[Editor's Note: Solve this month's Windows NT problem and get the chance to win $100 or a copy of one of the author's books about NT. Send your solutions in an email message (not as an attachment) to challenge@winntmag.com. Include your full name, mailing address, and connection to NT (e.g., administrator, user). Because of the number of entries, we cannot reply to all respondents. Look for the solution to this month's problem in the September issue.]
Over the past few weeks, a couple of friends have called me with puzzling problems. I'm curious to see whether these problems are as mysterious to you as they first appeared to me. Each problem has only one possible cause, and once you figure out the cause, you can solve the problem.
Problem 1
Bill runs a small network with five workstations. Two of the workstations run Windows NT, and three run Windows 95. Bill moved an external modem from one of the Win95 machines to an NT machine. He attached the modem to COM 2 (a mouse was using COM 1), turned the modem on, and connected the modem to the telephone line. Then, he started the RAS setup, which automatically includes the modem installation. The computer reported that it couldn't find a modem. Bill decided to install the modem directly and worry about the RAS setup later. When he double-clicked the Modems icon in Control Panel, the applet didn't start. Why couldn't the computer find the modem, and why doesn't the Control Panel installation work?
Problem 2
Alexander owns a business that depends on a large number of databases and files. He hired a consulting firm to install and configure an NT network, and he hired Ron, a systems administrator, to manage the network. Alexander and Ron carefully planned the network's growth to keep pace with the business' rapid growth. Alexander designs and manufactures items that have many different size, color, and material combinations. The database tracks all the combinations. The server also holds large price lists, CAD files, estimating software, customer and vendor databases, and a robust accounting system with shop floor add-ons. Recently, Alexander upgraded the server, investing in a powerful computer with a very large hard disk. Alexander and Ron installed NTFS, and the system worked well until they decided to take advantage of NTFS's folder and file compression utilities. File compression didn't work. Why not?
MARCH WINNERS
Congratulations to Donghui Lu, a systems administrator in Columbus, Ohio, and to Doug Verge of Florham Park, New Jersey. Donghui won first prize of $100 for the best solution to the March Reader Challenge. Doug won second prize of a copy of Optimizing the Windows Registry (IDG Books).
Problem
Your IS department has a weekly meeting to discuss the state of the company's computers. This week's topic is users who know enough to be dangerous.
Several employees who fit this description have been accessing remote Registries to tweak them. The IS director stresses the importance of preventing users, but not IS personnel, from accessing Registries remotely.
- How do you lock a Registry against remote access by certain users?
- How does the lockout procedure differ in NT Server and NT Workstation?
- What are the benefits of using regedt32 rather than regedit?
- What is the name of the NT feature that controls Registry permissions?
Solution
- To prevent certain users from remotely accessing a Registry, go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SecurePipeServers\winreg Registry key. From the menu bar, select Security, Permissions. Click Add to see a user list and configure permissions for specific users.
- The \winreg Registry subkey doesn't exist in NT Workstation. To create the key, go to the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Control\SecurePipeServers Registry key. Then, select Edit, Add Key from the menu bar.
- You'll want to use regedt32 because regedit doesn't contain security commands.
- The access control list (ACL) is the NT feature that controls Registry permissions.
End of Article
