TreeWalk DNS
...select an «Item number» to view a topic, «Title number» to return.
«Item 231» How To Set Up Internet Connection Sharing
«Item 232» Recycle Bin Fun
«Item 233» Creating Performance Alerts in Windows 2000
«Item 234» Security Policies
«Item 235» Control Panel Lost After Using TweakUI
«Item 236» Center For Internet Security Level-1 Benchmark And Scoring Tool
«Item 237» Perform An In-Place Upgrade Of Windows 2000
«Item 238» What An In-Place Upgrade Does And Does Not Change
«Item 239» FreeWare Utility «» ScreenSeize
«Item 240» "Limited Virtual Memory" Error Message When You Start Your Computer
«Item 241» How To Install a Smart Card Reader
«Item 242» Configure Scheduled Tasks To Notify You Of Missed Tasks
«Item 243» Managing The Advanced Tab Of The Taskbar & Start Menu Via The Registry
«Item 244» FreeWare Utility «» OneButton
«Item 245» Global Flags Editor (Gflags.exe)
«Item 246» How To Enable User Environment Event Logging
«Item 247» FreeWare Utility «» PsLogList
«Item 248» How To Manually Remove And Reinstall A Print Driver
«Item 249» A RAM Disk For Windows 2000
«Item 250» The MSDN Library
«231» How To Set Up Internet Connection Sharing
Internet Connection Sharing (ICS) enables you to use Windows 2000 Professional to connect a small office network or home network with the Internet. ICS provides network address translation (NAT), IP addressing, and name resolution services for all the computers on a small network. The step-by-step article 307311 describes how to install ICS on Windows 2000 Professional operating systems.
«232» Recycle Bin Fun
The Recycle Bin is a funny thing - it has a lot of limitations compared to other normal icons. But we discovered that you can do all sorts of weird things with its Context menu. This tip will only show you how to fool around with the Recycle Bin Context menu and the appearance of the icon. What else you can do with it is left to the ingenuity of the reader.
Open the Registry editor and go to:
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
¤ To add Rename to the menu, change Attributes to 50 01 00 20
¤ To add Delete to the menu, change Attributes to 60 01 00 20
¤ To add both Rename and Delete to the menu, change Attributes to 70,01,00,20
To restore the Recycle Bin to Windows defaults including un-deleting the icon after deletion:
¤ To Restore the icon, go to
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\
NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
and add a key named Recycle Bin.
¤ To reset Windows defaults, go to:
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
and change Attributes to 40 01 00 20.
For some more practically useless edits to the context menu go to:
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder
¤ To add Copy to the menu, change Attributes to 41 01 00 20
¤ To add Cut to the menu, change Attributes to 42 01 00 20
¤ To add Copy and Cut to the menu, change Attributes to 43 01 00 20
¤ To add Paste to the menu, change Attributes to 44 01 00 20
¤ To add Copy and Paste to the menu, change Attributes to 45 01 00 20
¤ To add Cut and Paste to the menu, change Attributes to 46 01 00 20
¤ To add Cut, Copy and Paste to the menu, change Attributes to 47 01 00 20
The above edits are more on the fun side than useful but the Rename and Delete can sometimes be practical. At least now you don't have to worry about deleting it since you can always bring it back.
«233» Creating Performance Alerts in Windows 2000
You can create alerts in Windows 2000 using the Sysmon tool. To create an alert, use the following steps:
1. Click Start, point to Programs, point to Administrative Tools, and then click Performance (or click Start, point to Settings, click Control Panel, click Administrative Tools, and then click Performance).
2. After the Performance tool starts, performance logs and alerts should be displayed in the left pane.
3. Double-click Performance Logs and Alerts.
4. Click Alerts, and then right-click in the right-hand pane.
5. Click New Alert Settings, type a name for the alert, and then click OK.
6. You can now edit the properties of the new alert (for example, you can add a comment to the alert, for identification purposes).
7. Add the counters that you want to monitor by clicking Add.
NOTE: If the counters for the computer you want to create the alert for are not displayed, type the name of the computer, preceded by two backslashes (for example, \\ computername) in the box in the Select counters from Computer section. If you have the proper permissions, the counters are displayed.
8. After you select the counter(s) you want to monitor, close the Add Counters window.
9. Choose how often you want the data to be sampled and when you want to receive an alert. You can specify a separate threshold for each counter. Depending on the counter, this is a percentage (for example, over 50 percent for %Processor Utilization) or an amount (for example, under 2 MB (2048000) for Memory\AvailableBytes).
10. On the Action tab, click the action you want performed after the threshold is reached:
a. Log an entry in the Application Event Log
b. Send a Network Message to
c. Start a Performance data Log
d. Run this program
11. Select a schedule for running the alert:
a. continuously
b. start manually
c. stop manually
d. run for a specified amount of time.
12. Click OK. You have created an alert.
You can create several alerts to monitor different counters on different computers. You can configure each computer to handle the alert in a different manner, depending on your needs. When you create and use alerts, the following Services must be running on the computers involved so that events are recorded and alerts are sent:
Ø You should run the Alerter and Messenger Services on the computer(s) performing the monitoring.
Ø You should run the Messenger Service on the computers that receive messages.
Ø The Alerter Service is started by default on Windows 2000 Server but is not in Windows 2000 Professional.
Ø The Messenger Service is started by default.
«234» Security Policies
Windows 2000 strives to improve security policies over the previous versions. To make this process less of a headache for System Administrators, Windows 2000 offers a number of prebuilt and basic templates in the form of inf files that offer varying forms of security setting policies. All one has to do is browse to the Local Security Policy in Administrative Tools, then highlight Security settings and choose import policy. In most cases these templates will cover your needs, if not you can always customize them to your specific needs.
«235» Control Panel Lost After Using TweakUI
Use Regedit to open the following key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Look for an Entry Name in the right-hand screen called NoControlPanel and set its Value to 00 00 00 00. Or you can just delete the Entry NoControlPanel that was added by TweakUI.
«236» Center For Internet Security Level-1 Benchmark And Scoring Tool
The Center for Internet Security has released the CIS Level-1 Benchmark and Scoring Tool for Windows 2000 now available FREE along with an Implementation Guide that contains step-by step instructions on utilizing the CIS Windows 2000 Level I Benchmark Security Template. The Benchmark is a compilation of security configuration actions and settings that "harden" Windows 2000 operating systems. It is a CIS Level-I benchmark - the prudent level of minimum due care for operating system security. The Scoring Tool provides a quick and easy way to evaluate your host systems, and compare their level of security against the minimum due care security standard.
The Download File (CIS-Win2K.zip) includes:
» CIS Win2K Level I Benchmark.pdf - the CIS Windows 2000 Level I Benchmark document.
» CIS.msi - Windows Installer installation package will install CIS.exe (the scoring tool), the benchmark, the CIS.INF Security Template (as well as the NSA Security Templates), and will provide shortcuts to the applications in the Start -> Program Files -> Center for Internet Security location. CIS.exe is a host-based Security Scoring Tool - it scores the security of a Windows 2000 system against the configuration specified in the CIS Level I benchmark.
» CIS Win2K Level I Implementation Guide.pdf - Step-By Step instructions on utilizing, scoring, analyzing, configuring, and customizing the CIS Windows 2000 Level I Security Template (CIS.INF).
» Readme.txt - contains installation and operation instructions, Frequently Asked Questions, and is displayed during installation.
«237» Perform An In-Place Upgrade Of Windows 2000
If a repair (Item 201) does not cause your computer to operate normally, you may wish to try an in-place upgrade, as a last resort before reinstalling. The in-place upgrade takes about the same ampunt of time as a reinstall. To perform an in-place upgrade:
1. Boot the CD-ROM (or boot disks).
2. Press Enter to install a copy of Windows 2000.
3. Accept the License Agreement.
4. If setup does NOT detect a your installation, an in-place upgrade is NOT possible.
5. When prompted to repair the existing installation, press R. Setup will perform an in-place upgrade.
See the following tip to learn what an in-place upgrade does and does not change.
«238» What An In-Place Upgrade Does And Does Not Change
When you perform an in-place upgrade:
1. Service Packs, hotfixes, and IE upgrades are rolled back.
2. Default Registry values are restored.
3. Default permissions are reapplied.
4. COM and WFP are reregistered.
5. Plug and Play devices and the HAL are re-enumerated.
6. Drive letters are changed based upon the current drive and partitions.
The following is NOT changed:
1. Installed components and programs.
2. Passwords.
3. Third-party registry entries.
4. The computer's role.
NOTE: If you upgraded your computer from Windows NT 4.0, profiles were stored at %SystemRoot%\Profiles. The in-place upgrade creates a \Documents and Settings folder and changes the registry profile to point to it. To fix the problem, use the Registry Editor to navigate to:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
For each user, there will be a SID sub-key and a Value Name of ProfileImagePath. Change the string value to point to %SystemRoot%\Profiles\<UserName>.
«239» FreeWare Utility «» ScreenSeize
PC Magazine - Capture and save any part of your screen.
There are many reasons to save images from your computer screen. You may want to create step-by-step software demonstrations, or capture a program error to help a vendor diagnose a problem. Windows includes a very rudimentary screen-capture facility, but it can't be used in all situations. ScreenSeize includes options to meet almost every contingency. You can capture the entire screen, an application window, a dialog box, a selected area or object, and more. Capturing can be triggered by a timer, a hot key, or a mouse button click, and you can choose whether to include the mouse cursor. The Automatic Save options are handy when capturing many images in sequence. ScreenSeize was written by Charles Petzold, and first appeared in PC Magazine May 23, 2000. Source code is included.
Requirements: Windows 95/98/NT/2000 License: Subscription to PC Magazine
Click here for a SCREEN SHOT of ScreenSeize. (Use your Backspace key or the browser's Back function to return here).
Click here to go see the latest ScreenSeize information. (Requires PCMagazine membership. Tip: Google for "ScreenThief").
«240» "Limited Virtual Memory" Error Message When You Start Your Computer
When you set the paging file (Pagefile.sys) on your computer to a size that is lower than the recommended size of 12 megabytes (MB) plus the amount of random access memory (RAM), a temporary paging file (Temppf.sys) may be created, and you may receive the following error message after you log on:
Limited Virtual Memory
Your system is running without a properly sized paging file. Please use the virtual memory option of the System applet in the Control Panel to create a paging file, or to increase the initial size of your paging file.
This issue can occur when the temporary paging file uses a substantial amount of free space on the hard disk, and the remaining available hard disk space is less than the initial size of the paging file setting that you configured in Control Panel.
To resolve this issue, use the appropriate method:
Windows NT-Based Computer
1. Click Start, point to Settings, click Control Panel, and then double-click System.
2. Click Virtual Memory, set the "Initial Size" and the "Maximum Size" values for the paging file to 0 (zero), and then restart your computer.
3. Click Start, point to Settings, click Control Panel, and then double-click System.
4. Click Virtual Memory, reset the "Initial Size" and the "Maximum Size" values to the recommended values for Windows NT, and then restart your computer.
Windows 2000-Based Computer
1. Click Start, point to Setting, click Control Panel, and then double-click System.
2. Click the Advanced tab, click Performance Options, click Change, set the "Initial Size" and the "Maximum Size" values for the paging file to 0 (zero), and then restart your computer.
3. Click Start, point to Settings, click Control Panel, and then double-click System.
4. Click the Advanced tab, click Performance Options, click Change, reset the "Initial Size" and the "Maximum Size" values to the recommended values for Windows 2000, and then restart your computer.
After you configure the paging file to an appropriate size, the temporary paging file is deleted and virtual memory errors no longer occur.
Additional Information
The error message listed above can occur when the initial paging file size is reduced to an amount considerably smaller than the recommended amount. Windows recognizes that the paging file size is insufficient and creates a temporary paging file of up to 20 megabytes in the Winnt\System32 folder. The System dialog box in Control Panel is then displayed, forcing you to address the paging file problem.
When the free hard disk space on your computer is 30 megabytes or less, issues can occur when you try to correct the insufficient paging file size. The combination of the insufficient paging file size and the temporary paging file size can easily use all of the available free hard disk space. This does not leave enough free space to create a paging file large enough to eliminate the need for the temporary paging file.
The only way to free the disk space that is used by the temporary paging file is to create an appropriately-sized paging file. When it is no longer needed, the temporary paging file is deleted the next time you start your computer, and the disk space is then freed.
«241» How To Install a Smart Card Reader
Logging on to a network with a smart card provides a strong form of authentication because cryptography-based identification and proof of possession is used when a user is authenticated on a domain. For example, if a malicious person were to obtain a user's password, the malicious person could assume the user's identity on the network by using only the password. Many people choose passwords that they can remember easily. This makes passwords inherently weak and open to attack. With a smart card, the malicious person would have to obtain both the user's smart card and the personal identification number (PIN) to impersonate the user. This combination is more difficult to attack because an additional layer of information is needed to impersonate a user. An additional benefit is that a smart card is locked after a small number of unsuccessful PIN inputs occur consecutively. This makes a "dictionary" attack against a smart card difficult. Note that a PIN does not have to be a series of numbers, it can also use other alphanumeric characters.
There is a TechNet Article that describes how to install a smart card reader on a computer.
«242» Configure Scheduled Tasks To Notify You Of Missed Tasks
If your computer is unavailble to run a scheduled task, you can configure Scheduled Tasks to notify you of the missed task:
1. Open Scheduled Tasks.
2. On the Advanced menu, select Notify Me of Missed Tasks.
The next time a task is missed, you will receive a pop-up warning, and an offer to run the missed tasks.
«243» Managing The Advanced Tab Of The Taskbar & Start Menu Via The Registry
To set the options at Start | Settings | Taskbar & Start Menu | Advanced via the Registry, navigate to:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Use the following table to set the options:
|
Option |
Value Name |
Data Type |
Checked data value |
Unchecked |
|
Display Administrative Tools |
StartMenuAdminTools |
REG_SZ |
YES |
NO |
|
Display Favorites |
StartMenuFavorites |
REG_DWORD |
1 |
0 |
|
Display Logoff |
StartMenuLogoff |
REG_DWORD |
1 |
0 |
|
Expand Control Panel |
CascadeControlPanel |
REG_SZ |
YES |
NO |
|
Expand My Documents |
CascadeMyDocuments |
REG_SZ |
YES |
NO |
|
Expand Network and Dial-UP Connections |
CascadeNetworkConnections |
REG_SZ |
YES |
NO |
|
Expand Printers |
CascadePrinters |
REG_SZ |
YES |
NO |
|
Scroll the Programs Menu |
StartMenuScrollPrograms |
REG_SZ |
YES |
NO |
«244» FreeWare Utility «» OneButton
by Finn Ekberg Christiansen (His Home Page).
"OneButton" is a small no-nonsense toolbar (launch pad) with 16 customizable buttons and 12 buttons with fixed functions. When collapsed it only takes up 36 x 36 pixels of your screen.
A popup menu appears when you right-click the main button, giving you access to 15 different system folders (desktop, sendto, startup, windows, system, nethood, temp etc.) that are opened in Explorer when you click the menu item.
You can drop programs or document files on the buttons or customize them manually by right-clicking them.
OneButton is made for Windows NT 4 and Windows 2000. You can make it run on Windows95 or Windows98 by using the command line option /ok. Two of the buttons (Disk DeFragmenter and Upd. Em. Disk) will be disabled though.
The 4 small buttons below the caption bar are for: Options|About|Visit my homepage|help file.
OneButton uses a local .ini file and doesn't touch the Registry."
Click here for a SCREEN SHOT of OneButton. (Use your Backspace key or the browser's Back function to return here).
Click here to download and see the latest OneButton information.
«245» Global Flags Editor (Gflags.exe)
GFlags is a GUI utility that enables a developer or System Administrator to edit the NtGlobalFlag settings for Windows 2000. GFlags.exe can be found in the Windows 2000 Support Tools on your installation CD. Item 177 describes how to Install the Windows 2000 Support Tools.
You can use GFlags to modify the current flags in use by the kernel or the flags used when a particular image file is launched. If you have administrative privileges, you can also use GFlags to modify the global Registry settings that will be used the next time Windows 2000 starts.
The GlobalFlag Registry entry consists of 32 bits that are used as switches to enable or disable several different advanced internal system diagnostics and troubleshooting tests. Only certain flags can be changed for each target. Changes to the kernel registry flags do not take effect until the next time Windows 2000 starts. GFlags only looks at global flags specific to a particular image file when you launch this tool under a debugger or by clicking the GFlags Launch button.
GFlags can also set the flag required for the kernel feature of Oh.exe, a Microsoft Windows 2000 Resource Kit tool which shows the handles of open windows.
NOTE: Running GFlags without arguments displays a dialog box that allows the user to modify the global flag settings.
GFlags Syntax:
gflag [-r [flag [maxdepth]] [-k [flag]] [-i ImageFileName [flag]] [-l flag commandline...]
NOTE: Starting GFlags without arguments starts the GUI. For either command-line or GUI changes, reboot for new settings to take effect.
Parameters:
-r [flag] [maxdepth]
Displays current system Registry settings. If the switch is specified without flags, then current settings are displayed, not modified.
-k [flag]
Operates on kernel settings of running system. If the switch is specified without flags, then current settings are displayed, not modified.
-i ImageFileName [flag]
Operates on settings for a specific image file. If the flag specified for the -i switch is FFFFFFFF, then the Registry entry for that image is deleted.
-l [flag commandline]
Launches a command line with a specific setting. flag is one of the following:
¤ A single hexadecimal number that specifies all 32-bits of the GlobalFlags value (for example 0x1234578).
¤ One or more arguments beginning with a "+" or "-", where a + means to set the corresponding bit(s) in the GlobalFlags and a - means to clear the corresponding bit(s). The + or - character can be followed by a hexadecimal number or a three letter abbreviation for a Global Flag. Valid abbreviations are:
|
Abbreviation |
Description |
|
kst |
Create kernel mode stack trace database |
|
ust |
Create user mode stack trace database |
|
dic |
Debug Initial Command |
|
dwl |
Debug WINLOGON |
|
dhc |
Disable Heap Coalesce on Free |
|
ddp |
Disable kernel mode DbgPrint output |
|
dps |
Disable paging of kernel stacks |
|
dpd |
Disable protected DLL verification |
|
ece |
Enable Close Exception |
|
d32 |
Enable debugging of Win32 Subsystem |
|
eel |
Enable Exception Logging |
|
hat |
Enable Heap API Call Tracing |
|
hfc |
Enable heap free checking |
|
hpc |
Enable heap parameter checking |
|
htg |
Enable heap tagging |
|
htd |
Enable Heap Tagging By DLL |
|
htc |
Enable heap tail checking |
|
hvc |
Enable heap validation on call |
|
ksl |
Enable loading of kernel debugger symbols |
|
eot |
Enable Object Handle Type Tagging |
|
pfc |
Enable pool free checking |
|
ptg |
Enable pool tagging |
|
ptc |
Enable pool tail checking |
|
otl |
Maintain a list of objects for each type |
|
hpa |
Place heap allocations at ends of pages |
|
sls |
Show Loader Snaps |
|
soe |
Stop On Exception |
|
shg |
Stop on Hung GUI |
|
idp |
unused |
Global tags values reference
The following are global tags for Windows 2000:
|
Flag Name |
32 Bit Hex Value |
|
FLG_STOP_ON_EXCEPTION |
0x00000001 |
|
FLG_SHOW_LDR_SNAPS |
0x00000002 |
|
FLG_DEBUG_INITIAL_COMMAND |
0x00000004 |
|
FLG_STOP_ON_HUNG_GUI |
0x00000008 |
|
FLG_HEAP_ENABLE_TAIL_CHECK |
0x00000010 |
|
FLG_HEAP_ENABLE_FREE_CHECK |
0x00000020 |
|
FLG_HEAP_VALIDATE_PARAMETERS |
0x00000040 |
|
FLG_HEAP_VALIDATE_ALL |
0x00000080 |
|
FLG_POOL_ENABLE_TAIL_CHECK |
0x00000100 |
|
FLG_POOL_ENABLE_FREE_CHECK |
0x00000200 |
|
FLG_POOL_ENABLE_TAGGING |
0x00000400 |
|
FLG_HEAP_ENABLE_TAGGING |
0x00000800 |
|
FLG_USER_STACK_TRACE_DB |
0x00001000 |
|
FLG_KERNEL_STACK_TRACE_DB |
0x00002000 |
|
FLG_MAINTAIN_OBJECT_TYPELIST |
0x00004000 |
|
FLG_HEAP_ENABLE_TAG_BY_DLL |
0x00008000 |
|
FLG_IGNORE_DEBUG_PRIV |
0x00010000 |
|
FLG_ENABLE_CSRDEBUG |
0x00020000 |
|
FLG_ENABLE_KDEBUG_SYMBOL_LOAD |
0x00040000 |
|
FLG_DISABLE_PAGE_KERNEL_STACKS |
0x00080000 |
|
FLG_HEAP_ENABLE_CALL_TRACING |
0x00100000 |
|
FLG_HEAP_DISABLE_COALESCING |
0x00200000 |
|
FLG_ENABLE_CLOSE_EXCEPTIONS |
0x00400000 |
|
FLG_ENABLE_EXCEPTION_LOGGING |
0x00800000 |
|
FLG_ENABLE_HANDLE_TYPE_TAGGING |
0x01000000 |
|
FLG_HEAP_PAGE_ALLOCS |
0x02000000 |
|
FLG_DEBUG_INITIAL_COMMAND_EX |
0x04000000 |
|
FLG_VALID_BITS |
0x07FFFFFF |
These values are stored in the Registry in the following location:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\GlobalFlag
The default value for GlobalFlag is 0, so Windows 2000 does not expend extra overhead in gathering pooltag information. If set to 0, all System Registry global flag settings are disabled. For more information, see the definition of Ntexapi.h FLG_ in the Win32 Software Development Kit.
GFlags can also set the flag required for the kernel feature of Oh.exe, a Microsoft Windows 2000 Resource Kit tool that shows the handles of open windows. (Oh.exe can be obtained as a free download from Microsoft.)
Definitions:
«» kernel
The core of layered architecture that manages the most basic operations of the operating system and the computer's processor for Windows NT and Windows 2000. The kernel schedules different blocks of executing code, called threads, for the processor to keep it as busy as possible and coordinates multiple processors to optimize performance. The kernel also synchronizes activities among Executive-level subcomponents, such as I/O Manager and Process Manager, and handles hardware exceptions and other hardware-dependent functions.
«» handle
In the user interface, an interface added to an object that facilitates moving, sizing, reshaping, or other functions pertaining to an object.
In programming, a pointer to a pointer-that is, a token that lets a program access a resource identified.
«246» How To Enable User Environment Event Logging
The following describes how to enable the user environment event logging features available in Windows 2000.
You can log environment events using either Normal or Verbose mode. Information from either of these modes is stored in the Windows 2000 event log so that an Administrator can view events either locally or remotely using Event Viewer.
To enable all forms of user environment event logging using Verbose mode without having to add a Registry value for each component individually, add the following value to the Registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Value Name: RunDiagnosticLoggingGlobal
Value Type: REG_DWORD
Value Data: 1
NOTE: The Diagnostics key is not present by default. You need to add it and leave the Class key empty.
To enable verbose event logging for group policies only, add the following value to the Registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Value Name: RunDiagnosticLoggingGroupPolicy
Value Type: REG_DWORD
Value Data: 1
To enable verbose event logging for application deployment only, add the following value to the Registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Value Name: RunDiagnosticLoggingApplicationDeployment
Value Type: REG_DWORD
Value Data: 1
[Article ID: 186454 ]
«247» FreeWare Utility «» PsLogList
Copyright © 2000-2001 Mark Russinovich
Introduction:
The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. PsLogList is a clone of elogdump except that PsLogList lets you login to remote systems in situations your current set of security credentials would not permit access to the Event Log, and PsLogList retrieves message strings from the computer on which the event log you view resides.
Installation:
Just copy PsLogList onto your executable path, and type "psloglist". PsLogList works on NT 3.51, NT 4.0, and Win2K.
Usage:
The default behavior of PsLogList is to show the contents of the System Event Log on the local computer, with visually-friendly formatting of Event Log records. Command line options let you view logs on different computers, use a different account to view a log, or to have the output formatted in a string-search friendly way.
Syntax:
psloglist [-?] [-s [-t delimiter]] [\\computer [-u username [-p password]]] [-n # | -d #]
[-x] [-c][-r][-a mm/dd/yy][-b mm/dd/yy][-f filter] [-l event log file] [eventlog]
|
-? |
Displays the supported options and the units of measurement used for output values. |
|
-s |
This switch has PsLogList print Event Log records one-per-line, with delimited fields. This format is convenient for text searches, e.g. psloglist | findstr /i text, and for importing the output into a spreadsheet. |
|
-t |
The default delimeter is a comma, but can be overriden with the specified character. |
|
\computer |
Instead of showing process information for the local system, PsLogList will show information for the NT/Win2K system specified. Include the «» switch with a username and password to login to the remote system if your security credentials do not permit you to obtain performance counter information from the remote system. |
|
-u username |
If you want to view an Event Log on a remote system and the account you are executing in does not have administrative privileges on the remote system then you must login as an administrator using this command-line option. PsLogList will prompt you for the password without echoing your input to the display unless you specify the p switch. |
|
-p password |
If you specify a user name and omit this switch PsLogList will prompt you for a password. |
|
-n # |
Only display n most recent records. |
|
-d # |
Only display records from previous n days. |
|
-c |
Clear the event log after displaying. |
|
-x |
Dump extended data. |
|
-r |
Dump log from least recent to most recent. |
|
-a |
Dump records timestamped after specified date. |
|
-b |
Dump records timestamped before specified date. |
|
-f |
Filter event types with filter string (e.g. "-f w" to filter warnings). |
|
eventlog file |
Dump the contents of the specified saved event log file. |
|
eventlog |
By default PsLogList shows the contents of the System Event Log. Specify a different Event Log by typing in the first few letters of the log name, application, system, or security. If the l switch is present then the event log name specifies how to interpret the event log file. |
How it Works
Like Win NT/2K's built-in Event Viewer and the Resource Kit's elogdump, PsLogList uses the Event Log API, which is documented in Windows Platform SDK. PsLogList loads message source modules on the system where the event log being viewed resides so that it correctly displays event log messages.
PsTools
PsLogList is part of a growing kit of Sysinternals command-line tools that aid in the adminstration of local and remote Windows NT/2K systems named PsTools.
Click here to Download PsLogList (25KB).
«248» How To Manually Remove And Reinstall A Print Driver
When you uninstall a printer, the print driver is NOT removed from your disk. If you suspect that a printing problem is the result of an old or corrupt print driver, use the following procedure to remove and reinstall it:
1. In Windows XP (NT 5.1), you can remove print drivers by choosing to delete the print driver on the Printers and Faxes / Drivers tab.
2. In Windows 2000 (NT 5.0) and Windows NT 4.0, use the Printers folder to to remove the printer.
3. In Windows NT 3.5x, use Print Manager to remove the printer.
4. Open a CMD prompt and type: net stop spooler.
5. Use the Registry Editor to navigate to:
HKLM\System\CurrentControlSet\Control\Print\Environments\Windows
NT x86\Drivers\Version-x\<printer driver>
where Version-1 is for Windows NT 3.51 drivers
Version-2 is for Windows NT 4.0 drivers
Version-3 is Windows 2000+ drivers
and <printer driver> is the name of the printer you are removing.
6. Record or export the values so you know the names of the files.
7. Select and delete the <printer driver> key.
8. Use Windows Explorer to navigate to %SystemRoot%\System32\Spool\Drivers\<platform>
where <platform> is Intel
MIPS
Alpha
PPC
and the sub-folder is:
w32x86\0 : Intel Windows NT 3.1 printer drivers
w32x86\1 : Intel Windows NT 3.5x printer drivers
w32x86\2 : Intel Windows NT 4.0 printer drivers
w32x86\3 : Intel Windows 2000+ printer drivers
Win40\0 : Windows 95 printer drivers
and delete the driver files.
NOTE: You may wish to delete the printers unidriver files (Rasdd.dll, Pscript.dll, or Plotter.dll).
9. If you cannot delete the files or folder after stopping the spooler service, configure StartUp Type as Disabled and restart the computer. After you delete the objects, configure StartUp Type as Automatic.
10. Shutdown and restart your Windows NT x.xx computer.
11. Install the printer using the Printer folder for Windows NT 4.0+ and Print Manager for Windows NT 3.5x.
«249» A RAM Disk For Windows 2000
On October 3, 2001, Microsoft released Ramdisk.sys Sample Driver for Windows 2000. Go to the Knowledge Base article to obtain a copy of the driver.
To install the driver:
1. Unzip RAMDISK.EXE to a temporary folder.
2. Click on: Start|Settings|Control Panel.
3. Double-click the Add/Remove Hardware applet.
4. Select Add/Troubleshoot a device.
5. Select Add a new device.
6. Select No, I want to select the hardware from a list.
7. Select Other devices.
8. Press Next.
9. Press Have Disk.
10. Browse to the folder (from step 1. above) that contains the Ramdisk.inf file.
11. The system will copy Ramdisk.sys to %Systemroot%\System32\Drivers and load the driver.
12. When prompted to restart, reply NO.
13. Copy/paste the following entries into a file named RAMDISK.REG:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ramdisk\Parameters]
"BreakOnEntry"=dword:00000000
"DebugLevel"=dword:00000000
"DebugComp"=dword:ffffffff
"DiskSize"=dword:01f00000
"DriveLetter"="R:"
"RootDirEntries"=dword:00000200
"SectorsPerCluster"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"TEMP"="R:\\"
"TMP"="R:\\"
[HKEY_CURRENT_USER\Environment]
"TEMP"="R:\\"
"TMP"="R:\\"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache"="R:\\"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Cache"="R:\\"
[HKEY_USERS\.DEFAULT\Environment]
"TEMP"="R:\\"
"TMP"="R:\\"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache"="R:\\"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Cache"="R:\\"
14. Double-click the RAMDISK.REG file to Merge it into the Registry. The keys in the RAMDISK.REG file provide the following functionality:
Parameters - Sets the RAMDISK to drive R: as a 30.9MB partition.
Session Manager\Environment - Sets the System TEMP and TMP environment variables to drive R:.
HKEY_CURRENT_USER\Environment - Sets the current user TEMP and TMP environment variables to drive R:.
Both HKCU Shell Folders - Sets the current user Temporary Internet Files to drive R:.
HKU\.DEFAULT keys - Sets the default user TEMP, TMP and Temporary Internet Files to drive R:.
Prior to Merging the .reg file, modify the appropriate key-values to suit your configuration & objectives.
15. Shutdown and restart Windows 2000.
«250» The MSDN Library
The MSDN Library is an essential resource for developers using Microsoft tools, products, and technologies. It contains a bounty of technical programming information, including sample code, documentation, technical articles, and reference guides.
Want to get the latest MSDN headlines sent to you via e-mail?
Sign up for the MSDN Flash Newsletter.
| ~ Includes previous work and rights from Ted Quantrill's Tip Quarry ~ |
