Windows Registry Guide Windows Registry Guide

XPWorld

RegHack

Tech Enthusiast Tricks

Microsoft Windows NT4-Windows 2000, Tips & Tricks

NT FAQ

Terminal Services

Terminal Services allows users to control a machine remotely.  The remote machine can either be on your LAN or on the Internet.  You can do just about anything on the remote desktop that you can do when logged in to the machine locally.

Instead of having complete control over the desktop, you can configure Terminal Services to automatically run certain programs.  This is useful for hosted applications.

Terminal Services works and it's fast.  It's not like XWindows or telnet -- you actually see the desktop of the remote machine, making Terminal Services a lot easier to set up and use.  And it ships with Windows 2000 Server, right out of the box.

I'm not sure why more developers don't know about Terminal Services.  I guess Microsoft is really bad at marketing.  From my experience, everyone who knows about Terminal Services uses it and loves it.

The image below shows the terminal services client which is connected to a machine that has an IE window open to http://www.netacumen.com.  Note that the Terminal Services client shows the remote desktop complete with My Computer, etc..

Get a free Terminal Services client here.

See also VNC.

Command-line for Terminal Services

query session /server:name

Lists who is logged into the specified server via terminal services

logoff sessionid /server:name

Logs off the user from the specified session id.  Session ids  can be obtained via "query session".

Note that if you are executing commands across domains, you should to first run

net use \\serverName /user:domainName\yourLoginName

How Do I Delete a Service?

To delete a service that has not been automatically removed by a software uninstall you need to edit the registry:

  1. Start the registry editor (regedit.exe)

  2. Move to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services key

  3. Select the key of the service you want to delete

  4. From the Edit menu select Delete

  5. You will be prompted "Are you sure you want to delete this Key" click Yes

  6. Exit the registry editor

There is also a utility that is supplied with the NT resource kit called INSTSRV.EXE that can be used to install and remove services

instsrv <service name> remove

Alternatively, also with the resource kit is a utility SRVINSTW.EXE that again installs and removes services, but with a GUI wizard format allowing you to select the service either locally or remotely.

Windows 2000 Internet Connection Sharing

Internet connection sharing allows multiple computers to share the same external IP address for web browsing.  Windows 2000 ICS routes PPTP packets for VPN, which is impossible to do with IPSEC.  In plain english, this means that computers that share the same IP address can establish independent simultaneous connections to VPN servers.

Here's how to set up an Internet connection sharing server and change the network scope to 192.168.10.*.

  1. Install Windows 2000 server and service pack 1

  2. Install a second network card

  3. Right click Network Places and click properties

  4. Right click on the external adapter

  5. Double click on TCPIP

  6. Enter the external IP address, subnet mask, gateway, and DNS servers

  7. Click the sharing tab

  8. Click the Share this Connection checkbox

  9. Click OK

  10. Right-click on the internal adapter

  11. Set the IP address to 192.168.10.1

  12. Go to start/settings/control panel/add/remove programs

  13. Click add/remove windows components

  14. Add Networking Services/DHCP Protocol and DNS

  15. Run Programs/Administrative Tools/DHCP

  16. Create a new scope 192.168.10.*

  17. Set scope options

    • Router = 192.168.10.1

    • DNS = 192.168.10.1, external DNS 1, external DNS 2

Stop Windows from Reusing IE Windows

I really don't like how double-clicking on links, .htm files, hyperlinks in emails, etc. causes Windows to hijack any IE window that happens to be open.  I want Windows to always create a new Internet Explorer window.

Windows 2000 can do it!

  1. Go to Tools/Internet Options

  2. Click the Advanced tab

  3. Un-check "Reuse windows for launching shortcuts"

Adding New FTP Users

This applies to the FTP server that runs under IIS.

These steps ensure that untrusted FTP users can't view or modify your files if they found a way to initiate a WinStation session on the IIS machine:

  1. Create group, say, called "ftp users"

  2. In My Computer, right-click on C: drive

  3. Click "properties" and then the security tab

  4. Add the group "ftp users" and deny all access

  5. Check "apply to subdirectories"

  6. Click OK

  7. Repeat for all drives

  8. Move c:\inetpub\ftproot to, say, c:\ftproot

  9. Using IIS manager, go to the FTP site's properties and change the home directory to c:\ftproot, or where ever you moved the directory to in the above step

  10. From Explorer, right-click on c:\ftproot

  11. Click properties and then the security tab

  12. Un-check "inherit properties"

  13. Remove "Everyone"

  14. Add "ftp users" and assign the desired permissions for this group

If the machine running Active Directory is also running the FTP server, perform these tips:

  1. Go to program files/administrative tools/domain controller security policy

  2. In local permissions, click on Log on locally

  3. Add the group "ftp users"

  4. Reboot

Otherwise, perform the above steps.  For step 1, run the program files/administrative tools/local computer security policy instead.

Help!  I can't install anything!

If Windows keeps telling you to reboot before installing something, and you keep rebooting without any luck, delete the following registry setting:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Session Manager\PendingFileRenameOperations