Windows 2000 Professional & Server Tips

All of the information, instructions, and recommendations on this Web site are offered on a strictly "as is" basis. Remember "Murphy's Law." Please take the proper precautions before attempting any of the tips or modifications listed here.


Unable to add a shared printer using Add Printer Wizard

Unable to add a shared printer on Windows 2000 Professional using the Add Printer Wizard. The wizard says that it is unable to find the printer.


  1. Open Windows Explorer
  2. Browse to the server that the printer is shared from or type its name in the Windows Explorer address bar. e.g. \\srvr-99
  3. Right click on the printer
  4. Select “Connect.”


[ Top ] [ Home ]


Disable AutoPlay

To disable AutoPlay, otherwise known as Auto Insert Notification, on Windows 2000...

  1. Click the Start button followed by selecting "Run".
  2. Type in "gpedit.msc" and click OK.
  3. Click and expand "Computer Configuration", followed by "Administrative Template", followed by "System".
  4. Double click "Disable Autoplay" and then select "Enable" followed by clicking "OK".


[ Top ] [ Home ]


How to Enable IP forwarding in Windows 2000 Server

To enable a multihomed Windows 2000 box to act as an IP router, you'll need to change the value of IPEnableRouter in the registry. Or, download and merge, IPEnableRouter-Yes.reg. Transmission Control Protocol/Internet Protocol (TCP/IP) forwarding is disabled by default in Windows 2000.

To change the value of IPEnableRouter in the registry, do the following:

    1. Start regedit.exe
    2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    3. Double-click IPEnableRouter
    4. Set the value to 1, then Click OK
    5. Close regedit
    6. Reboot the computer



[ Top ] [ Home ]


DNS Configuration on a Multihomed System

A multihomed computer system is one that has two or more network interface cards, typically configured with each NIC connected to a different network, and the computer acting as a gateway or router between each network.


  1. IP forwarding must already be enabled
  2. The DNS server software should already be installed and configured on this server


  1. On the primary NIC (LAN side), leave the Default Gateway empty
  2. On the primary NIC (LAN side), set Preferred DNS to its own IP address
  3. On the secondary NIC (used for the WAN side) set the Default Gateway to the IP address of the router or gateway on the 2nd network (WAN side).
  4. On the secondary NIC (WAN side), set Preferred DNS to the IP of the primary NIC on this server
  5. DNS Server: Set the Forwarder IP Address:

Configuration, Continued: DNS Server with Proxy:

If you have to go through a proxy server on the WAN side, then:


Primary NIC (LAN)
Secondary NIC (WAN)
IP Address
Subnet Mask
Default Gateway
no entry
Preferred DNS server
Alternate DNS server
no entry
no entry


[ Top ] [ Home ]


How to Enable Logon Screen Shutdown Button in Windows 2000 Server


In Microsoft Windows 2000 Professional, the Shutdown button is available in the Welcome screen after pressing CTRL+ALT+DELETE to log on. However, in Windows 2000 Server, the Shutdown button is not enabled by default.

To enable the Shutdown button for Windows 2000 Workstation and Server:

  1. Start the Group Policy (Local) Microsoft Management Console (MMC) snap-in.
  2. Double-click the following items to open them: Local Computer Policy, Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options.
  3. Double-click Allow system to be shutdown without having to logon, and then change the local policy to Enabled.
  4. Click OK.

The change takes effect when you restart the computer.


[ Top ] [ Home ]


Logon Script Won't Run For Limited User Account


The logon script runs when an administrator level account logs in, but not when a reduced level account logs in.

The problem may be that the limited user account does not have read rights to the NETLOGON share on the server.


  1. From a client computer, login with a limited or user account, then use Windows Explorer and attempt to access the NETLOGON share on the server. If you get an "access denied" message, then the user does not have read rights to the NETLOGON directory.
  2. On the server, open Computer Management > System Tools > Shared Folders > Shares
  3. Then properties for the NETLOGON share.
  4. Then under the Share Permissions tab, add Authenticated Users with allow Read rights.


[ Top ] [ Home ]


Install Windows 2000 Support Tools to get DCDiag.exe and NetDiag.exe

To install the Windows 2000 Support Tools:

1. Start Windows 2000. Note that you must log on as a member of the administrator group to install these tools.
2. Insert the Windows 2000 CD-ROM into your CD-ROM drive.
3. Click Browse this CD, and then open the \Support\Tools\ folder.
4. Double-click Setup.exe, and then follow the instructions that appear on the screen.

Netdiag.exe: Network Connectivity Tester

This command-line diagnostic tool helps to isolate networking and connectivity problems, by performing a series of tests to determine the state of your network client, and whether it is functional. These tests, and the key network status information they expose, give network administrators and support personnel a more direct means of identifying and isolating network problems.

DcDiag.exe: Domain Controller Diagnostic Tool

DCDiag is a command-line tool which analyzes the state of domain controllers in a forest or enterprise and reports any problems to assist in troubleshooting. As an end-user reporting program, DCDiag encapsulates detailed knowledge of how to identify abnormal behavior in the system.



[ Top ] [ Home ]


Restrict Local Login

Start, Run, MMC, and load the Group Policy Snap-in (for the Local Computer), you can go into Local Computer Policy > Windows Settings > Security Settings > Local Policies > User Rights Assignment, and edit the "Access this computer from the network" and "Log on locally" ACL's to meet your needs.

You will want to restrict local login so that regular users won't be able to log into the server.


[ Top ] [ Home ]


DNS and Active Directory Quick Start


  1. The server must have a static IP address
  2. The "Preferred DNS server" must be set to the same IP address as itself
  3. The DNS server software/snap-in is already installed

DNS Configuration

  1. Start the DNS snap-in. To do this, click Start, point to Programs, point to Administrative Tools, and then click DNS.
  2. Use the DNS Configuration Wizard to create a forward lookup zone
  3. Create a reverse lookup zone.
  4. Enable dynamic updates
    1. Right click on the forward lookup zone and select properties from the context menu
    2. On the General tab, change "Allow dynamic updates?" to "Yes"
    3. Click OK
  5. Add a host record to the forward lookup zone for the server, using the computer name as the name for the host record.
  6. Note: Without this host record for the server, the Active Directory Installation Wizard (dcpromo) may not recognize that DNS is already installed and configured.

  7. Open a Command Prompt
  8. netdiag enter , to verify that DNS is configured properly
  9. The DNS Configuration Wizard may have automatically created an additional forward lookup zone with a period "." for its name. This "root" zone should be deleted to allow the DNS server to forward requests to your ISP's DNS servers for lookups. This setting designates the Windows 2000 or Windows Server 2003 DNS server to be a root hint server. If you do not delete this setting, you may not be able to perform external name resolution to the root hint servers on the Internet.

Active Directory Installation

  1. Open a Command Prompt
  2. type dcpromo Enter
  3. Follow the prompts to install Active Directory
  4. Reboot when prompted
  5. Open a command prompt
  6. type dcdiag enter, to verify that Active Directory is configured properly.

See: Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS


[ Top ] [ Home ]



Copyright ©1996 - 2018 Chin. All Rights reserved Instagram Twitter YouTube Reproduction without explicit permission is prohibited. See: Terms of use