Joshua
09-09-2003, 03:02 PM
I get these in an email list from time to time:
-----------------------
Q. How can I determine which ports a specific process is using on
Windows XP and later?
A. If you want to find out which ports a process is using and you know
the process name, you must first determine the process identifier
(PID). For example, to identify the PID for the pop3svc.exe process
running on my system, I went to the command prompt and typed
c:\> tasklist /fi "IMAGENAME eq pop3svc.exe"
This command returned the following information:
Image Name PID Session Name Session# Mem Usage
POP3Svc.exe 3044 RDP-Tcp#9 0 2,072 K
The second column shows the PID, which I can then use with the Netstat
command to search all in-use ports. For example, if I type
c:\> netstat -ano | findstr 3044
my system returns the following information:
TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 3044
This result shows that the POP3 service was using TCP port 110 on all
addresses.
You can also perform a reverse operation to find out which process is
associated with a port. For example, to identify which process is
using port 25, I could go to the command prompt and type
c:\> netstat -ano | findstr :25
On my system, this command returns the following information:
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 2500
After I identify the process (in this case, 2500), I can determine the
process name by typing
c:\> tasklist /fi "PID eq 2500"
which returns the following information on my system:
Image Name PID Session Name Session# Mem Usage
inetinfo.exe 2500 RDP-Tcp#9 0 5,584 K
This information tells me that port 25 is being used by the
inetinfo.exe process.
--------------------
Q. Why can't I see any system updates when I access Windows Update
after I perform a clean OS installation?
A. If no updates are available from the Windows Update Web site, the
problem probably relates to the user not having defined a language for
use in Microsoft Internet Explorer (IE). To resolve this problem,
perform the following steps:
1. Start IE.
2. From the Tools menu, select Internet Options.
3. Select the General tab, then click Languages.
4. If no languages are listed, click Add.
5. Select your language from the displayed list, then click OK.
6. Click OK to close the Language Preference dialog box, then click
OK to close the Internet Options dialog box.
You should now be able to see updates on the Windows Update Web site
at http://windowsupdate.microsoft.com .
--------------------
Q. When I use a limited user account in Windows XP to run a program
that wasn't written for XP, I experience problems. What's causing
these problems?
A. When you use a limited account, you might encounter any of the
following problems:
- The program doesn't run.
- The program hangs.
- You receive notification of runtime error 7 or runtime error
3446.
- The program doesn't recognize that a CD-ROM is in the CD-ROM
drive.
- The program doesn't let you save, open, or edit files.
- The program displays a blank error message.
- You can't remove the program.
- You can't open the Help file.
These problems occur because the limited user account prevents certain
functions from executing. To resolve this problem, contact the program
manufacturer for an updated XP version of the program. As a
workaround, you can use an Administrator account to run the program by
performing the following steps:
1. Right-click the program shortcut, then select Properties.
2. From the Shortcut tab, click Advanced.
3. Select the "Run with different credentials" check box, then
click OK.
4. Click OK to close the Properties dialog box.
Now, when you execute the program shortcut, XP will prompt you to
enter the user context in which you want to run the program. Select
"The following user" and specify a nonlimited account.
--------------------
Q. How can I perform a batch action on a list of files from the
command line?
A. You can use the built-in For command to loop through a list of
files. If you type the command
for /f "tokens=*" %a in ('dir /b *.*') do echo %a
the command outputs only the name of each file in the current folder,
which the 'dir /b *.*' component can do all by itself. However, you
can edit the "do" portion of the command to perform a secondary task.
For example, you can add the name of a batch file and the %a parameter
to call the batch file on each .msg file:
for /f "tokens=*" %a in ('dir /b *.msg') do datetime.bat %a
In addition to outputting the name of each file in the specified
folder, this command adds the current date and time to the end of each
.msg filename. If you use the command in a batch file, you need to add
two percent (%) signs instead of one to access the parameters. For
example, if you incorporate the above command into a batch file, you
would type it as
for /f "tokens=*" %%a in ('dir /b *.msg') do datetime.bat %%a
--------------------
Q. How can I move the Active Directory (AD) Global Catalog (GC) to
another domain controller (DC)?
A. You don't actually move the GC between servers. Instead, you simply
enable the GC on a new server, then disable the current GC. I explain
how to configure a new server as a GC in the FAQ "How do I configure a
server as a Global Catalog?" (
http://www.windows2000faq.com/articles/index.cfm?articleid=13375 ).
Keep in mind that if you already have one GC in the domain, you won't
want to disable that GC until after your new one has received all the
existing GC content. You can check this progress by using Windows NT
Event Viewer to view the Directory Services log. Specifically, you'll
want to look for event ID 1119, which tells you that the new server is
now advertising itself as a GC server. Before event ID 1119 appears,
you should see event ID 1110, which is the new server advising you of
a delay (typically 5 minutes) before the new server will start
advertising.
In summary, enabling a new GC is a three-step process:
1. Enable the GC on the new server (open the Microsoft Management
Console--MMC--Active Directory Sites and Services snap-in, navigate to
Sites, select the name of the site that will contain the new GC
server, navigate to Servers, select and expand the name of the new GC
server, right-click NTDS Settings in the left-hand pane, select
Properties, then select the Global Catalog check box).
2. Wait until event ID 1119 appears in the new GC Directory
Services event log.
3. Disable the GC on the old server (in the Active Directory Sites
and Services snap-in, navigate to Sites, select the name of the site
containing the old GC server, select and expand the name of the old GC
server, right-click NTDS Settings in the left-hand pane, select
Properties, then clear the Global Catalog check box).
If you add or remove GCs and you use Microsoft Exchange Server, you
must reboot the Exchange servers to let them update the DSAccess
topology report and begin using the new GCs--otherwise Exchange won't
discover the GCs and use them for DSAccess. To create its AD topology
view, DSAccess
1. calls the Directory Service (DS) Locator service
2. retrieves a list of all DCs and GCs from the local AD site
3. contacts each server in the list
4. caches as many as 10 active DCs and 10 active GCs
5. reorders the active-GC list so that domain-local GCs are at the
top of the list
6. uses the cached DC and GC server list on a simple round-robin
basis for global information lookups.
--------------------
Q. How can I let users log on to the domain when they can't contact
the Global Catalog (GC)?
A. When a native-mode user logs on to the domain, a GC checks for
Universal group memberships. If the user can't contact a GC, the logon
will fail. To let users log on even though they can't contact the GC,
perform the following steps on the servers that service the client
logons:
1. Start a registry editor (e.g., regedit.exe) on each domain
controller (DC).
2. Navigate to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
registry subkey.
3. From the Edit menu, select New, Key.
4. Enter the name IgnoreGCFailures, then press Enter.
5. Close the registry editor.
6. Restart the DC.
Be aware that performing these steps can cause security problems. For
example, imagine that you're a member of the Universal group that's
denied access to a particular network resource. If your system can't
contact the GC when you log on, your user token won't have the SID of
the Universal group. In that case, you might be able to access the
denied resource just as if you weren't a member of the Universal
group.
--------------------
Q. How can I configure Windows Server 2003 domain controllers (DCs) to
cache Universal group memberships?
A. During a native-mode domain logon, the logon process reads the
Universal group membership from the Global Catalog (GC). You can cache
these memberships locally on the DC by performing the following steps:
1. Start the Microsoft Management Console (MMC) Active Directory
Sites and Services snap-in (go to Start, Programs, Administrative
Tools, and click "Active Directory Sites and Services").
2. Select the site for which you want to enable caching.
3. Right-click NTDS Site Settings, then click Properties.
4. Select the Enable Universal Group Membership Caching check box,
then click OK.
Windows 2003 will populate the cache the first time the user logs on
and use that cache for future logons. The system will refresh the
cache periodically.
-----------------------
Q. How can I determine which ports a specific process is using on
Windows XP and later?
A. If you want to find out which ports a process is using and you know
the process name, you must first determine the process identifier
(PID). For example, to identify the PID for the pop3svc.exe process
running on my system, I went to the command prompt and typed
c:\> tasklist /fi "IMAGENAME eq pop3svc.exe"
This command returned the following information:
Image Name PID Session Name Session# Mem Usage
POP3Svc.exe 3044 RDP-Tcp#9 0 2,072 K
The second column shows the PID, which I can then use with the Netstat
command to search all in-use ports. For example, if I type
c:\> netstat -ano | findstr 3044
my system returns the following information:
TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 3044
This result shows that the POP3 service was using TCP port 110 on all
addresses.
You can also perform a reverse operation to find out which process is
associated with a port. For example, to identify which process is
using port 25, I could go to the command prompt and type
c:\> netstat -ano | findstr :25
On my system, this command returns the following information:
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 2500
After I identify the process (in this case, 2500), I can determine the
process name by typing
c:\> tasklist /fi "PID eq 2500"
which returns the following information on my system:
Image Name PID Session Name Session# Mem Usage
inetinfo.exe 2500 RDP-Tcp#9 0 5,584 K
This information tells me that port 25 is being used by the
inetinfo.exe process.
--------------------
Q. Why can't I see any system updates when I access Windows Update
after I perform a clean OS installation?
A. If no updates are available from the Windows Update Web site, the
problem probably relates to the user not having defined a language for
use in Microsoft Internet Explorer (IE). To resolve this problem,
perform the following steps:
1. Start IE.
2. From the Tools menu, select Internet Options.
3. Select the General tab, then click Languages.
4. If no languages are listed, click Add.
5. Select your language from the displayed list, then click OK.
6. Click OK to close the Language Preference dialog box, then click
OK to close the Internet Options dialog box.
You should now be able to see updates on the Windows Update Web site
at http://windowsupdate.microsoft.com .
--------------------
Q. When I use a limited user account in Windows XP to run a program
that wasn't written for XP, I experience problems. What's causing
these problems?
A. When you use a limited account, you might encounter any of the
following problems:
- The program doesn't run.
- The program hangs.
- You receive notification of runtime error 7 or runtime error
3446.
- The program doesn't recognize that a CD-ROM is in the CD-ROM
drive.
- The program doesn't let you save, open, or edit files.
- The program displays a blank error message.
- You can't remove the program.
- You can't open the Help file.
These problems occur because the limited user account prevents certain
functions from executing. To resolve this problem, contact the program
manufacturer for an updated XP version of the program. As a
workaround, you can use an Administrator account to run the program by
performing the following steps:
1. Right-click the program shortcut, then select Properties.
2. From the Shortcut tab, click Advanced.
3. Select the "Run with different credentials" check box, then
click OK.
4. Click OK to close the Properties dialog box.
Now, when you execute the program shortcut, XP will prompt you to
enter the user context in which you want to run the program. Select
"The following user" and specify a nonlimited account.
--------------------
Q. How can I perform a batch action on a list of files from the
command line?
A. You can use the built-in For command to loop through a list of
files. If you type the command
for /f "tokens=*" %a in ('dir /b *.*') do echo %a
the command outputs only the name of each file in the current folder,
which the 'dir /b *.*' component can do all by itself. However, you
can edit the "do" portion of the command to perform a secondary task.
For example, you can add the name of a batch file and the %a parameter
to call the batch file on each .msg file:
for /f "tokens=*" %a in ('dir /b *.msg') do datetime.bat %a
In addition to outputting the name of each file in the specified
folder, this command adds the current date and time to the end of each
.msg filename. If you use the command in a batch file, you need to add
two percent (%) signs instead of one to access the parameters. For
example, if you incorporate the above command into a batch file, you
would type it as
for /f "tokens=*" %%a in ('dir /b *.msg') do datetime.bat %%a
--------------------
Q. How can I move the Active Directory (AD) Global Catalog (GC) to
another domain controller (DC)?
A. You don't actually move the GC between servers. Instead, you simply
enable the GC on a new server, then disable the current GC. I explain
how to configure a new server as a GC in the FAQ "How do I configure a
server as a Global Catalog?" (
http://www.windows2000faq.com/articles/index.cfm?articleid=13375 ).
Keep in mind that if you already have one GC in the domain, you won't
want to disable that GC until after your new one has received all the
existing GC content. You can check this progress by using Windows NT
Event Viewer to view the Directory Services log. Specifically, you'll
want to look for event ID 1119, which tells you that the new server is
now advertising itself as a GC server. Before event ID 1119 appears,
you should see event ID 1110, which is the new server advising you of
a delay (typically 5 minutes) before the new server will start
advertising.
In summary, enabling a new GC is a three-step process:
1. Enable the GC on the new server (open the Microsoft Management
Console--MMC--Active Directory Sites and Services snap-in, navigate to
Sites, select the name of the site that will contain the new GC
server, navigate to Servers, select and expand the name of the new GC
server, right-click NTDS Settings in the left-hand pane, select
Properties, then select the Global Catalog check box).
2. Wait until event ID 1119 appears in the new GC Directory
Services event log.
3. Disable the GC on the old server (in the Active Directory Sites
and Services snap-in, navigate to Sites, select the name of the site
containing the old GC server, select and expand the name of the old GC
server, right-click NTDS Settings in the left-hand pane, select
Properties, then clear the Global Catalog check box).
If you add or remove GCs and you use Microsoft Exchange Server, you
must reboot the Exchange servers to let them update the DSAccess
topology report and begin using the new GCs--otherwise Exchange won't
discover the GCs and use them for DSAccess. To create its AD topology
view, DSAccess
1. calls the Directory Service (DS) Locator service
2. retrieves a list of all DCs and GCs from the local AD site
3. contacts each server in the list
4. caches as many as 10 active DCs and 10 active GCs
5. reorders the active-GC list so that domain-local GCs are at the
top of the list
6. uses the cached DC and GC server list on a simple round-robin
basis for global information lookups.
--------------------
Q. How can I let users log on to the domain when they can't contact
the Global Catalog (GC)?
A. When a native-mode user logs on to the domain, a GC checks for
Universal group memberships. If the user can't contact a GC, the logon
will fail. To let users log on even though they can't contact the GC,
perform the following steps on the servers that service the client
logons:
1. Start a registry editor (e.g., regedit.exe) on each domain
controller (DC).
2. Navigate to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
registry subkey.
3. From the Edit menu, select New, Key.
4. Enter the name IgnoreGCFailures, then press Enter.
5. Close the registry editor.
6. Restart the DC.
Be aware that performing these steps can cause security problems. For
example, imagine that you're a member of the Universal group that's
denied access to a particular network resource. If your system can't
contact the GC when you log on, your user token won't have the SID of
the Universal group. In that case, you might be able to access the
denied resource just as if you weren't a member of the Universal
group.
--------------------
Q. How can I configure Windows Server 2003 domain controllers (DCs) to
cache Universal group memberships?
A. During a native-mode domain logon, the logon process reads the
Universal group membership from the Global Catalog (GC). You can cache
these memberships locally on the DC by performing the following steps:
1. Start the Microsoft Management Console (MMC) Active Directory
Sites and Services snap-in (go to Start, Programs, Administrative
Tools, and click "Active Directory Sites and Services").
2. Select the site for which you want to enable caching.
3. Right-click NTDS Site Settings, then click Properties.
4. Select the Enable Universal Group Membership Caching check box,
then click OK.
Windows 2003 will populate the cache the first time the user logs on
and use that cache for future logons. The system will refresh the
cache periodically.