VPN Setup & Configurations

Configuring VPN in Windows XP Professional
For configuring the VPN connection, you need to have a static IP address of the remote computer of your company and the host name. You can configure the VPN connection in Windows XP Professional by the following method.
1. Click Start > Control Panel > Click Network and Internet connection > Click Network Connections.
2. Here you need to create new connection and click next
3. Here click “Connect to network at my work place” click next.
4. Click “Virtual Private Network” and click next.

5. Here type the meaningful name for your company or any other network connection and click next.
6. Here click “Do not dial the initial connection and click next.
7. Here type the hostname and the IP address of the computer to which you want to connect.
8. Press next and then press finish.
Installing VPN in Windows 2000 Professional
Make sure that you are connected to the internet and you are also connected to the LAN.
1. Start > Administrative Tools > Routing and Remote Access
2. Click the server name in the tree and on the action menu click Configure and Enable Routing and Remote Access and click next.
3. Click Virtual Private Network (VPN Server) in the common configurations and click next.
4. In the remote client protocols, make sure that the TCP/IP is included in the list. Click yes to all available protocols and click next.
5. Select the Internet connection that will connect to the internet in the internet connection box and click next.
6. In the IP address management box select automatically to assign the IP addresses through the DHCP server.
7. In the “Managing Multiple Remote Access Server select this option “No, I don’t want to setup this server to use Radius Server Now. Click Next > Click Finish.
8. Now right click on the Ports node and click properties now click WAN mini port (PPTP) and then click configure.
9. Type the maximum number of the allowed simultaneous PPTP VPN connections to this server.
Configuring VPN Server in Windows 2000
You can configure the VPN server further by the following methods.
1. Start > Admin Tools > Routing and Remote Access.
2. Right click the server name and then properties.
3. Select “Enable this computer as a router” on the general tab.
4. Here you have the choice to select Local Area Routing or LAN or Demand Dial Routing click ok and close all the dialog boxes.
Configuring VPN Connection in the Client Computer
1. Start > Settings > Network and dialup connection
2. Make new connection
3. Click next and then click connect to a private network through Internet
a. Click Automatically Dial this initial connection and select your dial up internet connection from the list.
b. If you use cable modem then select “Do not dial this initial connection”.
4. Click next
5. Here type the host name and the IP address of the remote computer to which you want to connect.
6. Type the descriptive name of the connection and click next.

How to Change/Resetting user passwords in Win Server 2003/XP/2000

Users occasionally forget their passwords to their local user accounts. You can manually reset a user’s password.This tutorial will explain how to reset users password in Windows 2003/XP/2000.


Reset a local user account password for Windows XP/2000 Professional

click Start, click Control Panel, double-click Administrative Tools, and then double-click Computer Management.

Once you opened the Computer Management (Local)—>System Tools—>Local Users and Groups–>click Users.

In the details pane, right-click the user name, and then click Set Password

Read the warning message, and then, if you want to continue, click Proceed.

In New password and in Confirm password, type a new password, and then click OK.

NOTE:- To perform above procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer
is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

Reset a domain user account password for Windows Server 2003/2000

click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

In the console tree Active Directory Users and Computers/Domain name/ click on Users

In the details pane, right-click the user name, and then click Reset Password.

Type a new password in New Password and in Confirm New Password, and then click OK.

NOTE:- To perform above procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority.

How To Create an Active Directory Server in Windows Server 2003

Creating the Active Directory
After you have installed Windows Server 2003 on a stand-alone server, run the Active Directory Wizard to create the new Active Directory forest or domain, and then convert the Windows Server 2003 computer into the first domain controller in the forest. To convert a Windows Server 2003 computer into the first domain controller in the forest, follow these steps:

1. Insert the Windows Server 2003 CD-ROM into your computer's CD-ROM or DVD-ROM drive.
2. Click Start, click Run, and then type dcpromo.
3. Click OK to start the Active Directory Installation Wizard, and then click Next.
4. Click Domain controller for a new domain, and then click Next.
5. Click Domain in a new forest, and then click Next.
6. Specify the full DNS name for the new domain. Note that because this procedure is for a laboratory environment and you are not integrating this environment into your existing DNS infrastructure, you can use something generic, such as mycompany.local, for this setting. Click Next.
7. Accept the default domain NetBIOS name (this is "mycompany" if you used the suggestion in step 6). Click Next.
8. Set the database and log file location to the default setting of the c:\winnt\ntds folder, and then click Next.
9. Set the Sysvol folder location to the default setting of the c:\winnt\sysvol folder, and then click Next.
10. Click Install and configure the DNS server on this computer, and then click Next.
11. Click Permissions compatible only with Windows 2000 or Windows Server 2003 servers or operating systems, and then click Next.
12. Because this is a laboratory environment, leave the password for the Directory Services Restore Mode Administrator blank. Note that in a full production environment, this password is set by using a secure password format. Click Next.
13. Review and confirm the options that you selected, and then click Next.
14. The installation of Active Directory proceeds. Note that this operation may take several minutes.
15. When you are prompted, restart the computer. After the computer restarts, confirm that the Domain Name System (DNS) service location records for the new domain controller have been created. To confirm that the DNS service location records have been created, follow these steps:
1. Click Start, point to Administrative Tools, and then click DNS to start the DNS Administrator Console.
2. Expand the server name, expand Forward Lookup Zones, and then expand the domain.
3. Verify that the _msdcs, _sites, _tcp, and _udp folders are present. These folders and the service location records they contain are critical to Active Directory and Windows Server 2003 operations.


Adding Users and Computers to the Active Directory Domain
After the new Active Directory domain is established, create a user account in that domain to use as an administrative account. When that user is added to the appropriate security groups, use that account to add computers to the domain.

1. To create a new user, follow these steps:
1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers to start the Active Directory Users and Computers console.
2. Click the domain name that you created, and then expand the contents.
3. Right-click Users, point to New, and then click User.
4. Type the first name, last name, and user logon name of the new user, and then click Next.
5. Type a new password, confirm the password, and then click to select one of the following check boxes:

* Users must change password at next logon (recommended for most users)
* User cannot change password
* Password never expires
* Account is disabled
Click Next.
6. Review the information that you provided, and if everything is correct, click Finish.
2. After you create the new user, give this user account membership in a group that permits that user to perform administrative tasks. Because this is a laboratory environment that you are in control of, you can give this user account full administrative access by making it a member of the Schema, Enterprise, and Domain administrators groups. To add the account to the Schema, Enterprise, and Domain administrators groups, follow these steps:
1. On the Active Directory Users and Computers console, right-click the new account that you created, and then click Properties.
2. Click the Member Of tab, and then click Add.
3. In the Select Groups dialog box, specify a group, and then click OK to add the groups that you want to the list.
4. Repeat the selection process for each group in which the user needs account membership.
5. Click OK to finish.
3. The final step in this process is to add a member server to the domain. This process also applies to workstations. To add a computer to the domain, follow these steps:
1. Log on to the computer that you want to add to the domain.
2. Right-click My Computer, and then click Properties.
3. Click the Computer Name tab, and then click Change.
4. In the Computer Name Changes dialog box, click Domain under Member Of, and then type the domain name. Click OK.
5. When you are prompted, type the user name and password of the account that you previously created, and then click OK.

A message that welcomes you to the domain is generated.
6. Click OK to return to the Computer Name tab, and then click OK to finish.
7. Restart the computer if you are prompted to do so.

Troubleshooting
You Cannot Open the Active Directory Snap-ins
After you have completed the installation of Active Directory, you may not be able to start the Active Directory Users and Computers snap-in, and you may receive an error message that indicates that no authority can be contacted for authentication. This can occur if DNS is not correctly configured. To resolve this issue, verify that the zones on your DNS server are configured correctly and that your DNS server has authority for the zone that contains the Active Directory domain name. If the zones appear to be correct and the server has authority for the domain, try to start the Active Directory Users and Computers snap-in again. If you receive the same error message, use the DCPROMO utility to remove Active Directory, restart the computer, and then reinstall Active Directory.

For additional information about configuring DNS on Windows Server 2003, click the following article numbers to view the articles in the Microsoft Knowledge Base:
323380 (http://support.microsoft.com/kb/323380/EN-US/ ) How To Configure DNS for Internet Access in Windows Server 2003
324259 (http://support.microsoft.com/kb/324259/EN-US/ ) How To Configure DNS in a New Workgroup Environment in Windows Server 2003
323418 (http://support.microsoft.com/kb/323418/EN-US/ ) How To Integrate DNS with an Existing DNS Infrastructure If Active Directory Is Enabled in Windows Server 2003
323417 (http://support.microsoft.com/kb/323417/EN-US/ ) How To Integrate Windows Server 2003 DNS with an Existing DNS Infrastructure in Windows Server 2003
324260 (http://support.microsoft.com/kb/324260/EN-US/ ) How To Configure DNS Records for Your Web Site in Windows Server 2003
323445 (http://support.microsoft.com/kb/323445/EN-US/ ) How To Create a New Zone on a DNS Server in Windows Server 2003

How to Remove Trojan Horse Or the Top 3 Ways to Get Rid of Trojan Virus

The good thing about Trojan Horses: It's not that difficult to remove them. But the bad thing is that Trojan Viruses are quite difficult to find.

Although they will not corrupt files or delete things on your hard disk, using them allows hackers to detect your credit card number, your social security number or some other private data. And of course, this is 1000 times worse.

The problem about deleting Trojan Horses is that since they have a variety of forms, there is no single method to delete them. Normally, using some antivirus software will help detecting and removing the Trojan Horses hiding on your hard disk. You can also try to clear the temporary internet files and delete them manually. Otherwise try this:

1) Open the System Information Utility (msinfo32.exe). You will find it at:
C:program filescommonmicrosoft sharedmsinfo. This program shows you all the processes running on any windows system, even those that are hidden from the task list that you normally use to look up the running processes on your PC. Now look for task listings which you do not recognize. Check the filenames and paths. Open your virus scanner and run the executable or .dll through it.

2) Open your antivirus software (If you don't have one, download AVG Anti-Virus Free Edition 7.5. It's pretty good and free). Run a virus scan. After the scan delete the value that was detected from the registry (first back up the registry!):

A) Click "Start > Run"
B) Type "regedit"
C) Click "OK"
D) Go to the subkey:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices

E) Now delete any value in the right pane that was detected during the scan
F) Exit the Registry Editor

3) If the steps 1) and 2) didn't help, download the free program HijackThis. It shows all the processes running on your system. Once listed, you can manually select and delete the fishy processes.

How to fix: Cannot Delete File: Cannot Read from the Source File or Disk

Now that you are logged on as the administrator in safe mode follow these steps

1. Open control panel from the start menu
2. Select USER ACCOUNTS from the control panel menu icons
3. Select Create New account from the list of tasks
4. In the new task windows, give the account a two or three letter name, not any real user name. and click the next button
5. select the LIMITED account feature by selecting the little radio button at the top, and click the create account button at the bottom
6. close all program windows and restart windows
7. when windows boots you will see the new user id, log in on the new user account that you just created
8. you may get some funny flags and request when you log in , but they are not to worry, let the system finish logging you in and when all activity has finished, restart windows again in safe mode
9. log in as administrator again
10. Open my documents from the start menu and click the folders icon to open up the left hand panel of the explorer window.
11. Navigate to the file/folder parent folder you want to delete (the one you renamed to something like "Delete Me")
12. Have it selected in the right hand pane of explorer (remember you can only move this file or folder if it is inside the parent folder)
13. From the file menu at the top select edit then select move to folder....
14. when the navigation widow opens, navigate to C:documents and settings new user id new user id documents (new user id is the account name you created) and select the move button
15. Now restart windows normally and log into your normal account
16. open control panel from the start menu
17. select user accounts
18. select change accounts
19. select the new user account you created
20. select delete account
21. select to delete all files, and delete account

How to Remove the Popup Ads in Avira Antivir

While Avira Antivir has one of the best detection rates of all antivirus, one of the main disadvantages is that after updating, you get annoying full-screen ads nagging you to upgrade. To remove these, read on

Steps
Windows 2000 / Windows XP Pro
1. Go to Start > Run.
2. Type gpedit.msc and click OK.
3. Navigate through User Configuration > Administrative Templates > System.
4. Double click "Don't run specified Windows applications".
5. Enable it and click show.
6. Add "avnotify.exe".
7. Click OK on all open windows.
8. Restart.
Alternate:
1. Start > Run: secpol.msc (You can also access this program through 'Control Panel > Administrative Tools > Local Security Policy' this is useful if it is easier the location of this rather than the file name)
2. Right click "Software Restriction Policies," Choose "New Software Restriction Policies." (Skip this step if there are subfolders in Software Restriction Policies already.)
3. Right Click "Additional Rule" folder > New Path Rule.
4. Where it says Path, Type the path of avnotify.exe on your computer, or use the Browse button to find it. (On XP64 using a default install of Avira, the path is: (C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avnotify.exe)
5. Make sure the "Security Level" Dropdown menu is selected as "Disallowed"
6. If you would like to make sure it went through correctly, open the Additional Rules folder, and verify the path and security level.
7. Enjoy the absence of nag windows.







Windows XP Home
1. Boot into Safe Mode.
2. Log into an account with administrator privileges.
3. Open [driveinstalledon]:\Program Files\Avira\AntiVir PersonalEdition Classic.
4. Right click on avnotify.exe and go to Properties > Security > Advanced.
5. Click on Edit-> Traverse Folder / Execute File-> deny-> OK.
6. Repeat for all users.
7. Reboot your computer normally.

Windows Vista Business/Ultimate
1. Open the control panel through Start > Control Panel.
2. Go to Administrative Tools > Local security policy.
3. Click on Software Restriction Policy > Action > Create new restriction policy.
4. Right-click, and go to additional rules > new path rule.
5. Click Browse and navigate to C:\Program Files\Avira\AntiVir Desktop\ and double-click avnotify.exe.
6. Set the security level to Disallowed.
7. Click apply and OK.

Windows Vista Home
1. Go to C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe for the current version, 9. For earlier versions, go to C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe.
2. Right-click avnotify.exe and go to Properties > Security.
3. Under the group or username SYSTEM, click edit.
4. Put a checkmark under the DENY column for "read and execute".

Tips
• Before giving up, try setting a restriction on avnotify.dll as well.
• An easier way to do this is just to pay for Avira AntiVir Premium, if you are satisfied with the free version.
• Another way suggested by some users to handle this problem is to use a program called Clickoff. You can download it at: http://www.johanneshuebner.com/en/clickoff.shtml

How to Remove the Raila Odinga Virus

Step 1

Follow the link in the Resources section to AVG Anti-Virus. Download the anti-virus program and then run its installation file.

Step 2

Open the Start menu and click on "Shut Down." Choose the "Restart" option and wait for your computer manufacturer's logo to appear on the monitor screen. Press the "F8" keyboard button repeatedly until a new list of options appears on the screen.

Step 3

Scroll down to the menu entry named "Safe Mode." Highlight the entry and hit the Enter key to start up your computer with the Safe Mode feature turned on.

Step 4

Open the Start menu and then click on the "My Computer" icon. Open up the "C:\" drive and then click on the folder named "System32." Look for a file with either the ".jpg" or ".gif" extension that was created very recently.

Step 5

Right-click on the file and then choose the "Delete" option. Check to see if there is a file named "Raila Odinga.jpg." Delete the file if it is present. Delete each of the Microsoft Word files contained in the folder.

Step 6

Close the "My Computer" window and then open the anti-virus program that you installed. Run the anti-virus program's update process by clicking on the "Update Now" button.

Step 7

Click on the "Computer Scan" button and then click on the option to run a scan through your entire hard drive, instead of just one section of the computer. Click on "Remove Problems" once the scan has finished running. Restart your computer to finish removing the Ralia Odinga virus from your machine.

Changing user password in XP without having to know the existing password

For some reason you forgot your password or another user forgot their password this will help you to reset the user password without having their old password.
click on Start>Run>and type cmd
From the command prompt window, type net users
This will show you every account that is made onto the computer whether it is hidden or not.
Change an account password
Login as administrator click on Start>Run>and type cmd
Type net user then the name of the account then * and press enter.
Examples
net user administrator *
net user “Joe Smith” *
Put the name in quotes if it contains spaces.
From there it should ask for a new password. Type in your new password (type very carefully - the command window won’t display what you type) and once more to confirm it. If you get the message that the command succeeded successfully you entered your new password without any problem.

Firefox: Some security tips

Hi to all, the day before i searched useful topic in the internet, i found this:


There are several reasons why Firefox is the Web browser of choice for many of us. Providing a safe Web surfing experience is one of the more important ones. I’d like to offer some tips that will make surfing the Web with Firefox even safer.
——————————————————————————————————————-
It’s important to easily determine whether a Web site that should be using https, actually is. When Firefox first came out it used a method that was easily discernible. The address bar would turn yellow and a lock icon would appear on the right-hand side of the address bar:

That feature was replaced by a small blue frame surrounding the Web site’s favicon in the third version of Firefox. Additionally, clicking on the blue field reveals more information about the Web site’s SSL certificate:

I’m not particularly convinced the new approach is better. It’s easy to miss whether the site is using https or not, especially if the favicon is blue. Also, I’ve read that the blue frame and most favicons are easy to forge.
As to why the change, my guess would be that Firefox developers thought Extended Validation (EV) certificates were going to become the norm and focused on a way to better display the EV information. I think they succeeded, placing the Web-site’s name in a green frame is very distinguishable:

It’s a nice concept, but the use of EV certificates isn’t that prevalent, which kind of defeats the whole purpose. If my memory serves me correctly, less than one percent of all Web sites using SSL have EV certificates. It’s understandable though. By design, the vetting process is more in-depth, which drives up the cost of obtaining an EV certificate.
A well-kept secret
A good friend of mine let me in on what I’d call a hidden gem and I wanted to pass it along. It’s not perfect, but it certainly helps increase awareness of whether a Web site is using https or not. Besides it’s simple to do:
1. Type about:config in the address bar.
2. Firefox will display the following warning.
3. Click on the “I’ll be careful, I promise” button.
4. Enter “browser.identity.ssl_domain_display” (minus quotes) in the Filter box.
5. Double click on entry, which opens a dialogue box.
6. Change the entry from zero to one.
What this does is change the appearance of how the address bar displays information for Web sites using regular SSL certificates. As you can see below, except for the frame being blue instead of green it looks identical to what’s displayed by a Web site using an EV certificate. This should help reduce the risk of confusing secured Web sites with unsecured ones.

Revisit Perspectives
In August of 2008, I wrote an article about a Firefox add on called Perspectives. I’m not going to rehash the details; suffice it to say that I highly recommend installing it. Then forget about it. The application works quietly in the background making sure SSL certificates are valid. Now that I said that, I want to revise the configuration I used in the initial article, even though it makes Perspectives a bit noisier.
The two changes I’d like to propose are:
• Uncheck the default setting of “Allow perspectives to automatically override security errors”.
• Change “When to Contact Notaries” from the default to “Contact Notaries for all HTTPS sites”.

Perspectives isn’t perfect and the above changes may give additional false positives, but using the new settings will increase security while surfing the Web.
SSL Blacklist
Firefox version three checks a certificate’s revocation status using the online certificate status protocol. There’s a problem with that though. Like EV certifications the use of this protocol is very limited. In a somewhat ironic twist, all SSL certificates do contain information about where to obtain a certificate authority’s certificate revocation list, but Firefox isn’t setup to use them. Hmmm, this means Firefox isn’t capable of knowing whether a majority of existing SSL certificates are valid or not.
Màrton Anka seeing this deficiency developed the SSL Blacklist add on for Firefox. The application detects and reports on weak/revoked certificates or those that are still using the weak MD5 hash algorithm.
NoScript: a favorite
If you follow my articles, you will know that I think highly of Giorgio Maone’s Firefox add on NoScript. Giorgio realized that a vast majority of malicious Web sites use JavaScript exploits to leverage control of a victim’s computer. So he developed NoScript, which gives the user control on whether to allow or disallow execution of certain JavaScript code that NoScript deems as possibly harmful.
As you might guess, it’s a fairly noisy add on. NoScript is going to ask you quite often on whether you trust the site enough to allow JavaScript code execution. If that’s too granular, you have the option to change the setting “Scripts Globally Allowed (dangerous) from the default of disabled to enabled.

Doing so will make NoScripts considerably less intrusive, but any protection from JavaScript vulnerabilities is also removed. On a good note, even with scripts globally allowed you are still afforded protection from ClickJacking.
Final thoughts
There you have it, four tips that I use and recommend to all of my clients. None of them are perfect solutions, but they certainly elevate user security when surfing the Web with Firefox. Let me know if you have any favorite security add ons for Firefox that I may have missed. Also if you have started using Internet Explorer 8, I’d be curious to learn how it compares to Firefox security-wise.

Configure a new DNS server

To configure a new DNS server
• Using the Windows interface
• Using a command line
Using the Windows interface
1. Open DNS.
2. If needed, add and connect to the applicable server in the console.
3. In the console tree, click the applicable DNS server.
Where?
o DNS/Applicable DNS server
4. On the Action menu, click Configure a DNS Server.
5. Follow the instructions in the Configure a DNS Server Wizard.
Notes
• To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
• To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.
• If the DNS server is running locally, you do not need to perform step 2.
• As a best practice, use the checklist for installing a new DNS server. For more information, see Related Topics.
• When you finish configuring the server, you might need to complete additional tasks, such as enabling dynamic updates for its zones or adding resource records to its zones.
Using a command line
1. Open Command Prompt.
2. Type:
dnscmdServerName/Config {ZoneName|..AllZones} Property {1|0}

Value Description
dnscmd Specifies the name of the command-line tool.
ServerName Required. Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.).
/Config Specifies the configuration command.
{ZoneName|..AllZones} Specifies the name of the zone to be configured. To apply the configuration for all zones hosted by the specified DNS server, type ..AllZones.
Property Specifies the server property or zone property to be configured. There are different properties available for servers and zones. For a list of the available properties, at the command prompt, type: dnscmd /Config /help.
{1|0} Sets configuration options to either 1 (on) or 0 (off). Note that some server and zone properties must be reset as part of a more complex operation.
Notes
• To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
• To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.
• This procedure requires the Dnscmd Windows support tool. For information about installing Windows support tools, see Related Topics.
• To view the complete syntax for this command, at a command prompt, type:
dnscmd/Config/help
• As a best practice, use the checklist for installing a new DNS server provided in the online Help. For more information, see Related Topics.
• When you finish configuring the server, you might need to complete additional tasks, such as enabling dynamic updates for its zones or adding resource records to its zones.
Formatting legend
Format Meaning
Italic Information that the user must supply
Bold Elements that the user must type exactly as shown
Ellipsis (...) Parameter that can be repeated several times in a command line
Between brackets ([]) Optional items
Between braces ({}); choices separated by pipe (|). Example: {even|odd} Set of choices from which the user must choose only one
Courier font Code or program output

To configure conditional forwarding as an attribute of DNS.

To configure conditional forwarding as an attribute of DNS, complete the following steps:
1. On a Windows Server 2003 domain controller, open the DNS console.
2. Right-click the DNS server you wish to work with and click Properties.
3. Select the Forwarders tab of the DNS properties dialog box for the selected server.
4. Click the New button to the right of the DNS domain list.
5. Enter the domain name for which the conditional forwarders should be configured — for example, sales.company.com — and click OK.
6. Click on the new domain forward that you just added in DNS domains list and type the IP address of the primary DNS server for that domain in the box below, labeled Selected Domains Forwarder IP Address List.
7. Click the Add button.
Once you click OK on the DNS properties dialog box, the conditional forwarder for the domain you specified will be ready to go; however, you may want to restart the DNS service just to make sure everything is working.
Note: For conditional forwarders to work, all the DNS servers in your Active Directory environment must run Windows Server 2003.

How to disable shutdown button on the Log-in screen

Windows 2000 Workstation's log-in screen has a "Shutdown" button which you can use to shutdown the system without ever logging in. But you can disable Windows 2000 Workstation's "Shutdown" button on the initial log-in screen:
• Run "RegEdit.exe" or "RegEdt32.exe"
• Select the following key:

HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows NT\
Current Version\Winlogon
• Add a value named "ShutdownWithoutLogon" of type "REG_SZ" and set it to "0".
• Restart Windows

Excel 2003 as default application for opening .xls files

This method will turn off the office 2007 re-register feature that makes office 2007 applications the default program for office documents.

Make Excel 2003 the default application for opening .xls files stick by doing the following:
1. Start --> Run----> Regedit
2. Navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Excel\Options
3. Right click on the Options folder, Select New---> DWORD Value ----> Type "NoReReg" for the Dword Value without quotation marks.
4. Right click on the NoReReg DWORD Value and click Modify. In the Value Date box, type 1 and then click OK.
5. Once you have edited the registry key listed above, open Excel 2003 and click on Help (found on the main toolbar) and select Detect and Repair.
6. If Detect and Repair process completes successfully proceed to Step 7. If the Detect and Repair process stops and asks you for the .msi file, mount DiegoStart and go to Z:\software\common\office11 and double click on OWC11.msi file.
7. After performing steps 1-5, try opening an existing or a new .xls file by double clicking it. The .xls file should open by default using Excel 2003 instead of Excel 2007.

Control owner access rights in Windows Server 2008

Using the Creator Owner permissions in Windows allows a person who creates an object to set the permissions for it. For example, if the IT manager is working on confidential documents about business and IT policy and wants to allow others in different business units or departments to access them, she can select any groups or users she wants. At the same time, she can also restrict access to those she wants to exclude. Sometimes this works okay, but it can be a problem if the Creator Owner of a document leaves the organization or is reassigned and no longer has access to the target object.
In previous versions of Windows, up until Windows Server 2008, using an SMB share (Server Message Block protocol) for permissions and changing them from full control to modify was the best way this could be corrected. However, SMB share permissions are not as restrictive as NTFS (NT File System) permissions, which may introduce other issues.
Windows Server 2008 introduces a new, built-in identity called Owner Rights that allows the creator/owner of the document to be overridden by an administrator. To add this feature to a document or object, you simply need to add an entry to the access control list (ACL) for the object, specifying owner rights. To do so, complete the following steps:
• Right-click the object for which you want to change the access control list and choose properties.
• Choose the Security tab on the dialog box for the object.
• Below the Group or User Names box click Add.
• In the Browse For Groups Or Users selection box, enter Owner Rights and click OK.
• Assign Owner Rights to Modify permission not to Full Control permission.
• Click OK on the object’s Properties dialog box.
With this addition to the ACL, when the owner of the object attempts to change permissions, one of two things will happen. Depending on the operating system this user is running and the permissions associated with the user account, the permissions information may be disabled or an “access denied” message will appear when he or she tries to make a change.
What happens if the owner cannot change the permissions on a file?
Windows Server 2008 has provisions for this situation. Basically any users including an admin can lock themselves out of any object; however, users that are also members of the administrators group can assign ownership back to the domain administrators group, allowing any member (including the original owner) to modify the ownership of the object.
If you are a member of the administrators group, even though you can lock your self out of being able to change permissions or see an object, your other rights will allow you to correct the action.

Outlook: Multiple Users Single Account?

Is there a way to set up MS Outlook (XP) so that multiple users can access a single account from their separate computers while retaining all of the files on a primary computer?

Basically, I'm the occasional IT department for a very small company and this is something like a feature request. There are two people with networked laptops, and one main desktop that is set up to retain all the email from this one account.

They want to use their laptops to read and send email from this account, and they want it to be just like they were reading and sending it from the desktop computer. Complete with archiving and deleting.

I am open to any suggestion that solves the problem, including those that don't involve Outlook. Here are some ideas I've had, but I have serious doubts about each of them.
• Setting the folder where the Outlook database lives as Shared, then pointing each laptop's Outlook installation to this same file. I have no idea if this will work. Ideally, they want to be able to use the email account at the same time, and I'm not sure this will allow that.
• Using Thunderbird. I don't know if it will help, but I think it would be cool to move them to more open-source applications.
• Setting up Remote Desktop or VNC, so they just log on through the LAN and use the desktop like they were sitting in front of it. This one is probably stretching it. Also, can anyone else use the computer while someone else is remotely logged in?

That's all the ideas I have. I imagine this is somewhat of a common enough problem so that someone has already solved this problem. That's what I keep telling them anyway.

How to disable shutdown button on the Log-in screen?

Windows 2000 Workstation's log-in screen has a "Shutdown" button which you can use to shutdown the system without ever logging in. But you can disable Windows 2000 Workstation's "Shutdown" button on the initial log-in screen:
• Run "RegEdit.exe" or "RegEdt32.exe"
• Select the following key:

HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows NT\
Current Version\Winlogon
• Add a value named "ShutdownWithoutLogon" of type "REG_SZ" and set it to "0".
• Restart Windows

How to Speed Up Folder Access

In this page, I'll show you how to speed up folder access on your computer. Why you need to speed up folder access? In my opinion, you need to do that if you have a lot of folders and sub directories on your computer. Because when you access a directory, your windows system will wastes a lot of time updating the stamp showing the last access time for that directory. So you need to disable access update to stop your computer from doing this. Follow these steps to speed up folder access by disable access update on your computer.

1. Click on RUN, type Regedit in the open box and then click "OK".
2. Find HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > FileSystem
3. Create new DWORD Value called NtfsDisableLastAccessUpdate by right-click in a blank area of the window on the right and then select DWORD Value.
4. Double click on "NtfsDisableLastAccessUpdate", change the value data to 1 and then click OK. That's al

How to Auto DELETE temporary folder

For Beginers
what we used to prefer is, type "%temp% " {without quotes} in Start -> Run.This opens your temporary folder and then you can erase it easily, but still try dis one
too..

For Advance User
First go into gpedit.msc, Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal
Services/Temporary Folder, Then right click "Do Not Delete Temp Folder Upon Exit.
"Go to properties and hit disable. Now next time Windows puts a temp file in that folder it
will automatically delete it when its done!

Manually Removing PC Viruses!

Trick By vishnu vardhan reddy B On 4:23 AM
Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.
After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer! Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do. Step:
1: Start your computer in safemode.
2: If you know where the virus are hiding delete the executable file.
3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The : is like comenting out the value. But if you are sure its the virus you can just delete the string. Here are the keys you maybe want to look at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
NOTE-Firefox user might not able to view full path.For full path edit your text size smaller by pressing ctrl-.
4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.
5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.
6: Try searching for the virus executable to see if its hiding some other place.
7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there.. If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.