In addition to generating a random SID for your computer, the utility provides a synchronizing feature that lets you obtain a SID from another computer. For the first time, you can move a Backup Domain Controller (BDC) from one domain to another (a useful move on small, constantly changing networks, such as a university IS department). Choose Synchronize SID when you start NewSID, and enter the target computer's name, as Screen 4, page 214, shows. You must have permission to change the security settings of the target computer's Registry keys, which typically means you must log on as a domain administrator to use this feature.

NewSID is available as a free utility from the Systems Internals Web site (http://www.sysinternals.com/newsid.htm). I keep a copy in my NT repair toolkit at all times.

In your December 1997 column, you explained how to replace a hard disk while preserving the Windows NT installation. You said to install NT and restore the installation from a tape backup, and possibly reinstall the software as an upgrade. When I attempted such a procedure, I kept getting STOP errors. The machine had a 2GB SCSI hard disk that I partitioned into two drives (C and D). I had installed NT with Service Pack 3 (SP3) on the C drive. If the original hard disk has NT with SP3, don't you have to load SP3 on the new hard disk before you can restore from tape?

Microsoft Support Online article Q166828 (http://support.microsoft.com/support/kb/articles/q166/8/28.asp) offers insight into the problems associated with STOP errors. Microsoft made serious changes to the post-SP1 versions of NT. I've previously discussed repair issues and described what information you must change on the NT installation disks to successfully repair post-SP2 systems. Since December 1997, I've revised my recommendations regarding how to replace a hard disk while preserving the NT installation. Now, I recommend the following steps:

  1. Have an up-to-date backup of all files on the damaged drive. If the drive is different from your NT boot drive, you need to restore the boot.ini file on the boot drive. The tape backup must be on a restorable tape.
  2. Install a new version of NT to a different directory (e.g., Ntfix), and install the tape drive driver.
  3. Restore the original drive contents from tape, and restore boot.ini if necessary.
  4. Reboot the system, and run your original version of NT.
  5. Delete the new NT installation.

I hope my original suggestions didn't cause any problems. I am currently evaluating this issue more fully.

Can you explain what Packet Over SONET (POS) is and how it compares to Gigabit Ethernet and asynchronous transfer mode (ATM)? Which protocol is ideal for a large corporate backbone?

Similar to the idea of Gigabit Ethernet replacing ATM, POS is the next proposed ATM killer. However, POS is in NT's distant, rather than immediate, future.

Synchronous Optical Network (SONET) is an emerging fiber-optic technology capable of transferring data at more than 1 gigabit per second (Gbps). SONET-based networks, such as ATM, deliver realtime voice, data, and video over a network. SONET uses an 810-byte frame that transmits every 125 milliseconds (ms). Each packet has only 28 bytes of overhead, which makes SONET transfers very efficient. Unlike ATM, SONET has standards for more than 622 megabits per second (Mbps), including OC-192 (10Gbps).

POS is a hardware solution that lets users plug their provider's SONET backbone into a router that supports SONET technology (for information about these types of routers, see Cisco's Web site at http://www.cisco.com). Whereas ATM is well suited for handling multimedia traffic, POS is a better network protocol for transferring data. For most corporations, multimedia is the wave of the future. If voice and video capacity is significant to your company, you will want to stick with using ATM on your network. If you're using a local network in which fast data throughput is essential, you might consider using a good Gigabit Ethernet switching solution. However, I prefer ATM switches and cards for my networks.

Can you summarize the command-line parameters that will let me install Microsoft Message Queue Server (MSMQ) 1.0 in an unattended fashion?

MSMQ is an important new Windows NT feature that provides loosely-coupled and reliable network communications services based on a messaging queue model. Using MSMQ, IS managers can easily integrate applications, implement push-style event delivery between applications, and build reliable applications that work over unreliable, but cost-effective, networks. (For information about MSMQ, see Ken Spencer, "NT 4.0 Option Pack," January 1998, and Microsoft's Web site at http://www.microsoft.com/msmq and the release notes for MSMQ Server.)

Prev. page     1 [2] 3     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

<i>In Tricks & Traps (August), the section about which servers authenticate user passwords prompted several letters from readers. The following letter contains an excellent suggestion for maintaining proper secure channels across WANs. “My company has an international domain with about 30 Backup Domain Controllers (BDCs) throughout the world. Quite often, we find that servers on different sites from the users authenticate user passwords. Here’s what we think happens when the secure channel is set up from the Resource Domain BDC to the Master Account Domain BDC. “The Resource Domain BDC contacts the Windows Internet Naming Service (WINS) server and gets a list of 10 Master Account Domain BDCs (I think the WINS server is clever enough to return the closest one if it’s on the same subnet, plus another nine). The Resource Domain BDC then sends a request to all 10 servers to set up a secure channel. After the Resource Domain BDC has sent all 10 requests, it starts listening for responses and configures a secure channel with the first server that responds. “The problem occurs because the Resource Domain BDC doesn’t start listening until it has finished all 10 requests; if the local server responds too quickly, the Resource Domain BDC misses the response and configures the secure channel to another BDC (in our case, a BDC in another country). This secure channel isn’t automatically reset unless the connection is lost. If your local BDC is offline for a couple minutes, all the secure channels reestablish with alternative BDCs and stay that way as long as they can contact the alternative BDC. “I find that the easiest tool to use to solve this problem is </i>Microsoft Windows NT Server 4.0 Resource Kit’s <i>Domain Monitor. You can use Domain Monitor to disconnect an incorrect secure channel. However, the process is hit-and-miss because you just initiate the same process I described before. Usually after a couple of disconnects, you can establish a secure channel with the correct server. We have seen quite a few performance problems develop because of this issue, so we’ve added the task of ensuring the correct secure channels to our daily checklist.”<br> --Bob Chronister</i>

Bob Chronister- August 11, 1999

Hi,

We have approx 25 sites in Europe and have a BDC in most we are finding that Workstations from different locations at random are going accross the WAN for authentication to other BDC's is their anyway that I can force the machines to stay on their local LAN for authentication on their local BDC ???? Thanks, for your help.

kalek- February 13, 2002

We are having the same problem. The client machines in one office go over the wan to a Remote BDC before using the local PDC or BDC. I would also like to know how to force which BDC does the authentications.

Thomas- November 19, 2003

 
 

ADS BY GOOGLE