\[Editor's note: Share your NT discoveries, comments, experiences with products, problems, and solutions and reach out to other Windows NT Magazine readers (including Microsoft). Email your contributions (under 400 words) to Karen Forster at firstname.lastname@example.org. Please include your phone number. We will edit submissions for style, grammar, and length. If we print your letter, you'll get $100.\]
In the October 1997 Reader to Reader, "Windows NT Message of the Day," William A. Dodd discussed how to create a pseudo Message of the Day feature for Windows NT Workstation or Server similar to that feature in UNIX. I have another way to create this option. My method uses existing system features and doesn't require creating and compiling a separate C program. However, you can create only one message per day.
My method uses two Registry entries—LegalNoticeCaption and LegalNoticeText—to create the pseudo Message of the Day. You will find these keys in the Registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
To make the Registry easier to work with and less prone to error, you can create a batch file to modify the Registry. The batch file creates a temporary file that regedit.exe uses to make the modifications to the Registry. (Although Microsoft recommends using regedt32.exe rather than regedit.exe as the Registry editor for NT, regedit.exe is adequate here because you're simply updating the Registry with string data.) Listing 1 contains the batch file, and Listing 2 shows you the contents of the resulting temporary file.
You can use my method to update or create other Registry keys. As with any process that modifies the Registry, make sure you back up the Registry before making any modifications.
Application Simplifies Creating User Accounts
My school district has Windows NT 3.51 and 4.0 running on servers and workstations. Each student in grades 6 through 12 receives accounts to access these computers. At each semester break, I must create a minimum of 600 accounts—a time-consuming task I don't enjoy.
Initially, I used User Manager for Domains and File Manager to create the user accounts. On average, I needed 2 days to input all the information. But now I use an application I wrote in C++ to quickly create user accounts. As the dialog box in Screen 1 shows, I define most of the user's initial account attributes and specify which groups the user will belong to. After I finish with the user account, the system automatically clears the first and last name text boxes, letting me quickly move to the next account.
Although I initially wrote the application to create user accounts, you can adapt it to perform many other functions. For example, I used the application to create several customized dialog boxes that I'll briefly describe.
Reset Password dialog box. Students occasionally forget their password. In the past, I had to go into User Manager for Domains to reset a password. But with the Reset Password dialog box, I just enter the server name, click Search, select the account, enter the password, and click Reset.
Locked Accounts dialog box. Students sometimes enter the wrong password and get locked out of their account. To quickly unlock accounts, I use the Locked Accounts dialog box in which I enter the server name, click Search, select the locked account, and click Unlock.
Scan Internet Log dialog box. The school district's network uses Microsoft Proxy Server to connect to the Internet. Proxy Server produces a log file showing all the activity for a given day. Searching through log files for a specific user's activities gets old fast, so I created the Scan Internet Log dialog box. I enter the log file name and click Scan, which brings up a list of the students who connected to the Internet that day, when they began and ended their Internet session, and how many hits they made. If I want to see the details for a specific student, I select that user and click Detail. A User Detail dialog box pops up, showing what sites the student visited and how often. If I want the details for a specific site, I select the site and click Detail, which brings up a dialog box showing the times the student visited the site.
Query dialog box. I created the Query dialog box to look at how many bytes and Megabytes of disk space each directory is using.
You can adapt this application for any number of uses. You can download the application's .exe file and three .dll files from the Windows NT Magazine Web site at http://www.winntmag.com.
Have Num Lock Come on Automatically
Have you ever been annoyed by Windows NT's habit of turning off the Num Lock key, even if your system BIOS turns it on at boot up? You might expect to find a check box to control the Num Lock key in the Control Panel under Keyboard, but none exists. You can, however, control the Num Lock key in the Registry under HKEY_CURRENT_USER\Control Panel\Keyboard. Change the value of InitialKeyboardIndicators to 2. Num Lock will come on automatically the next time you log on.
If you want to implement this fix systemwide, add the system policy template file in Listing 3 to your INF directory. You also need to load the system policy template file with your usual templates in System Policy Editor (SPE). Loading this file will add a check box for Numeric Keypad under the category Windows NT Login in SPE. Select the check box. Now, any users assigned to the policy will find that Num Lock comes on automatically.
Create User IDs Quickly and Efficiently
My company had just installed a new Windows NT network, so I needed to enter about 500 new user IDs, complete with description, logon script, and home directory path. In addition, I needed to create the home directories, set the proper permissions, and share the directories (again with the proper permissions). I wasn't looking forward to manually entering all this information.
But the task wasn't bad for two reasons. First, the characters for the user IDs and home directories were straightforward. The user ID was the first five letters of the user's last name followed by the user's first initial. For example, John Smith had a user ID of SmithJ. The user's home directory was the same name as the six-character user ID.
Second, I used several utilities in the Microsoft Windows NT Server Resource Kit and Microsoft Excel. The first resource kit utility that saved me hours of work was addusers.exe, which has the following syntax:
The /c option adds users to NT based on information in a comma-delimited text file. The /d option dumps current user information to a text file. The /e option erases user information specified by a text file.
You can use addusers.exe not only to create users, but also to add them to local and global groups. For this discussion, I will address only creating users. To create users, complete the following five steps.
1. Create the user list. Open a spreadsheet in Excel, and enter the necessary information in Sheet1. Here is what goes in each column:
Column A contains the user IDs. In row 1 of column A (cell A1), enter:
In A2, enter the formula:
Don't forget the space between the two quotation marks. This formula generates the standard six-character user ID. (You can modify this formula to suit your user ID needs, but you'll have to refer to Excel's online Help for assistance.) Leave the rest of the column blank for now.
Column B contains the usernames. In B2, begin entering the full names (first name, then last name) for all the new users. You can either type this information or import a text file if one is available. Fortunately, after you have entered the full names, most of your work is done because you will generate the rest of the information from this column of names.
After entering the usernames, use Excel's AutoFill feature to copy the formula you put in A2 to the rest of column A. In seconds, you will have all your users' IDs in the first column.
Column C contains the users' initial password. You can specify an initial password, or you can leave this field blank.
Column D contains the user profiles. In the NT environment, a user's profile is the same as the user's full name, so enter this formula in D2:
Use AutoFill to copy the formula to the rest of the column.
Column E contains the drive letter for the user's home directory. All my users use the U: drive, so I entered this formula in E2:
Then I used AutoFill to copy this entry to the rest of the column.
Column F contains the path to the user's home directory. The NT environment follows the convention \\SERVER\<user ID>$ where $ specifies that the share to connect to is a hidden share. The formula for column F is:
Enter this formula in F2, and use AutoFill to copy this entry to the rest of the column.
Column G contains the path where the user's profile will reside. Because the profiles will be in the same directory on the server, enter this formula in G2:
Use AutoFill to copy this path to the rest of the column.
Column H contains the name of the logon script to run for the user. All my users use the same file (logon.bat), so in H2, I entered logon.bat and used AutoFill to copy this file to the rest of the column.
After you finish entering the information in the columns, save your work in Excel format. Screen 2 shows an example of what the worksheet will look like. Then save your worksheet as a comma-delimited text file by choosing CSV (Comma delimited) in the Save As dialog box. Screen 3 shows an example of a comma-delimited file. Make sure that \[User\] appears before the list of names. (Note: The ADDUSERS utility that comes with the NT 4.0 resource kit differs from the utility that comes with the NT 3.51 resource kit. I used the 4.0 utility. Check your NT resource kit for information about your ADDUSERS utility, including details on the format for the text file.)
2. Run the command. At the server where you will create the users (the Primary Domain Controller—PDC—in a domain environment), run the following command:
Replace users.txt with the filename that you used in Excel to save the file.
ADDUSERS will now create NT user IDs based on the information in your text file. For each user, you will receive a confirmation that ADDUSERS created the ID. You will also receive an Error: 53 message because the home directories that ADDUSERS is trying to add to the users' profiles do not yet exist. You'll create these directories shortly, so you can ignore these error messages for now.
You might receive another error message warning you of duplicate user IDs. The formula you used in Excel doesn't check for duplicate IDs. So, for example, John Smith and Jack Smith would generate the same user ID of SmithJ. ADDUSERS will give you an error message when it tries to create the second ID. You must change duplicate IDs manually.
3. Create the home directories. You can use your Excel worksheet of users to quickly generate a new worksheet that contains the required commands to create the directories. To begin, create a USERS directory off the root of a drive on the NT server where the home directories will reside. If the USERS directory is on an NTFS partition, give the Administrators group full control to this directory.
Next, open the Excel spreadsheet that contains the user list. Go to Sheet2. In A1 of Sheet2, enter:
In A2, enter:
(Don't forget the space before md.) For user John Smith, this formula will generate the command:
Use the AutoFill to copy this formula to the rest of the column.
Save Sheet2 as a text file (tab delimited), and give it a name such as makedirs.txt. Then rename the file from makedirs.txt to makedirs.bat. (Unfortunately, in Excel 97, you have to go through these awkward steps because Excel tries to append a .txt extension to all filenames, regardless of whether you already assigned another extension.) Run the batch file to create your directories.
4. Set permissions on the home directories. If the user directories are on an NTFS partition, you need to set the proper permissions on the directories. If the home directories are not on an NTFS partition, you can proceed to step 5.
The process for setting permissions is similar to the one you used to create the home directories. You will be using a batch file and the resource kit utility cacls.exe. (For details on the CACLS command, type CACLS /? at the command line or see the NT resource kit.)
In your Excel spreadsheet, go to Sheet3. In A1, enter:
In A2, enter:
Change the drive letter in the formula to the drive that you are using in your environment, and don't forget the space before the /T and after the /G. For John Smith, this formula creates the command line:
This command gives John Smith Change control to his home directory. Use AutoFill to copy this formula to the rest of the column.
Save Sheet3 using the same procedure that you used to save Sheet2. Run the generated batch file to set the proper permissions on the user directories.
5. Share the home directories. Now you must share the users' directories and set the proper share-level permissions for the directory. You will be using the batch file and the NT resource kit utility, rmtshare.exe. The syntax for this command is:
\[/grant \[user\[:perms \]\]\] \[/remove user\]\[/users:number\]
\[/unlimited\] \[/remark:"text"\] /delete\]
Add a new worksheet in Excel (Sheet4). In A1, enter:
In A2, enter:
Sheet1!F2,"=e:\users\",Sheet1!A2," /grant ", Sheet1!A2,":C")
Don't forget the space after rmtshare and before and after /grant. For John Smith, this formula creates the command:
This command creates a hidden share because the share name ends with a $.
Save Sheet4 as a text file and rename it to a file with a .bat extension. Run this batch file to create all your shares with the proper permissions.
Now that you're finished, don't delete the Excel spreadsheets or the text files. They could come in handy if your server crashes and you must re-create all the accounts. In addition, if you have an existing NT environment, you can run ADDUSERS with the /d option so that you'll have a snapshot of your user database in case disaster strikes.
This five-step procedure automates the process of creating and setting up numerous users, saving you many hours of work. Although someone must enter each user's name into the spreadsheet, you can pay someone to enter the names, saving you even more time.