Ask Dr. Bob Your NT Questions - 01 Nov 1998

Send us your tips and questions. You can also visit Bob Chronister's online Tricks & Traps at http://www.winntmag.com/forums/index.html.

Q: I have configured my IBM 770ED laptop to dual boot Windows 95 and Windows NT Workstation. Win95 resides on a DOS partition, and NT resides on an NTFS partition. Can I execute applications on the Win95 partition from NT so that I don't have to install the same applications on both partitions?

Unfortunately, you have to install the applications on both partitions. NT and Win95 often use different files and don't always share a Registry function. My preference is to install to the same location. This approach saves disk space, but you have to uninstall the software in both OSs, which can leave garbage in either the NT Registry or the Win95 Registry. The obvious solution is to avoid dual booting.

Q: I used the Microsoft Windows NT Server 4.0 Resource Kit utility usrtogrp.exe to create a global group and populated the group with users. Unfortunately, the group name consists of 21 characters, and User Manager for Domains won't let me delete the group because it doesn't recognize names containing more than 20 characters. Do you know of any other way to remove this group? I'm running Windows NT 4.0 with Service Pack 3 (SP3).

I was unaware that usrtogrp.exe lets you assign more than 20 characters to a group name. Unfortunately, NT's User Manager for Domains won't work with more than 20 characters, and I don't know of a way to resolve this problem.

Readers who are not familiar with the differences between User Manager for Domains and usrtogrp.exe need to know the basic uses of both utilities. User Manager for Domains lets you create a local group so that you can grant permission to local resources, or create a global group so that you can organize users according to a functional trait (e.g., job task). You can always add a global group to a local group.

All group names must be unique to the domain where you administer the group. NT restricts global group names to 20 characters with the exception of the following characters: " / [ ] : ; | = , + * ? < >. In contrast, local group names can contain up to 256 characters, and the only forbidden character is backslash ().

Adding individual users to groups in User Manager for Domains is easy, but adding multiple users at a time is difficult, which is why many administrators choose to use the usrtogrp.exe utility. You can use usrtogrp.exe to create a local or global group (if it doesn't already exist) and populate this group with as many as 1000 users. If you try to create a group that already exists, usrtogrp.exe simply adds the users to that group. You must have administrator rights to run the application successfully.

Usrtogrp.exe is easy to use: You just create an ASCI delimited file (use Edit in a command session) to contain all the information you need. Go to the command line and type

usrtogrp.exe

where is the ASCI text file. Format the text file as you see in Figure 1, page 212.

Q: Can you tell me whether cloning a Primary Domain Controller (PDC), adding it to an existing domain, and changing the cloned PDC into a Backup Domain Controller (BDC) in the new domain is possible? I know that the replication service between a PDC and BDC does not copy scripts and other customized files, and wonder whether this cloning procedure is feasible.

I've never tried cloning a PDC to create a BDC in an existing domain, but I assume this procedure is possible. The problem with cloning systems is that the primary security IDs (SIDs) are identical. Except for domain controllers that are supposed to have the same primary SIDs, systems with the same SIDs can't exist in the same domain. Given the circumstances, I see no reason why you can't clone domain controllers. Faced with a similar situation, I might take the following steps:

Q: I'm having trouble getting my Windows 95 clients to browse the network when they call in using Dial-Up Networking (DUN) and register with only TCP/IP running. The network is present and I can access machines using Uniform Naming Convention (UNC) names, but this terminology is not acceptable to my users. Any suggestions?

Clients who dial in but can't browse the network are often not part of the workgroup or domain of the remote network. You need to take the following steps to configure the remote dial-in so that a DUN client can browse a remote network with only TCP/IP running:

Q: I have a clone computer with an ASUS motherboard running Windows NT 4.0. Every time I change a setting and reboot my computer, I receive the message that the system can't start NT as configured and is using a previous working model instead. Can you provide any insight?

ASUS motherboards use Award BIOS, and the problem you are experiencing typically occurs with Award Modular BIOS 4.50G, 4.50GP or 4.50PG (the PG version supports Plug and Play--PnP). If you are using the Award Modular BIOS 4.50G or 4.50GP, Award suggests that you change the following CMOS settings one at a time until the problem goes away:

If you are using the Award Modular BIOS 4.50PG, you can correct the problem you are experiencing by disabling the Daylight Savings Time setting. Also, I suggest you update your BIOS firmware, which you can download from the ASUS Web site (http://www.asus.com).

Q: I have an HP 5MP printer that I installed and use in Windows NT 4.0. The printer recently stopped working. I deleted and reinstalled the printer driver, but I still can't get the printer to print. Can you help?

You probably have a corrupt print driver, and simply reinstalling the driver might not remedy the problem. Removing a printer is not as simple as it sounds. When you use Print Manager to remove a printer (the Remove or Delete Printer option), the printer connection in NT disappears immediately; however, the spooler marks the printer for deletion, and NT doesn't actually delete the printer until you reboot the system (i.e., when the spooler service stops and restarts).

You can try to stop and restart the spooler service (go into the Services applet in Control Panel) and reinstall the printer. If this approach doesn't work, you have to edit the associated Registry key. After you make the change to the Registry, you need to stop and restart the spooler service.

Run regedt32.exe or regedit.exe. If you installed the printer locally (My Computer), go to the following Registry keys and delete the Registry information: HKEY_LOCAL_MACHINESYSTEM CurrentControlSetControlPrintEnvironmentsWindows NT x86 DriversVersion-2 and HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintPrinters.

If you installed the printer as a network printer (network printer server or \), go to the following Registry keys and delete the Registry information: HKEY_CURRENT_USERPrintersConnections and HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintProvidersLanMan Print ServicesServersPrinters. At this point, you can reinstall the printer driver (i.e., the printer--remember that the printer is the driver in NT) correctly.

Q: I don't understand the different types of backup available in NT Backup. Can you explain the differences?

For inexplicable reasons, many file backup and recovery vendors make the technology more complicated than is necessary. For example, I still don't understand the Palindrome (now Seagate Software) Tower of Hanoi tape-rotation scheme. Likewise, the concepts surrounding file backup and recovery are unnecessarily complex. Standard backup methods for NT Backup are normal, copy, incremental, differential, and daily.

A normal, or full, backup copies all selected files to tape and marks these files to show that the system has backed up each file. With full backups, you can easily and quickly restore files from the last tape used.

Similar to a full backup, a copy backup copies all selected files but doesn't mark each file as having been backed up. I seldom use this option.

An incremental backup copies only those files that you have created or changed since the last normal or incremental backup. If you have to restore files, you must go to your last full backup and then restore all incremental backups.

Similar to an incremental backup, a differential backup copies only those files you have created or changed since the last normal or incremental backup; however, a differential backup doesn't mark the files to show that the system has backed up each file. If you have to restore a file, you restore only your last full backup and the last differential backup.

A daily backup copies all selected files that you have modified the day you perform the daily backup. This method does not mark the files to show that the system has backed up each file. Daily backups are useful for transporting daily work from one system to another.

Q: We just purchased several hundred new computers with Accelerated Graphics Port (AGP) video built into the motherboard. No matter what we try, we can't get an unattended installation to handle these ports properly. Can we install these machines in unattended mode or do we have to manually install each machine?

You can perform an unattended installation of AGP video drivers in Windows NT. The problem you are experiencing occurs on systems with a PCI bridge. Resolving this problem is simple: You need to install the proper hardware abstraction layer (HAL) from Service Pack 3 (SP3) before you install the necessary AGP files. Microsoft has corrected this HAL for use with AGP drivers.

You will want to identify which HAL your systems require and copy only those files to those systems. On the distribution share containing the source files, rename the original HAL to hal.old or some similar name. Copy the HAL you need from the SP3 CD-ROM to the distribution share containing the source files. Perform the unattended installation, and make sure you install all of SP3.

Q: I am trying to establish a common, permanent mapped share for my users. Can I set up this type of mapped drive during an unattended installation of Windows NT?

Setting up a permanent mapped share during an unattended installation is easy, but requires the use of cmdlines.txt. An example of such a mapping is as follows (you must place this line in the cmdlines.txt file):

"et use h: \servershare /user:DomainnameUsername /persistent:yes"

Several factors are important here. You need to use the /user: parameter because NT setup runs using the System account, which doesn't have a user account associated with it. You must also use /user:DomainnameUsername Password if the username has an associated password. Finally, using /persistent:yes means that the share automatically reconnects when the workstations log on.

Q: How do I install the Microsoft Windows NT Server 4.0 Resource Kit during an unattended installation of Windows NT?

To perform an unattended installation of the resource kit, execute the

_setup /q1

MS-DOS command from the root directory of the resource kit CD-ROM. This command installs the resource kit files to the default location without presenting any dialog boxes.