Managing NT Logons

Errata for Managing NT Logons

Submit your own errata for this product.


The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
Printed
Page 30
fifth paragraph

The first half of the fifth paragraph down now reads: "Both the LAN Manager-compatible password and the Windows NT password are stored doubly encrypted in the SAM. The first encryption is a one-way function (OWF) encryption of the clear text password, and that encryption is generally considered unbreakable. The second encryption is an encryption of the user's relative ID. To decrypt it, you would need to have access to the user's relative ID as well as the algorithm for the double-encrypted password." Should read: "Both the LAN Manager-compatible password and the Windows NT password are stored doubly encrypted in the SAM. The first encryption is a one-way function (OWF) encryption of the clear text password, and the second encryption is an encryption of the user's relative ID. To decrypt it, you would need to have access to the user's relative ID as well as the algorithm for the double-encrypted password."

Anonymous   
Printed
Page 68
first paragraph

The first paragraph now reads: "Of course, the phrase "accurate clock" is a relative term for computers (in fact, it's a joke). For real accuracy you can install Timeserve.exe from the Windows NT Server Resource Kit. This utility uses a timesource that you specify when you configure the program. You can, for example, dial out to use a national or international time source." Should read: "Of course, the phrase "accurate clock" is a relative term for computers (in fact, it's a joke). For real accuracy you can install Timeserve.exe or W32Time.exe. Don't use the version of Timeserve.exe that's in the Windows NT 4 Server Resource Kit, it's not Year 2000 compliant. Instead, download either of these programs from Microsoft at ftp://ftp.microsoft.com/reskit/y2kfix/. These utilities use a timesource that you specify when you configure the program. You can, for example, dial out to use a national or international time source."

Anonymous   
Printed
Page 207
The "net time" section should read

"Use this command to synchronize a computer's clock with the clock of another computer. The syntax is: net time [\computername | /domain[:domainname]] {/set] where: \computername is the computer with the clock you're using as the standard /domain uses the PDC for the local domain as the standard /domain:domainname uses the PDC for the target domain as the standard /set changes the local computer's time to match the target computer Omit the /set switch to display the current time for the target computer. You can use a Windows NT domain controller (PDC or BDC) as the official timekeeper, which means that computer is the automatic target of the set time command for all computers in the domain. No target computer is required in the syntax, just enter the command net time /set /yes and the local computer automatically synchronizes to the offical timekeeper computer. To accomplish this: 1. Open the registry of the DC that has the most accurate clock. 2. Go to HKLMSystemCurrent Control SetServicesLanmanServerParameters. 3. Add a new DWORD data key named TimeSource and set the value to 1. Of course, the phrase "accurate clock" is a relative term for computers. If you want to use this command in a user logon script, you must assign sufficient rights to the user to avoid returning an error. The ability to change the system time on the local computer requires Power User or Administrator rights in User Manager, but instead of upgrading users, you can grant the right to change the system time to Authenticated Users. To do so, open User Manager on the local computer and choose Policies->User Rights. Select the right Change the system time and click Add. Selecting Everyone or Authenticated Users should guarantee that logon scripts with this command work properly.

Anonymous