Updated: 2007-02-28
Created: 2000
MS-Windows has evolved through a number of
authentication and authorization systems, nearly all of
which currently are still supported, and the lasted is
based on Active Directory
which is a layer of Microsoft specific software on top
of widely used standards like
Kerberos,
LDAP
and
DNS,
in a typical
embrace and extend
way.
Since AD and more in general MS-Windows systems need to interoperate, it may be useful to understand the history and some of the peculiar details in order to better confront interoperability issues, and a list of past and and current outlines of MS-Windows authentication systems follows.
MS-Windows 3 )(and related products like MS-Windows for Workgroups was built on top of MS-DOS which id not have any authentication and minimal authorization mechanisms, and therefore implemented some as extensions: one for authentication-only for local access to the PC, and another authorization-only for remote access to files.
MS-Windows 3 authentication was purely for local users with user attributes stored in a PWL file. This file contained barely more than the user name (encoded as the name of the file) and password.
Authorization applied only to remote file access,
and each collection of remote files (a share
) would have a read-only
password and a read-write password.
In particular there was no centralized authentication or authorization system.
Microsoft AD is a layer over Kerberos used for authentication, LDAP used for registration and authorization, and DNS used to publish some aspects of registration.
AD defines a domain
on top of a
Kerberos realm
.
SP2 adds more than 600 new policy settings; the complete list is given here.
MS Outlook is with MS Office the real current (2004) source of
Microsoft customer lock-in, rather than MS Windows. It is the
killer app. Well, it often kills e-mail :-). If you
can, just avoid using it. Otherwise here are some resources,
mostly related to dealing with PST files and archiving and
converting them.
Some user has made a list of MS Knowledge Base articles about MS Internet Explorer that contains well selected, useful and interesting entries.
It also appears that MS IE cache troubles are so common that there is a program that is devoted solely to work around MS IE cache issues.
Refer to the Mozilla extensions and Firefox extensions lists in my Linux, as thanks to XUL they are essentially OS/hardware independent.
When enabling a network interface MS Windows by default creates a multicast route on it which cannot be deleted.
Apparently it cannot be deleted because it is some kind
of virtual
route. But adding a similar
route just overrides the virtual
route, and it can then be deleted.
Something like this works:
route add 224.0.0.0 mask 240.0.0.0 10.0.0.1 10.0.0.1 route delete 224.0.0.0 mask 240.0.0.0 10.0.0.1
Deleting such a route can be useful to prevent packets being multicast on some of the interfaces of a multi-homed node.
Someone has written a
nice utility called WhoLockMe
that lists the processes that hold a lock on a file, and thus
prevent file operations on it.
And someone else has written a nicer
alternative unlocker
on a page that even has a table of the features of
similar utilities.
Axcel's is one of the best sites on obscure and useful Windows tips.
He also as an impressive list of freeish Windows utilities.
It is possible in some way to create a bootable Windows 200x CD-ROM.
Apparently a bug in the Microsoft Java VM allows an adware exploit to install itself.
It is in any case a good idea to completely remove the Microsoft Java VM, and there is a description of how to remove it
Many sites have lists of the patches that are needed to make Windows versions slightly less unreliable and this australian one seems to have nice list.
There is also an official Microsoft FTP site for hotfixes for which there is a convenient HTTP mirror in Germany.
This is actually somewhat well known, and there is a
Microsoft knowledge base article
about it. The fix is to get an updated version of the
USER and USER32 components as follows:
Date Time Version Size File name Platform --------------------------------------------------------------------------- 04/21/2000 11:33a 4.10.2227 55,296 User32.dll Windows 98 Second Edition 04/19/2000 04:02p 4.10.2227 549,760 User.exe Windows 98 Second Edition 08/24/2000 05:05p 4.00.954 44,544 User32.dll Windows 95 (all versions) 08/24/2000 04:54p 4.00.954 462,560 User.exe Windows 95 (all versions)
They also suggest the workaround of disconnecting all mapped network drivers before shutting down. There have been reports that mapped network drivers may cause other problems with games like MechWarrior4 on AMD/VIA based motherboards.
In an article in PC Pro, January 2002, David Moss says that the automagic Windows Update site, which can only be used from Windows and only using IE, is also actually rather behind the times. There are a number of places in the Microsoft web site where updates can be downloaded manually, using any OS and any browser, that are usually kept more up-to-date as they are used by corporate users, and they are:
The SoundBlaster Live! and its variants seem to have a badly misdesigned hardware and software interface, that really poften manifests itself in lockups and incompatibilities with various motherboards, graphics cards, operating system drivers, both under Linux and Windows. It is also rather overpriced.
It is particularly dangerous to leave the SoundBlaster 16 emulation mode enabled.
Some of the problems are described here including a procedure on how to perform a full unistall of the SoundBlaster Live! drivers.
It is usually best to avoid such a poorly misdesigned card, and to get a replacement. Generally, Yamaha and Crystal chipset based cards are good replacements; the Turtle Beach brand ones (e.g. the Sonic Fury mentioned in the link above) seem to be pretty good.
It might help to try disabling ACPI mode, as described below.
NDD is extremely slow
during the directory scan phase when checking volumes after a
Windows crash, during Windows 95 or 98 startup, while the GUI
version of NDD is very fast, once Windows 95 or 98
has started up.Apparently NDD for DOS, the version that
runs to repair volumes after a crash, before Windows 95 or 98
are fully started, does no disk caching of its own, and it
rereads the same blocks on disk over and over; thus one needs to
start smartdrv in the autoexec.bat
file. This probably has no adverse affects after Windows 95 or
98 have started, and it seems to me it speeds up the loading of
Windows 95 or 98 too.
Change Setting... one gets This
resource setting cannot be modified.Thanks to another tips site that I cannot remember, here is
the really obscure solution: there are several possible
default
manually selectable configurations in the properties for a
serial port device (Basic configuration
000n), and only on the last the IRQ can be
modified. The others are fixed. Just select the last then, and
you will be able to set any IRQ. Note: even this is
not allowed for the first two serial ports.
ACPI support under MS Windows 9x or MS Windows 2000 can cause a number of problems, including IRQ conflicts and sharing.
The safest way to make sure that ACPI is disabled under MS Windows 2000 and 98 is to reinstall them with an option that disables ACPI handling.
Making sure that MS Windows 2000 is installed without ACPI
usually requires reinstallation with the /NOACPI
option to the setup program.
However while replacing a non ACPI HAL with an ACPI one is very unadvisable, replacing an ACPI one with a non ACPI one is less risk, and Lindsay R. Ritchie has described a way to switch off ACPI support without reinstalling:
In order to achive this the Windows 2000 computer configuration has to changed from being an ACPI PC to a standard PC. One way of doing this is by updating the COMPUTER driver from being ACPI to Standard PC in device manager (NB ACPI should also be turned of in the BIOS). A few re-boots are required as Windows 2000 then creates a new hardware profile and will detect all hardware again. The proper way of doing this is to cleanly install Windows 2000 on a newly formatted partition. (This of course takes time, but is STRONGLY recommended).
While reinstallation is better, switching ACPI off for MS Windows 98 is safe, unlike for MS Windows 200.
To switch ACPI off in MS Windows 98 the system drivers must be
updated similarly: the ACPI BIOS entry in the System
Devices subtree of the Device Manager
must be removed and the Standard BIOS installed in its place.
For MS Windows 98 enabling ACPI at (re)install time can be done
by using the /p j switch to setup;
similarly, disabling it can be done with the /p i
switch.
In all cases, ACPI support also should be turned off in the BIOS setup screens.
In any case ACPI is essentially useless for desktops (it may be useful for laptops) as a column about ACPI says:
Even once you have a new machine with ACPI support enabled, however, your worries are not over. If you add a new peripheral that is not ACPI-compliant, then you could "break" a previously functioning ACPI setup. Unless every piece in the system is ACPI-compliant, you can't take full advantage of ACPI power savings. This problem also explains why early tests have shown that ACPI was not offering any battery life enhancements over APM on notebooks. (See "Windows systems suck more juice" for more.)
There is also an interesting presentation of ACPI registry entries, that I think was inspired by a Microsoft article for OEMs:
During Windows 98 Setup, ACPI is installed only on systems that are listed on the retail compact disc as good ACPI systems. However, if you have had the system BIOS updated to a fully functioning ACPI BIOS, you can have ACPI installed by using the following procedure.
To install ACPI:
- Flash the BIOS to the latest rev.
- Run Regedit.
- Under
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Detect, add aStringvalue calledACPIOption, and set it to"1"(or use theACPION.REGfile from the downloads page).- In Control Panel, click Add/Remove Hardware and have it run full detection.
To remove ACPI support perform steps 2 through 4, but setACPIOptionto"2".
The settings for ACPIOption are as follows
"0"(or not present): detect only ACPI BIOSes on good list."1": Detect any ACPI BIOS."2": Do not detect ACPI BIOSes (remove support if installed).
It has been reported by a reader of this page that setting that
registry entry to 2 is not sufficient, and one
should also delete the acpi.sys driver file.
Other resources:
Enabling ACPI Support Under Windows 98.
Troubleshooting the Windows 2000 Hardware Abstraction Layer (HAL).
In theory downgrading
DirectX
can cause problems, but usually it does not. There are several
possible solutions, but the simplest is to make the installer
believe that it is actually upgrading, by looking at the
registry key
HKEY_Local_Machine\Software\Microsoft\DirectX
and setting "Version" to for example to
"4.06.00.0000", which makes the installer believe
that DirectX 6 is installed, thus allowing to upgrade DirectX 8
to DirectX 7.
The other method is to use a DirectX uninstaller, of which there are a few, for example:
I found some good pages (to be listed below) and here is a summary for the case where the disk is partitioned using traditional PC-DOS style labels.
The first 63 sectors
(512 bytes each) are
reserved to contain disk related metadata. The first
sector is called
MBR
ad contains 3 main areas:
disk signaturewhich is supposed to identify uniquely the disk, at least within a single system. It may default to zero, in which MS-Windows will change it to some random value.
Each partition may contain whatever or be marked an
extended
partition in which case it has
the same format as a disk, with the first 63 sectors
reserved for metadata, and the first of these sectors
containing an MBR. With some restrictions:
logical partitionand the second optionally describing another extended partition if there is a second logical partition (in other words logical partitions are sort of nested inside each other instead of being logically concatenated).
A non-extended partition, whether primary (defined in the top level partition table) or logical (defined in the partition table of an extended partition) can contain whatever, and the type of othe contents is by convention indicated by a type field in the partition description.
MS-Windows can put a volume inside a partition (the volume can be on its own if the disk is not partitioned) and the volume (or a set of volumes) can contain a filesystem, typically in FAT32 or NTFS format, which have their own type field values.
f the partition contains a static
Microsoft filesystem it must have one of the FAT or NTFS
partition types, and the first 16 sectors contain volume
metadata, of which the first sector is the
partition boot sector
.
The metadata is not part of the filesystem and
describes the volume, which is a container
for the filesystem, and can exist outside of a
partition, where the volume takes up the disk instead
of a slice of it.
The layout and content of the volume metadata is somewhat different dependening on the type of the filesystem contained in the volume, but mostly it contains in the first sector some code to bootstrap, a volunme descriptor, and in the following sectors, more bootstrap code and/or filesystem data.
For a recent NTFS volume the first sector of the metadata contains the bootstrap information for the filesystem in the following fields:
volume serial numberwhich sometimes is only 32 bits and is not the same thing as the
filesystem UUID.
The boot starts with the reset signal to the CPU, which triggers the loading of the BIOS, which then loads the code in the first sector of the first disk, which then loads the code in the active primary partition's first sector.
This is rather more complex code that can traverse the filesystem, and then load the files that initialize the operating system.
The operating system bootstrap code is loaded from the system volume's filesystem, consults the bootstrap configuration file, and then loads the operating system code from the boot volume (which is often the same as the system volume). This then consults the registry, sets up memory, processes, the storage system, and loads the operating system shell.
There are two types of bootstrap code in recent MS-Windows versions, the one used in MS-Windows 3 to MS-Windows XP, and the one used since MS-Windows Vista.
It is often convenient for backup or storage reconfiguration to move around partitions, and also MS-Windows partitions. The NTFS filetrees contained in them can be shrunk or expanded using the ntfsresize tool of the cite class="thing">ntfsprogs collection, so the contents of a partition can be conveniently copied using dd or equivalent, and quickly too as it is a streaming sequential copy (if there are few other streams on the same disks).
Unfortunately most versions of MS-Windows have been designed to partially ignore the partition structure of a storage device, and they rely also and instead on different mechanisms, especially for bootable partitions.
Some terminology is important:
MBRor
GPT.
partition boot sectionis analogous to the MBR but is stored at the beginning of each partition.
system partitionscontain the boot metadata and the bootstrap code for MS-Windows.
boot partitionsw contain the installed MS-Windows system, usually in a subdirectory called WINDOWS.
There are some important details:
When the disk identifier or the offset in sectors from the beginning of the storage device change all disk signatures must be manually updated in all three places where they are relevant:
