Send us your tips and questions. You can also visit Bob Chronister's online Tricks & Traps at

Q: We're designing a network and we want to get the most for the money we spend. Do you recommend using less expensive clone servers or standard brand-name servers in a Windows NT enterprise environment?

You might assume that most IS departments advocate using tier 1 products made by companies such as Compaq, Dell, HP, and IBM. However, about 80 percent of all servers are clones, and most clones run NT well. Deciding whether to purchase clone or brand-name servers isn't as important as ensuring support for your servers.

Microsoft supports only systems on the NT Hardware Compatibility List (HCL). This list includes an assortment of hardware components. However, Microsoft doesn't describe the use of these devices with other devices. Be aware that resellers of clone servers typically don't regressively test their systems to check all hardware configurations.

Microsoft's definition of hardware compatibility is stringent: "A specific hardware model is compatible with Windows NT if a Windows NT device driver exists that was designed to interact with that hardware model, and Windows NT and the device driver interoperate with the hardware in a stable manner."

If you purchase a system on the HCL and you have a problem, Microsoft technicians can retest it to determine whether they can reproduce and fix the problem. If you purchase a system not on the HCL and run into problems, Microsoft won't fix the problems, regardless of whether you pay the $195 support fee.

So what's the moral of this story? The biggest issue with clones is support, and you need to start with the HCL. (The HCL is available at

If you decide to purchase a brand-name server, stick with a tier 1 company. These companies will do NT standardization for you. For example, with a tier 1 company you won't have to worry whether the system can run NT and handle SQL hits of 2000 per second because the vendor will supply you with the best machine for your networking environment. This preconfiguration can be expensive, but not as expensive as the downtime you might otherwise experience. HP is about to come out with some 8-way clusters that it guarantees will have no more than 7 hours of total downtime in a year. In an enterprise environment, any guarantee is amazing.

The issues of hardware compatibility and support are getting more serious. Microsoft is about to release a new type of HCL for enterprise use. Unless you purchase a machine that Microsoft designates as BackOffice compatible, Microsoft won't support it. For example, the server your plan to purchase and use as your SQL Server machine must have a BackOffice-compatible designation to receive Microsoft's support. Going a step further, Microsoft won't support clustering if you use equipment not on the enterprise HCL. If you buy a standard SCSI drive, you and the drive manufacturer's technical support team probably won't know whether multiple initiation is enabled on the drive. But, if you purchase your system from Compaq or HP, they can sell you a preconfigured cluster system that you buy with one part name or number, and you'll know exactly what's enabled and what isn't.

Q: My company is trying to automate Windows NT installation using batch files. Do you know of a way to add users to a network without using NT's User Manager?

User Manager looks nice, but it isn't very functional in large environments. In such environments, you can use command-line batch files. I'll explain what can you do at the command line and what a sample batch file looks like.

You can create batch files that use almost all aspects of net commands. The following examples show the syntax of a few net commands that you can include in your batch files to add new users:

net user bobc /add /comment:"Administrator"
/expires:never /fullname: Bob Chronister

net user bobc /add /passwordreq:yes

net localgroup "Backup Operators" /add bobc

net user bobc /homedir:"C:\users\bobc"
 /homedirreq:yes /passwordreq:yes

net user bobc sunshine

The last example specifies sunshine as the password for bobc. To make this batch file interactive so that you can add the user information when the batch file runs, add an asterisk after the username (e.g., bobc*).

You can even add a new local group to a machine with the following command:

net localgroup "gurus" /add

A batch file for adding new users that you run on a local machine might look like the following:

net user bobc /add /comment:"Local Administrator" /expires:never
net localgroup "Administrators" /add bobc
net user ianc /add /comment:"Backup Operators" /expires:never /passwordreq:yes
net localgroup "backup operators" /add ianc

On a Primary Domain Controller (PDC), the batch file is similar but uses group rather than localgroup, as follows:

net user bobc /add
net group "domain admins" /add bobc

In addition to running the batch file from a local machine, you can force a domain controller to process the commands you enter on a workstation. I processed the commands you see in Listing 1 on one of my systems. As you can see, the requests pass to the PDC and process successfully.

In the first example in Listing 1, I added bobch as a user on bobsplace2 and gave him the password sunshine. In the second example, I added bobch to the domain admins, and in the third example, I added bobchron with the password gasoline to bobsplace2, made the password required, and made the user permanent.

Q: What is user mode and kernel mode in Windows NT, and what do they mean?

User mode and kernel mode refer to the privilege level a process has to the system hardware. The closer to the hardware the process becomes, the more sensitive the system is to provoking system failure.

In any operating system (OS), you want to separate applications from OS services because you want the OS to remain functional if an application crashes. Microsoft achieved part of this goal in NT by assigning each application its own processes and memory space. Microsoft also added the restriction that no application can read or write outside its memory space. Because NT isolates applications from the hardware and each other, NT is known as a protected-mode environment.

In simple terms, a process running in user mode can't read or write directly to OS memory. The Virtual Memory Manager, which runs in kernel mode, maintains this isolation. Crossing from user mode to kernel mode requires kernel-mode transition, and the NT Executive checks whether the move is legitimate.

Microsoft defines a user-mode service as protected (in memory space), and NT starts the service at boot time. NT includes two types of protected subsystems where a user-mode service can run: Environmental and Integral. In the Environmental subsystem, a user-mode service supports applications either written for, or native to, another OS such as DOS. In the Integral subsystem, a user-mode service performs an OS-related function such as security.

The NT core subsystems also run in user mode, but don't provide hosting to non-native NT applications. NT core subsystems perform OS-related tasks instead of application-related tasks. The basic NT core subsystems are Winlogon, Local Security Authority (LSA), Security Accounts Manager (SAM), and Service Control Manager (SCM).

Applications run in user mode while OSs run in kernel mode. Kernel mode has access to all user-mode functions but not the other way around. This kernel-mode access is referred to as Ring 0, and user-mode access is equal to Ring 3. A crash in Ring 0 is fatal to system function. The three major aspects of NT that run in kernel mode are the NT kernel, the NT Executive, and the hardware abstraction layer (HAL).

Q: Last November, you wrote about Open File Manager for backing up open files. Unfortunately, we can't afford to use it, and it won't install on workstations. What alternatives can we use that work with the Windows NT backup program NTbackup?

You can use a Registry value to back up files that are in use. Warning: Using the Registry editor incorrectly can cause serious, systemwide problems. You may have to uninstall NT to correct them. Use this tool at your own risk.

Using your favorite Registry editor, go to the HKEY_CURRENT_USER\Software\Microsoft\Ntbackup\Backup Engine key and find the Backup files inuse value, as Screen 1, page 229, shows. By default, the Registry value is off (set to 0), which means that NTbackup won't back up open files. If a file is open for 30 seconds, NTbackup tries to reopen the file. If the file is still in use after that time, NTbackup simply moves to the next file. Setting the Backup files inuse value to 1 forces NTbackup to attempt to back up an open file regardless of its status.

Although setting the value to 1 may seem like a good idea, it can corrupt open files on tape. A better way to handle open files is to close the applications and then perform a backup. You can run a net stop command from the command line to stop all services in an application, and then you can perform a backup. After you run the backup, you can restart the services. You can use a batch file to automate this process. Alternatively, you can try to copy the files to another site and back them up from there.

Q: I'm not sure I understand the meaning of the tools in Disk Administrator. I know the three tools are error checking, backup, and defrag, and that you need a third-party application such as Executive Software's Diskeeper to defragment a drive in Windows NT. What do the error-checking applications refer to?

Good question. You have two choices for error checking a drive when you run the Disk Administrator tools: fixing file system errors and remapping bad sectors. The basic procedure is to highlight a drive, click Tools, and select Properties. If you want to fix file system errors, you have to reboot your system before the error checking and correction can continue, as you see in Screen 2. This process is similar to the DOS command chkdsk /f /r. If you want the system to attempt to remap bad sectors, the error-checking process can continue even if the drive is locked. Screen 3 shows the error checking that occurs using this method.

Q: I'm confused about RAS scripts. I see switch.inf and .scp files and the terms login and ogin in scripts. Where do I use one or the other of these terms?

Let's start by looking at an example CompuServe script as part of switch.inf:

\[CompuServe - Internet\]

A similar .scp file might look like

proc main

set port databits 7
set port parity even

transmit "^M"

waitfor "Host Name:"
transmit "CIS^M"
transmit "^M"

waitfor "User ID:"
transmit 00000.000, raw
transmit "/go:pppconnect^M"

waitfor "assword: "
transmit night_terror, raw
transmit "^M"

As you can see, most of the answers and text are the same in both files. In the .scp file, assword was used instead of password. On many UNIX hosts, case makes a huge difference. The use of Password is not the same as password, but assword is the equivalent of both. This situation explains why you often see terms such as ogin versus login in RAS scripts.