Guy Recommends
A solution to monitor, manage and archive thousands of
events that are generated by devices across the entire network.
Download FREE
trial
Guy's Top 10 Free Tools
1) FreePing
2) Network Monitor
3) Xobni
4) PuTTY (UNIX)
5) IP SLA Monitor
6) BgInfo
7) Net-SNMP
8) CatTools
9) Exchange Monitor
10) WinDiff
Windows Server 2008 - 7 Naughty, But Nice Settings
Windows Server 2008 Naughty, But Nice Settings
I developed these nice ideas while testing Windows Server 2008 machines. It goes without saying that employing many of these ideas on a production network would be naughty. However, I bet that at least one setting is nice to use in even the most secure organization.
Incidentally, a few people are using Server 2008 as their desktop instead of Vista, in which case these settings could be nice.
Windows Server 2008 - 7 Naughty But Nice Settings:
- Disable the Shutdown Event Tracker
- Turn Off Windows Server 2008's Nagging UAC (User Account Control)
- Server 2008 Registry Setting - AutoAdminLogon
- Windows Server 2008 Remote Desktop
- IE7 Tools, Internet Options
- Screen Saver (None)
- How to Activate or Deactivate the 'Administrator' Account
♦
1. How to Disable the Shutdown Event Tracker
The purpose of the Shutdown Event Tracker is worthy, namely to
help you troubleshoot Windows server problems. Yet there is a
general feeling that this interface is more bother than it's worth.
What happens by default is that anytime you restart a Windows Server, up
pops an irritating menu. If this is a planned shutdown then you are
resentful for having to take the time to type in a message, if there is
something wrong, you are too busy thinking of a solution to waste time
grappling with extra menus. As a result you probably want to get
rid of this Shutdown Event Tracker dialog box, especially on a test
machine.
How to Disable the Shutdown Event Tracker
Disabling the Shutdown Event Tracker is a job for group policy, thus the easiest way to launch the editor is to click on Taskbar's Start button, then in the Start Search dialog box type: gpedit.msc. Note: you must include the .msc extension. Next, navigate along this path:
Computer Configuration
Policies
Administrative Templates
System:-
Display Shutdown Event Tracker
The crucial point is that 'Display Shutdown Event Tracker' is an actual group policy setting in the root of the System folder, and not a sub folder.
Once selected, it's a trivial task to double click the Shutdown Event Tracker, and select, 'Disable'.
Trap: If you use the Group Policy Management Editor instead of the Local Group Policy editor (gpedit), then make sure that you are aware of the Domain Controller Group Policy, in addition to the Default Domain Policy.
2. How to Turn Off the Nagging UAC (User Account Control)
Here is the problem: every time you want Windows Server 2008 to perform an administrative task you get a nagging UAC dialog box. You have to interrupt your train of thought and click, 'Continue'. Now it is naughty to turn off this security feature, but nice to have your instructions completed that bit quicker and without a frustrating distraction.
Stage 1) Preliminary task: Launch the Local Security Policy.
Method A) Begin by clicking on Server 2008's Start button, then in the Start Search dialog box type: secpol.msc. Note: you must include the .msc extension.
Method B) Display Server 2008's Administrative Tools. From the Administrative Tools, select the Local Security Policy.
Stage 2) The situation is that you have now opened the Local Security Policy. Using either method A or B, select the Local Policies folder, then expand the Security Options folder. You should see the screen shot opposite. Scroll down and locate the family of settings beginning with 'User Account Control'.
You should now see the policies shown below:-
Double click this policy: 'User Account Control: Behavior of the
elevation prompt for administrators'
Set to: 'Elevate without prompting'.
While you have taken the trouble to visit the Security Options, check to see if the other group policy settings are to your liking.
UAC Method Using the Control Panel
For a Server 2008 Machine, Microsoft also provides a menu in the Control panel whereby you can turn off UAC for the logged on user. If you too would like to remove this nagging interface, then navigate thus:
Control Panel -> User Accounts -> Turn User Account Control On or Off. Now decide if you want to untick the box which says: 'Use User Account Control (UAC) to help protect your computer'. Sadly, this requires a restart.
3. Server 2008 Registry Setting - AutoAdminLogon
When experimenting with test machines what speeds up a restart is if you have a user logon automatically without having to type a complex password. If you spend 2 minutes enabling AutoAdminLogon, it will save you having to wait after a restart. The trick, which also its liability, is you have to expose the password in the registry.
Instructions for Setting AutoAdminLogon
- Type 'regedit' in the Start Search dialog box.
- Next navigate to:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon
AutoAdminLogon = 1
(1 = on, enabled. 0 = zero, disabled) - Created a new String Value called
DefaultPassword
DefaultPassword = "P@ssw0rd" - Check the existence of a REG_SZ called DefaultUserName. The value should reflect the user who you wish to logon automatically. If this value does not exist, then right-click in the right regedit pane, 'New', REG_SZ, name it precisely, DefaultUserName (not DefaultAnyOtherName).
- Optional Item: If your Windows Server 2008 has joined a domain, created a String Value called DefaultDomainName. Set
DefaultDomainName = "OnlyYouKnowDomain"
Addendum for Windows Server 2008 User Accounts
I have been using AutoAdminLogon since NT 3.5. However, in Windows Server 2008 there is a much easier alternative in the Control Panel.
Launch the Control Panel,
navigate to User Accounts, Users, now remove the tick in:
Users must enter a user name and password. All you need to do next is type
the password twice in the, 'Automatically Log On' dialog box. Once Server 2008 restarts it will logon that user automatically.
4. How to Configure Windows Server 2008 for Remote Desktop
What Remote Desktop does is permit you to connect to Server Windows 2008 from Vista, or even XP machine. This ability is useful if you suddenly forget a setting, or remember that you have made a configuration mistake.
There is one problem, by default Remote Desktop is disabled; the solution requires foresight, you have to enable Remote Desktop before you leave the server room.
To enable Remote Desktop, open the System Properties. My favorite method is to hold down the Windows Key 
, then press the Pause / Break key. Alternatively, you could navigate via the Control Panel,
Support and Maintenance, System and then Remote Settings. Naturally, add your own account in the Select Users dialog box, because in this scenario, you will be the person taking advantage of Remote Desktoping
to this machine.
If in doubt, select the link 'Help me choose'
Trap: Confusing Remote Desktop with Remote Assistance.
Remote Desktop Connection.
To activate the client side of the connection, i.e. on the remote machine, go to Start, All Programs, Accessories and Remote Desktop Connection.
Trap: Don't confuse Remote Desktop with Remote Assistance
There you have it, naughty if you set Remote Desktop incorrectly in high security company, nice if you regularly travel around a large office and need access to your Server 2008 desktop remotely.
Guy Recommends: The Orion Network Performance Monitor (NPM) 9.5
Orion's performance monitor is designed for detecting network outages. This NPM will guide you through troubleshooting by indicating whether the root cause is a broken link, faulty equipment or resource overload. Because it produces network-centric views, it is intuitive to navigate, and as result you can see easily what's working and what's not.
Perhaps Orion's best feature is the way it suggests solutions. Moreover, if problems arise out of the blue, then you can configure Orion NPM 9.5 to notify members of your team what's changed and how to fix it.
If you are interested in testing a professional performance monitor on your network, then I recommend that you take advantage of Solarwinds' offer of a download a free trial of Orion's Network Performance Monitor.
5. Control IE7 (Internet Explorer) IE ESC
The general reaction to IE7 is that it is strange, quirky, even 'funny' when you first try the new interface. Then, like so many of Windows Server 2008 features, you don't want to go back to the old ways of IE6.
What can be annoying is the ESC (Enhanced Security Configuration), fortunately, there is a way to control this 'IE ESC' behaviour. What you need is the Server Manager. From the Start button, right-click on 'Computer' on the menu and select 'Manage'.
Once the Server Manager launches scroll down the Security Information section, select configure IE SEC in the right-hand panel.
Other Nice Settings Tools (menu) Internet Options
One nice setting is having multiple home pages. I love the idea of IE7 opening 3 or 4 tabs when I launch this browser. One annoying setting is the Tabs, when I open a new tab, I prefer my topmost home page to open rather than a blank page. Another annoying setting is 'Warn me when closing multiple tabs'. I disable this tab feature. However, it does not matter what I do, my hidden agenda is to persuade you to check out the IE7, Tools, Internet Option, 6 tabs and umpteen Settings menus.
̃
6.
Screen Saver (None)
I added this setting as a reminder that in Windows Server 2008 it's worth checking out the 'Personalize' menu.
The security feature of the Windows screen saver is designed to lock the keyboard when you leave your computer for more than 10 minutes. In some offices Psycho** jumps on any unattended computer and performs puerile pursuits, such as sending obnoxious emails to your superiors from your email account.
However, if you
are testing a machine with no security threat, then it's tempting to disable the screen saver. Right click on the Server 2008 desktop, select Personalize from the short cut menu
and Screen Saver is the third item on the next menu.
Now if you are feeling naughty select (None) from the list of possible screen savers.
Incidentally, while you have the Personalize menu open, take the opportunity to adjust your Display Settings in general and your Refresh rate in particular. I recommend a value of 90 MHz, provided your monitor supports this nice, flicker-free value.
** Every organization has at least one Psycho user. Amongst their characteristics are: a belief that they know more than they really do, they often read computer articles, but invariable get the wrong end of the stick. Psychos are invariably male and they have the knack of breaking systems that normally work perfectly well, single-handedly they account for 80% of all computer problems in your department.
7. How to Activate or Deactivate the 'Administrator' Account
When you install Vista you are prompted for an initial account. Thus Vista may not have an account called 'Administrator', which is visible. However, in Windows Server 2008 the traditional 'Administrator' account is created during setup. My point is that in Vista you probably want to Activate a previously hidden Administrator account, whereas in Windows Server 2008, you may want to deactivate the Administrator account for security.
I will show you how to activate this Server 2008 Administrator account via a 'Net User' command. One benefit of logging on as this super account is that you will never be prompted for the nagging UAC dialog box.
The procedure is straightforward, just head for the cmd
prompt and type:
Net user administrator /active:yes
Naturally, to achieve the opposite and deactivate, replace 'yes' with
'no', thus:
Net user administrator /active:no
The only trap is that many
domains insist on a complex password, therefore before the account can
logon, you need to assign a password
with an UPPER case letter, a numbers and a special character, here is an
example of the command:-
Net
user administrator P£ssw0rd /active:yes
N.B. Any problem with this command try Net Help User.
See more about the Hidden Administrator Account
Summary of Windows Server 2008 - Naughty But Nice Settings
Like the whole of life, you have to know when to be nice and when it's OK to be naughty. Turning on settings such as AutoAdminLogon is nice in training rooms, or on test networks, but naughty in medium security environments. Remote Desktop could be nice for you, but naughty if you add the office Psycho to the 'Select Users' list.
Guy
recommends: The Free IP SLA Monitor
The IP SLA Monitor offers so much more than just discovering network bottlenecks, the real joy is learning about router traffic. See how effortlessly this free monitor analyzes and displays the IP statistics. The key to configuring this Monitor is selecting the data most relevant to your network, for example, ping echo, DNS resolution times, or HTTP statistics. As a result of a few hours of investigation is that you can set alerts on key indicators, then get on with the rest of your job.
Download your free copy of IP SLA Monitor
Train Signal has
now released their
Windows Server 2008 Training Course. As an MCT
trainer, I am a huge advocate of Train Signals products. What particularly
impresses is me is the demonstrations. If
you are looking for a complete DETAILED coverage of Windows Server 2008, then I highly recommend that you give this course a try. I have reviewed their
6 hours plus of videos myself, and I guarantee that you will
not be disappointed!
Watch a Windows Server 2008 Training Video Demo.
Microsoft Windows Server 2008 Topics:
Server 2008 Home Overview What's New? Migration Advice Install Editions
AD DC Roles Features Hyper-V UAC IPv6 GP Preferences ipMonitor
^
|
|
|
|
Home Copyright © 1999-2009 Computer Performance LTD All rights reserved Please report a broken link, or an error.
| |
