Mark Minasi's Windows 2000/NT Newsletter
Issue #6 July 2000
To subscribe, visit http://www.minasi.com/nwsreg.htm.
To unsubscribe, link to http://www.minasi.com/unsubs.htm.
Visit the Archives at http://www.minasi.com/archive.htm.
- The Linux Book Is Done!
- Windows 2000 Classes Available
- Discount Books and Thanks for the Reviews
- Tech Tips / Errata
- Killing W2K with a keystroke
HTML Font Control
- Un-Delegating Ain't Easy, Sadly
- Controlling Who Can Log Onto a Server Under 2000
- RIS Fails On a Multihomed System
- Boot Versus System Partitions
- Belgium Weighs In
- Whaddya Know, the Book's a Study Guide!
- What Happens If I Build Two NT Servers With the Same Product ID?
- ICS Enabled More Quickly
- Delegating Procedure Step Missing
- Browser Boo-Boos
- File System Foulups
- The Thrill's Still There, but the "Be" is Gone
The Linux Book Is Finally Done
Linux for Windows NT/2000 Administrators: The Secret Decoder
Ring is finally done. For the past nine months, I've been
learning and writing about Linux with the intention of creating a book
specifically for people who know NT and/or 2000 really well and who want to
learn Linux, but who want to learn it quickly and without a lot of hype.
I'd looked at Linux before but it seemed that just about all of the
documentation in the Linux and Unix world is intended more as a reminder than as
actual documentation. It's not that there isn't documentation -- there's
tons of it -- but it seems that you've got to first understand Unix/Linux before
you can understand the documentation; most Linux docs explain Linux in Linux or
Unix terms. I wanted a book that explained Linux in Microsoft operating
system terms. I've also found that a lot of Linux books can't resist a lot
of anti-Microsoft religious diatribes and, while I'm not Redmond's biggest fan,
I do use their products and don't like being told that I'm a fool just
because I choose to use the market-leading operating systems for the desktop and
server; I found myself thinking, "could I just get an explanation without
the venom, please?" when reading a lot of Linux stuff.
As Unix is more than 30 years old, it has accumulated a lot of lore that
everyone in the Linux world just knows. But as a Unix/Linux newbie,
how was I to find all of that out? With two very valuable
co-authors: Craig Hunt and Dan York. Craig guided me for the first
part of the book, helping me get started in Linux and pointing me in the right
direction when I got couldn't figure out The Linux Way to do something.
Dan joined me later to write a great chapter on how to set up Linux as a Web,
mail, DHCP, and DNS server, as well as a router and firewall. He also
contributed to two other chapters -- without him, I'd never have gotten the
The book is in editing and production now, and will probably appear
on the bookshelves somewhere between mid-September and mid-October. It'll
be somewhere around 450 pages -- I wanted to keep it a quicker read than my NT
books -- and will include a CD with a copy of the Linux distribution that I
found most useful, the Mandrake 7.1 distribution. I don't know exactly how
Sybex intends to price it, but I think it'll be somewhere in the $40 range, list
price. I'll have more information on it when it's published in a future
issue of this newsletter.
Windows 2000 Classes Available
Last issue, I mentioned that I am now doing two-day classes on Windows 2000
Planning and Administration. I don't want to make this newsletter overly
commercial so I don't want to dwell on this, but ... the response has
been nothing short of wonderful and thanks very much to all of you who've either
arranged a class or inquired about one.
As I explained last issue, I've been traveling quite a bit lately doing Windows
2000 classes. We don't do public classes but I'm available to come to
your company and do seminars of whatever length you'd like on Windows 2000
administration and deployment. I don't teach the official Microsoft
curriculum, as I know you don't have the time to take a week or two away from
your desk -- instead, in just two days I can teach NT experts how to set up
and administer a Windows 2000 network, as well how to roll out Windows 2000
Professional to your workstations with the least muss, fuss, and greasy
aftertaste. And if you're still just exploring Win2K for a possible
future rollout, I've got a great one-day technical overview that'll give you
the straight dope on Active Directory concepts and planning, Intellimirror
possibilities, strengths, and weaknesses, and suggestions for when and how to
deploy Windows 2000, of course all from an independent point of view.
For more information, Contact firstname.lastname@example.org
or call (757) 426-1431.
Discount Books and Thanks for the Reviews
Mastering Windows 2000 Server, 2nd Edition is
consistently in Amazon's top 400 and often the top 100 -- many thanks to those
of you who've purchased it! As always, the Windows 2000 book is
discounted at Amazon via this link: http://www.amazon.com/exec/obidos/ASIN/0782127746/qid%3D951327728/sr%3D1-24/103-1360566-4240609/markminasi/002-6700447-8468236
or just jump off from http://www.minasi.com/covers/booklink.htm.
Many thanks for the extremely kind reviews. Big, big "thank
you"'s to Joel Bonvicini, Robert Bush, Mark W. Romanowitz, Adrian Matala,
and Jesse Wallace for their recent reviews on Amazon.
Killing W2K with a keystroke
Windows 2000 is, in theory, more reliable than NT, and (also in theory) you
should see fewer blue screens. This is probably true, as blue screens are
a result of errors in kernel mode modules (for example, SCSI, video, and NIC
drivers) rather than user mode modules (like Active Directory).
Nevertheless, W2K sometimes crashes and doesn't leave much in the way of
assistance on what crashed it.
For example, as I was preparing
this newsletter the system totally locked up and showed only a blank white
screen, forcing me to power down. The problem seems to have been that my G:
drive (the system drive) ran out of space, and so the system freaked. I
don't want to get too wound up here, but it seems TOTALLY RIDICULOUS THAT AN
OPERATING SYSTEM CAN CRASH BECAUSE ONE DRIVE LETTER RUNS OUT OF SPACE WHEN
THERE'S SPACE ON THE OTHER DRIVES and see, I said I didn't want to get too wound
up... in any case, nothing that I did could get a response out of the system --
so how could I report it to Microsoft? It would have been nice if I could
have forced a blue screen so that I'd have a dump file of whatever caused the
system lockup. Fortunately, you can force 2000 to do a blue screen
crash at will, with a Registry change.
If you add a DWORD registry value "CrashOnCtrlScroll" with a value
of 1 under: HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
you can then crash your system by typing Ctrl-Scrllock-Scrllock.
You've got to use the Ctrl key on the right-hand side of the keyboard.
HTML Font Control
While working on the Linux book, I noticed how terrible my Web site, and in fact most Web
sites, look on Netscape under Linux. Linux systems don't have TrueType
fonts and so all of those Web sites that use Arial put Linux users in a
tight spot -- their sans-serif font is called Helvetica. Netscape doesn't
know how to handle it, so it uses a terrible-looking Courier font and the site
looks like a mess. I ran across a great answer for that and incorporated
it in my Web pages. Apparently the "font=" parameter in HTML
statements can take a list of possible fonts.
You can use this:
Then, when the browser tries to render the page, it uses Arial if it's
available and Helvetica if not.
This month, I got (as always) hundreds of questions from readers; here are
few that seemed particularly interesting.
From Don Richards:
Hi Mark...first let me say that I started reading your books
going back to the
NT3.5x days, and have used them religiously as both a learning tool and
reference manual for years. Now my question. In your current
Widows 2000 Server" you talk about delegating control of an OU
for the purpose
of applying group policies to a particular OU. The example that
you used was to
delegate control to the Group Policy Creator Owner group for the
Please excuse my ignorance but how do you reverse the delegation
far I have not been able to determine how to remove the
delegation control from
the Group Policy Creator Owner group. Thank you in advance for
The hard way, unfortunately. Bring up the Properties sheet for the OU and
choose Security. (Don't forget to choose the Advanced View or Security doesn't
appear.) Then just un-do the delegation through the Security dialog.
Controlling Who Can Log Onto a Server Under 2000
From Ramon Buckland:
I have purchased your book in the light that it may help me solve an
We have a Win2000 test server setup that one of us has inadvertently set a
'policy' so that no users can logon interactively unless they are a
I say policy as when you try to logon, W2k complains that a local
does not allow you to logon interactively.
I was wondering if you now where I mat find this setting, or suggest a
best way to fix
it / the chapter to read in your book that explains our problem. Thanks
Start/Programs/Administrative Tools/Local Security Policy/Local Policies/User
Rights Assignment, Log on Locally.
RIS Fails On a Multihomed System
From Vincent Alberico:
I purchased a copy of your book, but it didn't
have a lot about RIS either; however, your book is excellent, and I am glad to
have a copy of it. I know RIS is too new to have a lot of support information.
I think I finally figured out what the problem was. My test server is
multihomed, so I reversed the NIC binding order, thereby allowing RIS to bind
(I think) to the other adapter. This did the trick. I guess there is a bug
with RIS on a multihomed machine. Yes, I did authorize both IP addresses using
the DHCP snap in. Thanks for you quick response earlier. Well, I learned
that RIS was not anything to get really excited about. I'll be holding on to
Norton Ghost Multicast for a while longer, but it is a good step in the right
Thanks a lot, Vincent.
story, thanks Vincent!
Boot Versus System Partitions
From Pete Solomon:
I am enjoying your book covering Windows 2000. I have a question though about
system partitions vs.. Boot partitions. While this might be trivial. I have
seen both Microsoft and other books reference the boot Partition as being
where the WINNT directory lived and the system partition was where the boot
information lived. I understood that the reason for this was something to do
with either Alpha systems or Unix systems and that this convention was a carry
over. While I think it makes more sense the way you have stated it in your
book. I have seen documentation from MS that could actually make it more
confusing for a person trying for example to trouble shoot an issue. Am I
wrong, misled or perhaps you can enlighten me as to what I should know. I
appreciate the assistance in clearing this up.
Nonintuitive as it sounds, the "boot" partition
is the name for the partition that contains the \winnt directory, the operating
system. The "system" partition is the name for the partition
that your system boot from -- the C: drive, for most of us. I'm sure
someone at Microsoft had a really good reason for this...
Belgium Weighs In
From Stefaan Degroote:
Being an explosive Belgian, I have to admit that
I really loved your book. However, some (a few) really important topics didn'
t come (enough) at hand: I missed a little more information about
replication topology and sites, links and transports. Also the book didn't
"reveal" what are to my opinion some really nasty bugs in Win2K
-Wins can still be a mess.
-Trouble with VPN connections: When you initiate a VPN connection, you can't
reach some TCP ports and services anymore, such as proxy servers. A
loopback-connection, which is a VPN connection to YOURSELF is the only
solution!!!) This also applies if you have some networks connected over the
internet and you route it using VPN. That way, you won't be able to make a
connection to the ntds of a specific server without a DIRECT VPN connection to
that server. That means that EVERY server must have a direct connection to
each of the other servers.
This is the cause of VPN: the source and destination network must travel over
the same connection, as routing over another connection won't do. I wanted to
ask Bill Gateway.
-Making to much changes to group policy in a short
period of time (e.g. changing a policy twice in less than a minute) sometimes
causes the policy to corrupt. I once changed the default policy to set the
proxies on my LAn correct, made a modification to the users homepage a few
moments later, and suddenly the users desktop dissapeared. I let it rest for
about an hour (didn't change anything to solve the problem), logged on again a
few times, and the desktop was back in place again... Microsofty ! Anyway, I enjoyed your book.
Thanks for the insights, Stefaan!
Whaddya Know, the Book's a Study Guide!
From Richard Glenn:
Hey Mark, I realize you may not read this but for whoever reads these
e-mails, I just wanted to say that I passed my Beta exam 71-215 (k.n.a.
70-215) "Installing, Configuring, and Administering Windows 2000
greatly I large part to your book. I "STUDIED" this book, used it
Win2K Users Group @ my last company (made everyone by a copy before joining
the group) and found it invaluable!
Thanks for a great book,
What Happens If I Build Two NT Servers With the Same Product ID?
I first want to say thanks for a very very good book, which is easy to
read and I like your humour.
It isn't easy to make such a book not boring, but you did it.
On page 123 you tells, that two servers with the same product number
can't communicate, I have to be sure that it isn't the SID number you
are talking about?
I also would like to know, what will not communicate and I think so do
Maybe I have this problem without knowing it, no I am sure I have,
because I have used the same product number on several servers.
I goofed there, Jan. I had been led to believe that two systems with
the same product ID wouldn't talk to each other. That's not true and I
forgot to remove it from the book. You will not see any operating
problems at all from using systems with the same Product ID embedded.
ICS Enabled More Quickly
As always, thanks for the excellent work in your Mastering series as well as
your continuing columns in W2k Mag. I suspect you've forgotten far
more than I'll ever know about WinNT and W2k....
Now on to a faster way to set up ICS in W2k Srv. In the Mastering book
(Adv ed.) the reader is taken through the Network Connection wizard, and
told to select "Dial up to the Internet." Not bad, but then
the reader will need to go in and change the connection properties after
completing the wizard in order to enable ICS.
Wouldn't it be cool to do it within the wizard instead? Guess what --
you can! I stumbled on this when I mistakenly selected "Dial up
to private network" and continued on with the wizard. There is a
dialog that lets you enable ICS directly, as well as dial on demand for all
users. Saves a few steps for the busy admin.
Perhaps MS will improve the wizard in the next release; seems kind of funky
to bury it that way....
Still more of you continue to do my job for me and find errors in the books
-- I can't thank you enough for helping me out!
Delegating Procedure Step Missing
I just ran across another minor one,
Mark. On page 98 you say "Right-click Marketing
and choose Properties. You'll get a property sheet with a tab labeled
Permissions. Click it, and you'll see something like Figure 2.38." Problem is, Figure 2.38 reflects a tab labeled
Security, not Permissions. Figure 2.39, the result of clicking the Advanced
button, shows a Permissions tab. May all your errata be so minor!! How many do I have to find to get a free copy
of the third edition, or to be listed as one of its proofreaders or technical
1) On page 1314 (of Win2K 2nd ed
again), it says ".....won't want to because that defeats the
congestion-reducing characteristic of browsers."
I believe the last word in that sentence should be "routers."
2) On page 1317 the book states "If the
timing is just wrong, then it might be another 12 minutes before the master
browser gets around to updating its browse list with the master browser".
I believe the last two words should be "backup browser". --Darren McBride
File System Foulups
Enjoy your books - have used
them as reference and have recommended them to my students. Just a note to
point out a few discrepancies in your Mastering Windows 2000 Server (you may
already have discovered these),
****Pg 353 you say that when you move an encrypted
file to a compressed folder it will gain the compression attribute and it
becomes unencrypted - I have tried this and have discovered that no matter
what you do (unless moving or copying to a non-Windows 2000 NTFS partition)
that the file remains encrypted. ????
*****Pg 579 Dfs - creating a standalone versus
domain root - you say you can create multiple levels of links for domain root
(so does the MOC by the way) - well I've tried three ways backwards and cannot
create a new link under an existing link for a domain based root - as a
matter of fact the only difference between stand-alone and domain based seems
to be the replication factor.
***** Pg 1276 - you say diskperf is no longer
supported in Windows 2000 - however the only way to see the Logical Disk
Object in System Monitor is to turn on the disk counters using diskperf -y.
Be glad to hear your comments on these - all in
all great book - I'll keep hunting and pecking - best way to learn is
Diane Sherriff MCSE,
MCT On page 1138 of mastering windows 2000 server, you discuss
the proceedures for configuring the telnet service. Item number 8 says
"Enter S and Enter to stop the
service". There is no S in the menu. You must be referring
to the number 5, not the letter S. An easy mistake,
obviously done by your editor and not a pro like yourself.
Thanks for writing quality books
Brian Goldberg - Sys Admin, Lan guy, Infrastructure manager -
the list goes on....
PS - do i get a free tee shirt for finding an error?
The Thrill's Still There, but the "Be" is Gone
hi mark or editors,
i am going over your 'mastering win 2k server, 2nd
edition' book...i like it very much. so far i am doing ok (and this is
the first time i work on a server).
anyway, on page 386, 8th line, it reads "...well,
your user account has to moved...". i think it's missing the 'be'
on has to be moved.
hope it helps!
Conferences: San Francisco in September, Scottsdale in
If you're looking for a good source of information about Windows 2000, then
please consider attending one of the conferences that I'll be speaking at in the
next few months.
TechMentor / MCP Magazine September 5-7 San Francisco
MCP magazine's west coast conference this year is in San Francisco. I'm
doing an afternoon keynote on the 6th and then joining the magazine's panel of
"experts." (I put "expert" in quotes because while I
can't speak for my fellow panelists, I can't say that I can't imagine feeling
like an expert in Windows 2000 for another few years.) We'll then see
exactly how expert the panel is when the audience brings their tough
Windows 2000 questions. The conference also has a bunch of great sessions
on a wide variety of topics. Find more info at www.techmentorevents.com.
Windows 2000 and Exchange Connections in Scottsdale, AZ October 4-7
Another great conference and well worth considering. The Connections
folks took the formula that succeeded so well this spring and have added
Exchange 2000 content to create a great conference focused on helping
administrators get their jobs done more quickly and easily. In addition to
keynoting, I will be doing sessions on DHCP, DNS and WINS under Windows 2000,
explaining the basics of Active Directory planning, and providing an overview of
Intellimirror. More information's at www.winconnections.com.
Until Next Month...
Please share this newsletter!
I'd like very much to expand this newsletter into a useful source of NT/2000
information. Please forward it to any associates who might find it
helpful, and accept my thanks. We are now at very nearly four
thousand subscribers (heck, I didn't even know that many people read
my books!) and I aim to use this to get information to every single
Mastering NT and 2000 Server reader.
Thanks for letting me visit with
you, take care, and get away from that computer for a bit and enjoy the dog
days! Many, many thanks to the readers who have mailed me to offer
suggestions, errata, and those kind reviews. As always, I'm at email@example.com.
To subscribe, visit http://www.minasi.com/nwsreg.htm.
To unsubscribe, link to http://www.minasi.com/unsubs.htm.
Visit the Archives at http://www.minasi.com/archive.htm.
All contents copyright 2001 Mark Minasi. You are encouraged to quote this
material, SO LONG as you include this entire document; thanks.