Dealing With Physical Network Problems

Network connectivity issues can easily be caused by physical network problems. Always ensure that you have a reliable and working connection between each computer and another, or each computer and a router.

Diagnosing a possible problem with a wired connection requires checking 3 components.


  • The network card on this computer.
  • The network cable.
  • The network card on the other computer, or the router port.

Does your computer connect to another computer or to a router? If to a router, try another port on the router - preferably swap ports with another, working computer. Also, swap network cables with another computer. Always test with currently known good components, when possible. And please, always start with a pre-made network cable - this is NOT the time to try making your own Ethernet cable!

Remember that the network card on this computer, and the network card on the other computer (or the router) are all computers in their own right. Each device uses drivers and / or firmware. Check with the vendor, and see if this is a known problem, and / or is there a driver or firmware update available? Whenever you have a problem, start with updated software. If you ever go the vendor for advice, that is the first thing they will ask you about.

Examine the network card, or read the manual. Make sure that it doesn't contain an embedded hardware firewall, like the nVidia nForce.

Also, look at whether the problem is constant and permanent, or chronic. If chronic, is there a pattern to when it occurs, and / or is there a consistent workaround? One common example of this possibility would be loss of connectivity when the computer is idle for an hour or so.

Read Practically Networked Problems with Network Cards for suggestions on dealing with problems that originate with a network card itself.

Run the Device Manager (System Properties - Hardware tab), find the network adapter in question, and Troubleshoot it. See if the system can identify a hardware problem.

Always use the right kind of network cable, and always have a spare on hand. If you are connecting a computer to a router, you'll probably use a straight-thru aka patch cable. If you are connecting two computers directly, you will probably need a cross-over aka null-modem cable. Some newer network cards may support use of a straight-thru cable, to connect directly to another computer. But always have a spare cross-over cable to diagnose this problem.

Does the network card, and maybe the router port, have one or two colored lights that light up or change color? Observing their behaviour, and checking the owners manual, could save you a trip to your nearby computer store to buy the wrong component.

On most network cards, the Green light indicates Link (connectivity), while the Yellow light indicates Transmission (activity). The Green light should be solid, while the Yellow light may be either blinking (light activity), or solid (heavy activity).

Windows XP has the Local Area Connection status indicator in the tooltray. Windows Vista has the Network System Icon. Both will indicate logical network status, in some detail, if enabled (Local Area Connection Properties "Show icon ...").

If a router is the other end of the connection, try checking the router access log too. Having a second computer is very useful here.

If your network includes WiFi components, your issues may be even more complex to diagnose.

... or maybe not. If you have no connectivity at all, check that the radios on the computer and on the router / AP are powered on. Seriously.

For more information about WiFi, see Microsoft: A Support Guide for Wireless Diagnostics and Troubleshooting.

And in some cases, if you have XP SP2 on the computer, the (KB893357): WPA2 / WPS IE update for XP SP2 may help.

For truly unacceptable problems, prepare to uninstall the drivers for one or more network adapters.

>> Top

Reading IPConfig and Diagnosing Network Problems

Both Internet Service and Windows Networking rely upon the Internet Protocol being properly configured. The IPConfig utility tells us the various settings on any computer using Internet Protocol. This is a good place to start, when diagnosing any networking problem.

Please note that the examples shown here are from a computer setup in a workgroup, which is almost identical to a domain. There is one major difference for a domain; the DNS server entry, for a computer in a domain, should point to the IP address of the domain controller, as indicated in Windows XP / 2000 On A Domain.

This is a problem, as the ipconfig listing will not give a clue as to where the domain controller points (forwards its DNS queries). If you have DNS problems, in a computer on a domain, ipconfig will not help diagnose any such.



To get ipconfig data for immediate examination, simply type "ipconfig /all" into a command window (or a command window in Windows Vista). Only type the command itself into a command window - do not type Start - Run - "ipconfig /all...".

If you want the data so it is easily compared between computers, you need to export the data into a text file.

  • Type "ipconfig /all >c:\ipconfig.txt" (less the "") into a command window (or a command window in Windows Vista).
  • Then,

    • Type "notepad c:\ipconfig.txt" (less the "") into the same command window, for immediate examination.
    • Or, copy file c:\ipconfig.txt to another computer, for comparative examination.


A Normal IPConfig

Here's an example of IPConfig ("ipconfig /all") from a pair of computers on a LAN.


Windows IP Configuration
Host Name . . . . . . . . . . . . : PChuck1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pchuck.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-04-76-D7-C5-6A
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.11
192.168.1.33
Lease Obtained. . . . . . . . . . : Wednesday, April 16, 2003 11:19:12
Lease Expires . . . . . . . . . . : Wednesday, April 23, 2003 11:19:12

Windows IP Configuration
Host Name . . . . . . . . . . . . : PChuck2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pchuck.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-04-76-D7-76-BC
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.51
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.11
192.168.1.33
Primary WINS Server . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Wednesday, April 16, 2003 11:53:45
Lease Expires . . . . . . . . . . : Wednesday, April 23, 2003 11:53:45


What does this tell us?


Host Name . . . . . . . . . . . . : PChuck1

This is the name of the computer, as seen by Internet Protocol.

Primary Dns Suffix . . . . . . . :
DNS Suffix Search List. . . . . . : pchuck.net

Most small LANs don't have a DNS server setup, so you probably won't use DNS for name resolution. If you do have a DNS server (not the one which your ISP provides, either), you should setup both DHCP and DNS carefully.


Node Type . . . . . . . . . . . . : Broadcast

The Node Type tells us how this computer identifies the address of another computer on the LAN. Broadcast is the best setting for a small LAN, although anything but Peer-Peer will work. If you do not have a WINS server, and you see Peer-Peer here, you do have a problem.

If you have a LAN with its own DNS server, you will want to setup your LAN, and the DNS server, properly.


Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

If DHCP is enabled, this computer should get it's IP settings from a DHCP server (either a NAT router / ICS Host, or a dedicated server running the DHCP service).

If Autoconfiguration is enabled, this computer did get its IP settings from a DHCP server. If DHCP is enabled, but Autoconfiguration is not enabled, a DHCP server was not available. If the latter, it is very likely that the computer now has an APIPA address, and may display the message "limited or no connectivity".



Physical Address. . . . . . . . . : 00-04-76-D7-C5-6A
IP Address. . . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.11
192.168.1.33
Primary WINS Server . . . . . . . : 192.168.1.1

These are the most basic settings. You must get the addressing right, before the other components will be of much use.

The Physical Address is the MAC address for this network card. If this is the Vendor Assigned address, it is unique for this device. All Vendor Assigned addresses are unique, for every device in the world. If this is a User Defined address, it was set using tools provided by the vendor. For NT compliant network hardware, this was likely the device properties wizard, accessed from Local Area Connection Properties in Network Connections.

The IP Address for each computer must be unique. Taking the IP Address and the Subnet Mask, and subnetting the IP address, we see that this subnet is 192.168.1.0/24, and the Host Address is 50. On any LAN segment, all hosts (computers) must have the same subnet, and all computers must have a different host address.

While the Subnet and Host addresses together determine which computers on a LAN can communicate, the Default Gateway determines if the computer can communicate with any hosts outside the subnet. The Default Gateway must be the IP address of another host, on that same subnet, that also connects outside the LAN. With no default gateway value, or with an invalid IP address here, your computer won't have access outside the LAN.

If the IP address is 169.254.x.x, you have an APIPA address. Having one or more computers with APIPA addresses - 169.254.0.0/16 (169.254.0.0 / 255.255.0.0) could have various causes.

  • If you're connecting 2 computers directly, using a cross-over cable, then the APIPA addresses are perfectly normal.

  • If you're connecting a computer to an ICS server, or to a NAT router, and it's getting a 169.254.x.x address, then either you have a physical network problem, or the DHCP server (ICS server) is disabled.

  • If your network connection is WiFi, and you're seeing "Connected to XXXXXXX ... Connection quality zzzzz ...", you simply have a radio connection. Your WiFi client has to supply the right credentials (WEP, WPA, ...) before you actually get an IP address.


Note here that most of my advice is about using your computer on your network, or at least on a trusted network. If you're connecting your computer to an unknown or untrusted network, exercise common sense. If you're connecting thru WiFi, your connection isn't working, yet you are not seeing an APIPA address, you could be connecting to a honey pot.

The DHCP Server identifies the network device that issued the IP settings to this computer. If you have two computers which can't communicate, and they have incompatible IP settings, checking the DHCP Server might show settings from two different DHCP servers.

There are two possible reasons for having two different DHCP servers.

  • If you're paying your ISP for two ip addresses, you may be getting two addresses on different subnets, which is a perfectly expectable situation for cable broadband. The solution for this may be to not use IP on your LAN.
  • You also might have an unknown (rogue) DHCP server on your LAN. In that case, knowing the IP addresses of both servers should help you identify each server.

The Physical Address, IP Address, Subnet Mask, and Default Gateway are settings which describe how this computer connects to the network. DNS Servers, on the other hand, provide the ability to resolve the IP address of another computer on the network.

WINS is a legacy Microsoft name resolution protocol, used with Windows NT V4.0, and Windows 2000 (aka Windows NT V5.0). With Windows XP (aka Windows NT V5.1), Microsoft elected to use DNS, as the rest of the world has been doing for a while. But we still have the possibility to use WINS built in to Windows XP.

If your host configuration specifies a WINS server, you better have one. If a WINS server is configured, and WINS is queried, Windows XP will wait for a query against it to timeout. Depending upon the value of Node Type, you will have various problems.

  • If Node Type is Broadcast, the WINS entry will be ignored.
  • If Node Type is Hybrid, name resolution by Broadcast will be tried only AFTER WINS resolution is tried and times out. This will significantly increase latency in many file sharing processes.
  • If Node Type is Mixed, name resolution by Broadcast will be tried first. If the requested computer does not respond to a Broadcast (maybe you typed in the name wrong), name resolution will try WINS next. The WINS query will have to timeout before reporting "name not found" aka "Error = 53".
  • If Node Type is Peer-Peer, only the WINS server will be tried. This is a common problem on small LANS.
  • If Node Type is Unknown, it will be treated as Hybrid.

Note that any or all of the above settings can come from automatic configuration (the Network Setup Wizard), or manual configuration (the TCP/IP Properties wizard).

A Bridge

When you run the Network Setup Wizard, you may end up with a bridge. Bridges cause problems with file sharing, and with Internet service sharing. You can get a bridge from having any of the following:

  • Two network cards, connected to two different subnets.
  • Dialup Internet service, with a modem and a network card.
  • PPPoE Internet service, with a PPPoE modem and a network card.
  • One network card and a 1394 Firewire device.


Windows IP Configuration
Host Name . . . . . . . . . . . . : MyComputer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Network Bridge (Network Bridge):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : MAC Bridge Miniport
Physical Address. . . . . . . . . : 02-2F-CC-91-84-FF
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

If you don't intentionally want a bridge, get rid of it. If you need a bridge, please refer to Steve Winograd PracticallyNetworked XP ICS - Network Bridge.

You can avoid ending up with a bridge, if you follow the advice from Microsoft How to prevent the Network Setup Wizard from creating a bridge in Windows XP.

IPV6
When you run the Network Setup Wizard, you may end up with IPV6, aka Automatic Tunneling, aka Teredo Tunneling.

Windows IP Configuration
Host Name . . . . . . . . . . . . : PChuck1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : myhome.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-04-76-D7-E2-BA
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 10.201.99.11
10.201.99.33
Lease Obtained. . . . . . . . . . : Wednesday, April 16, 2003 11:19:12
Lease Expires . . . . . . . . . . : Wednesday, April 23, 2003 11:19:12
Tunnel adapter Automatic Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : C0-A8-00-03
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.50%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled

The presence of IPV6, aka Automatic / Teredo Tunneling, may hamper the diagnosis of your problems. Please remove IPV6 while we are working on your problems; if you truly need it, you can re install it later. You must remove IPV6.

A Hardware Firewall

This may become a common observance in the future.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nforce Networking Controller

This is a hardware firewall, sitting inside your computer. The nVidia nForce is probably the first, but surely not the last, device of this type.

IPConfig Command not recognised

And here's an odd result. You type "ipconfig", and get

'ipconfig' is not recognized as an internal or external command, operable program or batch file.

In this case, you have still more work to do. There are several possibilities.

  • Check the Path. The entry ";%systemroot%\system32" may be missing.
  • You may need to reload TCP/IP (if this is not Windows XP), or reset TCP/IP (if this is Windows XP).


>> Top

An Incredibly Stupid Wardriver

11/26/2003 Toronto Canada Wi-Fi hacker caught downloading child porn


Toronto police stopped Walter Nowakowski for driving the wrong way down a one way street during the early morning hours. Walter had his pants around his ankles, and he was watching a child porn video that he had just downloaded from the Internet, using a hijacked wireless connection from a nearby house.

Following his arrest, Police searched Nowakowski's home when they recovered 10 computers along with thousands of CDs and floppy disks suspected to contain child porn images.

Walter was doing 4 things at the same time.

  1. He was wardriving.
  2. He was driving the vehicle himself.
  3. He was watching what he was downloading, while he was driving.
  4. He had his pants off, because he was enjoying what he was doing so much.

Walter got caught by the police for doing none of the above. Nor did he get caught for being a collector of child porn.

Walter got caught because he found doing all of the above so incredibly easy, that he paid no attention to what he was doing, and drove the wrong way down a one-way street.

If the FBI (or the Canadian equivalent) went knocking on somebody's door and seized equipment that was used in downloading child porn (the FBI has been doing just this), Walter would not have been the one on whose door they would have knocked.

The FBI would have been knocking on the door of the people who provided Walter his Internet service. And those people would have been aware of it only after the FBI got there.

The people providing Walter his Internet service, very likely, have no idea how lucky they were that Walter was so stupid. Since Walter was arrested during the early morning hours, it's likely that everybody was still asleep. Even if any of the inhabitants in the area saw Walter being arrested, or read about it in the newspaper, how likely is it that somebody thought "Gee, maybe that's why my wireless router was so busy?". Yeah right.

Imagine what the smart wardrivers can do? Folks, please, if you're going to have a wireless LAN, Protect Your WLAN from idiots like Walter. And use a Layered Defense on all computers on your LAN - not just the ones connected wirelessly.

Using Event Viewer To Get Details About System Events

When you have a problem with the system (whenever a system error message pops up), or when the system does something strange, and you want to ask for help, start by finding any relevant entries in the System Event Log.

Under Control Panel - Administrative Tools - Event Viewer, you will find lists of all recorded system events. There are three standard logs - Application, Security, and System. Some applications, like your AntiVirus, may add an additional one - my antivirus program added an additional log called Antivirus.

Look in the appropriate log for an event recorded at the time you observed an error or event. Double click on any log entry to view details.

When you find an entry corresponding to the time and maybe the symptoms, extract the details.


  • Look for the clipboard button in the detail window - on the right, below the Up and Down arrows (used for viewing Next and Previous event details).
  • Hit the clipboard button to Copy the details.
  • Go to whatever communications tool that you use (browser, email, usenet, whatever) and Paste the details into the message that you're creating.

Note that Event Viewer, like some other Windows Management applets, provides network access. When logged in under an account with administrative access to other computers:

  • Start Event Viewer.
  • Go to Action - Connect to another computer.
  • Select Another computer, and type the name of the other computer, or use the Select Computer applet to identify and select another computer.
  • Hit OK.

Now you can peruse the Event Log of another computer, as if you were right there logged in.

For interpretation of specific errors, see

For more information about the Event Viewer, see Microsoft: (KB308427): How To View and Manage Event Logs in Event Viewer in Windows XP.

>> Top

Security By Obscurity

The principle of Security By Obscurity, or hiding yourself from the bad guys, has been around for quite a few years. The English comedy troupe Monty Python provided a light-hearted, yet not entirely irrelevant, discussion about this issue, How Not To Be Seen.


In this film we hope to show how not to be seen. This is Mr. E.R. Bradshaw of Napier Court, Black Lion Road London SE5. He can not be seen. Now I am going to ask him to stand up. Mr. Bradshaw, will you stand up please? (In the distance Mr. Bradshaw stands up. There is a loud gunshot as Mr. Bradshaw is shot in the stomach. He crumples to the ground.) This demonstrates the value of not being seen.


Years back, folks would claim that they were never online for more than a few minutes, and they turned their computer off when they weren't online.

They would claim safety by using dial-up, and later by using dynamically addressed broadband. Dynamic addressing was thought to be safer, because with a frequently changed IP address, the bad guys could never find you.

One of the selling points of PPPoE, which let the DSL Broadband ISPs oversell their customer base against their IP pools, was the "dial-up experience", as if PPPoE customers wanted a new IP address every day. Some customers actually believed that argument. Remember that Cable Broadband is that way routinely.

Nobody ever talked explicitly about getting a new IP address that had apparently already been noticed by the bad guys. Yet that was always a possibility; any "new" address that you get has probably been used by somebody. In any mature pool of dynamic addresses, most or all have probably been noticed by the bad guys in some way.

A well known and controversial security consultant provides a free scanning service, to check out your computer or router. His service will tell you if your computer or router is providing information to the internet, gratuitously, which would make you visible to those with dishonourable intent.

Steve Gibson's Shields Up! will probe your public ip address, whether your computer or router, checking for open and replying ports. It will then advise you how exposed you are, from observing how many of your ports are open, or are replying to his probes.

To the Shields UP! scanning service, the most secure configuration is a computer or router that does not respond to any probes, simply discards them. This condition is called, by Steve, "Stealth Mode". The idea about "stealth" is that your computer or router shouldn't reply to any connection attempt, to say "no connection available here", which would obviously verify to a bad guy that there is a host at your ip address.

(Cut to another area, however this time there is a bush in the middle.) This is Mr. Nesbitt of Harlow New Town. Mr. Nesbit, would you stand up please. (Nothing happens.) Mr. Nesbitt has learned the first lesson of not being seen - not to stand up. However, he has chosen a very obvious piece of cover. (The bush explodes and you hear a muffled scream).


Unfortunately, if there was no host at your ip address, a router upstream from you would respond, with "Destination address unreachable", to any probes. By not replying to probes at all, you are confirming that your ip address is in use (and the router has been routing the probes to you), but you simply chose not to answer. To a bad guy, this may make you even more interesting.

Also unfortunately, there are many ways to probe your ports. Just because your computer / router doesn't respond to a proper "TCP connect" request doesn't mean that it won't necessarily respond to (or can't be detected from) a SYN, FIN, or UDP scan.

(Cut to another scene with three bushes.) Mr. E.V. Lambert of Homeleigh, The Burrows, Oswestly, has presented us with a poser. We do not know which bush he is behind, but we can soon find out. (The left-hand bush explodes, then the right-hand bush explodes, and then the middle bush explodes). (There is a muffled scream as Mr. Lambert is blown up.) Yes, it was the middle one.


Bad guys, that don't care whether there is anything at your ip address, will attempt to hit you anyway. Security By Obscurity became still less relevant on January 25, 2003, with Slammer!. Slammer didn't check for anything at any given ip address, it just sent itself to randomly chosen addresses. It infected 90% of its potential targets - worldwide - in 10 minutes, by simply not caring what it was invading. By its very simple design, its code became lean, mean, and very fast.

Slammer's target base was fortunately limited, as it was aimed at a special type of server. Even so, it brought down massive portions of the internet infrastructure, with the huge volume of traffic that it had generated, within 15 minutes after it hit the internet.

  • The tiny worm hit its first victim at 12:30 am Eastern standard time.
  • By 12:33 am, the number of slave servers in Slammer's replicant army was doubling every 8.5 seconds.
  • By 12:45 am, huge sections of the Internet began to wink out of existence.

Read more about this milestone in the history of malware, in this fascinating tale by Wired Magazine Slammed! An inside view of the worm that crashed the Internet in 15 minutes.

Blaster, a successor to Slammer, that uses an RPC service vulnerability that was present in Windows NT operating systems (KB823980): until it was patched, continues to infect (unpatched) hosts occasionally. Look at any of the Microsoft.public.*.* Usenet discussion groups. Even now, occasionally somebody asks about their computer shutting down with "NT Authority..." or "RPC Call...".

Sasser, a successor to Blaster, uses an LSASS vulnerability that was present in Windows NT operating systems until it was patched. Sasser was featured on TV in 2005 - in the BBC Video Jacques' Hack Attack. The computer featured in the video was online for less than 30 minutes, because it crashed after loading 3 worms (Sasser being just 1 of the 3), and the resulting network and system traffic overloaded it. The first worm hit that unprotected computer almost immediately after it was connected to the internet.

In typical british melodrama (and to us Yanks, Spencer Kelly, of the BBC, may sound vaguely similar to John Cleese, but the BBC is not Monty Python):

How long would it be before we were hit by something nasty on the net? Hours, minutes? As it turned out - eight seconds!


If your computer is vulnerable to an attack, and a Blaster or Slammer type worm is sent in your direction, you WILL be infected. Stealth or not.

I've been trying to make an anagram out of "security by obscurity", to something evocative, like "botnet membership" - but no luck so far. Anybody out there want to help? I'll send you a t-shirt (and attach a link here to your blog), if you can come up with an interesting anagram.

Regardless of whether it makes an anagram or not, Security by Obscurity, if it's your main protection, will surely lead into botnet membership. Making your computer into yet another distributor of important email - like "Your l0an has been @pproved", "che@p mesdctations", and "V!agra".

>> Top

Hiding Your Server From Enumeration

If you don't want your server to be displayed in Network Neighborhood, add a registry value [HKLM \SYSTEM \CurrentControlSet \Services \LanmanServer \Parameters \Hidden]. Make Hidden a DWORD, with value "00000001". This will prevent it from reporting any shares to the browser.

Conversely, if your server isn't showing up in Network Neighborhood, and you want it to show up there, check for that value. If it exists, make sure that it has a value of "00000000", or delete it altogether.

How To Post On Usenet And Encourage Intelligent Answers

Usenet is an interesting place to hang out. You can meet all sorts of interesting personalities there - from helpful to helpless, and from technical to totally irrelevant. Depending upon your current needs, whether to get serious advice or to just waste time, you can affect who you want to converse with in several ways.


  • What forums do you post in?
  • What is the content, demeanour, and style of your posts?
  • What time of day, and day of week, do you typically post?



If you have spent very much time at all on Usenet, you know that there are some forums where, even if you ask a serious question, you are just as likely to get total time wasting insults, and stupid remarks, as anything else. That's if you don't get totally ignored, which would probably be better for you in the long run.

On the other hand, if you post in a forum which is known for good technical advice, and you format, style, and and word your questions properly, you can encourage useful answers from the helpful and knowledgeable folks who hang out there.

If you're new to this, the best way to start is to find the forums where the serious discussions take place. Find threads which contain intelligent, well written responses, then observe how the initial posts, in those threads, were worded. When you find threads containing responses similar to what you'd like to get, try and imitate the original posts.


I highly recommend that you read several useful articles on Usenet.

The best suggestion - Try and Fit In - Help Us To Help You.

>>Top

Please Use Proper Grammar, Spelling, and Other Refinements

Usenet is a wide and diverse medium, and it is recognised that not everybody there speaks the same language. And in the more serious forums, the more serious helpers will try and be tolerant of those who were not born with English as their mother tongue. Many of us have been to foreign lands, and have experienced for ourselves the frustration of being part of a minority culture.

That said, there are several posting styles, other than broken English from not speaking it as well as one would like, which will not be received graciously.

  • Grammar and Phrasing. Usenet is NOT English class, and nobody expects perfect documents. But when you type incomplete or run-on sentences, don't start sentences with capital letters, or your entire post is just one long paragraph, your post is hard to read. Many helpers will ignore your post and find better written ones to read.
  • Shouting. Please don't type in all capital letters - that is considered shouting, and will not get you polite treatment. As with grammar, many will simply ignore your posts, as use of mixed case is much easier to read.
  • Spelling. Were you typing conversations in an Instant Messenger program, you would be expected to make a few odd spelling mistakes from time to time. When you post in Usenet, take the time to review what you type before hitting Send. Use a spell checker, but don't depend upon it completely. If it's important enough for the helpers to read, it's important enough for YOU to read once after you write it.

    In a chat forum, it's mere courtesy to write in the same style as the others. In a technical help forum, where YOU are looking for help, it's common sense. Help the helpers to help YOU.

    And please don't use "leet speak" in the serious Usenet forums; techies don't appreciate it and will quickly tag you as a newbie.

Read the above linked documents for more discussion on each of these concepts.

>>Top

Don't Rely On Spell Check Too Much

ODE TO SPELL CHECKERS...

I have a spelling checker
I disk covered four my PC.
It plane lee marks four my revue
Miss steaks aye can knot see.

Eye ran this poem threw it.
Your sure real glad two no.
Its very polished in its weigh,
My checker tolled me sew.

A checker is a blessing.
It freeze yew lodes of thyme.
It helps me right awl stiles two reed,
And aides me when aye rime.

Each frays comes posed up on my screen
Eye trussed too bee a joule.
The checker pours o'er every word
To cheque sum spelling rule.

Bee fore wee rote with checkers
Hour spelling was inn deck line,
Butt now when wee dew have a laps,
Wee are not maid too wine.

And now bee cause my spelling
Is checked with such grate flare,
There are know faults in awl this peace,
Of nun eye am a wear.

To rite with care is quite a feet
Of witch won should be proud,
And wee mussed dew the best wee can,
Sew flaws are knot aloud.

That's why eye brake in two averse
Cuz Eye dew want too please.
Sow glad eye yam that aye did bye
This soft wear four pea seas.

>>Top

Hijacking Threads

When you have a problem, it's a good idea to spend a few minutes (or hours) reading previous discussions in a forum. Maybe there's a thread in there with your problem, and a solution to your problem. But remember, howver similar your problem may appear to be to the posted problem, there will always be some degree of variance.

If there is a thread with your problem in it (and however similar it may be), check out the discussion, silently. Please don't add your post in there "I have the same problem. Can someone help me too please?", or worse yet "I have the same problem, except... Can someone help me too please?". When you do this, it's called thread hijacking.

When you hijack the thread, it splits into two sub-threads, one addressing the Original Poster, the other addressing you.

  • This doesn't benefit the Original Poster, because you're taking attention away from his problem, and directing it towards yours.
  • This doesn't benefit the helpers, because they have to consider two problems, or at least to direct responses towards two (or more) people.
  • Since you don't know what causes your problem (if you did, you could fix it yourself, couldn't you?), you don't really know that the symptoms are exactly the same as the Original Poster's. As the helpers address both problems, they may find that the two problems are totally different.
  • Your thread, which is now under the Original Poster's thread, may not be seen by as many people. You may not get the attention of a qualified helper.
  • As the helpers continue to address your problem, they have to repeatedly search for your thread, which is under the Original Poster's thread. This causes confusion and inability to find your thread, and less help for you.
  • When there are multiple people asking for help in the same thread, everybody has to keep constantly looking at each post, and wondering if its addressing the right subthread. It's like being in a large party, with 6 people talking at once about 6 different subjects. How can you carry on an intelligent conversation, with 6 people talking simultaneously? It's worse than a mixture of bottom and top posting.

In short, hijacking a thread benefits nobody.

When you have a problem, start a new thread. Let the helpers decide if your problem is the same as somebody else's. Solve one problem in one thread.

>>Top

MultiPosting

The Internet as a whole, and Usenet specifically, is an infinitely diverse and large population. When you use Usenet, and you post thru a newsreader, you can post in any of thousands of different forums. Many times, a question that you have may be of interest to (may be helped by) folks in several different forums. Maybe you have a question about pinging a computer running Windows XP; in which case, your question might be answered by folks in microsoft.public.windowsnt.protocol.tcpip, or in microsoft.public.windowsxp.network_web. You might get help from folks in either group, or maybe some advice from folks in each group.

If you use a Usenet newsreader, any articles that you write can be posted into both groups simultaneously, and folks reading in either group can reply, with their replies going to both groups. Why should this be of any interest to you?

It's just this. When you get advice on Usenet, you benefit from collaboration. With the experts in both groups able to see what is being written about your problem, you are more likely to get accurate and timely advice. This is called cross-posting.

On the other hand, if you post your question into both groups separately, you'll be getting advice separately. With folks helping you separately, you are more likely to get contradicting or incomplete advice. This is called multi-posting.

Please! Cross-post, don't Multi-post. And please cross-post conservatively and thoughtfully. Cross-posted articles get better results than Multi-posted articles, and properly Cross-posted articles get results that are better still.

For more discussion about the differences between cross-posting and multi-posting:


>>Top

Munging Your Email Address

For those who don't yet know, posting your email address on Usenet, in plain text, is not a good idea. I have just 2 rules about posting email addresses on Usenet:

  • Don't post your address on Usenet.
  • Don't post someone else's address on Usenet.

If your email address is "myaddress@myisp.com", either "myaddressnospamplease@myisp.com" or "myaddress@myispnospamplease.com" may be somebody else's address. If either of the latter addresses don't exist now, they may in the future. And "anything@nospam.com" could cause problems for the domain "nospam.com". Neither of these are acceptable munging techniques.

For more information, see Munging Your Email Address and Spam-Blocking Your Email Address.

>>Top

Replying To Posts By Others
When you converse with another person, in a voice conversation, face to face, you speak to that person. You should do likewise when conversing in Usenet.

When you reply to someone, reply to the post that was made. When someone answers your post, reply directly to that person.

  • Don't reply to your own post; that looks like you're talking to yourself. Qualified helpers may not see your reply, if it's to your original post. Also, when you reply to your own post, you leave out my immediately previous reply to you. Having all portions of our conversation in one sequential file helps me to help you better.
  • Don't reply thru a second person, when answering the first person. That's rude, and looks like you're trying to ignore the second person.
  • Don't start a new thread, restating your problem. This produces an effect similar to thread hijacking. The helpers can help you better if your entire problem is attacked in one unique thread. Solve one problem in one thread.
  • Don't change your name in the middle of a thread. Trying to guess if "JD" is the same as "James Doe" is frustrating to the helpers.
  • Don't use the name field as part of the message. When you post as "The above advice didn't work", or similar, in the name, it makes you look like a newbie, and will not enhance your chances of getting prompt and effective results.


>>Top

Starting a New Thread

When you start a new thread, briefly summarise your problem in the Subject of your post. Think of the Subject as part of the index - an index entry with Date, Subject, and Name of Poster (you). Make the Subject a brief, unique categorisation of your problem - 6 - 8 words is enough.

  • Before you start a new thread, make sure that you don't have any dangling threads. If you just posted your question in this same forum, a few hours ago, or a couple days ago, it's possible that somebody has answered your previous post. If you keep your problem resolution in one thread, rather than spreading it out over two or three threads, you'll make it easier on everybody. Solve One Problem In One Thread.
  • Please don't make the Subject "Help Me!", or "Network Problem". When you do that, your post shows up in the same thread as half a dozen other posts. Trying to help in a thread like that is like trying to deal with a hijacked thread, or with someone who doesn't know how to reply in a thread properly.
  • To the other extreme, please don't try and describe the problem completely in the Subject, with "Help please!" in the body. If your problem is so simple that it can be adequately described in that way, then either:

    • You have no problem. This is typically not the case.
    • You don't understand the problem. Alternately, you can't provide enough details for an effective diagnosis.
    • Your Subject is way too long. You cannot fit enough details about a typical network problem in a Subject line of proper length.

  • Please don't start out your message with "My problem is the same as (this other thread)...", or "My problem is the same as (the one below)...". This is similar, in effect, to a hijacked thread, except for one extra detail.

    • The other thread may not be visible to anyone qualified to help you. It will almost certainly not be the one below yours in everybody else's index.

  • Please summarise your problem in the Subject, and provide details in the Body of the post, as text. Don't just provide a link to another article, and please don't put the problem description in an attachment.

    • The ones qualified to help you may not know what your problem is, unless you provide some description.
    • The ones qualified to help you may not read a malicious or non-relevant website.
    • The ones qualified to help you won't open attachments. Attachments are well known security risks, and anybody who is best suited to help you will ignore them.


Always state your problem on its own, and provide background information. Let the helpers try and correlate multiple threads. If details about a problem can best be provided in another article, include links to the other article in your problem report. But provide a good description about your problem in your report, so the helpers will know the nature of your problem.

>>Top

Testing

If you're going to use your computer, you have to learn to test; but you need to test properly. Posting test messages in a non-test forum is not proper testing.

  • Test messages clutter up the forums, making it hard to find relevant posts.
  • Finding your own test message in a non-test forum may not be too easy either.

There are several forums setup specifically for posting test messages.

  • alt.test
  • alt.test.a
  • alt.test.b
  • microsoft.public.test.here

Please use the test forums for testing, and the non-test forums for relevant discussions.

>>Top

Bottom vs Top Posting

In a forum where technical help is provided, bottom posting is much more useful. That allows the helpers to review the previous conversation in one long sequential, smooth flow. This results in a more accurate and efficient work process, and better help for you.

Here's a hypothetical example, between the Original Poster ("OP"), and one Helper, as viewed in a news reader in thread view.

OP: I have a problem.
Helper: OK, try this and let me know the result.
OP: Here is the result.
Helper: OK, now try this and see what happens.
OP: Here is what happens now.
Helper: OK, This should fix it.
OP: Yes, it did. Thank you.

When viewed by Helper, while preparing the 6th entry, the thread, accumulated in the 5th entry, looks like (both OP and Helper bottom posting):

I have a problem.
OK, try this and let me know the result.
Here is the result.
OK, now try this and see what happens.
Here is what happens now.

On some days, I might be participating in as many as a dozen threads, with some threads having several entries / day, and others having several days between each entry. To prevent embarassment and useless posts, I have found it very helpful for me to review each conversation before posting.

When each entry in the thread contains multiple lines, and I can review the thread as in the above example, with each entry in the thread in perfect sequence, top to bottom, it helps me greatly.

Compare the example above with (the OP top posting, and Helper bottom posting):

Here is what happens now.
Here is the result.
I have a problem.
OK, try this and let me know the result.
OK, now try this and see what happens.


Or with (both the OP and Helper top posting):

Here is what happens now.
OK, now try this and see what happens.
Here is the result.
OK, try this and let me know the result.
I have a problem.

Imagine either of the above examples, with a page or so of lines in each individual post. Could you read that, and figure out progress to date?

Now depending upon what product you use for reading and posting to the forums, you may have different possibilities here.

Anytime you're using any of the above products, and you are preparing to reply in the thread of your interest, the current thread contents will typically be presented below the cursor. If you start typing with the cursor positioned there, you will be top posting. This is not an insurmountable obstacle though.

Simply read thru the thread, and move the cursor. When you get to the bottom of the thread, position the cursor at the end of the thread, and begin typing. This is bottom posting.

I'm trying to help you. Help me to help you. Type your replies below my replies.

>>Top

Waiting For, And Reacting To, Replies
When you ask for help, post your question, and check back in the forum periodically to look for answers. Internet forums, Usenet or Web based, provide help in group based conversations. Here, multiple people post articles of similar nature in common forums, and the experts, who try to help you, find subjects that they're experienced with.

Please don't post a request for help, and ask to have answers emailed to you. Asked here, answered here. For everybody's benefit.
  • You'll get better help with all the helpers able to see, together, the status of your problem, as it's resolved.
  • Many helpers keep their email addresses secret, and won't be interested in sharing them with strangers.
  • You encourage a spirit of community, which is what drives these forums in the first place.
  • You help provide an online record of problems and solutions, again strengthening the idea of using online forums for problem resolution.

Getting help in Usenet requires both patience and persistence, carefully balanced.

Post once, with a carefully summarised problem report, and wait. You may get a reply back in an hour, or a day. You may get a reply back in an hour, and a better reply in a day.

There are two ways of posting that probably won't get you a reply. Or if a reply, not always an answer to your problem. One is posting repeatedly. The second is posting a second (or third) time, asking "Why has nobody answered my first post"?

Both strategies, if you're lucky, will simply get you replies pointing you to articles like this one. In some forums, you'll get rude replies telling you to shut up. Remember most helpers have lives outside of the forums, and the more knowledgeable ones may have several activities that prevent them from reading here very often. Be patient.

Also remember that most forums are unmoderated, and few forums have social hosts (hostesses). If you post a question, and nobody knows the answer, you may get no reply. Many knowledgeable helpers will not post, if they have nothing to say to you. Beware of the answers from some helpers - they may be post trolls, or may be posting simply to advertise their services in a forum or website elsewhere.

When you do get replies, try and answer them promptly. If a response is serious, and appears genuine, trust and help the person responding, and provide relevant details that can help diagnose your problem. And don't expect the first answer to provide an instant resolution to your problem. Some problems could take several days, or longer, to resolve. Your posting occasionally "Nothing works. I think I'll give up." won't encourage help. Try and remember that the ones trying to help you have their own problems, and they need encouragement too.

Remember the style of advice given may vary, depending upon the helper, and upon the nature of your problem. Some advice may contain all relevant information in the body of the Usenet post. Other advice may contain links to articles discussing technical issues in detail.

Sometimes, as we work on a problem together, my questions may seem intense; at other times, they may seem rather irrelevant, and idle. Appearances may be deceiving, in this case. If you're going to trust me for advice, you need to trust my style of problem diagnosis, and work with me.

If you don't get a reply within a couple of days, look at the forum as a whole. Are there other folks posting, and getting answers? If so, reread this article, revise or upgrade your problem report, and try again. If there's no activity in the forum, either wait for a while longer, or find another forum. Some forums have activity each minute, others may have days between posts. Be observant.

>>Top

Followup When The Problem Is Solved
If you do eventually (or immediately) get an answer that solves your problem, post one last time, and let everybody know that the problem is solved, and what helped you the most. Nobody gets paid to help here, so a "Thank You" should not be too much to ask. What you can tell about your experience, whether negative or positive, may help the next guy with a similar problem - and that's what the forums are all about.

>>Top

Windows XP (2000, Vista) On An NT Domain

If you're attaching a computer running Windows 2000, XP, or Vista, to a LAN with Windows NT systems, you may have a problem logging in to the domain, or accessing domain resources, if both the client computer and the domain aren't setup properly.

Windows 2000, XP, and Vista use DNS to locate Domain Controllers. If DNS is not configured properly, a computer will waste time waiting for a DNS query to timeout, then try NT4 NetBIOS (i.e., WINS) to locate a Domain Controller. See the Microsoft articles How Domain Controllers Are Located in Windows, or How Domain Controllers Are Located in Windows XP, for more information.

These specific instructions are known to apply to Server 2003; for Server 2000, or for NT server, details may differ.


  1. Ensure that the clients are all configured to use the domain DNS server. If you're using DHCP on your LAN, the DHCP server should provide the address of the domain DNS server, not your ISP's DNS server(s). If you're not using DHCP, each client should provide the address of the domain DNS server individually.
  2. Whether you use DHCP or not, don't specify your ISP's DNS server as a backup to your domain DNS server. If you're using DNS for name resolution, your ISP won't have your local addresses.
  3. Check Properties for the DNS server Forward Lookup Zone.
    • On the General tab, ensure the domain DNS server is configured to permit dynamic updates.
    • On the Name Servers tab, ensure the DNS server points to itself as a DNS server.
  4. Check Properties for the DNS server. For internet address resolution, specify your ISP's DNS server(s) in the Forwarders tab of the DNS server.
  5. When you have done all of the above, and if all of your computers can do so consistently, then you can use SMBs Directly Hosted Over IP.

You may find more information in additional Microsoft articles:


>> Top

Dealing With Malware (Adware / Spyware)

One of the fastest growing industry in technology today is development and deployment of malware - software to run on peoples personal computers, without their consent and / or knowledge. This software is called by some adware, by others, spyware. It has many installation methods, many purposes, and many results.

It can range from the most innocuous add-on program designed to "enhance your Internet enjoyment", to programs which secretly transmit your most intimate financial details (like your credit card number and PIN) to thieves who will use the information to empty your bank account.

The one thing you can say for a certainty is that it's software that you do not want on your computer.

This is where you need a thorough adware / spyware scan, including CWShredder, AdAware, Spybot S&D, HijackFree, and HijackThis, with expert advice to interpret the HijackThis log.



>>Top

Check the Hosts file.
Search your entire system drive, including hidden and system folders, for file "hosts". There is one legitimate copy, and it is used in many security strategies. Any others are possibly bogus, and part (but just part) of the problem. Make sure that the registry entry points to the legitimate location.

Now, you need to examine the contents of each Hosts file. Look for entries like

127.0.0.1 www.symantec.com

which would make your browser display "404 (Page Not Found)", or similar, when you try to access Symantec.

When examining each Hosts file found, check it very carefully.

>>Top

Scan for viruses using online services
How current is your virus protection? Try one or more free online virus scans services, which should complement your current protection.

>>Top

Download AntiMalware and Corrective Software.
Download free tools to detect and remove malware. Only download each individual product from each server as listed. When dealing with malware, the most current version of all software is essential, so don't use old versions - download new versions before starting.

NOTE: Some malware installs components into the LSP / Winsock layer in the network. Its removal may damage the LSP / Winsock, and damage network functionality in various ways. Download corrective tools, described in Problems With The LSP / Winsock Layer In Your Network, before starting malware removal. Those tools are all very easy to use, and take up very little disk space. Downloading them, before starting malware removal, is a very good idea. Damage LSP / Winsock, and you may not be able to download anything. Download those tools before you start malware diagnosis.

>>Top

Install Software.

  • Create a separate folder for HijackFree, such as C:\HijackFree, and copy the downloaded file there.
  • Create a separate folder for HijackThis, such as C:\HijackThis, and copy the downloaded file there.
  • Create a separate folder for Silent Runners, such as C:\SilentRunners, unzip the downloaded file, and copy "Silent Runners.vbs" there.
  • Create a separate folder for the two TrendMicro files, such as C:\TrendMicro, and copy the downloaded files there (unzipped if necessary).
  • AdAware, CWShredder, and Spybot S&D have install routines - run them.
  • The other downloaded programs can be copied into, and run from, any convenient folder.


>>Top

Scan for Malware.

  • Close all Internet Explorer and Outlook windows.
  • Run Stinger. Have it remove all problems found.
  • Run CWShredder. Have it fix all problems found.
  • Empty your temporary files folders:

    • "C:\WINDOWS\Temp"
    • "C:\Documents and Settings\(Username)\Local Settings\Temporary Internet Files".

  • Disable System Restore.
  • Boot your computer into Safe Mode.
  • Run C:\TrendMicro\Sysclean.com. Delete any infections found.
  • Reboot your computer, and re enable System Restore.
  • Run AdAware. First update it, configure for full scan, then scan. When scanning finishes, remove all Critical Objects found.
  • Run Spybot S&D. First update it, then run a scan. Trust Spybot, and delete everything ("Fix Problems") that is displayed in Red.
  • Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the HJT Log.
  • Run A2 HijackFree, using Windows Explorer. Simply find the folder where you copied "HijackFree.exe", and double click on it. It will run, with no settings or selections needed. Save a log file. Next, hit the Analyze.. button, and it will open a browser window, and analyse its findings against the current Sysinfo malware database.
  • Run Silent Runners, using Windows Explorer. Simply find the folder where you copied "Silent Runners.vbs", and double click on it. It will run, with no settings or selections needed, and create a .txt file in that folder.
  • Interpret your HJT log.
  • Remove any malware found. Alternately, run whole computer heuristic analysis, starting with the HJT log, and including HijackFree.

If removal of any spyware affects network functionality, run the corrective software downloaded above. See Problems With The LSP / Winsock Layer In Your Network for specific advice.

>>Top

Improve Your Chances For the Future.

Now that you've experienced the frustration and uncertainty involved in dealing with malware, do you want to go thru this again? I hope not. So improve your future - layer your security!

Using The Path and Making Custom Program Libraries

If you write a simple script, or download a one component utility, where do you put your script or utility module? Generally, you can put it into any convenient folder on your system. It's your system, after all.

Having copied your script to any convenient folder, Windows has to know to search that folder for your script, when you try to run it. If you run "ipconfig", for instance, Windows looks into "C:\Windows\System32" to find program "ipconfig.exe". Windows knows to search that folder, because "C:\Windows\System32" is in the Path in Windows.

I don't recommend putting any custom files in "C:\Windows\System32", or in any of the other Windows folders, for several reasons. I setup a special folder, C:\Utility, where I put all of my scripts and simple utilities. Having setup and populated "C:\Utility" with several dozen useful programs, when I run one of these utilities from a command window, I like to simplify things a bit.

If I were to simply copy program "MyUtility.exe" into my utility programs folder "C:\Utility", then open a command window, I would expect to run MyUtility as "C:\Utility\MyUtility". Typing "C:\Utility\" gets pretty monotonous after a while. Fortunately, with Windows, you can tell the system to look into your custom program libraries, like "C:\Utility", for any command that isn't entered with a complete path.

The system Path variable contains a list of all system libraries, and you can add your libraries (folders) to the list.

Open the System wizard (either Control Panel - System, or My Computer - Properties), and select Advanced, then Environment Variables. In the System variables window, you'll find an entry for Path. Double click on the Path entry, and you'll get an "Edit System Variable" window, which contains the current value of Path. My current value, for instance, contains:


%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Utility

There are 3 default system entries in there, each separated by a ";".

  • %SystemRoot%\system32
  • %SystemRoot%
  • %SystemRoot%\System32\Wbem


With these three entries, any reference to any module without a specific path will cause the system to automatically search thru the listed folders in the path, in sequence, and load the first copy found of the named module. Remember %SystemRoot% is a system variable, which points to the folder where Windows is installed; in most cases, it's value will be "C:\Windows".

You want to add "C:\Utility" to the Path list. Just open the "Edit System Variable" window, hit the End key (please don't overtype the Path value with just "C:\Utility"!), and type ";C:\Utility". Then hit OK, and OK again.

The next command window that you open will use the new value of Path, and you can run your custom commands without having to type in the path of the custom library. Just be sure to add your custom libraries to the end of the list; you don't want system functions searching thru your libraries, before trying the default ones, and slowing the system down.

NOTE: If all of this is too much trouble for you, you're welcome to run each utility by specifying the complete path, as "c:\utility\myutility" for instance. I simply find it easier to run as "myutility". It's your dime.

For more information, see Microsoft Product Documentation: Path.

>> Top

Using The Network Setup Wizard in Windows XP

There are a lot of network settings in any Windows operating system. The many settings can affect how your computers connect to each other, and to the Internet. The Network Setup Wizard is provided as a part of Windows XP, to make the more common settings, for you. In Windows Vista, you'll use the Network and Sharing Center wizard.

The Network Setup Wizard is most useful when run on a properly designed, setup, and prepared network.

  • Make sure the following network components are installed, in the network items list in (Name of connection) Connection - Properties.
    • Client for Microsoft Networks.
    • File and Printer Sharing for Microsoft Networks.
    • Internet Protocol (TCP/IP)
  • Make sure that the DHCP Client service is running - Started and Automatic.
  • Make sure that the Internet Connection Firewall / Internet Connection Sharing (ICS) (pre-SP2), or Windows Firewall / Internet Connection Sharing (ICS) (SP2) service is running - Started and Automatic.
  • Configure your firewall setup, including installing any third party firewalls, after you run the wizard.


I know of several ways to start the wizard.
  • From (Start - Programs - Accessories - Communications - ) Network Setup Wizard.
  • From Windows Explorer, with Common tasks enabled.
    • In Network Connections, look under Network Tasks.
    • Select
      Setup a home or small office network.
  • From the Help and Support Center.
    • Start Help and Support.
    • Search on "Network Setup Wizard".
    • Under "Pick a task", select "Start the Network Setup Wizard".
      To start the Network Setup Wizard
      You must be logged on to this computer as an administrator to complete this procedure.
      1. Start the Network Setup Wizard.
      2. Follow the instructions on your screen.
    • Select the shortcut in "Network Setup Wizard".


The Network Setup Wizard will run on your computer only if
  1. You are logged in with administrative authority.
  2. Your computer is not joined to a domain.


When you run the Network Setup Wizard, you are given a total of five choices, on two screens, which identify how you connect your home or small office network to each other, and / or to the Internet. See Practicallynetworked XP ICS - Starting the Network Setup Wizard for more graphical instructions.

Alternatives
The Network Setup Wizard is a Windows XP component. If you have a computer running another version of Windows, like Windows 98 or ME, you can run NetSetup. Copy NetSetup.exe from "C:\Windows\System32" to a CD or a USB flash drive, carry the CD or flash drive to the target computer, and run it from there. You are under no obligation to copy anything to any device or drive; any settings that you make on this computer, using the Network Setup Wizard, you can make on another computer, manually. The Network Setup Wizard is simply a convenience tool.

You can do just what NetSetup.exe, or the Wizard, does, on any computer running Windows XP, 2000, 98, or ME.
  • Install any missing network components, from Network Neighbourhood - Properties - Configuration.
    • Client for Microsoft Networks.
    • File and Printer Sharing for Microsoft Networks.
    • TCP/IP.
  • Set the Computer Name, and Network Name, from My Computer - Properties - Computer Name, or Network Neighbourhood - Properties - Identification.
  • Set TCP/IP to obtain IP and DNS server addresses automatically, from Network Neighbourhood - Properties - Configuration - TCP/IP Properties.


Note that the Network Setup Wizard only makes very basic system settings, and doesn't check for the presence and configuration of other computers on the network. If you run the Wizard, and you don't get the results that you expect, you'll need to read either Troubleshooting Network Neighborhood Problems (for local access problems), or Troubleshooting Internet Service Problems (for Internet access problems). You may also benefit from reading Solving Network Problems. Be persistent.

If you cannot run either NetSetup.exe or the Network Setup Wizard, on any computer, you can still setup your network. On a computer with Windows 2000, or in any other case where neither netsetup nor the wizard can be used, you can make all settings manually.

ICS Host
This computer connects directly to the Internet. The other computers on my network connect to the Internet through this computer.

This network configuration uses (KB306126): Internet Connection Sharing (ICS) to share this computer's Internet connection with the rest of the computers on your network. Communication to and from the Internet to all the computers on your network are sent through this computer, called the ICS host computer.

If you're going to use an ICS host to provide Internet service for your network, please use (KB283673): Internet Connection Firewall (Windows pre-SP2), Windows Firewall (Windows SP2), or a third party personal firewall at all times. Please don't ever connect an unprotected computer to the Internet.

Note the other disadvantages and requirements of ICS. You'll have to have two separate network connections (one might be a modem, directly connected). You'll indicate which connection is to be used to connect to the Internet. Other connections on the computer will then be used for sharing the service.

As an ICS Host, the wizard will perform steps 1 - 11, from the list of Actions below.

Gateway (ICS or NAT Router) Client
This computer connects to the Internet through another computer on my network or through a residential gateway.

This computer is part of a home or small office network that connects to the Internet through another computer on the network or using a residential gateway (i.e., a NAT router). If you have another computer on your network that shares its Internet connection, called the ICS host computer, this computer will be able to send and receive e-mail and access the Web, as if it were connected directly to the Internet.

A residential gateway is a hardware device that works similarly to a host computer. Typically, a DSL or cable modem connects to the Internet service, and the residential gateway connects to the modem. Internet communication is shared by the residential gateway to all of the computers on your network.

As a NAT Client, the wizard will perform steps 1-5, then 10-11, from the list of Actions below.

Multiple Direct Internet Connections
This computer connects to the Internet directly or through a network hub. Other computers on my network also connect to the Internet directly or through a hub.

This network configuration typically has an external DSL or cable modem connected to an Ethernet network hub. The other computers on your network are also connected to the network hub. Each computer on the network has a direct connection to the Internet by means of the network hub and DSL or cable modem.

If you are using this configuration for your home or small office network, I highly recommend that you disable file and print sharing on the TCP/IP protocol and enable it on the IPX/SPX protocol. If you share files and folders on your computers using the TCP/IP protocol, they could be seen on the Internet. Only enable IPX/SPX for file and printer sharing if you are using this network configuration for your home or small office.

I do not recommend this network configuration. It exposes all computers on the network directly to the Internet, creating potential security problems. I highly recommend that you use a secure host device, such as a computer running Windows XP with ICS and Windows Firewall enabled, or using a residential gateway.

As a Directly Connected Client, the wizard will perform steps 1-5, then 10, from the list of Actions below.

Single Direct Connection To The Internet
This computer connects directly to the Internet. I do not have a network yet.

Select this option if you only have one computer and it has an Internet connection. The Network Setup Wizard configures this computer to use Windows Firewall, to protect your computer from intrusions from the Internet.

Networked Locally But Not To The Internet
This computer belongs to a network that does not have an Internet connection.

Select this option if you have two or more computers networked together, but don't have an Internet connection. You can have a home or small office network, using Ethernet, a home phoneline network adapter (HPNA), or wireless adapters. If you have different network adapter types, such as Ethernet, HPNA, or wireless devices, installed in your Windows XP computer, the Network Setup Wizard can create a network bridge to allow all of the computers in your network to communicate.

If you're lucky and have Ethernet on both computers, you can use a hub and Ethernet cables to connect your computers. This is, by far, the best choice in your case. If you're connecting just 2 computers, you can even use a cross-over cable, instead of a hub.

Actions Taken By The Wizard

Depending upon the Option selected, the wizard will do any of the following:
  1. Set the computer name, computer description, and workgroup name that you specify.
  2. Install these network components if they're not already present:
    • Client for Microsoft Networks.
    • File and Printer Sharing for Microsoft Networks.
    • TCP/IP.
  3. Share any printers connected to the computer.
  4. Create the "Shared Documents" folder, if it doesn't exist.
  5. Share the "Shared Documents" folder.
  6. Enable Internet Connection Sharing, on the network connection that you specify.
  7. Enable the Internet Connection Firewall (pre-SP2) / Windows Firewall (SP2), on the shared network connection.
  8. Create a Network Bridge, if more than one local area network connection exists.
  9. Configure the local area network connection (or Network Bridge), using IP address 192.168.0.1/24.
  10. Configure the local area network connection, to obtain an IP address automatically.
  11. Install software, to allow the client to control the host's Internet connection.


>> Top

Your Personal Firewall Can Either Help or Hinder You

One of the key elements in a layered defense strategy is a personal firewall on each computer. You need to protect each computer on your LAN from hostile Internet traffic, and sometimes, from hostile traffic coming from other computers on your LAN.

Unfortunately, if you don't setup your personal firewall properly, you can have problems.

A misconfigured or misbehaving personal firewall on one or more computers on your LAN can block access to the server, whether local (on your LAN) or remote (on the Internet), that you need to access. If your problems remain even after you configure your personal firewall, then you will need to try deactivating it, or un installing it.

Deactivating a firewall isn't always an effective solution. Many personal firewalls do not react well to being deactivated - you have to either configure them properly, or un install them. Un installation, depending upon the brand, may require intensive work, and may involve more than running a simple script from Control Panel or All Programs - (Name Of Firewall Product).

Once you deactivate or un install the firewall, you are unprotected. If you must deactivate or un install your firewall, only do this temporarily. If you're connected directly to the Internet (which is simply not a recommended setup, even with a personal firewall on the computer), disconnect from the Internet BEFORE doing this. After you get things working, then re install, reactivate, and configure a firewall on each computer, before reconnecting.

Configuring a personal firewall, to enable access to the desired services, may involve changing one or more settings. Please spend some time reading the documentation for the firewall in question. After reading the documentation, check the appropriate settings. For Windows Firewall, see Windows Firewall and Windows Networking.


  • Select the appropriate Protection ("paranoia") level.

  • Make sure that exceptions are permitted.

  • Select a preset exception or rule.

  • Configure the Trusted Zone. Be sure that the router, the DHCP and DNS servers (if separate), and the other computers on the LAN, are all Trusted. Get this wrong, and you could have various symptoms.
    • Not all computers might be visible in Network Neighbourhood.
    • Other computers might be visible, but in the "Internet Zone".
    • Other computers might be visible, but attempting to access some will result in the much feared "Access Denied".
    • Attempting to access any computer, local or Internet, may return the equally disliked "Name not found" or similar error.

  • Open the appropriate ports.



Please don't make the mistake of running two or more personal firewalls. Running more than one firewall will not add protection, it will just cause confusion and system malfunctions. If you're going to run a third party firewall, you must chose one and only one. Make sure that you're aware of all software products on your computer, that could act as a personal firewall.

  • Do you have an antivirus product (and if not, get one immediately!)? Some antivirus products come bundled with personal firewalls. F-Secure Internet Security, McAfee Internet SecuritySuite, and Norton Internet Security, for example, each contain both antivirus and personal firewalls (F-Secure Personal Firewall, McAfee Personal Firewall and Norton Personal Firewall, respectively). A newly installed Microsoft (KB923157): Windows Live OneCare may be an issue here.

  • Even if your antivirus is NOT part of a bundle, it may have a component that acts like a firewall. Some antitrojan, antivirus, and antiworm products can install components that cause these problems. As every security package struggles to keep up with the bad guys, and with competing products, features are constantly being added. Examine any antitrojan / antivirus / antiworm product with suspicion, when researching any otherwise unexplained network problem.
    • Read the manual / owners guide for your security product.
    • Google / Yahoo for your security product name / version. See if there are any reported similar problems.

  • Recent changes to Internet Explorer (likely the September 2007 security updates) have caused changes in the My Network Places (Network in Windows Vista) display, and possibly access problems.

  • The Microsoft AntiVirus / Personal Firewall bundle, Windows OneCare, doesn't operate as seamlessly as Windows Firewall, under Windows Vista. You may have to check the NetBT setting, or open some ports manually, to get Windows Networking to work with OneCare under Vista.

  • Server Message Blocks, or SMBs, are the lifeblood of Windows Networking. Make sure that all firewalls are setup to pass SMBs properly - whether you're using SMBs directly hosted on IP, or SMBs hosted on NetBIOS Over TCP.

  • Do you have a VPN endpoint on the computer? Many VPN endpoints are bundled with personal firewalls.

  • What network card do you have? Does it have an nVidia chipset? The nVidia nForce is probably the first, but surely not the last, device of this type.

  • Is a NAT router in the center of your LAN?
    • Most NAT routers use only a switch, connecting the LAN ports. But look carefully for a "DMZ", "Isolation Mode", "Virtual Server", or "VLAN" setting - either on a single port, or affecting the entire LAN. These options are becoming more popular on NAT routers which emphasise sharing Internet access, and make peer-peer connectivity optional.
    • Did you just change to a different NAT router? If the router changed recently, check the subnet that it creates. If the subnet has changed, all computers on the subnet, with firewalls or other security components that assign trust by IP address, may have to be updated to reflect the new subnet.

Don't get surprised, and waste a lot of time looking for a solution that may be right under your nose - check for a bundled firewall first.

If you're going to run a third party firewall, you must disable Windows Firewall, but only from the appropriate Control Panel applet - do not make the mistake of stopping the Windows Firewall service. The Windows Firewall service breaks several network services, if it is stopped.

Stop Windows Firewall from either the Security Center, or the Windows Firewall, applet. Settings - Control Panel, then either:
  • Security Center, and select Firewall Off.
  • Windows Firewall, and select Off.

Please leave the Windows Firewall / Internet Connection Sharing (ICS) service Started and Automatic, at all times. See Microsoft Threats and Countermeasures Guide: Chapter 7 for more information. Also, see (KB889320): When you disable the Windows Firewall service... for a problem acknowledged by Microsoft with a Hotfix.

On the other hand, if you decide to un install your newly discovered third party firewall, please read and observe precautions.

>> Top