Mr Snrub

For simplicity, security and resilience just use the defaults (system drive, NTFS format) and make regular backups of your documents. There are those who argue that having the OS, applications and data on separate partitions is actually worse for performance because the hard drive head has to move further between random reads for uncached data. (Writes are handled by the Cache Manager in Windows so shouldn't suffer quite so much, depending on the how the application flushes.) If there is an application or hotfix which expects your profile to be on the system partition (for whatever reason) it could be very difficult to understand why it crashes or fails to install. Also, between OS installs your user SIDs will not be consistent so holding My Documents on a separate partition means you need to take ownership (unless you are in a domain). Any advice to install Windows on a FATxx system is bad advice IMO - probably from the same people recommending disabling Windows Firewall or not installing SP2 or AV. I doubt you could observe any significant real world (not synthetic benchmark) performance difference between FAT and NTFS. NTFS security has to do with restricting access to files and data on a per-user basis, and nothing to do with detecting viruses or malware (this is the realm of 3rd party software and/or limiting user access by not being logged in as an administrator). Win9x has only FAT and neither has a concept of different users - so dad's accounts files are visible to his kids, along with his "not for kids" pictures - a user is a user is a user.

MSINFO32 is present on XP, XP x64 and 2003 and can be called directly from Start / Run.It does not, by default, work from a command prompt as it resides in "%programfiles%\Common Files\Microsoft Shared\MSInfo". The MPS reporting tools used at Microsoft call MSInfo32.exe when gathering system information on any version of Windows. If the machines are in a domain then doesn't the computer object store the OS version reported when the computer last booted up?

I don't believe AD supports it, and with good reason: Novell's Directory Service supports that, and it causes a huge amount of problems - if a client machine hangs, or the user logoff event does not occur correctly, or if a machine is hibernated... how does the DS as a whole know that the user should be able to logon elsewhere? What happens if you have a replication problem between your authentication servers, so one thinks a user is logged on, where another does not? Unlocking user accounts is something that you have to do a lot with NDS because of this. Edit: So I was right and wrong AD doesn't natively support it, you have to extend the schema and use a bolt-on product on IIS. I still don't like the concept of it though, it's too flawed (easy to bypass, easy to break, possibly without even being aware).

I assume as you are talking Windows 2003 that you are using a Terminal Services connection to the server, so an admin logged onto the server can view the processes for all users? And you want to waste company time by playing games on the server, but not let your boss know... but where does the "joke" come into it? I would agree with jondercik, you appear to be asking about applying rootkit practice to servers for the purposes of your own entertainment - play games at home on your own time.

Securing the server isn't so much of an issue and my main concern - a lot of issues come about from attacks aimed at the HTTP port on server anyway, so the server still has to take the hit of working out who has access to what and not falling over if it encounters something nasty. My issue is with the "other" junk flying around, and the fact that the server is going to be consuming resources handling filtering the traffic for ports other than that aimed at the port it actually runs a public service on. I'm not talking about basic SYN floods, but more complex DDoS-style attacks which if the server has to handle would be guaranteed to impact its performance. But then, we live in a world where people put SQL servers directly on the Internet without protection too - and that I can't fathom at all :/ I guess my expectations may be a little high as I built a hosting solution a few years ago for a bank...

A hosting provider that gave that level of "service" I would kick into touch - I would consider my payment to them to offload the networking overhead (admin, bandwidth and redundant connectivity).If they attempted to extend the service by adding a second NIC and configuring it in a way that doesn't work then that would shatter my faith in them. To also allow direct connections with the servers from the Internet, having public IPs on the servers themselves is just plain nuts - "carrier class" firewalls with many interfaces can cope with Internet-speed and throughput traffic and have high availability, offloading the issue of securing every single server against (typically DDoS) attacks.

The best solution is to have a collection of PRIVATE IP addresses on the ONE subnet on the IIS server, one per site, then use a perimeter firewall to NAT the private IP addresses to public IP addresses. Then your server has 1 default gateway, needs only 1 NIC and has no issues with multiple SSL-enabled sites. Move the networking problem to the perimeter, make it someone else's problem, and do not connect servers onto the Internet directly. A server should never, ever required a public IP address on one of its interfaces.

"System" and "System Idle Process" are 2 different things. The System process is a collection of threads which are in essence the kernel. Typical symptoms of a driver problem are the System process running at 100% CPU utilisation in a single CPU system - that you say it is flat out at 50% would make me guess maybe you have a dual CPU or hyperthreaded system? One thing you can try to do to get more information is get Process Explorer - you can double-click on any process and drill down to the thread level (select the "Threads" tab, it may take a short while to populate this view). Then you can see which of the threads is/are consuming the the CPU time - the CPU column conveniently sorts the threads in order of CPU utilisation. Highlight a thread with high usage and click the "Stack" button, then paste the output in here. One thing to look for is whether it is a single, constant thread, or a collection of threads splitting the time between them, or a thread which runs at high CPU for a short time then is replaced by another thread (happens with high turnover of worker threads).

Did you look at the stack for the offending thread, for clues as to which driver it could have been? Might be worth identifying the service under the svchost instance which owns that thread, by breaking them out into their own instances - just remember to return them to a shared instance afterwards as this can break the system if left in this state. MS article on svchost MSDN blog with details on how to break svchost processes into their own instances for debugging

Only with IE, or any application which you scroll in the same way? What is the refresh rate on your monitor set to, and what is it capable of?

Not as far as I am aware, but I'll check it out.Do you need a console connection always? Are the servers usually left logged in with an interactive applicaiton running or something?

Okay, quick summary of relevant information - stuff that is okay is green, stuff that is wrong is red: DELL: Ethernet adapter Interface 1.100: IP Address. . . . . . . . . . . . : 192.168.1.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.100, 192.168.2.100 Ethernet adapter Interface 2.1: IP Address. . . . . . . . . . . . : 192.168.2.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.1.100, 192.168.2.100 IBM: Ethernet adapter Interface 2.100: IP Address. . . . . . . . . . . . : 192.168.2.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.1.100, 192.168.2.100 Why run RRAS on the IBM server? Effecitvely you are setting up a DMZ 192.168.1.0/24 and an internal LAN 192.168.2.0/24, so I can see the need for RRAS on the Dell server so it can route traffic between the networks... DNS on the Dell external interface should point to 192.168.1.1. There should be no DNS on the internal interface. DNS on the IBM interface should point to 192.168.1.1 - let routing take care of communication with the NAT router for DNS resolution, saves you having to configure another DNS proxy internally. One point I will note is that to make a bit more sense I would use the same last digit in the IP addresses of the 2 interfaces on the Dell - my choices would be 192.168.1.254 and 192.168.2.254 - then change the IBM to 192.168.2.200. This just aids in identifying a server at a glance, and routers I tend to number from the top down, static workstations from 1-99, DHCP clients from 100-199 and static servers from 200-250. YMMV, but my advice is pick a scheme and stick to it. Okay, the configuration of the internal network interfaces looks good, so I suspect the RRAS service is loading the IPNAT.SYS driver which may be fouling things up. Action plan: - fix the IP addresses and DNS server entries - make sure ONLY "TCP/IP Protocol" is enabled on the Dell's external interface - remove RRAS on the IBM server - stop the RRAS service on the Dell server - try to ping between these 2 boxes on the 192.168.2.x interfaces If the ping fails, then immediately after trying do an "arp -a" to list the cached ARP entries to see if we even get a resolution of the IP address to a MAC address - also try temporarily disabling the external interface on the Dell.

From a command prompt run the command "ipconfig /all" on both machines and put the output here. You say the subnet masks are the same, but you don't say what they are - hopefully 255.255.255.0 or higher? If you have networks 192.168.1.x and 192.168.2.x with subnet masks of only 255.255.0.0 then the NIC binding order will come into play... The gateway setting is irrelevant if the machines are in the same subnet. Is the Dell machine running ISA Server or RRAS or anything, or just multi-homed right now?

Disable "Simple File Sharing". In Explorer, click Tools / Folder Options, then go to the View tab, scroll to the bottom of the list. Untick "Use simple file sharing (recommended)" and it won't use the Guest account by default when accessing SMB shares.

For me it was the free update from my retail XP Pro when the promotion was run last year, the fact that rootkits do not (yet?) affect 64-bit versions of Windows, plus the ability to run 64-bit virtual machines for repro environments.Had no 16-bit legacy code issues to be concerned about, and even though I don't have any 64-bit drivers for my printer (thank you so much HP) I can use the compatible ones in the OS in their stead. I'm still intrigued as to how it can be an "ancient" question of which is better, an OS which is not in widespread use or one which is not yet even at beta 2

Correct.I have checked NFSMW before on my XP x64 system with 2GB of RAM and noticed it "only" consumes around 300MB also - this is just the design of the code. As you play the game in distinct sections, the sounds, graphics, map, etc. are loaded into memory - and when you switch to a different part (start a race, enter a shop, whatever) then the memory is overwritten by the new data, not loaded in addition to it. Depending on which way you look at it, it is either good or bad - good in that it does not require that much memory, bad in that every time you switch sections it will force file I/O (although the cache manager in Windows should take care of much of this).

The OP was after a way to establish a CONSOLE session (connection to session 0) through the Remote Desktop Client through the UI itself, not a "regular" TS session.On Win2K & XP you have to use the command line, on 2003, XP x64 & Vista you can specify a console connection through the UI by adding " /console" after the server name to connect to.

Why do you need the server to have the public IP address? Please use a HARDWARE firewall and use NAT to hide the server, giving it a private IP address. If your server has a service which needs to be accessible from the outside then use specific port forwarding to the server. Even a basic home broadband router will provide a little protection by default, so long as you only set up the port forwarders that you need and nothing else. I really hope you are not setting up a domain controller and putting it in a dirty network! You should never, ever, ever need to have a public IP address directly on a server. Read up on the concept of a DMZ, and put only the services which NEED to accept connections from the Internet into it (such as IIS or an SMTP service).

This works on Windows 2003, XP x64 & Vista - to get a console session on 2000 or XP you have to use the command line method as in your first post.Re: your bet - well, technically "Windows" does have it in the versions made since 2002

Actually you showed the command line which can be used to launch the Remote Desktop client, e.g. with a custom shortcut, what I said was that after launching the app manually you can interactively specify a console connection where you enter the servername. That is the "GUI" way of doing it - as you have to enter the server name anyway it is just as easy to add " /console" there as it would to tick a box with "Use Console Connection" next to it (as I assume you are after, which does not exist).

With Remote Desktop Client you just append " /console" to the server name that you wish to connect to.

This is not correct.Entering \\computername will contact the target machine, authenticate as either Guest (if simple file sharing is enabled) or with credentials you are prompted for or have used previously in this logon session. Next the target computer responds with the list of resources which are shared (not just those to which you have access based on your credentials, this check is performed when you attempt to access the resource). Entering \\computername\sharename does the same process but automatically requests access to the specified resource instead of obtaining the list.

Older versions of Vista used "FIXNTFS", but the later builds will use "BOOTSECT.EXE" found in the BOOT folder on your installation media. This allows you to switch between the XP and Longhorn styles of the boot loader (the former using BOOT.INI which is ignored by the latter). I don't have 5308 installed so I don't know whether you need to run FIXNTFS or BOOTSECT, but if you open a command prompt and run C:\BOOT\FIXNTFS /? it will tell you what you need to know. Edit: Make sure you read what I put next time

That's the opposite of what he wants to achieve - he wants to exit the batch file early if the folder DOES exist.I prefer to have a single exit point in a program or batch file, at the very end - so I use GOTOs to skip code based on IF statement evaluations: DEL "%AllUsersProfile%\Start Menu\Add A Printer.url" >nul DEL "%AllUsersProfile%\Start Menu\IT Home Page.url" >nul DEL "%AllUsersProfile%\Start Menu\Open A Ticket.url" >nul IF EXIST "%AllUsersProfile%\Start Menu\IT Links" GOTO SKIPCOPY md "%AllUsersProfile%\Start Menu\IT Links" xcopy "\\bamdc001\sysvol\BAGLOBAL.NET\IT Links\*.*" "%AllUsersProfile%\Start Menu\IT Links\" :SKIPCOPYI don't bother using IF EXIST statements for deleting individual files, as you incur a file operation anyway, and two if it does exist - piping the output to NUL means you don't have to care about the "file not found" message and you will always perform a single file operation. (It also helps prevent extremely long command lines which reduce readability as they go off-screen or wrap.) It is preferable to use the environment variables such as "%systemroot%", "%UserProfile%" and "AllUsersProfile%" rather than hard-coding paths too. I also tend to prefer batch files for simple jobs like this in case there is a problem with the scripting engine or there is a 3rd party AV script proxy in the way which can foul things up.

Did you try the command prompt approach?The way the shell and the command prompt view resources across a network is via the same protocol but is handled in different ways - the command prompt method just gets very basic object information whereas Explorer will try to get various details on the files, icons, folder layout, etc. It might be interesting to use Ethereal to capture the network traffic from your client when it tries to access the share via UNC, then via mapped drive, then doing DIR at a command prompt and see what the differences are... For a folder tested: Note how many objects are actually in it Note how many are displayed via UNC, mapped drive and at the command prompt Are the objects displayed always the same ones? The same number? AV installed on both client and ICS server? Which one?