1001 Secrets for Windows NT Registry
(Publisher: 29th Street Press)
Author(s): Tim Daniels
ISBN: 1882419685
Publication Date: 12/01/97

Previous Table of Contents Next


I-324 If you need to limit the number of application-requested user ports that Windows NT dynamically assigns, change this registry value.

Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Tcpip\Parameters
Value Name: MaxUserPort
Data Type: REG_DWORD
Value: 0x1388

This value is in hexadecimal. The default value is 1388 hex, or 5000 decimal. Restart the machine for any changes to take effect.

I-325 If your systems are prone to SYN attacks (Unix hackers love that trick), you may want to change this registry entry.

Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Tcpip\Parameters
Value Name: TcpMaxConnectRetransmissions
Data Type: REG_DWORD
Value: 3

This value limits the number of times Windows NT lets someone try to connect during a given connect session. The default value is 3.

I-326 If you have remote users with unreliable connections, you can reduce network congestion by adjusting this registry value.

Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Tcpip\Parameters
Value Name: TcpMaxDataRetransmissions
Data Type: REG_DWORD
Value: 5

This value controls how many times a given data segment is retransmitted. Initially, this value is set according to the length of the round-trip time for a particular connection.

I-327 Do you have too many people connecting to your system with TCP/IP, or are you connecting to more machines than is necessary? You can set a hard limit for the number of connections that TCP/IP can have open at a time.

Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Tcpip\Parameters
Value Name: TcpNumConnections
Data Type: REG_DWORD
Value: 0xfffffe

The default value is 0xfffffe. Restart your system for any changes to take effect

I-328 If you need strict control over the kind of information that comes into your network, these registry parameters let you specify what your network does and doesn’t accept.

Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Tcpip\Parameters
Value Name: EnableSecurityFilters
Data Type: REG_DWORD
Value: 1

When this registry value is set to 1, all incoming raw IP datagrams are filtered. This feature must be enabled before you can use the RawIpAllowedProtocols, TcpAllowedPorts, or UdpAllowedPorts values.

I-329 Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\<adapter name>\ Parameters\Tcpip
Value Name: RawIpAllowedProtocols
Data Type: REG_DWORD
Value: 0 <protocol number>

This value determines which IP datagrams are accepted by the transport. A value of 0 indicates that all values are valid. If this value is missing from the registry for a particular interface, all values are accepted.

I-330 Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\<adapter name>\ Parameters\Tcpip
Value Name: TcpAllowedPorts
Data Type: REG_DWORD
Value: 0 <port number>

These values control which TCP ports accept SYN requests. A value of 0 indicates that all values are valid. If this value is missing from the registry for a particular interface, all values are accepted.

I-331 Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\<adapter name>\ Parameters\Tcpip
Value Name: UdpAllowedPorts
Data Type: REG_DWORD
Value: 0 <port number>

This value determines which ports accept incoming UDP datagrams. A value of 0 indicates that all values are valid. If this value is missing from the registry for a particular interface, all values are accepted.

I-132 If you are using your Windows NT server as a dial-up server on the Internet and can’t see all the computers on your network, you may be suffering from multiple default routes. To fix this problem, you must add the following key for each LAN adapter that is not connected to the Internet.

Hive: HKEY_LOCAL_MACHINE
Key: System\Services\<adapter>\Parameters\Tcpip

Add the following value under the Parameters key:

Value Name: DontAddDefaultGateway
Data Type: REG_DWORD
Value: 1

Then use the route command to add persistent routes for the LAN that the other LAN adapters referenced.


Previous Table of Contents Next