Q: What are the advantages of the Windows NT 4.0 interface over its predecessors?

By now, many of us are familiar with NT 4.0's interface, which you see in Screen 1. What's most impressive about this interface is its ability to change appearance. You don't have to reboot to change several display characteristics, which is a blessing elsewhere in the OS. For example, you can add tape drivers without rebooting. These slight changes do wonders to make NT a mainstream network OS.

Q: I've heard about NT 4.0's new administrative tools and wizards. What do they let you do?

The administrative tools you see in Screen 2 and the setup wizards in Screen 3 ease setup and maintenance of both NT Server and Workstation. Microsoft markedly improved the installation routine by adding a procedure that restarts the installation process following a crashed installation.

Q: I've run NT 3.51 for a long time, and it's proven stable. Why should I upgrade to NT 4.0? Doesn't moving the graphic heaps to ring 0 make NT 4.0 more subject to crashing?

Every reason I can think of suggests that moving to NT 4.0 is not only a good idea but essential. All software revisions will target NT 4.0--in part, because NT shares DLLs with Windows 95.

Microsoft increased the graphic speed in NT 4.0 by moving the graphic heap to ring 0. Although this restructuring allows faster video processing, it also makes every NT 3.51 video and print driver obsolete in NT 4.0. (Print drivers are in the GUI, which means they're also in ring 0. Because ring 0 code can crash the system, a bad print driver can now crash the system.) In fact, if you have an NT 3.51 workstation attached to an NT 4.0 server, you can't print from the NT 3.51 workstation to the NT 4.0 server without adding the NT 3.51 print driver locally. This configuration can be a serious issue in large networks.

NT 4.0 will have new video drivers to accommodate moving the graphic heaps, but many new features (easier setup and control with wizards, addition of Telephony API--TAPI--network browsing, hardware profiles, etc.) make it a preferable OS. All these improvements are substantial.

In all my testing with NT 4.0, I haven't encountered a graphic-induced crash. Moving the heap to the kernel makes sense. Upgrade!

Q: Will NT 4.0 finally have joystick drivers?

Yes, NT 4.0 installs joystick drivers by default, which means Microsoft is serious about adding components to NT 4.0 that aren't in NT 3.51. In a similar move, Microsoft included the Wang imaging applet, which Screen 4 shows. This applet lets you date-stamp bitmaps, a handy feature for faxing. Although not in the NT 4.0 release, fax capabilities will probably appear in an early NT 4.0 Service Pack.

Q: My system recently crashed, and I don't have the boot floppies to access the NT installation CD. I can't access the hard drive because it uses NT File System (NTFS). How can I get to the hard drive to fix it?

All is not lost. You need to create a DOS boot floppy, which requires you to load realtime drivers. DOS 6.22 will do just fine. Place a blank, formatted 1.44MB 3.5" floppy (remember, NT 4.0 allows only 3.5" floppies) into a drive on a system booted into DOS. Assuming A is the 3.5" drive, type sys A:\ at the C prompt, and press Enter. This command creates a bootable floppy.

Change to the A drive, and type MD SCSI to create a SCSI directory on the floppy in the A drive. Copy the following files from the DOS directory to the root directory on the A drive.






mouse.com (this file can be in a different directory and is optional)


Change to the directory that contains the SCSI drivers.

The following list of sample drivers is for the Adaptec 2940 (PCI), the Adaptec 2742 (EISA), and the Adaptec 1542 (ISA). Copy the drivers to the a:\scsi directory.






These drivers let you access a SCSI drive on any of the three controllers listed above.

Create the following config.sys and autoexec.bat files in the A drive root directory. (Note: I kept all possibilities open when defining these files in case you find other drivers you want to add.)

















Menudefault=PCI. 10



DEVICE=A:\SCSI\aspi8dos.sys /d

device=c:\scsi\aspidisk.sys /d



device=A::\scsi\aspiedos.sys /D

DEVICE=c:\scsi\aspidisk.sys /D



DEVICE=A:\scsi\aspi4dos.sys /d






prompt $p$g








LH A:\DOS\mouse.COM


LH A:\smartdrv.exe 2048 2048



LH A:\DOS\mouse.COM


LH A:\smartdrv.exe 2048 2048



LH A:\DOS\mouse.COM


LH A:\smartdrv.exe 2048 2048



When you boot the floppy, you get a choice of menus. Pick the menu for the appropriate controller card. Change to your CD-ROM drive, insert the NT installation CD, go to the I386 directory, and run winnt /b. This procedure eliminates all floppy drives from consideration and lets you repair the hard drive or perform a new installation. Remember, you don't need an emergency repair diskette if the install program can locate the NT directory.

On a RISC-based machine, you can run the programs from the CD-ROM. If you have the proper BIOS and CD, you can also install directly from the NT installation CD. You can also try NTFSDOS, a scary little utility that lets you access an NTFS volume when you boot from a floppy. For more on NTFSDOS, see Mark Russinovich and Bryce Cogswell, "NTFSDOS Poses Little Security Risk," and Joel Sloss, "That Depends on Your Definition of Secure," September.

Q: I recently installed AMI's latest firmware revision for my Titan II motherboard on a system with an AMI Titan II motherboard with two Pentium 150s, 128MB of 60-nanosecond parity RAM, 3940U with a scanner and five CD-ROMS, 3940UW with four 2MB Atlas Wide SCSI drives, Matrox Millennium adapter with 4MB RAM, and Windows NT 4.0 beta 2. Now I get the message, "No ROMBASIC, system halted," and my system won't boot. What happened? Is this an NT beta issue?

This problem is not an NT beta issue but is at the board level. In fact, the error message tells you what the problem is: The system can't see any OS. If you watch the controller's POST, you notice that the system sees the 3940U before the 3940UW. I called AMI, and the company verified this assumption.

With the old motherboard firmware, the system read the PCI cards from the EISA bus to the edge of the motherboard. Although this approach to card scanning seems logical, the PCI slots are numbered from the edge of the motherboard. With the latest firmware, the system reads the PCI bus from the edge of the motherboard to the EISA bus, so the boot position of the drives has changed. To solve this problem, simply swap the controller card positions.

Consider yourself lucky--the old Adaptec cards had problems with IRQ sharing. With a 2940W with a 3940U, the system always saw the 3940U first, regardless of the card position on the bus.

Q: I'm trying to standardize on a network card. I can't soft-reset my system when I use 3Com's Fast Ethernet card--NT starts to load and then hangs. What's going on? If I look at Event Viewer after I successfully boot, I've noticed that NT stops the boot process on the initiation of the 3Com card. Event Log sometimes states that a bus-mastering slot isn't available for the card. Are the problems related?

I commend you for isolating the problem. In fact, Event Log is telling you exactly what's wrong--the 3Com card isn't resetting properly. To solve this problem, disable the card's bus-mastering feature.

  1. Run the Registry Editor (regedt32.exe) from the NT diagnostic tool in the administrator group (or folder if you're running 4.0).
  2. Open the key hkey_local_machine\system\currentcontrolset\services\el59x1\parameters.
  3. Choose the Add Value option in the Edit pulldown.
  4. Enter Busmaster for the value.
  5. Choose Data Type reg_sz.
  6. Click OK.
  7. Enter No in the string box.
  8. Click OK (the Registry will show bus master:reg_sz:no).
  9. Shut down and restart your machine.

Screen 5 shows this Registry entry for a 3Com EISA network card. After you reboot, you can verify that bus mastering is off. Run Event Viewer, and look at the first instance of El59x. Click the event to display a message that states, BusMaster support has been turned 'OFF' for slot xx (where xx represents the appropriate slot number for the card).

The purpose of the bus-mastering network card is to relieve the CPU of network work. You've bought a card to function one way, and now you have to decide whether to disable this feature. Should you accept such a compromise? I'd accept the cold reboot option.

Q: How can I make a NetBEUI boot diskette to install Windows for Workgroups (WFW) from an NT 4.0 server? I notice that Microsoft doesn't offer WFW on the NT 4.0 CD. Can you show me basic setup and anything I need to be aware of in this setup?

Microsoft wants you to install Win95 rather than WFW and no longer supports WFW in new software releases. Many other vendors, including Adobe with its latest revision of Adobe Type Manager, support this upgrade-or-be-left-behind philosophy. Still, you can easily create a boot disk for installing WFW.

Start by creating a shared directory called \clients on a server hard drive. Copy the client directory from the NT 4.0 Server CD to the directory you just created. Remove the NT 4.0 Server CD, and insert the NT 3.51 CD. Copy the WFW directory in \clients to the \client directory on the server hard drive. Make a DOS boot floppy and place it in the 3.5" drive (we might as well give up on 5.25" drives). Go to the Administrator folder on the server, and choose Network Client Administrator. Select Make Network Installation Startup Disk. Be sure the wizard points to the \client directory. Screen 6 shows the dialog for making a WFW installation diskette with the following files (using an NE2000 as a network card).










a:\net\net start

net use z: \\"servername"\Clients

echo Running Setup...

z:\wfw\netsetup\setup.exe /#

Files in the \net subdirectory















Make sure the following lines are correct in protocol.ini:




; IOBASE=0x300

; SlotNumber=1

If the interrupt is not 3, change the lines above to specify the proper IRQ. Do the same for both IOBASE and SlotNumber, and remove the semicolon from the beginning of each line.

Note the following in system.ini:

















For username, I typically use a logon with Administrator privileges. If you don't want to set such a high security level, make sure the user can at least access the client share. The workgroupname and the domainname have to be the same if the logon is to a domain.

In this setup, the network boots, and WFW installs immediately. I prefer to change to the \client directory and install the appropriate version by copying all the setup files locally and running setup. You can easily modify the autoexec.bat to accomplish all this automatically.

Q: I know you consider security a major risk with accessing the Internet. Can you provide some specifics? This issue has me concerned.

Security across the Internet clearly has me concerned. Suppose you send information over the Net that you mean to keep secret. Guess what? Anyone can use sophisticated search engines such as Digital's AltaVista to find your message, even with newsgroups. This breach of security means that most Internet messages are public.

Once you connect to the Internet, you also expose yourself to viruses such as the Concept virus. Connecting a virus scanner to your email service is becoming a way of life. For a review of virus scanners, see Jonathan Chau, "Virus Scanners for NT," page 53.

Another area of concern is how you send information over the Internet. TCP/IP is a broadcast protocol. Hackers can listen in, analyze the packets of information traveling across a LAN, and use this information to access your system. They often use this method to access UNIX-based systems.

You can also encounter various setup errors. Without proper security, hackers can easily break into any system. How many users have a proper password or any password at all? Such users argue that security is unnecessary because they control their environment. In fact, these users are at extreme risk. With the Internet, you can't be too careful.

So how do you implement security over the Internet? First, rigorously implement security and passwords. Second, share only what you need to share and secure the bulk of the network from outside intrusion.

Consider routers. They filter packets and can prevent the passage of specific packets, but the filtering is application independent. Many users argue about the efficacy of packet filtering because of setup and testing issues. For example, you can add a proxy server to convert all IP datagrams to Hypertext Transfer Protocol (HTTP) before sending data. For a review of Microsoft's proxy server, see Mark J. Edwards, "Microsoft's Internet Access Server," September 1996, and "Configuring Microsoft's Internet Access Server," on page 153.

You can add encryption to the server, (for information on digital encryption, see Lawrence Hughes, "Secure Enterprise Email," May 1996; "Digital Envelopes and Signatures," September; and "Exchanging Email: Signed, Sealed, Delivered," page 103). Or as a better solution, you can have a firewall, which lets you control access to your systems. The best are application firewalls such as Raptor Systems's Eagle NT. Firewalls load the application stack and execute the program. They can determine potential security breaches and shut down the server. For more on network and Internet security issues, see John Enck, "Confronting Your Network Security Nightmares," on page 81.

Q: Can you explain RAID and what it's for? I know NT Server and NT Workstation use RAID in different ways.

RAID was originally Redundant Arrays of Inexpensive Disks. Today, it usually refers to Redundant Arrays of Independent Disks. NT uses four levels of RAID. The simplest level is a bunch of drives, or a volume in NT language. This unnumbered RAID level treats several drives as one drive and provides no redundancy or speed advantages. The second level of RAID, RAID 0 or striped drives, is similar to the unnumbered RAID level, but the system writes data in stripes across the drives: The striped data allows simultaneous I/Os to all drives. RAID 0 increases I/O speed. As you increase the number of drives, you also increase the probability of a drive failure. Both NT Workstation and Server support RAID 0.

RAID 1 (mirroring and duplexing) and RAID 5 (striping with parity) fall roughly into the realm of fault tolerance. Mirroring is when both drives share the same controller, and duplexing is when each drive is on a separate controller. RAID 1 is probably the best RAID level for fault tolerance and speed, but it's very expensive. All data writes to at least two drives--so, for example, RAID duplicates data written to drive A to drive B. With RAID 5, you compromise speed, safety, and price. Striping is at the block level with error correction distributed across all drives. For a five-drive set, one drive can have parity information, leaving four drives for data.

With the possible exception of RAID 0, where you don't care about data integrity, I don't think RAID applications in NT are a good idea. You have to set up RAID 1 and 5 at the hardware level. Hardware RAID is based on SCSI systems that are BIOS independent, which lets you repair the RAID without taking the system down. In fact, some high-end RAID enclosures (chassis) let you configure the system on the fly and repair the RAID system without shutting down NT.

So what are the implications of RAID for fault tolerance? Many users assume that tape backup is an example of fault tolerance--it's not. For example, I just finished a low-level format of a 4GB hard drive. After the formatting, I restored the files on the drive that I had backed up. The backup took 30 minutes, the low-level format took 45 minutes, and the partitioning and formatting took 20 minutes. The tape restore took only 15 minutes. This whole process took about two hours. In true fault-tolerance situations, downtime is zero. The NT fault-tolerance tools don't satisfy the zero downtime criterion.

By the way, the most likely part of a system to fail is the power supply. For more information on fault tolerance, see Mark Smith, "Closing In on Clusters," August 1996, and Joel Sloss, "Digital Clusters for Windows NT," August.

Q: I successfully installed a new copy of NT on my G drive, and I want NT to restore my previous files on drives E and F, which were partitions on a hard drive. However, I replaced that drive with a new one, and NT is now on drive E and not G. How can I fix this problem?

This problem is easy to solve and prevent. After you configure your drives, be sure to commit the changes in Disk Administrator. If you do, NT will stay on drive G. Because you didn't run Disk Administrator to commit the changes with the new setup, you need to boot to a DOS disk and run fdisk.exe. Create the partitions and drive letters, and reboot. Drives E and F will be present, even if NT can't recognize the format. Format the drives with Disk Administrator and commit the changes. Now run your backup application, and restore the data from the tapes.

Although much of NT 4.0 is the same as NT 3.51, new problems and workarounds have emerged. In future Tricks and Traps, we'll look at specific NT 4.0 issues and how to resolve them. Check out Dr. Bob's technical forum on our Web site, www.winntmag.com.

Eagle NT
Raptor Systems * 617-487-7700 or 800-932-4536
Web: www.raptor.com
Email: info@raptor.com
Price: $6500 (50 users; $11,000 (200 users); $15,000 (unlimited)