Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country


Everything posted by dirtyepic

  1. just thought i'd mention, Adobe Reader Speedup disables WISPTIS.exe from loading when Reader starts. Maybe an email to the developer would shed some light on things. (http://www.tnk-bootblock.co.uk/prods/misc/)
  2. there are reg entries that control the color and size of the cmd window. i'm not sure what they are anymore though. i use Tune-Up Utilities 2004 and i just do it from there now. (white on navy blue like WordPerfect 5.1 ;D)
  3. (sorry bout the formatting) edit: forgot to mention, this info applies to XP and Server 2003. i don't know what the results would be for other versions of Windows, so use at your own risk. Here's an easy way to manage a bunch of useful networking and security settings without having to go digging through your registry whenever you want to adjust something. This information comes via Microsoft's Threats and Countermeasures security guide: [ http://www.microsoft.com/technet/Security/...cg/tcgch10.mspx ] This method gives you easy access to the following keys: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ EnableICMPRedirect SynAttackProtect EnableDeadGWDetect EnablePMTUDiscovery KeepAliveTime DisableIPSourceRouting TcpMaxConnectResponseRetransmissions TcpMaxDataRetransmissions PerformRouterDiscovery TCPMaxPortsExhausted HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD\Parameters\ DynamicBacklogGrowthDelta EnableDynamicBacklog MinimumDynamicBacklog MaximumDynamicBacklog HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\ NoNameReleaseOnDemand HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\ NtfsDisable8dot3NameCreation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDriveTypeAutoRun HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ ScreenSaverGracePeriod HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\Eventlog\Security\ WarningLevel HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\Session Manager\ SafeDllSearchMode Instructions 1. Navigate to your %systemroot%\inf folder (eg. c:\windows\inf) 2. Open sceregvl.inf in notepad. 3. Navigate to the bottom of the [Register Registry Values] section and copy the following text into the file: ;================================ MSS Values ================================ MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect,4,%EnableICMPRedirect%,0 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect,4,%SynAttackProtect%,3,0|%SynAttackProtect0%,1|%SynAttackProtect1% MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect,4,%EnableDeadGWDetect%,0 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery,4,%EnablePMTUDiscovery%,0 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime,4,%KeepAliveTime%,3,150000|%KeepAliveTime0%,300000|%KeepAliveTime1%,600000|%KeepAliveTime2%,1200000|%KeepAliveTime3%,2400000|%KeepAliveTime4%,3600000|%KeepAliveTime5%,7200000|%KeepAliveTime6% MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting,4,%DisableIPSourceRouting%,3,0|%DisableIPSourceRouting0%,1|%DisableIPSourceRouting1%,2|%DisableIPSourceRouting2% MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions,4,%TcpMaxConnectResponseRetransmissions%,3,0|%TcpMaxConnectResponseRetransmissions0%,1|%TcpMaxConnectResponseRetransmissions1%,2|%TcpMaxConnectResponseRetransmissions2%,3|%TcpMaxConnectResponseRetransmissions3% MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions,4,%TcpMaxDataRetransmissions%,1 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery,4,%PerformRouterDiscovery%,0 MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxPortsExhausted,4,%TCPMaxPortsExhausted%,1 MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand,4,%NoNameReleaseOnDemand%,0 MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation,4,%NtfsDisable8dot3NameCreation%,0 MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun,4,%NoDriveTypeAutoRun%,3,0|%NoDriveTypeAutoRun0%,255|%NoDriveTypeAutoRun1% MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel,4,%WarningLevel%,3,50|%WarningLevel0%,60|%WarningLevel1%,70|%WarningLevel2%,80|%WarningLevel3%,90|%WarningLevel4% MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod,4,%ScreenSaverGracePeriod%,1 MACHINE\System\CurrentControlSet\Services\AFD\Parameters\DynamicBacklogGrowthDelta,4,%DynamicBacklogGrowthDelta%,1 MACHINE\System\CurrentControlSet\Services\AFD\Parameters\EnableDynamicBacklog,4,%EnableDynamicBacklog%,0 MACHINE\System\CurrentControlSet\Services\AFD\Parameters\MinimumDynamicBacklog,4,%MinimumDynamicBacklog%,1 MACHINE\System\CurrentControlSet\Services\AFD\Parameters\MaximumDynamicBacklog,4,%MaximumDynamicBacklog%,3,10000|%MaximumDynamicBacklog0%,15000|%MaximumDynamicBacklog1%,20000|%MaximumDynamicBacklog2%,40000|%MaximumDynamicBacklog3%,80000|%MaximumDynamicBacklog4%,160000|%MaximumDynamicBacklog5% MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode,4,%SafeDllSearchMode%,0 (note that every line above should start w/ MACHINE. if the text gets wrapped, make sure you fix it after pasting it.) 4. Navigate to the bottom of the [strings] section and copy the following text into the file: ;================================ MSS Settings ================================ EnableICMPRedirect = "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" SynAttackProtect = "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" SynAttackProtect0 = "No additional protection, use default settings" SynAttackProtect1 = "Connections time out sooner if a SYN attack is detected" EnableDeadGWDetect = "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" EnablePMTUDiscovery = "MSS: (EnablePMTUDiscovery ) Allow automatic detection of MTU size (possible DoS by an attacker using a small MTU)" KeepAliveTime = "MSS: How often keep-alive packets are sent in milliseconds" KeepAliveTime0 ="150000 or 2.5 minutes" KeepAliveTime1 ="300000 or 5 minutes (recommended)" KeepAliveTime2 ="600000 or 10 minutes" KeepAliveTime3 ="1200000 or 20 minutes" KeepAliveTime4 ="2400000 or 40 minutes" KeepAliveTime5 ="3600000 or 1 hour" KeepAliveTime6 ="7200000 or 2 hours (default value)" DisableIPSourceRouting = "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" DisableIPSourceRouting0 = "No additional protection, source routed packets are allowed" DisableIPSourceRouting1 = "Medium, source routed packets ignored when IP forwarding is enabled" DisableIPSourceRouting2 = "Highest protection, source routing is completely disabled" TcpMaxConnectResponseRetransmissions = "MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" TcpMaxConnectResponseRetransmissions0 = "No retransmission, half-open connections dropped after 3 seconds" TcpMaxConnectResponseRetransmissions1 = "3 seconds, half-open connections dropped after 9 seconds" TcpMaxConnectResponseRetransmissions2 = "3 & 6 seconds, half-open connections dropped after 21 seconds" TcpMaxConnectResponseRetransmissions3 = "3, 6, & 9 seconds, half-open connections dropped after 45 seconds" TcpMaxDataRetransmissions = "MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" PerformRouterDiscovery = "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" TCPMaxPortsExhausted = "MSS: (TCPMaxPortsExhausted) How many dropped connect requests to initiate SYN attack protection (5 is recommended)" NoNameReleaseOnDemand = "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" NtfsDisable8dot3NameCreation = "MSS: Enable the computer to stop generating 8.3 style filenames" NoDriveTypeAutoRun = "MSS: Disable Autorun for all drives" NoDriveTypeAutoRun0 = "Null, allow Autorun" NoDriveTypeAutoRun1 = "255, disable Autorun for all drives" WarningLevel = "MSS: Percentage threshold for the security event log at which the system will generate a warning" WarningLevel0 = "50%" WarningLevel1 = "60%" WarningLevel2 = "70%" WarningLevel3 = "80%" WarningLevel4 = "90%" ScreenSaverGracePeriod = "MSS: The time in seconds before the screen saver grace period expires (0 recommended)" DynamicBacklogGrowthDelta = "MSS: (AFD DynamicBacklogGrowthDelta) Number of connections to create when additional connections are necessary for Winsock applications (10 recommended)" EnableDynamicBacklog = "MSS: (AFD EnableDynamicBacklog) Enable dynamic backlog for Winsock applications (recommended)" MinimumDynamicBacklog = "MSS: (AFD MinimumDynamicBacklog) Minimum number of free connections for Winsock applications (20 recommended for systems under attack, 10 otherwise)" MaximumDynamicBacklog = "MSS: (AFD MaximumDynamicBacklog) Maximum number of 'quasi-free' connections for Winsock applications" MaximumDynamicBacklog0 = "10000" MaximumDynamicBacklog1 = "15000" MaximumDynamicBacklog2 = "20000 (recommended)" MaximumDynamicBacklog3 = "40000" MaximumDynamicBacklog4 = "80000" MaximumDynamicBacklog5 = "160000" SafeDllSearchMode = "MSS: Enable Safe DLL search mode (recommended)" (ditto.) 5. Save sceregvl.inf and close notepad. 6. Start -> cmd. Type regsvr32 scecli.dll. 7. Open the Local Security Policy console in Administrative Tools. Browse to Local Policies -> Security Options. You'll now see a selection of "MSS" policies you can set. B) For more information on each setting, the recommended values, and detailed info on the vulnerabilities and countermeasures for each key, check out [ http://www.microsoft.com/technet/Security/...cg/tcgch10.mspx ]. It's written for the Enterprise IT tech or network administrator in mind, but you can still use a lot of the info provided.
  4. Registry Myths #2 - Setting the L2 Cache Size Sample misinformation: The Reality: I don't know how this one even manages to survive. I guess it's another perfect example of the lasting power of rumor. There you have it. Unless you're reading this from a Pentium I, the L2 cache tweak is going to do you more harm then good.
  5. this is from ref.chm from the SP2 deployment package: maybe that's what's happening? PS the only values used for [Display] are BitsPerPel, Vrefresh, Xresolution, and Yresolution. and to create cab files use makecab, it's included in windows. try a google or makecab /?
  6. actually, scratch that. the numbering is right, but the command isn't. the >> *.log is what's screwing it up. take those off or put them inside the /f's /f is a switch of REG. the command your adding has to go: REG ADD [key] /V [value] /D [data] /f so.. REG ADD %KEY%\015 /VE /D "Alcohol 120%" /f REG ADD %KEY%\015 /v 1 /D "%systemdrive%\install\Applications\Alcohol\setup.exe /qn >> %windir%\apps.log" /f is the way to do it. if you need to have a title in your log do: REG ADD %KEY%\015 /VE /D "Alcohol 120%" /f REG ADD %KEY%\015 /V 1 /D "echo \"Alcohol 120%\" >> %windir%\apps.log" /f REG ADD %KEY%\015 /V 2 /D "%systemdrive%\install\Applications\Alcohol\setup.exe /qn >> %windir%\apps.log" /f you can't >> a line of text, ">>" captures output of a command. so use "echo \"Whatever\" >> app.log"
  7. wrong. you are correct. ... REG ADD %KEY%\015 /VE /D "Alcohol 120%" /f >> %windir%\apps.log REG ADD %KEY%\015 /v 1 /D "%systemdrive%\install\Applications\Alcohol\setup.exe /qn" /f >> %windir%\apps.log is the way to do it.
  8. Hello. Does seeing "EnablePrefetcher"=dword:5 make you go like this -> ? When someone happens to mention setting AdditionalCriticalWorkerThreads to 100, do you have an urge to beat that person about the head yelling "THE MAXIMUM IS SIXTEEN YOU $@%#& MORON!"? If this describes you, then you should really seek the attention of a certified psychologist. But for anyone who hates registry myths, regardless of sanity, this thread is for you. Registry Myths #1: IoPageLockLimit sample misinformation: Anyone who has done any kind of registry tweaking has seen IoPageLockLimit. It's all over the net, from Winguides, to Pure Performance, to Kelly's Korner, to TechSpot, to even Ars Technica. It's in every tweaking program you've ever used and most you haven't. Even the hallowed Expert's Exchange endorses this registry entry, although no one seems to be able to agree on exactly what format the values are supposed to be in. What if I told you that this registry entry does absolutely jack? In fact, it isn't even read by the OS, or any other function of the system. Wait a minute, you say. If this registry entry is bunk, then explain this: http://www.microsoft.com/windows2000/techi...entry/29932.asp Big Daddy MS itself says this thing works. So what do you say to that, Mr. Fancypants? I say yes, you're right, it's true. In Windows 2000 RTM it was a real and valid setting. However, starting with W2000 SP1 and continuing with every subsequent release from 2K to XP to Server 2003 and everything in between, there is no reference to this registry value. In fact, in Windows XP and Windows Server 2003, the I/O Page Lock Limit is locked to 64mb. Full credit for discovering this registry myth goes to Windows 2000 Power Users (www.Win2KPowerUsers.com).
  9. http://www.msfn.org/board/index.php?showforum=19
  10. "SP2 limits the number of simultaneous incomplete outbound TCP connection attempts" " but aren;t u talking about the TCP/IP limitation??"
  11. i guess you could open Device Manager and check Show Hidden Devices. open the Non-PnP Drivers bit and see what you're not using.
  12. yes i think i have it all straightened out now. thanks both of you for your ideas.
  13. let me see if i'm understanding this. in the first method, he creates a new user, then sets everything up the way he wants. these settings are saved in NTUSER.DAT plus some important bits from the profile tree, which is copied to $OEM$\$DOCS\Default User etc. etc. in the second method, you open NTUSER.DAT and edit the settings in regedit til you get them how you want them. so excuse my newbness, but what's the difference? and also, in the second method once you have your custom ntuser.dat, what do you do with it? put it in $OEM$\$Docs\Default User ?
  14. sure it does. i install unsigned cmedia drivers during my SP2 uA and it doesn't give me any problem. [Unattended] ComputerType = "Standard PC", Retail UnattendMode=FullUnattended OemSkipEula=Yes OemPreinstall=Yes TargetPath=\Windows UnattendSwitch = Yes FileSystem = * WaitForReboot = No DriverSigningPolicy = Ignore Hibernation = No OemPnPDriversPath="Drivers\8338wdm536"
  15. so i just made up a new install with the regkey above included. it looks to me like that does the job. perflib is the library or database that all these counters report to i guess, so turn it off and the counters go as well. i did find out that while performance tracking is enabled by default, performance monitoring isn't; meaning while the counters are always reading the data, they're not storing it anywhere. if you activate a monitor in the Performance tool or another monitoring program, then it starts logging the info for you. so yes, they are separate, and the Perflib key above disables all counters. and just to confuse you some more, if you check in that exctrlst.exe tool posted above to see what counters are active, it will still show them as being enabled. this is because it only checks to see if there's a Disable key set in each service's registry entry [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\<ServiceName>\Performance]. but we didn't touch those keys and instead just disabled the whole system so it still reports back as being on. (just like for example when you disable the Indexing Service your drive properties window will still have Allow Indexing Service... checked). i think i'm just going to forget about this whole thing and instead focus my attention on something a little less complicated like quantum physics or world domination. oh yeah, something else i stumbled across. if you want to see exactly how many of these counters there are, check out c:\windows\system32\PerfStringBackup.ini
  16. hehe thanks alanoll. i suggest we move it to slashdot. ok, what about either Windows Tips 'n' Tweaks or Windows XP?
  17. can anyone suggest a good file/directory comparison utility? i want to see side by side exactly what changes a program is making to a directory - what files are added or removed, if a file is modified exactly what the modifications are, etc etc. the ability to revert the changed directory to original would be a bonus but isn't required. it has to handle subdirectories as well, about 20 or more levels. also it has to be able to handle files inside zip's and cab's. searching google brings up a lot of junk software, and i don't know what's good or not. thanks.
  18. that should do it. i found this as well: "applications such as" makes me think they're two seperate things, so maybe i was wrong about disabling the PL&A service being the same thing. it sounds like they would continue to log data. i think i'm wandering off into the unknown myself here. anyways this thread is getting way off-topic so i won't babble on about it anymore.
  19. @Jeremy found it: http://www.jsiinc.com/SUBP/tip7800/rh7815.htm http://www.microsoft.com/downloads/details...&displaylang=en @All more performance counter info than you'll ever need: http://labmice.techtarget.com/troubleshooting/PerfMon.htm http://www.microsoft.com/resources/documen...t6/proch27.mspx http://snakefoot.fateback.com/tweak/winnt/tweak.html (#15) http://forums1.itrc.hp.com/service/forums/...&threadId=45322 @ Jeronimo that's what i gather, but i'm still a little fuzzy on what does what. to me it seems that the performance counters process and record the raw data and the log/alert displays that data in a form that you can monitor over time. also it can be setup to send you an Administrative Alert if anything goes wonky. what i'm hazy on is whether they're independant of eachother or not, or if the logs are disabled, do the counters still process the raw info? probably not, but i'm just going to disable both and get some sleep.
  20. @puntoMX it's in Administrative Tools -> Performance the counters do just that - they count. they just record statistical data. they don't make any adjustments to your settings, just provide the information so you can make an informed decision on how to adjust your system yourself and see what results each change makes. apparently this is really useful for finding bottlenecks or diagnosing problems. i don't use it myself as most of the info is over my head but i've come across several pages explaining how it can be used to optimize your system. ever disable the Performance Logs and Alerts service? this is the exact same thing. i've never had problems with it off. @Jeremy event log i like to keep running. i don't use it very often at all, but when need it i'm glad it's there. i don't think they're too massive. you're not going to get a huge jump in performance since all it's really doing is reading values. but if you're not using it anyways, it won't hurt to disable it. this has something to do with services (1st error msg) or programs (2nd msg) that don't properly close the registry when they exit (like how sometimes you can't delete a avi or folder because it's "in use" even though you have nothing running). it's a known problem and ms has put out a "patch" you can download. it's actually a small service that sits in the background and watches for reg entries that are open but the app that opened them is not longer running, and closes them. i can't remember what it was called, but i'll have a look for it in about 20 min or so. (smoke break) i know it had HIVE in the name. if you happen to have the Event ID of the error msgs, you should be able to look it up no problem.
  21. ah okay: guess i'm not so special after all
  22. nice idea! it would take some doing though. i'm not sure how extensions/mods work in Invision. and just to go the other way, i think it would be better if the search DIDN'T search code boxes. ever try searching for more information on on a certain heading or option? eg. you want to know what 'UnattendSwitch' or 'RA_AllowFullControl' does in winnt.sif. the search brings up each and every post where someone has happened to paste their script for whatever reason. it's impossible to find anything. but searching in the code does have many advantages as well. maybe an option to include/exclude code boxes on the search page could give ppl the best of both worlds?
  23. well, that sure is news to me. maybe it works because i didn't know it's not supposed to. seriously though, i've had 3 oem logos, all 180x114. two worked fine and the other was cropped like that KB page describes. *shrug*

  • Create New...