Mark Minasi's Windows 2000/NT Newsletter

Issue #6 July 2000

To subscribe, visit http://www.minasi.com/nwsreg.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. Visit the Archives at http://www.minasi.com/archive.htm.

What's Inside

News

The Linux Book Is Finally Done

Linux for  Windows NT/2000 Administrators:  The Secret Decoder Ring is finally done.  For the past nine months, I've been learning and writing about Linux with the intention of creating a book specifically for people who know NT and/or 2000 really well and who want to learn Linux, but who want to learn it quickly and without a lot of hype.  I'd looked at Linux before but it seemed that just about all of the documentation in the Linux and Unix world is intended more as a reminder than as actual documentation.  It's not that there isn't documentation -- there's tons of it -- but it seems that you've got to first understand Unix/Linux before you can understand the documentation; most Linux docs explain Linux in Linux or Unix terms.  I wanted a book that explained Linux in Microsoft operating system terms.  I've also found that a lot of Linux books can't resist a lot of anti-Microsoft religious diatribes and, while I'm not Redmond's biggest fan, I do use their products and don't like being told that I'm a fool just because I choose to use the market-leading operating systems for the desktop and server; I found myself thinking, "could I just get an explanation without the venom, please?" when reading a lot of Linux stuff. 

As Unix is more than 30 years old, it has accumulated a lot of lore that everyone in the Linux world just knows.  But as a Unix/Linux newbie, how was I to find all of that out?  With two very valuable co-authors:  Craig Hunt and Dan York.  Craig guided me for the first part of the book, helping me get started in Linux and pointing me in the right direction when I got couldn't figure out The Linux Way to do something.  Dan joined me later to write a great chapter on how to set up Linux as a Web, mail, DHCP, and DNS server, as well as a router and firewall.  He also contributed to two other chapters -- without him, I'd never have gotten the thing done.  

The book is in editing and production now, and will probably appear on the bookshelves somewhere between mid-September and mid-October.  It'll be somewhere around 450 pages -- I wanted to keep it a quicker read than my NT books -- and will include a CD with a copy of the Linux distribution that I found most useful, the Mandrake 7.1 distribution.  I don't know exactly how Sybex intends to price it, but I think it'll be somewhere in the $40 range, list price.  I'll have more information on it when it's published in a future issue of this newsletter.

Windows 2000 Classes Available

Last issue, I mentioned that I am now doing two-day classes on Windows 2000 Planning and Administration.  I don't want to make this newsletter overly commercial so I don't want to dwell on this, but ... the response has been nothing short of wonderful and thanks very much to all of you who've either arranged a class or inquired about one. As I explained last issue, I've been traveling quite a bit lately doing Windows 2000 classes.  We don't do public classes but I'm available to come to your company and do seminars of whatever length you'd like on Windows 2000 administration and deployment.  I don't teach the official Microsoft curriculum, as I know you don't have the time to take a week or two away from your desk -- instead, in just two days I can teach NT experts how to set up and administer a Windows 2000 network, as well how to roll out Windows 2000 Professional to your workstations with the least muss, fuss, and greasy aftertaste.  And if you're still just exploring Win2K for a possible future rollout, I've got a great one-day technical overview that'll give you the straight dope on Active Directory concepts and planning, Intellimirror possibilities, strengths, and weaknesses, and suggestions for when and how to deploy Windows 2000, of course all from an independent point of view.  For more information, Contact jennifer@minasi.com or call (757) 426-1431. 

Discount Books and Thanks for the Reviews

Mastering Windows 2000 Server, 2nd Edition is consistently in Amazon's top 400 and often the top 100 -- many thanks to those of you who've purchased it!   As always, the Windows 2000 book is discounted at Amazon via this link: http://www.amazon.com/exec/obidos/ASIN/0782127746/qid%3D951327728/sr%3D1-24/103-1360566-4240609/markminasi/002-6700447-8468236 or just jump off from http://www.minasi.com/covers/booklink.htm. Many thanks for the extremely kind reviews.  Big, big "thank you"'s to Joel Bonvicini, Robert Bush, Mark W. Romanowitz, Adrian Matala, and Jesse Wallace for their recent reviews on Amazon.

Tech Tips

Killing W2K with a keystroke

Windows 2000 is, in theory, more reliable than NT, and (also in theory) you should see fewer blue screens.  This is probably true, as blue screens are a result of errors in kernel mode modules (for example, SCSI, video, and NIC drivers) rather than user mode modules (like Active Directory).  Nevertheless, W2K sometimes crashes and doesn't leave much in the way of assistance on what crashed it.  

For example, as I was preparing this newsletter the system totally locked up and showed only a blank white screen, forcing me to power down. The problem seems to have been that my G: drive (the system drive) ran out of space, and so the system freaked.  I don't want to get too wound up here, but it seems TOTALLY RIDICULOUS THAT AN OPERATING SYSTEM CAN CRASH BECAUSE ONE DRIVE LETTER RUNS OUT OF SPACE WHEN THERE'S SPACE ON THE OTHER DRIVES and see, I said I didn't want to get too wound up... in any case, nothing that I did could get a response out of the system -- so how could I report it to Microsoft?  It would have been nice if I could have forced a blue screen so that I'd have a dump file of whatever caused the system lockup.  Fortunately, you can force 2000 to do a blue screen crash at will, with a Registry change.  

If you add a DWORD registry value "CrashOnCtrlScroll" with a value of 1 under: HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters you can then crash your system by typing Ctrl-Scrllock-Scrllock.  You've got to use the Ctrl key on the right-hand side of the keyboard. 

Better HTML Font Control

While working on the Linux book, I noticed how terrible my Web site, and in fact most Web sites, look on Netscape under Linux.  Linux systems don't have TrueType fonts and so all of those Web sites that use Arial put Linux users in a tight spot -- their sans-serif font is called Helvetica.  Netscape doesn't know how to handle it, so it uses a terrible-looking Courier font and the site looks like a mess.  I ran across a great answer for that and incorporated it in my Web pages.  Apparently the "font=" parameter in HTML statements can take a list of possible fonts.  

Instead of  

<font face="Arial"> 

You can use this:

 <font face="Arial,Helvetica"> 

Then, when the browser tries to render the page, it uses Arial if it's available and Helvetica if not.

Reader Questions/Comments

This month, I got (as always) hundreds of questions from readers; here are few that seemed particularly interesting.

Un-Delegating

From Don Richards: Hi Mark...first let me say that I started reading your books going back to the NT3.5x days, and have used them religiously as both a learning tool and reference manual for years. Now my question. In your current book "Mastering Widows 2000 Server" you talk about delegating control of an OU for the purpose of applying group policies to a particular OU. The example that you used was to delegate control to the Group Policy Creator Owner group for the Marketing OU. Please excuse my ignorance but how do you reverse the delegation procedure. So far I have not been able to determine how to remove the delegation control from the Group Policy Creator Owner group. Thank you in advance for your help... Regards, Don Richards 

Answer: 

The hard way, unfortunately. Bring up the Properties sheet for the OU and choose Security. (Don't forget to choose the Advanced View or Security doesn't appear.) Then just un-do the delegation through the Security dialog. 

Controlling Who Can Log Onto a Server Under 2000

From Ramon Buckland:  Hi Mark, I have purchased your book in the light that it may help me solve an annoying problem We have a Win2000 test server setup that one of us has inadvertently set a 'policy' so that no users can logon interactively unless they are a Domain Administrator. I say policy as when you try to logon, W2k complains that a local policy settings does not allow you to logon interactively. I was wondering if you now where I mat find this setting, or suggest a best way to fix it / the chapter to read in your book that explains our problem. Thanks in advance. Ramon Buckland 

Answer: 

Start/Programs/Administrative Tools/Local Security Policy/Local Policies/User Rights Assignment, Log on Locally. 

RIS Fails On a Multihomed System

From Vincent Alberico:

I purchased a copy of your book, but it didn't have a lot about RIS either; however, your book is excellent, and I am glad to have a copy of it. I know RIS is too new to have a lot of support information. I think I finally figured out what the problem was. My test server is multihomed, so I reversed the NIC binding order, thereby allowing RIS to bind (I think) to the other adapter. This did the trick. I guess there is a bug with RIS on a multihomed machine. Yes, I did authorize both IP addresses using the DHCP snap in. Thanks for you quick response earlier. Well, I learned that RIS was not anything to get really excited about. I'll be holding on to Norton Ghost Multicast for a while longer, but it is a good step in the right direction.   Thanks a lot, Vincent. 

Answer:

Interesting story, thanks Vincent!

Boot Versus System Partitions

From Pete Solomon:

Mark, I am enjoying your book covering Windows 2000. I have a question though about system partitions vs.. Boot partitions. While this might be trivial. I have seen both Microsoft and other books reference the boot Partition as being where the WINNT directory lived and the system partition was where the boot information lived. I understood that the reason for this was something to do with either Alpha systems or Unix systems and that this convention was a carry over. While I think it makes more sense the way you have stated it in your book. I have seen documentation from MS that could actually make it more confusing for a person trying for example to trouble shoot an issue. Am I wrong, misled or perhaps you can enlighten me as to what I should know. I appreciate the assistance in clearing this up.     Thanks, Pete.

Answer:

Nonintuitive as it sounds, the "boot" partition is the name for the partition that contains the \winnt directory, the operating system.  The "system" partition is the name for the partition that your system boot from -- the C: drive, for most of us.  I'm sure someone at Microsoft had a really good reason for this...

Belgium Weighs In

From Stefaan Degroote:  

Being an explosive Belgian, I have to admit that I really loved your book. However, some (a few) really important topics didn' t come (enough) at hand: I missed a little more information about replication topology and sites, links and transports. Also the book didn't "reveal" what are to my opinion some really nasty bugs in Win2K Server:  

-Wins can still be a mess.
-Trouble with VPN connections: When you initiate a VPN connection, you can't reach some TCP ports and services anymore, such as proxy servers.  A loopback-connection, which is a VPN connection to YOURSELF is the only solution!!!) This also applies if you have some networks connected over the internet and you route it using VPN. That way, you won't be able to make a connection to the ntds of a specific server without a DIRECT VPN connection to that server. That means that EVERY server must have a direct connection to each of the other servers.
This is the cause of VPN: the source and destination network must travel over the same connection, as routing over another connection won't do. I wanted to ask Bill Gateway.
-Making to much changes to group policy in a short period of time (e.g. changing a policy twice in less than a minute) sometimes causes the policy to corrupt. I once changed the default policy to set the proxies on my LAn correct, made a modification to the users homepage a few moments later, and suddenly the users desktop dissapeared. I let it rest for about an hour (didn't change anything to solve the problem), logged on again a few times, and the desktop was back in place again... Microsofty ! Anyway, I enjoyed your book. Thanxs!  

Answer: Thanks for the insights, Stefaan!

Whaddya Know, the Book's a Study Guide!

From Richard Glenn:

Hey Mark, I realize you may not read this but for whoever reads these e-mails, I just wanted to say that I passed my Beta exam 71-215 (k.n.a. 70-215) "Installing, Configuring, and Administering Windows 2000 Server" greatly I large part to your book. I "STUDIED" this book, used it for my Win2K Users Group @ my last company (made everyone by a copy before joining the group) and found it invaluable! Thanks for a great book, Richard Glenn

What Happens If I Build Two NT Servers With the Same Product ID?

From Jan Jensen:

I first want to say thanks for a very very good book, which is easy to read and I like your humour. It isn't easy to make such a book not boring, but you did it. On page 123 you tells, that two servers with the same product number can't communicate, I have to be sure that it isn't the SID number you are talking about? I also would like to know, what will not communicate and I think so do your readers? Maybe I have this problem without knowing it, no I am sure I have, because I have used the same product number on several servers. 

Answer:

I goofed there, Jan.  I had been led to believe that two systems with the same product ID wouldn't talk to each other.  That's not true and I forgot to remove it from the book.  You will not see any operating problems at all from using systems with the same Product ID embedded.

ICS Enabled More Quickly

Mark:   As always, thanks for the excellent work in your Mastering series as well as your continuing columns in W2k Mag.  I suspect you've forgotten far more than I'll ever know about WinNT and W2k....   Now on to a faster way to set up ICS in W2k Srv.  In the Mastering book (Adv ed.) the reader is taken through the Network Connection wizard, and told to select "Dial up to the Internet."  Not bad, but then the reader will need to go in and change the connection properties after completing the wizard in order to enable ICS.   Wouldn't it be cool to do it within the wizard instead?  Guess what -- you can!  I stumbled on this when I mistakenly selected "Dial up to private network" and continued on with the wizard.  There is a dialog that lets you enable ICS directly, as well as dial on demand for all users.  Saves a few steps for the busy admin.   Perhaps MS will improve the wizard in the next release; seems kind of funky to bury it that way....   --Mike Toot

Errata

Still more of you continue to do my job for me and find errors in the books -- I can't thank you enough for helping me out!

Delegating Procedure Step Missing

  I just ran across another minor one, Mark. On page 98 you say "Right-click Marketing and choose Properties. You'll get a property sheet with a tab labeled Permissions. Click it, and you'll see something like Figure 2.38." Problem is, Figure 2.38 reflects a tab labeled Security, not Permissions. Figure 2.39, the result of clicking the Advanced button, shows a Permissions tab. May all your errata be so minor!! How many do I have to find to get a free copy of the third edition, or to be listed as one of its proofreaders or technical editors? <G --Stephen Pruitt

Browser Boo-Boos

1)  On page 1314 (of Win2K 2nd ed again), it says   ".....won't want to because that defeats the congestion-reducing characteristic of browsers."    I believe the last word in that sentence should be "routers."    2) On page 1317 the book states "If the timing is just wrong, then it might be another 12 minutes before the master browser gets around to updating its browse list with the master browser".  I believe the last two words should be "backup browser". --Darren McBride

 File System Foulups

Enjoy your books - have used them as reference and have recommended them to my students. Just a note to point out a few discrepancies in your Mastering Windows 2000 Server (you may already have discovered these),   ****Pg 353 you say that when you move an encrypted file to a compressed folder it will gain the compression attribute and it becomes unencrypted - I have tried this and have discovered that no matter what you do (unless moving or copying to a non-Windows 2000 NTFS partition) that the file remains encrypted.  ????   *****Pg 579 Dfs - creating a standalone versus domain root - you say you can create multiple levels of links for domain root (so does the MOC by the way) - well I've tried three ways backwards and cannot create a new link under an existing link for a domain based root - as a matter of fact the only difference between stand-alone and domain based seems to be the replication factor.   ***** Pg 1276 - you say diskperf is no longer supported in Windows 2000 - however the only way to see the Logical Disk Object in System Monitor is to turn on the disk counters using diskperf -y. ???   Be glad to hear your comments on these - all in all great book - I'll keep hunting and pecking - best way to learn is teach                                                                   Diane Sherriff                                                                    MCSE, MCT  On page 1138 of mastering windows 2000 server, you discuss the proceedures for configuring the telnet service.  Item number 8 says "Enter S and Enter to stop the service".  There is no S in the menu.  You must be referring to the number 5, not the letter S.  An easy mistake, obviously done by your editor and not a pro like yourself.   Thanks for writing quality books   Brian Goldberg - Sys Admin, Lan guy, Infrastructure manager - the list goes on....   PS - do i get a free tee shirt for finding an error?

 The Thrill's Still There, but the "Be" is Gone

hi mark or editors,   i am going over your 'mastering win 2k server, 2nd edition' book...i like it very much.  so far i am doing ok (and this is the first time i work on a server).   anyway, on page 386, 8th line, it reads "...well, your user account has to moved...".  i think it's missing the 'be' on has to be moved.   hope it helps!   mariano velasquez    

Conferences: San Francisco in September, Scottsdale in October

If you're looking for a good source of information about Windows 2000, then please consider attending one of the conferences that I'll be speaking at in the next few months.

TechMentor / MCP Magazine September 5-7 San Francisco

MCP magazine's west coast conference this year is in San Francisco.  I'm doing an afternoon keynote on the 6th and then joining the magazine's panel of "experts."  (I put "expert" in quotes because while I can't speak for my fellow panelists, I can't say that I can't imagine feeling like an expert in Windows 2000 for another few years.)  We'll then see exactly how expert the panel is when the audience brings their tough Windows 2000 questions.  The conference also has a bunch of great sessions on a wide variety of topics.  Find more info at www.techmentorevents.com.

Windows 2000 and Exchange Connections in Scottsdale, AZ October 4-7

Another great conference and well worth considering.  The Connections folks took the formula that succeeded so well this spring and have added Exchange 2000 content to create a great conference focused on helping administrators get their jobs done more quickly and easily.  In addition to keynoting, I will be doing sessions on DHCP, DNS and WINS under Windows 2000, explaining the basics of Active Directory planning, and providing an overview of Intellimirror.  More information's at www.winconnections.com.

Until Next Month...

Please share this newsletter!  I'd like very much to expand this newsletter into a useful source of NT/2000 information.  Please forward it to any associates who might find it helpful, and accept my thanks.  We are now at very nearly four thousand subscribers (heck, I didn't even know that many people read my books!)  and I aim to use this to get information to every single Mastering NT and 2000 Server reader. Thanks for letting me visit with you, take care, and get away from that computer for a bit and enjoy the dog days!  Many, many thanks to the readers who have mailed me to offer suggestions, errata, and those kind reviews.  As always, I'm at help@minasi.com

To subscribe, visit http://www.minasi.com/nwsreg.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. Visit the Archives at http://www.minasi.com/archive.htm.

All contents copyright 2001 Mark Minasi. You are encouraged to quote this material, SO LONG as you include this entire document; thanks.