Configuring Windows Server 2008 Server Core Basic Networking Settings

In my previous article I have written about how, in Windows Server 2008, Server Core installation does not include the traditional full graphical user interface (GUI). Therefore, once you have configured the server, you can only manage it locally at a command prompt, or remotely using a Terminal Server connection. Read more about Server Core on my "Windows Server 2008 Server Core" article.

Like any other server, Server Core machines must be properly configured to be able to communicate on your network. Some of these settings include:

Configuring an IP address
Configuring an administrator's password
Configuring a server name
Enabling remote MMC snap-in management
Enabling remote RDP connections
Enabling remote Windows Firewall management
Enabling remote shell management
Activating the server
Joining a domain
Configuring Windows Updates
Configuring error reporting
Adding server roles and features

And other tasks.

Before you start, you need to configure the server's IP address.

To set the server with a static IP address

At a command prompt, type the following:

netsh interface ipv4 show interfaces
Look at the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter, make a note of the number corresponding to the network adapter for which you wish to set a static IP address.
At the command prompt, type:

netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>

Where:
- ID is the number from step 2 above
- StaticIP is the static IP address that you are setting
- SubnetMask is the subnet mask for the IP address
- DefaultGateway is the default gateway
At the command prompt, type:

netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP> index=1

Where:
- ID is the number from step 2 above
- DNSIP is the IP address of your DNS server
Repeat step 4 for each DNS server that you want to set, incrementing the index= number each time.
Verify by typing ipconfig /all and checking that all the addresses are correct.

To set the administrative password in Windows Server 2008

At a command prompt, type the following:

net user administrator *
When prompted to enter the password, type the new password for the administrator user account and press ENTER.
When prompted, retype the password and press ENTER.

Next, you might want to change the computer's name, as the default name is a random-generated name (unless configured through an answer file)

To change the name of the server

Determine the current name of the server with the hostname or ipconfig /all commands.
At a command prompt, type:

netdom renamecomputer <ComputerName> /NewName:<NewComputerName>
Restart the computer by typing the following at a command prompt:

shutdown /r /t 0

To manage a server running a Server Core installation by using the Windows Remote Shell

To enable Windows Remote Shell on a server running a Server Core installation, type the following command at a command prompt:

WinRM quickconfig
Click Y to accept the default settings.

Note: The WinRM quickconfig setting enables a server running a Server Core installation to accept Windows Remote Shell connections.
On the remote computer, at a command prompt, use WinRS.exe to run commands on a server running a Server Core installation. For example, to perform a directory listing of the Windows folder, type:

winrs -r:<ServerName> cmd

Where ServerName is the name of the server running a Server Core installation.
You can now type any command that you require, it will be executed on the remote computer.

To activate the server

At a command prompt, type:

slmgr.vbs –ato
If activation is successful, no message will return in the command prompt.

To activate the server remotely

At a command prompt, type:

cscript slmgr.vbs -ato <servername> <username> <password>
Retrieve the GUID of the computer by typing:

cscript slmgr.vbs -did
Type

cscript slmgr.vbs -dli <GUID>
Verify that License status is set to Licensed (activated).

To join a Windows 2008 server to a domain

At a command prompt, type:

netdom join <ComputerName> /domain:<DomainName> /userd:<UserName> /passwordd:*

Where:
- ComputerName is the name of the server that is running the Server Core installation.
- DomainName is the name of the domain to join.
- UserName is a domain user account with permission to join the domain.
Note: Entering * as the password means you will be prompted to enter it on the command prompt window in the next step. You can enter it in the initial command, if you wish to.

Note: Note that the word "passwordd" has 2 d's in it…
When prompted to enter the password, type the password for the domain user account specified by UserName.
Restart the computer by typing the following at a command prompt:

shutdown /r /t 0

To remove the Windows 2008 server from a domain

At a command prompt, type:

netdom remove
Reboot the computer.

To configure automatic updates

To enable automatic updates, type:

cscript C:\Windows\System32\ Scregedit.wsf /au /4
To disable automatic updates, type:

cscript C:\Windows\System32\ Scregedit.wsf /au /1
BTW, in order to view your current settings you can type:

cscript C:\Windows\System32\ Scregedit.wsf /au /v

To configure error reporting

To verify the current setting, type:

serverWerOptin /query
To automatically send detailed reports, type:

serverWerOptin /detailed
To automatically send summary reports, type:

serverWerOptin /summary
To disable error reporting, type:

serverWerOptin /disable

Summary

Windows Server 2008 Core machines need to be properly configured for communication across your network. While most of the Server Core settings need to be configured via the local Command Prompt, some settings can also be configured remotely. This article, a part of a complete Server Core article series, will show you how to do that.

Remotely Managing Windows 2008 Server Core Firewall

As you already know by now, in Windows Server 2008, Server Core installation does not include the traditional full graphical user interface (GUI). Therefore, once you have configured the server, you can only manage it locally at a command prompt, or remotely using a Terminal Server connection. A third management option is to manage the server remotely using the Microsoft Management Console (MMC) or command-line tools that support remote use.

Read more about Server Core on my "Windows Server 2008 Server Core" article.

One of the major pains of managing such a GUI-stripped installation is the configuration of the Windows Advanced Firewall settings. Without properly configuring these rules, you will find it extremely difficult to remotely manage your server.

In this article, I assume that you have already configured your server core with the bare minimum requirements to operate in a network. These requirements are:

Configuring an IP address
Configuring a server name
Configuring an administrator's password

You should, but are not required to, also join the server to your domain.

Next, in order to properly configure Server Core to allow you to control its Firewall settings remotely, via GUI, follow these steps:

Step #1: Enable remote management through the firewall

On your Server Core machine, at a command prompt, type the following:

netsh advfirewall set currentprofile settings
remotemanagement enable

This will allow you to control the Firewall's settings from a remote MMC snap-in.

You can always run the following command in order to disable this option:

netsh advfirewall set currentprofile settings
remotemanagement disable

Step #2: Open the Windows Firewall snap-in

On a remote computer running Windows Server 2008 or Windows Vista, click Start > Run, then type MMC and press ENTER.
Click File > Add/Remove Snap-in.
In the Add or remove snap-ins, scroll down till you find the Windows Firewall with advanced security snap-in.
Click Add, then in Another Computer, type the name or IP Address of the Server Core server you want to manage.
After a short loading, if all is ok, you will be presented with the management GUI of the remote server.
You can now create new Firewall rules, enable or disable existing rules, export your settings or disable the Firewall altogether.
For example, to enable the rule allowing Remote Desktop connections to the Server Core, go to Inbound Rules. In the results pane scroll down till you find Remote Desktop (Tcp-in), right-click it and choose Enable.

Another example would be to enable ICMP Echo Replies (or simply put – Ping replies) from the Server Core server, allowing the administrators to test for connectivity issues with the server. To enable the rule allowing ICMP Echo Replies from the Server Core, go to Inbound Rules. In the results pane scroll down till you find File and Printer Sharing (Echo Request – ICMPv4-In), right-click it and choose Enable.

Pings to the Server Core server should now work.

You can save the current MMC window for future use. As long as you do not change the settings on step #1, or change the server's IP Address (if you've used an IP Address to connect to it in the first place), it should continue working for as long as you want.

Summary

Running Server Core requires manual control of many settings, and without proper Firewall configuration you may find it hard to remotely connect to it. This article showed you how to configure the Server Core server in order to remotely connect and configure the Windows firewall component.

Subnetting Table

Use this table to help you calculate Subnet Masks, available hosts per subnet or number of subnets per class. The table deals with Subnetting of only one octet.

M=Number of Masked bits

N=Number of Non-masked bits - Remember that in Class A and B networks you have other octets besides the one you're subnetting. Therefore in a Class A network instead of saying 7 (for example) you must say 7+8+8. In a Class B network instead of saying 5 (for example again, duh!) you must say 5+8. Only in Class C networks does the N value remain the same.

How many potential IP addresses do we have?

126 networks of 16,777,214 hosts each = 2,113,928,964

16,384 networks of 65,534 hosts each = 1,073,709,056

2,097,152 networks of 254 hosts each = 532,676,608

Total number of hosts = 3,720,314,628

Note: In Windows NT 4.0 you had to subtract 2 from the total number of available subnets. For example, if you wanted 2 subnets, you had to figure the number you wanted plus 2 - calculate like you wanted 4, i.e. the result would have been 192. If you wanted 8 subnets, you had to calculate like you wanted 10, i.e. the result would have been 240 instead of 224. With Windows 2000 and beyond Subnetting you do not have to do that anymore.

BTW, if you need to calculate Subnet Masks and Network IDs and you can't do it yourself (Duh, "Paper MCSE" or not?) you should try this fantastic Subnet Calculator right here:

IP Workshop

It not only calculates the required fields but also pops out a window that draws the bit pattern and explains the results. Great resource!

Create a Super Hidden Folder

You probably already know how to create just a plain hidden folder. It is super easy, you just right click on the folder and select Hidden then click Apply. The problem is that anyone with access to the computer can easily turn on the Show Hidden Files and Folders and then can easily see the folder you created. Well here is a trick that will get around this problem and create a invisible folder that has no text and no icon. td

Please note: Once you create a Super Hidden folder that it will be up to you to remember where you put it. I suggest writing down the location in case you should ever forget about where this folder is.

Right Click on the folder you want hidden, then select Properties

“Right-Click_and_select_properties”

Click on the Customize Tab (Note this procedure also works on any icon, some icons do not let you Customize. So, if you do not see a Customize tab, then you will have to create a new folder and move the icon that you are trying to make hidden into the newly created folder. Then you will make the folder Super Hidden)

“Click_On_the_customize_tab”

Click On the Change Icon button

“Click_on_the_change_icon_button”

The Change Icon box will pop up with the default Windows Icons (If it does not, then click on the Browse button and navigate to your WINDOWS\system32 folder and then find and choose SHELL32.dll then click OPEN

”The_Change_Icon_Box”

Then Scroll to the right and look for a blank icon. Select the blank icon then click Ok.

”The_Change_Icon_Box”

Then Click Apply. And you should now have a blank icon with only the text below it, like this:

”Blank_Icon”

Now to get rid of the text, follow this procedure:-

You may be thinking that it is very easy to remove the titles. Probably your first thought would be to rename the icon and make a blank name. Well, that doesn’t work, if you don’t believe me try it out for yourself and see….

What happens when you try to rename the icon to a blank name? It simply reverts back to the previous name.

“Right “Hit

“It “Hit

For this trick to work, we need to make sure that File and Folder Settings has the Show File Extensions for known File Types Enabled. This is the default setting in XP, so if you have not made any changes it should be set properly. If you are not sure, then check. Here is how …

Click Start, then My Computer. Click on Tools then Folder Options.

“investigate_00a.jpg

On the View tab check mark Hide Extensions For Known File Types then Click Apply

“Put

Ok, now that we have that set...Here is the trick to removing the icon title and having a Blank Text untitled icon

First, right click on the icon that you want to remove it’s title, then go to Rename

“Right

Now, what you need to do, is hold the ALT button down. With the ALT button held down, and using the keypad type 255 then release the ALT button and hit enter, and voila you now have a untitled icon.

“Hold

This trick will work only for icon, if you are creating multiple Blank Text icons then you will need to name them like this:

For 1 Blank Text Icon: ALT + 255 (release ALT)
For 2 Blank Text Icons: ALT + 255 (release ALT) ALT + 255 (release ALT)
For 3 Blank Text Icons: ALT + 255 (release ALT) ALT + 255 (release ALT) ALT + 255 (release ALT)
And so on…

The reason we need to do this is because part of Windows XP rules state that you cannot have a file/folder/shortcut with the same name in the same folder. To get around this restriction, we simply name the first icon with 1 blank space, the second icon with 2 blank spaces, the third with 3 blank spaces and so on.

Here is the result
BEFORE:
“Before”
AFTER:
“Here

Please Note that to get this trick to work, when you are typing the 255, that you are using the 10-key keypad located on the right hand side of your keyboard. The ALT that you use does not matter

The result is a SUPER hidden Folder:

”Blank_Icon”

In the screenshot, I have the view settings on Thumbnails, which puts the grey box around the folder. To remove that box, choose either the Icon, Tiles or List from the View settings

”Choose_Icons_Tiles_or_List”

Technorati Tags: Super Hidden Folder

IceRocket Tags: Windows Hidden Folder

12 Hidden Windows Vista Network Tools

Windows Vista delivers an impressive line up of network tools that can be used to keep the operating system connectivity on a short leash. The total of 12 command-line tools can be used to manage all aspects of Vista networking. Users will be able not only to closely monitor the networking activity of the platform, but also repair network connections. The utilities are not new to Windows Vista, having survived in the operating system from previous Windows versions. Here is the complete list in alphabetical order:

getmac – this tool will enable you to display the MAC addresses for network adaptors on a system. The Media Access Control (MAC) address for the network card can be accessed both on the local computer and on a network.
hostname – not sure about what the name of your machine is on the network? Just type hostname and hit enter.

ipconfig – according to Microsoft’s own description, the tool is designed to display by default only the IP address, subnet mask and gateway for each adapter associated with the TCP/IP. But in addition to enumerating the TCP/IP network configuration parameters users can also refresh the DHCP and DNS settings.
nslookup – is meant to be used according to Domain Name System.
net – is a general tool with commands covering a broad range of functionality.
netstat – displays protocol statistics and TCP/IP network connections.
netsh – the command-line tool enables Vista users to both view and alter the network configuration settings of computers.
pathping – is a middle solution which bundles the functionality delivered by traceroute and ping.
nbtstat – a tool that will display protocol statistics and current TCP/IP connections using NetBIOS over TCP/IP.
Ping – a complete description of the ping utility can be found here.
route – manipulates network routing tables.
tracert – users can implement this command-line tool to identify connectivity problems between the local computer and a network address.

When using command-line tools in Windows Vista it is healthy to remember to launch the command prompt window with administrative privileges. In order to do so, enter “cmd” in the Search box under the Vista Start Menu and press Ctrl + Shift + Enter to launch the process with elevated privileges.

How to install Windows Vista?

Step #1: Plan your installation

When you run the Windows Vista Setup program, you must provide information about how to install and configure the operating system. Thorough planning can make your installation of Windows Vista more efficient by helping you to avoid potential problems during installation. An understanding of the configuration options will also help to ensure that you have properly configured your system.

I won't go into that part right now (I might later this month, no promises...) but here are some of the most important things you should take into consideration when planning for your Windows Vista installation:

Check System Requirements
Check Hardware and Software Compatibility
Determine Disk Partitioning Options
Decide on a Workgroup or Domain Installation
Complete a Pre-Installation Checklist

After you made sure you can go on, start the installation process.

Step #2: Beginning the installation process

You can install Windows Vista in several methods - all are valid and good, it all depends upon your needs and your limitations. In this manual I will focus on the simplest form of installation - directly from the Windows Vista DVD media.

So, insert your Windows Vista DVD media into your DVD drive and reboot your computer. A black window will appear momentarily while the DVD content is read.

Step #3: The GUI-based portion of the Setup program

Unlike previous versions of Windows, Windows Vista does not have a noticeable text phase of the setup process, and it will boot directly into the Graphical User Interface (GUI) mode.

After a few moments you will see the first prompt:

Press Next unless you want to change some regional settings for the installation process.

Press the Install now button.

After a short delay you're be prompted to enter your product key:

You can skip this part if you don't have the product key handy (read Install Windows Vista Without Supplying the Product Key for more info). However, if you do have a valid product key at that time (and you should have one, we're dealing with legal issues here), then by entering the right key the setup program knows which version of Vista to install.

If you skip it, you'll be prompted for a Vista version that matches your product key (the one you don't have handy at that moment):

You now have to accept the license terms:

Next you need to press the Custom (Advanced) installation type button:

The Upgrade button is disabled because this specific installation if performed on a new computer without any previous operating system on it.

The next phase is to pick the installation partition. Since this computer has a new hard disk that hasn't been formatted before, you will only have the option to create a new partition on it. Had it had previous partitions on it you could have chosen to either delete them or perform other tasks. Pressing the Advanced button will bring up the following options.

Since we don't need to perform any additional task we will just press on the Next button. The installation process will then create a partition on all the available disk space, and format it.

The setup process will now begin to copy files from the installation DVD media to the hard disk.

This will take some time:

After some time (the exact amount of time will greatly depend on your computer's hardware), the setup process will install updates for the operating system.

The computer will then automatically reboot.

Now comes a long waiting period, where the installation process configures the system. Again, the exact amount of time will greatly depend on your computer's hardware.

After the long wait, the system will then reboot once again.
You will think something went wrong because of the relative long time it take the system to display anything besides the black screen, but finally, after a few moments you will note a small colored circle:

A few seconds after that you will be prompted to enter a username and password for the first user on the computer.

Although the setup program will let you continue without entering a password, note that it is very advisable to enter a password here, and the best option would be to choose a complex password made of at least 7 characters or more (something like P@ssw0rd or MYpa$$w0rd). Make sure you remember it.

Also pick your user's display picture. This can be changed later.

Pick a name for your computer. The setup program will create one based upon the username you chose in the previous step, but you can change it now (and later).

Also pick a background for the user's desktop. This can be changed later.

Choose what sort of protection your computer gets. The recommended settings are best for someone that doesn't plan to hide their computer behind a corporate firewall (and even then, in some cases, this would be the best option). If you plan to install a 3rd-party firewall later you can opt to be prompted later.

Note that this setting will also have effect on how the computer uses the Microsoft Windows Update (Automatic Updates) features.

Next comes the Time Zone settings window. Choose your location.

Done! You're prompted with the last setup screen:

Again a long wait and some promotional screens you see the hourglass circling around, in preparation for the first logon.

Finally, the first screen appears, you're ready to rock and roll!

Note that if the computer was connected to the Internet while installing it, it will automatically download and prompt you to install any missing hotfix or update it finds for the current state of the operating system.

Done!

How can I install Windows Vista without supplying the product key?

You can configure Windows Vista to install without having to manually enter the product key during the setup process. This is quite useful if you find yourself in need to perform an installation of the OS but without having the (legal) product key with you at that very moment. Unlike previous Windows versions where you had to have a CD Key handy during the installation of the OS, the Windows Vista setup process only makes it appear as if you have to enter a product key to install it.

During the setup program's progress you will reach a dialog box that will ask you to enter a valid product key. Here is where the fun part starts. You can actually leave it blank!

Next click No in response to the "Are you sure" dialog box. You will now be presented with a list of all the different Windows Vista versions available on the DVD. Yes, the cool thing about the Windows Vista DVD is that every DVD has every version of Vista available for you to pick from, and the product key you own is the only thing that tells the setup process what version of Vista it should install.

You can now pick any one from that list and use it for up to 14 days without any having any issues. After 14 days you will need to enter a valid product key or do a fresh install from the beginning.

This "feature" will in fact help you if you'd like to test the different versions of Vista before deciding which one to buy.

Windows Server 2008 Server Core

One of the most exciting new features of Windows Server 2008 is its ability to install as a Server Core machine.

A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles. A server running a Server Core installation supports the following server roles:

Active Directory Domain Services (AD DS)
Active Directory Lightweight Directory Services (AD LDS)
DHCP Server
DNS Server
File Services
Print Services
Streaming Media Services
Windows Virtualization

In Windows Server 2008, Server Core installation does not include the traditional full graphical user interface (GUI). You can read more about how to locally and remotely manage Server Core machines by reading the list of articles available below.

This is, in a way, revolutionizing the way Microsoft is looking at GUI-based administration, a step enforced by other means such as Windows PowerShell and Microsoft Exchange Server 2007, all allowing strong command line management capabilities.

There are, alas, some GUI tools you might want to use in Server Core. Some of these include:

Task Manager:

Notepad (stripped down):

Time, Date, and Time Zone Control Panel applet:

Regional Settings Control Panel applet:

That's about it. The rest is all CLI and remote management.

What’s new in the Server Core installation option?

The Server Core installation option of Windows Server 2008 requires initial configuration at a command prompt. A Server Core installation does not include the traditional full graphical user interface. Once you have configured the server, you can manage it locally at a command prompt or remotely using a Terminal Server connection. You can also manage the server remotely using the Microsoft Management Console (MMC) or command-line tools that support remote use.

Benefits of a Server Core installation

The Server Core installation option of Windows Server 2008 provides the following benefits:

Reduced maintenance - Because the Server Core installation option installs only what is required to have a manageable server for the AD DS, AD LDS, DHCP Server, DNS Server, File Services, Print Services, and Streaming Media Services roles, less maintenance is required than on a full installation of Windows Server 2008.

Reduced attack surface - Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.

Reduced management - Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage.

Less disk space required - A Server Core installation requires only about 1 gigabyte (GB) of disk space to install and approximately 2 GB for operations after the installation.

Lower risk of bugs - Reducing the amount of code can help reduce the amount of bugs.

Issues with Server Core installation and upgrading from previous versions

Since Server Core is a special installation of Windows Server 2008, the following limitations are present:

There is no way to upgrade from a previous version of the Windows Server operating system to a Server Core installation. Only a clean installation is supported.

There is no way to upgrade from a full installation of Windows Server 2008 to a Server Core installation. Only a clean installation is supported.

There is no way to upgrade from a Server Core installation to a full installation of Windows Server 2008. If you need the Windows® user interface or a server role that is not supported in a Server Core installation, you will need to install a full installation of Windows Server 2008.

Server Core versions

Server Core comes in Standard, Enterprise and Datacenter editions for i386 and x64 platforms. Most companies will probably go for the Standard edition because most of the differences found in the Enterprise and Datacenter editions of Windows Server 2008 won't be present in Server Core. The Enterprise Server Core will, however, allow you to utilize more processor and memory support, as well as clustering. Datacenter adds the whole Datacenter hardware program and 99.999 percent reliability.

Network Access Protection for Windows Server “Longhorn”

Network Access Protection (NAP) is a policy enforcement platform built into the Microsoft Windows Vista and Windows Server code name "Longhorn" operating systems that allows you to better protect network assets by enforcing compliance with system health requirements. With Network Access Protection, you can create customized health policies to validate computer health before allowing access or communication, automatically update compliant computers to ensure ongoing compliance, and optionally confine noncompliant computers to a restricted network until they become compliant.

Network Access Protection includes an application programming interface (API) set for developers and vendors to create complete solutions for health policy validation, network access limitation, and ongoing health compliance.

To validate access to a network based on system health, a network infrastructure needs to provide the following areas of functionality:

•Health policy validation. Determines whether the computers are compliant with health policy requirements.

•Network access limitation. Limits access for noncompliant computers.

•Automatic remediation. Provides necessary updates to allow a noncompliant computer to

become compliant.

•Ongoing compliance. Automatically updates compliant computers so that they adhere to ongoing changes in health policy requirements.

Scenarios for Network Access Protection

Designed to provide customers with the most flexible solution, NAP can interoperate with any vendor’s software that provides a System Health Agent (SHA) and System Health Validators (SHV) or that recognizes its published API set. Examples of third-party solutions that work with Network Access Protection would be Anti-Virus, Patch Management, VPN, and Networking Equipment. Network Access Protection helps provide a solution for the following common scenarios.

•Check the health and status of roaming laptops

With Network Access Protection, network administrators can check the health of any laptop when it reconnects to the company network without sacrificing the portability and flexibility of laptops.

•Ensure the ongoing health of desktop computers

With the addition of management software, automatic reports can be generated, updates can be made automatically to noncompliant computers, and when administrators change health policies, computers can be automatically provided with the most recent updates preventing health threats from publicly accessible resources.

•Determine the health of visiting laptops

With Network Access Protection, administrators can determine that the visiting laptops are not authorized to access the network and limit their access to a restricted network without requiring any updates or configuration changes to the visiting laptops.

•Verify the compliance and health of unmanaged home computers

By using Network Access Protection, network administrators can check for required programs, registry settings, files, or combinations of these every time a home computer makes a VPN connection to the network, and they can limit the connection to a restricted network until system health requirements are met.

Components of Network Access Protection

Network Access Protection provides a flexible platform that supports multiple access enforcement mechanisms including, but not limited to:

•Internet Protocol security (IPsec) for host based authentication

•IEEE 802.1X authenticated network connections

•Virtual private networks (VPNs) for remote access

•Dynamic Host Configuration Protocol (DHCP)

Administrators can use these technologies separately or together to limit noncompliant computers. Network Policy Server (NPS), the replacement for Internet Authentication Service (IAS) in Windows Server 2003 in Windows Server "Longhorn," acts as a health policy server for all of these technologies.

Network Access Protection requires servers to run Windows Server "Longhorn" and clients to run Windows Vista, Windows XP with Service Pack 2 (SP2), or Windows Server "Longhorn."

IPsec Enforcement
IPsec Enforcement comprises a health certificate server and an IPsec NAP Enforcement Client (EC). The health certificate server issues X.509 certificates to quarantine clients when they are determined to be compliant. These certificates are then used to authenticate NAP clients when they initiate IPsec-secured communications with other NAP clients on an intranet.

IPsec Enforcement confines the communication on your network to those nodes that are considered compliant and because it is leveraging IPsec, you can define requirements for secure communications with compliant clients on a per-IP address or per-TCP/UDP port number basis. IPsec Enforcement confines communication to compliant computers after they have successfully connected and obtained a valid IP address configuration. IPsec Enforcement is the strongest form of limited network access in Network Access Protection.

802.1X Enforcement
802.1X Enforcement comprises an NPS server and an EAPHost NAP EC component. Using 802.1X Enforcement, an NPS server instructs an 802.1X access point (an Ethernet switch or a wireless access point) to place a restricted access profile on the 802.1X client until it performs a set of remediation functions. A restricted access profile can consist of a set of IP packet filters or a virtual LAN (VLAN) identifier to confine the traffic of an 802.1X client. 802.1X Enforcement provides strong limited network access for all computers accessing the network through an 802.1X connection.

VPN Enforcement
VPN Enforcement comprises a VPN NAP Enforcement Server (ES) component and a VPN NAP EC component. Using VPN Enforcement, VPN servers can enforce health policy requirements any time a computer attempts to make a VPN connection to the network. VPN Enforcement provides strong limited network access for all computers accessing the network through a VPN connection.

DHCP Enforcement
DHCP Enforcement comprises a DHCP NAP ES component and a DHCP NAP EC component. Using DHCP Enforcement, DHCP servers can enforce health policy requirements any time a computer attempts to lease or renew an IP address configuration on the network. DHCP Enforcement is the easiest enforcement to deploy because all DHCP client computers must lease IP addresses. Because DHCP Enforcement relies on entries in the IP routing table, it is the weakest form of limited network access in Network Access Protection.

NPS/RADIUS
The Remote Authentication Dial-In User Service (RADIUS) component of Windows Server "Longhorn," NPS, does not have a NAP ES or NAP EC component. Instead, it works as a policy server in conjunction with NAP ES and NAP EC components. Administrators must define system health requirements in the form of policies on the NPS server. NPS servers provide health policy checks and coordinate with the Active Directory® directory service any time a computer attempts to obtain a health certificate or to connect to an 802.1X access point, a VPN server, or a DHCP server.

10 Ways to Speed Up Windows

The effectiveness of each of these tweaks will vary from machine to machine. I’ve tried to focus on tweaks that I’m confident can be made on any XP machine regardless of the individual setup. Please do not make any of these changes if you are not sure what you are doing, and remember to make backups first and good luck!

1. Disable Unnecessary Services

Because Windows XP has to be all things to all people it has many services running that take up system resources that you will never need. Below is a list of services that can be disabled on most machines:

Alerter
Clipbook
Computer Browser
Distributed Link Tracking Client
Fast User Switching
Help and Support - (If you use Windows Help and Support leave this enabled)
Human Interface Access Devices
Indexing Service
IPSEC Services
Messenger
Netmeeting Remote Desktop Sharing (disabled for extra security)
Portable Media Serial Number
Remote Desktop Help Session Manager (disabled for extra security)
Remote Procedure Call Locator
Remote Registry (disabled for extra security)
Remote Registry Service
Secondary Logon
Routing & Remote Access (disabled for extra security)
Server
SSDP Discovery Service - (Unplug n’ Pray will disable this)
Telnet
TCP/IP NetBIOS Helper
Upload Manager
Universal Plug and Play Device Host
Windows Time
Wireless Zero Configuration (Do not disable if you use a wireless network)
Workstation

To disable these services:

1. Go to Start and then Run and type "services.msc"
2. Doubleclick on the service you want to change
3. Change the startup type to ‘Disable"

2. Turn Off System Restore

System Restore can be a useful if your computer is having problems, however storing all the restore points can literally take up Gigabytes of space on your hard drive. To turn off System Restore:

1. Open Control Panel
2. Click on Performance and Maintenance
3. Click on System
4. Click on the System Restore tab
5. Tick ‘Turn off System Restore on All Drives’
6. Click ‘Ok’

3. Defragment Your Pagefile

Keeping your pagefile defragmented can provide a major performance boost. One of the best ways of doing this is to creat a separate partition on your hard drive just for your page file, so that it doesn’t get impacted by normal disk usage. Another way of keeping your pagefile defragmented is to run PageDefrag. This cool little app can be used to defrag your pagefile, and can also be set to defrag the pagefile everytime your PC starts. To install:

1. Download and Run PageDefrag
2. Tick "Defrag at next Reboot",
3. Click "Ok"
4. Reboot

4. Speedup Folder Access - Disable Last Access Update

If you have a lot of folders and subdirectories on your computer, when you access a directory XP wastes a lot of time updating the time stamp showing the last access time for that directory and for ALL sub directories. To stop XP doing this you need to edit the registry. If you are uncomfortable doing this then please do not attempt.

1. Go to Start and then Run and type "regedit"
2. Click through the file system until you get to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem"
3. Right-click in a blank area of the window on the right and select ‘DWORD Value’
4. Create a new DWORD Value called ‘NtfsDisableLastAccessUpdate’
5. Then Right click on the new value and select ‘Modify’
6. Change the Value Data to ‘1'
7. Click ‘OK’

5.Disable System Sounds

Surprisingly, the beeps that your computer makes for various system sounds can slow it down, particularly at startup and shut-down. To fix this turn off the system sounds:
1. Open Control Panel
2. Click Sounds and Audio Devices
3. Check Place volume icon in taskbar
4. Click Sounds Tab
5. Choose "No Sounds" for the Sound Scheme
6. Click "No"
7. Click "Apply"
8. Click "OK"

6. Improve Boot Times

A great new feature in Microsoft Windows XP is the ability to do a boot defragment. This places all boot files next to each other on the disk to allow for faster booting. By default this option in enables but on some builds it is not so below is how to turn it on.

1. Go to Start Menu and Click Run
2. Type in "Regedit" then click ok
3. Find "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOpt imizeFunction"
4. Select "Enable" from the list on the right
5. Right on it and select "Modify"
6. Change the value to "Y to enable"
7. Reboot

7. Improve Swapfile Performance

If you have more than 256MB of RAM this tweak will considerably improve your performance. It basically makes sure that your PC uses every last drop of memory (faster than swap file) before it starts using the swap file.

1. Go to Start then Run
2. Type "msconfig.exe" then ok
3. Click on the System.ini tab
4. Expand the 386enh tab by clicking on the plus sign
5. Click on new then in the blank box type"ConservativeSwapfileUsage=1?
6. Click OK
7. Restart PC

8. Make Your Menus Load Faster

This is one of my favourite tweaks as it makes a huge difference to how fast your machine will ‘feel’. What this tweak does is remove the slight delay between clicking on a menu and XP displaying the menu.

1. Go to Start then Run
2. Type ‘Regedit’ then click ‘Ok’
3. Find "HKEY_CURRENT_USER\Control Panel\Desktop\"
4. Select "MenuShowDelay"
5. Right click and select "Modify’
6. Reduce the number to around "100?

This is the delay time before a menu is opened. You can set it to "0? but it can make windows really hard to use as menus will open if you just look at them - well move your mouse over them anyway. I tend to go for anywhere between 50-150 depending on my mood

9. Make Programs Load Faster

This little tweak tends to work for most programs. If your program doesn’t load properly just undo the change. For any program:

1. Right-click on the icon/shortcut you use to launch the program
2. Select properties
3. In the ‘target’ box, add ‘ /prefetch:1' at the end of the line.
4. Click "Ok"

Voila - your programs will now load faster.

10. Improve XP Shutdown Speed

This tweak reduces the time XP waits before automatically closing any running programs when you give it the command to shutdown.

1. Go to Start then select Run
2. Type ‘Regedit’ and click ok
3. Find ‘HKEY_CURRENT_USER\Control Panel\Desktop\’Select ‘WaitToKillAppTimeout’
4. Right click and select ‘Modify’
5. Change the value to ‘1000'
6. Click ‘OK’
7. Now select ‘HungAppTimeout’
8. Right click and select ‘Modify’
9. Change the value to ‘1000'
10. Click ‘OK’
11. Now find ‘HKEY_USERS\.DEFAULT\Control Panel\Desktop’
12. Select ‘WaitToKillAppTimeout’
13. Right click and select ‘Modify’
14. Change the value to ‘1000'
15. Click ‘OK’
16. Now find ‘HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\’
17. Select ‘WaitToKillServiceTimeout’
18. Right click and select ‘Modify’
19. Change the value to ‘1000'
20. Click ‘OK’

That’s it. I hope you find these tips useful - you should now see a noticeable speed improvement if you make all of these changes correctly. Hopefully you’ll be pleasantly surprised!

What Slows Down Your Windows

Results and Conclusions

Most people won't find anything too shocking here. One of the most surprising things to be

gleamed from here is the blatant time and effort Symantec have gone to improve their product from the 2006 version. This won't help you if you own that version, but it should give you a good idea what to expect from Symantec in the future if you're determined to stick with their product line.

Overall

Here's the table of results for all three sections ranked by their overall performance degradation. The control times where:

Boot Time: 70 seconds
Prime: 26 seconds
FileIO: 25seconds

Boot Delay

The boot delays were quite a lot smaller than last time, likely to be attributable to VMWare having a better grasp on its file system than Virtual PC, but the same names were at the top of this test.

Prime Delay

I wasn't expecting too much of a result from here. The prime delays would have come on systems where there were applications hogging resources.

FileIO Delay

The only applications this was going to affect were the system-monitors; those applications that require 100% attention on the file system, namely the security products.

Conclusions

Well it's clear to see what sort of application has most effect on Windows. Antivirus programs tether the performance of your computer alongside that of one three years its elder. If you really need an antivirus system, make sure you follow these benchmarks but also make sure you check how good the one you're looking at really is. Nod32 gets good security reviews and seems to leave the system fairly nippy

The new version of Norton has shocked me a little. Every year since their Norton AntiVirus 2002, they've added more and more "bloat". They call them features, and looking at the box, you'd agree. Features have traditionally come at a price though. If you're scanning more things, it's going to take it more time. NIS2007 seems to do all the work of 2006 but with significantly less load on the FileIO. I'm not shouting "go out and buy it" because of the massive boot delay and there are still better products.

If you're looking for the best of the best antivirus products you should look at their detection rates. There's no point in having something, no matter how expensive, if it cannot keep you protected.

Windows XP SP3 Preview

Though Microsoft still won't confirm that it will release a third service pack for its Windows XP operating system, a preview version of the software update has been made available on the Web.

An "unofficial" preview pack of Windows XP Service Pack 3 is available at The Hotfix, a software download site and discussion forum that focuses on patches and software updates.
Info Avaiable, but Hidden

Ethan Allen, creator and administrator of The Hotfix, said Wednesday that he assembled the preview pack from software updates sent by an internal Microsoft source that are expected to be released in SP3.

The updates include Windows log-on improvements and features that fix current problems with connecting Windows XP computers to various networks, according to the SP3 forum on the site.
Allen, a Microsoft beta tester who previously worked on a contract basis for the Redmond, Washington-based software company, updates the list of technologies for Windows XP SP3 daily based on information found on Microsoft's Web site.

"Microsoft makes it freely available about what's going to be in the next hot fixes, but they hide it," Allen said. He said he found information on updates that will be made available in Windows XP SP3 by using keywords contained in articles on Microsoft's Web site. This is the same way he discovered the technologies that were released in Windows XP SP2. He posted those updates on a Web site before that service pack was released in August 2004.

Allen now works in software assurance for a Bellevue, Washington-based high-tech company that he declined to name. He said Microsoft has not contacted him about The Hotfix, which he launched in July.

Allen's site has also published a transcript of a chat discussion in which Microsoft engineers fielded questions from beta testers about whether Internet Explorer 7 will be included in SP3. According to the transcript, Anurag Jain, a program manager on the Internet Explorer team, said that the service pack won't include IE 7 but will "support" it. Instead, Internet Explorer 6 will be a part of Windows XP SP3.

SP3 or No SP3?

Microsoft provides service packs to add what the company and its users think are important updates to the current releases of its software. For example, Windows XP SP2, which significantly updated Windows XP, included software intended to make the OS more secure.
Reports published last week quoted Microsoft France's technical and security director Bernard Ourghanlian as saying that a third service pack for Windows XP will become available after the next version of the client OS, Windows Vista, ships at the end of 2006.
A Microsoft spokesman Wednesday insisted that Microsoft still hasn't decided whether to release SP3 for Windows XP.

"We have not confirmed plans for a Service Pack 3 for Windows XP yet," said Michael Burk, product manager for Windows Vista. "At this point, the Windows servicing team is reviewing the feedback on Windows XP SP2 and is still evaluating timing and alternatives for the next Windows XP servicing release."

Windows Vista Build 5270 Tips & Tricks

The long awaited 3rd CTP of Windows Vista™ has finally arrived. We got around to installing it Monday evening and began testing out the build, putting it through its paces. Everything seems to be coming together now, the user interface looks more polished, there are a lot of new features included, and driver issues with NVIDIA graphics card causing STOP errors and lockups are no longer present.

Some of the new features include:
• Aero colorization (8 presets to choose from: Aero, Frost, Smoke, Seafoam, Heritage, Sky, Heart, and Candy). You can also create your own by using an advanced color slider; modify hue, brightness, saturation, and intensity (opacity) as well.
• Windows Media Player 11 user interface improved.
• New icons throughout the user interface.
• “Places” bar improved.
• Flip3D has been improved.
• The Start menu has been overhauled, and now includes the ability to disable the search box, and whether to link to a folder or a library for the Documents, Music, and Pictures selections.
• Most of the control panel applets have been overhauled and are now embedded in a Windows Explorer view.
• Control Panel has been improved.
• Windows Audio has been improved yet again, the audio controls are now more fully featured and work without crashing.

Overall, this build is impressive to say the least. While it is not beta quality, this build is more stable over the last two interim builds, and is showing a lot of improvement. We are also beginning to see a glimpse of Beta 2 with this CTP.

Unlike our previous tweaking and optimization guides, this one will not require disabling any of the features in Windows Vista; instead we will be focusing on tweaking the interface and guiding you through some of the new features that you may not normally find.

This way you will be able to experience the operating system at its full potential.
Now that we got all that out of the way, lets get down to it, shall we?

—————————————————

Display the classic menus in Windows Explorer and Internet Explorer temporarily
If you are used to the older style Windows Explorer, which has the Classic menus (File, Edit, etc), but you don’t want to have them on all the time, just press the Alt key. This will display the classic menus temporarily. Also, if you have the Classic Menus turned off in Internet Explorer 7, this trick will also show the menus in IE.

Restore Access to Virtual Folders on the Start Menu
In previous Windows Vista builds, the Start menu items for Documents, Pictures, and Music all pointed to Virtual Folder / Library listings. In the December CTP, this functionality has been changed back to the Windows XP style; by linking to the actual folder. If you wish to regain access to these virtual folders, you need to change a few settings:

1. Right click on the Start button, and click “Properties”.
2. In the “Taskbar and Start Menu Properties” dialog, click “Customize”.
3. Change the selection for Documents to “Link to this library”. Repeat this for Pictures and Music if you wish.
4. Press OK and dismiss the dialogs.

Enable “Run” on the Start Menu
The one thing that has been in the same place since Windows 95 has been the “Run” command. In the December CTP, this has been hidden by default. To enable it, simply perform the following commands:

1. Right click on the Start button, and click “Properties”.
2. In the “Taskbar and Start Menu Properties” dialog, click “Customize”.
3. Scroll down and in the list you shall find “Run command”. Check the box next to it.
4. Dismiss all dialogs by pressing OK.

Enable “Express” look
If for any reason you are not a fan of the new Aero look (also known as Glass), or you have a low-end video card, you can change this behavior without needing to use Windows XP drivers or toggling DWM (Ctrl+Shift+F9). Aero Express is the lighter, less graphics intensive look.

To enable it:

1. Click Start, and then click “Control Panel”.
2. Click “Appearance and Personalization”.
3. Under “Personalization”, click “Customize colors”.
4. Under “Change your color scheme”, click on “Open classic appearance properties”
5. In the “Personalization” dialog that appears, under “Color scheme”, change the selection from “Default” to “Express”.
6. Press OK to apply the change.
7. Press “Save” in the “Change Your Color Scheme” window to save all your changes.

Disable the transparent taskbar without disabling Aero Glass
If you wish to have your taskbar a solid color instead of semi-transparent, but you don’t want to disable the Aero look, simply turn on the Windows Media Player taskbar control. You don’t even need to actually use Windows Media Player for this to work. To try this out:

1. Right click on an empty space or on the clock in the taskbar, and under the “Toolbars” list, click “Windows Media Player”.

Disable User Account Protection (UAP)
Once you have installed the December CTP and set up an every day user account, one of the first things you will notice is that you have almost no rights to do anything administrator related on your system. Disabling this is purely up to you but if you find UAP is getting in your way, or some applications refuse to run because of it, you may want to take a look at this. Here are the instructions:

NOTE: You should be logged in as Administrator to do this, or you could run the Microsoft Management Console (MMC) elevated.

1. Press WinKey (the flag key on your keyboard) + R and type “secpol.msc”. (Without the quotes). If asked to permit Microsoft Management Console to run, allow it.
2. In the Local Security Settings window, in the left hand pane, navigate to “Security Settings, Local Policies, Security Options”.
3. In the pane to the right, scroll all the way to the bottom.
4. Set the first two User Account Protection items to “No Prompt”, and “Disabled” on the remaining three items.
5. Close the Microsoft Management Console (MMC), and if you are asked to save the settings for “Console1”, press “No”.
6. Reboot or log off and log back in to enforce the new settings; or alternatively open an elevated Command Prompt and type “gpupdate /force” (without the quotes), and then press Enter..

Internet Explorer 7 User Agent String
Copy and paste the following code into Notepad, and save it to your desktop as IE7UserAgent.REG.

Double-click the file to merge it into the Windows Registry, and then restart Internet Explorer for the change to take effect. If UAP is turned on, permit the operation to take place.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
“Version”=”MSIE 6.0”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
“SV1″=-

You can easily undo this change by copying and pasting the following code into Notepad, and then saving it as IE7Undo.reg and merge it into the Windows Registry. If UAP is turned on, permit the operation to take place.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Intern