Windows Tips &amp Tricks UPDATE, December 13, 2004, —brought to you by the Windows IT Pro Network and the Windows 2000 FAQ site
http://www.windows2000faq.com

Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add Windows_TipsandTricks_UPDATE@list.windowsitpro.com to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Tips & Tricks UPDATE.

Download a Tool that will Benefit any Sys Admin
http://www.tntsoftware.com/wintipspri121304

Free White Paper: High Availability for Windows Services
http://www.windowsitpro.com/whitepapers/neverfail/highavailability/index.cfm?code=1213tips_S


Sponsor: Download a Tool that will Benefit any Sys Admin

Are you searching for an affordable real-time monitoring toolset that will support your proactive system management objectives? Start NOW and download ELM Enterprise Manger from TNT Software. Within an hour, you will experience for yourself why ELM is recognized as the tool that will benefit any System Administrator. Before the 30-Day full-feature trial is completed, the Monitoring, Alerting and Reporting will have saved you time and provided you the data for prompt corrective action. Be Proactive; and download ELM Enterprise Manager from the link below:
http://www.tntsoftware.com/wintipspri121304


FAQs

  • Q. How can I install Microsoft Fingerprint Reader?
  • Q. How can I use my fingerprint instead of a username and password to log on to a Web site?
  • Q. Where in the registry are my passwords for Microsoft Fingerprint Reader stored?
  • Q. How many nodes can I have in a Windows cluster?
  • Q. How can I control how to stop or start certain services?

Commentary
by John Savill, FAQ Editor, jsavill@windowsitpro.com

This week, I tell you how to install Microsoft Fingerprint Reader, how you can use a fingerprint instead of a username and password to log on to a Web site, and where in the registry passwords for Microsoft Fingerprint Reader are stored. I also explain how many nodes you can have in a Windows cluster and how you can control how to stop or start certain services.


Sponsor: Free White Paper: High Availability for Windows Services

It is no stretch to say that Windows high availability must be a fundamental element in your short- and long-term strategic IT planning. This free white paper discusses the core issues surrounding Windows high availability, with a focus on business drivers and benefits. You'll learn about the current market solutions, technologies and real-world challenges including cost-benefit analyses. Plus, find out how to assess technical elements required in choosing a high-availability solution, including the robustness of the technology, time-to-failover, and implementation difficulties. Download this white paper now!
http://www.windowsitpro.com/whitepapers/neverfail/highavailability/index.cfm?code=1213tips_S


FAQs

Q. How can I install Microsoft Fingerprint Reader?

A. Microsoft recently began offering Fingerprint Reader, a hardware device that you can use to replace the use of usernames and passwords for nearly all aspects of Windows, including logon and Web access. To install Fingerprint Reader, you must install the software that comes with the Fingerprint Reader hardware before you plug in the device. Follow these steps to install the software:

  1. Insert the driver CD-ROM that comes with the Fingerprint Reader hardware and run the setup.exe program that's in the CD-ROM root directory.
  2. The DigitalPersona Password Manager setup program will start. Click Next.
  3. Select "I accept the license agreement" and click Next.
  4. A warning is displayed about the use of the Fingerprint Reader device, which the figure at http://www.windowsitpro.com/content/content/44797/digitalpersona1.gif shows. Select the "I have read the statement above" check box and click Next.
  5. Confirm the installation location and click Next.
  6. Setup will begin, and various setup file and system parameters and services will be activated. At this point, a new Biometric Authentication Service has been installed and started. (Type net start at the command prompt to see the service listed.)
  7. Plug in the USB Fingerprint Reader device.
  8. After the Fingerprint Reader software has detected the device, setup is done. Click Finish.
  9. You're prompted to restart the computer. Click Yes.
  10. When the machine restarts, if you use the Windows Welcome screen, you'll notice a Fingerprint Reader icon in the top left corner. Ignore the icon for now and log on as you usually do.
  11. After you're logged on, the Fingerprint Registration Wizard will begin automatically (dpconsol.exe). Click Next.
  12. You're prompted for your Windows password. Enter your Windows password and click OK.
  13. A graphic showing two hands is displayed, which the figure at http://www.windowsitpro.com/content/content/44797/digitalpersona2.gif shows. You're asked to select which fingers you want to register. Click a finger, then click Next.
  14. You must then scan the finger four times through the Fingerprint Reader hardware device. After you've finished scanning, a message will be displayed stating that the registration is successful.
  15. You can now optionally register additional fingers. After you've finished registering fingerprints, click Next.
  16. Click Finish.

If you use the Welcome screen to log on to Windows, you must enable fast user switching to use the fingerprint logon capability. (To enable fast user switching, click Start, select Settings, then click Control Panel, double-click User Accounts, and click "Change the way users log on or off".) If you don't use the Welcome screen, the option to switch to using the Welcome screen is disabled. Instead, a new screen--the Persona logon screen--is displayed when the computer starts, prompting you to use your fingerprint or press Ctrl+Alt+Del to log on as usual. If you want to reenable the Welcome screen, you must first uninstall the DigitalPersona Password Management software, then reinstall it after you've enabled the Welcome screen. Be aware that you can't use Fingerprint Reader if you log on to a domain, although you can use Fingerprint Reader to log on to a Web site.

Q. How can I use my fingerprint instead of a username and password to log on to a Web site?

A. To use Microsoft Fingerprint Reader instead of a username and password to log on to a Web site, perform these steps:

  1. Navigate to the Web site page that requests the username and password.
  2. Before entering the username or password, press your finger on the fingerprint sensor on the Fingerprint Reader device.
  3. The Create Fingerprint Logon process will start. The Create Fingerprint Logon dialog box--which contains the Web-page logon fields (e.g., email address, password)--is displayed. You can change the Logon Title, if you want. When you're done reviewing and entering the necessary information, click OK.
  4. Now just press your finger on the fingerprint scanner at the Web logon page, and it will fill in the fields automatically and log you on to the Web site.

Q. Where in the registry are my passwords for Microsoft Fingerprint Reader stored?

A. When you register you fingerprints via Microsoft Fingerprint Reader, the software updates your SAM account under the HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users registry subkey. (This subkey is hidden; if you try to access it, you'll see only an empty SAM key.) The actual passwords are stored in the HKEY_LOCAL_MACHINE\SOFTWARE\DigitalPersona\DB\Data\Users subkey. In this subkey, each user whose fingerprints are registered has an entry. The main logon password is a binary value in the format S.MainSystemLogon.\{3AC492E9-E0B8-497A-B4DF-2C360C7842EB\}; the data for this value is the password. Web site passwords are in the format U.9C3CD43FDEE43E47.\{3AC492E9-E0B8-497A-B4DF-2C360C7842EB\}. The HKEY_LOCAL_MACHINE\SOFTWARE\DigitalPersona\DB\Data\IdList subkey maps the value in brackets to the user ID.

The password data is encrypted and unreadable. However, unlike regular password storage, which is a hashed base process and not reversible, passwords that are used with Fingerprint Reader can be converted back to their regular format. Thus, you shouldn't use Fingerprint Reader to allow access to highly secure material, because passwords can be unencrypted.

Q. How many nodes can I have in a Windows cluster?

A. A node is simply a server that participates in a cluster. Different Windows versions support different numbers of nodes. The storage connection method (i.e., SCSI or Fibre Channel) that servers in the cluster use also affects the number of possible nodes. The table at http://www.windowsitpro.com/content/content/44797/nodes.htm shows the number of nodes that are supported by the various versions of Windows and connection type.

Be aware that although you can mix OSs in a cluster, they can differ by only one OS version--that is, you could have a cluster with Windows 2000 Server and Windows NT 4.0 nodes, or Win2K Server and Windows Server 2003 nodes, but you couldn't have NT 4.0 and Windows 2003 nodes in the same cluster. Also, if you're running a mixed cluster, the maximum number of nodes supported is that of the most restrictive OS in the cluster. Therefore, if you had Win2K Advanced Server and Windows 2003, Enterprise Edition, you'd be limited to two nodes because that's the Win2K AS maximum.

Q. How can I control how to stop or start certain services?

A. If you want to allow particular groups to stop or start certain services on a server without making them administrators, you can define a Group Policy Object (GPO) that applies to the server(s) in question by performing these steps:

  1. Open the GPO in Group Policy Editor (GPE) or create a new GPO (gpedit.msc).
  2. In the treeview pane, expand Computer Configuration, Windows Settings, Security Settings, System Services.
  3. Right-click the service you want to change--for example the DHCP Server service--and click Properties. A dialog box that's similar to the one at http://www.windowsitpro.com/content/content/44797/setservice.gif is displayed.
  4. Select "Define this policy setting" and set the startup mode. For example, set the mode to Automatic if you want the service to start when the computer starts.
  5. Click Edit Security.
  6. You can now control which users and groups can access the service and stop or start it. Click OK after you've made your selections. It's important that you don't change the Administrators group and SYSTEM permissions; their permissions should always be Full Control.
  7. Click OK to all dialog boxes to apply the change. You'll need to refresh the GPO for the change to take effect.

Announcements
(from Windows IT Pro and its partners)

  • Holiday Offer from SQL Server Magazine

  • For a limited time, order SQL Server Magazine and get 30% off the newsstand price! As a special holiday bonus, you'll also receive the latest Top SQL Server Tips Guide free--includes over 60 helpful tips! In addition, you'll get free access to every article published in the magazine--online! Sign up now:
    https://secure.pentontech.com/nt/sql/index.cfm?promocode=tgep214Cxt

  • Try a Sample Issue of Windows Scripting Solutions

  • Windows Scripting Solutions is the monthly newsletter that shows you how to automate time-consuming, administrative tasks by using our simple downloadable code and scripting techniques. Sign up for a sample issue right now, and find out how you can save both time and money. Plus, get online access to our popular "Shell Scripting 101" series--click here!
    http://www.winscriptingsolutions.com/rd.cfm?code=fsep264cup

  • Can Your Antispam Content Filter Inside Your Firewall Cope with New Email Threats and Intrusions?

  • Stopping these new techniques requires detection and prevention in real time at the SMTP connection point. In this free on-demand Web seminar, learn how you can prevent these new and evolving intrusions from harming your email system, while improving your email server performance, reducing IT infrastructure costs, and restoring worker productivity. Register now!
    http://www.windowsitpro.com/seminars/intrusionprevention/index.cfm?code=1213emailannc

  • Get Your Fax Servers Up and Running Smarter, Faster, and More Cost-Effectively

  • In this free on-demand Web seminar, you'll learn the latest trends and developments in the fax market and best practices for seamless integration with Exchange and Outlook with real-time fax technologies. Find out integration faxing architecture and Multi-Function Device tactics, deployment techniques, and more. Register today!
    http://www.windowsitpro.com/seminars/outlookfax/index.cfm?code=1213emailannc

    Events Central
    (A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )

  • Are You Using Best Practices when Managing Software Packaging and Pre-Deployment Preparation?

  • In this free on-demand Web seminar, you'll learn best practices for managing software packaging and pre-deployment preparation. Discover how your organization can benefit from managing the workflow of the pre-deployment process to cut time and costs. Plus, you'll learn about different business scenarios that show ROI improvements from accurate workflow management. Register now!
    http://www.windowsitpro.com/seminars/softwaredeployment/index.cfm?code=1213emailannc

    Contact Us
    Here's how to reach us with your comments and questions:

    This weekly email newsletter is brought to you by Windows IT Pro, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.windowsitpro.com/sub.cfm?code=wswi201x1z