The Web Local



Microsoft Windows – General


Group Policy


Group Policy supports the management of machines and users in an Active Directory environment.  By

creating and editing Group Policy Objects (GPOs) that contain associated policy settings and linking these

GPO's to groups of machines or users, specific configuration policy settings can be managed from a central

location. In this way, an administrator in an Active Directory environment can granularly apply settings to

potentially thousands of machines or users.


You cannot apply group policy to groups                                             

GPOLIST API called and processes machine settings.  Reads machine policy on DC, SITE, DOMAIN, OU

and MACHINE in that order. (See diagram below)

HKLM\Software\Policies\Microsoft                  New key for group policy application


gpupdate /force Forcefully rereads settings.  Looks for updates GUIDS and removes local cache copies.

secedit /refreshpolicy    Win 2000 Command to forcefully reread policy settings. 



Behavioural Modifiers

Ned gets No Help, No Run and No Control Panel.

Bart gets No Help, No Run and No Logon Button.


Block Inheritance

Bart now gets Help, Run and Logon Button.


No override/Enforce


In Cartoon Town group policy tab select No override

Bart now gets No Help, but gets Run and Logon Button due to Block Inheritance being selected.

Note: - No override only works on the policy applied to.  If you want to enforce must set on all




New user Barney, new group Flanders Users, add Ned to Flanders Users

GPMC – Policy – Security Filtering add Flanders Users

Barney now has Control Panel, Ned doesn’t

Policy applies if member of OU and Group.  You can filter using groups but cannot apply policy.


Disk Management

                                                             WIN 2000 +

            BASIC                                        DYNAMIC

            Partitions Only                           Volumes Only

            4 Primary                                  Use 1MB of storage on each volume to store

            3 Primaries, 1 Extended             Configuration Data

            1 Extended, many logical           NOT on laptops


diskpart                        Command line for managing disks

diskpart>select disk 0

diskpart>select partition 2

diskpart>extend size=100 disk=0


Junction points are links to virtual drives.

Can now extend volumes.  You can extend any directory other than the root directory containing the

boot.ini file. 

Can have spanned and striped volumes.  Cannot do mirroring!!

Disk Management, Select Disk and Right click

Lose 1MB when create new disk all new disks to take into account possible conversion to Dynamic Disk later.



Permissions are the LEAST restrictive of the two.  Bart has Full Control due to the fact that he is a member

of the Simpsons Group; however, the ACL on the file only gives Simpsons Modify so Modify is all Bart


Bart gets Modify overall, Modify from share permissions, Full Control from ACL, hnce Modify is the least



File Permission Inheritance

Move files on same drive          ACL’s stay the same

Copy files on same drive          ACL’s inherit from parent

Move between drives               ACL’s inherit from parent = Copy and delete



Files stored on the server uses Servers resources to uncompress when user accesses them.

Compressions is 4 times

Zipped is about 9 times

Can compress or encrypt, not both.


Secure Web Services


You attempt to set up a connection with a secure web server.  It sends you back a certificate.  Internet

Explorer has inbuilt public keys belonging to all Trusted Certificate Authorities.  Will decrypt Certificate

with embedded Trusted CA Private Key on the fly.  A session is then set up.  If a popup box appears

when trying to negotiate https access you should be wary


NTFS Encryption


XP generates a File Encryption Key (FEK) using 3 DES symmetric keys.  If you encrypt file with Barts

Public Key only Bart can decrypt.  If you also encrypt file with Homers Public Key both can share and

access this file.The Private key is stored in a users profile and encrypted with the users password. 

Should a users profile become corrupted the only way of recovering this file is to use a recovery agent

i.e. Administrator.


efsinfo - Resource Kit Tool tells you who has encrypted file and who it belongs to.


Boot Process

Tools for Recovery

Last Known Good

Boot Disk

Windows File Protection

System Restore



Safe Mode

Recovery Console

Boot Partition Problems

System Partition Problems

Boot Partition Problems

System Partition Problems

Boot Partition Problems

Boot Partition Problems (Shell Console only.)

Boot Partition Problems (Services Load downwards only.)

Boot Partition Problems & System Partition Problems



Profile Editing


regedt32           Load Hive        Navigate to DC            Select User Profile and edit ntuser.dat   Unload afterwards


Recovery Console


Boot from CD

At Welcome to Setup Screen select R

Select Windows directory

Supply Admin Password

Type HELP for list of commands available

All files on cd are compressed and need to be expanded

i.e. expand halaacpi.dll_ d:\

copy d:\halaacpi.dll d:\windows\system32\hal.dll


Note: - Version of XP CD must match OS trying to update files to



Diagnostic utility for changing the environment for 1 boot up only – Excellent for troubleshooting

In startup tab deselect items you do not want to boot

In boot.ini tab select /bootlog which will save the boot information (including errors) to ntbt.log


System Restore


Does not save data just system settings at time of restore.  If you install a .msi product the system will automatically

save a restore point before installing.

Strips out dll and exe files on rollback, leaves a lot of files and directories from previous installations i.e.

Office directory still present alongside 80%ish of files.

Just designed to keep the machine running.

Note: - Don’t restore before a service pack

Found in system volume information folder on root directory under _restore …..

RP0, RP1 to RPn directory numbering structure 

Win XP cd       winnt32 /cmdcons installs to c:\cmdcons




Computer A and C receive IP addresses from the DHCP server.  If the RFC 1542 compliant router was

configured both sides B would also.  DHCP enabled computers not receiving address will assign

themselves a 169.254.x.y address.  This is due to Automatic Private IP addressing (APIPA) scheme.

From Windows 98 R2 DHCP is:


          Discover           Offer    Request            Acknowledge   (DORA)


Software Restrictions


gpedit.msc         Local Computer Policy          Windows Settings         Security Settings          

                                    Software Restrictions             Right Click                   Create New


Select .exe file to restrict or allow – this is done by adding a new hash rule.


You CAN circumvent these rules by using the following workaround:-

Open a command prompt: echo h >> nmap.exe or open file using notepad etc. 

May also get this to work on Windows File Protection Files by amending the SFCDisable numeric in

registry as by default all windows protected files are automatically replaced if corrupted, lost, deleted



Remote Installation Services



Second F12 press triggers TFTP server (UDP 69) which copies down Client Information Wizard (CIW)

Add/Remove programs and add in RIS

Configuration of RIS done in Active Directory

(Active Directory Users and Computers, Right Click, Properties on DC box should have a RIS tab)

Note: - DHCP server needs to be authorised in Active Directory

Note: - RIS server needs to be authorised in Active Directory


RIPREP           Strips out machine uniqueness and then asks for RIS server location and sends it to SIS on

RIS server. This is not a ghost file.  Point to Point installation only so a lot of bandwidth required.  Will not

be able to carry out integration





1          Connection established with Point to Point Protocol

2          Encrypted with Point to Point Tunnelling Protocol (MS Point to Point Encryption)

                                                 Layer 2 Tunnelling Porotocol (IPSEC)

3          Authentication               PAP     Password Authentication Protocol

                                                 SPAP   Sheva Password Authentication Protocol

                                                 CHAP  Challenge Handshake Authentication Protocol

                                                 MSCHAP        MS CHAP       (Reversible Encryption)

                                                 MSCHAPv2                            (Mutual Authentication)

                                                 EAP     Extensible Authentication Protocol


Note: - Least secure PAP to most secure EAP


Applying Security Templates via MMC

Open MMC and load Security Configuration and Analysis snap-in (SCAT)


  • Right click SCAT, create a new database

  • Choose a security template

  • Right click SCAT choose either:

  • Analyse computer against template or

  • Configure computer to template


Sample templates available:      

securews.inf = Increases workstation security

hisecws.inf = Significantly increases workstation security

compatws.inf    = Reduces security settings to allow legacy applications to run


Auto completion – Windows Command Line



CompletionChar: REG_DWORD=9 (DEFAULT=40)


Convert FAT to NTFS


convert c: /fs:ntfs


Disable DHCP MediaSense

Windows contains the "Media Sensing" feature to detect whether a NIC is in a "link state." A "link state"

is when the NIC connecting or inserting itself on the network has a "link" light to indicate the current

connection status. Whenever Windows detects a "down" state on the media, it removes the bound

protocols from that adapter until it is detected as "up" again. There may be situations where you may

not want your network adapter to detect this state, and you can configure this by editing the registry.

To prevent your network adapter from detecting the link state, follow these steps.

1.         Use Registry Editor (Regedt32.exe) to view the following key in the registry:


Add the following registry value:

Value Name: DisableDHCPMediaSense
Data Type: REG_DWORD -Boolean
Value Data Range: 0, 1 (False, True) Default: 0

Description: This parameter controls DHCP Media Sense behavior. If you set this value data to 1,

DHCP, and even non-DHCP, clients ignore Media Sense events from the interface. By default, Media

Sense events trigger the DHCP client to take an action, such as attempting to obtain a lease (when a

connect event occurs), or invalidating the interface and routes (when a disconnect event occurs).


2.         Restart your computer.;en-us;q239924


Enable/ Disable Netbios Null Sessions (Registry)

XP Home/ Windows 2000:



XP Pro:

Admin Tools --> Local Security Policy --> Local Policies --> Security Options


Network Access          Do not allow enumeration of SAM Accounts (Enabled)

Network Access          Do not allow anonymous enumeration of SAM accounts and shares



Windows NT4:



Integrate SP2 to XP


Download the (full) "Network Install" of the Service Pack (English version [266 MB]), and save it

to a directory (folder) on your hard drive i.e. D:\XP_SP2.

Copy your Windows XP CD to your hard drive. i.e to D:\XP-CD).

Open a Command Prompt, and go to the folder where you downloaded SP2 (cd \[FOLDER_NAME]).

Type the command: [SERVICE_PACK][FILENAME] /integrate:[DRIVE]/[PATH].

Windows XP-KB835935-SP2-ENU /integrate:D:\XP-CD.


N.B. Does not work on a Windows 2000 host.