Browsing "Windows 2000"

How can I let users search, but not browse, Active Directory (AD)?

You can use either a policy setting or the registry to configure AD for browsing. To use the policy setting method, perform the following steps:

Open Group Policy with the Group Policy Editor (GPE).
Navigate to User Configurations, Administrative Templates, Desktop, AD.
Double-click “Hide Active Directory folder.”
Select the Policy tab.
Click Enabled, and click OK.
Close the policy.

To use the registry to complete the same task, perform the following steps:

Start the registry editor (e.g., regedit.exe).
Navigate to HKEY_CURRENT_USERSOFTWAREPoliciesMicrosoft.
If the Windows key doesn’t exist, click Edit, New, Key to create the key.
Look for “Directory UI” under the Windows key, and if it doesn’t exist, click Edit, New, Key to create the key.
From the Edit menu, select New-DWORD Value.
Enter a name of HideDirectoryFolder, and press Enter.
Double-click the new value, set it to 1, and click OK.
Close the registry editor.

Jul 13, 2004 - General, Windows 2000    No Comments

How can I suppress the standard machine beep noise in Windows 2000 and later?

Even if you mute your system, certain events will still trigger the system beep. To suppress these system-level beeps, perform the following steps:

Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_CURRENT_USERControl PanelSound subkey.
Double-click Beep, set the value to “no”, and click OK.
Close the registry editor.
Log off and log on for the change to take effect.

How can I let users log on to the domain when they can’t contact the Global Catalog (GC)?

When a native-mode user logs on to the domain, a GC checks Universal group memberships. If the user can’t contact a GC, the logon will fail. To let users log on even though they can’t contact the GC, perform the following steps on the servers that service the client logons:

1. Start a registry editor (e.g., regedit.exe) on each domain controller (DC).
2. Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa registry subkey.
3. From the Edit menu, select New, DWORD Value.
4. Enter the name IgnoreGCFailures, set the value to 1, then press Enter.
5. Close the registry editor.
6. Restart the DC.

Be aware that performing these steps can cause security problems. For example, imagine that you’re a member of the Universal group that’s denied access to a particular network resource. If your system can’t contact the GC when you log on, your user token won’t have the SID of the Universal group. In that case, you might be able to access the denied resource just as if you weren’t a member of the Universal group.

What’s the Account Lockout Status tool?

The Account Lockout Status tool (lockoutstatus.exe) displays lockout information for a specified user by querying every contactable domain controller (DC) in the user’s domain. You can download the Account Lockout Status tool at Link
You can also check a user’s lockout information at the command line. To do so, enter the command


where –u is the username.

Jun 20, 2004 - Windows 2000    No Comments

How can I force Terminal Server to terminate a disconnected client session

When a Terminal Server client abnormally (power failure, network failure, etc..) loses their connection to the Terminal Server, their session may not be marked as disconnected. When the client logs on again, a new session is created, leaving the origonal session active, consuming resources.

To fix this problem, apply the latest Terminal Server Service Pack. Then use Regedt32 to navigate to:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server

On the Edit menu, Add Value name KeepAliveEnable as a type REG_DWORD. Set the data value to 1. The default is 0.

Use the Connection Configuration tool to double-click rdp-tcp, and click Advanced.
Locate the On a broken or timed-out connection, connect action the session line. Then:

Clear the Inherit User Config check box.
Check Disconnect.
Press OK.

With these settings, KeepAliveEnable will use Carrier Loss Detection,
polling each client every (KeepAvileInterval / #sessions), to disconnect the client session.

Jun 20, 2004 - Windows 2000    No Comments

Windows 2000 issues no warning when you are logged on using cached credentials

In Windows NT, if a domain controller can not be contacted, and you are not a new user of the workstation, you receive:

A domain controller for your domain could not be contacted.
You have been logged on using cached account information.
Changes made to your profile since you last logged on may not be available.

In Windows 2000, the message is suppressed by default.
To enable the message, you must edit the registry of each Windows 2000 member. Use Regedt32 to navigate to:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

On the Edit menu, Add Value name ReportControllerMissing and set this string value (type REG_SZ) to uppercase TRUE. The default is FALSE. This enables reporting for the workstation.

To enable reporting for the users, set the ReportDC value to 1.

Jun 20, 2004 - Windows 2000    No Comments

How do I crash Windows 2000 with a few key strokes

Sometimes, a Memory.dmp is helpful.

If you want to be able to create one with a few keystrokes:
1. Navigate to:


2. On the Edit menu, Add Value name CrashOnCtrlScroll, as a type REG_DWORD. A data value of 1 enables this feature. A missing Value Name, or a data value of 0, disables it.
3. Shutdown and restart your computer.
To crash your system, with:

*** STOP: 0x000000E2 (0x00000000,0x00000000,0x00000000,0x00000000)
The end-user manually generated the crashdump.

1. Hold down the right hand Ctrl key.
2. Press the ScrLk twice.

Jun 20, 2004 - Windows 2000    No Comments

Is there an alternative to start menu scrolling in Windows 2000?

In Windows 2000, the default is to scroll the start menu.

You can alter this behavior using Start / Settings / Taskbar & Start menu … / Advanced. Uncheck Scroll the programs menu and press OK.

You can also alter the registry at:


Edit StartMenuScrollPrograms, a type REG_SZ, and set the string to NO. You will need to restart your computer.

Related Posts Plugin for WordPress, Blogger...