 |
|
 |
|
|
|||
|
  |
|||||||
 |
||||||||
|
|
Tech Tips for Network AdministratorsTerminal Server Session in Multi-Monitor Setups (3/08)If you are having issues using the real estate of multiple monitors within a single terminal session (so that the session spans all monitors) you are not alone. Normally Terminal Server sessions only fill a single monitor, even in multi-monitor. The latest version (6.0) of the Remote Desktop Client offers a solution.Remote Desktop Connection supports high-resolution displays that can be spanned across multiple monitors. However, the total resolution on all monitors must be under 4096 x 2048 pixels. The monitors must have the same resolution and be aligned side-by-side. To have the desktop of the remote computer span multiple monitors, type mstsc /span at a command prompt or the run box. The remote desktop address window will then pop up as usual, but once you connect the session it will span both monitors. Dell Server Naming Conventions (2/08)Dell is changing how they’re naming their servers in 2008 as part of an effort to give their naming convention more consistency across their product line.It breaks down like this:
So for example, a R200 means that it’s a rack configured server, family type 2, 10th generation, with Intel processor. Follow the Bouncing Email (1/08)As the volume of email increases, so does the number of emails being bounced, or returned to the sender without being delivered. Other terms that mean the same thing include Non-Delivery Report/Receipt (NDR) and Non-Delivery Notification (NDN). In plain English – the email is returned to the sender without being delivered – and there can be a wide variety of reasons. Interpreting these messages can be difficult, so we thought we would offer some pointers.More often than not, you’ll get a very un-user friendly message, such as the one below:
(Note: The bounce above - both examples - is caused by sending to an email address that does not exist.) Whatever the tone of the notice, there are two major issues to consider: Hard vs. Soft ErrorsA soft bounce is an email message that gets as far as the recipient's mail server but is bounced back undelivered before it gets to the intended recipient. Causes include the recipient's mailbox being full, the recipient’s mail server is too busy, the message being sent is too large and is being rejected by a policy on the recipient’s server, and blacklist (the message to the recipient is seen as spam due to blacklisting of the sending server and/or content filtering by the recipient’s server). Most email providers will repeatedly try to re-send a message for a few days – after that if they still cannot deliver the message it becomes a hard bounce. The major thing to remember with a soft bounce is that it is deemed as temporary – due to conditions that could change – and the message may eventually make it through.Another common non-delivery message is one that implies a delay in delivery rather than the email not delivered. Email servers have built in functionality to be somewhat self-correcting. A general rule of thumb if a user gets a message of this nature is to have them try to resend in an hour. If it does not get through, and it is possible to wait, try again the next day. If they still cannot get the message through, and it is still possible to wait, try again in one week. If it delays at that point, then the user should look at a different way to get the information to the recipient. A hard bounce means the sender’s mail server could not send the email. An email falls into the hard bounce category when there is no such recipient, an inactive email address, or an invalid domain. The most common example of a hard bounce is when the recipient simply doesn’t exist. When a hard bounce occurs the sender needs to try something else since the mail system will not perform any re-sends as it will with a soft bounce. Sender’s Problem or Recipient’s Problem?“Fault” can be difficult to determine. The easy ones include User unknown, Host unknown (domain doesn’t exist), Mailbox full, Invalid Mailbox. These clearly tell the sender that there is a problem on the recipient’s end – although the problem is often that the sender has typed the email address incorrectly! If the message is identified as spam, it may be that the sender’s organization (or ISP or spam filtering service has been tagged as a spammer (rightly or wrongly).Other non-delivery messages are a bit more vague. A very common message is “Unable to relay”. Even though there are multiple possible reasons for this type of message, we are seeing more and more of these due to anti-spam methodology being implemented by ISPs. These algorithms will perform “reverse lookups” of the address sending the email (that is, the mail system looks up the name attached to the sender’s IP address, and the checks the IP address if that name, and they must match or the email is rejected) or check to make sure the “From” address matches an account on the email server or require you to authenticate before sending the email (authentication requires that the sender submit to some sort of query or test before they are allowed to send email) . Some ISP’s will even require that emails come from a specific connection provided by that ISP. Generally, for this type of error, you would want to check your SMTP and relay settings if this is happening on more than one email. If everything checks out, you would need input from the recipient’s email provider on the reason for the relay error. One final note is to be on the lookout for bounce messages that are not really bounced emails. This is when a user will report a non-delivery message for either a) an email they are sure they did not send or b) to an email address they know nothing about. These non-delivery messages are caused by a virus that has infected the PC of someone that has your user’s email address in their address book. The virus propagates itself by sending emails from the infected PC with the “From” address “spoofed” or disguised by substituting email addresses from the infected PC’s email address book. There will be an attachment with this type of message that contains the virus. This is when it is important to educate your users to NOT open attachments from any unknown source. If they get a non-delivery for an email they did not send or to someone they do not know they should immediately delete the message and NOT open any attachments. Password Construction Schemes (12/07)Passwords are the bane of both Network Administrators (getting users to use strong passwords, change them regularly and remember them!) and End Users (having to use strong passwords, change them regularly and remember them!)Password construction schemes are formulas that let you easily remember and change a password. For example, this could be the year you graduated from college (1985), your weight at that time (175), your then-girlfriend’s initials (CJD) and the current month and year (1207). Using this scheme your password would be: 1985175CJD1207 – this monthly rotation would be good for years. Another example would be using the first letters of a sentence such as “I had a blast in Florida in 1992” followed by your age (35) and the current month (12): IhabiFi19923512 - this monthly rotation would be good for years, also. Note: depending on rules in place, you may also substitute special characters for letters (for example, @ for a) or encase the sentence in a special character such as “&” - yielding: &Ih@biFi19923512& Passwords are important and if you can get your staff using them in a responsible (and reliable) manner your overall network security will be much improved! Outlook 2007 and SharePoint Services 3.0 – Sync Document Libraries (11/07)SharePoint Services helps your company to collaborate more effectively, share information and use storage space move efficiently. And it’s free with Windows Server – so if you’re not using it, why not?Synching Document Libraries lets you access your SharePoint documents from Outlook and synchronize the version on your SharePoint site with your changes automatically. From Outlook, you can:
To sync a Document Library:
If you’d like to upgrade to Outlook 2007 or start using SharePoint Services just let us know – email Sales@BEInetworks.com or call 703-528-8300 x2. Daylight Savings Time, Fall Edition! (10/07)As most of you will remember from back in March, the start and end dates of the Daylight Savings Time were changed by the passing of the U.S. Energy Policy Act of 2005. This law extends DST by approximately four weeks, starting three weeks earlier and ending one week later. For 2007, this means that it started on March 11 and ends on November 4th. If you made all the necessary patch changes back in February/March you don’t need to do anything for the change in November.We do suggest, however, that prior to November 4th, you have your end users complete two steps that will help ease any potential issues:
Microsoft has two tools published which will help with the process of performing the upgrades if they were not done in February/March. The first is a wizard that helps guide you through which updates are needed. It can be found at http://support.microsoft.com/gp/cp_dst. The second tool is a Knowledge Base Article on the DST changes, including recommendations which will help maximize the accuracy of the updates. This section alone is crucial to read. This article can be found at: http://support.microsoft.com/gp/dst_topissues. If you have any questions or concerns about this process, please do not hesitate to contact our Service desk at 703-528-8300 x1 or service@beinetworks.com. Compatibility with Office 2007 Documents (9/07)We love Office 2007 but many of the people we communicate with (client, partners and vendors) are not using it yet. Additionally, remembering to save documents in the “old” format (.doc for 2003) doesn’t always happen or if it does we find that Office 2007 dramatically inflates the file size making it hard to email to others! Another way to accommodate exchanging Office 2007 documents with users of Office 2000, XP or 2003 is to utilize the Office Compatibility Pack for Office 2007. This enables Office 2000, XP and 2003 users to open, edit, and save documents, workbooks, and presentations that have been saved in the file formats new to Microsoft Office Word, Excel, and PowerPoint 2007. To download the Compatibility Pack: For more information about installing the Compatibility Pack go to http://support.microsoft.com/kb/924074. Using Mailbox Manager (7/07)Microsoft Exchange Mailbox Manager can help the network administrator manage their organization’s email store by setting recipient policies. These policies include age and size limits for messages, and when these limits are exceeded the messages are processed according to the Mailbox Manager policies that have been set. These policies can be applied to all Exchange users, a subset of users, or individual mailboxes.There is no default policy that enforces age or size limits for messages. However, when you create the first policy, there are default limits of 30 days and 1,024 kilobytes (KB) applied to every folder in a mailbox. A message must exceed both limits before Mailbox Manager processes it. Under the default settings, a 500 Kb message will never be processed, regardless of how old it is. Before running Mailbox Manager, start the mailbox management process on the server object in Exchange System Manager using the Mailbox Management tab of the Properties dialog box for the server object.
You can use the same limits for every folder that the mailbox recipient policy applies to, or set custom limits on a folder-by-folder basis. Each folder must be configured individually if its limits differ from the default limits. For example, you may set a policy on the Deleted Items folder to remove everything older than 90 days regardless of size while at the same time removing every item from the Sent Items folder older than 180 days and larger than 50Kb. Manage Printers - New Group Policy Features in Windows Server 2003 R2 (6/07)The Print Management Component will help you centrally manage printers and let you deploy printers using Group Policy - so that users can take their printer settings with them as they move from desktop to desktop.To summarize the steps:
For details on this process go to: Address List and EAP Filter Upgrades with Exchange Server 2007 (5/07)Exchange 2007 uses a new style of filter syntax to replace the LDAP (Lightweight Directory Access Protocol) filters of previous versions. Any Address Lists or Email Address Policy Objects that were in place must be upgraded to the new style as part of your Exchange 2007 upgrade. If you do not upgrade to the new Syntax used in Exchange 2007, policies will still work – you just won’t be able to modify them once they are brought into Exchange 2007. The effort to make the change will pay off later – enabling you to make modifications and not start from scratch as you work with Address Lists and Email Address Policies.Upgrading default, built-in objects (i.e. All Users) is much more straightforward than custom objects (i.e. InHouseSales.) This article addresses default, built-in objects. There is only one default EAP – usually called “Default Policy” and it can be identified because it has the lowest priority. Any easy way to confirm that you need to upgrade this policy is to try and edit it using the Exchange 2007 GUI- you will get an error message if it is not compatible. This Exchange 2007 of this default EAP is: Set-EmailAddressPolicy "Default Policy" –IncludedRecipients AllRecipients When you run this filter you will be asked to confirm that you really want to do it, because once you do you will not be able to edit your policy in Exchange 2003. Note that there is also a “Force Upgrade” option – use this with caution as you will not see any warnings and may end up with upgrades that cannot be edited in Exchange 23007.For more details on Address List and EAP filter upgrades with Exchange Server 2007 refer to http://msexchangeteam.com/archive/2007/01/11/432158.aspx. File Server Resource Management (FSRM) – Restrict File Types (4/07)Included in Windows 2003 R2, File Server Resource Manager (FSRM) enables file-type enforcement based on file extensions. It is a suite of tools that allows administrators to understand, control, and manage the quantity and type of data stored on their servers. By using FSRM, administrators can place quotas on folders and volumes, actively screen files, and generate comprehensive storage reports. This set of advanced instruments not only helps an administrator efficiently monitor existing storage resources but it also aids in the planning and implementation of future policy changes.One interesting feature of FSRM is file screening. File screening checks the file extension and the policies that are in place and takes action based on the type of file and the pre-defined policies. With this you can you can perform the following tasks:
An active file screen actually stops the banned file—in real time—from being written; a passive screen allows the writing of the file but will perform a particular action that has been defined. For a given file screen, the Network Administrator can define a comprehensive set of actions to be performed in the event of an offense. These actions include sending an email message to the user or administrator, creating an event log, creating a report that shows how a certain user is using disk space, or a custom action. Sending an email is a big addition to the "Access Denied" message that a user receives when they try to store a file and permission is denied. Without an explanatory email, users often think there is an error and their next step is calling the Help Desk! Templates can be created making it much easier to develop and implement File Screens. File Screens can also include exceptions – for example, perhaps a user cannot store music files unless they are in a specific folder (i.e. My Music.) For more details: Get Control of File System Resources with Windows Server 2003 R2 http://www.microsoft.com/technet/technetmag/issues/2006/05/GetControl/default.aspx. Note: if a user tries to get around the system by renaming a file with a different extension (for example, changing the file extension from .mp3 to .doc) they will be allowed to store the file. The purpose is to stop the accidental offender, not the serious infringer! Security and Group Policies with Terminal Server or Citrix (3/07)A common issue for network administrators is creating security policies that apply to users only when those users are in Terminal Server or Citrix sessions. Different security policies often apply when users are at their desktop in the office. Microsoft has created a Loopback Processing Policy that allows you to create individual GPO's (Group Policy Object) for Terminal Server or Citrix Server and assign the GPO's to security groups.
Note: Remember if you keep Authenticated Users in the security filter, the policy will apply to the administrator account as well. Daylight Savings Time – Watch out for 2007! (2/07)As you may already know, starting in 2007 Daylight Saving Time (DST) was extended by approximately four weeks. In compliance with this provision, Daylight Savings Time dates in the United States and Canada will start three weeks earlier (2:00 A.M. on the second Sunday in March) and will end one week later (2:00 A.M. on the first Sunday in November). (Just as a note, in 2008, Daylight Savings Time begins on March 9 and ends on November 2. In 2009, Daylight Savings Time begins on March 8 and ends on November 1.) Unfortunately, existing Microsoft server and workstation operating systems and calendaring applications only know about the former DST dates. Therefore, without updates and corrections to your servers and workstations/laptops, any calendar items that fall within the new portion of the DST window will be off by 1 hour. In order to update your computers and servers to accommodate this change, Microsoft has released a series of patches and tools to make these adjustments. The process involves:
It would be to everyone's benefit if the first three steps of the process happen as soon as possible. Any Outlook calendar items entered after the workstations/laptops are updated will correctly adjust for the new DST. The amount of time these updates will take will depend on the number of workstations/laptops involved and the number of servers involved. In addition, the server and Exchange must be FULLY updated, which includes Service Packs. If you need Service Packs installed first, this could increase the time to perform these actions by several hours (for instance, the Exchange updates to go to Service Pack 2 could take around two full hours alone.) To correct existing calendar items or calendar items entered before steps 1-3 are performed, Microsoft has released two separate tools, one to run on your Exchange server and one to run on each workstation/laptop. The process involves running one or the other as there are pros and cons with each option. We can discuss these options with you further. Please contact the BEI office at mailto:service@beinetworks.com or 703-528-8300, option 1 if you would have any questions about the Daylight Savings Time issue. Clear Outlook Name Cache - Part 2 (1/07)Last month this column reviewed how to delete the entire Outlook Name Cache and start over (Tech Tip December ’06.) One of our Network Engineers mentioned that often you only need to delete a name or two that are incorrect and causing problems. For example, someone’s email address may have changed and you’d like the old one to stop popping up to avoid mistakes. To delete one or more names individually:
Clear Outlook Name Cache (12/06)Microsoft Outlook creates a nickname list that is used for name checking and auto completion. The nickname list can become corrupted and when it does Outlook may not identify recipients, may suggest the wrong recipients with automatic completion or it might just send the message to the wrong person!
Remotely Enable Remote Desktop (11/06)Need to establish an RDP connection to a system but Remote Desktop has not been enabled? As long as you can access the remote machine's registry you can make the changes to allow access.
"Old" Versions of Software (10/06)Older versions of software can be very helpful, especially when new features are introduced that you'd rather do without. We often use http://www.oldversion.com/. Older versions of AOL Instant Messaging are particularly helpful (when a client has to have it!) because version prior to 5.5 does not include "Viewpoint" (Viewpoint introduced video capabilities and has the potential for introducing significant spyware. We often have to roll back a user's IM to a version prior to 5.5 to get rid of the spyware issues of Viewpoint.MSCONFIG (9/06)MSCONFIG is a Microsoft utility that allows you to see which programs are interacting with your computer when it boots up. You can turn them on or off simply by selecting checkboxes on the configuration pages within MSCONFIG. Note that you must be logged on as an Administrator or be a member of an Administrative group in order to run this utility.To run MS CONFIG:
Process Explorer Utility (10/06)SysInternals offers the Process Explorer utility, a great tool that provides detailed information about processes running on a system. The utility is available from http://www.sysinternals.com/Utilities/ProcessExplorer.html Once downloaded, extract SysInternals to a folder of your choice. Run the procexp.exe image and a default view will open showing all the processes running on the system. Selecting "Show Lower Pane" from the view menu lets you view detailed information about the selected process, such as open files, registry keys, or threads. Is Your Hardware Ready for Microsoft Vista? (6/06)As you purchase new desktops over the next few months, you should pay attention to the requirements of Microsoft's new operating system, Vista. Vista will be available to businesses in late '06 and for consumers in early '07.Vista Premium includes additional features, including Windows Aero, the new user interface that includes glass-like elements so you can actually see through windows on the screen, live taskbar thumbnails, and the ability to quickly flip through a series of windows. The table below summarizes the hardware requirements. For more details see http://www.microsoft.com/windowsvista/getready/capable.mspx.
Note that a system meeting the minimum system requirements will be able to run just the core features of Windows Vista with the basic user experience. Higher-end features available in specific premium editions of Windows Vista, such as the Aero user interface and the ability to watch and record live TV, may require additional hardware such as is listed in the Vista Premium Requirements. To determine whether or not your current PC will run Windows Vista, go to http://www.microsoft.com/windowsvista/getready/upgradeadvisor/default.mspx and run the Windows Vista Upgrade Advisor. Some of us at BEI have been testing the Vista operating system and the soon-to-be-released 2007 Office (both of which are available as a Beta 2 programs.) In upcoming newsletters we'll give you some feedback about what we're finding in these two major product releases from Microsoft. Enabling "Send As" Functionality for a User in Microsoft Exchange Server (5/06)You can give users a true "Send As" ability, in which the recipient will think the message came from the mailbox owner rather than the person who actually sent the message. This is useful when someone is authorized to act on someone else's behalf, such as an administrative assistant or when someone is unavailable but has given another party authority to act on their behalf. To grant true Send As functionality, perform these steps:
Note: You can also grant users a "send on behalf of" ability so that the receiver of a message will see the message is from on behalf of the person who wanted the message sent. Using Distribution Lists in Outlook (5/06)Distribution lists can be very helpful when you need to email specific groups of people repeatedly. For example, you may have a list of people who are all involved in a specific project, people in a specific department, or just friends you tend to communicate with at the same time. There are distribution groups that are part of the Global Address List - these must be setup by a Network Administrator on the Exchange Server. However, each end user can set up their own distribution lists in several different ways.To use names in your address book to develop a distribution list:
To take a distribution list from names in an email:
To send to only part of a distribution list:
Use Flags to Organize Your Inbox (4/06)As you're going through your mail in the morning (or any time of day) you often see something that needs attention – sometimes within the next hour, sometimes in the next few days. Using a color coded flag can help you remember to follow up. Emails can also be sorted by flag color, enabling you to prioritize or categorize using flags.To make the flag column visible:
For details on search folders, see an article in our June '05 Newsletter http://www.beinetworks.com/pubs/beinetworks/Tech_Tips_for_End_.cfm#EU6.05. Hiding Files and Folders: Access-Based Enumeration (4/06)Until Windows Server SP1 and R2, it has not been possible to hide shared files/folders from users who do not have permission to view them. So, even though you might only be allowed to see your home folder and the Marketing folder, you'll still see all the other users' folders, and the Accounting folder, the Engineering folder, and so on. Some of us might say who cares! But – it is both a security issue (sometimes you really don't want people to know that certain information exists) and a usability issue (it can be just plain confusing to see all those folders.) The code to hide the files/folders is in SP1 and R2 but must be turned on – you can download this tool from Microsoft. For more details on this feature go to: http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx, or give us a call and we'd be glad help you to set it up. Exchange Database Defrag When Local Space is an Issue (3/06)If you are running out of space for your Exchange database and need to run a defragmentation, things get even tougher if you don't have enough local space to run the defrag (the defrag process requires some free space to store temporary files and such while it's working). You can use the /t switch with the Exchange Eseutil utility to specify a local or remote location as the temporary folder to be used for the database to be defragmented. Using a remote location might slow down the process, but still might be the best choice. In the example below, the X drive is specified, which maps to a network path (or you can use a UNC path), and a temporary file name for the database. C:\Program Files\Exchsrvr\bin>eseutil /d "c:\program files\exchsrvr\mdbdata\priv1.edb" /tx:\tempdfrg.edb Windows Print Migrator (2/06)Microsoft has released the latest version of the Windows Print Migrator tool. This tool lets you easily migrate printers and printer shares between Windows-based servers. You can download Windows Print Migrator 3.1 at http://www.microsoft.com/downloads/details.aspx?familyid=9B9F2925-CBC9-44DA-B2C9-FFDBC46B0B17&displaylang=en.Accessibility Options Can Tailor the End-User Experience (1/06)Accessibility Options (Start > Control Panel > Accessibility Options) are intended to accommodate users with different levels of physical capabilities. Many of these options can be useful in a variety of situations. Some examples are given below:
Exploring the Accessibility Options will yield many other methods of customization that may be useful to your users. Using the Windows Key (11/05)Have you wondered about that funny key in the bottom row of your Microsoft? It can help you by performing a number of functions:
Using the “Whoami” Command (10/05)The “Whoami” command can be very useful in determining who is logged into a particular session on a computer as well as their user characteristics. “Whoami” is a Microsoft Resources Kit utility and can be found at: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/whoami-o.asp. The utility should be downloaded and installed to your C:\Windows\System32 folder. Then, using the command line (START>RUN, type CMD) launch the utility.
Whoami can be used with various operators to determine what information is returned. For example, Whoami Identifies the user as well as their domain (BASEDOMAIN\Domain Users) Whoami /groups Identifies group membership for the current account such as: Whoami /help Provides a list of available command options Common Veritas Exec Backup Failures and their Solutions (9/05)Occasionally you may get an email message that your network backup “failed” or was “unsuccessful.” Following are some of the more common causes of these messages and what you can do to fix them. Note that often when you get these messages most of your data has been successfully backed up except for one or two files or directories. You can verify this by comparing the amount of data (“byte count”) of the failed or unsuccessful job with a successful job. If they are substantially the same then you know that the backup was “almost completely” successful – the error is usually caused by one of the conditions described below.
Directory not foundIf you’re performing brick-level, or individual mailbox backups, on your Exchange server using Veritas you may see the following message in your backup log:
Backup - \\severname\Microsoft Exchange Mailboxes This is often caused by a disabled user account. When you disable a user the backup software is unable to access the user’s mailbox. There are a few ways to clear this error:
Open FilesA file that is open during the backup window can cause a job to fail if you don’t have the Open File Option (OFO) with BackupExec. These files are frequently .pst files (files used by Microsoft Outlook to store mail that is not already part of another database, i.e. Microsoft Exchange.) The root cause of these files being open depends on your environment, but the short answer is almost always that someone has left their Outlook running during the time period when the backup was scheduled to run. The easiest (but unfortunately most expensive) way to resolve this error is to purchase OFO. If the preservation of your .pst files doesn’t warrant the expenditure you have a few options:
Corrupt MailCorrupt Mail usually results in an error messages such as:Backup- D: WARNING: "D:\OutlookArchives\foldername\“Archives.pst” is a corrupt file. This file cannot verify. There are two approaches to resolving this problem:
Restore a Lost Show Desktop Icon (8/05)The Show Desktop icon in the Quick Launch toolbar isn't a normal shortcut. If a user accidentally deletes it you can't recreate it the way you would a shortcut to a program. Instead, launch Notepad and type these lines:ADVERTISEMENT [Shell] Save the file with the name Show Desktop.scf in the folder C:\Documents and Settings\username\Application Data\ Microsoft\Internet Explorer\Quick Launch, where username is replaced by your actual user account name. The desktop icon will reappear on your Quick Launch Toolbar. Open a Command Prompt Window via Internet Explorer (7/05)If you’re often opening a command prompt window and tired of clicking on Start>Run and typing in CMD, there is a nice little utility from Microsoft that adds a context menu item “CMD Prompt Here” whenever you right-click on a folder in Windows Explorer. This utility, called Command Here or Cmdhere.inf, is found in the Windows Server 2003 Resource Kit (it was also in the NT 4.0 Resource Kit). This Resource Kit can be installed on any Windows XP or Server 2003 machine and can be downloaded for free.
Connecting Two Computers Using a Cross-over Cable (6/05)Have you ever wanted a simple way to connect two computers so you could transfer files from one to the other (without the hassle of adding both computers to your network domain)? Using a cross-over cable, you can connect the computers quickly and easily. Here’s how to do it:
Adding a New User in Microsoft Small Business Server 2003 (5/05)
How to Synchronize Network Time with National Time Standard (4/05)The ability to keep accurate time has become increasingly important as organizations use the internet for services such as online banking and other critical communication. Clocks in different locations must be accurate so that transactions and other records are consistent and correct. (One obvious example of an issue that could result from inaccurate network clocks is money being credited to one account before being withdrawn from another.)Windows Time Service uses the Network Time Protocol (NTP) to help synchronize time across a network. NTP is more accurate than the Simple Network Time Protocol (SNTP) that is used in older versions of Windows. W32Time is the Windows Time Synchronization service that uses the internet to connect to a reliable time source. W32Time continues to support SNTP to enable backward compatibility with computers running SNTP-based time services, such as Windows 2000. A network can be synchronized with an internal or external time source – the National Institute of Science and Technology (NIST) maintains time servers that are available for synchronization. To set the W32Time to use the NIST time service for synchronization on Windows Server 2000: On the primary domain controller, stop W32Time:
To confirm synchronization:
To complete synchronization:
To restart the W32time service:
To set the W32Time to use the NIST time service for synchronization on Windows Server 2003:
For more information on Windows Time Service and Network Clock Synchronization, see: - A List of the Simple Network Time Protocol Time Servers That Are Available on the Internet - Synchronizing Your Computer Clock - Set Your Computer Clock Via the Internet - NIST Internet Time Service (ITS) Upgrading to Windows XP - Conversion Table(3/05)
How to Mark USB Storage Devices as Read-Only (Windows XP only)This tip is for network administrators who are concerned about the ease with which users can copy data onto portable USB devices. If you have this concern but do not feel able to implement the procedure below, let us know and we will either help you or do it for you.)**Important! This procedure involves editing the registry. Before you modify the registry, back up the registry and make sure that you understand how to restore the registry if a problem occurs. For additional information about backing up and restoring the registry, view the following article in the Microsoft Knowledge Base: How to back up, edit, and restore the registry in Windows XP and Windows Server 2003: http://support.microsoft.com/kb/322756 Windows XP Service Pack 2 (SP2) introduces a new registry subkey which provides the ability to set a registry key that will prevent write operations to USB block storage devices, such as memory sticks and USB hard drives. When this registry key is enabled, the USB devices function only as read-only devices. You can implement this setting as part of a security strategy to prevent users from transporting data offsite using these devices. To enable the USB write protection, perform the following steps on the machine you want to implement this on:
To disable this change, you can either set WriteProtect to 0 or delete the DWORD value you just created.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ©2008 Business Engineering, Inc. |
|