Using the Command Line Interface

Using the command-line interface, the qmsecmethods switch requires a seemingly daunting syntax to add custom security methods, but it's quite logical once you break it into its component parts. To create a custom security method, you use one of the following three string formats ESP ConfAlg,AuthAlg k s Specifies an ESP encryption and integrity algorithm, but no AH integrity algorithm. ConfAlg refers to the ESP encryption algorithm, and can be either DES or 3DES. AuthAlg refers to the ESP...

Using a Command Line Interface

The following command creates a new IP filter for the Web Server filter list, with a source IP address of my IP address (ME), a destination IP of any IP address, and a destination port of TCP 80 > netsh ipsec static add filter filterlist Web Server srcaddr ME dstaddr ANY protocol TCP description Controlling web server traffic mirrored yes dstport 80 The following command deletes the IP filter created in the previous example > netsh ipsec static delete filter filterlist Web Server srcaddr ME...

Modifying the DNS Search Order Problem

You want to change the order of the DNS servers that a Windows Server 2003 computer consults for DNS name resolution. 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol (TCP IP), and select Properties. 4. Verify that the radio button next to Use the Following IP Address is selected, and that the IP address, subnet mask, and default gateway are configured. 5. Click on Advanced and select the DNS tab. Use the Add button to add...

Configuring Dead Gateway Detection Problem

You want to configure dead-gateway detection on a Windows Server 2003 computer so that the computer can continue to route traffic even if its default gateway becomes unavailable. To enable dead-gateway detection for a Windows Server 2003 computer, set the following Registry value HKEY_LOCAL_MACHINE SYSTEM Current Control Set Services Tcpip Parameters To disable dead-gateway detection, set the previous DWORD value to 0 (false). Using VBScript This code enables dead-gateway detection for all...

Is WINS Obsolete

Prior to the release of Windows 2000, NetBEUI was one of the two primary network protocols in use on Windows networks, the other being TCP IP. NetBEUI is a lightweight, non-routable, broadcast-based protocol that requires little to no configuration. NetBEUI does not require the presence of WINS, since there are no IP addresses related to NetBIOS names. Windows 2000 was released with much fanfare regarding its implementation of Active Directory and Domain Name Service (DNS). Administrators were...

Configuring an Alternate IP Configuration Problem

You want to manually configure an alternate TCP IP configuration for a Windows Server 2003 computer that has a dynamically assigned address. This creates a static IP address that a machine can use if it is unable to obtain an IP address automatically. 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol (TCP IP), and select Properties. 4. Select the Alternate Configuration tab. Select the radio button next to User Configured....

Assigning Multiple IP Addresses Problem

You want to assign multiple IP addresses to a single NIC on a Windows Server 2003 computer. 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol (TCP IP), and select Properties and then Advanced. 4. In the IP Addresses section, click on Add. Specify the IP address and subnet mask of the additional IP address, and then click OK. 5. Click Close when you're finished. Note To remove an additional static IP address that you've...

Managing WINS Server Lookups Problem

You want to add or remove a WINS server address that's used by a Windows Server 2003 computer for NetBIOS name lookups. 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol (TCP IP), and select Properties. 4. Verify that the radio button next to Use the Following IP Address is selected, and that the IP address, subnet mask, and default gateway are configured. 5. Click on Advanced. From the WINS tab, click Add and enter the IP...

Configuring NetBIOS Options Problem

You want to configure NetBIOS options on your Windows Server 2003 computer. These options include using DNS as a secondary method of NetBIOS name resolution, configuring a NetBIOS scope ID, and configuring the use of an Lmhosts file. To enable Lmhosts lookups via the GUI, follow these steps 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol (TCP IP), and select Properties. 4. Click on Advanced. From the WINS tab, place a...

Configuring the Computer Host Name Problem

You want to change the name of your Windows Server 2003 computer. 1. Right-click on My Computer and select Properties. 2. From the Computer Name tab, select Change. 3. Enter the new computer name in the Computer Name text box. 4. Click OK twice, and reboot when prompted to do so. The following command renames the local computer to the name Computer2 (change this as appropriate for your environment) > wmic COMPUTERSYSTEM SET Name Computer2 Note You need to reboot the local computer for the new...

Configuring NetBIOS over Tcpip Problem

You want to configure the NetBIOS over TCP IP settings for a Windows Server 2003 computer. 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol (TCP IP), and select Properties. 4. Click on Advanced. From the WINS tab, select the radio button next to one of the following settings for NetBIOS over TCP IP Use NetBIOS settings from the DHCP server. (This is the default. If a static IP address is used or the DHCP server does not...

Click OK to save your settings Using a Command Line Interface

The following command will configure stateful protection during computer startup > netsh ipsec dynamic set config bootmode value stateful The following command will configure IPSec to block all incoming traffic during computer startup > netsh ipsec dynamic set config bootmode value block Using the Registry To configure a computer to block traffic until an IPSec policy is applied, configure the following Registry key OperationMode dword 1 Set this value to 0 to permit all traffic, or to 3 to...

Managing DNS Suffixes Problem

You want to add, modify, or delete the DNS domain name suffixes that are used by a Windows Server 2003 computer, also referred to as the domain suffix search order. The domain name suffix order helps Windows resolve an unqualified name that is, a computer name that does not have a domain name appended to it. 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol (TCP IP), and select Properties. 4. Verify that the radio button...

Solution

To confirm that your computer is configured with a static IP address, do the following 1. Open the Network Connections applet. 2. Right-click on the Local Area Connection icon and select Properties. 3. Click on Internet Protocol (TCP IP), and select Properties. 4. Confirm that the radio button next to Use the Following IP Address is selected. 5. Confirm that the appropriate configuration information is present in the IP Address, Subnet Mask, and Default Gateway text boxes. 6. Click Close when...

Configuring Automatic Private IP Addressing Apipa Problem

You want to enable or disable Automatic Private IP Addressing APIPA on a Windows Server 2003 computer. To disable APIPA for a particular adapter, create the following Registry value GUID gt To disable APIPA for all adapters installed in a particular computer, create the following Registry value no reboot is necessary Note If either of these Registry entries is not present, the operating system assumes a default value of 1. This means that APIPA is turned on and enabled on all Windows Server...

Configuring ICMP Traffic

Double-click on the Local Area Connection icon. 3. From the Advanced tab, click Settings. This will launch the Windows Firewall Control Panel applet. 4. From the Advanced tab, click the Settings button in the ICMP section. 5. In the ICMP Settings section, place a check mark next to the ICMP packets that you want to allow Allow incoming echo request Allow incoming timestamp request Allow incoming mask request Allow incoming router request Allow outgoing destination unreachable Allow outgoing...

Configuring a Gateway Metric Problem

You want to specify the gateway metric for the default gateway on a Windows Server 2003 computer. 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol TCP IP , and select Properties and then Advanced. 4. In the Default Gateways section, highlight the gateway whose metric you want to modify, and click on Edit. Clear the check mark next to Automatic Metric, and enter a numerical value in the Interface Metric text box. 5. Click OK...

Configuring DNS Servers Used for Name Resolution Problem

You want to configure the DNS servers that will be used for name resolution on a Windows Server 2003 computer. 1. Open the Network Connections applet. 2. Double-click on the Local Area Connection icon. 3. Click on Internet Protocol TCP IP , and select Properties. 4. Verify that the radio button next to Use the Following IP Address is selected, and that the IP address, subnet mask, and default gateway are configured. 5. Fill in the IP address of the primary DNS server in the Preferred DNS Server...

Netsh Ras Add Registeredserver

You can register your RRAS server in Active Directory by doing the following 1. Start the Active Directory Users and Computers administrative console from the Administrative Tools folder in the Start menu, or directly from systemroot system32 dsa.msc. 2. Expand the tree in the left pane, and select the Users node. 3. Double-click RAS and IAS Servers in the right pane. 4. Select the Members tab, and click the Add button. 5. Click the Advanced button, and then click the Object Types button....

Account Lockout Policy Command Line

To configure an individual computer to lock out a user account after three invalid remote access authentication attempts, modify the following Registry value Parameters AccountLockout MaxDenials dword 3 Note Set this value to 0 to disable remote access account lockouts. To configure an individual computer to lock out a user account for 30 minutes, modify the following Registry value Parameters AccountLockout ResetTime mins dword 30 Note By default, the Registry Editor displays this value in...