP Debugging, Other sheets. But, the option pack 4.0 that I installed on my system shows App Mappings, App Options, App Debugging sheets. I asked my instructor and he said it is an error from your book. I think it might be two different versions. You be the judge. Please let me, so I'm trying to take the IIS cert test next week.” 

Looks to me like Dawit’s right. A co-author wrote that chapter so I can’t comment for sure, but my guess is that he took them from a beta version. There are sometimes differences between the beta screens and the finals, many apologies. 

Bad Voltage and Bad Grammar 

Alex French of the UK offers two errors: “We in the UK have migrated (very quietly) to 230v from 240v. I only found out by accident. I know that it is highly probable that nobody cares, but it may be useful information someday, somewhere, somehow..... “ “…In Chapter 2, Sharing Files on a Network, there is a sentence 'Now the network software running on Jennifer's machine (GTW09) knows that if anyone asks for a shared named ACCT, it shoud go ahead and share it.' The 'shared named' bit doesn't make sense. A 'share named' maybe ???” Thanks, Alex, despite having been to the UK many times I’ve always been a bit confused on whether it was 230 or 240. 

Do Scripts Go in Import or Export? 

Donald Yarbrough writes: “I have found your books on NT both Server and Workstation to be of enormous help in the past. The reason for this letter though is to clear up some confusion I have with System policy editor. We are trying to implement system policies here and they don't seem to want to work. I looked up the chapter in the NT server book and it says you should put the NTconfig.pol file in the Export directory on the PDC and my recollection from my MCSE class said to place it in the Import\ scripts folder, which by default is shared as Netlogon. Please clear this up for me. That may be why these policies aren't working. I appreciate your help in this matter.” 

Good question and one I get regularly, let me clear this up. As I explain in chapter 11, you can’t simply put scripts into winnt\system32\repl\import\scripts. If you do, then the script will only be available on that particular PDC or BDC. That causes trouble in the following way: suppose you put the logon scripts and/or the ntconfig.pol file on the \import\scripts directory of your PDC. Well, if someone happens to be logged in by the PDC, then you’re in good shape. But if the BDC logs her in, then the BDC doesn’t have the login scripts/ntconfig.pol. So you’ve got to somehow get those files replicated to all of the DCs.

The easiest way to do it, as I describe in chapter 11, is to just turn on directory replication on the DCs and put your scripts and POL file or files into the PDC’s EXPORT directory. That then gets replicated to the IMPORT directories of all DCs … including the PDC itself.

Incorrect Messages for User Manager 

Steve Topilnycky says: “…anyway, I do believe I have discovered an error in this edition. On Page 353, Table 6.2, you are discussing the default values for user passwords and such. In the book you have: 

‘Changes Password at the Next Log on’ 

‘Changes Password at the Next Log on’ 

I believe it should be: 

‘User Changes Password at the Next Log on’ 

‘User Can Not Change Password’ 

This would be consistent to the screen callout.” 

You are right, thanks Steve.

Errata II: Windows 2000 Server Book 

Whew! We must have sold a lot of books, because I heard from a lot of you. 

Sysdiff is Dead, Msiexec is Recommended 

Chapter 3 (setup) discusses using Sysdiff to record and play back software installs. Sysdiff is a cool tool that I’ve liked for years now. So my co-author, Brian M. Smith, wrote it up in his excellent coverage of Setup. 

But the ol’ beta bugs got us. 

Gino Tucci, a university professor, has been kind enough to adopt Mastering Windows 2000 Server as a textbook and he’s been running his students through the text – but can’t find Sysdiff! (I’ve heard from a couple of the students.) So I checked, and they’re right, Sysdiff is gone. So what are we supposed to use now? 

Msiexec.exe, according to Microsoft. I was out at Redmond last Monday and took the opportunity to ask about Sysdiff. Microsoft’s take on it is this: there’s a better product than Sysdiff that ships with Windows 2000 – Wininstall LE. It produces MSI files and you invoke them like so: 

msiexec filename.msi 

That command goes very nicely in a commands.txt file for an unattended install (explained in chapter 3.) 

Account Policies Only Work on Domains 

We covered this last month but I wanted to follow up. The book says that you can use organizational units to set different account policies for different sets of people and a number of you have mailed me to tell me that the book’s wrong and that you can only apply account policies at the domain level, not the OU level. Of course, you’re right, a bit of experimentation shows that. But I was SURE that I’d done it. So I went back and trotted out the old Beta 2 disks. Sure enough, you COULD set different account policies to different OUs then. The Microsofties confirmed that they’d changed their minds between beta 2 and 3. Again, sorry for the confusion.

It’s not Profiles, it’s Documents and Settings 

As you probably know, W2K no longer stores user profiles in a directory called Profiles; now it’s called Documents and Settings. We knew that too, and most of the book refers to them correctly. But chapter 8, my co-author Lisa missed those references in her otherwise-excellent writeup of policies. So don’t go looking for a Profiles directory – it ain’t there. (Although I use a Profiles share myself, to store my roaming profile info.) 

Enterprise Admins Do NOT Get Automatically Included in Administrators 

Vladimir Kaplan wrote to tell me that 

In the chapter "Working with Security Groups" you say: "When a Win2K machine joins a domain, the global group Domain Admins and the universal group Enterprise Admins are automatically placed in the membership of the local Administrators group." Now my problem. This automatic addition of Enterprise Admins appears not to be the case if a domain is not the root of the forest. Only that (let's call it child) domain's Domain Admins group gets added to the local Administrators group. Since Domain Admins is a global group I cannot add any security principals to it from any other domains in the forest. Which means that I have manually (or via a script) add another group, most likely universal, into the local Administrators group in order to provide forest admin with the admin rights throughout the entire forest. 

Many thanks, Vlad! 

You Boot From the System Drive and the System is on the Boot Drive 

I always get confused on this and that confusion made it into the book. As refers to what Microsoft calls the “boot” partition or drive and the “system” partition or drive, of course it’s possible to put the \winnt directory on any drive, and most of us boot from the C: drive. 

Logically you’d think that a PC that boots from drive C: and has the NT operating system on drive D: would call C: the boot drive and D: the system drive, but that’s not what MS says – the partition/drive that you boot from (normally the C: drive) is the SYSTEM partition/drive, and the partition that you put the operating system in is the BOOT partition/drive. 

You Cannot RAID 5 the Boot Partition 

A reader wrote this month to ask if it was possible to put the /winnt directory on a RAID 5 drive for maximum protection. Co-author Christa Anderson, who penned the storage chapter, explains that it’s not possible because you must first create a RAID set, then put data on it. Clearly, then, installing 2000 on a system with an already-created RAID system would be impossible, unless of course the RAIDing was being done by some hardware rather than the NT or 2000 operating systems. 

You must be an Enterprise Administrator to Authorize DHCP Servers 

Holger Luebson wrote to tell me that merely being a Domain Admin is insufficient power to authorize a new DHCP server – you’ve got to be an Enterprise Admin. Thanks, Holger! 

Disk QUOTAS are Long-Awaited, Not Disks 

Ian Moran wrote to point out that on page 15, “second section you say (disks are no doubt the longest-awaited feature) - think you mean disk quotas ?” Yes, of course, thanks Ian. 

Figure 10.25 Mis-Labeled 

It should refer to comdlg32.ocx, not ctl3dv2.dll. Thanks to Paul Collins for spotting this! 

Registers are Not Memory 

James Tinney points out that the reference on page 271 to registers as being part of the "memory banks" is inaccurate and of course that’s true, it’s a storage location in the CPU. 

Why Two Hard Disks on a Controller? 

Rob Amagna asks “Our Win2K beta team is using your Sybex book. On page 26 of your book you say that "Domain Controllers will run better with 2 physical hard disks." Why? Because of RAID fault tolerance? Thanks.” The answer is that the Active Directory works like other directories, it keeps a transaction log that it writes in tandem with the database log. It's for recovery purposes. In any case, having two drives means you can do the writes simultaneously -- AS LONG AS THE DRIVES ARE SCSI. Hope this helps, thanks for reading Rob! 

Till Next Month… 

Get ahold of a copy of Windows 2000 now that it’s shrink wrap and start playing with it. Thanks for letting me visit with you, take care, and stay warm! 

To subscribe, visit To unsubscribe, link to Visit the Archives at

All contents copyright 2001 Mark Minasi. You are encouraged to quote this material, SO LONG as you include this entire document; thanks.