jayroos.com

Microsoft is not known for it’s quality security practices. As a result most people who run a Microsoft operating system have the security holes already built in. In this tip I’ll show how to add just a little more security to your Windows 2000 setup.

If you are using file and printer sharing or any other service that depends on netbios you shouldn’t use this tip. If you are unsure you certainly shouldn’t bother.

Open the Network Control Panel. Then right click on your Local Area Connection and choose properties. The first step in securing netbios is to uninstall File and Printer Sharing if it is listed. This goes for any operating system and any protocol. If you don’t need a protocol then it’s just another security hole. The next thing to do is disable netbios over TCP. Click on Internet Protocol (TCP/IP) and choose properties. Next choose Advanced… and click the WINS tab. On this page uncheck Enable LMHOSTS lookup and choose Disable NetBIOS over TCP/IP. Click OK and if it asks you “This connection has an empty primary WINS address. Do you want to continue?” click yes. Click OK and OK and then close the control panel. You should reboot. Now any scanner looking for netbios information will turn up empty. One less hole.

Modified 2001-03-08

• » Comments (0)

The directions for making a bootable were never obvious to me so I never did it. One day I decided I wanted a bootable CD and made several coasters in the process of trying to get it right. Hopefully my directions will help you save a couple bucks on blanks.

The directions that follow were written with Adaptec Easy CD Creator in mind. There are many CD burning packages available and there will be variations in procedure.

When you create a bootable CD, a boot image is created on the CD that the computer uses to boot up. The boot image is created from a floppy and behaves like a floppy. The image is opened in to memory just like a ram drive and uses the drive letter A:. There are a couple things to keep in mind when you are creating a bootable CD. The first thing is the format used on bootable CDs is ISO 9660, which means filenames can only be 8 characters long with a 3-character extension. If any file names are longer than that they will be truncated so they look like filena~1.txt. The second thing to remember is the CD-ROM drive still needs to have drivers loaded in order to use it. Without the CD-ROM drivers, the computer will only read the image information from the CD. The best way to make a bootable CD is to act like you’re still using a floppy disk and CD. Set up a floppy to work with the CD as if it was a non-bootable CD. That means the floppy should be bootable and include the CD-ROM drivers, config.sys and autoexec.bat as well as any other files and drivers necessary to start the computer. Once you get everything set up all you have to do is burn the CD. If you use Easy CD creator it will ask you to insert a bootable floppy. Just add files to the CD and you’re all set. The last thing to keep in mind is the computer must support booting from CD-ROM and the CD-ROM must be set to boot before hard drive otherwise it’ll just ignore the CD and boot to the hard drive instead.

Modified 2000-12-07

• » Comments (0)

In Windows 2000 there is a service that keeps DNS information cached on your computer. This is good because the computer doesn’t always have to query the DNS server to locate web sites you’ve already visited. The problem is if you don’t restart your computer often enough and one of the DNS entries changes it doesn’t always get reflected in the DNS cache. A recent example is when a friend of mine changed his hosting service. Other computers showed the web site with no problem but my computer continued to show the old site. I fixed it by restarting but depending on what else is running on the computer it’s not always possible or desirable to restart to update or flush the DNS cache.

There’s no real danger with this tip. The worst thing that could happen is your DNS server may go down immediately after you flush the cache and you won’t be able to access any web sites until it comes back up. Not likely.

This is a simple procedure. Just open a DOS Window and type ipconfig /flushdns at the command prompt. All done.

Modified 2000-12-07

• » Comments (0)

Background

The Windows registry is the place for the operating system to keep information it needs to function. It also where programs store their data. Basically the intent is to do away with some of the .ini files that were abundant with older versions of Windows.

Warning

Any time you make changes to the registry you’re risking rendering your system useless. That would be very rare but the chance still exists.

Solution

Before you make any changes to your registry you should always back up the registry. To do this click Start -> Run and type scanregw.exe in the text box. One way to clean up and repair the Windows registry is to run RegClean.exe, a handy utility available from Microsoft for free. You can find somtimes on the install CD or you can download it directly from Microsoft. Just run the program and it’ll pretty much do the rest. The only thing you’ll have to do is tell it to fix it. Another way to clean and repair the registry is with scanreg.exe, included with a standard Windows installation. You need to reboot to DOS and all you have to do is type scanreg /fix at the command prompt. This might take some time depending on your registry’s size and your computers speed. Using either or both of these steps will usually decrease your registry size. How much will depend on how much garbage there is to clean out of your registry.

Modified 2000-12-07

• » Comments (0)