



 |
Troubleshooting and Configuring the Windows NT/95 Registry
-21-
Questions and Answers
for Networking and the Registry
Some people have characterized networking as "magic," or "smoke
and mirrors." Actually, it is really neither. It is complex, and every network
ends up being quite different. This chapter will give you more insights into how
things work, and some options for customizing the network to more closely meet your
needs.
SOLUTIONS: How
can I set the minimum password length for Windows 95? Having a password of more than
four characters strengthens your security. In fact, the longer the password is, the
more difficult it is to break. Set the minimum password length in the HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Policies\Network key. Add a DWORD value called
MinPwdLen and set it to the number of characters you would like, in decimal
format.
Security is a huge issue to deal with. Using the maximum password length will
make your work a little easier. In Windows NT, you can set the password length in
User Manager for Domains, in the Policies | Account Policies section.
SOLUTIONS: Normally,
I log on to an NT domain from a Windows 95 system. Can I get a confirmation that
it actually let me log on? Normally, you would only know if it didn't work. If you
need to get a confirmation, a simple change to the Registry will do that for you.
Add a REG_DWORD value called DomainLogonMessage to the HKEY_LOCAL_MACHINE\Network\Logon
key. Set the value of the DomainLogonMessage to 1, and every time
you log on to the domain, you will get a message similar to the one in Figure 21.1.
Figure
21.1. Domain logon
confirmation.
Because networking is not as fundamental to Windows 95 as it is to Windows NT, some
features are not included in the interface. In an effort to make it as powerful as
possible, Microsoft did include many options that make 95 a much better client on
the network.
SOLUTIONS: Windows
NT allows me to easily set multiple IP addresses to a single network card. Can I
do the same thing with Windows 95? Yes, you can; it just isn't part of the interface.
Maybe Microsoft didn't think anyone would want to do it. The IP address information
is stored in the Registry in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\
NetTrans key. Find the subkey that holds the IP address. Figure 21.2 shows the
key with the correct IP addresses set.
Figure
21.2. Location of
the IP addresses in the Windows 95 Registry.
If you want to add another IP address to the network card, edit the IPAddress
value, and add another IP address to the end of the string, separated by a comma,
but no spaces. Figure 21.3 shows the correct format of the text.
Figure
21.3. Adding an
additional IP address to a network card.
Whenever you add an IP address, you must also add the corresponding subnet mask for
that address in the IPMask value. Figure 21.4 shows the key with the correct
values for two IP addresses attached to the same card.
Figure
21.4. Multiple IP
addresses assigned to the same network card.
You can add as many addresses as will fit within the limitation of 255 characters
of the String entry.
A cache normally holds the last information given it. If the cache fills up, the
first item is expelled, and the next is taken in. Sometimes, a function that looks
exactly like a cache doesn't perform the same way. The next problem is an indication
of that.
SOLUTIONS: I
use Windows 95 on my notebook, and I connect to several different networks using
TCP/IP. Because each one uses a different set of IP addresses, I have the server
assign me an IP address through DHCP. I have used several different PCMCIA network
cards, and several docking stations, and even modems to connect, and now, all of
a sudden, I am not getting an IP address, and I cannot get onto the network. What
went wrong? The Windows 95 Registry stores information about every network card and
modem used for Dial-Up Networking. The information, called a MAC address, is unique
for every network card in the world. Once Windows 95 gets to eight cards listed,
it will not list any more. If you were to go back to one of the cards you had used
previously, you would probably get an address. Once past eight, you will never get
another. Figure 21.5 shows the location of the storage of the MAC addresses. The
Registry will create a new DhcpInfo0x key for every new network card it
finds, plus one for any modem used to dial into a network where the server will provide
an IP address (such as an Internet service provider).
Figure
21.5. Each address
requester has an entry in the Registry.
Because the system will automatically put an entry for each DHCP address requester,
you can simply remove all of the subkeys below Dhcp except DhcpInfo00,
if it exists. The necessary ones will be re-created as necessary. Then, as you connect
to the network, a DHCP request will be given, and you will get a dynamically assigned
IP address.
Remotely editing the Registry is a powerful function. If you can edit another
system's Registry from your desktop, it will save you time, effort, and give you
freedom from explaining more than you actually want to. You should train your users
as much as possible, but explaining IP addresses and DNS servers may not really help
them, anyway.
SOLUTIONS: I
need to change the IP address, the subnet mask, the DNS host name, and DNS server
on several NT systems on my network. Do I have to go to each one and run the Control
Panel options, or can I do it remotely with a Registry editor? Making all the TCP/IP
settings on a remote machine is quite simple, if you know where the Registry entries
are. All TCP/IP functions are separated into two categories: general settings and
card-specific settings. The card-specific settings require you to know the network
card driver, but the general settings just use the Tcpip key in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Tcpip\Parameters. The TCP/IP settings that use the general settings are listed
in Table 21.1, with the values that are associated with them.
Table 21.1. Generic TCP/IP settings.
TCP/IP Function |
Registry Value |
Domain name |
Domain |
Host name |
Hostname |
IP Routing |
IPEnableRouter |
DNS Server |
NameServer |
The TCP/IP settings that use the network card driver information use HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adapter
Name\Parameters\Tcpip, and are listed in Table 21.2, with their values.
Table 21.2. Card-specific TCP/IP settings.
TCP/IP Function |
Registry Value |
DHCP |
EnableDHCP |
IP Address |
IPAddress |
Subnet Mask |
SubnetMask |
Default Gateway |
DefaultGateway |
With this information, you can easily find the correct location to make any TCP/IP
setting you need on a remote system, without having to go there and use the Control
Panel. You also won't have to try to explain it to your users, so they can be your
fingers for you.
Another way to quickly set the TCP/IP information across the network would be
to create a custom template file for System Policy Editor, as outlined in Chapter
34, "Creating Custom Policies."
SOLUTIONS: My
NT system can't find the files it needs to run TCP/IP correctly. Where are they?
What are they? For TCP/IP to work properly, the system needs access to several files,
including HOSTS, LMHOSTS, NETWORKS, and PROTOCOLS.
Normally, those files are in %SYSTEMROOT%\SYSTEM32\DRIVERS\ETC. If they
are going to be stored in any other location, that location needs to be specified
in the Registry. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\
Parameters, edit the value named DatabasePath. It is a REG_EXPAND_SZ
entry, which means that you can enter a variable, and it will be replaced with the
actual data when read. Enter the location of the files.
Until there is a better way, you will have to continue to use all the settings,
files, and options created for the Internet when it was still quite small. Now that
it is huge, with nearly 20 million hosts (at the time of this writing), some of the
functions are a little dated. The fact that it still works at all is amazing, but
the challenges of using the Internet effectively are sometimes daunting.
SOLUTIONS: Our
network has a gateway setup to give us access to the Internet, but sometimes it doesn't
work. Then I can't get the information I need. What can I do to make it work better?
A gateway allows access to the Internet from your network. It is essentially the
connecting point to the Internet. Sometimes it gets too busy to allow all the traffic
to pass through. Other times, it may not be able to transmit data because its line
to the Internet is down. Whatever the case, there is not much you can do, except
to have a backup gateway in place. If a system cannot transmit data through a gateway,
even after several tries, the Transport Control Protocol (TCP) asks the IP portion
to switch to a backup gateway if one has been specified, and this Registry change
has been made. The address for the backup gateway is set in Control Panel | Network
| Protocol | TCP/IP Protocol | Properties | Advanced. But that is not enough; you
also need to make a change to the Registry. The value name to add is EnableDeadGWDetect,
a REG_DWORD value, in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
key. Set the value to 1, and if the first gateway does not respond, it will
switch to the second.
The Internet is a very flexible network, sometimes to its detriment. Because information
may be transferred over many lines, go through many routers, and be handled by so
many servers, the security of the information may be compromised. The sensitivity
of the data will determine what level of security is required, and, fortunately,
there are many options that allow you to increase that security.
SOLUTIONS: I
am concerned about sending private data over the Internet. Do I have any options
that will give me more security than PPP or SLIP? Certainly, PPP and SLIP are good
protocols for transferring data over the Internet, but they are not very secure.
PPTP (Point to Point Tunneling Protocol) is designed to allow secure, authenticated
connections to a server. NT 4.0 is the first Windows NT server to support it, and
it ushers in a breakthrough in security across phone lines. It basically creates
a secure tunnel through which all the data goes. None can get in, and none can get
out, until the data hits the end. Unauthorized users are not welcome. The PPTP functions
in NT 4.0 are in the HKEY_LOCAL_MACHINE\SYSTEM\Services\RASPPTPE\ Parameters\Configuration
key. In order to enable PPTP, there are two values that need to be changed. The value
name AuthenticateIncomingCalls turns on the authentication procedure so
only listed IP addresses can connect. It is a REG_DWORD entry. Set it to
1, and only PPTP connections can be made, and only from the IP addresses
in the next value. PeerClientIPAddresses is a REG_MULTI_SZ value
that lists all authenticated addresses for PPTP connection. The format of PeerClientIPAddresses
is a valid IP address xxx.xxx.xxx.xxx with each entry on an separate line. The entries
are the only IP addresses of PPTP clients from which this server will accept PPTP
calls. Both values must be set. If one is not set, PPTP will not work.
Browsing is another great challenge in a Windows network. Browsing is the function
that lets you see what you can connect to, either as a printer client or a server's
share client. If you don't have the list, you need to know exactly the name of the
server and the name of the shared device. If you want to choose from a list, browsing
has to be working on the network. It's interesting to see how some of the things
that Microsoft says are so, just aren't. Browsing is one of the tools that you must
take control of, or it may not work as expected.
SOLUTIONS: Who
should be my master browser? How can I choose? Windows networking uses a master browser
and a browse server. The browse server holds a list of all the shares on the network.
The master browser answers requests for the list. They can be separate machines or
the same machine. Set systems that have the highest performance/lowest demand combination
to be your browse servers (2 per segment), and your domain controller to be your
master browser. Whatever you do, do not let your Windows 95 systems be your browse
servers. There is a bug in the server list maintenance function of Windows 95 that
will make it so no one can browse the network. Turn it off in Windows 95 with Control
Panel | Network | File and Printer Sharing for Microsoft Networks. On the NT system
you would like to be a browse server, edit the MaintainServerList value
in the HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\Browser\Parameters key. Set the MaintainServerList
value to YES, and the system will be a browse server. On the NT system that you would
like to be the master browser, set the IsDomainMaster in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Browser\Parameters to 1.
Internal security comes from limiting choices that users have on the network.
If you limit the number of options a user has at his disposal, you can reduce the
risk exposure. Forcing the users to know share names and server names can certainly
hinder their progress in breaking your security.
SOLUTIONS: I
don't want everyone to be able to see my NT system on the network. Is there any way
that I can hide it? You can hide it by adding a single Registry change. It will hide
the system from Network Neighborhood, My Computer, and Open/Save dialog boxes. To
hide it, add a new REG_DWORD value called Hidden to the HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\ Services\LanmanServer\Parameters key. Set the
value to 1 to hide the system from the browse list. Even though the system
is hidden from the browse list, you can still connect to it with a UNC name.
Managing the browse lists and determining what users are going to see on the network
really comes down to restricting what will be shown, or expanding what will be shown.
SOLUTIONS: I want
to be able to browse all the shares on the network, even though they are on a different
segment. Can I do that with NT? Configure your network with your NT server so it
functions as a multihomed router, with two or more network cards, each connected
to a separate segment. Then you can add a new Registry value, and the systems on
any segment can browse all of the shares on any other segment. By default, each segment
will have its own browse list, and the users will only be able to see the rest of
the browse list that they belong to. What you will do is disable one of the browse
lists so everyone will be part of the same browse list, and they will get to see
all of the shares on both segments. The new value will be entered in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Browser\Parameters key. The value name is UnboundBindings,
a REG_MULTI_SZ entry. In the value, enter the name of one of the network
cards. You can find the name of your network card in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
key. There will be two names for each card, one with a number at the end. For example,
the driver for a Xircom Creditcard Ethernet Adapter IIps is CE2XPS. In the Registry,
you would find CE2XPS and CE2XPS1 keys. If you had more than one
of the same network card, the second would end in a 2. Use the name with the number
on the end. You should only put one of the network card names in the list if you
only have two network cards in the server. If you have three, you would put in two
names. The idea is to remove all but one browse list.
How much of a remote system's shares can be seen by the rest of the network is
also configurable in the Registry. The setting is actually at the server, not at
the workstation.
SOLUTIONS: I
can't see the shares of any systems that are connected to my NT Server with RAS.
Is that normal? Yes, it is, but you can change it, if you would like. At the server,
add a REG_DWORD value called RemoteListen to the HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\RemoteAccess\Parameters\NetBIOSGateway key. If you
set this value to 2, remote clients look just like those connected directly
to the network.
WARNING: If
you have several systems connected to the RAS server at once, the traffic associated
with this procedure may be overwhelming. Also, the resources required to manage those
connections may be significant. Limiting the number of connections reduces the overhead.
Traffic on a network is always a concern. If there is too much traffic, the normal
packets to be transferred will be extremely slow. You can watch your traffic with
Network Monitor, SMS, or other tools from third-party vendors.
SOLUTIONS: When
I connect to my server from NT Workstation, I don't always get my share connections.
When I browse, I can find them, and when I activate the programs that use the connections,
they work, but they are slow. Why? Even if you select to reconnect at logon, the
network shares are sometimes not available. The system that is sharing them might
be busy. The browse server might be busy, and the browse master wouldn't be able
to give them to you. You should consider adding another browser server, if it happens
too often. As an added help, you can force your system to keep trying. Instead of
making a cursory attempt at finding the shares, it will keep trying until it either
verifies the shares, or verifies that the shares are not available. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider,
there should be a REG_DWORD value called RestoreConnection. If
it is not there, add it. Set the RestoreConnection value to 1 to
ensure the connections are restored. If it seems that your connections take too long,
you could set RestoreConnection to 0, and then it would ghost the
connections and only actually connect when they are needed.
Some of the entries that are in the Registry are designed for specific uses. In
some cases, there are ways to use a change in the Registry to achieve a particular
function that it was not necessarily designed for. The next tip is one of those.
SOLUTIONS: I
need to do some maintenance on the servers. Can I disconnect my network users so
it forces them to log off the network? There is an option to force users off the
network after a preset time of no activity, and you could possibly use that as an
alternative. If a user is connected to your network without activity for too long,
this can indicate a potential security threat. Other users can use the system without
the logon requirement. A good way to ensure that users log off their systems when
they leave them is to set up automatic disconnection. The system recognizes the idle
time and, after a preset period, disconnects the idle user. Another circumstance
in which this Solution becomes handy is in an environment where you have more users
than IP addresses in your DHCP server. Users get an IP address from DHCP only when
they connect to the network. When a user disconnects, the IP address goes back into
the pool to be allocated to another. If someone forgets to disconnect, the IP address
is used for an idle system, and thus is essentially wasted. Add a new value to HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\LanmanServer\Parameters to the server. The new value name is AutoDisconnect,
a REG_SZ entry. The range of the data is 0-4294967295 (Oxffffffff)
in minutes. That is over 4 billion minutes, or over 8,171 years! If a user
hasn't disconnected by then, he probably won't notice if you do it for him. Setting
AutoDisconnect to 0 does not turn it off, but rather it sets the
disconnect for 0 minutes. As soon as you log on and take a deep breath, you get disconnected.
If you need to make sure everyone is off the system, you could set it to 0. Then,
to activate the setting, you need to restart the server. As soon as it restarts,
every user would be disconnected.
Some may say that idleness is a curse. Of course, there are reasons to be idle
on the network, and that is OK. It is when the connection is taken and not being
used that it is frustrating for the technical support staff. On the other hand, getting
disconnected because of no traffic is a real hassle if you are doing so many things
at once that you miss using a connection because you took a moment too long to return
to the dial-up connection.
SOLUTIONS: How
can I change the amount of time my RAS server waits before disconnecting idle users?
It is important to remove idle users from RAS connections so others can use the connections.
The waiting time is set in HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\RemoteAccess\Parameters, in the AutoDisconnect
value. The range is 0-60000 minutes, with the default of 20 (minutes). Setting it
to 0 disables AutoDisconnect.
Netware IPX and Microsoft NWLink use three different types of identification numbers
to allow communication across the network. The IPX/NWLink client uses its MAC address
(the physical address of the network card) so others can communicate with it. The
server uses two different types of addresses, an internal network number (also called
a virtual network number), and an external network number. There has been a great
amount of confusion regarding this.
The internal, or virtual, network number is a number assigned to a server that
uses IPX/SPX or NWLink as a communications protocol. It's basically the identifier
or address of that server that makes it unique in a multiple-server environment.
That address is how the rest of the systems know which server sent the information.
The external network number is the network or segment number. Each segment on
a multisegment network has its own external network number. In a server with multiple
network cards attached to different segments, each card is assigned its own external
network number.
The next three questions reference these numbers.
SOLUTIONS: I
am having trouble seeing my NetWare servers during a browse from Windows NT. What's
going on? Windows NT automatically sets the internal network number for NWLink. Set
to zero, the system generates a unique, random number to use as its internal network
number. The setting in the Control Panel to change the number is available only if
more than one network card is installed. Setting the number manually may be required
if the system cannot see the server during a browse. It may also be required if you
choose to use multiple frame types on a single adapter, if you have bound NWLink
to multiple adapters on your system, or if your computer is acting as a Windows NT
server for an application that uses the NetWare Service Advertising Protocol (SAP),
such as SQL Server or Systems Network Architecture (SNA) Server. Manually set the
number in HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\NwlnkIpx\Parameters.
The value name is VirtualNetworkNumber. Use the number that the NetWare
network administrator creates. The number must be an 8-digit hexadecimal number,
for example, abcd1234. (It can actually be any 8-digit hexadecimal number,
as long as it is the same at the workstation as it is at the NetWare server.) When
using the DWORD Editor, make sure that Hex is selected as the data type, and type
the new number. The only time to manually set the internal network number is if the
system cannot automatically do so itself.
WARNING: After you set the number in the
Registry, return to the Control Panel. If the NWLink IPX/SPX Protocol Configuration
dialog box is opened and if you click on OK to confirm, the number resets to zero.
If you cancel, the number is left alone.
Here is another question that is closely related.
SOLUTIONS: I
am running Windows NT, connected to a NetWare server. I can send data to everyone
on my segment, but I cannot send anything to the other segment. What should I do?
When there is more than one segment on a network running NWLink, each segment must
have a unique external network number, or number for that segment. When traffic moves
from one segment to the other, this number, which identifies where the data came
from, is part of the header in the packet. The key where the changes will take place
is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ NWLnkIPX\NetConfig\adapter
name. Because each segment could be using a different frame type, you must set two
values, NetworkNumber and PktType, for each frame type. The PktType
settings are listed in Table 21.3 for your convenience.
Table 21.3. Possible values for PktType.
Value |
Frame Type |
0 |
Ethernet II |
1 |
Ethernet 802.2 |
2 |
Ethernet 802.3 |
3 |
Ethernet SNAP |
4 |
Arcnet |
ff |
Auto Detect |
NetworkNumber is a REG_MULTI_SZ entry, and the numbers correspond
with the values in PktType. Enter an 8-digit hexadecimal number as a NetworkNumber
value for each corresponding PktType. To obtain the number entered as a
NetworkNumber, run the IPXROUTE CONFIG command from the command
prompt on a working system, or look in the Autoexec.ncf file at a NetWare
server that is on the same segment.
The next question is very similar, except that the two networks are connected
to two separate network cards.
SOLUTIONS: I
am trying to access two different IPX networks on two different network adapters
from my NT Server. I can't seem to get the systems on both segments to communicate
with each other. What should I do? If you are running more than one segment, and
if each segment is attached to its own network card, you can make them all communicate
with each other by changing the Registry. Each card shows under NWLink\NetConfig
independently. Using the preceding same functions (NetworkNumber and PktType),
you can set the external network number for each card. By default, both networks
would use the same frame type. Change the frame types as required, as shown in Table
21.3, and enter the corresponding network numbers.
Directory Services Manager for NetWare allows you to manage all of the NetWare
servers in a network from a Windows NT domain. The users and groups all get centralized
into one list, and it is extremely easy to manage. The next question relates to setting
it up correctly.
SOLUTIONS: How
do I add NetWare 4.x servers to Directory Services Manager for NetWare? Directory
Service Manager for NetWare (DSMN) enables NT to pull NetWare servers into the NT
domain. All the users and groups become part of the domain, and the server stays
running, but no NetWare client is required. A simple logon from the NT PDC allows
access. With NT 4.0, the client (CSNW) and gateway (GSNW) support NetWare 4.x
servers directly. DSMN talks to them only if they are running in bindery emulation
(making them look like a 3.x server). However, when you try to connect to
a NetWare 4.x server, even if you are running them in bindery emulation, you
will get an error that prevents you from connecting. Make this change to make the
connection work: In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
MSSYNC\Parameters, add a value named Allow4X, as a REG_DWORD
value. Set the Allow4X value to 1, and the system running DSMN
will recognize NetWare 4.x servers running in bindery emulation.
Because Macintosh clients do not have a native client for Windows networking,
all the translation must be done at the server. This may put a tremendous load on
the server. If you are going to use Macintosh clients, consider dedicating a server
on the NT network just for them. Then make the settings necessary to make the Macintosh
clients perform as well as they can.
SOLUTIONS: How
can I boost the performance for my Macintosh clients? When the server is set up to
use services for Macintosh, those Mac clients can use an NTFS volume (or part of
one) as a network share. The shared directories are still available to the standard
Windows and DOS clients, which allows for easy sharing of data. The biggest challenge
is the performance of the client functions for the Macintosh. Extending the amount
of RAM and the amount of paging file space allocated for the Macintosh services is
a tremendous boon to performance. Be aware, though, that whenever more resources
are allocated to a particular service, they are removed from another. Make sure you
have enough RAM and paging file space to accommodate all requirements. In HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\MacFile\Parameters, add the value name PagedMemLimit,
a REG_DWORD entry, to extend the default size of the paging file allocated
to Macintosh services. To extend the amount of RAM allocated, add the REG_DWORD
value named NonPagedMemLimit. The default for PagedMemLimit is
20000 kilobytes (about 20MB). It can be set to any amount from 1000-256000
(kilobytes, in decimal). The default for NonPagedMemLimit is 4000
(approximately 4MB of RAM). Allocate any amount from 256-16000 (256KB-16MB). If you
extend the amount of the paging file and RAM, your Macintosh performance should go
up.
Summary
Customization is simply making things work the way you want them to. There are
many options in Windows 95 and Windows NT to make them perform the way you would
like them to, either as a server or as a client. To go beyond that, you will need
to edit the Registry to create the optimum networking environment.
|