General discussion

  • Creator
    Topic
  • #2081844

    Ed Bott’s Microsoft Challenge — 1/20/00

    Locked

    by ebott ·

    Do you know how to keep from falling into three common Setup traps? I?m looking for the correct solution to these three problems:
    1. You want your users to set strong passwords that can?t be cracked through dictionary attacks. What?s the undocumented command-line option that lets you automatically assign a strong password to a given user account?
    2. Inaccurate time settings can wreak havoc on a network. What?s the best way to guarantee that all Windows 2000 PCs on a domain are set to the correct time?
    3. How big is Windows 2000?s default swapfile? How do you change its size?

All Comments

  • Author
    Replies
    • #3902945

      Ed Bott’s Microsoft Challenge — 1/20/00

      by egeorge ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      I’ll attempt teh third question. I think the swap file by default is:
      min: 1.5 X RAM
      max: 3 X RAM

      It is configurable from the advanced tab of system properties, performance options, change virual memory.

    • #3902941

      Ed Bott’s Microsoft Challenge — 1/20/00

      by tlm ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      Since most things are pretty much cut and dried as to ( what the USER wants the pc to do )& I don’t have the 2000 version YET; I’ll still give it a shot.
      Question-1.A series of numbers matching your own Personal CD serial number ; or a mix of letters and numbers…
      Question-2. Go set it manualy to the correct time, in the Regional settings( if 2000 is still calling it that…
      Question-3. Considering the 1Gig of free space needed ; (just to be hanging around for it’s use), I’ll guess 25meg..and Another guess to to change the swapfile size would be use the Direct memory access Controller.

    • #3902939

      Ed Bott’s Microsoft Challenge — 1/20/00

      by michaelwilcox ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      2. SNTP

    • #3902934

      Ed Bott’s Microsoft Challenge — 1/20/00

      by mike ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      Ok, done some playing around with Window y2k so here goes:
      1-The answer for this one is not some short answer but here is part of it.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
      2- Type in this command to set the pc’s to the server: Net Time \\YourServer /set /yes
      3-default is 1.5 X amount of physical RAM, You can change the size by adding paging files in folders on your hard drive or by adding more RAM

    • #3902932

      Ed Bott’s Microsoft Challenge — 1/20/00

      by fdicks ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      The windows 2000 swapfile is 265mb. As far as I know it cant be changed but you can add swapfile to a different drive to increase swapping speed.

    • #3902930

      Ed Bott’s Microsoft Challenge — 1/20/00

      by ron_s_davis ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      #1 Run passprop /complex to set passwords to be strong. This forces passwords to have a mixture of upper and lower-case, symbols or numbers.
      #2 Set up Active Directory on your Domain, all machines will synchronize their time with the domain controller automatically.
      #3 Windows 2000 sets the swap file to the amount of memory in the system, plus 14 megs. This can be changed by follwing these steps: Start; Settings; Control Panel; System; Advanced; Under virtual memory Change; set the initial and maximum values, then click Set, then ok

    • #3902929

      Ed Bott’s Microsoft Challenge — 1/20/00

      by gobbard ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      2. Use a logon scipt to run:
      NET TIME \\computername /SET

      3. Default is 1.5 times physical memory if RAM is less than 2GB, or 2GB if RAM is greater and can be changed through properties of ‘My Computer’ (Advanced tab – performace options.)

    • #3902923

      Ed Bott’s Microsoft Challenge — 1/20/00

      by robert406 ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1. If a strong password policy is implemented in the active directory users and computers, use the dsmigrate utility to gernerate random strong passwords for any migrated or new user accounts.
      2. The Windows Time service is implemented on Windows 2000 by default any authenticating domain controler is used as an syncronizing partner. The PDC is nominated by the authenticating controlers as the master time source. You would then use the net time/set sntp:(Anyone of the internet sntp servers) so that the PDC is correct. You must also ensure that if you are using a firewall ect. that port 123 is open to the internet. If not you cannot connect to one of the Internet sntp servers.
      3. The minimum is 2mb. By default the swapfile (Pagefile which is the correct term to use)is equal to the lessor of the total physical memory plus 12meg or the amount of available disk space. To change this right click my computer, then click the advanced tab then click performance options. Click Change in the drive box click

    • #3902921

      Ed Bott’s Microsoft Challenge — 1/20/00

      by vgendelman ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      2. Set the following command in the logon script for all users.
      NET TIME \\SERVERNAME /SET /YES

      3. To change the size of the swap file you would go to Performance Tab, under System in Control Panel, and there you go to virtual memory where youwill be able to change the size of the swap file

    • #3902919

      Ed Bott’s Microsoft Challenge — 1/20/00

      by john allhiser ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1. net accounts /uniquepw:##

      2. If the network is ideally configured for Windows 2000, there are several options: Using the DHCP Time Server option is the easiest. Use the command: NET TIME /setsntp:
      (list of servers etc.) Use this in a logonscript for Workstation and Professional. Another way is to edit the registry: HKeyLM\System\CurrentControlSet\Services\W32Time\Parameters — for the value list the servers using DNS or IP separated by semicolons, then change the type Registry key from Nt5DS to NTP. This will give time control to an NTP server instead of the default settings on each computer.

      3. Ram + 12MB. Control Panel, System, Advanced, Perfomance Options, Change. Also My Computer, Properties, System, Etc.

    • #3902917

      Ed Bott’s Microsoft Challenge — 1/20/00

      by andy.stumph ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      Answer #3:
      Default size is 1.5 time the amount of ram if memory is less than 2GB. If memory is more that 2GB, the default size is set to 2GB. To change it, right-click on My Computer, click properties, on the Advanced tab, click Perfermance Options.

    • #3902915

      Ed Bott’s Microsoft Challenge — 1/20/00

      by alorie5022 ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1.
      2. net time – from the command prompt
      3.

    • #3902913

      Ed Bott’s Microsoft Challenge — 1/20/00

      by dserra ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1. I can’t say I know the answer to this one but I’d love to find out.

      2. In NT4 you do a net Time command in the login script.

      3. Size of memeory plus 12 Meg. Change the size by going to Control Panel, System, Performance (tab) and click the change button.

      Let me know how I do. Thanks

    • #3902908

      Ed Bott’s Microsoft Challenge — 1/20/00

      by craig ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1)Passprop /complex
      ***Bonus***
      this was a Tech Republic article included in TechNet contributed By Brien M. Posey, MCSE

      2)NET TIME //YOURSERVER /SET /Y >nul
      (* >NUL so the users don’t get confused we all know how easy they do…)

      3a)1.5(RAM-1)
      3b)Control panel|System Icon|Advanced tab|Performence Options|Virtual Memory section->Change radio button
      ***Bonus***
      The Persormence OPtions Tab is also where you set the optimize the servers Role for apps or background tasks!!

    • #3902907

      Ed Bott’s Microsoft Challenge — 1/20/00

      by gwarinner ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      Here is my try:

      1. Passprop /complex is used in WINNT 4.0 so I’ll call it that.

      2. Get the time from the domain controller which is set from Colorado Atomic Time.

      3. Set equal to which is less the total physical memory plus 12meg or the amount of available disk space

    • #3902902

      Ed Bott’s Microsoft Challenge — 1/20/00

      by rog42 ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      #1. There are numerous answers already given, and the question throws a slight slant in that it requires a strong password for a ‘given’ user. However, I think the command line answer you require is:
      NET ACCOUNTS /MINPWLEN:number /MAXPWAGE:days /MINPWAGE:days /UNIQUEPW:number /DOMAIN

      #2: 3 ways – a) using DHCP set a time server (NTP) b) In Active directory set a computer group policy for the site to use a time server c) Without ADS or DHCP create a login script with the command NET TIME /DOMAIN

      #3: Default swap file is 1.5xRAM min – 3xRAM max. To change – Right-click My Computer – Properties – Advanced – Performance Options – Change (in Virtual Memory Tab) change the numbers and click Set

    • #3902898

      Ed Bott’s Microsoft Challenge — 1/20/00

      by mikemayer ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1. use passprop /complex

      2. use net time

      3. 1.5 time RAM size, ControlPanel/system/Adv/proformance/Virtual memory

    • #3902897

      Ed Bott’s Microsoft Challenge — 1/20/00

      by rbarrett ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      Question 3.
      The default size is indeed
      Min 1.5 x amount of physical ram
      Max 3x amount of physical ram
      To change it goto the advanced tab of the system properties (right click on My Computer), then performance options and virual memory.

    • #3902896

      Ed Bott’s Microsoft Challenge — 1/20/00

      by michael.b.simmons ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1. You can use secedit using one of the 4 following templates:
      securews.inf
      securedc.inf (I assume for a domain controller)
      hisecwe.inf
      hisecdc.inf
      For example:
      C:\WINNT>cd %windir%\security\templates
      C:\WINNT\security\templates>secedit /configure /db new.db /cfg securews.inf /areas SECURITYPOLICY /verbose

      Task is completed successfully.
      See log %windir%\security\logs\scesrv.log for detail info.

      2.Windows 2000 ships with the W32Time (Windows Time) service. A hierarchical approach is taken to assigning time:

      ? All clients desktops and member servers use their authenticating domain controller as their in-bound time partner
      ? All domain controllers in a domain use the Primary Domain Controller (PDC) Flexible Single Master of Operations (FSMO) as the in-bound time partner
      ? The PDC FSMO’s use the domain hierarchy to pick their in-bound time partner

      Obviously this means the PDC FSMO becomes the authoritative time source for the enterprise and should be configured to gather the time fro

    • #3902894

      Ed Bott’s Microsoft Challenge — 1/20/00

      by michael.b.simmons ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      Looks like my original response exceeded 1000 chars, so I’ll continue w/ #2:
      Obviously this means the PDC FSMO becomes the authoritative time source for the enterprise and should be configured to gather the time from an external source. Until this is done you will see events in the Event Log stating the W32Time service is not configured.

      To configure Windows 2000 to use an external time server use the command:
      C:\> net time /setsntp:192.4.41.40
      There are a number of external time servers you can use based at the U.S. Naval Observatory
      ? ntp2.usno.navy.mil – 192.5.41.209
      ? tick.usno.navy.mil – 192.4.41.40
      ? tock.usno.navy.mil – 192.5.41.41

      3. If you’re talking about the paging file, then: Windows 2000 sets the initial paging file size to one and a half times the amount of physical RAM in the computer. You’d change this from Control Panel\System\Advanced\Performance Options\Virtual Memory.

    • #3902889

      Ed Bott’s Microsoft Challenge — 1/20/00

      by freddy ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      #3. If total physical RAM is less than 2 GB, the paging file is set to 1.5 times the amount of RAM. If total physical RAM is more than 2 GB, the default size is set to 2 GB.
      To change: right-click on My Computer->Properties->Advanced tab->Performance Options than clich Change… on Virtual memory

    • #3902882

      Ed Bott’s Microsoft Challenge — 1/20/00

      by scubajeff2 ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      #1 Here’s the long way- You should setup a group policy object- GPO using the group policy editor mmc. Link the policy to the domain you are targeting. Specifically, Active Directory(if you arent using it shame on you) right clikc on the Active Directoyr users and Comp MMC go to properties, group policy, default domain GPO link, edit. you are looking ofr GPO Policy\Comp Config\Security Settings\Account Policies\Password Policy, double click the passwords must meet complexity req. blah, blah change the setting to enabled to activate strong passwords. If you found a command line option I’ll buy another two years’ subscription!

      #2 use Nettime /GaTech’s server-(my almamater) 130.207.244.240, set your servers first, then use your own server once set.

      #3 1.5 size of phys ram- be aware you can overcome the 4 gig limit on a volume by using a reg hack to set named directories as volumes.ControlPanel\System\Advanced\Performance Options\Virtual Memory to change it.

    • #3897178

      Ed Bott’s Microsoft Challenge — 1/20/00

      by bmorin ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1. Passprop /complex (installed from Reskit)
      2. specify an NTP server in DHCP or run Net time in a logon script
      3. 1.5 X physical ram

    • #3897172

      Ed Bott’s Microsoft Challenge — 1/20/00

      by mrooney ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      #2 set all PC’s to GMT

    • #3897171

      Ed Bott’s Microsoft Challenge — 1/20/00

      by roger ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      #2 Use Atomic Time
      #31.5x Ram. Right click My Computer,Properties,Performance,Virtual Memory,Let me set my own virtual memory settings.

    • #3897154

      Ed Bott’s Microsoft Challenge — 1/20/00

      by upaya ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      1. Make this entry in the registry:
      Key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
      Data: Notification Packages
      Value: passfilt

      2. net time \\servername /set

      3. min is 1.5x, max is 3.0x the amount of physical RAM

    • #3897123

      Ed Bott’s Microsoft Challenge — 1/20/00

      by neurobasher ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      I’ll attempt an answer to questions # 2& 3.

      2. By default the win 2000 domain controller is set as the domains time server. When a win 2000 professional client logs on, it looks for the windows time service on the domain controller and syncs withit. On the domain controller you can specify another server for it to sync with.

      3. The default swap file size is computer memory plus 16 megs. ie computer has 32 megs + 16 = 48 is max default size.

    • #3742532

      Ed Bott’s Microsoft Challenge — 1/20/00

      by ebott ·

      In reply to Ed Bott’s Microsoft Challenge — 1/20/00

      This question was auto closed due to inactivity

Viewing 27 reply threads