Microsoft

Quick Tip: Four easy ways to improve Windows 2000 performance

Learn to use multilink connections and adaptive multilink connections to improve dial-up performance, restrict dial-in users to the local computer, and lock down the registry


Are you looking for a simple way to learn more about Windows 2000 Professional? Our Windows 2000 Professional TechMail is just what you need. This daily message contains valuable information that can save you time and effort. Below, you’ll find several examples of what this TechMail has to offer. Get tips on networking, security, registry hacks, and much more, all delivered straight to your inbox—absolutely free! Sign up for the Windows 2000 Professional TechMail today!

Using multilink connections to improve dial-up performance
Most of us lust for the kind of fast Internet connection at home that we enjoy at the office. ISDN will never come to some of us, and DSL is still a while out. While you could pay a fat fee to have a T1 brought in, you'd have to take out a second mortgage to make the recurring payments. What's a technomaniac to do? Until better times arrive, use The Point-to-Point Multilink Protocol (PPMP, or simply, multilink).

Multilink enables Windows 2000 to use two or more dial-up connections to create a connection with an aggregate speed equal to the sum of the individual connections. Connect with two 56-Kbps modems at 50 Kbps, for example, and you get an aggregate speed of 100 Kbps. Or, you might combine both B channels of an ISDN Basic Rate Interface (BRI) connection to provide double the bandwidth you would otherwise get from a single channel. Still not a T1 but better than a single dial-up. Before you rush out and buy more modems, though, make sure your ISP supports multilink and be sure to explore the cost ramifications.

After you connect the modems and get them recognized and functioning, open your dial-up connection's Properties. In the Connect Using list on the General page, select each modem you want to use for the connection. If the ISP uses a single primary number (most likely), select All Devices Call The Same Numbers. If not, deselect this option, click a modem, and specify its dial-up number in the Phone Number group. Repeat the process for the other modems.

More on using multilink connections to improve dial-up performance
Windows 2000 not only supports multilink, it also supports adaptive multilink connections through the Bandwidth Allocation Protocol (BAP) and Bandwidth Allocation Control Protocol (BACP). These protocols enable Windows 2000 RAS to dynamically add or remove links in a multilink PPP connection as bandwidth requirements for the connection change. When bandwidth utilization becomes heavy, RAS can add links (dial more lines) to accommodate the increased load and enhance performance. When bandwidth utilization decreases, RAS can remove links to make the connection more cost-efficient.

To use BAP, open the Properties sheet for the dial-up connection and click the Options tab. Under the Multiple Devices group, select one of the following options:
  • Dial Only First Available Device: Select this option to dial a single link for the connection when other installed devices are busy or you don't want multiple connections.
  • Dial All Devices: Select this option to have Windows 2000 automatically dial all available devices to create a multilink connection to the remote server.
  • Dial Devices Only As Needed: Select this option to use BAP to manage bandwidth usage. Windows 2000 will dial other links for the connection depending on the settings you configure for BAP. Click Configure to display the Automatic Dialing And Hanging Up dialog box, which contains four controls that specify criteria BAP uses to determine when to connect or disconnect links.

Restricting dial-in users to the local computer
You might not realize it, but when you configure a Windows 2000 Professional computer to act as a dial-up server, remote callers have the ability to browse the local network as well, accessing LAN resources subject to the resource's permissions and user rights. If that's what you intended, then all is well. But allowing dial-up users to access the LAN can be a security risk, even if the remote users are all authorized to access the LAN when they work locally rather than through dial-up. If an unauthorized user obtains a dial-in account and password, your LAN is suddenly exposed and potentially compromised. So if the remote users only need access to the dial-up server or to their individual computers, you should consider preventing pass-through access to the LAN.

You configure the connection through the Incoming Connections properties in the Network And Dial-Up Connections folder. Open the Properties sheet and click the Networking tab. Double-click a protocol and then deselect the option Allow Callers To Access My Local Area Network. Repeat the process for any other protocols enabled for incoming connections.

Looking down the registry
A previous TechMail tip explained how to prevent remote users from modifying your registry. If you need to allow some users that ability or otherwise restrict but not completely prevent registry modifications, you can apply permissions to registry keys that specify what actions users and groups can take on those particular keys and their values. For example, you might grant a given group of users the right to read keys but not modify them, while granting another group the ability to read and create new values in those keys but not create new subkeys.

Use Regedt32.exe to set permissions on registry keys. To do so, run Regedt32, select the key for which you want to modify permissions, then click Permissions | Security. The initial Permissions dialog box for a key lets you allow or deny Read or Full Control permissions on a per-user or per-group basis. Click Advanced if you need more granular control over the permissions granted to a group or user.

Auditing is another important aspect of registry security. You can configure which registry events are logged for specific users or groups. Open Regedt32, open the key, then click Security | Permissions. Click Advanced, then click the Auditing tab. Click Add to add a user or group, and then in the Auditing Entry dialog select Successful or Failed, as desired, beside each event you want to audit.
If you would like to read more tips, sign up for the Windows 2000 Professional TechMail. Let us know what you think about this article and the Windows 2000 Professional TechMail. Post a comment or send us a note.

About Bill Detwiler

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

Editor's Picks

Free Newsletters, In your Inbox