Windows XP, 2000, NT4 File Sharing

Windows XP, 2000, NT4 File Sharing and Networking

1. Description of the IPC$ share

The IPC$ is a hidden share maintained by the Server service (Disabling the service will remove the share). The IPC$ share is used for performing RPC (Remote Procedure Call), allowing the client to send different commands to the server:
  • List all shares
  • List all users
  • List files within a share
  • Stop/Start services
  • ...
Certain commands can be accessed anonymously through a NULL session depending on the configuration of the server. If the command cannot be called anonymously, then the client has to authenticate. Access is granted if the client can provide proper credentials (username and password), that matches an account on the server. If not able to do this, then the user at the client machine will get an error like:
IPC$, The domain password you supplied is not correct

You must supply a password to make this connection:

Incorrect password or unknown username for:
Note it is possible to access the IPC$ share of a server by using a different credentials, than those used when logging on the client machine. (Even if needing to use a domain-user to access a server from outside the domain).
net use q: \\10.0.0.2\c$ [password] /user:[domain\]username
Note Windows 95/98/Me doesn't support logon with different credentials. Therefore one have to make sure the userid and password on the Win9x machine matches one of the accounts on the WinNT machine. This can be done by using one of the following options: Note if sure that the account is properly setup then one can configure an audit to see what account name is used to login to the machine.

More Info MS KB Q101150
More Info MS KB Q139592
More Info MS KB Q162325
More Info MS KB Q258717
More Info MS KB Q262916

2. Stop the hidden Administrator share

By default the drive letters are shared (C$, D$, etc.) as hidden shares for Administrator access. Even if you delete the shares manually they will be recreated at next bootup.

To remove these shares for good add the following DWORD registry values :

NT Server :
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
AutoShareServer=0
NT Workstation :
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
AutoShareWks=0
Note that the IPC$ share will not be removed by setting these registry values.

Note that it will only stop Windows from creating the shares at startup, one have to delete the admin shares one self, but only once after changing the above registry keys. Besides using the standard interface for removing the shares, one can also find and delete the shares by editing the registry database at this location:
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Shares]

More Info MS KB Q125996
Note the administrative shares are required by Microsoft Operations Manager (MOM) and Microsoft Systems Management Server (SMS), and have to be enabled on the client machines for them to function properly.

More Info MS KB Q245117
More Info MS KB Q288164 (Replaces Q318751)
More Info MS KB Q314984
More Info MS KB Q318755
More Info MS KB Q816113
More Info MS KB Q816524
More Info MS KB Q842715 (Description of side-effects)

3. Hide your computer from the network

Every 12 mins the Server Service will announce itself to the Master Browser on each protocol installed. If having a 1000 clients doing this on two protocols like the TCPIP- and Netbios-protocol, then it will lead to 10000 packets/hour.

One can stop this announcement / broadcasting by adding this DWORD value in the registry:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanServer \Parameters]
Hidden = 1
One can also configure the machine not to show on the network using command line:
net config server /hidden:yes
Note it may take up to half an hour before being removed from the browser list and become invisible in the Network Neighborhood/My Network Places.

Related Make your network shares hidden
Related Control Master Browser

More Info MS KB Q265284
More Info MS KB Q314498

4. Make WinNT4 faster at receiving files

Typically when sending files to a remote WinNT4 system, then CORE SMB mode is used, which is slow. The following table describes the typical transfer modes used in different situations:

Initiator Operation Remote System Transfer Mode
WinNT4 Receive From WinNT4 RAW SMB (64 KB)
WinNT4/Win2k Send To WinNT4 CORE SMB (4 KB)
Win2k Send / Receive Win2k CAP_LARGE_FILE (60 KB)
Win2k Receive From WinNT4 CAP_LARGE_FILE (60 KB)

It is possible to change how much it should send/receive in CORE SMB mode with the DWORD value (Server service will use more RAM):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \lanmanserver \parameters]
SizReqBuf = 17424 (Default=4356 Bytes, More than 512 MB RAM=16384 Bytes, Range 1024-65536)
Note if using a WinNT4 as a print server then increasing this value will improve the speed of transferring the print job to the WinNT4 machine.

Note if using a large CORE SMB buffer and at the same time making small requests (Directory listings), then delayed ACK might cause low performance.

Note if on a high latency network, then increasing this value might cause improvement in transfer speed.

More info MS KB Q123819
More info MS KB Q151996
More info MS KB Q152081
More info MS KB Q177266
More info MS KB Q223140
More info MS KB Q279282
More info MS KB Q320829

5. Control Master Browser

One can control how a computer participate in the Master Browser election, with these STRING registry keys :
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Browser \Parameters]
MaintainServerList = "Auto" (Pro = "Auto", Server = "Yes", Off = "No")
IsDomainMaster = "True" (On = "True", Off = "False", Default = "False")
The MaintainServerList controls if it should participate in the election at all.
The IsDomainMaster gives the computer a higher priority in the election.

Note to discover/detect the current master browser on the network use the reskit tools browmon or browstat.

Note if the service Computer Browser is disabled then the computer will not participate in the election. Setting MaintainServerList = No will keep the Browser service from starting, any attempt will give the following error:
A service specific error occurred: 2550.

More help is available by typing NET HELPMSG 3547
More Info MS KB Q112595
Related Description of Master Browser in the Microsoft Network
Related Hide your computer from the network

More Info MS KB Q136712
More Info MS KB Q191611
More Info MS KB Q818092 (Includes browstat)

Credits pureperformance.com

6. Configure SMB signing

It is possible to configure WinNT SP3+ to increase the network security by enabling SMB signing, though enabling it will cause a performance hit because the security requires extra processing.

Server Signing in WinNT4/2k/XP :
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanManServer \Parameters]
EnableSecuritySignature = 0 (Disabled = 0, Enabled = 1)
RequireSecuritySignature= 0 (Disabled = 0, Enabled = 1)
Client Signing in WinNT4 SP3+ :
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Rdr \Parameters]
EnableSecuritySignature = 0 (Disabled = 0, Enabled = 1)
RequireSecuritySignature= 0 (Disabled = 0, Enabled = 1)
Client Signing in Win2k/XP :
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanManWorkstation \Parameters]
EnableSecuritySignature = 0 (Disabled = 0, Enabled = 1)
RequireSecuritySignature= 0 (Disabled = 0, Enabled = 1)
Note the standard policy for Domain Controllers and Windows 2003 is to use SMB Signing, so if using such device as a fileserver in a trusted network, then one might consider disabling SMB Signing.

Note one might experience "Delayed Write Failed"-errors when saving/writing to files on network share. This is caused by an error in SMB signing and it can be fixed by updating Win2k and WinXP according to this article. More Info MS KB Q814112. Another solution is to set EnableSecuritySignature = 0.

Note to disable SMB Signing for all Domain Controllers in an Active Directory:
  1. Open Active Directory Users and Computers
  2. In the console tree, right-click Domain Controllers and click Properties
  3. Select the Group Policy tab.
  4. Click Default Domain Controllers Policy and click Edit
  5. Under Security Options right-click Microsoft network server: Digitally sign communications (Always) and select properties
  6. Set it to disabled
Related Description of SMB Signing
Related Delayed TCPIP ACK can cause slow network throughput with SMB signing

More info MS KB Q161372
More info MS KB Q199714
More info MS KB Q321169
More info MS KB Q811497
More info MS KB Q814112
More info MS KB Q839499
More info MS KB Q887429

Credits www.jsiinc.com

7. Configure Password Encryption level over network

A low Password Encryption level is used by default to give a higher level of compatibility, but makes it easy for an intruder to use a network sniffer for discovering other user's username and password.

Configure the Lan Manager Compatibility level (WinNT4 SP6+):
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \control \LSA]
LMCompatibilityLevel = 3 (Default = 0)

0 = Client uses LM and NTLM, Domain Controller accepts LM, NTLM and NTLM 2
1 = Client uses NTLM2 if possible else LM and NTLM, Domain Controller accepts LM, NTLM, NTLM 2
2 = Client uses NTLM2 if possible else NTLM, Domain Controller accepts LM, NTLM, NTLM 2
3 = Client only uses NTML2, Domain Controller accepts LM, NTLM, NTLM 2
4 = Client uses NTLM2 if possible else NTLM, Domain Controller accepts NTLM, NTLM 2
5 = Client only uses NTLM2, Domain Controller accepts only NTLM 2
Configure the NT LanManager (NTLM) Security Support Provider (SSP) (WinNT4 SP4+):
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \control \LSA \MSV1_0]
NtlmMinClientSec = 0x20080030 (Default 0)
NtlmMinServerSec = 0x20080030 (Default 0)

0x20080030 = 128 Bit, NTLM2, Message Confidentiality, Message Integrity
The LanManager can be configured not to require Challenge/Response(CHAP), but also allow Password Authentication Protocol(PAP) (WinNT4 SP3+):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Rdr \Parameters]
EnablePlainTextPassword = 1 (Default = 0 and the most secure)

More Info MS KB Q166730
More Info MS KB Q256322
The LanManager can be configured not to require Challenge/Response(CHAP), but also allow Password Authentication Protocol(PAP) (Win2k+):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanWorkStation \Parameters]
EnablePlainTextPassword = 1 (Default = 0 and the most secure)

More Info MS KB Q224287
Related Description of password encryption level over network

More Info MS KB Q236414
More Info MS KB Q318266

8. Configure network performance in WinNT/2k/Xp

MaxCmds specifies the maximum outstanding network requests for the client to the server, which is used when negotiating a Server Message Block (SMB) connection with a server.
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanWorkstation \Parameters]
MaxCmds = 100 (The range is 0 - 255(NT4) - 65535(Win2k) and the default is 15)
MaxMpxCt specifies the maximum outstanding network requests for the server per client, which is used when negotiating a Server Message Block (SMB) connection with a client. Note if the value is set beyond 125 older Windows 9x client will fail to negotiate.
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
MaxMpxCt = 100 (The range is 0 - 100(NT4) - 65535(Win2k) and the default is 50)

More Info MS KB Q232890
MaxWorkItems specifies how many active requests the server will handle at once (Besides those outstanding) before it starts to reject or throttle incoming requests. Note the default value is calculated and is based upon the total amount of RAM and CPU's, and it should only be changed on servers where the calculated value is not enough to handle all client requests (The value should at least be 4 times the value of MaxMpxCt).
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
MaxWorkItems = 512 (The range is 0 - 64(Prof.) - 65535 (Srv.))
The MaxFreeConnections and MinFreeConnections controls how many connection objects, which are preallocated. The preallocation requires extra memory, but enables faster handling of network requests.
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
MinFreeConnections = 4 (2 = Minimize, 2 = Balance, 4 = Sharing, 4 = Network Applications)
MaxFreeConnections = 8 (2 = Minimize, 4 = Balance, 8 = Sharing, 8 = Network Applications)

More Info MS KB Q245080
More Info MS KB Q909262
The MaxThreads specifies how many threads is allowed to run at once, each thread allows one outstanding operation. By increasing this you can increase the amount of simultaneous work. Each extra execution thread will take 1 Kbyte of additional nonpaged pool memory.
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanWorkstation \Parameters]
MaxThreads = 30 (The range is 0-255 and the default is 17)

More Info MS KB Q115522
The MaxCollectionCount specifies how much data there can be stored in a named pipe before a write operation is triggered. Increase this value can increase performance for applications which uses named pipes, as it will lower the amount of write operations.
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanWorkstation \Parameters]
MaxCollectionCount = 32 (The range is 0-65535 and the default is 16)
Related Make WinNT4 faster at receiving files

More Info MS KB Q102967
More Info MS KB Q221790
More Info MS KB Q232476
More Info MS KB Q271148
More Info MS KB Q317249

Credits regedit.com

9. Speed up access to Win9x shares in Win2k/WinXP

Accessing Win9x/Me shares can be slow, this can be caused by remotely checking for scheduled tasks and printers on the Win9x/Me machine.

To disable this checking go to this registry key:
[HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \Explorer \RemoteComputer \NameSpace]
There you will find these sub-keys:
{D6277990-4C6A-11CF-8D87-00AA0060F5BF} (Scheduled Tasks)
{2227A280-3AEA-1069-A2DE-08002B30309D} (Printers)
By deleting these sub-keys the checking will be disabled.

Note a backup should be made of the registry keys before deleting them in case one need to restore it.

More Info MS KB Q245800

Credits jsiinc.com

10. How to enable Win9x filesharing in Windows 2000

It is advised to create an account with a secure password for each user, who should have access to a share MS KB Q258717. But some times it is just too cumbersome, even if one creates a group containing all the users which should have access.

Enable the guest account, so everyone will use that to access your shares:
  1. Go to "Computer Management" -> "Local Users and Groups" -> "Users"
  2. Double click the "Guest" user
  3. Make sure the checkbox "Account is disabled" is unchecked and press "Ok" button
  4. Right click the "Guest" user and select "Set Password" and just let the password be empty
  5. Now make your shares using the Guest account and everyone should have access with no password. (Remember that by default Win2k gives full permissions to the shares you create)
Enable listing of your shares More Info :
  1. Start the Local Security Policies snapin
  2. In the treeview go to "Local Policies" -> "Security Options"
  3. Check that the setting "Additional restriction for anonymous connection" is set to "None, Rely on default permissions"
Make sure your security policy allow network access for everyone:
  1. Start the Local Security Policies snapin
  2. In the treeview go to "Local Policies" -> "User Rights Assignment"
  3. Check that "Access this computer from the network" has these groups included "Guests" and "Everyone"
  4. Check that "Deny access to this computer from the network" doesn't contain the above groups
Remember to reboot after setting security policies so they take effect.

Note the above settings only opens the policies for allowing guests to access the computer. When making a share one have to allow guests to access the share, and if the folder being shared is placed on a NTFS drive, then one have to Set NTFS permissions to allow guest access.

If one continue to have problems with security policies, then try to import default policies "basicwk.inf" and "compatws.inf" MS KB Q234926

Note if one continue to have network problems then check Creating a Local Area Network

11. How to enable Win9x filesharing in Windows XP

The default configuration of WinXP is to use Simple Filesharing, which is just as easy as the Win9x filesharing. Just right-click a folder and select share. This share will now be available to anyone without needing to provide password or anything.
Simple Filesharing uses the Guest account (even if the account is disabled), but it requires that "Access this computer from the network" includes Everyone and Guest.

If using WinXP Pro and wants mixed environment where guest should have access to a limited set of folders and special users access more folders, then one have to disable Simple Filesharing (Not possible in WinXP Home):
  1. Start Button -> My Computer
  2. In the menu of My Computer select "Tools" -> "Folder Options"
  3. In "Folder Options" select the "View" fan
  4. Uncheck the setting "Use Simple File Sharing (Recommended)"

    This change should be reflected in this registry key:
    [HKEY_LOCAK_MACHINE \SYSTEM \CurrentControlSet \Control \Lsa]
    ForceGuest = 0

    More Info MS KB Q290403
    More Info MS KB Q307874
It is advised to create an account with a secure password for each user, who should have access to a share. But some times it is just too cumbersome, even if one creates a group containing all the users which should have access.

Enable the guest account, so everyone will use that to access your shares:
  1. Start the Local Security Policies snapin
  2. Expand "Local Users" -> "Users"
  3. Right click the "Guest" account and select "Properties"
  4. Uncheck "Account is disabled"
Enable listing of shares More Info :
  1. Start the Local Security Policies snapin
  2. Expand "Local Policies" -> "Security options"
  3. Check that the setting "Network access: Do not allow anonymous enumeration of SAM accounts and shares " is set to disabled
Enable access of shares using empty password:
  1. Start the Local Security Policies snapin
  2. Expand "Local Policies" -> "Security options"
  3. Check that "Accounts: Limit local account use of blank passwords to console login only" is disabled
  4. It should be reflected with this DWORD registry value:
    [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Lsa]
    LimitBlankPasswordUse = 0

    Note this will leave all accounts with no password unprotected. Making it possible to perform login over the network.
Make sure your security policy allows network access for everyone:
  1. Start the Local Security Policies snapin
  2. Expand "Local Policies" -> "User Rights Assignment"
  3. Check that "Access this computer from the network" has these groups included "Guests" and "Everyone"
  4. Check that "Deny access to this computer from the network" doesn't include "Guests" and "Everyone"
If wanting to give extra rights to some accounts, then disable that all network logins gets guest access when in a workgroup :
  1. Start the Local Security Policies snapin
  2. Expand "Local Policies" -> "Security options"
  3. Check that "Network access: Sharing and security model for local accounts" is set to "Classic: local users authenticate as themselves"
Remember to reboot to make sure settings are activated.

Note the above settings only opens the policies for allowing guests to access the computer. When making a share one have to allow guests to access the share, and if the folder being shared is placed on a NTFS drive, then one have to Set NTFS permissions to allow guest access.

Note if one continue to have network problems then check Creating a Local Area Network

More Info Windows XP Professional File Sharing
More Info Windows XP Professional Security Policies
More info MS KB Q304040

12. Configure SMB use of Netbios

With Windows 2000 the first move away from netbios was made. Instead DNS should be used for name resolution and SMB Direct Hosting at TCPIP port 445 for requests instead of port 139.

By standard both port 139 and 445 is open to get the highest degree of compatibility. A client will try to request on both ports and continue the communication on the port which responds first.

To disable SMB use of Netbios port 139 (Forces use of port 445):
  1. On the Start menu, point to Settings, and then click Network and Dial-up Connections
  2. Right-click Internet facing connection, and then click Properties.
  3. Select Internet Protocol TCP/IP and select Properties
  4. Click Advanced and select the WINS tab
  5. Tick Disable NetBIOS over TCP/IP and click Ok
To disable SMB use of port 445 with this DWORD (Forces use of port 139):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \NetBT \Parameters]
SMBDeviceEnabled = 0
To disable SMB use of port 139 and 445 (Disables nbt.sys driver):
  1. Right-click My Computer on the desktop, and then click Manage.
  2. Expand System Tools, and then select Device Manager.
  3. Right-click Device Manager, point to View, and then click Show hidden devices.
  4. Expand Non-Plug and Play Drivers.
  5. Right-click NetBios over Tcpip, and then click Disable.
To disable SMB completely:
  1. On the Start menu, point to Settings, and then click Network and Dial-up Connections
  2. Right-click Internet facing connection, and then click Properties.
  3. Select Client for Microsoft Networks, and then click Uninstall.
  4. Follow the uninstall steps.
  5. Select File and Printer Sharing for Microsoft Networks, and then click Uninstall.
  6. Follow the uninstall steps.
Related Configure SMB signing in WinNT+

More Info MS KB Q204279
More Info MS KB Q253959

Credits ntsecurity.nu

13. Prevent recent share listing in My Network places

In Win2k/XP when you visit shares then they get listed in "My Network Places".

In Win2k one can prevent this behavior by changing the following user policy:
  1. Run the program MMC using "Start Button" -> "Run..."
  2. In the program menu select "Console" -> "Add/Remove Snap in"
  3. Press the button "Add" and select "Group Policy" and press "Ok"
  4. In the Console Window go to this folder "Local Computer Policy" -> "User Configuration" -> "Administrative Templates" -> "Desktop"
  5. Go to the entry "Do not add shares of recently opened documents to My Network Places" and double click it and set to "Enabled"
In WinXP one can prevent this behavior by changing the following user policy:
  1. Run Gpedit.msc using "Start Button" -> "Run..."
  2. In the Console Window go to this folder "User Configuration" -> "Administrative Templates" -> "Start Menu and Taskbar"
  3. Go to the entry "Do not add shares of recently used documents to Network Places" and double click it and set to "Enabled"
It is the same as setting this DWORD registry key :
[HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Policies \Explorer]
NoRecentDocsNetHood = 1 (Default = 0)
Note after disabling this feature one manually have to remove the listed share-shortcuts.

Related Configure the scanning for shares and printers in WinXP

14. Configure the scanning for shares and printers in WinXP

There is a builtin scanner that crawls/scans/searches the network and any share or printer discovered are added to My Network Places or Printers and Faxes.

The scanner is started in the following situations:
  • At startup
  • When opening My Network Places
  • When refreshing My Network Places by pressing F5
The scanner is not started if one of the following conditions are true:
  • If more than 10 computers are detected sharing folders (To be gentle on corporate networks)
  • If using DUN or VPN connection
  • If the scanner is disabled.
The scanner saves its findings here (If more than 7 days old then they are deleted)
[HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Explorer \Netcrawl \Shares]
[HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Explorer \Netcrawl \Printers]
To disable the automatic scanning:
  1. Open Control Panel
  2. Double click Folder Options (Inside the grouping Appearance and Themes)
  3. Select the View tab
  4. In the Advanced Settings list uncheck Automatically search for network folders and printers
It is reflected with this DWORD value in the registry:
[HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Explorer \Advanced]
NoNetCrawling = 1
More Info MS KB Q276322 (WinMe)
More Info MS KB Q320138

Related Prevent share listing in My Network places

15. Lower trafic from mapped network shares in WinXP

When WinXP maps to a network share it registers for events happening on that certain share. So if a file changes on any level in the directory structure of the mapped network share, then each WinXP workstation receives a SMB notification about this change. If many users are updating files on the network share, then it will cause a lot of traffic and make the tree-view in File Explorer flicker.

One can configure it to only register for events happening in the root of the mapped network share:
[HKEY_CURRENT_USER \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \Explorer]
NoRemoteRecursiveEvents = 1
One can configure it to not register for any events happening on the mapped network share:
[HKEY_CURRENT_USER \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \Explorer]
NoRemoteChangeNotify = 1
Note if using software which relies on being notified of file changes and its files are placed on a mapped network share, then this change in policy might give unpredictable results.

Note only WinXP SP2+ reacts to the registry entries above, or if having applied the Critical Update Q810565

More Info MS KB Q330929
More Info MS KB Q812669
More Info MS KB Q816375
More Info MS KB Q831129

16. Stop fetching file details when opening a remote file in Win2k/WinXP

When opening a file over a network, then besides requesting the file contents, then it also request extended details about the file and the share it resides upon. This gives extra traffic and can increase the time it takes to open a file (Especially if on slow network connections like VPN over DialUp).

One can disable this fetching of extended details by adding the following values to the registry:
REGEDIT4

[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{3EA48300-8CF6-101B-84FB-666CCB9BCD32}]
"SuppressionPolicy"=dword:00100000

[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}]
"SuppressionPolicy"=dword:00100000

[HKEY_CLASSES_ROOT\*\shellex\PropertySheetHandlers\CryptoSignMenu]
"SuppressionPolicy"=dword:00100000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SCAPI]
"Flags"=dword:00100c02
Note the latest service pack for Win2k(SP4) / WinXP(SP1) has to be applied first before it will recognize these registry entries.

More Info MS KB Q829700

Credits www.jsiinc.com

17. Configure automatic handling of sharing violation

A sharing violation happens when one program requests write-access to a file, which another program already have opened with share restriction read-only access. When a sharing violation happens on a local file, then the request for write-access will fail at once.
When a sharing violation happens on a network file, then the Server service on the remote machine will detect the sharing violation, but instead of failing right away, then it retries to open the file with certain intervals.

This retry mechanism is quite nice when using programs in a network environment, which haven't been made to handle sharing violation, as it will lower the "visible" sharing violations. If the programs trying to access the same file is already capable of handling the sharing violation, with their own retry mechanism, then this change in behavior with network files might interfere, and lower performance.
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanServer \Parameters]
SharingViolationDelay = 200 (Default = 200 ms)
SharingViolationRetries = 5 (Default = 5)

More Info MS KB Q150384
More Info MS KB Q889588
Note it is strange that Microsoft have implemented this polling strategy, incase several programs are trying to request the same file, then one or more programs might experience that they never gets access because between each delay another program "steals" the access.

Credits www.jsiinc.com

18. Configure Opportunistic Locking

When accessing a file on the network, then the file operations are converted to network requests and replies. To minimize the amount of network request and replies it is best to read/write in large blocks (64K), but many applications only read/write a single byte at the time, thus generating a large amount of network traffic.

Opportunistic locking is a way to help such applications, by implementing a read ahead and a lazy write cache. The client requests a read or write lock on the file, when they are granted the lock, then the client caches the file locally so sequent read/write operations from the application only affects the cache. If another client requests a read or write lock on the file, and it conflicts with an existing opportunistic lock, then the opportunistic lock is broken (Caches are flushed), and instead the access for all clients will revert to network requests/replies.

To configure the use of opportunistic locking for a Windows NT4 client:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanWorkstation \Parameters]
UseOpportunisticLocking = 1 (Default = 1)
To configure the use of opportunistic locking for a Windows 2000/XP client:
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \MrXSmb \Parameters]
OplocksDisabled = 0 (Default = 0)
To configure the use of opportunistic locking for the server:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanServer \Parameters]
EnableOplocks = 1 (Default = 1)
To configure the use of byte-range locking that allows a client to only lock portions of a read-only file, but at the cost of updating the lock continuously (WinXP/Win2k3):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanWorkstation \Parameters]
DisableByteRangeLockingOnReadOnlyFiles = 1 (Default = 0)
Note if using Windows NT 4.0 or Windows 2000 SP2 (Or previous), then one should consider disabling opportunistic locking as it doesn't work properly.

More Info MS KB Q129202
More Info MS KB Q224992
More Info MS KB Q296264
More Info MS KB Q306981
More Info MS KB Q818396
More Info MSDN: Opportunistic Locks

19. Enable caching of long filenames for network files in Win2k/WinXP

When requesting a file on the network, the request is handled by the MUP, and depending on configuration, then the request is passed to the Microsoft Network SMB Redirector (MrxSmb).
The SMB Redirector keeps a cache of recent accessed files, but by default it only caches short-filenames. If frequently accessing the same network files (Like ex. a database), then performance can be improved by using 8.3 short-filenames. Another solution is to configure the SMB redirector to cache long-filenames.
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \MRxSmb \Parameters]
InfoCacheLevel = 2 (Default = 1, Disabled = 0)

Note WinXP requires SP2 to recognize this registry-key. More Info MS KB Q834350

Note Win2k requires a post SP4 hotfix (Included in the Update Rollup) from Microsoft to recognize this registry-key. More Info MS KB Q843418
Note there is a limit for how many file handles the client redirector will keep it in its cache:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanWorkstation \Parameters]
DormantFileLimit = 45 (Default = 45)
Note the client redirector has a scavenger thread, which cleans old file handles from its cache. One can configure how often it should look for old handles to remove (WinXP/Win2k3):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanWorkstation \Parameters]
ScavengerTimeLimit = 30 (Default = Every 10 secs, Min = 10 secs, Max = 120 secs)

More Info MS KB Q816073
More Info MS KB Q890553
Credits www.jsiinc.com

20. Configure file system aliasing on Win2k3

Aliasing is a feature that is included with Windows Server 2003. This feature lets multiple long file names or multiple short file names refer to the same file. Disabling file system aliasing can improve performance by increasing the server service caching that is available on the Windows Server 2003-based computer.
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanServer \Parameters]
NoAliasingOnFileSystem = 1 (Default = 0)

More Info MS KB Q889588
More Info MS KB Q894372
Credits www.jsiinc.com

21. Configure commit write for network files on Win2k3

When writing to a file it is possible to perform a commit operation, which specifies that all data in cache should be flushed to disc. If the machine crashes without having performed a commit operation, then all data in cache is lost. Therefore many applications often perform commit operations to avoid data loss, at the cost of disc performance.

When the file is placed on a network drive, then the flush request is converted to a SMB_COM_FLUSH message sent to the server, which causes the server to flush its cache and only when it is done it responds back to the client. Instead of just affecting the client machine, then it also affects the server, which can cause very slow performance for all clients using the server.

It is possible to configure the server so it will not perform the commit operation, and thus avoiding the slow file operation (The client will have flushed its own cache):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \LanmanServer \Parameters]
TreatHostAsStableStorage = 1 (Default = 0)

Note this should only be considered if the server is equipped with a redundant disc system along with battery backup.

More Info MS KB Q840390
More Info MS KB Q894372
Credits www.jsiinc.com

22. Inbound connection limit in Windows

Microsoft have created several limitations in the Workstation/Professional/Home edition of Windows, to encourage users to buy the more expensive server license.
If sharing a file/printer, then there is a limit for how many users that can access this shared resource from the network. The actual user session limit (Prof=10)/(Home=5) can be seen by running this command:
net config server
If a user tries to access a shared resource on a computer where the limit is reached, then it will give this error:
No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept.
If having problems with users getting the above message then one can consider the following solutions:
  • Upgrade to a Windows Server license. If having upgraded from a Windows NT4 Workstation to a Windows NT4 Server, then update this registry key:
    [HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanManServer \Parameters]
    Users = 0xffffff

    More Info MS KB Q122925
    More Info MS KB Q179483
  • Use Linux with Samba
  • Use several computers to share the files/printers
  • Decrease the timeout period for user connections, to close unused connections faster (Default 15 minutes):
    net config server /autodisconnect:1

    More Info MS KB Q122920
    More Info MS KB Q138365
    More Info MS KB Q314882
  • Restrict anonymous access to file and printer shares (To avoid wasting sessions on anonymous access).
  • Don't use persistent connections like mapped network drives.
  • Use a different protocol than Microsoft Network, to share your files (FTP/P2P)
Related Increase the max limit for concurrent TCP connections

23. Configure caching of remote customized folders in WinXP

It is possible to speed up browsing of remote shared folders, which have been customized. It is done by enabling caching of the desktop.ini.
[HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \policies \Explorer]
UseDesktopIniCache = 1 (Default = 0)

More Info MS KB Q840309
More Info MS KB Q883791
Note if having placed the "My Documents" on a remote share, and have enabled caching of the desktop.ini, then it might give slow performance, because a bug in the cache process makes it cache the entire contents of the "My Documents" folder. More Info MS KB Q898612

1. More knowledge of the TCP/IP settings from Microsoft

A little curious if all of these settings exist, then check here :
  • MS KB Q120642 TCP/IP & NBT Configuration Parameters for Windows NT and Windows 2000
  • MS KB Q224829 Description of Windows 2000 and Windows Server 2003 TCP Features
  • MS KB Q314053 TCP/IP and NBT Configuration Parameters for Windows XP
  • MS KB Q142641 Internet Server Unavailable Because of Malicious SYN Attacks
  • MS KB Q315669 HOW TO: Harden the TCP/IP Stack Against Denial of Service Attacks in Windows 2000
  • MS KB Q324270 HOW TO: Harden the TCP/IP Stack Against Denial of Service Attacks in Windows Server 2003
  • MS Technet Microsoft Windows 2000 TCP/IP Implementation Details Word Document
  • MS Technet Microsoft Windows Server 2003 TCP/IP Implementation Details
  • MS Technet Security Considerations for Network Attacks
  • TCPIMP2.EXE & TCPIPIMP.EXE WinNT TCPIP Whitepapers Mirror

2. TCPIP Stack registry settings

To configure default Receive WINdow (RWIN) in bytes:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
TcpWindowSize = 17520 (Standard Range = 0-65535, Window Scaling Range 0-1GByte, Default - calculated)

More Info MS KB Q169789
More Info MS KB Q263088
More Info MS KB Q315237
More Info MS KB Q891371

Related : Using PING to find the best TCP/IP RWIN
Related : Configure the AFD default Send-Window to increase upload speed
To configure default receive window for a single adapter/interface in bytes (Win2k+ only):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters \Interfaces \{Adapter-id}]
TCPWindowSize = 17520

More Info MS KB Q263088
More Info MS KB Q810382
To configure maximum receive window size for all interfaces in bytes. To ensure that Window Scaling doesn't create receive windows that takes too much memory (Win2k+ Only):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
GlobalMaxTcpWindowSize = 17520 (Standard Range = 0-65535, Window Scaling Range 0-1GByte, Default not set)
To configure Time To Live (TTL):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
DefaultTTL = 64 (Range = 0-255, Default = 128)
To configure Path MTU Black Hole Detection:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
EnablePMTUBHDetect = 0 (Enabled = 1, Disabled = 0, Default = 0)
To configure Path MTU Discovery:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
EnablePMTUDiscovery= 1 (Enabled = 1, Disabled = 0, Default = 1)
To configure Selective Acknowledgments (ACK's) (Win2k+ Only):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
SackOpts = 1 (Enabled = 1, Disabled = 0, Default = 1)
To configure Receive Window Scaling and Time Stamping (Win2k+ Only):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
Tcp1323Opts = 3 (Both Disabled = 0, Window Scaling Only = 1, Timestamp Only = 2, Both Enabled = 3, Default = No value; only initiate the options if requested.)

More Info MS KB Q199947
To configure Max number of Duplicate Acknowledgments (ACK's) (WinNT4 Requires SP2) :
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
TcpMaxDupAcks = 2 (Range 1-3, Default = 2)

More Info MS KB Q162179
Note none of these registry entries can be found in the registry after a clean install, so to return to the default values just delete the registry entries.

Related : Recommended settings for the TCP/IP stack
Related : Delayed TCPIP ACK can cause slow network throughput

More Info MS KB Q140552
More Info MS KB Q819108
More Info MS KB Q900926

Credits regedit.com

3. TCPIP MTU Registry Settings

If having several adapters in the registry, one can find the wanted Adapter, by making changes to the TCPIP configuration for the Adapter in Network Properties. Example set an odd DNS-Address for TCPIP protocol bound to the adapter, and then look at the TCPIP setting for each adapter to find the odd DNS-Address.

To configure MTU in WinNT4:
  • Adapter MTU (Go to the Services-key and do a search for "TCPIP" to find the different adapters using TCPIP)
    [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \{Adapter-Name} \Parameters \Tcpip]
    MTU = 1500
  • Point-To-Point Protocol (PPP) MTU (WinNT4 SP4+)
    [HKEY_LOCAL_MACHINE \System \CurrentControlSet\Services \NdisWan \Parameters]
    IPMTU = 1500

    More Info MS KB Q183229
  • Virtual Private Network (VPN) Tunnel MTU (WinNT4 SP4+)
    [HKEY_LOCAL_MACHINE \System \CurrentControlSet\Services \NdisWan \Parameters]
    TunnelMTU= 1400

    More Info MS KB Q183229
To configure MTU in Win2k+:
  • Adapter MTU:
    [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters \Interfaces \{Adapter-id}]
    MTU = 1500
  • Point-To-Point Protocol (PPP) MTU for Modem DialUp Networking(DUN) or over Ethernet (PPPoE):
    [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \NdisWan \Parameters \Protocols \0]
    ProtocolType = 0x00000800
    PPPProtocolType = 0x00000021
    ProtocolMTU = 1500

    More Info MS KB Q283165
    More Info MS KB Q826159
    More Info MS KB Q283070
    More Info MS KB Q317496
  • Virtual Private Network (VPN) Tunnel MTU:
    [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \NdisWan \Parameters \Protocols \0]
    ProtocolType = 0x00000800
    PPPProtocolType = 0x00000021
    TunnelMTU = 1400

    More Info MS KB Q826159
Related Using PING to find the best TCP/IP MTU (Max Transfer Unit) size

4. Configure the priority of networks known by the MUP

The following happens when an application requests a network resource using the Uniform Naming Convention (UNC):
  1. The request is received by the Multiple UNC Provider (MUP)
  2. The MUP checks it's cache for a recent handle to the wanted resource (Since the last 15 Minutes) if available it is returned
  3. The MUP goes through the available network redirectors and ask them if they know the wanted resource (Sorted by priority)
  4. Each network redirector responds back with a handle to the wanted resource if available (Asked synchronously)
  5. The MUP returns the handle from the redirector which responds back first (Highest priority).
One should make sure the redirectors/providers (Like "Microsoft Client for Microsoft Networks" or "Novell Client for Novell Netware"), which knows the majority of the wanted network resources, has the highest priority.

To configure the priority of redirectors in WinNT4:
  1. Open Control Panel
  2. Double click Network applet
  3. Select Services tab
  4. Click Network Access Order
To configure the priority of redirectors in Win2k/WinXP:
  1. Open Control Panel
  2. Double click Network and Dial-Up Connections
  3. In the menu select Advanced and select Advanced Settings...
  4. Select the Provider Order tab and set the priority of Network Providers
Note by default the Distributed File System (DFS) is always asked first (Independent of priority), this can be disabled with this registry key (Causes BSOD with the Mup.sys in Win2k SP4 (Q824288))
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Mup]
DisableDfs = 1 (Default = 0)

More Info MS KB Q259398
More Info MS KB Q314494
Note MUP.SYS is usually the last driver being shown before launching the operating system, and if there is a problem with loading Windows, then it might seem like MUP.SYS is causing the problem (But it is not).

More Info MS KB Q171386

5. Configure the priority of protocols bound to the network services

When a service needs to make a network request it has to use a protocol. To get the fastest responses one should assign the highest priority to the protocol (Like "TCPIP" or "NetBEUI"), which gives access to the majority of the wanted network resources. Another way is to unbind/disable/uninstall protocols, which are not necessary for accessing resources on the network.

To configure the priority of protocols in WinNT4:
  1. Open Control Panel
  2. Double click Network applet
  3. Select Bindings tab
  4. Show bindings for All Services and change the order of protocols for each service
To configure the priority of protocols in Win2k/XP:
  1. Open Control Panel
  2. Double click Network and Dial-Up Connections
  3. In the menu select Advanced and select Advanced Settings...
  4. Select the Adapter and Bindings tab and in Advanced Settings - Connections select the network connection to configure bindings for.
  5. In Bindings for Local Area Connections: set the order of protocols for each service for the selected connection.
More Info MS KB Q266771

6. Configure the Host Name Resolution Order

One can change the HOST resolution order for whether it should use NetBIOS or DNS first:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
DnsNbtLookupOrder = 0 (0 = Use DNS first; 1 = Use NetBIOS first; Default = 0)

Note this option was made available with WinNT4 SP4.

More Info MS KB Q171567
One can change how it should perform NetBIOS resolution (Nodetype):
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Netbt \Parameters]
NodeType = 1 (1= b-node; 2= p-node; 4= m-node; 8= h-node; Default=1 or 8 depending on WINS available)

More Info MS KB Q142692
More Info MS KB Q160177
One can configure whether it should use DNS and HOSTS-file at all with this DWORD:
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Netbt \Parameters]
EnableDNS = 0 (Default = 1)
Related Description of Host Name Resolution Order

7. Use maximum port speed for your dialup modem in Win2k

Set BPS for the modem:
  1. Open the Control Panel
  2. Double click the Phone and Modem options-applet
  3. Select the Modems-tab
  4. Choose your modem and press the Properties-button
  5. Select the General-tab (Here is also the modem-init-string)
  6. Set the Maximum Port Speed to:
    • 115200 if having a 56K modem
    • 57600 if having a 28.8K/33.6K modem
Set BPS for the serial port:
  1. Open the Control Panel
  2. Double click the System-applet
  3. Select the Hardware-tab
  4. Press the Device Manager-button
  5. Expand the Ports-node
  6. Double click the serial port, which your modem is attached to
  7. Choose the Port Settings-tab
  8. Set the Bits Per Second to:
    • 115200 if having a 56K modem
    • 57600 if having a 28.8K/33.6K modem
Set BPS for the connection:
  1. Open the Control Panel
  2. Double click the Network and Dial-up Connections-applet
  3. Right click your dial-up connection and choose Properties
  4. Select the General-tab
  5. Press the Configure-button.
  6. Set the Maximum Speed (bps) to:
    • 115200 if having a 56K modem
    • 57600 if having a 28.8K/33.6K modem

8. Use maximum port speed for your dialup modem in WinXP

Set BPS for the modem:
  1. Open the Control Panel
  2. Double click the Phone and Modem options-applet
  3. Select the Modems-tab
  4. Choose your modem and press the Properties-button
  5. Select the Modem-tab
  6. Set the Maximum Port Speed to:
    • 115200 if having a 56K modem
    • 57600 if having a 28.8K/33.6K modem
Set BPS for the serial port:
  1. Open the Control Panel
  2. Double click the Phone and Modem options-applet
  3. Select the Modems-tab
  4. Choose your modem and press the Properties-button
  5. Select the Advanced-tab
  6. Press the Change Default Preferences...-button
  7. Set the Port Speed to:
    • 115200 if having a 56K modem
    • 57600 if having a 28.8K/33.6K modem
  8. Set the Data Protocol to Forced EC (If problems set back to Standard)
  9. Set the Compression to Enabled (Unless using a WinModem)
  10. Set the Flow control to Hardware
Set BPS for the connection:
  1. Open the Control Panel
  2. Double click the Network and Dial-up Connections-applet
  3. Right click your dial-up connection and choose Properties
  4. Select the General-tab
  5. Press the Configure-button.
  6. Set the Maximum Speed (bps) to:
    • 115200 if having a 56K modem
    • 57600 if having a 28.8K/33.6K modem
More Info MS KB Q308022

9. Optimize Dialup modem connection in Win2k/WinXP

Only use TCP/IP for the Internet connection (For performance and security):
  1. Open the Control Panel
  2. Double click the Network and Dial-up Connections-applet
  3. Right click your dial-up connection and choose Properties
  4. Select the Networking-tab
  5. Uninstall or untick all Components except Internet Protocol (TCPIP)
  6. Select the Internet Protocol (TCPIP) and choose Properties
  7. Press the Advanced-button
  8. On the General-tab tick Use IP header compression (Can increase ping time, but will improve download)
  9. On the WINS-tab tick Disable NetBIOS over TCP/IP
Optimize the connection to the dial-up server:
  1. Open the Control Panel
  2. Double click the Network and Dial-up Connections-applet
  3. Right click your dial-up connection and choose Properties
  4. Select the Networking-tab
  5. In the dial-up server drop-down box select PPP:Windows 95/98/NT4/2000, Internet
  6. Press the Settings-button and configure the PPP Settings:
    • Check Enable LCP extensions (Unless having problems with connecting to ISP, More Info RFC 1570)
    • Uncheck Enable software compression (Unless using a Winmodem)
    • Uncheck Negotiate multi-link for single link connections (Unless using multiple modems, More Info MS KB Q307849)
Optimize the hardware features for the connection:
  1. Open the Control Panel
  2. Double click the Network and Dial-up Connections-applet
  3. Right click your dial-up connection and choose Properties
  4. Select the General-tab
  5. Press the Configure-button.
    • Check Enable hardware flow control
    • Check Enable modem error control
    • Check Enable modem compression (Unless using a Winmodem)
More info MS KB Q244603
More info MS KB Q307849
More info MS KB Q314455

10. Make your dialup modem permanent in Win2k

When using a dialup modem with win2k and have booted without starting the modem the modem will be unavailable unless you do a scan for new hardware or reboot the machine and makes sure the modem is on.

This can be solved by going into Phone and Modem Options in the Control Panel and remove the current modem. Then Add the modem again. During the reinstall it will ask you if it should detect the modem for you, answer no. Now you will be shown a list of modems, there you can find the modem you had installed before, unless you have the modem drivers on a disk.

This trick only works when you turn the modem on after booting into Win2k, if having the modem turned on and booting into win2k the modem will be redetected, if it has been installed as said above.

Credits rojakpot.com

11. Reset the TCPIP protocol or handle several network setups in Win2k/XP

If having a laptop which you use in different networks (Home, Work, Customer, etc.), then one can use NetShell to backup each network configuration and restore them again at will. NetShell replaces Routemon from WinNT4.

To backup a configuration :
netsh -c interface dump > c:\configs\officeinterface.txt
To restore a configuration :
netsh -f c:\configs\officeinterface.txt
When using NetShell to change network settings it doesn't require a reboot. One can also use hardware profiles to save the network configuration, but it will require a reboot to change from one hardware profile to another.

To reset the TCPIP protocol if it has gone bad (Useful as WinXP cannot uninstall the TCPIP stack)
netsh int ip reset <PATH>\resetlog.txt
Note WinXP includes an option called Alternative Configuration, which is used when in a network without an available DHCP server, without needing to fiddle with netsh.
  • On the Start-menu, click Control Panel.
  • Click Network and Internet Connections and click Network Connections.
  • Right-click the wanted connection and select Properties.
  • Select Internet Protocol (TCP/IP) and press Properties.
  • If the normal configuration is DHCP, then the Alternate Configuration-tab should be available. More info MS KB Q283676
More info How to Use the Netsh.exe Tool and Command-Line Switches (Q242468)
More info Using NETSH to Change from Static IP to DHCP in Windows 2000 - (Q257748)
More info NetSh Dump Does Not Completely Configure and Enable the RRAS (Q254249)
More info How to Use the Netsh Utility to Export and Import DHCP Scopes (Q281626)
More info How to Reset Internet Protocol (TCP/IP) in Windows XP (Q299357)
More info HOW TO: Remove and Reinstall TCP/IP on a Win2k Domain Controller (Q299451)
More info HOW TO: Remove and Reinstall TCP/IP on a Win2k3 Domain Controller (Q325356)
More info How to determine and recover from Winsock2 corruption (Q811259)
More info How to repair network or modem connectivity issues in Windows 2000 (Q837333)

Credits is-it-true.org

12. Load balancing over several Network Adapters

It is possible to have the OS to balance the network load for the computer when having several Network Adapters.

This is controlled by these DWORD values :
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \NetBT \Parameters]
RandomAdapter = 1 (Disabled = 0, Enabled = 1, Default = 0)
SingleResponse = 1 (Send All = 0, Send One = 1, Default = 0)
The RandomAdapter specifies whether it should respond back with a random IP-Address (One for each adapter), or if it should respond back with the IP Address for the adapter the request was received from.

The SingleResponse says that it should only send one IP address when WINS does a name query request.

More Info MS KB Q131736
More Info MS KB Q175767

Note there is also a technology called Windows NT Load Balancing Service (WLBS - NT4) or Network Load Balancing (NBL - Win2k+), which handles clustering of several machines to act like a single unit. The cluster of several machines can provide redundancy for critical applications and higher load handling. The above registry settings does not have anything to do with this kind of service.

Note not all applications supports that the underlying TCP/IP layer responds with random IP-addresses. Instead one can try to setup Manual load balancing using metric.

Note hardware solutions (Ex. from Intel) for network load balancing also exists where several NIC's are binded together (Also called "teaming"/"trunking"/"grouping"), to team together as a single NIC using only one IP-Address.

Credits regedit.com

13. Display detected network errors in Win2k/WinXP

In the Connection Status dialog box on the general tab it is possible to see how many errors (Retransmissions) it has detected.

To enable this error counting one have to create this DWORD key in the registry :
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Network \Connections \StatMon]
ShowLanErrors=1 (Disabled = 0, Enabled = 1, Default = 0)
Note due to a bug the display of errors is placed a little odd in the dialog box.

Note the Status dialog box also shows the amount of data received and sent, though sometimes it is shown in packets and other times it is shown in bytes. This behavior is caused by the drivers used for the network adapter or dialup-modem. If on a Ethernet LAN, then one have the possibility to see how much data(in bytes) that has been sent and received by opening a cmd-prompt and execute this command:
netstat -e
Credits Marshall University Win2k Project

14. Setting up a Virtual Private Network in Win2k/WinXP

Virtual Private Network(VPN) allows you to create a protected/encrypted network between two machines using a tunnel, so other machines are not able to access this network. The VPN is created by one machine running a VPN client that connects to the other machine that is running a VPN server (RRAS).

For Win2k : For WinXP : For Win2k3 : More Info MS KB Q241252

15. Setting up the IIS Services in Win2k

The Internet Information Server(IIS) has several useful services :
Note IIS in Pro version is by default configured to handle 10 concurrent people browsing. It is possible to increase this limit to 20 (Each client requires 2 connections):
  1. Open a command prompt in this folder:
    c:\inetpub\adminscripts
  2. Execute this command (Max value for Srv. is 2000000000):
    cscript adsutil.vbs set w3svc/MaxConnections 40
Note IIS keeps the connection open for 5 min, by lowering the timeout it will close the connections quicker, thus giving room for new connections:
  1. Open a command prompt in this folder:
    c:\inetpub\adminscripts
  2. Execute this command:
    • To lower timeout:
      cscript adsutil.vbs set w3svc/ConnectionTimeout 60
    • To disable timeout (Closes connection right after request):
      cscript adsutil.vbs set w3svc/AllowKeepAlive 0

16. Setting up WinXP Internet Connection Firewall (ICF)

Microsoft provides a simple firewall in Windows XP that protects from incoming traffic, but it will not block for outgoing traffic maybe caused by a virus that have taken over the computer. Windows XP SP2 includes an updated firewall, which still doesn't block for outgoing traffic, but it gives a better interface for controlling incoming traffic (File Sharing, Games, etc.)

Technet articles for XP SP2: Technet articles for XP and XP with Service Pack 1: To configure if the WinXP SP1 firewall should allow ping :
  1. In Control Panel double click "Networking and Internet Connections"
  2. Right click the connection which you would like to get pinged, and select "Properties"
  3. On the Advanced-tab press the Settings-button
  4. On the ICMP-tab tick "Allow incoming echo request"

17. Setting up Internet Connection Sharing

For Win2k :
  • Setup connection sharing :
    MS KB Q307311 HOW TO: Set Up Internet Connection Sharing in Windows 2000
    MS KB Q237254 How to Enable Internet Connection Sharing on a Network Connection in Windows 2000
  • Forward ports to local server :
    MS Technet To configure Internet connection sharing for applications and services
For WinXP :
  • Setup sharing of a connection :
    MS KB Q306126 HOW TO: Configure Internet Connection Sharing in Windows XP
    MS KB Q314066 How to Enable Internet Connection Sharing on a Home or Small Office Network Connection in Windows XP
  • Setup sharing of a PPPoE connection :
    MS KB Q316276 How to Share a PPPoE Internet Connection with Windows XP
    MS KB Q319661 Connectivity Problems on ICS Clients When You Use a PPPoE Connection on a Windows XP ICS Host
  • Use static IP on local server :
    MS KB Q309642 How to Configure a Static Client for Windows XP Internet Connection Sharing
  • Forward ports to local server :
    MS KB Q309524 How to Configure Windows XP ICS for an Internal PPTP Server
  • Create bridge with connection sharing :
    MS KB Q309640 Creating a Bridge with Two Internal Adapters on ICS Host
    MS KB Q302348 Bridge May Not Work With a Non-Promiscuous Mode Network Adapter
    MS KB Q892892 Bridge between network adapters may not enable in Windows XP
  • Troubleshoot the connection sharing :
    MS KB Q308021 Resources for Troubleshooting Internet Connection Sharing in Windows XP
For Win2k3 :
  • Setup connection sharing :
    MS KB Q324286 HOW TO: Set Up Internet Connection Sharing in Windows Server 2003
Note to do ICS in WinNT4 a proxy server has to be installed: Related Internet Connection Sharing in Win98/Me

18. Configuration of the remote assistance in WinXP

Microsoft has created the following articles :
  • MS KB Q300546 Overview of Remote Assistance
  • MS KB Q300692 Description of the Remote Assistance Connection Process
  • MS KB Q301527 HOW TO: Configure a Computer to Receive Remote Assistance Offers
  • MS KB Q305608 HOW TO: Enable Remote Assistance
  • MS KB Q306496 HOW TO: Configure or Disable Solicited Remote Assistance in Windows XP
  • MS KB Q306556 HOW TO: Obtain Remote Assistance Using Windows Messenger in Windows XP
  • MS KB Q306791 HOW TO: Provide Remote Assistance in Response to an E-mail Invitation
  • MS KB Q306757 HOW TO: Obtain Remote Assistance by Sending an E-mail Message in Windows XP
  • MS KB Q306800 HOW TO: Provide Remote Assistance In Response to Windows Messenger Invitation
  • MS KB Q884910 HOW TO: Offer remote assistance to a user with Windows XP SP2
To launch Remote Assistance from a command line:
%SystemRoot%\System32\rcimlby.exe -LaunchRA

19. Installing NetBEUI on WinXP/Win2k3

Microsoft has stopped the support for the NetBEUI(NetBIOS Extended User Interface) protocol. Though you can still find the needed files (Nbf.sys & Netnbf.inf) on your WinXP CD-ROM (DriveLetter-X) :
X:\Valueadd\Msft\Net\Netbeui
To install the protocol on WinXP/Win2k3 from the WinXP Install CD:
  1. Copy the file Nbf.sys to the folder %Systemroot%\System32
  2. Copy the file Netnbf.inf to the folder %Systemroot%\Inf (Hidden folder)
  3. Click Start, Click Control Panel and double-click Network Connections
  4. Right click the connection, where NetBEUI should be used, and then click Properties
  5. On the General tab, click Install
  6. Click Protocol, and click Add
  7. Select the NetBEUI Protocol and then click Ok
Note some users has trouble with occasional "Network not available" when using the NetBEUI supplied with WinXP. They had better success using NETNBF.INF and NBF.SYS from a Win2k CD-ROM (Maybe the fact that they reinstalled the protocol is the clue).

More Info MS KB Q301041
More Info MS Technet
More Info MS Technet

20. Configure the AFD default Send-Window to increase upload speed

Usually when reading about TCPIP there is only mentioned one Receive Window for a connection, which is used to control congestion created by network latency.

In the WinNT network architecture a layer is placed on top of the TCPIP layer called AFD(Ancillary Function Driver for Winsock). The AFD provides the winsock interface, which is used by most network applications in Windows and is also supporting things like DNS and DHCP.

The AFD provides two windows which acts as a flowcontrol for the application creating the socket:
  • AFD-Send-Window: Used when the application is sending data over a connection, if if more data is sent than the receiver is able to acknowledge then the AFD-Send-Window will block the transfer for the application, when it reaches the limit of the AFD-Send-Window.
  • AFD-Receive-Window: Used when the application is receiving data over a connection, if the application is not able to receive data fast enough or is blocked by other processing which keeps it from receiving data, then the AFD-Receive-Window will act as a buffer until it reaches the limit of the AFD-Receive-Window, where it will then block the remote-application from sending data.
The two AFD-Windows are by default self tuning using the following values depending on the total amount of RAM detected. When an application creates a socket it can specify a different AFD-Window than the default.
  • Default AFD Send- & Receive-Window = 4096 Bytes (If less than 19 MByte RAM)
  • Default AFD Send- & Receive-Window = 8192 Bytes (If more than 19 MByte RAM)
If using a high latency or high bandwidth network then the AFD windows can affect performance. Too low AFD-Send-Window will constantly be blocking the application sending data. Too low AFD-Receive-Window will constantly be saturating the application receiving data (And blocking the remote sender). The two AFD-Windows should have the same value as the optimal TCPIP-Receive-Window to get the best speed.

To set the default size of the AFD-Windows use the following DWORD registry keys :
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Afd \Parameters]
DefaultReceiveWindow = 16384
DefaultSendWindow = 16384
Note that the AFD-Windows should be rounded to a multiple of page size (Usually 4096 Bytes). Not a multiple of the Maximum Segment Size(MSS) which is recommended for the TCPIP-Window.

Note that applications which specifies their own AFD-Windows for each of their sockets by using setsockopt and specifying a new value for the SO_RCVBUF parameter (Not possible for RPC services), will not be affected by changing the default AFD-Windows.

Related : Recommended settings for the TCP/IP stack

More info MS KB Q214397
More info MS KB Q246984

21. Configure how long to cache negative DNS replies in Win2k/XP

When accessing a domain like www.google.com it first has to convert the domain to an IP Address. This conversion is done by sending the domain to a DNS server which replies back with the IP Address. This conversion can be seen when pinging a domain.

With Windows 2000 the DNS Client caches the DNS lookups, so it doesn't have to spend time on contacting the DNS Server all the time, and decreases the traffic to the DNS server. But negative DNS replies are also cached and used for up to 15 min before it again requests the DNS Server. This waiting time can be annoying if the domain is correct and the DNS Server just were sick for a moment. The waiting time can be configured with these DWORD values:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Dnscache \Parameters]
NegativeCacheTime = 5 (Win2k Default 300 sec)
MaxNegativeCacheTtl = 5 (WinXP/Win2k3 Default 900 sec)
Note using 5 sec instead of 0 sec to throttle the requests to the DNS Server in case a faulty application loops around a DNS Lookup.

Note to see the contents of the DNS cache:
ipconfig /displaydns
Note to empty/flush/reset the DNS cache manually (Part of WinXP Network Repair):
ipconfig /flushdns
Note to flush the Address Resolution Protocol (ARP) cache of Ethernet Addresses (Part of WinXP Network Repair):
arp -d *
netsh interface ip delete arpcache
Note to purge and reload the NetBIOS cache (Part of WinXP Network Repair):
nbtstat -R
More Info MS KB Q245437
More Info MS KB Q297510
More Info MS KB Q318803

Related Microsoft TCP/IP Version 6 (IPv6) can cause slow DNS

Credits Navas Cable Guide

22. Delayed TCPIP ACK can cause slow network throughput

When a file is sent over the network the file is chopped up in small packets, which then are sent. The TCPIP protocol is a secure protocol and demands that each packet is acknowledged by the receiver. It is possible to acknowledge several packets at once, to avoid spamming the network by sending an ACK for every packet received. Delayed acknowledge ACK sends an ACK packet with a certain interval and acknowledges all the packets received since last interval. The interval depends on a timeout value (default 200 ms) and outstanding ACKs (default 2). The delayed ACK (RFC 2581) saves network bandwidth and helps against congestion, but it sacrifices max network throughput.

To configure the interval timeout in WinNT SP4 (Go to the Services-key and do a search for "TCPIP" to find the different adapters using TCPIP):
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \{Adapter-Name} \Parameters \Tcpip]
TcpDelAckTicks = 1 (Default=2, 0=Sent ACK for every packet, 1-6 = 100-600 ms)
To configure the interval timeout in Win2000 SP3+:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters \Interfaces \{Adapter-id}]
TcpDelAckTicks = 1 (Default=2, 0=Sent ACK for every packet, 1-6 = 100-600 ms)

More Info MS KB Q311833
More Info MS KB Q321098
More Info MS KB Q321169
To configure the max outstanding ACKs in Windows XP/2003+:
[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters \Interfaces \{Adapter-id}]
TcpAckFrequency = 2 (Default=2, 1=Sent ACK for every packet, 2-n = If n outstanding ACKs before timed interval, sent ACK)

More Info MS KB Q328890
More Info MS KB Q815230
Note if disabling or shortening delayed ACK on a few machines (Like a file-server or domain-controller), then it will probably result in greater network performance for those machines. If on large corporate network and disabling delayed ACK for all computers, then it will most likely lower the available bandwidth for actual filetransfer as more of the bandwidth is used for sending ACKs.

Note before trying to disable ACK delay (RFC 1122) one should at least consider the following:
  • Increased performance will only be seen if requests are sent to your machine, and the requesters doesn't request anything else before your machine replies back(ACK) to the first request.
  • Some additions to the above statement:
    • If the application doing socket communication uses the socket option TCP_NODELAY, then it will override the default delayed ACK frequency.
    • If all of the upload bandwidth is already used (easy if slow connection), then then disabling delayed ACK will lower performance because it will generate even more upload traffic.
    • If on a half duplex connection, then disabling delayed ACK will lower performance because only one party can sent at a time (Receiver will block the sender when sending ACK).
    • If on a ethernet hub with other computers(Instead of a switch), then disabling delayed ACK will lower performance because the increased traffic will increase chance of collision and require retransmissions.
Note Explorer.exe doesn't copy the next file before the previous file was acknowledged (XCOPY doesn't have this behavior). This means it that the receiver will only accept a file at every ACK interval, and as the default ACK interval is 200 ms, which means that the it will copy max 5 files/sec for a single connection (Imagine copying 1000 files of 1 Kbyte). The performance can be improved some if dragging a folder containing the files instead of selecting all the files and dragging.

Note SMB Signing requires that SMB commands are processed synchronously, so a client is only allowed to send the next SMB command when it receives ACK of the previous one (Only one outstanding). This means that a client can max sent 5 SMB Commands/sec, as it has to wait for the Server's 200 ms ACK delay before it is allowed to sent the next SMB Command. This can cause very low performance when copying small files to a Server with SMB signing enabled (Imagine copying 1000 files of 1 Kbyte).

Note if a computer's only job is to receive large files or streaming data, one can increase performance by increasing the number of outstanding ACKs before it sends an ACK (TcpAckFrequency). It will allow acknowledgment of large chunks of data with a single ACK packet instead of sending ACK for every 2 packet. Make sure that the TCPIP RWIN is larger than TcpAckFrequency*MTU, as the sender will stop sending data if it fills the TCPIP RWIN without getting an ACK. Recommended values:
  • 1 GigaBit: TcpAckFrequency = 13 (RWIN = 64 KByte)
  • 100 MegaBit: TcpAckFrequency = 5 (RWIN = 17 KByte)
  • 10 MegaBit: TcpAckFrequency = 2 (RWIN = 8 KByte)
More Info MS KB Q214397
More Info MS KB Q823764

23. Increase the max limit for concurrent TCP connections

There is a parameter that limits the maximum number of connections that TCP may have open simultaneously.
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Tcpip \Parameters]
TcpNumConnections = 0x00fffffe (Default = 16,777,214)

Note a 16 Million connection limit sounds very promising, but there are other parameters (See below), which keeps us from ever reaching this limit.
When a client makes a connect() call to make a connection to a server, then the client invisible/implicit bind the socket to a local dynamic (anonymous, ephemeral, short-lived) port number. The default range for dynamic ports in Windows is 1024 to 5000, thus giving 3977 outbound concurrent connections for each IP Address. It is possible to change the upper limit with this DWORD registry key:
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Tcpip \Parameters]
MaxUserPort = 5000 (Default = 5000, Max = 65534)

Note it is possible to reserve port numbers so they aren't used as dynamic ports in case one have a certain application that needs them. This is done by using the ReservedPorts (Q812873) setting.

More Info MS KB Q196271
More Info MS KB Q319502
More Info MS KB Q319504
More Info MS KB Q328476
More Info MS KB Q836429
Even when not having 3977 concurrent connections for each IP Address, then it is still possible to run out of available port numbers or TCB's. This can happen if quickly opening and closing connections, because after a connection is "closed" it enters the state TIME_WAIT, and will continue to occupy the port number for 4 minutes (2*Maximum Segment Live, MSL) before it is actually removed. This behavior is specified in RFC 793, and prevents attempts to reconnect to the same party, before the old socket is recognized as closed at both sides. It is possible to change how long a socket should be in TIME_WAIT state before it can be re-used freely:
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \services \Tcpip \Parameters]
TcpTimedWaitDelay = 120 (Default = 240 secs, Range = 30-300)

More Info MS KB Q137984
More Info MS KB Q149532
More Info MS KB Q832954

Note with Win2k the reuse of sockets have been changed, so when reaching the limit of more than 1000 connections in TIME-WAIT state, then it starts to mark sockets that have been in TIME_WAIT state for morethan 60 secs as free. It is possible to configure this limit:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \services \Tcpip \Parameters]
MaxFreeTWTcbs = 1000 (Default = 1000 sockets)

Note with Win2k3 SP1 the reuse of sockets have been changed, so when it has to re-use sockets in TIME_WAIT state, then it checks whether the other party is different from the old socket. Eliminating the need to fiddle with (TcpTimedWaitDelay) and (MaxFreeTWTcbs) any more.
If using an application protocol that doesn't implement timeout checking, but relies on the TCPIP timeout checking without specifying how often it should be done, then it is possible to get connections that "never" closes, if the remote host disconnects without closing the connection properly. The TCPIP timeout checking is by default done every 2 hour, by sending a keep alive packet. It is possible to change how often TCPIP should check the connections (Affects all TCPIP connections):
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \services \Tcpip \Parameters]
KeepAliveTime = 1800000 (Default = 7,200,000 milisecs)

More Info MS KB Q140325
For each connection a TCP Control Block (TCB - Data structure using 0.5 KB pagepool and 0.5 KB non-pagepool) is maintained. The TCBs are pre-allocated and stored in a table, to avoid spending time on allocating/deallocating the TCBs every time connections are created/closed. The TCB Table enables reuse/caching of TCBs and improves memory management, but the static size limits how many connections TCP can support simultaneously (Active + TIME_WAIT). Configure the size of the TCB Table with this DWORD registry key:
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Tcpip \Parameters]
MaxFreeTcbs = 2000 (Default = RAM dependent, but usual Pro = 1000, Srv=2000)
To make lookups in the TCB table faster a hash table has been made, which is optimized for finding a certain active connection. If the hash table is too small compared to the total amount of active connections, then extra CPU time is required to find a connection. Configure the size of the hash table with this DWORD registry key (Is allocated from pagepool memory):
[HKEY_LOCAL_MACHINE \System \CurrentControlSet \services \Tcpip \Parameters]
MaxHashTableSize = 512 (Default = 512, Range = 64-65536)

Note Microsoft recommends for a multiprocessor environment, that the value should not be higher than the maximum amount of concurrent connections (MaxFreeTcbs), also if multiprocessor then it might be interesting to look at the registry-key NumTcbTablePartitions (Recommended value CPU-count multiplied by 4).

More Info MS KB Q151418
Note if using the Professional/Home edition of Windows then it is very likely that it is crippled (By Microsoft) not to handle many concurrent TCP connections. Ex. Microsoft have officially stated that the backlog limit is 5 (200 when Server), so the Professional edition is not able to accept() more than 5 new connections concurrently. More Info MS KB Q127144

Note even if having optimized Windows to handle many concurrent connections, then connections might still be refused when reaching a certain limit, in case a NAT-Router/Firewall is placed infront of it, which is unable to handle so many concurrent connections.

Note if having activated SYN-Attack-Protection (Enabled by default in Win2k3 SP1) or installed WinXP SP2, a limit is introduced on how many connection attempts (half-open) one can make simultaneously. This will limit worms like blaster and sasser from spreading too fast, but it will also limit other applications that creates many new connections simultaneously (Like P2P).
EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts

More Info www.LvlLord.de

24. Microsoft TCP/IP Version 6 (IPv6) can make network slow

Internet Procotol ver. 6 (IPv6) contains many new improvements:
  • 128 bit address space (IPv4 uses 32 bit)
  • Easier configuration (IPv4 uses DHCP or manual setting static IP address)
  • Built-in security
  • Better support for QoS
Sadly enough not all Internet Service Providers (ISP) are able to handle IPv6 properly. For example some IPv4 DNS servers cannot handle IPv6 "AAAA"-record lookup requests. Instead of replying NOERROR and an empty reply, then they respond NXDOMAIN or NAME_ERROR or not responding at all. This either causes very slow DNS lookups because of timeouts or failure to perform the DNS lookup at all.

To uninstall IPv6 (And only use IPv4):
  1. Open Control Panel -> Network Connection
  2. Right Click the network interface card, and select Properties.
  3. Select IPv6 and press Uninstall
  4. Restart
More Info MS KB Q815768
More Info MS KB Q817778