Do Do Do – Try This at Home
You may have seen television programs featuring dangerous stunts, which end with an inane message, ‘don’t try this at home’. Guy says: Do Do Do, try the following at home. My reasoning is this, while all these configuration changes are fun, even I admit that most are too naught to try on your company’s servers.
As I wrote these naughty but nice tricks to try on your home server, so I pictured a test network connected to the internet. I see a Virtual Machine where you are trying out some of my suggestions or better still, some of your own ideas.
All these ‘Hacks’ work on Windows Server 2003 (Also RC2). Many will also apply to XP.
This Shutdown Event Tracker has been voted the most irritating message in Windows Server 2003. Techies, like ‘Mad Mick’ hate it even more than the Office Paperclip wizard. I zap this exasperating Shutdown Tracker menu via Group Policy.
In your Active Directory, navigate to the Domain Controllers Group Policy, (GPMC is cool). Once the Group Policy launches, navigate to: Computer Configuration, Administrative Templates, System, now look for:
As soon as you have finished configuring the Group Policy, run gpupdate /force. Now try Start, Shutdown, there should be no sign of the irritating Tracker, you don’t actually have to go through with the Shutdown to see the effect.
I once flirted with disabling this Shutdown Event Tracker setting via the registry, but I am now in favor of controlling it via Group Policy. What is more interesting is how I found out where in the registry the setting is located. What I did was export the registry with regedit, made the change via Group Policy, then exported the registry – again. Next I ran a utility called Windiff to compare the two files and thus highlight where in the registry to locate the difference that I just created.
The answer was HKLM\Software\Policies\Microsoft\Windows NT\Reliability\ShutdownReasonOn value = zero.
Remove IE’s ‘Nagging Nanny’. – Control Panel, Add or Remove Programs
Problem. When I’m at my Windows Server 2003 I cannot browse with Internet Explorer. Now I know that the real answer is to master Internet Security within IE6 (or IE7). I should launch IE6 (or IE7) configure, Tools, Internet Options, Security, but more often than not, I still cannot browse Http: //ownserver/exchange. Rather than troubleshoot, I take the Mr Ruthless approach and disable: Internet Explorer Enhanced Security Configuration. The path is Control Panel, Add or Remove Programs, Windows Components and then remove the tick next to Internet Explorer Enhanced Security Configuration.
I admit that setting AutoAdminLogon =1 should be a disciplinary offence on a company server. However, on a test network, the benefit is when you reboot the server, there is no need to type in the password. AutoAdminLogon mimics typing in the password, but it can only do this if you store the password as plain text in the registry, another reason not to try this trick on a production network.
Navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
If AutoAdminLogon exists then Double Click on AutoAdminLogon and set value =1 (Numeric 1)
Important, to ensure that AutoAdminLogon works, you must also add a new key called: DefaultPassword.
In regedit navigate to the above Winlogon section, select he EDIT menu, New, String Value type DefaultPassword. Only you know the value to put in this field, for example P#ssw0rd.
To digress, I discovered recently that you can use punctuation marks in passwords. At first this knowledge shocked me, but then it gave me ideas for making my password, harder: to crack.
AutoAdminLogon was the first registry hack I discovered, still one of the most useful on a machine where physical security is not a factor. Occasionally you see scripts which sometimes employ this technique when they need to logon with Administrative privileges. Just before the script finishes the code covers its tracks by deleting the DefaultPassword key and setting AutoAdminLogon to zero.
Tip1: Double check the value in Winlogon for the REG_SZ, DefaultDomainName and DefaultUser.
Tip2: To override AutoAdminLogon e.g. logon as another user, hold down the shift key during logon.
Tip3: For the slightly security conscious you could create and configure an account other than Administrator. The trick is to make an ordinary account a Backup Operator so that it has the right to logon at a server.
Guy Recommends: The Free IP Address Tracker (IPAT)
Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways:
For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges.
For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers. Download the Free IP Address Tracker
Screen Saver – Display
This is a minor configuration change, which stops the operating system locking my machine every time I go away for more than 10 minutes. On test machines, with complex passwords, I get into a knot remembering whether the word contains the number zero or the letter ‘oh’. The answer for me is: Display, Screen saver (Tab), Screen saver – None.
Install Windows Program – Product ID (Product Key) would not activate
Here is the situation, I needed another new Virtual Machine to test Exchange and Outlook. After I installed Office XP, I attempted to activate Office as usual. Whereupon I got an error message to the effect I had exceeded the licence agreement, something about cannot install more than ten times, I forget the precise message. As you may already know, I studiously avoid all licensing messages and schemes. Well I got caught out trying to install Office XP for the eleventh time on one of my Virtual Machines (I had trashed the other 10 Virtual machines.). Now I had a second genuine copy of Office XP, so I could have removed and reinstalled. But I thought, let’s try a hack to save the uninstall, re-install hassle.
I obviously don’t want to go too far down this path, but I really did have two genuine Product Keys, I did not just sit there typing in random numbers.
If I can explain the technique, what you need to do is delete the old Product ID numbers from the registry, thus force Office to ask for the new key, which you can then activate.
Launch Regedit and navigate to,HKLM\SOFTWARE\Microsoft\Office\11.0\Registration. You will see two sub folders with strange GUID names
Search for ProductID – To be safe, I renamed ProductID –> ProductIDOld, rather than deleting it.
Also deal with DigitalproductID – As above, rename.
The upshot, when I next tried to open Outlook an Office Wizard asked me for the Product Key, just as it does if you install Office XP from scratch. I carefully entered the numbers and letters. As it was a virgin key, it then activated with no trouble. The procedure saved me all that file copying, and I learnt something new into the bargain.
Lots of useful Windows shutdown and hibernate articles