Windows XP and 2000 Tips & Tricks UPDATE—brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com


THIS ISSUE SPONSORED BY

Free eBook on Active Directory Administration
http://www.aelita.com/428winnettipstricks

Deploy any software to any computer in minutes!
http://www.newboundary.com/box/win_net_update/prismdeploy_info.htm


SPONSOR: FREE EBOOK ON ACTIVE DIRECTORY ADMINISTRATION

What should I do if I've organized my Active Directory to make it easy to manage, but that structure is making Group Policy difficult to administer? How many domain controllers do I need for optimum performance? If you'd like the answers to these questions and others, get your free copy of The Tips and Tricks Guide to Windows 2000 and Active Directory Administration eBook from Aelita Software.
http://www.aelita.com/428winnettipstricks


April 28, 2003—In this issue:

1. COMMENTARY

2. FAQS

  • Q. Why can't I access the Microsoft Management Console (MMC) Active Directory (AD) snap-ins in Windows 2000 and later?
  • Q. How can I change the product key when I activate my Windows XP installation?
  • Q. Why does Windows XP prompt me to change my password, even though I haven't created one?
  • Q. How can I increase the priority of the print spooler?
  • Q. Why did several administrative tools stop working after I removed the Everyone group from the "Access this computer from the network" user right?

3. HOT RELEASE (ADVERTISEMENT)

  • HP OpenView for Windows Test Drive

4. ANNOUNCEMENTS

  • Join The HP & Microsoft Network Storage Solutions Road Show!
  • Sample Our Security Administrator Newsletter!

5. CONTACT US

  • See this section for a list of ways to contact us.

1. COMMENTARY
(contributed by John Savill, FAQ Editor, jsavill@winnetmag.com)

This week, I explain why you might not be able to access several Microsoft Management Console (MMC) snap-ins in Windows 2000 and later, why several administrative tools might stop working after you remove the Everyone group from the "Access this computer from the network" user right, and how to change the product key when you activate Windows XP. I also tell you why XP prompts you to change your password when no password exists, and how to increase the print-spooler priority.

Around the industry this week, Microsoft released some new XP PowerToys, which I'll cover in next week's UPDATE. The company also released some free add-ons for Windows Media Player (WMP) and Windows Movie Maker 2 that are available for download at the Microsoft Web site.


SPONSOR: DEPLOY ANY SOFTWARE TO ANY COMPUTER IN MINUTES!

Today's IT departments cannot afford to use deployment tools that require weeks or months of valuable time for rolling out critical business applications. NEW Prism Deploy 5.0 is the most powerful and reliable tool available for packaging, customizing and deploying any software application or security patch to any computer, anywhere, in minutes. Target and deploy software without an inventory scan. Conduct inventory-based deployments. Receive the most comprehensive Windows Installer support. Download a demo today at
http://www.newboundary.com/box/win_net_update/prismdeploy_info.htm


2. FAQS

Q. Why can't I access the Microsoft Management Console (MMC) Active Directory (AD) snap-ins in Windows 2000 and later?

A. When you attempt to use the MMC Active Directory Users and Computers snap-in, MMC Active Directory Sites and Services snap-in, or MMC Active Directory Domains and Trusts snap-in, you might receive one of the following errors:

  • "Naming information cannot be located because: Logon attempt failed. Contact your system administrator to verify that your domain is properly configured and is currently online."
  • "The configuration information describing this enterprise is not available. The logon attempt failed."

These errors can occur if your security settings have been corrupted. To repair these settings, perform the following steps:

  1. Start a command session--go to Start, Run and type cmd
  2. Enter the commands secedit /configure /cfg %systemroot%\repair\secsetup.inf /db secsetup.sdb and secedit /configure /cfg %systemroot%\repair\secdc.inf /db secdc.sdb
  3. Close the command session.

The commands can take in excess of 10 minutes to process, so be patient. If you receive the following warning about a task that the system couldn't complete, you can safely ignore the warning:

"Task is completed. Some files in the configuration are not found on this system so security cannot be set/queried. It's ok to ignore.
See log %windir%\security\logs\scesrv.log for detail info."

Q. How can I change the product key when I activate my Windows XP installation?

A. When you install XP, you must enter a product key to register the software with Microsoft. However, if you want to use a different key to activate the software after installation (e.g., maybe you originally used an existing key during installation and have since purchased a new license), perform the following steps:

  1. Start the activation process as usual (go to Start, All Programs, Accessories, System Tools, then select Activate Windows).
  2. Click "Yes, I want to telephone a customer service representative to active Windows," then click Next.
  3. Click the "Change Product Key" button.
  4. Enter the new key, then click Update.
  5. Click Telephone, then continue with the activation.

Q. Why does Windows XP prompt me to change my password, even though I haven't created one?

A. If you upgraded to XP from an earlier Windows version, the OS can sometimes get confused and think you have a password. To resolve the problem, you can create a password then remove it by performing the following steps:

  1. Open the Control Panel User Accounts applet.
  2. Select your account, then click "Create a password."
  3. Enter your password in both boxes, then click Create Password.
  4. Click "Remove my password," type your password when prompted, then click "Remove Password."

Q. How can I increase the priority of the print spooler?

A. By default, the print spooler runs at the same priority as other services. However, if you have a system that you use primarily for printing, you can increase the print spooler's priority by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print registry subkey.
  3. From the Edit menu, select New, DWORD Value.
  4. Enter the name SpoolerPriority, then press Enter.
  5. Double-click the new value, then set it to 1 (0 is the default value).
  6. Click OK.
  7. Reboot the machine for the change to take effect.

Q. Why did several administrative tools stop working after I removed the Everyone group from the "Access this computer from the network" user right?

A. Some tools might use network API calls even though you run the tools locally. As a result, if the user doesn't have the right to access the computer from the network, the tool will fail. This problem affects the following administrative tools:

  • The Microsoft Management Console (MMC) Active Directory Sites and Services snap-in
  • The MMC Active Directory Users and Computers snap-in
  • The MMC Active Directory Domains and Trusts snap-in
  • Dcdiag
  • DNS Manager
  • Dsacls
  • Group Policy Editor (GPE)
  • Ldp
  • License Manager
  • Netdiag
  • Repadmin
  • Replmon

To resolve the problem, perform the following steps:

  1. Navigate to the folder \%systemroot%\sysvol\sysvol\domainname\policies\<policy guid>\machine\microsoft\windows nt\secedit</policy> for the policy affecting the "Access this computer from the network" user right and locate and open the gpttmpl.inf file. To determine the correct policy, you'll need to identify the appropriate globally unique identifier (GUID) for the policy. You can determine a policy's GUID by opening the Active Directory Users and Computers snap-in, displaying the container's Properties dialog box, clicking the Group Policy tab, then viewing the policy's properties. Because the Active Directory Users and Computers snap-in might not be accessible, you'll probably have to manually view each policy's GUID to identify the correct Group Policy Object (GPO).
  2. From the gpttmpl.inf file, copy everything after "SeInteractiveLogonRight=". The string of values will look similar to SeInteractiveLogonRight = *S-1-5-32-550,*S-1-5-32-549,*S-1-5-32-548,*S-1-5-32-551,*S-1-5-32-544,*S-1-5-21-907700337-3330534744-2079332775-1003
  3. Paste the string of values you copied from the SeInteractiveLogonRight line after the equals sign in the "SeNetworkLogonRight=" line in the gpttmpl.inf file.
  4. Save the changes, then close the gpttmpl.inf file.
  5. Locate and open the gpt.ini file at the following folder: \%systemroot%\sysvol\sysvol\domainname\policies\<policy guid></policy>
  6. Increase the version number. For example, change
    \[General\]
    Version=1
    to
    \[General\]
    Version=2
  7. Save and close the file.
  8. Force a replication of the GPO by opening a command session and typing secedit /refreshpolicy machine_policy /enforce

You'll now be able to use GPE to reset access for the "Access this computer from the network" user right, which is located under Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment. The default access would typically include Administrators, Enterprise Domain Controllers, and Everyone.

3. HOT RELEASE (ADVERTISEMENT)

  • HP OPENVIEW FOR WINDOWS TEST DRIVE

  • Monitor the availability and performance of your corporate website -- FREE for 30 days, using powerful HP OpenView management software for Windows. Simulate activity. Monitor complex transactions. Meet business demands. Manage web services. Click here.
    http://www.winnetmag.com/hptestdrive/

    4. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!

  • Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Come to our 10-city Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money--and make your job easier! There is no fee for this event, but space is limited. Register today!
    http://www.winnetmag.com/roadshows/nas

  • SAMPLE OUR SECURITY ADMINISTRATOR NEWSLETTER!

  • If you spend the better part of your day dealing with security concerns such as controlling user access, viruses, and tightening your network's permeability, then you can benefit from the type of information we publish each month in Security Administrator. Every issue shows you how to protect your enterprise with informative, in-depth articles, timely tips, and practical advice. Sample our most recent issue today!
    http://www.secadministrator.com/rd.cfm?code=fsei253xup

    5. CONTACT US
    Here's how to reach us with your comments and questions:

    • ABOUT THE FAQS — jsavill@winnetmag.com
    • ABOUT THE NEWSLETTER IN GENERAL — warren@winnetmag.com

    (please mention the newsletter name in the subject line)

    • TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
    • PRODUCT NEWS — products@winnetmag.com
    • QUESTIONS ABOUT YOUR WINDOWS XP AND 2000 TIPS & TRICKS UPDATE SUBSCRIPTION?
      Customer Support — tipsandtricks@winnetmag.com
    • WANT TO SPONSOR WINDOWS XP AND 2000 TIPS & TRICKS UPDATE?
      emedia_opps@winnetmag.com

    This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Windows XP and 2000 Tips & Tricks UPDATE—brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
    http://www.windows2000faq.com


    THIS ISSUE SPONSORED BY

    Free eBook on Active Directory Administration
    http://www.aelita.com/428winnettipstricks

    Deploy any software to any computer in minutes!
    http://www.newboundary.com/box/win_net_update/prismdeploy_info.htm


    SPONSOR: FREE EBOOK ON ACTIVE DIRECTORY ADMINISTRATION

    What should I do if I've organized my Active Directory to make it easy to manage, but that structure is making Group Policy difficult to administer? How many domain controllers do I need for optimum performance? If you'd like the answers to these questions and others, get your free copy of The Tips and Tricks Guide to Windows 2000 and Active Directory Administration eBook from Aelita Software.
    http://www.aelita.com/428winnettipstricks


    April 28, 2003—In this issue:

    1. COMMENTARY

    2. FAQS

    • Q. Why can't I access the Microsoft Management Console (MMC) Active Directory (AD) snap-ins in Windows 2000 and later?
    • Q. How can I change the product key when I activate my Windows XP installation?
    • Q. Why does Windows XP prompt me to change my password, even though I haven't created one?
    • Q. How can I increase the priority of the print spooler?
    • Q. Why did several administrative tools stop working after I removed the Everyone group from the "Access this computer from the network" user right?

    3. HOT RELEASE (ADVERTISEMENT)

    • HP OpenView for Windows Test Drive

    4. ANNOUNCEMENTS

    • Join The HP & Microsoft Network Storage Solutions Road Show!
    • Sample Our Security Administrator Newsletter!

    5. CONTACT US

    • See this section for a list of ways to contact us.

    1. COMMENTARY
    (contributed by John Savill, FAQ Editor, jsavill@winnetmag.com)

    This week, I explain why you might not be able to access several Microsoft Management Console (MMC) snap-ins in Windows 2000 and later, why several administrative tools might stop working after you remove the Everyone group from the "Access this computer from the network" user right, and how to change the product key when you activate Windows XP. I also tell you why XP prompts you to change your password when no password exists, and how to increase the print-spooler priority.

    Around the industry this week, Microsoft released some new XP PowerToys, which I'll cover in next week's UPDATE. The company also released some free add-ons for Windows Media Player (WMP) and Windows Movie Maker 2 that are available for download at the Microsoft Web site.


    SPONSOR: DEPLOY ANY SOFTWARE TO ANY COMPUTER IN MINUTES!

    Today's IT departments cannot afford to use deployment tools that require weeks or months of valuable time for rolling out critical business applications. NEW Prism Deploy 5.0 is the most powerful and reliable tool available for packaging, customizing and deploying any software application or security patch to any computer, anywhere, in minutes. Target and deploy software without an inventory scan. Conduct inventory-based deployments. Receive the most comprehensive Windows Installer support. Download a demo today at
    http://www.newboundary.com/box/win_net_update/prismdeploy_info.htm


    2. FAQS

    Q. Why can't I access the Microsoft Management Console (MMC) Active Directory (AD) snap-ins in Windows 2000 and later?

    A. When you attempt to use the MMC Active Directory Users and Computers snap-in, MMC Active Directory Sites and Services snap-in, or MMC Active Directory Domains and Trusts snap-in, you might receive one of the following errors:

    • "Naming information cannot be located because: Logon attempt failed. Contact your system administrator to verify that your domain is properly configured and is currently online."
    • "The configuration information describing this enterprise is not available. The logon attempt failed."

    These errors can occur if your security settings have been corrupted. To repair these settings, perform the following steps:

    1. Start a command session--go to Start, Run and type cmd
    2. Enter the commands secedit /configure /cfg %systemroot%\repair\secsetup.inf /db secsetup.sdb and secedit /configure /cfg %systemroot%\repair\secdc.inf /db secdc.sdb
    3. Close the command session.

    The commands can take in excess of 10 minutes to process, so be patient. If you receive the following warning about a task that the system couldn't complete, you can safely ignore the warning:

    "Task is completed. Some files in the configuration are not found on this system so security cannot be set/queried. It's ok to ignore.
    See log %windir%\security\logs\scesrv.log for detail info."

    Q. How can I change the product key when I activate my Windows XP installation?

    A. When you install XP, you must enter a product key to register the software with Microsoft. However, if you want to use a different key to activate the software after installation (e.g., maybe you originally used an existing key during installation and have since purchased a new license), perform the following steps:

    1. Start the activation process as usual (go to Start, All Programs, Accessories, System Tools, then select Activate Windows).
    2. Click "Yes, I want to telephone a customer service representative to active Windows," then click Next.
    3. Click the "Change Product Key" button.
    4. Enter the new key, then click Update.
    5. Click Telephone, then continue with the activation.

    Q. Why does Windows XP prompt me to change my password, even though I haven't created one?

    A. If you upgraded to XP from an earlier Windows version, the OS can sometimes get confused and think you have a password. To resolve the problem, you can create a password then remove it by performing the following steps:

    1. Open the Control Panel User Accounts applet.
    2. Select your account, then click "Create a password."
    3. Enter your password in both boxes, then click Create Password.
    4. Click "Remove my password," type your password when prompted, then click "Remove Password."

    Q. How can I increase the priority of the print spooler?

    A. By default, the print spooler runs at the same priority as other services. However, if you have a system that you use primarily for printing, you can increase the print spooler's priority by performing the following steps:

    1. Start a registry editor (e.g., regedit.exe).
    2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print registry subkey.
    3. From the Edit menu, select New, DWORD Value.
    4. Enter the name SpoolerPriority, then press Enter.
    5. Double-click the new value, then set it to 1 (0 is the default value).
    6. Click OK.
    7. Reboot the machine for the change to take effect.

    Q. Why did several administrative tools stop working after I removed the Everyone group from the "Access this computer from the network" user right?

    A. Some tools might use network API calls even though you run the tools locally. As a result, if the user doesn't have the right to access the computer from the network, the tool will fail. This problem affects the following administrative tools:

    • The Microsoft Management Console (MMC) Active Directory Sites and Services snap-in
    • The MMC Active Directory Users and Computers snap-in
    • The MMC Active Directory Domains and Trusts snap-in
    • Dcdiag
    • DNS Manager
    • Dsacls
    • Group Policy Editor (GPE)
    • Ldp
    • License Manager
    • Netdiag
    • Repadmin
    • Replmon

    To resolve the problem, perform the following steps:

    1. Navigate to the folder \%systemroot%\sysvol\sysvol\domainname\policies\<policy guid>\machine\microsoft\windows nt\secedit</policy> for the policy affecting the "Access this computer from the network" user right and locate and open the gpttmpl.inf file. To determine the correct policy, you'll need to identify the appropriate globally unique identifier (GUID) for the policy. You can determine a policy's GUID by opening the Active Directory Users and Computers snap-in, displaying the container's Properties dialog box, clicking the Group Policy tab, then viewing the policy's properties. Because the Active Directory Users and Computers snap-in might not be accessible, you'll probably have to manually view each policy's GUID to identify the correct Group Policy Object (GPO).
    2. From the gpttmpl.inf file, copy everything after "SeInteractiveLogonRight=". The string of values will look similar to SeInteractiveLogonRight = *S-1-5-32-550,*S-1-5-32-549,*S-1-5-32-548,*S-1-5-32-551,*S-1-5-32-544,*S-1-5-21-907700337-3330534744-2079332775-1003
    3. Paste the string of values you copied from the SeInteractiveLogonRight line after the equals sign in the "SeNetworkLogonRight=" line in the gpttmpl.inf file.
    4. Save the changes, then close the gpttmpl.inf file.
    5. Locate and open the gpt.ini file at the following folder: \%systemroot%\sysvol\sysvol\domainname\policies\<policy guid></policy>
    6. Increase the version number. For example, change
      \[General\]
      Version=1
      to
      \[General\]
      Version=2
    7. Save and close the file.
    8. Force a replication of the GPO by opening a command session and typing secedit /refreshpolicy machine_policy /enforce

    You'll now be able to use GPE to reset access for the "Access this computer from the network" user right, which is located under Computer Configuration, Windows Settings, Security Settings, Local Policies, User Rights Assignment. The default access would typically include Administrators, Enterprise Domain Controllers, and Everyone.

    3. HOT RELEASE (ADVERTISEMENT)

  • HP OPENVIEW FOR WINDOWS TEST DRIVE

  • Monitor the availability and performance of your corporate website -- FREE for 30 days, using powerful HP OpenView management software for Windows. Simulate activity. Monitor complex transactions. Meet business demands. Manage web services. Click here.
    http://www.winnetmag.com/hptestdrive/

    4. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!

  • Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Come to our 10-city Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money--and make your job easier! There is no fee for this event, but space is limited. Register today!
    http://www.winnetmag.com/roadshows/nas

  • SAMPLE OUR SECURITY ADMINISTRATOR NEWSLETTER!

  • If you spend the better part of your day dealing with security concerns such as controlling user access, viruses, and tightening your network's permeability, then you can benefit from the type of information we publish each month in Security Administrator. Every issue shows you how to protect your enterprise with informative, in-depth articles, timely tips, and practical advice. Sample our most recent issue today!
    http://www.secadministrator.com/rd.cfm?code=fsei253xup

    5. CONTACT US
    Here's how to reach us with your comments and questions:

    • ABOUT THE FAQS — jsavill@winnetmag.com
    • ABOUT THE NEWSLETTER IN GENERAL — warren@winnetmag.com

    (please mention the newsletter name in the subject line)

    • TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
    • PRODUCT NEWS — products@winnetmag.com
    • QUESTIONS ABOUT YOUR WINDOWS XP AND 2000 TIPS & TRICKS UPDATE SUBSCRIPTION?
      Customer Support — tipsandtricks@winnetmag.com
    • WANT TO SPONSOR WINDOWS XP AND 2000 TIPS & TRICKS UPDATE?
      emedia_opps@winnetmag.com

    This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email