Some Windows 2000 Tips

[infamousalbo101]

i still gotta organize everything but this is some of it

The Windows 2000 Boot Procedure

Before we talk about specific troubleshooting steps, it will help you to see what happens when Windows 2000 first starts.
The Windows 2000 boot sequence is very similar to the way in which Windows NT boots, but it is quite different from the way in which both Windows 95 and Windows 98 boot. The latter two use Io.sys, Msdos.sys, Config.sys, and Autoexec.bat, which are not used in the Windows 2000 boot process.
The BIOS (basic input/output system) is in charge when you first apply power to your computer. Typically, it first conducts a power-on self-test, and it then loads some of the most basic drivers for essential equipment, such as your video card and disk drives. The BIOS then gives the command to run the program on the boot sector of your start-up drive.

Most computers are set up so that the BIOS first looks to the floppy drive -- drive A: -- for system files with which to boot, and it then looks to your system drive -- usually your C: drive. This is a safety measure. If your hard drive has malfunctioned, you can still boot the computer by inserting a boot diskette into the floppy drive. It is also the reason why you will see an error message "Non-system or disk error" if you have a non-bootable floppy in the drive when you turn on your computer.
The first file in the boot sequence is Ntldr (NT Loader), a hidden system file located in the root directory of your hard drive. Ntlrstarts the initial boot loading phase, and carries out a couple of jobs: it switches the microprocessor into 32-bit flat memory mode, and it then starts the minifile system drivers built-in to Ntldr, which are used to find the Windows 2000 files from their location on the hard drive.
Next, Ntldr looks for the Boot.ini file, which is what provides the text menu that asks which operating system you wish to load. Boot.ini is actually a small text file in the root directory of your hard drive.



A typical Boot.ini file used on a single-boot system

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect

If you had a dual-boot system prior to installing Windows 2000, additional entries would be listed here from which you could choose the operating system you wanted to load. On dual-boot systems, one operating system is always designated as the default. If you don't make a choice before the timeout period expires, the default operating system is loaded.
After Ntldr completes its required processes, Ntdetect begins looking for installed hardware. It creates a list of all the currently installed hardware and sends this information to Ntldr so that Ntldr can open the Registry. Some of the hardware detected by Ntdetect includes: the installed bus and adapter types; the number and type of installed communications and parallel ports; the floating-point processor type; the number of installed floppy disk drives; the number of installed hard disk drives; the type of keyboard installed; the number and type of attached pointing devices; the type of video adapter installed; and, the number and type of SCSI (small computer system interface) adapters that are installed.

If you have different hardware profiles established on your computer (see Chapter 14 for information on creating hardware profiles), you will then see a menu from which you can choose which profile you wish to load. Otherwise, the default profile will be loaded. After all the hardware detection and setup is complete, Ntoskrnl then takes over.
It is only when you reach the log on screen -- where you enter your user name and password -- that your user profile is loaded. That means that any customized settings, such as a left-handed mouse configuration, are available only after you log on.

[infamousalbo101]

Checking driver signatures



Step 1.Click Start > Settings > Control Panel.

Step 2.Select Administrative Tools, and then select Computer Management.

Step 3.Expand System Tools in the console tree in the left pane, and then
select Device Manager.

Step 4.You must select a device category in the right pane, such as Sound,
Video, and Game Controllers, and then expand it by clicking the plus sign to its left.

Step 5.Right-click one of the devices shown, such as your sound card, and then select Properties.

Step 6.Select the Drivers tab. You should see the name of the provider of the driver, it's the driver's version number and date, and the source of the driver's digital signature, as shown in Figure 5-2.


System file protection


A major cause of incompatibility and crashes is something affectionately referred to as DLL Hell. Symptoms of this anomaly are that an application might overwrite files with a similar name belonging to other applications. Often, these are dynamic link library (DLL) files that get placed in the C:\Winnt\System32 folder during an application's installation.
As a way to protect the files that are installed by Windows 2000 and other applications, Microsoft developed a process called system file protection, which is a background process that monitors whether any of the system files are replaced or moved. System file protection prevents these files from being overwritten except under the following circumstances:

* Installation of a Windows 2000 Service Pack.
* Installation of a Windows 2000 Hot fix.
* Installation of a Windows 2000 upgrade using Winnt32.exe.
* Updates using the built-in Windows Update feature.

Protected System files are backed up each time you perform a System State backup. A command prompt utility called System File Checker (Sfc.exe) is also available that will scan and verify all of your protected system files. If it finds that one of your protected system files has been overwritten, it will retrieve a copy from the C:\%systemroot%\system32\dllcache folder. To use the System File Checker, click Start > Programs > Command Prompt, and type the following command into the Open text box:

c:\sfc {options}

System File Checker Options



Option Description
/scannow Runs System File Checker immediately.
/scanonce Runs System File Checker only once -- the next time the system is booted.
/scanboot Runs System File Checker each time the system is booted.
/cancel Cancels all scheduled future scans.
/quiet Runs the scan in quiet mode, without any prompts.
/purgecache Purges the file cache and performs an immediate scan.
/enable Turns on Windows File Protection during normal operation.
/cachesize=num Sets the file cache size equal to the value in num.

Copyright 2000 Brian Livingston and Bruce Brown

[infamousalbo101]

Using the Emergency Repair Disk


Step 1.Start your computer using the four Windows 2000 Setup disks.

Step 2.A number of files will be copied to your computer. When the copying is complete, your computer will restart.

Step 3.When you see the "Welcome to Setup" screen, press the letter R on your keyboard.

Step 4.You will be given a choice of either Manual Repair or Fast Repair. It's best to choose Manual Repair at this stage. The Fast Repair option will erase a lot of configuration information because sit restores the first complete set of Registry files that were created after a successful Windows 2000 installation.

Step 5.Follow the prompts to insert your Emergency Repair Disk in drive A:, and then press the letter L on your keyboard to locate Windows 2000.

Step 6.Follow any additional prompts. The Manual Repair installation can verify your files from the original Windows 2000 CD-ROM while it performs the repair process.

Any configuration changes made after you last created an Emergency Repair Disk will be lost -- replaced by the original Windows 2000 files.

[nikita69]

HOW TO TWEAK THE REGISTRY SETTINGS FOR MAXIMUM PROTECTION FROM NETWORK ATTACK

The following registry settings will help to increase the resistance of the NT or Windows 2000 network stack to network denial of service attacks. All of the TCP/IP parameters are registry values located under the registry key:

HKEY_LOCAL_MACHINE
\SYSTEM
\CurrentControlSet
\Services:
\Tcpip
\Parameters

1. SynAttackProtect
   1. Key: Tcpip\Parameters
   2. Value Type: REG_DWORD
   3. Valid Range: 0, 1, 2
      0 (no synattack protection)
      1 (reduced retransmission retries and delayed RCE (route cache entry) creation if the TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are satisfied.)
      2 (in addition to 1 a delayed indication to Winsock is made.)
      Note: When the system finds itself under attack the following options on any socket can no longer be enabled : Scalable windows (RFC 1323) and per adapter configured TCP parameters (Initial RTT, window size). This is because when protection is functioning the route cache entry is not queried before the SYN-ACK is sent and the Winsock options are not available at this stage of the connection.
   4. Default: 0 (False)
   5. Recommendation: 2
   6. Description: Synattack protection involves reducing the amount of retransmissions for the SYN-ACKS, which will reduce the time for which resources have to remain allocated. The allocation of route cache entry resources is delayed until a connection is made. If synattackprotect = 2, then the connection indication to AFD is delayed until the three-way handshake is completed. Also note that the actions taken by the protection mechanism only occur if TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are exceeded
2. TcpMaxHalfOpen
   1. Key: Tcpip\Parameters
   2. Value Type: REG_DWORD—Number
   3. Valid Range: 100–0xFFFF
   4. Default: 100 (Professional, Server), 500 (advanced server)
   5. Recommendation: default
   6. Description: This parameter controls the number of connections in the SYN-RCVD state allowed before SYN-ATTACK protection begins to operate. If SynAttackProtect is set to 1, ensure that this value is lower than the AFD listen backlog on the port you want to protect(see Backlog Parameters for more information) . See the SynAttackProtect parameter for more details
3. TcpMaxHalfOpenRetried
   1. Key: Tcpip\Parameters
   2. Value Type: REG_DWORD—Number
   3. Valid Range: 80–0xFFFF
   4. Default: 80 (Professional, Server), 400 (Advanced Server)
   5. Recommendation: default
   6. Description: This parameter controls the number of connections in the SYN-RCVD state for which there has been at least one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate. See the SynAttackProtect parameter for more details
4. EnablePMTUDiscovery
   1. Key: Tcpip\Parameters
   2. Value Type: REG_DWORD—Boolean
   3. Valid Range: 0, 1 (False, True)
   4. Default: 1 (True)
   5. Recommendation: 0
   6. Description: When this parameter is set to 1 (True) TCP attempts to discover the Maximum Transmission Unit (MTU or largest packet size) over the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs. Fragmentation adversely affects TCP throughput and network congestion. Setting this parameter to 0 causes an MTU of 576 bytes to be used for all connections that are not to hosts on the local subnet
5. NoNameReleaseOnDemand
   1. Key: Netbt\Parameters
   2. Value Type: REG_DWORD—Boolean
   3. Valid Range: 0, 1 (False, True)
   4. Default: 0 (False)
   5. Recommendation: 1
   6. Description: This parameter determines whether the computer releases its NetBIOS name when it receives a name-release request from the network. It was added to allow the administrator to protect the machine against malicious name-release attacks
6. EnableDeadGWDetect
   1. Key: Tcpip\Parameters
   2. Value Type: REG_DWORD—Boolean
   3. Valid Range: 0, 1 (False, True)
   4. Default: 1 (True)
   5. Recommendation: 0
   6. Description: When this parameter is 1, TCP is allowed to perform dead-gateway detection. With this feature enabled, TCP may ask IP to change to a backup gateway if a number of connections are experiencing difficulty. Backup gateways may be defined in the Advanced section of the TCP/IP configuration dialog in the Network Control Panel. See the "Dead Gateway Detection" section in this paper for details
7. KeepAliveTime
   1. Key: Tcpip\Parameters
   2. Value Type: REG_DWORD—Time in milliseconds
   3. Valid Range: 1–0xFFFFFFFF
   4. Default: 7,200,000 (two hours)
   5. Recommendation: 300,000
   6. Description: The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote system is still reachable and functioning, it acknowledges the keep-alive transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by an application
8. PerformRouterDiscovery
   1. Key: Tcpip\Parameters\Interfaces\
   2. Value Type: REG_DWORD
   3. Valid Range: 0,1,2
      0 (disabled)
      1 (enabled)
      2 (enable only if DHCP sends the router discover option)
   4. Default: 2, DHCP-controlled but off by default.
   5. Recommendation: 0
   6. Description: This parameter controls whether Windows 2000 attempts to perform router discovery per RFC 1256 on a per-interface basis. See also SolicitationAddressBcast
9. EnableICMPRedirects
   1. Key: Tcpip\Parameters
   2. Value Type: REG_DWORD
   3. Valid Range: 0, 1 (False, True)
   4. Default: 1 (True)
   5. Recommendation: 0 (False)
   6. Description: This parameter controls whether Windows 2000 will alter its route table in response to ICMP redirect messages that are sent to it by network devices such as a routers

RESULTS WILL VARY
No matter how good your systems may be, they're only as effective as what you put into them.