04. windows xp admin tips-network

69
Windows XP Admin Tips ~ network ~ 1 Windows XP Admin Tips - network - 1. Avoiding APIPA Created on Jul 27, 2006. Last Modified on Nov 07, 2006. Last Modified by Mitch Tulloch. How to avoid problems arising from APIPA Windows XP computers can be assigned IP addresses two ways: manually using static addresses or automatically using DHCP. If your computer is configured to use DHCP however, a problem can occur if the DHCP server is down when your computer needs to renew its lease. This happens typically if you reboot your computer when the DHCP is unavailable, and in this case Windows XP uses Automatic IP Address Allocation (APIPA) to automatically assign itself an address of the form 169.254.x.y. Once your computer has this address however, it typically can't communicate on the network anymore. To prevent this kind of situation from happening, you can assign your computer an alternate IP address to fall back on when your computer can't contact a DHCP server to lease an address. This is done by using the Alternate Configuration tab of the TCP/IP properties for your computer's Local Area Connection. A typical situation where you might want to use this might be if you have a laptop at home where you use DHCP to obtain an IP address from your ISP. If you take your laptop to work sometimes and your workplace is a small business that uses static addressing instead of DHCP, you can assign your computer a static address on the Alternate Configuration tab so that it can participate in your work network when present at work. Note that the Alternate Configuration tab is only visible when you've selected Obtain An IP Address Automatically on the General tab of your TCP/IP Properties. 2. Using XP as a router Created on Mar 01, 2006. Last Modified on Mar 29, 2006. Last Modified by Mitch Tulloch. A cheap and easy way of using an XP box as a router. A cheap and easy way of adding a router to your network is to use a surplus PC with Windows XP Professional installed on it. Just install an additional network card in the Today is the best day to learn new things, try hard as much as u can.

Upload: scale2009

Post on 10-Apr-2015

1.694 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 1

Windows XP Admin Tips - network -

1. Avoiding APIPA

• Created on Jul 27, 2006. • Last Modified on Nov 07, 2006. • Last Modified by Mitch Tulloch. How to avoid problems arising from APIPA Windows XP computers can be assigned IP addresses two ways: manually using static addresses or automatically using DHCP. If your computer is configured to use DHCP however, a problem can occur if the DHCP server is down when your computer needs to renew its lease. This happens typically if you reboot your computer when the DHCP is unavailable, and in this case Windows XP uses Automatic IP Address Allocation (APIPA) to automatically assign itself an address of the form 169.254.x.y. Once your computer has this address however, it typically can't communicate on the network anymore. To prevent this kind of situation from happening, you can assign your computer an alternate IP address to fall back on when your computer can't contact a DHCP server to lease an address. This is done by using the Alternate Configuration tab of the TCP/IP properties for your computer's Local Area Connection. A typical situation where you might want to use this might be if you have a laptop at home where you use DHCP to obtain an IP address from your ISP. If you take your laptop to work sometimes and your workplace is a small business that uses static addressing instead of DHCP, you can assign your computer a static address on the Alternate Configuration tab so that it can participate in your work network when present at work. Note that the Alternate Configuration tab is only visible when you've selected Obtain An IP Address Automatically on the General tab of your TCP/IP Properties.

2. Using XP as a router

• Created on Mar 01, 2006. • Last Modified on Mar 29, 2006. • Last Modified by Mitch Tulloch. A cheap and easy way of using an XP box as a router.

A cheap and easy way of adding a router to your network is to use a surplus PC with Windows XP Professional installed on it. Just install an additional network card in the

Today is the best day to learn new things, try hard as much as u can.

Page 2: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 2

box and then configure the registry setting below and Presto! Your XP box becomes able to route (forward) IP packets from one interface to another.

Open Regedit and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Find the following registry value:

IPEnableRouter

Set this value to 1 to enable IP routing on the box.

After doing this, reboot the machine. You may also need to disable Windows Firewall on the machine.

3. Reliable File and Folder Sharing in Windows XP

• Created on Aug 13, 2005. • Last Modified on Sep 01, 2005. • Last Modified by Varun Sud.

Explains how to share files and folders in Windows XP over a network. It was written specifically because users in our college network had unpredictable results in sharing files over LAN on Windows XP.

This tip is on sharing files and folders on a local network in Windows XP. It has been tested on Windows XP Professional (with and without SP2).

Many users of WinXP have experienced difficulty in sharing files and folders over our college network whether or not simple file sharing is enabled. The approach that I have found to work consistently is:

1. Disable simple file sharing from My Computer --> Tools menu --> Folder Options --> View tab --> Advanced Settings

2. Open Control Panel --> Administrative Tools --> Services. Enable the Server service by making startup Automatic or Manual. This is a standard service needed for sharing files and folders under WinXp.

3. Open Control Panel --> Administrative Tools --> Computer Management. Scroll to System Tools --> Shared Folders --> Shares. From Action menu, select 'Add share' and follow the instructions.

Today is the best day to learn new things, try hard as much as u can.

Page 3: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 3

4. You may also want to add users to Administrator or other groups for shared folder access. Under Computer Management, scroll to Local Users and Groups. To add user to Administrator group, select the group name and choose Add from Action menu. This can also be used to add domain users as local admins.

Sharing files on computers directly connected to Internet is not recommended. However, restrict access to specific users using above procedure mitigates security risks.

4. Map Your Network For Better Protection and Incident Response

• Created on Mar 07, 2005. • Last Modified on Apr 01, 2005. • Last Modified by Tony Bradley. It is difficult to protect devices that you don't even know exist. In larger enterprises it is very easy to lose track of the asset inventory which leads to complacency about rogue devices. In order to effectively protect the network and to respond to incidents efficiently, an updated asset inventory and network map should always be handy.

In an enterprise network with thousands or even tens of thousands of devices, it seems like assets are constantly coming and going. When a site or department administrator sees a new device they are likely to be complacent and simply assume that it belongs to someone else in the enterprise rather than being suspicious of the rogue device.

Rogue or unknown devices that are added to the network are often missed in patch and security update deployments and they can be a constant source of headaches when it comes to trying to proactively protect and defend a large enterprise network.

If a security incident does occur, an updated and logically organized asset inventory, combined with a current and accurate network map will make response and forensic investigation that much simpler. If a 3rd-party or law enforcement agencies are involved they will need an overview of the network architecture and environment in order to conduct an investigation.

Policies should be written to define how new assets are added to the inventory and the steps that must be taken to include them on the asset inventory and network map prior to joining the network. But, no matter how foolproof that policy may be, it is virtually inevitable that new, rogue devices will eventually appear on the network.

To detect the rogue devices and fight to enforce the policy and ward off complacency, you can run periodic scans of the network using any of a wide variety of tools that can scan and report back information regarding the network and the devices attached. Many of the tools will report the IP address, MAC address, type of device or operating system and more. Below are a few tools you can consider for network mapping:

Today is the best day to learn new things, try hard as much as u can.

Page 4: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 4

• LANSurveyor from Neon Software • Visio from Microsoft • What's Up Gold from Ipswitch • SuperScan from Foundstone

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).

5. Shared printer separator page for Windows 2000 and Windows XP

• Created on Mar 23, 2004. • Last Modified on Dec 17, 2004. • Last Modified by Wayne Maples. If you are in a SOHO or company environment with shared printers, users may have trouble separating their print jobs if several of them print in a row. The standard solution is to use separator pages for shared printers. Windows 2000 and Windows XP includes 4 pre-defined separator pages in the winnt\system32 directory:

• pcl.sep Changes the printer to PCL mode and prints the separator page

• pscript.sep Changes the printer to PostScript mode but does not print a separator page

• sysprint.sep Changes the printer to PostScript mode and prints a separator page

• sysprtj.sep variant of sysprint.sep but uses Japanese fonts if available

You implement a separator page by

• Right-clicking the shared printer you want to add a separator page to • Click Properties • On the Advanced tab, click the "Separator Page" button • Browse to or enter the name of the separator page file

If you want to modify a .sep control file, the first line must be a single character which defines the delimiter character (any character can be the delimiter). Follows is pcl.sep :

\ \H1B\L%-12345X@PJL ENTER LANGUAGE=PCL \H1B\L&l1T\0

Today is the best day to learn new things, try hard as much as u can.

Page 5: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 5

\M\B\S\N\U \U\LJob : \I \U\LDate: \D \U\LTime: \T \E The codes are (continuing to use \ as delimiter): \N : prints name of person submitting print job \I : prints job number \D : prints date (in format defined by Regional option of Control Panel) \T : prints time (in format defined by Regional option of Control Panel) \L : prints chars between code and next delimiter \Ffqfn : prints contents of file specified by fqfn \Hnn : prints printer specific control code where nn is in hex, \H1B is HP esc char \Wnn : sets max width of separator page \B\S : prints single-width block chars \B\M : prints double-width block chars \U : turns off block-char printing \E : ejects current page \n : skips n lines. Legal values are 0-9

6. Control default internet programs

• Created on Mar 22, 2004. • Last Modified on Apr 20, 2004. • Last Modified by Wayne Maples. Do you have IE and Netscape installed? Both browsers check whether they are the default browser. That is, if you click on a link in an application, lets say email, then default browser will start up even if the other browser is already running. If you want Netscape to be the default browser and you want Internet Explorer to stop checking if its the default browser, you do that from Internet Options within the Control Panel. Open the Programs tab and you will see the checkbox for Internet browser should check to see whether it is the default browser.

Internet Options Programs tab also lets you select which programs Windows will use for default

• HTML editor • E-mail program • Newsgroup program • Internet call program • Calendar • Contact tool

Today is the best day to learn new things, try hard as much as u can.

Page 6: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 6

When you check the pulldowns, there will be nothing there but the defaults unless you have installed a program which registers itself for the task. For example, if you install the full Outlook, it will show up in the pulldowns for email and newsgroup programs. I installed Ultraedit and it set itself as my default editor. The pulldown then had the options of Notepad and Ultraedit. After installing Outlook 2000, I had pulldown options of Outlook and Outlook Express for email and newsgroup. After installing Freeagent , which is the best newsgroup reader around, I had the options of Agent and Outlook.

There is a "Reset Web Settings" button to return Windows to its original defaults

• HTML editor : Notepad • E-mail program : Outlook Express • Newsgroup program : Outlook Express • Internet call program : Netmeeting • Calendar : none • Contact tool : Address Book

This should work in all versions of Windows including Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000 and Windows XP.

7. Give XP ability to search Active Directory

• Created on Mar 23, 2004. • Last Modified on Apr 20, 2004. • Last Modified by Wayne Maples. Out of the box, Windows XP Pro does not have Windows 2000's capability to search the Active Directory. To put it back: create a shortcut icon on the desktop to run the following command: rundll32 dsquery,OpenQueryWindow .

Rundll32.exe is an application included with Windows that executes functions in dynamic link libraries (DLLs). Most applications (and Windows) use DLLs to share code between multiple applications or multiple modules within a single application. There are lots of other tasks you can accomplish with Rundll32.exe. You can execute these commands from a console or incorporate them into scripts or batch files to help you quickly access certain features in the user interface for configuring the operating system or hardware.

The following command starts the Add Printer Wizard: Rundll32.exe printui.dll,PrintUIEntry /il

If you want to add a standard TCP/IP port for printing, use this command: Rundll32.exe tcpmonui.dll,LocalAddPortUI

Today is the best day to learn new things, try hard as much as u can.

Page 7: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 7

You can easily create new shared folders through the New Share dialog box. Use this command to open it: Rundll32.exe ntlanui.dll,ShareCreate

Another function you can access through Ntlanui.dll is the Shared Directories dialog box. Here's how to open it: Rundll32.exe ntlanui.dll,ShareManage

Note: This Windows XP tip applies only when you are running Windows Explorer in Classic Mode. If you go Tools --> Folder Options --> General tab and select "Show common tasks in Windows" then you'll see a link called "Search Active Directory" under Network Tasks. Clicking on this link will then bring up the familiar Active Directory search interface.

8. Do it yourself WHOIS command

• Created on Mar 17, 2004. • Last Modified on Apr 20, 2004. • Last Modified by Wayne Maples. If you have your own web site with a registered name, you should be familiar with the WHOIS utility. You can search by web address, NIC handle, or ip address. whois is available as a commandline utility in unix. There are also web versions:

• Networksolutions • Whois.net

Although NT does not come with whois, you can create your own version using a batch file:

contents of WHOIS.cmd:

@echo off start http://www.networksolutions.com/cgi-bin/mcwho/whois?STRING=%1

-or-

@echo off start http://www.whois.net/search.cgi2?str=%1

The first version uses the whois lookup from Networksolutions whereas the second version uses the whois lookup from Whois.net Copy the batch file to somewhere in your path, for example, the %systemroot%\system32 folder. Because I have a lot of these

Today is the best day to learn new things, try hard as much as u can.

Page 8: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 8

small scripts and batch files, I created a %systemroot%\bin folder and placed it in the path. To lookup the whois info for microsoft.com, use the commandline:

whois microsoft.com

The results are:

Registrant: Microsoft Corporation (MICROSOFT-DOM) 1 microsoft way redmond, WA 98052 US Domain Name: MICROSOFT.COM Administrative Contact: Microsoft Hostmaster (MH37-ORG) [email protected] Microsoft Corp One Microsoft Way Redmond, WA 98052 US 425 882 8080 Fax- - - .: 206 703 2641 Technical Contact: MSN NOC (MN5-ORG) [email protected] Microsoft Corp One Microsoft Way Redmond, WA 98052 US 425 882 8080 Fax- PATH Billing Contact: idNames, Accounting (IA90-ORG) [email protected] idNames from Network Solutions, Inc 440 Benmar Suite #3325 Houston, TX 77060 US 703-742-4777 Fax 281-447-1160 Record last updated on 19-Mar-2001. Record expires on 03-May-2010. Record created on 02-May-1991. Database last updated on 23-Apr-2001 10:05:00 EDT. Domain servers in listed order: DNS4.CP.MSFT.NET 207.46.138.11 DNS5.CP.MSFT.NET 207.46.138.12 DNS2.TK.MSFT.NET 207.46.232.38 DNS1.TK.MSFT.NET 207.46.232.37 DNS3.UK.MSFT.NET 213.199.144.151

Today is the best day to learn new things, try hard as much as u can.

Page 9: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 9

9. DNSLint can verify DNS records

• Created on Mar 23, 2004. • Last Modified on Apr 20, 2004. • Last Modified by Wayne Maples. DNSLint is a command-line Microsoft utility designed to help you diagnose common DNS name resolution issues. DNSLint can be downloaded from the Microsoft Download Center. DNSLint has three functions that verify Domain Name System (DNS) records and generate an HTML report. The three functions are:

• dnslint /d: This diagnoses potential causes of "lame delegation" and other related DNS problems.

• dnslint /ql: This verifies a user-defined set of DNS records on multiple DNS servers.

• dnslint /ad: This verifies DNS records specifically used for Active Directory replication.

DNSLint syntax is: dnslint /d domain_name | /ad [LDAP_IP_address] | /ql input_file [/c [smtp,pop,imap]] [/no_open] [/r report_name] [/t] [/test_tcp] [/s DNS_IP_address] [/v] [/y] 10. Change the Logon Window and the Shutdown Preferences in Windows XP • Created on Mar 23, 2004. • Last Modified on Apr 20, 2004. • Last Modified by Wayne Maples.

INTRODUCTION The Windows Setup program configures Microsoft Windows XP to use the friendly Welcome logon screen and the shutdown buttons if your computer is installed as a home computer. A home computer is a computer that does not specify a network domain. This article describes how to use the classic logon screen that Windows XP-based computers use when they are joined to a domain. The classic logon screen looks similar to the following example: Log On to Windows User name: _____________ Password: _____________

Today is the best day to learn new things, try hard as much as u can.

Page 10: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 10

MORE INFORMATION

Use the classic logon screen To temporarily use the classic logon screen, press CTRL+ALT+DEL two times on the Welcome logon screen. To configure Windows XP to use the classic logon and shutdown screens for every logon session, follow these steps: 1. Click Start, and then click Control Panel. 2. Double-click User Accounts. 3. Click Change the way users log on or off. 4. Clear the Use the Welcome screen check box.Note If you turn off the Welcome logon screen, you also turn off the Fast User Switching option.

Require users to press CTRL+ALT+DEL before the classic logon screen appears Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. If you want users to have to press CTRL+ALT+DEL before the classic logon appears like a Windows XP-based computer that is joined to a domain, follow these steps: 1. Click Start, click Run, type regedit in the Open box, and then click OK. 2. Click the Winlogon subkey at the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

3. Click Edit, click New, and then click DWORD value. 4. To change the value name, type DisableCAD, and then press ENTER. 5. Keep the data value set to 0. The data value set appears as 0x00000000(0).

11. HOW TO: Change the Logon Screen Saver in Windows

SUMMARY Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. This step-by-step article describes how to

Today is the best day to learn new things, try hard as much as u can.

Page 11: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 11

change the default logon screen saver. When you start Windows, a Begin Logon dialog box prompts you to press CTRL+ALT+DEL to log on. By default, if you do not press a key for 15 minutes, the Windows logon screen saver (Logon.scr) starts.

Change the logon screen saver 1. Click Start, click Run, type regedt32, and click OK.

2. Locate the following registry key: HKEY_USERS\.DEFAULT\Control Panel\Desktop

3. In the Details pane, double-click the SCRNSAVE.EXE string value item.

4.

In the Value data box, type the path and name of the screen saver, and then click OK. Important Make sure that you specify the path correctly to the screen saver. If the screen saver is located in %SystemRoot%\System32, the explicit path is not required.

You have now changed the logon screen saver.

Change the logon screen saver timeout time You can also change the amount of time that elapses before the logon screen saver starts. The default is 900 seconds (15 minutes). To change the length of time before the logon screen saver starts, follow these steps: 1. Click Start, click Run, type regedt32, and then click OK.

2. Locate the following registry key: HKEY_USERS\.DEFAULT\Control Panel\Desktop

3. In the Details pane, double-click the ScreenSaveTimeOut string value item. 4. In the Value data box, type the number of seconds, and then click OK.

You have now changed the length of time that elapses before the logon screen saver starts.

Disable the logon screen saver To disable the logon screen saver, follow these steps: 1. Click Start, click Run, type regedt32, and then click OK.

2. Locate the following registry key: HKEY_USERS\.DEFAULT\Control Panel\Desktop

3. In the Details pane, double-click the ScreenSaveActive string value item. 4. In the Value data box, replace the number 1 with the number 0, and then click OK.

You have now disabled the logon screen saver.

APPLIES TO • Microsoft Windows Server 2003, Standard Edition (32-bit x86)

Today is the best day to learn new things, try hard as much as u can.

Page 12: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 12

• Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)• Microsoft Windows 2000 Server • Microsoft Windows 2000 Advanced Server • Microsoft Windows 2000 Professional Edition • Microsoft Windows 2000 Datacenter Server

12. Toggle XP logon to Windows 2000 logon mode

Windows XP Logon sports a new look and feel. If you prefer the Windows 2000 Logon, you can toggle to the W2K/NT logon style screen:

• Press and hold the Alt + Ctrl keys • Press the Delete key twice

You can flip back by pressing the Esc key.

13. Manage the DNS resolver cache with IPCONFIG

W2K and XP's workstation DNS client resolves host names to support web browsers, mail clients, and other apps where you used a host name rather than IP addresses. The Windows DNS resolver caches the results of DNS queries including queries that fail to resolve. Each DNS record has a time-to-live value that determines when the record should be refreshed with another query. Until the TTL expires, Windows will respond with the cached query rather than perform a new query.

What this means is the when you're troubleshooting connection and DNS problems, it's important to flush the DNS cache and force Windows to generate a new query. ipconfig can be used to view and/or clear the resolver cache, among other things. The following command displays the contents of the resolver cache :

E:\Documents and Settings\Wayne>ipconfig /displaydns Windows IP Configuration Record Name . . . . . : udns1.ultradns.net Record Type . . . . . : 1 Time To Live . . . . : 37577 Data Length . . . . . : 4 Section . . . . . . . : Additional A (Host) Record . . . : 204.69.234.1

Today is the best day to learn new things, try hard as much as u can.

Page 13: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 13

Record Name . . . . . : udns2.ultradns.net Record Type . . . . . : 1 Time To Live . . . . : 37577 Data Length . . . . . : 4 Section . . . . . . . : Additional A (Host) Record . . . : 204.74.101.1 dns.sprintip.com ---------------------------------------- Record Name . . . . . : dns.sprintip.com Record Type . . . . . : 1 Time To Live . . . . : 230 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 208.25.104.7 dnsla.carsdirect.com ---------------------------------------- Record Name . . . . . : dnsla.carsdirect.com Record Type . . . . . : 1 Time To Live . . . . : 1719 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 12.129.202.53 ns2.cts-bv.com ---------------------------------------- Record Name . . . . . : ns2.cts-bv.com Record Type . . . . . : 1 Time To Live . . . . : 1194 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 193.173.159.212 1.0.0.127.in-addr.arpa ---------------------------------------- Record Name . . . . . : 1.0.0.127.in-addr.arpa. Record Type . . . . . : 12 Time To Live . . . . : 83255 Data Length . . . . . : 4 Section . . . . . . . : Answer PTR Record . . . . . : localhost www.eastminsterdallas.org ---------------------------------------- Record Name . . . . . : www.eastminsterdallas.org Record Type . . . . . : 1 Time To Live . . . . : 2083 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 207.70.181.116

Today is the best day to learn new things, try hard as much as u can.

Page 14: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 14

stats.cts-bv.nl ---------------------------------------- Record Name . . . . . : stats.cts-bv.nl Record Type . . . . . : 1 Time To Live . . . . : 1194 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 193.173.159.197 www.lynchwiles.com ---------------------------------------- Record Name . . . . . : www.lynchwiles.com Record Type . . . . . : 1 Time To Live . . . . : 420 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 203.15.67.163 auth00.ns.uu.net ---------------------------------------- Record Name . . . . . : auth00.ns.uu.net Record Type . . . . . : 1 Time To Live . . . . : 1961 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 198.6.1.65 ns-3.amazon.com ---------------------------------------- Record Name . . . . . : ns-3.amazon.com Record Type . . . . . : 1 Time To Live . . . . : 1961 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 207.171.171.132 ns1.wdc.pnap.net ---------------------------------------- Record Name . . . . . : NS1.WDC.PNAP.NET Record Type . . . . . : 1 Time To Live . . . . : 859 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 216.52.126.1 www.is-it-true.org ---------------------------------------- Record Name . . . . . : www.is-it-true.org Record Type . . . . . : 1 Time To Live . . . . : 27814

Today is the best day to learn new things, try hard as much as u can.

Page 15: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 15

Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 66.34.10.74 Section . . . . . . . : Additional A (Host) Record . . . : 216.221.160.10 Use this command to flush the resolver cache:

ipconfig /flushdns

To check out all the options:

E:\Documents and Settings\Wayne>ipconfig /? USAGE: ipconfig [/? | /all | /renew [adapter] | /release [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter | /setclassid adapter [classid] ] where adapter Connection name (wildcard characters * and ? allowed, see examples) Options: /? Display this help message /all Display full configuration information. /release Release the IP address for the specified adapter. /renew Renew the IP address for the specified adapter. /flushdns Purges the DNS Resolver cache. /registerdns Refreshes all DHCP leases and re-registers DNS names /displaydns Display the contents of the DNS Resolver Cache. /showclassid Displays all the dhcp class IDs allowed for adapter. /setclassid Modifies the dhcp class id. The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed. For Setclassid, if no ClassId is specified, then the ClassId is removed. Examples: > ipconfig ... Show information. > ipconfig /all ... Show detailed information > ipconfig /renew ... renew all adapters > ipconfig /renew EL* ... renew any connection that has its

Today is the best day to learn new things, try hard as much as u can.

Page 16: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 16

name starting with EL > ipconfig /release *Con* ... release all matching connections, eg. "Local Area Connection 1" or "Local Area Connection 2"

14. nslookup and DNS Zone Transfers

Want to get a list of all the ip addresses as well as aliases assigned within a domain? You can grab that information if the DNS server allows zone transfers. The zone transfer is the method a secondary DNS server uses to update its information from the primary DNS server. DNS servers within a domain are organized using a master-slave method where the slaves get updated DNS information from the master DNS. One should configure the master DNS server to allow zone transfers only from secondary (slave) DNS servers but this is often not implemented.

You do not have to have DNS to request a zone transfer. You can issue a zone transfer request using the nslookup client which is a standard part of unix, NT, Windows 2000 and XP. To dump the DNS records from your current domain, lets says, its wayne.net:

Type nslookup at the commandline (NT example). This starts nslookup in interactive mode. It will respond with the name and ip address of your default DNS server:

Default Server: dns01.wayne.net Address: 10.10.10.1 >

To get a list of commands available, type set all. For the more important set options:

set d2 : puts nslookup in debug mode, so you can examine query and response packets between the resolver and server set domain= : tells the resolver which domain name to append to queries not FQDN set timeout= : for slow links set type= : which type of records to search for ( A, PTR, SRV, or ALL)

You can get help at the nslookup command prompt by typing:

> help

To dump all available records, assuming zone transfers are enabled, issue the following commands:

> set type=any > ls -d wayne.net > dns.wayne.net > exit

Today is the best day to learn new things, try hard as much as u can.

Page 17: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 17

The ls -d wayne.net command requested all records for the domain be dumped in a file named "dns.wayne.net". Open up dns.wayne.net and see what goodies you can find. If dns1 is not authoritative for the domain, you can change which DNS server you wish to dump records using the command:

> server 10.10.10.2

Default Server: dns02.wayne.net Address: 10.10.10.2 >

If successful, the dump file will have lines such as: > ls -d wayne.net [dns1.wayne.net] wayne.net. SOA dns04.wayne.net wayne.dns04.wayne.net. (3301 10800 3600 604800 86400) wayne.net. NS dns04.wayne.net wayne.net. NS dns02.wayne.net wayne.net. NS dns01.wayne.net wayne.net. NS dns05.wayne.net wayne.net. MX 10 email.wayne.net rsmithpc TXT "smith, robert payments 214-389-xxxx" rsmithpc A 10.10.10.21 wmaplespc TXT "Waynes PC" wmaplespc A 10.10.10.10 wayne CNAME wmaplespc.wayne.net

You can see from the bits above, that there are multiple dns servers, that there is a email pop3 server, what my ip address is, ...

Lots of goodies particularly if the DNS admins put in "good" comments. Might be useful info for social engineering if the comments include phone numbers.

The ls -d command, emulates a zone transfer. You can also get a listing by using the ls -t to get a list of the members of a domain.

For DNS info see The DNS Place.

15. IIS Web Server Resources and Tips

One of my jobs is webmaster in the sense of system support, not the common misconception of graphics designer. I recently started supporting IIS (a shift from

Today is the best day to learn new things, try hard as much as u can.

Page 18: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 18

Netscape web servers which were essentially problem free). As such I need tips and resources for Microsoft's Internet Information Server IIS. As I find useful information I will use this page as an index for the IIS info. Please let me know if you know of an IIS tip or site I should add to this IIS resource page: Wayne Maples.

Microsoft has released another IIS Rollup patch to date as of October 30, 2002. This patch applies to IIS versions 4.0, 5.0 and 5.1: Cumulative Patch for Internet Information Service (Q327696)

Tips

• Backing Up and Restoring IIS Servers • IIS 4.0 Recommended Installation Procedure • IIS 5.0 Features • IIS 5 New Features • Differences in default behavior and settings between IIS 4.0 and IIS 5.0 • IIS Metabase Registry • Securing IIS 4 • Securing IIS 5 • Securing IIS : 10 STEPS TO BETTER IIS SECURITY • Start / Stop IIS related services using NET START/STOP • Gotcha! Microsoft IIS 4 Versus Netscape Communicator 4.7 • SecureIIS Application Firewall • Security : How to Use the IIS Security "What If" Tool • Using Windows Security with IIS and SQL Server 2000

Resources

• 15seconds : IIS support site • How to Use WebDAV • How to troubleshoot HTTP connections using Wfetch

free utility • How to View HTTP Data Frames Using Network Monitor • IIS Administrator Newsletter • Microsoft's Internet Information Server 4 Baseline Security Checklist • Microsoft's IIS 5.0 Baseline Security Checklist • Microsoft's Secure Internet Information Services 5 Checklist • Microsoft's Windows 2000 IIS 5.0 Hotfix Checking Tool • Microsoft Technet's Windows Web Services (IIS) • IIS and ISAPI • ASP Barcode Server Component for IIS Manual

FAQs

• www.iisfaq.com • iisadministrator IIS FAQ • windows2000faq.com IIS FAQ

Today is the best day to learn new things, try hard as much as u can.

Page 19: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 19

• Perl on IIS 4

16. AD admins should be running Windows XP Pro

Background : AD differences between XP and W2K. Summary :

• An updated Adminpak.msi must be installed because the one shipped with Windows 2000 is not compatible with Windows XP.

• There are over 200 new group-policy settings in Windows XP. • Windows XP specific group policy settings are ignored when applied to Windows

2000 systems. • Windows 2000 applies GPOs synchronously, while Windows XP applies GPOs

asynchronously

Source: Managing Windows XP in a Windows 2000 Server Environment

You can add Windows XP Pro workstations to your AD domains and they will respond to existing GPOs just like Windows 2000 Pro. That is a significant bit of information. Much more important though is that if you update Windows 2000 Active Directory with the new security templates that shipped with Windows XP Pro, significant new functionality becomes available to the AD administrator using XP Pro as the admin console. For this reason, Windows XP Pro is now the preferred management console for Windows 2000 Active Directory.

Windows XP Pro ships with more than 200 new policies in addition to the 421 policies still supported from Windows 2000. Windows XP specific policies will be ignored by Windows 2000 machines. Managing policy is made easier with a new user interface available to XP Pro containing descriptive text and OS requirements for each policy. New Help files dedicated to policy settings let you search for specific policies by keyword. XP ships with Resultant Set of Policy (RSoP). New tools let administrators check policy settings in effect for any machine or user in a domain. Users can verify their own policy settings on their computer with a user-friendly report accessible from the Help and Support Center.

It is now clear that a GPO best practices are

• exclusively use an XP Pro workstation as the AD management console when working with GPOs

• use the same policy settings for both XP and W2K Pro IF you now or will ever support roaming users who will be using both XP and W2K Pro workstations.

See the full Microsoft document for details but the process to update the security templates is simple. Be sure you can get back to your starting point should the sh*t hit the

Today is the best day to learn new things, try hard as much as u can.

Page 20: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 20

fan when you do this. It has been reported to me that in certain circumstances, this will set domain policies to defaults. Ouch to say the least.:

• Copy all .ADM files from the WINNT/INF directory on a Windows XP Pro workstation to a file share on the network.

• From a Windows 2000 based computer, open a GPO in the Group-Policy console. • Right click on Administrative templates and then select Add/Remote Templates. • From the Add/Remove Templates window, remove the old Windows 2000 .ADM

files and add the new Windows XP .ADM files. • You will need to repeat this for each of your Group Policy Objects.

A brief list of the most important new Group Policy settings available to clients running Windows XP workstations:

• XP clients support software restriction policies which allows one to protect XP workstations from untrusted code by identifying and specifying which applications are allowed to run.

• XP Terminal Services enhancements • XP workstations support more granular configuration of the Start menu and

Taskbar so the XP can be more easily locked down than W2K. If you need to kiosk or have a restrictive user environment. Or you are a control freak.

• XP supports very fine control over MMC snap-ins when comparied to W2K.

OK I admit it. There are reasons for at least administrators to upgrade from Windows 2000 to Windows XP. And if you want the capability of tighter desktop control, your users should be on Windows XP Pro. I have had many discussions about the value of XP Pro vs W2K. My interest is from a business perspective. These new capabilities are real considerations.

Additional resources:

• Group Policy Object Settings 105K Excel spreadsheet : This spreadsheet lists the settings exactly as they appear in the Group Policy snap-in tree, including the changes contained in Microsoft® Windows® XP Professional.

• Upgrading Windows 2000 Group Policy for Windows XP (Q307900) • Windows XP supports an enhanced Group Policy infrastructure that uses

Windows Management Instrumentation (WMI) • A Description of the Group Policy Update Utility (Q298444) • Administering Windows XP Professional

17. netcat ( nc ) utility resources

netcat is the swiss army knife utility for hackers and should be in the armory for all network support personnel. This is my list of netcat resources. If you have links that should be here, please let me know. For hacking uses see the "Hacking Exposed Books".

Today is the best day to learn new things, try hard as much as u can.

Page 21: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 21

• Cloning Operating Systems : Wonders of 'dd' and 'netcat' for additional info on dd, check out my dd resources

• Cat data to a network host and port using Netcat • Cryptcat : Netcat with encryption • Example Uses • fpipe and netcat • How to use Netcat with the Axis 540 Print Server and SCO Unix • Gaining Root Access to Apache web server via PHP.exe

need a reason to apply security patches? Read on! and you thought only IIS was insecure.

• Netcat Overview : Netcat rules the net • netcat6 • Print Server Port Numbers for Netcat • versions / sources :

o Unix versions o Debian source o OpenBSD source o Netcat 6 : netcat clone with IPv6 support

18. NetOp Remote Control for Windows

PCAnywhere is not the only remote control software. CrossTec's NetOp Remote for Windows is a very feature rich product. The NetOp Remote Control 7.0 Guest module offers full functionality for Windows XP, Windows 2000, Terminal Services, NT 4.0, NT3.51, ME, Win98, Win95, and remote control functionality for Windows CE, Linux and ActiveX (e.g. in Internet Explorer). The NetOp Remote Control 7.0 Host module offers full functionality for Windows 2000, Terminal Services, NT 4.0, NT 3.51, ME, win98 and win 95.

Related tips:

• Freeware VNC: Virtual Network Computing

19. TCP/IP resources

I will use this tip to collect tcpip related tips with a flavor or useful in penetration testing. If there is a site that should be listed here or if a link goes dead, please let me know.

• AckCmd : remote command prompt using only TCP ACK segments to pass firewalls W2K , free

• ARP Poisoning • ARP0c connection interceptor

Today is the best day to learn new things, try hard as much as u can.

Page 22: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 22

• ArpWatch tool that monitors ethernet activity and keeps a database of ethernet/ip address pairings. It also reports certain changes via email. Arpwatch uses libpcap, a system-independent interface for user-level packet capture. Platforms: AIX, BSDI, DG-UX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, SCO, Solaris, SunOS, True64 UNIX, Ultrix, UNIX

• Ethernet Bridge This is a small utility (driver and console application) for MAC level bridging TCPIP bound network interfaces. It can be used an example for bridging wireless and wired Ethernet when IP address space can't be divided into subnets.Jan 2002

• Ethereal : network protocol analyzer for Unix and Windows freeware • Hunt : TCP hijacking • Hping: Create custom ICMP/UDP/TCP packets • IP:

o IP Insecurity ComputerWorld article o IP spoofing Department of Computer Science, Princeton University o IP spoofing Demystified ==Phrack Magazine== o IP Spoofing : A Mammoth Description o IP Subnetter Free Utility

calculates subnets, subnet mask, binary hosts, binary masks, broadcast address, host range, and more

• ISN Initial Sequence Number Vulnerability • Monitor network activities • Netcat: TCP/IP Swiss Army knife tool • Ngrep:

Grep for the network layer linux

• NICs: o Diagram to build a read-only Ethernet cable o PromiScan W2K Pro; searches for promiscuous nodes on the local net

• Nmap: o Fastest port scanner linux o NDiff compares two nmap scans and outputs differences. Automate

change analysis. • Probing TCP implementations • Source routing : Loose Source Routing, why is it still here? • tcpdump / libpcap • tcpdump and tcp/ip pocket reference • tcpdump : tools of the trade • tcpflow : A TCP Flow Recorder

captures data transmitted as part of TCP connections (flows), and stores the data in a way that is convenient for protocol analysis or debugging

• TCP/IP Subnetting Tables • TCP Wrappers:

o tcp wrappers : Network monitoring, access control & booby traps

Today is the best day to learn new things, try hard as much as u can.

Page 23: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 23

o TCP WRAPPERS—What are they?? • Traceroute, Tracing the Traceroute: A White Paper by Ankit Fadia

20. AD admins should be running Windows XP Pro

Background : AD differences between XP and W2K. Summary :

• An updated Adminpak.msi must be installed because the one shipped with Windows 2000 is not compatible with Windows XP.

• There are over 200 new group-policy settings in Windows XP. • Windows XP specific group policy settings are ignored when applied to Windows

2000 systems. • Windows 2000 applies GPOs synchronously, while Windows XP applies GPOs

asynchronously

Source: Managing Windows XP in a Windows 2000 Server Environment

You can add Windows XP Pro workstations to your AD domains and they will respond to existing GPOs just like Windows 2000 Pro. That is a significant bit of information. Much more important though is that if you update Windows 2000 Active Directory with the new security templates that shipped with Windows XP Pro, significant new functionality becomes available to the AD administrator using XP Pro as the admin console. For this reason, Windows XP Pro is now the preferred management console for Windows 2000 Active Directory.

Windows XP Pro ships with more than 200 new policies in addition to the 421 policies still supported from Windows 2000. Windows XP specific policies will be ignored by Windows 2000 machines. Managing policy is made easier with a new user interface available to XP Pro containing descriptive text and OS requirements for each policy. New Help files dedicated to policy settings let you search for specific policies by keyword. XP ships with Resultant Set of Policy (RSoP). New tools let administrators check policy settings in effect for any machine or user in a domain. Users can verify their own policy settings on their computer with a user-friendly report accessible from the Help and Support Center.

It is now clear that a GPO best practices are

• exclusively use an XP Pro workstation as the AD management console when working with GPOs

• use the same policy settings for both XP and W2K Pro IF you now or will ever support roaming users who will be using both XP and W2K Pro workstations.

See the full Microsoft document for details but the process to update the security templates is simple. Be sure you can get back to your starting point should the sh*t hit the

Today is the best day to learn new things, try hard as much as u can.

Page 24: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 24

fan when you do this. It has been reported to me that in certain circumstances, this will set domain policies to defaults. Ouch to say the least.:

• Copy all .ADM files from the WINNT/INF directory on a Windows XP Pro workstation to a file share on the network.

• From a Windows 2000 based computer, open a GPO in the Group-Policy console. • Right click on Administrative templates and then select Add/Remote Templates. • From the Add/Remove Templates window, remove the old Windows 2000 .ADM

files and add the new Windows XP .ADM files. • You will need to repeat this for each of your Group Policy Objects.

A brief list of the most important new Group Policy settings available to clients running Windows XP workstations:

• XP clients support software restriction policies which allows one to protect XP workstations from untrusted code by identifying and specifying which applications are allowed to run.

• XP Terminal Services enhancements • XP workstations support more granular configuration of the Start menu and

Taskbar so the XP can be more easily locked down than W2K. If you need to kiosk or have a restrictive user environment. Or you are a control freak.

• XP supports very fine control over MMC snap-ins when comparied to W2K.

OK I admit it. There are reasons for at least administrators to upgrade from Windows 2000 to Windows XP. And if you want the capability of tighter desktop control, your users should be on Windows XP Pro. I have had many discussions about the value of XP Pro vs W2K. My interest is from a business perspective. These new capabilities are real considerations.

Additional resources:

• Group Policy Object Settings 105K Excel spreadsheet : This spreadsheet lists the settings exactly as they appear in the Group Policy snap-in tree, including the changes contained in Microsoft® Windows® XP Professional.

• Upgrading Windows 2000 Group Policy for Windows XP (Q307900) • Windows XP supports an enhanced Group Policy infrastructure that uses

Windows Management Instrumentation (WMI) • A Description of the Group Policy Update Utility (Q298444) • Administering Windows XP Professional

Today is the best day to learn new things, try hard as much as u can.

Page 25: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 25

21. Group Policy XPerience You can do more with Group Policy in Windows XP than in Windows 2000 Professional. Here’s a guide to the changes.

by Jeremy Moskowitz - November 2002

ARE YOU REAPING the benefits of Group Policy yet? Are you finding that you’re able to roll out a consistent environment for all your Windows 2000 users? Are your users happily getting the software you deployed and happily saving their files to their “My Documents” folder (with you knowing their data is secretly saved on the server)?

Or, will your perfect Win2K Group Policy utopia all fall apart when you introduce your first Windows XP Professional client machine?

If you’re happily deploying Group Policy to Win2K clients, then you’ll be well poised to also deploy it to your XP clients. However, you should be aware of differences, additions and pitfalls with XP in order to maintain a working Group Policy implementation.

New! Improved! XP has some additional features that can be set through Group Policy. However, it takes hoop-jumping to enable these features, so stay with me here. It’s likely today that you administer the Group Policy settings of your machines in one of two ways: either you run Active Directory Users and Computers directly on a server (or via Terminal Services) or your run it on your local Win2K Pro box using the MMC snap-in tools contained within Adminpak.msi, which ships with Win2K.

When you upgrade your desktop to XP, you’ll find the tools inside the Adminpak.msi won’t work. This is because the tools inside the Adminpak.msi that comes with Win2K Pro are incompatible with XP. This means you need to get the right version of the Adminpak.msi containing the new administrative snap-in tools compatible with XP. These tools expose some new features, particularly in regard to Group Policy. Download the right version, which is called the “Windows .NET Server RCi Adminpak.exe,” from http://support.microsoft.com/default. aspx?scid=kb;EN-US;q304718. Note that the Adminpak currently ships as an EXE but upon release will be delivered back as the familiar MSI file type.

Just What You Need—200 More Group Policy Settings Since XP has more features than Win2K Pro, it stands to reason there’s more “stuff” that can be controlled using Group Policy. For instance, two new XP Group Policies allow you to disable the use of the Internet Connection Firewall and the Network Bridge features. In all, there are about 200 new Group Policy settings, one of which is seen in Figure 1. Some affect just XP, others affect both XP and Win2K systems. Note that when you manipulate AD Group Policies from your XP machine (with the tools contained within the new Adminpak), you get an additional benefit of seeing which policies support which clients. If you don’t manage your domain’s Group Policy on an XP client with the new Adminpak, you won’t know if the policy affects or doesn’t affect specific clients.

Today is the best day to learn new things, try hard as much as u can.

Page 26: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 26

Figure 1. The latest version of Group Policy tells you what policies can be applied to various OSs.

The good news is that if you apply a policy meant for XP on a Win2K Pro machine, the policy is simply ignored. The bad news is that in order to properly manage all your systems (Win2K and XP), you need to be religious about manipulating your GPOs only from an XP system (that has the proper Adminpak loaded).

Recall that Win2K Group Policies are initially applied at startup (for Computer policies) and at logon (for User policies). Both Computer and User policies are then independently refreshed periodically at intervals in the background. The background refresh happens about every 90 minutes with a 30-minute randomization factor thrown in there so every client doesn’t “ask” the server at once for updates.

This is important depending on the type of policy delivered. For instance, if you use Group Policy to change the desktop wallpaper for a gaggle of users in an OU, each user’s desktop wallpaper will respond when, individually, the background refresh next hits its cycle. Conversely, when you use Group Policy to distribute software, it doesn’t show up (or get removed) when the background refresh hits. Rather, Software Distribution (and Folder Redirection) policies are only applied at Startup or Logon. This is a good thing, as you wouldn’t want your users to suddenly not have DogFoodMaker 7.0 while right in the middle of using it.

Out of Synch Win2K, by default, applies policies synchronously. This means that upon startup, a Win2K computer waits for the network interface to initialize, locates a domain controller, downloads the applicable Computer GPOs (site, domain, and each nested OU) and applies them—all before presenting the Ctrl-Alt-Del prompt to the user. When the user logs on, the User GPOs are downloaded and applied before the desktop and Start menu appear.

Today is the best day to learn new things, try hard as much as u can.

Page 27: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 27

XP, however, processes GPOs asynchronously. This means that upon startup, the computer doesn’t wait for the network interface to initialize before starting to process Computer GPOs. Rather, XP processes previously cached Computer GPOs while it presents the Ctrl-Alt-Del prompt to the user. At the same time, it downloads any new GPOs. These new GPOs don’t get applied until a bit later. Similarly, when a user logs on, the desktop and Start menu appear while the system processes any cached User GPOs. New GPOs are downloaded but processing is deferred.

Once the computer has started, the user has logged on and any cached Computer and User GPOs have been applied, newly downloaded policies are then processed in the background. This ensures that the latest Security Settings and Administrative Templates (Registry updates) are applied soon after logon.

This results in a faster boot time (when processing Computer policies) as well as faster logon time (when processing User Policies.) Microsoft calls this XP behavior “fast boot.” For some environments, it does speed things up a bit—at a cost.

The Dark Side of Faster Booting The downside to this new approach is that, potentially, a user at an XP desktop could be logged on but not quite have all the GPOs processed. Then, after that person has been working for a while—pop! A setting takes effect out of the blue. This is because not all GPOs were processed before the user was presented with the desktop and Start menu. Your network would have to be slow for this scenario to occur, but it’s certainly possible.

The next major downside to this updated approach is that some features, potentially, can take an XP client several additional logons or reboots to have the changes applied. This strange behavior becomes understandable when we take a step back and think about how certain policies are processed on Win2K. Specifically, we need to direct our attention to Software Distribution and Folder Redirection policies.

I’ve already stated that on Win2K, these two types of policies must be processed in the foreground to prevent data corruption and unhappy users. But if XP doesn’t do synchronous processing, how are these polices handled? XP fakes it and tags the machine when a Software Package is targeted for an XP client. The next time the user logs on, the Group Policy engine sees that the machine is tagged for Software Distribution and then switches, for this one time, back into synchronous mode. The net result: XP typically requires two logons (or reboots) to get a software distribution package when Win2K Pro only requires one.

This problem is worse for Folder Redirection. Basic Folder Redirection with XP is like Software Distribution, in that it now generally takes two logons to take effect. However, the use of Advanced Folder Redirection (which checks which security groups the user is in) takes a whopping three logons to take effect. The first one tags the system for a Folder Redirection change; the second one figures out the user’s security group membership, and the third actually performs the new Folder Redirection.

Today is the best day to learn new things, try hard as much as u can.

Page 28: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 28

Predictability=Good; Unpredictability=Bad If you want your XP users to log on a bit faster, then, by all means, leave fast boot on. If you’re doing some “no-no’s” in Group Policy like cross-domain links of Group Policy or lots of site-based GPOs, then leaving this on will likely make each and every logon a bit faster.

If, however, you want your XP machines to act just like Win2K Pro machines, you need to set a Group Policy that reverts them back to the old behavior. Sure, it’s a bit slower to log on. It’s also a heck of a lot more predictable. Besides, your Win2K machines already act this way, and it probably would be good practice to have all machines in your environment react as similarly as possible—even if they’re different OSs.

To revert XP back to the Win2K “synchronous” behavior, set a Group Policy (preferably at the domain level) to enable the “Always wait for the network at computer startup and logon” policy which can be found in the Computer Configuration | Administrative Templates | System | Logon branch of Group Policy.

http://mcpmag.com/features/article.asp?EditorialsID=309

22. Wireless penetration testing resources

• Created on Mar 17, 2004. • Last Modified on Apr 20, 2004. • Last Modified by Wayne Maples. Wireless is a hot topic. Unfortunately lots of wireless LANs have been put in without any consideration of security. If you have a wireless or are considering, read the whitepapers and check for yourself using a commercial or shareware analyzer. If there is a site that should be listed here or if a link goes dead, please let me know.

• Books o Building Wireless Community Networks, 2nd Edition o 802.11 Security o Wireless Hacks o Wireless Security: Models, Threats, and Solutions o 802.11 Wireless Networks: The Definitive Guide (O'Reilly Networking) o Hack Proofing Your Wireless Network o Wireless Communications: Principles and Practice (2nd Edition) o Wireless LANs (2nd Edition) o Wireless Lan Standards and Applications o Wireless and Mobile Network Architectures o IEEE 802.11 Handbook: A Designer's Companion o Essential Guide to Wireless Communications Applications (2nd Edition) o 802.11 Demystified: Wi-Fi Made Easy

Today is the best day to learn new things, try hard as much as u can.

Page 29: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 29

• Whitepapers / Tech docs / FAQ o Accessing wireless security with AiroPeek o Ars Technica: Wireless Security Blackpaper o Bluetooth Basics o Building a Cisco Wireless LAN - Chapter 8: Cisco Wireless Security o Choosing between 802.11a and 802.11b o FAQ Wireless LAN Security by Christopher W. Klaus of Internet Security

Systems (ISS) o Firewall : Wireless Firewall Gateway White Paper o ISS Wireless LAN Security : 802.11b and corporate networks o Linux Wireless LAN Howto o Microsoft Solution for Securing Wireless LANs

Networking Handbook 802.11 (Wi-Fi) - Chapter 9: Wireless LANs in the Enterprise NIST : Wireless network security - 802.11, Bluetooth, and Handheld Devices

o Securing The Maginot Line Of Wireless LANs o Security of 802.11 Wireless Networks for Automated Data Collection o WEB Wired Equivalency Protocol

802.11 WEP: Concepts and Vulnerability (In)Security of the WEP algorithm Intercepting mobile communications: Insecurity of 802.11 Unsafe at any key size: An analysis of the WEP encapsulation WildPackets' Guide to Wireless LAN Analysis SANS has a large # of wireless access articles

• Tools / Utilities o Aerosol : Wireless Tool for Windows o AirDefense : WLAN Intrusion Protection & Management System

commercial o AirMagnet Handheld Analyzer o AiroPeek : commercial packet analyzer for IEEE 802.11b wireless LANs

Windows comprehensive packet analyzer for IEEE 802.11b wireless LANs, supporting all higher level network protocols such as TCP/IP, AppleTalk, NetBEUI and IPX.

o AirSnort : collect encryption keys Linux tool that passively monitors transmissions, computing the encryption key when enough packets have been gathered

o AirTraf: wireless 802.11b network analyzer Linux

o AP Scanner : Mac 802.11 scanner Macintosh-only application that will detect all in-range open 802.11 wireless network access points.

o bsd-airtools : complete toolset for wireless 802.11b auditing contains a bsd-based wep cracking application, dweputils; kernel patches for NetBSD, OpenBSD, and FreeBSD; a curses based ap detection application similar to netstumbler (dstumbler) to detect wireless access

Today is the best day to learn new things, try hard as much as u can.

Page 30: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 30

points and connected nodes, view signal to noise graphs, and interactively scroll through scanned ap's and view statistics for each; other tools to provide a complete toolset for making use of all 14 of the prism2 debug modes as well as do basic analysis of the hardware-based link-layer protocols provided by prism2's monitor debug mode.

o Fake AP : hide in plain sight Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables. Fake AP is a proof of concept released under the GPL. Linux compatible.

o Grasshopper : commercial handheld wireless receiver for sweeping and optimizing Local Area Networks

o Isomair : wireless lan security package commercial

o ISS' Wireless Scanner : commercial wireless penetration tool o Kismet : Linux 802.11b wireless network sniffer

capable of sniffing using almost any wireless card supported in Linux, including Prism2 based cards supported by the Wlan-NG project (Linksys, Dlink, Rangelan, etc), cards which support standard packet capture via libpcap (Cisco), and limited support for cards without RF Monitor support.

o MacStumbler : Wireless scanning tool for the Apple Airport only works with airport wireless cards

o Mognet: open source wireless ethernet sniffer/analyzer written in Java o NetStumbler : Windows utility for 802.11b based wireless network

auditing o Prism2 : Linux AP driver for Intersil Prism2/2.5/3 o Prism2dump : part of BSD-Airtools package

puts Prism2Card into promiscuous mode o PrismStumbler : scans for beaconframes from accesspoints

operates by constantly switching channels an monitors any frames recived on the currently selected channel C & perl

o Sniffer Wireless : commercial wireless sniffer o ssidsniff : discover access points and save captured traffic

comes with a configure script and supports Cisco Aironet and random prism2 based cards.

o StumbVerter : NetStumbler support tool standalone application which allows you to import Network Stumbler's summary files into Microsoft's MapPoint 2002 maps.

o wavemon : ncurses-based monitoring application for wireless network Linux

o WaveRunner : Linux-powered HP iPAQ Pocket PC that verifies 802.11b deployments detects rogue access points and clients

o WaveStumbler : 802.11 network mapper for Linux

Today is the best day to learn new things, try hard as much as u can.

Page 31: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 31

o WEPCrack: perl utility that cracks 802.11 WEP encryption keys using weakness of RC4 key scheduling.

o Wellenreiter : wireless penetration tool ( gtkperl ) Linux

o witools : small collection of utilities to aid in the exploration of 802.11 wireless networks FreeBSD compatible

23. IPSec Tips and Resources • Created on Mar 23, 2004. • Last Modified on Apr 20, 2004. • Last Modified by Wayne Maples. I will use this page to collect IPsec tips and resources. If there is a good resource on the net which is not here, please let us know:

• Encapsulating Security Payload: o IP Encapsulating Security Payload ( RFC2406 ) o ESP CBC-Mode Cipher Algorithms ( RFC2451 ) o ESP DES-CBC Transform ( RFC1829 ) o ESP DES-CBC Cipher Algorithm With Explicit IV ( RFC2405 ) o Use of HMAC-MD5-96 within ESP and AH ( RFC2403 ) o Use of HMAC-RIPEMD-160-96 within ESP and AH( RFC2857 ) o Use of HMAC-SHA-1-96 within ESP and AH ( RFC2404 )

• GRE, Configuring IPSec with EIGRP and IPX Using GRE Tunneling • Firewall, How to Enable IPSec Traffic Through a Firewall (Q233256) • HMAC:

o HMAC: Keyed-Hashing for Message Authentication ( RFC2104 ) o HMAC-MD5 IP Authentication with Replay Prevention ( RFC2085 )

• IKE: The Internet Key Exchange ( RFC2409 ) • IP Authentication Header ( RFC2402 ) • IP Authentication using Keyed MD5 ( RFC1828 ) • IPSec Charter • TechNet Webcast: IPsec and NAT-T—Finally in Harmony? • IP Security Document Roadmap ( RFC2411 ) • ISKMP

o Internet Security Association and Key Management Protocol ( RFC2408 ) o Internet IP Security Domain of Interpretation for ISAKMP ( RFC2407 )

• Limitations, Traffic That Can, and Cannot Be Secured by IPSec (Q253169) • Microsoft L2TP/IPSec VPN Client for Win98, ME and NT • Microsoft L2TP/IPSec VPN Client for Windows 2000 and XP • MPLS : A comparison between IPsec and Multiprotocol Label Switching VPNs • NAT, IPSec/GRE with NAT : Cisco sample configuration • NULL Encryption Algorithm and Its Use With IPsec ( RFC2410 ) • OAKLEY Key Determination Protocol ( RFC2412 )

Today is the best day to learn new things, try hard as much as u can.

Page 32: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 32

• Security Architecture for the Internet Protocol ( RFC2401 ) • Server : Using IPSec to Lock Down a Server • Windows2000 / XP :

o Client-to-Domain Controller and Domain Controller-to-Domain Controller IPSec Support

o Configuring IPSec Between a W2K Server and a Cisco Device o Configuring IPSec to Handle Trusted and Untrusted Domain

Authentication o How to Configure IPSec Tunneling in Windows 2000 o How to Enable IPSec Traffic Through a Firewall o Microsoft L2TP/IPSec VPN Client for Windows 2000 and XP o Step-by-Step Guide to Internet Protocol Security (IPSec) o Traffic That Can--and Cannot--Be Secured by IPSec o Using IPSec in Windows 2000 and XP, Part 1 o Using IPSec in Windows 2000 and XP, Part 2 o Using IPSec in Windows 2000 and XP, Part 3

http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Network/IPSecTipsandResources.html

24. FAQ IPv6 Protocol for Windows XP

http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx?pf=true

Also have an eBook named FAQ IPv6 Protocol for Windows XP

25. Configuring IPSec to Handle Trusted and Untrusted Domain Authentication

SUMMARY Computers that need to use IP Security Protocol (IPSec) for secure communications must authenticate themselves before establishing an IPSec session. If the computers are part of a Windows 2000-based domain, you can use Kerberos authentication, which is the default authentication protocol. If the computers belong to different domains in the same forest, you can still use Kerberos if there is a trust established between the domains. If there is no trust between the domains, you should use certificates to authenticate the computers.

Today is the best day to learn new things, try hard as much as u can.

Page 33: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 33

MORE INFORMATION Although it is possible to configure a computer to use more than one IPSec authentication method (for example, Kerberos, certificate, and pre-shared key) by adding the appropriate method in the Authentication Methods section of a rule's properties in an IPSec Policy, having each side configured with all possible methods may not be the best configuration. This is because both sides (the initiator and the responder) agree on an authentication method to use; if the chosen method does not work, Windows 2000 does not attempt to negotiate any other configured method. The list of authentication methods is defined so that a Windows 2000-based host can propose different methods when it is negotiating which method to use with another host. The list is not used for failover options. The Internet Key Exchange (IKE) RFC 2409 does not specify if an implementation should--or how to--retry negotiations if the chosen authentication method does not work. When you are using multiple authentication methods, you should configure first the method that is most commonly used--or the one that most commonly works. The precedence order of the authentication methods follows the order in which they are configured. The initiator proposes them in its configured order, and the responder finds the one that it likes best based on its configured precedence order. The following two scenarios are presented as examples.

Scenario 1: Clients Connecting to Servers in Different Domains If clients need to establish IPSec sessions with servers in a different (or untrusted) domain and also with servers in the same (or trusted) domain, this is a possible configuration option: Add Certificate and Kerberos to the clients' Authentication Methods list, listing Certificate first. Configure the servers in the different (or untrusted) domain to use Certificate only. Or, if the server needs also to use Kerberos for its domain clients, add Kerberos but list Certificate first (so that Certificate authentication is chosen). Configure the servers in the same (or trusted) domain to use Kerberos only if you want them to choose Kerberos as the authentication method, or add Certificate if you need to support Certificate authentication.

Scenario 2: Servers Service Clients Located Within and Outside the Corporate Network/Domain

Configure the servers with all of the authentication methods they accept (for example, Kerberos and Certificate). Then, configure the clients located within the corporate network to use Kerberos only, unless you also want to use Certificate authentication. Configure the clients located outside the corporate network to use Certificate authentication only (so that Kerberos authentication is never chosen). Computers that trust only systems in their own (or trusted) domain should use only Kerberos as the authentication method.

Today is the best day to learn new things, try hard as much as u can.

Page 34: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 34

APPLIES TO Microsoft Windows 2000 Server Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Professional Edition

26. Display the Sharing Tab in XP Folder Properties

In Windows NT and Windows 2000, to share a folder you can use Explorer or My Computer and right-click on a folder and you had access to a Sharing tab. Not in Windows XP. That simple functionality is turned off by default. To turn it back on:

• Click Start • Click My Computer • Click Tools menu option • Click Folder Options • Click View tab • In Advanced settings dialog, at the bottom: • Uncheck Use simple file sharing (Recommended)

Now when you right-click a folder in Windows XP, you will see a Sharing option. Windows XP Home Edition supports only Simple File Sharing. Windows XP Professional supports both sharing models.

27. Disable Windows NT/W2K/XP Hidden Administrative Shares

The system automatically creates hidden "administrative shares" for its logical drives C:, D:, and so forth which it names C$, D$ and so forth. It also creates the admin$ hidden share for to the \winnt folder. These shares are designed for remote access support by domain administrators. By default, if you delete these admin shares, they will be recreated when you reboot. To disable permanently so they will not be recreated on the next reboot, use the following Windows NT / Windows 2000 / Windows XP registry hack:

Hive: HKEY_LOCAL_MACHINE Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Name: AutoShareServer for servers Name: AutoShareWks for workstations Type: REG_DWORD Value: 0

For background: Q156365. For details on disabling in Windows XP, see Q314984. In Windows 2000 and Windows XP, you disable the shares via

• Start • Settings

Today is the best day to learn new things, try hard as much as u can.

Page 35: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 35

• Control Panel • Systems Tools panel • Shared Folders • Double-click the Shared Folders branch to expand it • Click Shares • In the Shared Folder column, right-click the share you want to disable • Click Stop sharing • Cick OK.

NOTE: If you disable an administrative share that you have created, it will not be automatically enabled after you restart your computer, and you will need to recreate the share.

Perhaps the best approach to protect hard drive resources on workstations is to disable the server service if you can. There are a few workstation applications that need server service running, in particular, some SNA emulation packages.

28. How to create and delete hidden or administrative shares on client computers

INTRODUCTION This step-by-step article describes how to create and delete hidden or administrative shares on Microsoft Windows XP Professional-based, Windows 2000 Professional-based, and Windows NT 4.0 Workstation-based computers.

MORE INFORMATION A hidden share is identified by a dollar sign ($) at the end of the share name. Hidden shares are not listed when you look through the shares on a computer or use the net view command. The versions of Windows that are listed in the "Applies to" section create hidden administrative shares that administrators, programs, and services can use to manage the computer environment on the network. By default, Windows can enable the following hidden administrative shares: Root partitions or volumes The system root folder The FAX$ share The IPC$ share The PRINT$ share Root partitions and volumes are shared as the drive letter name appended with the $ sign. For example, drive letters C and D are shared as C$ and D$. The system root folder (%SYSTEMROOT%) is shared as ADMIN$. This is your Windows folder, and the administrative share provides administrators easy access to the

Today is the best day to learn new things, try hard as much as u can.

Page 36: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 36

system root folder hierarchy over the network. The FAX$ share is used by fax clients to send a fax. This shared folder caches files and accesses cover pages that are stored on a file server. The IPC$ share is used with temporary connections between clients and servers by using named pipes for communication among network programs. It is primarily used for to remotely administer network servers. The PRINT$ share is used to remotely administer printers. Hidden administrative shares that are created by the computer (such as ADMIN$ and C$) can be deleted, but the computer re-creates them after you stop and restart the Server service or restart your computer. Hidden shares that are created by users can be deleted, and they are not re-created after you restart your computer. Microsoft Windows XP Home Edition does not create hidden administrative shares.

Create a hidden share To create a hidden share, follow these steps: 1. In Control Panel, double-click Administrative Tools, and then double-click

Computer Management. 2. Expand Shared Folders, right-click Shares, and then click New File Share.

3. In the Folder to share box, type the path of the folder that you want to share, or click Browse to locate the folder.

4. Type the share name that you want to use followed by a dollar sign, and then click Next.

5. To make the share accessible to administrators only, select the Administrators have full control; other users have no access check box, and then click Finish.

6. Click Yes to create another share, or click No to return to the Computer Management console.

Delete a hidden share To delete a hidden share, follow these steps:

1. In Control Panel, double-click Administrative Tools, and then double-click Computer Management.

2. Expand Shared Folders, and then click Shares..

3. In the Shared Folder column, right-click the share that you want to delete, click Stop sharing, and then click OK.

Troubleshooting

Test the functionality of your programs and services after you disable the default administrative shares. Some Windows services depend on the existence of these shares.

Today is the best day to learn new things, try hard as much as u can.

Page 37: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 37

Additionally, some third-party programs may require that some of the administrative shares exist. For example, some backup programs may require these shares.

APPLIES TO Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition 2002 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional for Itanium-based systemsMicrosoft Windows 2000 Professional Edition Microsoft Windows NT Workstation 4.0 Developer Edition

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q314984

29. Hidden Shares Are Not Available After You Use the System Policy Editor

SYMPTOMS Hidden shares are no longer available after you save changes with System Policy Editor in registry mode.

CAUSE The value for the AutoShareServer parameter was replaced with the setting in System Policy Editor\Windows NT Network\Sharing\Create Hidden Drive Shares (server).

RESOLUTION To resolve this problem you can edit the WINNT.ADM file or obtain Service Pack 3. POLICY !!WorkstationShareAutoCreate VALUENAME "AutoShareWks" VALUEOFF NUMERIC 0 ---->VALUEON NUMERIC 1 <---- PART !!ShareWks_Tip1 TEXT END PART PART !!ShareWks_Tip2 TEXT END PART END POLICY POLICY !!ServerShareAutoCreate VALUENAME "AutoShareServer" VALUEOFF NUMERIC 0 ---->VALUEON NUMERIC 1 <---- PART !!ShareServer_Tip1 TEXT END PART PART !!ShareServer_Tip2 TEXT END PART END POLICY

Today is the best day to learn new things, try hard as much as u can.

Page 38: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 38

and for BeepEnabled, add the indicated line: POLICY !!Beep_Enabled VALUENAME BeepEnabled VALUEOFF NUMERIC 0 ---->VALUEON NUMERIC 1 <---- PART !!Beep_Tip1TEXTEND PART PART !!Beep_Tip2TEXTEND PART END POLICY Add the lines surrounded by, ----> <----, but leave those characters out. -OR- To correct this problem, manually set the following Local Computer Properties in System Policy Editor before saving changes to the registry: Windows NT Network Sharing Create hidden drive shares (workstation) Create hidden drive shares (server) Windows NT Printers Beep for error enabled NOTE: You must manually set the Local Computer Properties mentioned above each time you save changes to the registry. Their check boxes will be blank (clear) each time you start System Policy Editor, unless you edit the WINNT.ADM file or obtain SP3.

STATUS Microsoft has confirmed this to be a problem in Windows NT Server version 4.0. This problem was corrected in the latest U.S. Service Pack for Windows NT version 4.0. For information on obtaining the Service Pack, query on the following word in the Microsoft Knowledge Base (without the spaces): S E R V P A C K

APPLIES TO Microsoft Windows NT Workstation 3.5 Microsoft Windows NT Workstation 3.51 Microsoft Windows NT Workstation 4.0 Developer Edition Microsoft Windows NT Server 3.51 Microsoft Windows NT Server 4.0 Standard Edition

http://support.microsoft.com/kb/q156365/

Today is the best day to learn new things, try hard as much as u can.

Page 39: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 39

30. Sharing files and folders overview

You can share the files and folders stored on your computer, on a network, and on the Web. The method you choose depends on whom you want to share files with, and what computer they will use to access the files.

If you both use the same computer

You can put the files you want to share in the Shared Documents folder. Files stored in the Shared Documents folder or its subfolders are always available to other users on your computer.

To share files and folders on your computer

1.Open My Documents 2.Click the file or folder you want to share. 3.Drag the file or folder to Shared Documents in Other Places.

Note

• To open My Documents, click Start, and then click My Documents. • If you are connected to a network domain, the Shared Documents, Shared Pictures, and Shared Music folders are not available.

• If the file or folder you want to share is not located in My Documents or its subfolders, use Search to find it. To open Search, click Start, and then click Search.

• Moving or copying a file or folder to Shared Documents makes it available to everyone who uses your computer.

Note

• If you are connected to a network domain, the Shared Documents, Shared Pictures, and Shared Music folders are not available.

If both computers are on the same network

You can share a folder or drive on your computer with others on the network. You can also control whether the files in the shared folder can be modified by other users.

If your computer is connected to a network domain, use this procedure:

To share a folder or drive

Using Shared Folders

1.Open Computer Management (Local)

Today is the best day to learn new things, try hard as much as u can.

Page 40: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 40

2.In the console tree, click Shares.

Where?

Computer Management > System Tools > Shared Folders > Shares 3.On the Action menu, click New File Share. 4.Follow the steps in Create Shared Folder.

You will be prompted to select a folder or drive, type a new share name and description of the shared resource, and set permissions. After you provide this information, click Finish.

Note • To open Computer Management, click Start, and then click Control Panel. Click Performance and Maintenance, click Administrative Tools, and then double-click Computer Management.

• You must be a member of the Administrators or Power Users group to use Shared Folders.

Using Windows Explorer

Open Windows Explorer, and then locate the shared folder or drive to which you want to add a new share name.

If you are logged on to a domain, do the following:

1.Right-click the shared folder or drive, and then click Sharing and Security. 2.Click Share this folder. 3.Set any other options that you want, and then click OK.

If you are not logged on to a domain or if you are running Windows XP Home Edition, do the following:

1.Right-click the shared folder or drive, and then click Properties. 2.On the Sharing tab, click Share this folder on the network. 3.Set any other options that you want, and then click OK.

Note • To open Windows Explorer, click Start, point to All Programs, point to Accessories, and then click Windows Explorer.

Using a command line

1. Open Command Prompt 2. Type: net share sharename=drive:path

Today is the best day to learn new things, try hard as much as u can.

Page 41: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 41

Value Description net share Creates, deletes, or displays shared resources. sharename=drive:pathThe network name of the shared resource and the absolute path of

its location.

Note • To open command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt.

• To view the complete syntax for this command, at a command prompt, type:

net help share

Note • You can use Shared Folders to manage shared resources on both local and remote computers. Windows Explorer and the command line allow you to manage shared resources on your local computer only.

• You can hide the shared resource from users by typing $ as the last character of the shared resource name. Users can map a drive to this shared resource, but they cannot see the shared resource when they browse to it in Windows Explorer or in My Computer, or when they use the net view command on the remote computer. For more information about this command, see Net view

• You must have the appropriate permissions to complete this procedure.

If your computer is connected to a workgroup, use this procedure:

To share a drive or folder on the network

1.Open Windows Explorer, and then locate the drive or folder you want to share. 2.Right-click the drive or folder, and then click Sharing and Security.

• If you are sharing a drive, on the Sharing tab, click If you understand the risk but still want to share the root of the drive, click here.

• If you are sharing a folder, go to the next step.

3.Do one of the following:

If the Share this folder on the network check box is available, select the check box.

If the Share this folder on the network check box is unavailable, this computer is not on a network. If you would like to set up a home or small office network, click the Network Setup Wizard link and follow the instructions to turn on file sharing. Once file sharing is enabled, begin this procedure again.

Today is the best day to learn new things, try hard as much as u can.

Page 42: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 42

Note

• To open Windows Explorer, click Start, point to All Programs, point to Accessories, and then click Windows Explorer.

• To change the name of your folder on the network, type a new name for your folder in the Share name text box. This will not change the name of the folder on your computer.

• To allow other users to change the files in your shared folder, select the Allow other users to change my files check box.

• If you are logged on as a Guest, you cannot create a shared folder. • The Sharing option is not available for the Documents and Settings, Program Files, and WINDOWS system folders. In addition, you cannot share folders in other user's profiles

If you want to share your files online

You can publish pictures and documents on the Web using the Web Publishing Wizard. The files will be stored in a private, online folder that you manage.

To publish a file or folder to the Web

1.Open My Computer 2.Double-click a drive or folder. 3.Click the file or folder you want to publish to the Web. 4.Under File and Folder Tasks:

click Publish this folder to the Web

-or-

click Publish this file to the Web. 5.Follow the instructions in the Web Publishing Wizard.

Note

• To open My Computer, click Start, and then click My Computer. • During the Web publishing process, you may be asked to obtain a .NET Passport.

A passport provides personalized access to passport-enabled services and Web sites by using your e-mail address.

• After you publish a file or folder to the Web, a shortcut to that site is placed in your Web browser's favorites items.

• Publishing a folder to the Web copies the folder to a Web server or a network location, such as a shared folder or an FTP site.

If you don't want others to access your files

You can prevent other users from accessing your folders and the files they contain. When your computer is connected to a domain, this is called setting permissions for your file or

Today is the best day to learn new things, try hard as much as u can.

Page 43: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 43

folder. When your computer is connected to a workgroup, this is called making your folders private.

If your computer is connected to a network domain, use this procedure:

• To allow or deny a permission, in the Permissions for User or Group box, select the Allow or Deny check box.

• To remove the group or user from the Group or user names box, click Remove.

Important • If you are not joined to a domain and want to view the Security tab, see To display the Security tab

Note

• To open Windows Explorer, click Start, point to All Programs, point to Accessories, and then click Windows Explorer.

• In Windows XP Professional, the Everyone group no longer includes Anonymous Logon.

• You can set file and folder permissions only on drives formatted to use NTFS • To change permissions, you must be the owner or have been granted permission to do so by the owner.

• Groups or users granted Full Control for a folder can delete files and subfolders within that folder regardless of the permissions protecting the files and subfolders.

• If the check boxes under Permissions for user or group are shaded or if the Remove button is unavailable, then the file or folder has inherited permissions from the parent folder. For more information on how inheritance affects files and folders, see Related Topics.

• When adding a new user or group, by default, this user or group will have Read & Execute, List Folder Contents, and Read permissions.

31. IPconfig displays Windows NT/W2K/XP ip information

To find out what your ip address is, at the command line type:

ipconfig

You will see the default display: your ip address, network mask and gateway address for your nic card and ras modem. Win9x had a nice gui version, winipcfg, but Microsoft did not include it in the Windows NT / Windows 2000 / Windows XP line. Instead you must

Today is the best day to learn new things, try hard as much as u can.

Page 44: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 44

use the command line ipconfig . To get all the options for ipconfig, at the commandline, type:

ipconfig /?

USAGE: ipconfig [/? | /all | /renew [adapter] | /release [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter | /setclassid adapter [classid] ] where adapter Connection name (wildcard characters * and ? allowed, see examples) Options: /? Display this help message /all Display full configuration information. /release Release the IP address for the specified adapter. /renew Renew the IP address for the specified adapter. /flushdns Purges the DNS Resolver cache. /registerdns Refreshes all DHCP leases and re-registers DNS names /displaydns Display the contents of the DNS Resolver Cache. /showclassid Displays all the dhcp class IDs allowed for adapter. /setclassid Modifies the dhcp class id. The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed. For Setclassid, if no ClassId is specified, then the ClassId is removed. Examples: > ipconfig ... Show information. > ipconfig /all ... Show detailed information > ipconfig /renew ... renew all adapters > ipconfig /renew EL* ... renew any connection that has its name starting with EL > ipconfig /release *Con* ... release all matching connections, eg. "Local Area Connection 1" or "Local Area Connection 2" IP Refresh - Ipconfig and DHCP Client diagnostic Tool is a commercial utility with support for more complex situations.

A winipcfg-like command, wntipcfg.exe is in the netmgmt.cab file of the Windows 2000 server Resource Kit.

Today is the best day to learn new things, try hard as much as u can.

Page 45: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 45

The results of issuing the ipconfig /displaydns on my home Windows 2000 box:

Windows IP Configuration www.techrepublic.com ---------------------------------------- Record Name . . . . . : www.techrepublic.com Record Type . . . . . : 1 Time To Live . . . . : 1834 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 208.50.157.239 Record Name . . . . . : techrepublic.com Record Type . . . . . : 2 Time To Live . . . . : 1834 Data Length . . . . . : 4 Section . . . . . . . : Authority NS Record . . . . . : DNS-SNV.techrepublic.com Record Name . . . . . : techrepublic.com Record Type . . . . . : 2 Time To Live . . . . : 1834 Data Length . . . . . : 4 Section . . . . . . . : Authority NS Record . . . . . : DNS-LOU.techrepublic.com Record Name . . . . . : techrepublic.com Record Type . . . . . : 2 Time To Live . . . . : 1834 Data Length . . . . . : 4 Section . . . . . . . : Authority NS Record . . . . . : DNS-BTF.techrepublic.com Record Name . . . . . : DNS-SNV.techrepublic.com Record Type . . . . . : 1 Time To Live . . . . : 1834 Data Length . . . . . : 4 Section . . . . . . . : Additional A (Host) Record . . . : 208.50.157.213 Record Name . . . . . : DNS-LOU.techrepublic.com Record Type . . . . . : 1 Time To Live . . . . : 1834 Data Length . . . . . : 4 Section . . . . . . . : Additional A (Host) Record . . . : 12.43.21.240

Today is the best day to learn new things, try hard as much as u can.

Page 46: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 46

Record Name . . . . . : DNS-BTF.techrepublic.com Record Type . . . . . : 1 Time To Live . . . . : 1834 Data Length . . . . . : 4 Section . . . . . . . : Additional A (Host) Record . . . : 12.43.21.13 ns1.canuck.gen.nz ---------------------------------------- Record Name . . . . . : ns1.canuck.gen.nz Record Type . . . . . : 1 Time To Live . . . . : 2145 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 206.40.46.70 ns1.realnames.com ---------------------------------------- Record Name . . . . . : ns1.realnames.com Record Type . . . . . : 1 Time To Live . . . . : 80038 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 216.86.229.5 ns2.sourcefire.com ---------------------------------------- Record Name . . . . . : ns2.sourcefire.com Record Type . . . . . : 1 Time To Live . . . . : 44872 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 151.196.107.165 hobbes.auburn.net ---------------------------------------- Record Name . . . . . : hobbes.auburn.net Record Type . . . . . : 1 Time To Live . . . . : 35205 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 209.16.236.10 dns2.dc.msft.net ---------------------------------------- Record Name . . . . . : DNS2.DC.MSFT.NET Record Type . . . . . : 1 Time To Live . . . . : 23278 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 207.68.128.152

Today is the best day to learn new things, try hard as much as u can.

Page 47: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 47

nsjersey.realnames.com ---------------------------------------- Record Name . . . . . : nsjersey.realnames.com Record Type . . . . . : 1 Time To Live . . . . : 79515 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 209.185.190.204 ns7.flycast.com ---------------------------------------- Record Name . . . . . : ns7.flycast.com Record Type . . . . . : 1 Time To Live . . . . : 12469 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 216.52.6.21 ns3.europe.yahoo.com ---------------------------------------- Record Name . . . . . : ns3.europe.yahoo.com Record Type . . . . . : 1 Time To Live . . . . : 9861 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 217.12.4.71 ze.akadns.net ---------------------------------------- Section . . . . . . . : Answer A (Host) Record . . . : 12.47.217.11 Section . . . . . . . : Answer

32. L2TP/IPsec NAT-T update for Windows XP and Windows 2000

SUMMARY Microsoft has released an update package to enhance the current functionality of Layer Two Tunneling Protocol (L2TP) and Internet Protocol security (IPsec) on computers that run Microsoft Windows 2000, Microsoft Windows XP without service packs installed, and Windows XP with Service Pack 1 (SP1).This functionality is included in Windows XP Service Pack 2 (SP2). Computers that run Windows XP with a service pack do not have to install this update package. This update includes improvements to IPsec to better support virtual private network (VPN) clients that are behind network address translation (NAT) devices. If you apply

Today is the best day to learn new things, try hard as much as u can.

Page 48: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 48

this update to a computer that is running Windows XP, and if the IPsec service encounters a runtime error and cannot start for any reason, the IPsec driver operates in block mode because it cannot secure network traffic. Note The IPsec service appears as "IPSEC services" in the list of system services. For more information about the latest service pack for Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:

New IPsec features and Management and Monitor snap-ins • After you install this update, Windows 2000 and Windows XP-based L2TP/IPsec

clients can create IPsec connections from behind a NAT device. The new IPsec NAT-T functionality is based on the IETF Requests for Comments (RFC) 3193 and version 2 of the original IETF IPsec NAT-T Internet drafts. Windows XP clients that have SP2 also have this enhanced connectivity option. IPsec NAT-T is currently specified in RFCs 3947 and 3948.

• The updated IPsec Monitor snap-in can view computers that are running Windows XP, but only if the Windows XP-based computer has SP2 installed.

• The updated IPsec Monitor snap-in can view computers that are running Microsoft Windows Server 2003. Similarly, Windows Server 2003 can monitor Windows XP-based computers that have SP2 installed.

• Computers that are running Windows 2000 cannot be monitored with this snap-in. • The new IPsec Management snap-in switches to read-only mode when it

encounters policy objects that contain advanced features that were created in Windows Server 2003 (for example, DH2048, Certificate Mapping, or dynamic filters). This behavior causes the snap-in objects (for example, rules, filter lists, or main mode offerings) to become uneditable if they contain references to these new settings. The IPsec Management snap-in switches to read-only mode so that it cannot accidentally remove critical advanced features.

• The updated IPsec services on Windows XP-based computers can expose most of the new features that are provided in a Windows Server 2003 policy. Note Certificate Mapping is not available.

• If an earlier version of the IPseccmd tool is installed on a Windows XP-based computer (this tool is not available in Windows 2000), an updated IPseccmd is installed in the drive:\Program Files\Support Tools folder. The updated IPseccmd has the following features:

o It dynamically turns Internet Key Exchange (IKE) logging on and off. o It displays information about a currently assigned policy. o It lets you create a persistent IPsec policy.

Note The earlier version of IPseccmd does not work on updated computers, and the updated IPseccmd does not work on computers that are not updated.

Today is the best day to learn new things, try hard as much as u can.

Page 49: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 49

33. SmbRelay captures NTLM hashes

Smbrelay and Smbrelay2 collect NTLM password hashes and writes them to hashes.txt in a format usable by L0phtcrack so the passwords can be cracked later. It is an SMB man-in-the-middle attack.

SMBRelay takes advantage of the Server Message Block (SMB) file sharing protocol. SMB is layered onto NetBIOS, the networking application interface first created by IBM and adopted by Microsoft for DOS. When you share a Windows directory or drive over a local area network, you are most likely utilizing SMB over NetBIOS over NetBEUI, IPX, or TCP/IP. OK one might ask, what does DOS have to do with a modern network exploit?

Microsoft has maintained backward compatibility with its older "dialects." This backward compatibility means that when a SMB session is initiated, a more primitive "plain text" level of authentication can often be negotiated that provides for maximum exposure of the password data. Because SMB was developed to facilitate file and print sharing on local networks, a Windows client will automatically attempt to log onto an SMB server. In the process, the host and client will exchange password hashes. These pairs of password hashes, the challenge from the host plus the response from the client, can be sniffed and saved for later cracking by L0phtcrack.

The only effective way to block SMB hijacking is to use SMB signing. Unfortunately there is a performance hit. See Registry Tip #206: SMB Signing for the implementation details. If your concern is hackers coming across the firewall and using SMB session hijacking, you can block that by not allowing UDP ports 137 and 138 as well as TCP ports 139 and 445 from coming through the firewall.

Sir Dystic's SMBRelay automates the process by functioning first as a data relay between the client and host, sending on all but the authentication data. Then the attacker disconnects the client and binds the host to a new IP relay address that the attacker can log on to, all the while maintaining the original client's host privileges. At the same time NTLM password hashes exchanged by the client and host are collected and saved to a text file.

SmbRelay is setup to so that when it receives a connection on port 139, it connects back to the connecting computer's port 139, and relays the packets between the client and server of the connecting Windows machine, making modifications to these packets when necessary. After connecting and authenticating it disconnects the target's client and binds to port 139 on a new IP address. This IP address (the relay address) can then be connected to directly from windows using "net use \\192.1.1.1" and then used by all of the networking built into Windows. It relays all the SMB traffic, except for the negotiation and authentication. You can disconnect from and reconnect to this virtual IP as long as the target host stays connected. SMBRelay is multi-threaded and handles multiple connections simultaneously. It will create new IP addresses sequentially, removing them when the target host disconnects. It will not allow the same IP address to

Today is the best day to learn new things, try hard as much as u can.

Page 50: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 50

connect twice, unless a successful connection to that target was achieved and disconnected. If this happens, it may use the same relay address again for another connection.

34. XP : speedup access to network shares

I have seen reports that Windows XP is slow when accessing network shares. I use XP daily on my local home network and a corporate LAN. I haven't noticed the network slowness. But if you do, there are reports that deleting a particular registry key resolved the problem. It certainly works for Windows 2000. You can give it a try in XP. I would backup the key first.

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace/{D6277990-4C6A-11CF-8D87-00AA0060F5BF}

To backup and delete the key, In the regedt32 registry editor navigate to the NameSpace key :

• Right click {D6277990-4C6A-11CF-8D87-00AA0060F5BF} • Click Export. From the Export Registry File dialog box in the File Name text box

: • Type the filename of your choice as in restoreshare • Click Save

This saves the file names (in my example), restoreshare.reg to the My Documents folder. Its now safe to delete the key.

• Right click {D6277990-4C6A-11CF-8D87-00AA0060F5BF} • Click Delete • Click Yes in the Confirm Key Delete dialog box.

If your system is unstable or weird after deleting this key, you can restore the key. In Explorer, double-click on your reg file. This will restore the deleted registry key.

35. How to reset Internet Protocol (TCP/IP) in Windows XP

INTRODUCTION In Microsoft Windows XP, the TCP/IP stack is considered to be a core component of the operating system, and you cannot remove TCP/IP. Therefore, when you view the list of components for a network interface, you may notice that the Uninstall button is disabled when Internet Protocol (TCP/IP) is selected. In extreme cases, the best solution for this issue may be to reinstall the Internet Protocol stack. But with the NetShell utility, you can

Today is the best day to learn new things, try hard as much as u can.

Page 51: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 51

reset the TCP/IP stack to restore it to its state that existed when the operating system was installed. This article describes how to use the NetShell utility for this purpose.

MORE INFORMATION

Manual method to reset TCP/IP The NetShell utility (netsh) is a command-line scripting interface for configuring and monitoring Windows XP networking. This tool provides an interactive network shell interface to the user. In Windows XP, a reset command is available in the IP context of the NetShell utility. When you run the reset command, it rewrites pertinent registry keys that are used by the Internet Protocol (TCP/IP) stack to reach the same result as the removal and the reinstallation of the protocol. SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ SYSTEM\CurrentControlSet\Services\DHCP\Parameters\

Command usage netsh int ip reset [log_file_name]To manually run the command successfully, you must specify a file name for the log where actions that are taken by netsh will be recorded. For example, at a command prompt, type either of the samples that are listed in the "Command samples" section. The TCP/IP stack will then be reset on a system, and the actions that were taken will be recorded in the log file, Resetlog.txt. The first sample creates the log file in the current directory, while the second sample creates a path where the log will reside. In either case, where the specified log file already exists, the new log will be appended to the end of the existing file. Warning Programs that access or monitor the Internet such as antivirus, firewall or proxy clients may be negatively affected when you run the netsh winsock reset command. If you have a program that no longer functions correctly after you use this resolution, reinstall the program to restore functionality.

Command samples netsh int ip reset resetlog.txt netsh int ip reset c:\resetlog.txt

Sample Log File for NETSH INT IP RESET The following is a sample of the log file that is generated by netsh when an IP reset command is issued. The actual log file may vary depending on the configuration of the system where the command is issued. When the TCP/IP registry keys have not been altered from their original configuration, there may be no actions logged in the file.

Today is the best day to learn new things, try hard as much as u can.

Page 52: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 52

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation old REG_MULTI_SZ = SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\NetbiosOptions added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BAA9D128-54BB-43F6-8922-313D537BE03E}\NetbiosOptions reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\NameServerList old REG_MULTI_SZ = 10.1.1.2 deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\AddressType added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\DefaultGatewayMetric added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\DisableDynamicUpdate deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\DontAddDefaultGateway reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\EnableDhcp old REG_DWORD = 0 added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\NameServer added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\RawIpAllowedProtocols added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\TcpAllowedPorts added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DDD011E-B1B6-4886-87AC-B4E72693D10C}\UdpAllowedPorts added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\DisableDynamicUpdate

Today is the best day to learn new things, try hard as much as u can.

Page 53: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 53

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\EnableDhcp old REG_DWORD = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\IpAddress old REG_MULTI_SZ = 12.12.12.12 deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\IpAutoconfigurationSeed reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\SubnetMask old REG_MULTI_SZ = 255.255.255.0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B3675C3-6EB9-4936-B991-04DA31024C4E}\UdpAllowedPorts old REG_MULTI_SZ = 0 added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\AddressType added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\DefaultGatewayMetric added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\DisableDynamicUpdate deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\DontAddDefaultGateway

Today is the best day to learn new things, try hard as much as u can.

Page 54: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 54

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\EnableDhcp old REG_DWORD = 0 added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\NameServer added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\RawIpAllowedProtocols added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\TcpAllowedPorts added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAA9D128-54BB-43F6-8922-313D537BE03E}\UdpAllowedPorts reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\DefaultGateway old REG_MULTI_SZ = 10.1.1.2 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\DefaultGatewayMetric old REG_MULTI_SZ = 0 added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\DisableDynamicUpdate reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\EnableDhcp old REG_DWORD = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\IpAddress old REG_MULTI_SZ = 10.1.1.1 deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\IpAutoconfigurationSeed

Today is the best day to learn new things, try hard as much as u can.

Page 55: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 55

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\NameServer old REG_SZ = 10.1.1.2,10.1.1.3 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\SubnetMask old REG_MULTI_SZ = 255.255.255.0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BD2859BA-B26A-4E2B-A3FE-3D246F90A81A}\UdpAllowedPorts old REG_MULTI_SZ = 0 deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution <completed>

REFERENCES For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 314067 (http://support.microsoft.com/kb/314067/) How to troubleshoot TCP/IP connectivity with Windows XP For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 811259 (http://support.microsoft.com/kb/811259/) How to determine and recover from Winsock2 corruption

Today is the best day to learn new things, try hard as much as u can.

Page 56: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 56

36. How to troubleshoot TCP/IP connectivity with Windows XP

INTRODUCTION There are tools that can provide useful information when you are trying to determine the cause of TCP/IP networking problems under Microsoft Windows XP. This article lists recommendations for using these tools to diagnose network problems. Although this list is not complete, the list does provide examples that show how you can use these tools to track down problems on the network..

MORE INFORMATION

TCP/IP troubleshooting tools The following list shows some of the TCP/IP diagnostic tools that are included with Windows XP:

Basic tools • Network Diagnostics in Help and Support

Contains detailed information about the network configuration and the results of automated tests.

• Network Connections folder Contains information and configuration for all network connections on the computer. To locate the Network Connections folder, click Start, click Control Panel, and then click Network and Internet Connections.

• IPConfig command Displays current TCP/IP network configuration values, updates, or releases, Dynamic Host Configuration Protocol (DHCP) allocated leases, and display, register, or flush Domain Name System (DNS) names.

• Ping command Sends ICMP Echo Request messages to verify that TCP/IP is configured correctly and that a TCP/IP host is available.

Advanced tools • Hostname command

Displays the name of the host computer. • Nbtstat command

Displays the status of current NetBIOS over TCP/IP connections, updates the NetBIOS name cache, and displays the registered names and scope ID.

• PathPing command Displays a path of a TCP/IP host and packet losses at each router along the way.

• Route command Displays the IP routing table and adds or deletes IP routes.

• Tracert command Displays the path of a TCP/IP host.

Today is the best day to learn new things, try hard as much as u can.

Page 57: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 57

To view the correct command syntax to use with each of these tools, type -? at a command prompt after the name of the tool.

Windows XP Professional tools Windows XP Professional contains the following additional tools:

• Event viewer Records system errors and events.

• Computer Management Changes network interface drivers and other components.

Troubleshooting The procedure that you use to troubleshoot TCP/IP issues depends on the type of network connection that you are using and the connectivity problem that you are experiencing.

Automated troubleshooting For most issues that involve Internet connectivity, start by using the Network Diagnostics tool to identify the source of the issue. To use Network Diagnostics, follow these steps:

1. Click Start, and then click Help and Support. 2. Click the link to Use Tools to view your computer information and diagnose

problems, and then click Network Diagnostics in the list on the left. 3. When you click Scan your system, Network Diagnostics gathers configuration

information and performs automated troubleshooting of the network connection. 4. When the process is completed, look for any items that are marked "FAILED" in

red, expand those categories, and then view the additional details about what the testing showed.

You can either use that information to resolve the issue or you can provide the information to a network support professional for help. If you compare the tests that failed with the documentation in the Manual Troubleshooting section later in this article, you may be able to determine the source of the issue. To interpret the results for TCP/IP, expand the Network Adapters section of the results, and then expand the network adapter that failed the testing. You can also start the Network Diagnostics interface directly by using the following command:

netsh diag gui

Manual troubleshooting To manually troubleshoot your TCP/IP connectivity, use the following methods in the order that they appear:

Method 1: Use the IPConfig tool to verify the configuration

Today is the best day to learn new things, try hard as much as u can.

Page 58: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 58

To use the IPConfig tool to verify the TCP/IP configuration on the computer that is experiencing the problem, click Start, click Run, and then type cmd. You can now use the ipconfig command to determine the host computer configuration information, including the IP address, the subnet mask, and the default gateway. The /all parameter for IPConfig generates a detailed configuration report for all interfaces, including any remote access adapters. You can redirect IPConfig output to a file to paste the output into other documents. To do this, type:

ipconfig > \folder_name\file_name

The output receives the specified file name and is stored in the specified folder. You can review the IPConfig output to identify issues that exist in the computer network configuration. For example, if a computer is manually configured with an IP address that duplicates an existing IP address that is already detected, the subnet mask appears as 0.0.0.0. If your local IP address is returned as 169.254.y.z with a subnet mask of 255.255.0.0, the IP address was assigned by the Automatic Private IP Addressing (APIPA) feature of Windows XP Professional. This assignment means that TCP/IP is configured for automatic configuration, that no DHCP server was found, and that no alternative configuration is specified. This configuration has no default gateway for the interface. If your local IP address is returned as 0.0.0.0, the DHCP Media Sensing feature override turned on because the network adapter detected its lack of connection to a network, or TCP/IP detected an IP address that duplicates a manually configured IP address. If you do not identify any issues in the TCP/IP configuration, go to Method 2.

Method 2: Use the Ping tool to test your connectivity If you do not identify any issues in the TCP/IP configuration, determine whether the computer can connect to other host computers on the TCP/IP network. To do this, use the Ping tool. The Ping tool helps you verify IP-level connectivity. The ping command sends an ICMP Echo Request message to a destination host. Use Ping whenever you want to verify that a host computer can send IP packets to a destination host. You can also use Ping to isolate network hardware problems and incompatible configurations. Note If you ran the ipconfig /all command, and the IP configuration appeared, you do not have to ping the loopback address and your own IP address. IPConfig has already performed these tasks to display the configuration. When you troubleshoot, verify that a

Today is the best day to learn new things, try hard as much as u can.

Page 59: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 59

route exists between the local computer and a network host. To do this, use the following command:

ping IP address

NoteIP address is the IP address of the network host that you want to connect to. To use the ping command, follow these steps:

1. Ping the loopback address to verify that TCP/IP is installed and correctly configured on the local computer. To do this, type the following command:

ping 127.0.0.1 If the loopback test fails, the IP stack is not responding. This problem may occur if any one or more of the following conditions is true:

o The TCP drivers are corrupted. o The network adapter is not working. o Another service is interfering with IP.

2. Ping the IP address of the local computer to verify that the computer was correctly

added to the network. If the routing table is correct, this procedure just forwards the packet to the loopback address of 127.0.0.1. To do this, type the following command:

ping IP address of local host

If the loopback test succeeds but you cannot ping the local IP address, there may be an issue with the routing table or with the network adapter driver.

3. Ping the IP address of the default gateway to verify that the default gateway is

working and that you can communicate with a local host on the local network. To do this, type the following command:

ping IP address of default gateway

If the ping fails, you may have an issue with the network adapter, the router or gateway device, the cabling, or other connectivity hardware.

4. Ping the IP address of a remote host to verify that you can communicate through a router. To do this, type the following command:

ping IP address of remote host

If the ping fails, the remote host may not be responding, or there may be a problem with the network hardware between computers. To rule out an unresponsive remote host, use Ping again to a different remote host.

Today is the best day to learn new things, try hard as much as u can.

Page 60: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 60

5. Ping the host name of a remote host to verify that you can resolve a remote host name. To do this, type the following command:

ping Host name of remote host

Ping uses name resolution to resolve a computer name into an IP address. Therefore, if you successfully ping an IP address but you cannot ping a computer name, there is a problem with host name resolution, not with network connectivity. Verify that DNS server addresses are configured for the computer, either manually in the properties of TCP/IP, or by automatic assignment. If DNS server addresses are listed when you type the ipconfig /all command, try to ping the server addresses to make sure that they are accessible.

If you cannot use Ping successfully at any point, verify the following configurations: • Make sure that the local computer's IP address is valid and that it is correct on the

General tab of the Internet Protocol (TCP/IP) Properties dialog box or when it is used with the Ipconfig tool.

• Make sure that a default gateway is configured and that the link between the host and

the default gateway is working. For troubleshooting purposes, make sure that only one default gateway is configured. Although you can configure more than one default gateway, gateways after the first gateway are used only if the IP stack determines that the original gateway is not working. The purpose of troubleshooting is to determine the status of the first configured gateway. Therefore, you can delete all the other gateways to simplify your task.

• Make sure that Internet Protocol security (IPSec) is not turned on. Depending on the

IPSec policy, Ping packets may be blocked or may require security. For more information about IPSec, go to Method 7: Verify Internet Protocol security (IPSec).

Important If the remote computer that you are pinging is across a high-delay link such as a satellite link, response may take longer. You can use the -w (wait) parameter to specify a longer timeout period than the default timeout of four seconds.

Method 3: Use the PathPing tool to verify a route The PathPing tool detects packet loss over multiple-hop paths. Run a PathPing analysis to a remote host to verify that the routers on the way to the destination are operating correctly. To do this, type the following command:

pathping IP address of remote host

Method 4: Use the Arp tool to clear the ARP cache If you can ping both the loopback address (127.0.0.1) and your IP address but you cannot

Today is the best day to learn new things, try hard as much as u can.

Page 61: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 61

ping any other IP addresses, use the Arp tool to clear out the Address Resolution Protocol (ARP) cache. To view the cache entries, type any one of the following commands:

arp -a arp -g

To delete the entries, type the following command: arp -d IP address

To flush the ARP cache, type the following command: netsh interface ip delete arpcache

Method 5: Verify the default gateway The gateway address must be on the same network as the local host. Otherwise, messages from the host computer cannot be forwarded outside the local network. If the gateway address is on the same network as the local host, make sure that the default gateway address is correct. Make sure that the default gateway is a router, not just a host. And make sure that the router is enabled to forward IP datagrams.

Method 6: Use the Tracert tool or the Route tool to verify communications If the default gateway responds correctly, ping a remote host to make sure that network-to-network communications are working correctly. If communications are not working correctly, use the Tracert tool to trace the path of the destination. For IP routers that are Microsoft Windows 2000-based or Microsoft Windows NT 4.0-based computers, use the Route tool or the Routing and Remote Access snap-in to view the IP routing table. For other IP routers, use the vendor-designated appropriate tool or facility to examine the IP routing table. Most frequently, you receive the following four error messages when you use Ping during troubleshooting:

TTL Expired in Transit

This error message means that the number of required hops exceeds the Time to Live (TTL). To increase TTL, by use the ping -i command. A routing loop may exist. Use the Tracert command to determine whether misconfigured routers have caused a routing loop.

Destination Host Unreachable

This error message means that no local or remote route exists for a destination host at the sending host or at a router. Troubleshoot the local host or the router's routing table.

Request Timed Out

Today is the best day to learn new things, try hard as much as u can.

Page 62: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 62

This error message means that the Echo Reply messages were not received in the designated timeout period. By default, the designated timeout period is four seconds. Use the ping -w command to increase the timeout.

Ping request could not find host

This error message means that the destination host name cannot be resolved. Verify the name and the availability of DNS or WINS servers.

Method 7: Verify Internet Protocol security (Ipsec) IPSec can improve security on a network, but changing network configurations or troubleshooting problems more difficult. Sometimes, IPSec policies require secured communication on a Windows XP Professional-based computer. These requirements can make it difficult to connect to a remote host. If IPSec is implemented locally, you can turn off the IPSEC Services service in the Services snap-in. If the difficulties end when you stop the IPSec services, IPSec policies are either blocking the traffic or requiring security for the traffic. Ask the security administrator to modify the IPSec policy.

Method 8: Verify packet filtering Because of mistakes in packet filtering, address resolution or connectivity may not work. To determine whether packet filtering is the source of a network problem, turn off TCP/IP packet filtering. To do this, follow these steps:

1. Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.

2. Right-click the local area connection that you want to modify, and then click Properties.

3. On the General tab, in the This connection uses the following items list, click Internet Protocol (TCP/IP), and then click Properties.

4. Click Advanced, and then click the Options tab. 5. In the Optional Settings dialog box, click TCP/IP Filtering, and then click the

Properties tab. 6. Click to clear the Enable TCP/IP Filtering (All adapters) check box, and then

click OK. To ping an address, use its DNS name, its NetBIOS computer name, or its IP address. If the ping succeeds, the packet filtering options may be misconfigured or too restrictive. For example, the filtering can allow the computer to act as a Web server, but, to do this, the filtering may turn off tools such as remote administration. To restore a wider range of permissible filtering options, change the permitted values for the TCP port, the UDP port, and the IP protocol.

Today is the best day to learn new things, try hard as much as u can.

Page 63: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 63

Method 9: Verify the connection to a specific server To determine the cause of connectivity problems when you are trying to connect to a specific server through NetBIOS-based connections, use the nbtstat -n command on the server to determine what name the server registered on the network. The nbtstat -n output command lists several names that the computer has registered. The list will include a name that looks similar to the computer's name that is configured on the Computer Name tab under System in Control Panel. If not, try one of the other unique names that the nbtstat command displays. The Nbtstat tool can also display the cached entries for remote computers from #PRE entries in the Lmhosts file or from recently resolved names. If the name that the remote computers are using for the server is the same, and the other computers are on a remote subnet, make sure that the other computers have the computer's name-to-address mapping in their Lmhosts files or WINS servers.

Method 10: Verify remote connections To determine why a TCP/IP connection to a remote computer stops responding, use the netstat -a command to show the status of all activity for TCP and UDP ports on the local computer. Typically, a good TCP connection shows 0 bytes in the Sent and Received queues. If data is blocked in either queue or the state of the queues is irregular, the connection may be faulty. If data is not blocked, and the state of the queues is typical, you may be experiencing network or program delay.

Method 11: Use the Route tool to examine the routing table For two hosts to exchange IP datagrams, both hosts must have a route to each other, or they must use default gateways that have a route. To view the routing table on a Windows XP-based host, type the following command:

route print

Method 12: Use the Tracert tool to examine paths Tracert sends ICMP Echo Request messages that have incrementally higher values in the IP header TTL field to determine the path from one host to another through a network. Then Tracert analyzes the ICMP messages that are returned. With Tracert, you can track the path from router to router for up to 30 hops. If a router has failed, or the packet is routed into a loop, Tracert reveals the problem. After you locate the problem router, you

Today is the best day to learn new things, try hard as much as u can.

Page 64: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 64

can contact the router administrator if the router is offsite, or you can restore the router to fully functional status if the router is under your control.

Method 13: Troubleshoot gateways If you receive the following error message during configuration, determine whether the default gateway is located on the same logical network as the computer's network adapter:

Your default gateway does not belong to one of the configured interfaces Compare the network ID part of the default gateway IP address with the network IDs of the computer's network adapters. Specifically, verify that the bitwise logical AND of the IP address and the subnet mask equals the bitwise logical AND of the default gateway and the subnet mask. For example, a computer that has a single network adapter that is configured with an IP address of 172.16.27.139 and a subnet mask of 255.255.0.0 must use a default gateway of the form 172.16.y.z. The network ID for this IP interface is 172.16.0.0.

Additional resources The following resources contain additional information about how to troubleshoot Microsoft TCP/IP: See the "Configuring TCP/IP" topic in the documentation for the Microsoft Windows XP Professional Resource Kit. See "Introduction to TCP/IP" in the TCP/IP Core Networking Guide of the Microsoft Windows 2000 Server Resource Kit for general information about the TCP/IP protocol suite. See "Unicast Routing Overview" in the Internetworking Guide of the Microsoft Windows 2000 Server Resource Kit for more information about routing principles. See "TCP/IP Troubleshooting" in the TCP/IP Core Networking Guide of the Microsoft Windows 2000 Server Resource Kit for more information about IP packet filtering.

37. How to determine and recover from Winsock2 corruption

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and

Today is the best day to learn new things, try hard as much as u can.

Page 65: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 65

modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

SYMPTOMS When you try to release and renew the IP address by using the Ipconfig program (Ipconfig.exe), you may receive one of the following error messages. Message 1

An error occurred while renewing interface 'Internet': An operation was attempted on something that is not a socket.

Message 2 An error occurred while renewing interface Local Area Connection: the requested service provider could not be loaded or initialized.

When you start Internet Explorer, you may receive the following error message: The page cannot be displayed

When you use your computer, you may receive the following error message: Initialization function INITHELPERDLL in IPMONTR.DLL failed to start with error code 10107

Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them. When you use the ipconfig /renew command, you may receive the following error messages. Message 1

An error occurred while renewing interface local area connection: an operation was attempted on something that is not a socket. Unable to contact driver Error code 2.

Message 2 The operation failed since no adapter is in the state permissible for this operation.

Message 3 The attempted operation is not supported for the type of object referenced.

In Device Manager, when you click Show Hidden Devices, the TCP/IP Protocol Driver is listed as disabled under Non-Plug and Play drivers, and you receive error code 24. When you create a dial-up connection, you may receive the following error message:

Error 720: No PPP Control Protocols Configured

RESOLUTION

Manual steps to determine whether the Winsock2 key is corrupted To determine if the symptoms are caused by a problem with the Winsock2 key, use one of the following methods.

Today is the best day to learn new things, try hard as much as u can.

Page 66: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 66

Method 1: Use the Netdiag tool To use the Netdiag tool, you must install the Microsoft Windows XP Support Tools. To do so, follow these steps. Notes

• If you already have Support Tools installed, go to the second procedure in this section.

• If you do not have Support Tools installed and you do not have the Windows XP Setup CD, go to Method 2.

1. Insert your Windows XP Setup CD, and then locate the Support\Tools folder. 2. Double-click the Setup.exe file. 3. Follow the steps on the screen until you reach the Select An Installation Type

screen. 4. On the Select An Installation Type screen, click Complete, and then click Next.

When the installation is complete, follow these steps:

1. Click Start, click Run, type Command, and then click OK. 2. Type netdiag /test:winsock, and then press ENTER.

The Netdiag tool will return the test results for several network components, including the Winsock. For more details about the test, use /v at the end of the netdiag command: netdiag /test:winsock /v

Method 2: Use the Msinfo32 program Note Use this method only if you do not have a Windows XP Setup CD and you do not have Support Tools installed.

1. Click Start, click Run, type Msinfo32, and then click OK. 2. Expand Components, expand Network, and then click Protocol. 3. You will have ten sections under Protocol. The section headings will include the

following names if the Winsock2 key is undamaged: • MSAFD Tcpip [TCP/IP] • MSAFD Tcpip [UDP/IP] • RSVP UDP Service Provider • RSVP TCP Service Provider • MSAFD NetBIOS [\Device\NetBT_Tcpip... • MSAFD NetBIOS [\Device\NetBT_Tcpip... • MSAFD NetBIOS [\Device\NetBT_Tcpip... • MSAFD NetBIOS [\Device\NetBT_Tcpip... • MSAFD NetBIOS [\Device\NetBT_Tcpip... • MSAFD NetBIOS [\Device\NetBT_Tcpip...

Today is the best day to learn new things, try hard as much as u can.

Page 67: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 67

If the names are anything different from those in this list, the Winsock2 key is corrupted, or you have a third-party add-on, such as proxy software, installed. If you have a third-party add-on installed, the name of the add-on will replace the letters "MSAFD" in the list. If there are more than ten sections in the list, you have third-party additions installed. If there are fewer than ten sections, there is information missing. Note These entries represent an installation with only the TCP/IP protocol installed. You can have a working Winsock and see additional entries if another protocol is installed. For example, if you install NWLink IPX/SPX, you will see 7 additional sections, for a total of 17. Below is an example heading of one of the new sections:

MSAFD nwlnkipx [IPX]

Also, each of the new sections that are created by installing NWLink IPX/SPX start with "MSAFD." Therefore, there are still only two sections that do not start with those letters. If the Netdiag test fails, or if you determined that there is Winsock corruption by looking at Msinfo32, you must repair the Winsock2 key by using the steps in the next section.

Manual steps to recover from Winsock2 corruption

Windows XP with Service Pack 2 instructions To repair Winsock if you have Windows XP Service Pack 2 (SP2) installed, type netsh winsock reset at the command prompt, and then press ENTER. Note Restart the computer after you run this command. Additionally, for computers that are running Windows XP SP2, there is a new netsh command that can rebuild the

nsock key. For more information, visit the following Web site: Wi http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx (http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx) Warning Programs that access or monitor the Internet such as antivirus, firewall, or proxy clients may be negatively affected when you run the netsh winsock reset command. If you have a program that no longer functions correctly after you use this resolution, reinstall the program to restore functionality. Note If these steps do not resolve the problem, follow the steps in the next section.

Windows XP without Service Pack 2 instructions To repair Winsock if you do not have Windows XP SP2 installed, delete the corrupted registry keys, and then reinstall the TCP/IP protocol.

Today is the best day to learn new things, try hard as much as u can.

Page 68: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 68

Step 1: Delete the corrupted registry keys Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. For more information about how to back up the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up, edit, and restore the registry in Windows XP and Windows Server 2003

1. Click Start, and then click Run. 2. In the Open box, type regedit, and then click OK. 3. In Registry Editor, locate the following keys, right-click each key, and then click

Delete: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

4. When you are prompted to confirm the deletion, click Yes. Note Restart the computer after you delete the Winsock keys. Doing so causes the Windows XP operating system to create new shell entries for those two keys. If you do not restart the computer after you delete the Winsock keys, the next step does not work correctly.

Step 2: Install TCP/IP

1. Right-click the network connection, and then click Properties. 2. Click Install. 3. Click Protocol, and then click Add. 4. Click Have Disk. 5. Type C:\Windows\inf, and then click OK. 6. On the list of available protocols, click Internet Protocol (TCP/IP), and then

click OK. If Internet Protocol (TCP/IP) does not appear, follow these steps:

a. Click Start, and then click Search. b. In the Search Companion pane, click More advanced options. c. Click to select the following three check boxes:

• Search system folders • Search hidden files and folders • Search subfolders

d. In the All or part of the file name box, type nettcpip.inf, and then click Search.

e. In the results pane, right-click Nettcpip.inf, and then click Install. 7. Restart the computer.

Today is the best day to learn new things, try hard as much as u can.

Page 69: 04. Windows XP Admin Tips-Network

Windows XP Admin Tips ~ network ~ 69

APPLIES TO Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows XP Home Edition Microsoft Windows XP Professional

Today is the best day to learn new things, try hard as much as u can.