Win2003 Settings Tips Daquan Server

Windows Server 2003 3790 version identification

Rtm=release to manufacture (mass production) is a version to the hardware manufacturer! is to send to the plate, not to sell.
Oem=original equipment manufacturer can only be installed completely, and RTM is similar, just call different. Rtl=retail (Retail) official Retail edition, can be upgraded or new installation.
Vlk=volume License a large number of authorized editions, also known as Enterprise Edition. No activation required. (The so-called Simplified Chinese VLK version of the Internet is actually the ordinary Simplified Chinese version of the VLK version of the 8 documents)


Two, different versions of Windows Server 2003

Windows Server 2003 Web Edition: Provides a web hosting and service platform for rapid development, deployment of Web services, and applications. Support 2-way SMP (symmetric multi-processing) system, 2GB memory.

Windows Server 2003 Standard Edition: for small and medium business and departmental applications. Supports 4-way SMP, 4GB RAM. Windows Server 2003 Enterprise Edition: For centers and large organizations, with 32-bit and 64-bit two versions. Support for 8 node clusters, NUMA, 8-way SMP, where 32-bit version supports 32GB memory, and 64-Bit Edition supports 64GB memory.

Windows Server 2003 Datacenter Edition: for enterprises that require strong scalability and high availability, there are 32-bit and 64-bit two versions. 32-bit version support 32-channel SMP, 64GB memory, 64-bit version support 64-way SMP, 512GB memory, two versions support 8 node cluster,
Numa

Third, Windows Server 2003 version 3790 activation

Before the official version of the number is out, there are several popular ways to activate it:
(1) Reset5.02, operating in Safe mode can be activated, the time to adjust to 2008 years are no problem, all the use of normal. can be upgraded. Disadvantage: The activation program is completely shielded, performance for running msoobe/a without any display, and in the service has a reset5, boot will automatically run this service, C:windowssystem32srvany.exe, this program should be RESET5 added into the system.

(2) Russia cracked, remember in the XP era, as long as the Setupreg.hiv in the installation before the replacement, and then the phone can be activated to achieve the perfect activation of the realm, can be in 2003, this way after the current display has been activated, but if you adjust the time to boot again will show to activate, or even can not use. The key to the estimated secondary problem is the Setupreg.hiv file.

(3) In the forum, someone posted a Winxpactivation.exe file, known to be activated, in fact this is still false activation, temporarily shielding the activation program, is not able to modify the time.

(4) Use the substitution method to make out the pseudo VLK, installs uses all has no problem, just cannot upgrade. VLK is a replacement for the English version of 8 files. But SN has been blocked by Microsoft. So it cannot be upgraded, but this method is the most stable, without any problems.

Conclusion: We recommend activating and reset5.02 activation with 8 replacement methods!

Four, Win 2003 server some of the optimization settings

1. Disable the Configure Server Wizard:

Prohibit the presence of the Configure Your Server Wizard (Manage Your server):-> Administrator tool (Administrative Tools)-> manage Your server in Control Panel (Manage Your Server), and then in the lower-left corner of the window, check "Do not show this page when you log on" (Don t display this page at logon).

2. Enabling hardware and DirectX acceleration

* Hardware acceleration: Desktop Right-click-Property (properties)-> settings (Settings)-Advanced (Advanced)-Troubleshooting (Troubleshoot). Pull the hardware acceleration scroll bar of the page to full, preferably click OK to save the exit. This may be a moment of black screen is completely normal.

*directx acceleration: Open start-> Run, type "DxDiag" and enter the "DirectX Diagnostics Tool" (DirectX tools), on the display page, Click DirectDraw, Direct3dand AGP texture accelerate three buttons to enable acceleration. Pull the "Hardware acceleration level for sound" (Hardware Sound acceleration levels) scroll bar to full acceleration.

3. Enable sound card:

After the system is installed, the sound card is prohibited, so you want to enable it in the Control Panel-> sound->, reboot and then set it in the taskbar display. If you are using the Windows Server 2003 Standard version, make it from step two, because the standard version has allowed sound services. * Open Start-> "Run", type "services.msc", locate "Windows Audio" in the window that appears, and double-click it, and then select Auto in the Drop-down menu in startup mode (startup type) (Automatic) and click "Apply" (apply)-> "Start" (start)-> "OK" (OK)

* Open Start-> "Run", type "DxDiag" and enter "DirectX Diagnostics Tool" (DirectX tools), and on the "Sound" page, "Hardware acceleration level of sound" The scroll bar (Hardware Sound acceleration level) is pulled to full speed acceleration.

4. How to enable ASP support:

Windows Server 2003 is installed by default and is not installed with IIS 6 and requires additional installation. After installing IIS 6,

Support for ASPs also needs to be turned on separately. The method is: Control Panel-> management Tools->web Service Extensions-> Active Server Pages-> allowed.

5. How to enable XP Desktop themes:

* Open "Start" (start)-> "Run", type "Services.msc", select Themes "Subject" (default is prohibited), then change to "automatic", press "Apply", select "Open". * Then click on the "desktop" attribute, select "Windows XP" in "theme" * My Computer----properties----Advanced----performance-----use shading for icon labels on the desktop

6. Shutdown reasons for the shutdown is prohibited to choose:

Shutdown Event Tracking (Shutdown event Tracker) is also a setup that differs from other workstation systems in Windows Server 2003, which is a necessary choice for the server, but it is not useful for workstation systems and we can also ban it. Open "Start" Start-> "Run" runs run-> enter "Gpedit.msc", in the left portion of the window that appears, select Computer Configuration (Computer Configuration)-> "Administrative Templates" (administrativetemplates)-> "System", in the right window, double-click "Display Shutdown Event Tracker" in the dialog box that appears, select "Prohibit" (Disabled), click then " Ok "(OK) to exit after saving, so that you will see Windows 2000-like Shutdown window

7. How to use USB hard drive, u disk, add already partition hard disk

My Computer (right-click)----Manage----Disk Management-----Perform import and assignment letter operations on the appropriate hard disk

8. Display all components in Control Panel:
Replace the "Hide" in the Sysoc.inf file in the Windowsinf directory.

9. Disable Internet Explorer enhanced security and the presence of the stop-safe query box Customize the security level of IE in the IE tools option. Pull the scroll bar on the Security tab to set Internet zone security to Medium (Medium) or medium low. Modify the selection "prompt" in the Customization settings to select "Prohibit" or "enable".

10. Disable boot Ctrl+alt+del and implement automatic login

* Method 1: Open the registry (run-> "Regedit"), and then open: Hkey_local_machin│software│microsoft│windows nt│currentversion│winlogon section, Right-click in this paragraph to create a new two string segment, autoadminlogon= "1", and defaultpassword= "Set password for Superuser administrator."
Note that you must set a password for the administrator, or you will not be able to implement self booting. You can then restart Windows to enable automatic logon.

* Method 2: Administrative Tools-> Local security Settings (local safety policy)-> the native Policies policy-> security Options->
Interactive logon:do not require Ctrl+alt+del, enabled.
Interactive Logon:do not display the last user name enabled (login window does not show logon username)

* Method 3 (Automatic login): Use the Windows XP tweak UI to automate Server 2003 login.
Download: Tweak Uihttp://www.ssite.org/uppic/sun_pic/...003/tweakui.exe

Execute TweakUI.exe directly on the left panel select logon-> autologon-> on the right tick log on Automaticallyat system startup enter your username and domain (if not write) Click the set Password below, enter the username password, and then click OK.

11. Hide Files

Windows Server 2003 displays all folders by default, and if you don't want to, you can hide it by doing it: Open any folder, select Tools-> Folder Options-> Check (View), adjust the contents of the Display system folder, hide protected operating system files, hidden files and folders three items

12. Allow built-in IMAPI cd-burning services and support for Windows Imaging Device services

Allow built-in IMAPI cd-burning services and support for Windows Imaging Device services * If you want to enable Windows built-in IMAPI cd-burning service. Do the following xx: Open "Start" (start)-> "Run", type "services.msc", locate "IMAPI cd-burning COM Service" in the window that appears, and double-click it, and then in the startup mode Type), select "Automatic" (Automatic) and click Apply-> "Start" (start)-> "OK"


* If you have a video device like a digital camera or scanner, you should turn on the Windows Image Acquisition service. Open start-> Run, type "services.msc", locate "Windows Image Acquisition (WIA)" In the window that appears, and double-click it, and then in startup mode (Startup type "Automatic" and click "Apply"-> "Start" (start)-> "OK" (OK).

13. Advanced Settings

* We can modify some of the advanced settings for Windows Server 2003 to fit the workstation's application environment. Right-click on "My Computer" (my Computer)--Attributes (properties)--Advanced (Advanced)--Performance (performance)--Settings (Setting)--Advanced (Advanced), "Processor planning" (Processor scheduling) and memory usage (Memory usage) are assigned to Programs (PROGRAMS) for use. Then click "OK" (OK.)

* Disable Error Reporting
Right-click on "My Computer" (my Computer)--Attributes (properties)--Advanced (Advanced)--click on the "Error Report" (Reporting) button, in the window that appears to "Disable error Reporting" (Disable error Reporting) Select and check "but notify me when serious errors occur" (But, notify me when critical errors occur.)

* Adjust virtual memory
Some friends often feel overwhelmed with shutting down and logging off, and the solution is to disable virtual memory so that your logoff and shutdown times may be much faster. Right-click on "My Computer" (my Computer)--Properties--high (Advanced)--Performance (performance)--Settings (Setting)--Advanced (Advanced), click "Virtual Memory" (Virtual memory) section of change, and then select No paging file in the window that appears. Reboot the system.

14. Speed up start-up and operation

* Modify the registry, reduce prefetching, reduce progress bar wait time: Start → run →regedit start Registry Editor, Hkey_local_ Machinesystemcurrentcontrolsetcontrolsessionmanagermemory Managementprefetchparameters, there is a key value named Enableprefetcher, Its value is 3, change it to "1" or "5". Find Hkey_local_machinesystemcurrentcontrolsetcontrol,waittokillservicetimeout set to: 1000 or smaller. (Original Set Value: 20000) to find Hkey_current_usercontrol paneldesktop key, the right window waittokillapptimeout to 1000, (original set Value: 20000) that is, close the program only wait 1 seconds.
Change the Hungapptimeout value to: 200 (original Set Value: 5000), which indicates that the program waits 0.5 seconds for errors.


* Allow the system to automatically shut down programs that stop responding.
Open the registry Hkey_current_usercontrol paneldesktop key and set the Autoendtasks value to 1. (Original Set Value: 0)

* Disable System services QoS Start menu → run → type gpedit.msc, the Group Policy window appears, expand Administrative Templates → network, expand QoS Packet Scheduler, and right-click limit reserved bandwidth in the right pane, and in the settings in the property, restrict the retention of bandwidth, and select Choose "Disabled", OK. When the above modifications are completed and applied, the user can see the QoS Packet Scheduler (QoS Packet Scheduler) in the General Properties tab bar of the Properties dialog box for the network connection. Description The modification was successful or the modification failed.

* Change the speed of window popup:
Locate the HKEY_CURRENT_USER\Control Panel\desktop\windowmetrics branch, locate the MinAnimate key value in the window on the right, the type is REG_SZ, and by default the value of this health value is 1, Represents an animation that opens a window display, changes it to 0, suppresses animation, and then selects the logout command from the Start menu to activate the modification you just made.

* Disable compression for Windows XP:
Click "Run" under "Start", enter "regsvr32/u Zipfldr.dll" in the "Run" input box, and then press ENTER.

* Set the starting information or warning message for the personality:
Personalized Windows XP Startup: Open Registry Editor, find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Branch, Double-click the LegalNoticeCaption health value, hit the Edit String dialog box, and enter the information you want in the text box under Value data, such as "Buddy, Hello!" , and then click OK to reboot. If you want to change the warning message, double-click the LegalNoticeText health Value name, enter the warning message you want to display in the Edit String window that appears, and then click OK to reboot.

15. Install Java VM
Windows Server 2003 does not have an integrated MS Java VM or a Sun Java VM, and you can download and install it yourself.

16. Install DirectX 9a

Installing DirectX 9a on Windows Server 2003 and installing DirectX 9a on other versions of Windows is the same. You must first enable DirectX and Graphics acceleration before you install.

17. Available antivirus software and firewalls: Symantec Norton Antivirus Corporate 8.0Zone Alarm 3.7.159 Norton Personal Firewall 2003

V. How to prevent IPC $ intrusion

1, prohibit the null connection enumeration (This operation does not prevent the establishment of an empty connection)

First run regedit, find the following build [Hkey_local_machinesystemcurrentcontrolsetcontrollsa] to the RestrictAnonymous = DWORD key value to: 00000001. RestrictAnonymous reg_dword0x0 Default 0x1 Anonymous users cannot enumerate native user lists 0x2 anonymous users cannot connect to native IPC $ sharing Description: 2 is not recommended, or it may cause some of your services to fail to start, such as SQL Server

2. Prohibit default sharing

1 View local shared resources
Run-cmd-input net share
2 Delete Share (one at a time)
NET share IPC $/delete
NET share Admin $/delete
NET share C $/delete
NET share D $/delete (if there is a e,f,...... can continue to delete)
3) Modify registry Delete share run-regedit find the following primary key [Hkey_local_machinesystemcurrentcontrolsetserviceslanmanserverparameters]
Change the key value of AutoShareServer (DWORD) to: 00000000. If the primary key mentioned above does not exist, create a new (right-click-New-Double-byte value) and change the key value.

3. Stop Server service

1 Temporarily Stop Server service net stop server/y (Server service will reopen after reboot)
2 permanently turn off IPC $ and default shared-dependent services: LanManServer-Server Services Control Panel-Administrative Tools-services-Locate the Server service (right-click)-Properties-general-Startup type-disabled

4, install the firewall (check the relevant settings), or port filtering (filter out 139,445, etc.)

1. Unlocking file and Printer sharing bindings

Right-click on the desktop [Network Neighborhood]→[Properties]→[local connection]→[properties], remove the "File and Printer sharing from Microsoft Network" check box, and unlock file and printer sharing bindings. This will prohibit all requests from 139 and 445 ports, and others will not be able to see the shared computer.

2). Using TCP/IP filtering

Right-click on the desktop [Network Neighborhood]→[Properties]→[local connection]→[properties] to open the Local Area Connection Properties dialog box. Select the Internet Protocol (TCP/IP)]→[Properties]→[advanced]→[Options], click to select the TCP/IP filter option in the list. Click the Properties button, select Allow only, and then click the Add button (Figure 2) to fill in the port that you want to use except for 139 and 445. So that when someone scans the 139 and 4,452 ports using the scanner,
There will be no response.

3. Use IPSec security policy to block access to ports 139 and 445

Select [My Computer]→[Control Panel]→[Management tool]→[Local Security policy]→[IP security policy, in the local machine], where you define an IPSec security policy rule that prevents any IP addresses from accessing IP addresses from the TCP139 and TCP445 ports, so that when someone uses a scanner scan, The 139 and 4,452 ports on this machine do not give any response.


4). Use firewall to protect against attack

You can also set the firewall to prevent other machines from using native sharing. As in "Skynet Personal Firewall," Select an empty rule, set packet direction to "receive", the other IP address selected "Any address", the protocol is set to "Choose an empty rule, set the direction of the packet to receive", the other IP address selected "Any address", the protocol is set to "TCP", the local port is set to " 139 to 139 ", the offset port is set to" 0 to 0 ", the set flag is" SYN ", the action is set to" intercept ", and the last click the OK button, and this rule is checked in the custom IP Rules list to initiate the interception of the 139 port attack (Figure 3).

5, to all accounts to set up a complex password to prevent through the IPC $ poor lift password

Vi. various VLK versions of Windows Online update (WIN2003 server can also)

The following addresses are suitable for various VLK versions of Windows online updates (actually downloading the update packages from the Microsoft site and then installing them yourself).
This method does not check the legality of serial numbers like XP built-in online updates.
Already tested, available.