Windows XP and 2000 Tips & Tricks UPDATE brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com


THIS ISSUE SPONSORED BY

Windows & .NET Magazine Road Show
http://www.winnetmag.com/seminars/roadshow


SPONSOR: WINDOWS & .NET MAGAZINE ROAD SHOW

WHY PAY WHEN YOU CAN GET IN-PERSON SECURITY EXPERTISE FOR FREE?
Windows & .NET Magazine Road Shows are coming soon to Chicago, New York, Denver, and San Francisco! Now's your chance to learn from experts like Mark Minasi and Paul Thurrott about how to shore up your system's security and what desktop security features are planned for .NET and beyond. Registration is free so sign up now!
http://www.winnetmag.com/seminars/roadshow


August 5, 2002—In this issue:

1. COMMENTARY

2. FAQS

  • Q. How can I quickly jump to a new Web address in Microsoft Internet Explorer (IE)?
  • Q. How can I suppress the standard machine beep noise in Windows 2000 and later?
  • Q. How can I disable the Secure Desktop Restriction setting in Windows 2000 Service Pack 1 (SP1) and later?
  • Q. How can I prevent services from interacting with the desktop in Windows 2000 and later?
  • Q. What administrative permissions do I need to upgrade a system from Windows 2000 to Windows .NET Server (Win.NET Server)?

3. ANNOUNCEMENTS

  • Become Part of Our MEC 2002 Focus Group!
  • The Backup and Recovery Solutions You've Been Searching For!

4. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY
(contributed by John Savill, FAQ Editor, jsavill@winnetmag.com)

This week, I look at how to use a keyboard shortcut to quickly jump to a new Web address in Microsoft Internet Explorer (IE), how to prevent Windows' system beep noise, and how to disable Windows 2000 Service Pack 1's (SP1's) Secure Desktop Restriction setting. I also explain how to prevent services from interacting with the desktop, and I outline the permissions you need to upgrade a Win2K Server machine to Windows .NET Server (Win.NET Server).

My new book, "The Windows XP/2000 Answer Book: A Complete Resource from the Desktop to the Enterprise" (Addison-Wesley), is now available for preorder on Amazon.com at the URL below. The book will be available at the end of September.
http://www.amazon.com/exec/obidos/asin/0321113578/windowsntfaq

2. FAQS
(brought to you by Windows & .NET Magazine and its partners)

  • Q. How can I quickly jump to a new Web address in Microsoft Internet Explorer (IE)?

  • A. To navigate to a new Web page in IE, you can either select a Web site from the Favorites menu or select the Address bar, highlight the current address, then type in a new address. To quickly jump to a new Web address, you can skip the first two steps of this second procedure by pressing Alt+D, which automatically highlights the current address in the Address bar. Type in a new address and press Enter.

  • Q. How can I suppress the standard machine beep noise in Windows 2000 and later?

  • A. Even if you mute your system, certain events will still trigger the system beep. To suppress these system-level beeps, perform the following steps:
    1. Start a registry editor (e.g., regedit.exe).
    2. Navigate to the HKEY_CURRENT_USER\Control Panel\Sound subkey.
    3. Double-click Beep, set the value to "no", and click OK.
    4. Close the registry editor.
    5. Log off and log on for the change to take effect.

  • Q. How can I configure Microsoft's Secure Desktop Restriction setting in Windows 2000 Service Pack 1 (SP1) and later?

  • A. Users who interactively log on to a computer running Windows 2000 or later can perform tasks that might be security risks, such as gaining access to display and input devices that a computer process with wider-reaching privileges owns. These users then can create a process to capture passwords or sensitive data. For more information about the problem, see Microsoft Security Bulletin MS00-200, (Patch Available for "Desktop Separation" Vulnerability,) at the following URL:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms00-020.asp

    Win2K SP1 corrected this vulnerability by adding a Secure Desktop Restriction setting, but the new locked-down functionality might adversely affect certain applications. If your application vendor advises you to disable this security setting, perform the following steps:

    1. Start a registry editor (e.g., regedit.exe).
    2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows subkey.
    3. From the Edit menu, select New, DWORD Value.
    4. Enter a name of SecureDesktop.
    5. Double-click the new value, set it to 0 to disable the setting (you can set the value to 1 to reenable the default configuration), then click OK.
    6. Restart the machine for the change to take effect.

  • Q. How can I prevent services from interacting with the desktop in Windows 2000 and later?

  • A. Certain services directly interact with the desktop (e.g., to display messages). To stop an individual service's ability to interact, open the Computer Management console (go to Start, Programs, Administrative Tools, Computer Management), open the Services branch (go to Computer Management, Services and Applications, Services), select the service, and clear the "Allow Service to Interact with Desktop" check box. To stop all services (services will still be able to display errors), perform the following steps:
    1. Start a registry editor (e.g., regedit.exe).
    2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows subkey.
    3. Double-click NoInteractiveServices, set the value to 1 to stop interaction (the default setting of 0 enables interaction), and click OK.
    4. Close the registry editor.
    5. Restart the computer for the change to take effect.

  • Q. What administrative permissions do I need to upgrade a system from Windows 2000 to Windows .NET Server (Win.NET Server)?

  • A. The permissions required to upgrade a server from Win2K to Win.NET Server vary depending on the server, its position in the forest, and which domain users use to log on to the network. For all upgrades, you need the ability to
    • back up files and directories
    • modify firmware environment values
    • restore files and directories
    • shut down the system

    The following tables show which administrative roles have access to domain controllers (DCs) and member servers, depending on whether the administrator is logged on to a root domain or a nonroot domain.

    Logged On to the Root Domain
    -----------------------------------------------------------------------
    Role                     Server in Root Domain | Server in Child Domain
                             ---------------------   ----------------------
                             DC      Member Server | DC       Member Server
    -----------------------------------------------------------------------
    Enterprise administrator Y       N               Y        N
    Domain administrator     Y       Y               N        N
    Built-in administrator   Y       N               N        N
    -----------------------------------------------------------------------


    Logged On to Nonroot Domain
    -----------------------------------------------------------------------
    Role                     Server in Root Domain | Server in Child Domain
                             ---------------------   ----------------------
                             DC      Member Server | DC       Member Server
    -----------------------------------------------------------------------
    Domain administrator     N       N               Y        Y
    Built-in administrator   N       N               Y        N
    -----------------------------------------------------------------------

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • BECOME PART OF OUR MEC 2002 FOCUS GROUP!

  • If you're attending MEC 2002 and work at a company with more than 3000 employees, join our focus group on October 9, 2002. We'll give you a free lunch and $100! To be considered for this focus group, please email us at mailto:research@winnetmag.com by August 23. Please include your full name, job title, and email address.

  • THE BACKUP AND RECOVERY SOLUTIONS YOU'VE BEEN SEARCHING FOR!

  • Our popular Interactive Product Guides (IPGs) are online catalogs of the hottest vendor solutions around. Our latest IPG highlights the backup and recovery solutions and services that will help you recover your data and your network when disaster strikes. Download the IPG for free at:
    http://www.itbuynet.com/pdf/0802-backup-ipg.pdf

    4. CONTACT US
    Here's how to reach us with your comments and questions:

    • ABOUT THE FAQS — jsavill@winnetmag.com
    • ABOUT THE NEWSLETTER IN GENERAL — warren@winnetmag.com
      (please mention the newsletter name in the subject line)
    • TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
    • PRODUCT NEWS — products@winnetmag.com
    • QUESTIONS ABOUT YOUR Windows XP and 2000 Tips & Tricks UPDATE SUBSCRIPTION?
      Customer Support — tipsandtricks@winnetmag.com

    This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email