Hibernation and Standby Mode are very similar and people tend to confuse the differences.  Standby basically turns off power consuming components like the hard disks and monitor.  It switches the computer to a low power state.  Its much like a warm boot.  Any contents of memory and unsaved desktop settings are lost.  Hibernation saves state information by writing a hibernation file which contains the contents of memory and is thus the same size as total RAM.  This is a snapshot of active memory.  When you turn your PC back on, the state, including which applications are running (desktop) and the memory contents are restored to RAM and voila! - you are back to where you were when Hibernation mode started.  CAUTION:  The restoration of state can take place in 5 minutes, 5 hours, 5 days, ....

Hibernation is only available if your system is ACPI-compatible.  If it is not, the Hibernation tab will be missing and you will have an APM tab instead.  To enable Hibernation mode as one of your Shutdown options:

1.  Click on  Start|Settings|Control Panel

2.  Double-click the Power Options icon

3.  Click on the Hibernate tab and select the Enable hibernate support check box.  If the tab is not there, W2K does not support the feature on your hardware, BIOS, or whatever.  The same dialog box show free disk space and required space to store memory.  If it is missing, check for a newer BIOS for the motherboard.

4.  Click on Apply

Windows 2000 fails to prompt for a password when it returns from hibernation.  From a security perspective, the Operating System should prompt for your password when coming off hibernation mode.  To enable this important security feature:

1.  Start the Power Options Control Panel applet

=  Start

=  Settings

=  Control Panel

=  Power Options

2.  Select the Advanced tab.

3.  Check the Prompt for password when computer goes off standby check box.

4.  Click OK.

«98» Scroll The Start Programs Menu

Windows 2000 and Windows NT take different approaches in handling the Programs Menu when there are more items than will fit.  If there are too many items to fit on the screen, Windows NT uses multiple columns.  Windows 2000's default is to use a scroll approach.  For the Windows NT user it can be a little confusing because it "hides" the extra items until you scroll down the column.  What’s nice about Windows 2000 is that it gives you easy control of whether the Program Menus will either scroll or use multiple columns.

To control the option, click on:  Start / Settings|Taskbar and Start Menu...|Advanced Tab and within the Start Menu Settings box, check or uncheck the Scroll the Programs menu check box.

This step-by-step article describes how to schedule a program to automatically start at a pre-determined interval.

Schedule the Task:

1.  Click Start, point to Settings, click Control Panel, and then click double-click Scheduled Tasks.

2.  Double-click Add Scheduled Task, and then click Next.

3.  A list of programs that are available on your computer are displayed.  If the program you want to schedule is in this list, click it, and then click Next.  If the program you want to run is not in this list, click Browse to locate the program, click the program, and then click Open.

4.  When you receive a suggested name for the task, you can either accept the default name or type another name.  Click the interval you want to use for this task (daily, weekly, monthly, one time only, and so on).  Click Next.

5.  If you chose to schedule the task daily, weekly, monthly, or one time only, you receive a time or date option.  Choose the date or dates, time or times you want to schedule the task for, and then click Next.

6.  Type the user name and password.  Make sure that the user name is in the domain\user format domain\user where domain is your NetBIOS domain name and user is the user account you want to schedule the task under.  Click Next.

7.  Click Finish to schedule the task, and then verify that the task appears in the Scheduled Tasks window.

Pitfalls:

u  By default, Task Scheduler logs on as the Local System account.  In some cases, this account may not have the appropriate permissions to perform the scheduled task.  Because of this, you must specify an account in the Scheduled Task Wizard.  Verify that the account you specify in the wizard has sufficient rights to perform the task you are scheduling by logging on as that user and running the task manually.

u  You can also schedule tasks by using the AT command.  Both methods can be used to automatically schedule tasks.  However, neither program is aware of the list of the other's list of scheduled programs.  For example, if you schedule a batch file to run every day at midnight in the Scheduled Task Wizard and also with the AT command, the command runs twice.

u  If you chose to schedule the task for any interval other than "one time only", the task continues to run indefinitely.  You must manually delete the task to keep it from running again.

u  The Schedule Task Wizard does not verify the password you type for the user account that the process will run as.  Make sure that you type the correct password.

In order to understand the architecture of WINS, it is first necessary to understand the history behind it: that is, NetBIOS.  NetBIOS started as a high-level programming language interface for PC-DOS applications to IBM PC-Network broadband LANs.  Microsoft used this NetBIOS interface for designing its networking components.  NetBIOS names identify resources and are 16 characters in length.  The NetBIOS name space is flat, meaning that names may only be used once within a network.  These names are registered dynamically when computers boot, services start, or users log on.  NetBIOS names can be registered as unique or as group names.  Unique names have one address associated with a name; group names have more than one address mapped to a name.

All of the NetBT parameters are Registry values located under one of two different subkeys of:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

l  Netbt\Parameters

l  Netbt\Adapters\<Adapter Name>, in which <Adapter Name> refers to the subkey for a network adapter that NetBT is bound to, such as Lance01.

Values under the latter key(s) are specific to each adapter.  If the system is configured with DHCP, then a change in parameters will take effect if the command  ipconfig /renew  is issued in a command shell.  Otherwise, a reboot of the system is required for a change in any of these parameters to take effect.

When you install Windows 2000 to an NTFS partition, part of the set up process is to apply default security settings to the system files and folders located on the boot partition.  If you initially installed Windows 2000 to a FAT or FAT32 partition, and then later used the Convert.exe utility to convert the partition to NTFS, default security settings are not applied.  You may also want to re-apply default NTFS permissions to the system boot partition if you accidentally removed access to parts of the file system necessary for the operating system to function properly.

The following procedure only applies default NTFS security settings to the %Windir% and "Program Files" folders and not the "Documents and Settings" folder.  However, it is possible to create a user defined .inf file that contains custom security settings for additional files and folders and apply them the same way.

To Apply Default NTFS Security to a Windows 2000 NTFS Boot Partition:

1.  Log on to the workstation or server with Administrator rights.

2.  At a Command prompt, type one of the following commands:

l  Windows 2000 Professional:

Secedit /configure /db C:\winnt\temp\temp.mdb /Cfg c:\winnt\inf\defltwk.inf /areas filestore

l  Windows 2000 Server:

Secedit /configure /db c:\winnt\temp\tmp.mdb /Cfg C:\winnt\inf\defltsv.inf /areas filestore

NOTE:  After security permissions are applied, you may receive the following message that it is alright to ignore:

Task is completed. Some files in the configuration are not found on this system so security cannot be set/queried.

See the %windir%\security\logs\scesrv.log file for detailed information.

3.  View the NTFS security settings on the Windows 2000 system files and folders and note that additional security has been applied.

NOTE:  You may also want to re-apply default NTFS permissions to the system boot partition if you accidentally removed access to parts of the file system necessary for the operating system to function properly, however the computer must still be bootable for the preceding procedure to work.

  If the Computer Does Not Start and Generates a STOP 0xC000021A Error Mesage on a Blue Screen 

If the Administrator has modified permissions, rebooted the computer, and now receives an error message on a blue screen, the most likely cause is that the SYSTEM account does not have adequate permissions to provide access to the system files and folders.

To restore access to the boot partition:

1.  Install a new installation of Windows 2000 onto a separate partition or drive.

WARNING:  If you install a new installation of Windows 2000 in the same folder as the existing installation, you will erase the existing installation, including all existing accounts, and so on.

2.  Boot to the new installation of Windows 2000.

3.  Use Windows Explorer to give the "System" account full control of the original volumes root folder and all system files and folders.  You should now be able to boot to the original installation of Windows 2000.

4.  Follow the preceding instructions to restore default NTFS security permissions on your system boot partition.

Windows 2000 includes Security Configuration templates that contain the default settings for NTFS permissions, registry permissions, default user rights, and so on.  These templates are located in the %SystemRoot%\Inf folder, and are named as follows:

u  Defltwk.inf: Windows 2000 Professional

u  Defltsv.inf: Windows 2000 Server/Advanced Server non-domain controller

u  Defltdc.inf: Windows 2000 Server/Advanced Server domain controller

You can use these templates in conjunction with the Security Configuration and Analysis snap-in in Microsoft Management Console (MMC) to restore the default security settings in Windows 2000.  To do so:

1.  Click Start, click Run, type mmc.exe, and then click OK to start MMC.

2.  On the Console menu, click Add/Remove Snap-in.

3.  Click Add, and then double-click the Security Configuration and Analysis snap-in.

4.  Click Close, and then click OK.

5.  Right-click Security Configuration and Analysis, and then click Open Database.

6.  Type a file name to hold the settings you specify.

7.  After you create the database, you must import the appropriate security configuration template.  Right-click Security Configuration and Analysis, and then click Import Template.

NOTE:  If you are restoring the security settings on a Windows 2000-based domain controller, make sure to follow the steps outlined in the following article in the Microsoft Knowledge Base before you import the template:

The Convert.exe utility is supplied with Windows to convert a FAT partition into an NTFS partition.  Use of Convert.exe is straight forward, but there are considerations that should be taken into account before using the utility.

The following limitations should be recognized before converting a FAT partition to NTFS:

u  The conversion is a one-way process.  After a partition has been converted to NTFS, it is not possible to convert the partition back to a FAT partition.  To restore the partition as a FAT partition, the partition would have to be reformatted as FAT (which would erase all data from the partition) and then data can be restored from backup.

u  The system partition of a RISC-based computer cannot be changed to NTFS.  The ARC specification requires that the system partition be FAT.  It is possible to create a small (1 MB) FAT partition for the system partition and install Windows on an NTFS partition (the boot partition).

u  Convert.exe requires a certain amount of free space be present on the drive in order to convert the file system.  For additional information about the amount of free space required for a conversion, click the article number below to view the article in the Microsoft Knowledge Base:

[ The information in this item applies to Windows 2000 Advanced Server and Windows 2000 Server ]

A striped volume (RAID 0) combines areas of free space from multiple hard disks (anywhere between 2 and 32) into one logical volume.  Data that is written to a striped volume is interleaved to all disks at the same time rather than sequentially.  Consequently, disk performance is the fastest on a RAID 0 volume as compared to any other type of disk configuration.  Administrators favor using striped volumes when input/output speed is important.  Any file system can be used on a striped volume including FAT, FAT32, or NTFS.

by Thomas McGuire.  “Much like previous versions of Windows NT, Windows 2000 also uses system Services.  These allow support for other Programs/Hardware, etc. to run correctly.  Or you can configure them to improve system security.  By default Windows 2000 automatically runs many of these services & consumes more memory than it actually may need to for your particular needs, E.g.  If you don't intend to use Task Scheduler or Fax Service, then why waste memory on running them automatically?  In this guide I'll cover what each service does & whether or not you really need it.  Currently this guide is (still) the most comprehensive of it's sort (In terms of content & amount of Services covered).

A Windows 2000-based DHCP client may lose connectivity to local network resources if it is unable to reach a DHCP server at startup.  Windows 2000 behaves differently than does previous versions of Windows when it is unable to find a DHCP server.  The Windows 2000-based DHCP client may use Automatic Private IP Addressing (APIPA) for addressing if it is unable to reach a DHCP server and is also unable to reach its default gateway.  After the APIPA address is enabled, the client loses connectivity to other local network resources.  Previous versions of Windows continue to use the currently leased DHCP address until the lease expires.

To determine whether a Windows 2000-based DHCP client has used APIPA for TCP/IP addressing, type ipconfig at a command prompt, and then press ENTER.  If APIPA was used, the IP address is from the APIPA Class B range of 169.254.0.0 to 169.254.255.255.

The client computer continues to search for a DHCP server and leases its previous address or a new address when a DHCP server becomes available.

To work around this behavior, you can disable APIPA either on the entire computer or on a per-interface basis.  If you choose to disable APIPA, you need to modify the registry.  For additional information about how to do this, click the article number below to view the article in the MS Knowledge Base:

When installing a service pack or hotfix on Windows 2000 you may receive the following error message:

Service Pack Setup Error

Failed to install catalog files

OK

This can occur when the following has been changed:

Option 10, "Only trust items found in the trust DB" of the software publishing state key values has been changed to "TRUE"(default is False).

or

The "Microsoft Root Authority" certificate or the "NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc." certificate under Trusted Root Certification Authorities has been removed.

or

The %SYSTEMROOT%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT file is corrupt.

To resolve the issue if Option 10 has been changed type the following at a Command prompt:

setreg 10 FALSE

To resolve the issue if certificates have been removed do the following:

l  On a machine that has the Microsoft Root Authority certificate installed do the following:

1.  Open Internet Explorer.

2.  Click tools, internet options.

3.  Click the content tab.

4.  Click the Certificates button.

5.  Click the Trusted Root Certification Authorities tab.

6.  Scroll down until you locate Microsoft Root Authority certificate.

7.  Click export.

8.  Follow the prompts to export the certificate to DER encoded Binary x.509(.CER)file

l  On the computer that cannot install the service pack or hotfix import the certificate you saved into the Trusted Root Certification Authorities.

To resolve the corrupted file problem:

1.  Using the EXPAND tool expand:  NT5INF.CA_  to  NT5INF.CAT.

2.  Boot into Safe Mode and replace:  %SYSTEMROOT%\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT  and  %SYSTEMROOT%\system32\dllcache\nt5inf.cat  with the expanded file.

NOTE:  This same issue can appear if the nt5inf.cat file is corrupt. 
The resolution for the issue is to rename the file in the catalog folder as well as the dll cache and then extract it from the SP CD to both locations again.   [Article ID: Q281458]

Copyright © 2001 Mark Russinovich

Introduction

PsSuspend lets you suspend processes on the local or a remote system, which is desirable in cases where a process is consuming a resource (e.g., network, CPU or disk) that you want to allow different processes to use.  Rather than kill the process that's consuming the resource, suspending permits you to let it continue operation at some later point in time.

Installation

Copy PsSuspend onto your executable path and type "pssuspend" with command-line options defined below.  PsSuspend works on NT 4.0, and Win2K.

Usage

Running PsSuspend with a process ID directs it to suspend or resume the process of that ID on the local computer.  If you specify a process name PsSuspend will suspend or resume all processes that have that name.  Specify the -r switch to resume suspended processes.

usage:  pssuspend [-?] [-r] [\\computer [-u username] [-p password]] <process name | process id>

-?                     Displays the supported options.

-r                     Resumes the specified processes specified if they are suspended.

\\computer     Specifies the computer on which the process you want to suspend or resume is executing. The remote computer must be accessible via the NT network neighborhood.

-u username   If you want to suspend a process on a remote system and the account you are executing in does not have administrative privileges on the remote system then you must login as an administrator using this command-line option.  If you do not include the password with the -p option then PsSuspend will prompt you for the password without echoing your input to the display.

-p password  This option lets you specify the login password on the command line so that you can use PsSuspend from batch files.  If you specify an account name and omit the -p option PsSuspend prompts you interactively for a password.

process id       Specifies the process ID of the process you want to suspend or resume.

process name  Specifies the process name of the process or processes you want to suspend or resume.

Microsoft Windows 2000 includes a feature that enables you to have the system stop responding and generate a Memory.dmp file (if configured to do so).  The "Stop" screen that generates contains the following parameters:

*** STOP: 0x000000E2 (0x00000000,0x00000000,0x00000000,0x00000000)

The end-user manually generated the crashdump.

This feature is disabled by default.  To enable this feature, you must edit the registry as indicated below and restart the computer.  After restarting the computer, you can cause a system to stop responding by holding down the right CTRL key and pressing the SCROLL LOCK key twice.  Pressing left CTRL key does not generate the system to stop responding.

(Please note that the steps below will not work on Legacy Free computers, i.e., those that use a USB keyboard.  For those, you must attach a debugger.)

1.  Start the Registry Editor (Regedt32.exe).

2.  Locate the following key in the Registry:

HKLM\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters

3.  On the Edit menu, click Add Value, and then add the following registry value:

Value Name:  CrashOnCtrlScroll
Data Type:  REG_DWORD
Value:  1

4.  Quit the Registry Editor.

How to Select Memory Dump Options

There are three types of memory dumps that can be generated.  Choose the appropriate one before manually triggering the dump.

1.  Right click My Computer, and then click Properties.

2.  Click the Advanced tab, and then click the Startup and Recovery button.

3.  Click Write Debugging Information, and then click to select either:  Complete Memory Dump, Kernel Memory Dump, or Small Memory Dump.

For additional information about memory dump options for Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

... From Active Directory And Security Account Manager.  Windows 2000 Service Pack 2 (SP2) offers compatibility with authentication to previous version of windows, such as Microsoft Windows NT.  The supported authentication methods are LanMan (LM), Windows NT LanMan (NTLM), and NTLM version 2.  The authentication for LM uses a hash of the user's password for authentication.  This hash is typically stored on a Windows computer.  If the security database falls into malicious hands, the passwords could be compromised.  The LM hash is the easiest one to attack.

Microsoft provides a configuration option to disable the storage of the LM hashes.  This facility to remove LM hashes has been tested and is supported with Windows 2000 SP2.

To add this key:

1.  Start the Registry Editor (Regedt32.exe).

2.  Locate and click the following key in the Registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

3.  On the Edit menu, click Add Key, and then add the following Registry key:

Key name:  NoLMHash

4.  Quit the Registry Editor.

5.  Restart the computer to make the setting active.

When this Registry key is set, the LM hash for a user account is not removed until the next time the user changes their password.  Therefore, in addition to setting this key, you must also ensure that all users change their passwords.    [Article ID: Q299656]

The Runas utility is primarily designed to allow Administrators to logon as an ordinary user, but to invoke a seconary logon, without logging off, in order to run Administrative tools with Administrator rights and permissions.

Each Administrator can have an ordinary account and an account that is a member of an Administrators group, or they can all share an Administrators account.  In addition to securing your system against an unintended action, secondary logons prevent a 'Trojan Horse' attack if you were using IE while accessing a non-trusted site.

Ordinary users can also use the Runas functionality, to start programs under different user contexts.  Here are some examples:

Opening a CMD prompt in the local Administrator context --

Start|Run|Runas /user:<ComputerName>\administrator CMD will open a CMD Windows titled <ComputerName>\administrator and prompt for the Administrator's password.  Any command-based programs will run in the <ComputerName>\administrator context.

NOTE:  If you run any program that stores files in the per-user folders, use the /profile switch or they will be stored in the default user profile.

Running a Control Panel Tool in the local Administrator context --

Start|Settings|Control Panel and select the tool with a single left click.  Hold down the SHIFT key and right-click the icon.  Press Runas.  Enter the credentials when prompted.

Starting a shortcut in the local Administrator context --

Hightlight the shortcut, hold down the SHIFT key and right-click the icon.  Press Runas.

NOTE:  You can use this technique on any registered file type, such as running Computer Management with a shortcut to %SystemRootA%\System32\compmgmt.msc.

NOTE:  You can configure a shortcut to always use a secondary logon by opening the Properties page and clicking Run as different user.

Running the Windows Explorer Shell in local Administrator Context --

Start Task Manager and press the Processes tab.  Select Explorer.exe and press End Process and YES. Your desktop will disappear.  Select the Programs tab and press New Task.  Type:

Runas /user:<ComputerName>\administrator explorer.exe

and press OK.  Enter the password.  The desktop will return.  When you are finished using this context, log off and a new Explorer shell in the original context will start.

NOTE:  The Runas Service must be started for Runas to function.

Netsh.exe is a tool an Administrator can use to configure and monitor Windows 2000-based computers at a Command prompt.  With the Netsh.exe tool, you can direct the context commands you enter to the appropriate helper, and the helper then carries out the command.  A helper is a Dynamic Link Library (.dll) file that extends the functionality of the Netsh.exe tool by providing configuration, monitoring, and support for one or more services, utilities, or protocols.  The helper may also be used to extend other helpers.

... For Different Networks.  If you need to plug your laptop into different networks, you can save and restore the appropriate network configuration using the Netsh.exe utility which ships with W2K and XP.  When you have your laptop correctly configured for your office network, you can save the network configuration for later restoration.

netsh -c interface dump > c:\configs\officeinterface.txt

Now lets say you take it home and reconfigure it correctly for you home network.  To save you home network configuration for later use:

netsh -c interface dump > c:\configs\homeinterface.txt

Now you take the laptop back to the office and you need to reconfigure for the office environment:  nic address, wins, gateway address... Use the following command to restore your office network interface:

netsh -f c:\configs\officeinterface.txt

At end of day, you take it home.  To setup for home, run:

netsh -f c:\configs\homeinterface.txt

As you can imagine, this is very valuable if you have get your laptop to function in multiple network locations.

Note that you need to use this procedure only if Windows 2000 did not install an infrared device automatically when you turned on your computer.  To add a new infrared device:

1.  Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Hardware.

2.  In the Welcome to the Add/Remove Hardware Wizard page, click Next.  On the Choose a Hardware Task page, click Add/Troubleshoot a device, and then click Next.

3.  In the Devices box, click Add a new device, and then click Next.

4.  On the Find New Hardware page, click No, I want to select the hardware from a list, and then click Next.

5.  In the Hardware types box, click Infrared devices, and then click Next.

6.  In the Manufacturers box, click the name of the device's manufacturer.  In the Infrared Device box, click the appropriate infrared device that best matches your hardware.

7.  If you have an installation disk for the infrared device, click Have Disk, click Next, and then follow any additional instructions to install the device.

Viewing Infrared Device Properties

There must be an infrared device installed in your computer to use this procedure.  The settings in the infrared device's properties are set automatically when you install a device, and do not typically need to be changed.  To view an infrared device's properties:

1.  Click Start, point to Settings, click Control Panel, and then double-click Wireless Link.

2.  On the Hardware tab, click the infrared device for which you want to view properties, and then click Properties.

Configuring a Serial Port for Infrared Communication

Your computer must support an infrared mode for a serial port.  Use this procedure to install an IrDA transceiver that is provided by the computer manufacturer.  To configure a serial port for infrared communication:

1.  Start the BIOS configuration utility for your computer.  Note that the method for starting the BIOS configuration utility varies from one computer to another.  For many computers, you can start the BIOS configuration utility by pressing a function key that is indicated during the computer startup process.  Some computers require that you start by using special configuration disks.

2.  Under the peripheral or serial port configuration section, change the mode to IrDA or Infrared.

Troubleshooting

Installing an IrDA transceiver disables the serial port.  You should not attach a serial IrDA transceiver to a serial port.    [Article ID: Q302011]

The Chkntfs.exe utility has been developed by Microsoft and is available in Microsoft Windows NT 4.0 Service Pack 2 and later versions of Windows.  It is designed to disable the automatic running of Chkdsk on specific volumes, when Windows restarts from an improper shutdown.  Chkntfs can also be used to unschedule a Chkdsk if Chkdsk /f was used to schedule a Chkdsk on an active volume on the next system restart.

Ipconfig.exe is a command-line tool you can use to renew and release leases obtained from a Dynamic Host Configuration Protocol (DHCP) server, and to display your IP settings.

The syntax for Ipconfig.exe is:

ipconfig [/? | /all | /release [adapter] | /renew [adapter] | /flushdns | /registerdns]

Parameter      Description                                      

/?             Display this help message

/all           Display full configuration information

/release       Release the IP address for the specified adapter

/renew         Renew the IP address for the specified adapter

/flushdns      Purge the DNS resolver cache

/registerdns   Refresh all DHCP leases and re-register DNS names

/displaydns    Display the contents of the DNS resolver cache