What should you tweak and what should you replace when tuning Windows 2000, XP or the soon-to-be released Windows...
Server 2003? In a (virtual) standing-room-only January 9 webcast, preeminent Windows technologist Mark Minasi answered this question -- and more than a hundred more. Read Minasi's answers to your most burning tuning questions in the first of this three-part series. Click here to download Minasi's PowerPoint presentation.
SearchWin2000.com: I want to track total time used for student accounts -- can I do this through a GPO?
Mark Minasi: I suppose you could use a GPO to turn on logon/logoff events, then suck that data into a program and match up the logons/logoffs and come up with some "time logged on" figure. But there's nothing straightforward. (I'm sure there's some expensive third-party tool that would do it.) You might also look into a tool in the ResKit that tracks concurrent logons, perhaps it might also output logged-on time.
SearchWin2000.com: How can I fix Win2k when it does not turn off when you want to turn the computer off?
Mark Minasi: Step one is to open Task Manager and see what's sucking up the CPU time -- sounds like something is hung. Step two is to look in the Event Log. Step three is to force a hung system to blue-screen and then analyze the crash dump. See my old newsletters or my Server book on how to force blue screens. I hope this helps, best of luck!
SearchWin2000.com: Mark, what is your opinion on the unnecessary services that hog CPUs, such as the svchost.exe and the MS "phone home" apps?
Mark Minasi: Svchost.exe is NOT an unnecessary service; it is a wrapper for other services. I don't know of any "phone home" apps. I suggested a few easily killed services in the talk.
SearchWin2000.com: I have lost the file menu bar in Explorer in Win2k Server. I have unlocked the bar and tried to stretch the bar down but to no avail. How can I restore the file menu bar?
Mark Minasi: I don't know, but I've often seen that Explorer gets strange when short on disk space or memory, or when its cache area is full. (Or, of course, when a system is infected with a virus.) Check those things.
SearchWin2000.com: Can I safely have two NICS running on the same network at the same time? DELL had me disable the second card when I had odd problems.
Mark Minasi: If by "same network" you mean "same segment," then it depends. In general you should not have more than one default gateway, so one NIC must be configured without a default gateway. That should solve the problem.
SearchWin2000.com: What's the best way to keep the XP machines up-to-date with security fixes?
Mark Minasi: I like the free Software Update Service from Microsoft. Easy to administer, makes life easy.
SearchWin2000.com: The WinNTtemp directory only gives write permissions to administrators by default, but that doesn't allow most applications to work. Is it a security risk to give users write permissions to this directory?
Mark Minasi: As I said in the webcast, the worst you're doing is dialing back to NT 4 security, which wasn't bad. Try the security templates for backward compatibility, or download the Application Compatibility Toolkit from Microsoft.
SearchWin2000.com: How do you actually associate a site link with a WAN link? How does AD know the T3 is for the link with the lower cost and the ISDN PRI is for the link with the lower cost? Thanks.
Mark Minasi: It sounds like you're asking, "I have two WAN links between NY and LA, a T3 and an ISDN dialup. How do I make AD understand that they are different site links?" If I got the question right, then to my knowledge you cannot do that, as AD doesn't route in the IP sense. As far as I know, it simply sees the aggregate links from point A to point B as one big link. You'd then use your routing infrastructure to keep particular kinds of traffic (RPCs, Kerberos, etc.) off particular physical links.
SearchWin2000.com: How can I implement a local policy on XP to control the users from changing the desktop wallpaper? I can't use group policy because I don't have access to our DC.
Mark Minasi: Probably the easiest way is to build a security template and then use exec.vbs (a Reskit tool) to remotely install it.
SearchWin2000.com: Does XP have problems mapping drives through a logon script that wants to delete any existing mapping before it remaps the drive? In 2000 and 98 our script would delete say the N drive if it was previously mapped and then remap the N drive. XP doesn't do that.
Mark Minasi: I have not seen that, but it doesn't mean it doesn't happen. I strongly AVOID mapping drives -- most apps work fine with UNCs.
SearchWin2000.com: An upgrade deleted configuration but it stills holds the IP. I added the card back but I could not get the IP released.
Mark Minasi: I don't know what OS you're running but I would disable the card and reboot, then ensure that the card's gone. Reinstall the card and reboot. The problem has always gone away in my experience. If need be, look in the TCP/IP key of Services, you may have to delete folders in there.
Read on to continue:
Mark Minasi is a best-selling author, popular technology columnist, commentator and keynote speaker. Mark is probably best known for his books Mastering Windows NT Server, Mastering Windows 2000 Server and The Complete PC Upgrade and Maintenance Guide. Mark has also authored 17 other technology books, spoken on technical topics in 20 countries, and written and performed in a dozen technical education videos. His new book in Windows Server 2003 is due out in April.