To resolve this problem, uninstall the ghosted network adapter from the registry using one of the following methods:
Method 1
Click Start, click Run, type cmd.exe, and then press ENTER.
Type set devmgr_show_nonpresent_devices=1, and then press ENTER.
Type Start DEVMGMT.MSC, and then press ENTER.
Click View, and then click Show Hidden Devices.
Expand the Network Adapters tree.
Right-click the dimmed network adapter, and then click Uninstall.
Method 2
The DevCon utility is a command-line utility that acts as an alternative to Device Manager. When you use DevCon, you can enable, disable, restart, update, remove, and query individual devices or groups of devices. To use DevCon, follow these steps:
Download the DevCon tool by clicking the following article number to view the article in the Microsoft Knowledge Base:
311272 (http://support.microsoft.com/kb/311272/ ) The DevCon command-line utility functions as an alternative to Device Manager
Unpack the 32-bit or 64-bit DevCon tool binary to a local folder.
Click Start, click Run, then type cmd and press ENTER.
Type CD:\path_to_binaries to navigate to the devcon.exe is located.
Use the following syntax to find installed network adapters:
devcon findall =net or
devcon listclass net
Note In the output of the previous commands, there is a line for the ghosted network adapter that is similar to the following:
PCI\VEN_10B7&DEV_9200&SUBSYS_00D81028&REV_78\4&19FD8D60&0&58F0: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
Remove the ghosted device by typing the following syntax:
devcon -r remove "@PCI\VEN_10B7&DEV_9200&SUBSYS_00D81028&REV_78\4&19FD8D60&0&58F0"
Thursday, September 24, 2009
Saturday, August 29, 2009
Problem and Solution: Dirves are opening "Open With" window?
If you all are facing problem during double click on your local drive and it show you “Open with”. Then I am sure it’s a virus attack. Generally these viruses speared by Yahoo messenger.
Follow the steps given below to clean this virus and make your PC up to date:
1. First you need to fix this “Open With” window problem:
Click here for Reference:
Generally when a virus infects a windows system which causes a drive opening problem, it automatically creates a file named autorun.inf in the root directory of each drive.
This autorun.inf file is a read only ,hidden and a system file and the folder option is also disabled by the virus. This is deliberately done by the virus in order to protect itself. autorun.inf initiates all the activities that the virus performs when you try to open any drive.
You have to just delete this file and restart your system to correct this problem.
Follow the set of commands below to show and delete the autorun.inf
1. Open Start>>Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps.
2. type cd\
3. type attrib -r -h -s autorun.inf
4. type del autorun.inf
5. now type d: and press enter for d: drive partition. Now repeat steps 3 and 4. Similarly repeat step 5 for all your hard disk partition.
Restart your system and your trouble will be fixed.
2. After Restarting of system, if you face problem like :
a.
Windows cannot find ‘C:\WINDOWS\System32\WinSit.exe’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.”
b.
Windows cannot find “C:\WINDOWS\inf\Other.exe“. Make sure you typed the name correctly, and then try again.TO search for a file,click the start button, and then click search.
You need to follow these steps to resolve this problem or click here:
Go to Start –> run typein msconfig then goto the Startup tab then disable the exe from starting with windows
1. Click on OK button and restart the window.
2. WinSit.exe is part of a Worm named ‘W32/VB-DXN’ as far a i know it is spread via Yahoo instant messenger, it installs itself to various locations on the host computer you should check the following locations on your machine and remove any of the lsited files:-
C:\WINDOWS\Help\Other.exe
C:\WINDOWS\inf\Other.exe
C:\WINDOWS\dc.exe
C:\WINDOWS\sviq.exe
C:\WINDOWS\SYSTEM\Fun.exe
C:\WINDOWS\SYSTEM\WinSit.exe
C:\WINDOWS\config\Win.exe
It also creates the registry entries:-
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
run
\config\Win.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
dc2k5
\SVIQ.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Fun
\Fun.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
dc
\dc.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
\inf\Other.exe
You should remove any of these occurrences that you find.
Please also check the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe \WinSit.exe
You should remove this entry. But save or print this information before removing.
Because after these changes if we restart the system, it might be possible that your desktop will not load so you just follow these steps to restore this entry in windows Registry.
1. Press ALT+Ctrl+Del to open Windows Task Manager.
2. Go on File — > New Task ( Run ).
3. type regedit and press ok.
4. locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogo
5. Double click on shell.
6. Insert “Explorer.exe C:\WINDOWS\system32\WinSit.exe” in to “Value Data”.
7. Close the Registry.
8. Restart machine.
9. That’s it.
Follow the steps given below to clean this virus and make your PC up to date:
1. First you need to fix this “Open With” window problem:
Click here for Reference:
Generally when a virus infects a windows system which causes a drive opening problem, it automatically creates a file named autorun.inf in the root directory of each drive.
This autorun.inf file is a read only ,hidden and a system file and the folder option is also disabled by the virus. This is deliberately done by the virus in order to protect itself. autorun.inf initiates all the activities that the virus performs when you try to open any drive.
You have to just delete this file and restart your system to correct this problem.
Follow the set of commands below to show and delete the autorun.inf
1. Open Start>>Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps.
2. type cd\
3. type attrib -r -h -s autorun.inf
4. type del autorun.inf
5. now type d: and press enter for d: drive partition. Now repeat steps 3 and 4. Similarly repeat step 5 for all your hard disk partition.
Restart your system and your trouble will be fixed.
2. After Restarting of system, if you face problem like :
a.
Windows cannot find ‘C:\WINDOWS\System32\WinSit.exe’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.”
b.
Windows cannot find “C:\WINDOWS\inf\Other.exe“. Make sure you typed the name correctly, and then try again.TO search for a file,click the start button, and then click search.
You need to follow these steps to resolve this problem or click here:
Go to Start –> run typein msconfig then goto the Startup tab then disable the exe from starting with windows
1. Click on OK button and restart the window.
2. WinSit.exe is part of a Worm named ‘W32/VB-DXN’ as far a i know it is spread via Yahoo instant messenger, it installs itself to various locations on the host computer you should check the following locations on your machine and remove any of the lsited files:-
C:\WINDOWS\Help\Other.exe
C:\WINDOWS\inf\Other.exe
C:\WINDOWS\dc.exe
C:\WINDOWS\sviq.exe
C:\WINDOWS\SYSTEM\Fun.exe
C:\WINDOWS\SYSTEM\WinSit.exe
C:\WINDOWS\config\Win.exe
It also creates the registry entries:-
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
run
\config\Win.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
dc2k5
\SVIQ.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Fun
\Fun.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
dc
\dc.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
\inf\Other.exe
You should remove any of these occurrences that you find.
Please also check the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe \WinSit.exe
You should remove this entry. But save or print this information before removing.
Because after these changes if we restart the system, it might be possible that your desktop will not load so you just follow these steps to restore this entry in windows Registry.
1. Press ALT+Ctrl+Del to open Windows Task Manager.
2. Go on File — > New Task ( Run ).
3. type regedit and press ok.
4. locate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogo
5. Double click on shell.
6. Insert “Explorer.exe C:\WINDOWS\system32\WinSit.exe” in to “Value Data”.
7. Close the Registry.
8. Restart machine.
9. That’s it.
Monday, August 3, 2009
How to check Windows for 32-bit OS or 64-bit OS
Windows Vista
Method 1
1.Click Start, then click on Run or Start Search.
2.Type msinfo32.exe and then press Enter key.
3.In “System Information”, review the value for the System Type item:
•For 32-bit editions of Windows, the value of the System Type item is x86-based PC.
•For 64-bit editions of Windows, the value of the System Type item is x64-based PC.
Method 2
1.Click Start, type system in the “Start Search” box, and then click system in the “Programs” list.
2.The operating system appears as follows:
•For a 64-bit version operating system: 64-bit Operating System appears for the “System type” under “System”.
•For a 32-bit version operating system: 32-bit Operating System appears for the “System type” under “System”.
Method 3
1.Click Start, type system in the “Start Search” box, and then click System Information in the “Programs” list.
2.The operating system appears as follows:
•For a 64-bit version operating system: x64-based PC appears for the “System type” under “Item”.
•For a 32-bit version operating system: x86-based PC appears for the “System type” under “Item”.
Microsoft Windows XP Professional
Method 1
1.Click Start, then click on Run or Start Search.
2.Type msinfo32.exe and then press Enter key.
3.In “System Information”, review the value for the System Type item:
•For 32-bit editions of Windows, the value of the System Type item is x86-based PC.
•For 64-bit editions of Windows, the value of the System Type item is x64-based PC.
Method 2
1.Click Start, click Run, type sysdm.cpl, and then click OK.
2.Click the General tab. The operating system appears as follows:
•For a 64-bit version operating system: Microsoft Windows XP Professional x64 Edition Version appears under System.
•For a 32-bit version operating system: Microsoft Windows XP Professional Version appears under System.
Note is a placeholder for a year.
Method 3
1.Click Start, click Run, type winmsd.exe, and then click OK.
2.In the details pane, locate Processor under Item. Note the value.
•If the value that corresponds to Processor starts with x86, the computer is running a 32-bit version of the Windows operating system.
•If the value that corresponds to Processor starts with ia64 or AMD64, the computer is running a 64-bit version of the Windows operating system.
Microsoft Windows Server 2003
Method 1
1.Click Start, click Run, type sysdm.cpl, and then click OK.
2.Click the General tab. The operating system appears as follows:
•For a 64-bit version operating system: Microsoft Windows Server 2003 Enterprise x64 Edition appears under System.
•For a 32-bit version operating system: Microsoft Windows Server 2003 Enterprise Edition appears under System.
Method 2
1.Click Start, click Run, type winmsd.exe, and then click OK.
2.In the details pane, locate Processor under Item. Note the value.
•If the value that corresponds to Processor starts with x86, the computer is running a 32-bit version of the Windows operating system.
•If the value that corresponds to Processor starts with EM64T or ia64, the computer is running a 64-bit version of the Windows operating system.
Method 1
1.Click Start, then click on Run or Start Search.
2.Type msinfo32.exe and then press Enter key.
3.In “System Information”, review the value for the System Type item:
•For 32-bit editions of Windows, the value of the System Type item is x86-based PC.
•For 64-bit editions of Windows, the value of the System Type item is x64-based PC.
Method 2
1.Click Start, type system in the “Start Search” box, and then click system in the “Programs” list.
2.The operating system appears as follows:
•For a 64-bit version operating system: 64-bit Operating System appears for the “System type” under “System”.
•For a 32-bit version operating system: 32-bit Operating System appears for the “System type” under “System”.
Method 3
1.Click Start, type system in the “Start Search” box, and then click System Information in the “Programs” list.
2.The operating system appears as follows:
•For a 64-bit version operating system: x64-based PC appears for the “System type” under “Item”.
•For a 32-bit version operating system: x86-based PC appears for the “System type” under “Item”.
Microsoft Windows XP Professional
Method 1
1.Click Start, then click on Run or Start Search.
2.Type msinfo32.exe and then press Enter key.
3.In “System Information”, review the value for the System Type item:
•For 32-bit editions of Windows, the value of the System Type item is x86-based PC.
•For 64-bit editions of Windows, the value of the System Type item is x64-based PC.
Method 2
1.Click Start, click Run, type sysdm.cpl, and then click OK.
2.Click the General tab. The operating system appears as follows:
•For a 64-bit version operating system: Microsoft Windows XP Professional x64 Edition Version
•For a 32-bit version operating system: Microsoft Windows XP Professional Version
Note
Method 3
1.Click Start, click Run, type winmsd.exe, and then click OK.
2.In the details pane, locate Processor under Item. Note the value.
•If the value that corresponds to Processor starts with x86, the computer is running a 32-bit version of the Windows operating system.
•If the value that corresponds to Processor starts with ia64 or AMD64, the computer is running a 64-bit version of the Windows operating system.
Microsoft Windows Server 2003
Method 1
1.Click Start, click Run, type sysdm.cpl, and then click OK.
2.Click the General tab. The operating system appears as follows:
•For a 64-bit version operating system: Microsoft Windows Server 2003 Enterprise x64 Edition appears under System.
•For a 32-bit version operating system: Microsoft Windows Server 2003 Enterprise Edition appears under System.
Method 2
1.Click Start, click Run, type winmsd.exe, and then click OK.
2.In the details pane, locate Processor under Item. Note the value.
•If the value that corresponds to Processor starts with x86, the computer is running a 32-bit version of the Windows operating system.
•If the value that corresponds to Processor starts with EM64T or ia64, the computer is running a 64-bit version of the Windows operating system.
Thursday, July 16, 2009
Outlook Express. change the date on sent messages
It can be done, the caveat is, it will take time.
Drag a message out of Outlook Express onto the Desktop or into an empty folder.
Right click on the message,
Open with...
Select Notepad
I have a shortcut for Notepad in my Send To folder, all I have to do is right click on the file and choose Notepad. The message opens in Notepad.
The message headers will appear. In the message header there are about several date locations.
Correct the dates then save the file, File > Save
Close the file, then drag it back into Outlook Express, if all goes well, the corrected date should now appear for the message inside Outlook Express.
Repeat for subsequent messages.
I would keep that "wrongly dated sent emails folder" to itself (as the master copies) and drag the edited messages into another folder in Outlook Express, in case of unexpected or undesired results. You can then start over if needed.
Drag a message out of Outlook Express onto the Desktop or into an empty folder.
Right click on the message,
Open with...
Select Notepad
I have a shortcut for Notepad in my Send To folder, all I have to do is right click on the file and choose Notepad. The message opens in Notepad.
The message headers will appear. In the message header there are about several date locations.
Correct the dates then save the file, File > Save
Close the file, then drag it back into Outlook Express, if all goes well, the corrected date should now appear for the message inside Outlook Express.
Repeat for subsequent messages.
I would keep that "wrongly dated sent emails folder" to itself (as the master copies) and drag the edited messages into another folder in Outlook Express, in case of unexpected or undesired results. You can then start over if needed.
Thursday, July 9, 2009
ReInstalling WindowsXP Without loosing your settings!
ReInstalling WindowsXP Without loosing your settings
If you need to reinstall WindowsXP and want to keep all your current installed applications and settings:
1. Start WindowsXP
2. Go to the location of your source files
3. Run WINNT32 /unattend
I’ve often need to do this to repair something that had gotten corrupted and didn’t want to do a clean install.
Other Cool XP tips:
Adding SafeBoot to the Boot Menu:
You can add Safeboot as an option to the normal XP boot screen
1. Open a command prompt
2. Copy the current c:\boot.ini to another name (just in case)
3. With your favorite text editor, edit c:\boot.ini
4. Copy then edit the current boot line to another line. For example:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect
might copy and then change to:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional Safeboot” /fastdetect
5. Start MSCONFIG
6. Click on the BOOT.INI tab
7. Highlight the second line with the additional name of Safeboot
8. Check the /SAFEBOOT box with option you want
Minimal - Minimal set of drivers
Network - With Network Support
Dsrepair - Directory Services Repair
Minimal (Alternate Shell) - Standard Explorer Desktop
9. You will now have this option every time you start XP
Changing the Default DOS Window Properties:
If you want to change the default DOS windows properties like:
• Size
• Color
• Font
• Buffer Size
• Window / Full Screen
1. Open up a DOS window
2. Right click on the Title Bar
3. Select Defaults
4. Make any of the changes you like
5. All subsequent DOS windows will assume these defaults
Set the Online Registration as Being Completed
You can set WindowsXP to assume the online registration has been completed.
1. Run Regedit
2. Go to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion
3. Create a String Value called RegDone
4. Give it a value of 1
Download reg file
Rollback a Device Driver
If you install a device driver that does not work correctly,
you can restore the previous one fairly easily.
1. Log in with an administrator account
2. Right click on My Computer
3. Select Properties
4. Click on the Hardware tab
5. Click on the Device Manager button
6. Go to the device you want to reconfigure
7. Click on the Driver tab
8. Click on the Roll Back Drive button
WindowsXP Command Line Utilities
While there are a lot of command line utilities in WindowsXP, here are few good ones:
bootcfg - Configures, queries, or changes Boot.ini file settings.
driverquery - Displays a list of all installed device drivers and their properties.
getmac - Returns the media access control (MAC) address and list of network protocols associated with each address for all network cards in each computer
gpresult - Displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer
netsh - You can use commands in the Netsh Interface IP context to configure the TCP/IP protocol
schtasks - Schedules commands and programs to run periodically or at a specific time
systeminfo - Displays detailed configuration information about a computer and its operating system
* To get a quick help for all the commands you can enter from WindowsXP,
simply create a shortcut:
hh.exe ms-its:C:\WINDOWS\Help\ntcmds.chm::/ntcmds.htm
Creating an Automated Install of WindowsXP
On the WindowsXP CP, in the SUPPORT\TOOLS directory,
there is a file called DEPLOY.CAB.
1. Extract the programs DEPLOY.CHM (help file) and SETUPMGR.EXE (main program)
2. Run SETUPMGR and answer the prompts.
3. This will create both a unattend.bat and unattend.txt file you can use for automated installs.
4. Note: The batch file might need some minor modification for file locations but it is fairly basic.
Using the System File Checker
You can run the System File Checker to verify protected system files.Command line switches are:
sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/purgecache] [/cachesize=x]
• /scannow - Scans all protected system files immediately.
• /scanonce - Scans all protected system files once.
• /scanboot - Scans all protected system files every time the computer is restarted.
• /revert - Returns the scan to its default operation.
• /purgecache - Purges the Windows File Protection file cache and scans all protected system files immediately.
• /cachesize=x - Sets the size, in MB, of the Windows File Protection file cache.
Speeding Up the Display of Start Menu Items
An easy way to speed up the display of the Start Menu Items is to turn off the menu shadow.
1. Right click on an open area of the Desktop
2. Select Properties
3. Click on the Appearance tab
4. Click on the Effects button
5. Uncheck Show shadows under menus
Changing the Default Search Settings
By default, when you start a search,
you are prompted for what you want to search for.
(e.g. Pictures, Documents, Files, Computers)
To change the preferences, simply click on Change preferences
From here you can:
1. Turn off the animated screen character
2. Change files and folders search behavior (setting it to Advanced changes the default search screen to be for simply files)
3. Internet search settings
4. Turn off balloon tips
Adding / Removing Additional Programs
By default, WindowsXP does not display all the programs you can add or remove.
To show this list:
Edit the \Windows\Inf\sysoc.inf file
In the Components section, simply remove the word hide.
This will leave two commas together (like on the rest of the items).
Then you can go to the Control Panel / Add or Remove Programs / Add/Remove Windows Components and the new items will be displayed.
[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7
smarttgs=ocgen.dll,OcEntry,msnsl.inf,,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
Games=ocgen.dll,OcEntry,games.inf,,7
AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7
CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7
MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7
AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7
Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7
ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7
Changing Drive Letters
If you want to change the letters assigned to your fixed or removable drives:
1. Right Click on My Computer
2. Select Manage
3. Select Disk Management
For a Fixed Disk:
1. Select it
2. Right click
3. Select Change Drive Letter and Path
4. Click on the Edit button
5. Enter in the letter you want to use
For a Removable Disk:
1. In the lower, right hand panel, right click on the Disk or CD ROM #
2. Select Change Drive Letter and Path
3. Click on the Edit button
4. Enter in the letter you want to use
Note: This can only be done for drives that do not have the Operating System Installed or you are booting to.
Adding SafeBoot to the Boot Menu
You can add Safeboot as an option to the normal XP boot screen
1. Open a command prompt
2. Copy the current c:\boot.ini to another name (just in case)
3. With your favorite text editor, edit c:\boot.ini
4. Copy then edit the current boot line to another line. For example:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect
might copy and then change to:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional Safeboot” /fastdetect
5. Start MSCONFIG
6. Click on the BOOT.INI tab
7. Highlight the second line with the additional name of Safeboot
8. Check the /SAFEBOOT box with option you want
Minimal - Minimal set of drivers
Network - With Network Support
Dsrepair - Directory Services Repair
Minimal (Alternate Shell) - Standard Explorer Desktop
9. You will now have this option every time you start XP
Enable / Disable the Task Manager
1. Start Regedit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
3. Create the Dword value DisableTaskMgr
4. Give it a value of 0 to enable it
5. Give it a vaule of 1 to disable it
Download Reg File
NTLDR or NTDETECT.COM Not Found
If you get an error that NTLDR is not found during bootup,
If you have FAT32 partitions, it is much simpler than with NTFS.
Just boot with a Win98 floppy and copy the NTLDR or NTDETECT.COM files
from the i386 directory to the root of the C:\ drive.
For NTFS:
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Enter in the administrator password when requested
5. Enter in the following commands (X: is replaced by the actual drive letter that is assigned to the CD ROM drive.
COPY X:\i386\NTLDR C\:
COPY X:\i386\NTDETECT.COM C:\
6. Take out the CD ROM and type exit
Corrupted or Missing \WINDOWS\SYSTEM32\CONFIG
If you get the error:
Windows could not start because the following files is missing or corrupt
\WINDOWS\SYSTEM32\CONFIG\SYSTEM or \WINDOWS\SYSTEM32\CONFIG\SOFTWARE
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Enter in the administrator password when requested
5. cd \windows\system32\config
6. Depending on which section was corrupted:
ren software software.bad or ren system system.bad
7. Depending on which section was corrupted
copy \windows\repair\system
copy \windows\repair\software
8. Take out the CD ROM and type exit
HAL.DLL Missing or Corrupt
If you get an error regarding a missing or corrupt hal.dll file, it might simply be the BOOT.INI file on the root of the C: drive that is misconfigured
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Type bootcfg /list to show the current entries in the BOOT.INI file
5. Type bootcfg /rebuild to repair it
6. Take out the CD ROM and type exit
NTOSKRNL Missing or Corrupt
If you get an error that NTOSKRNL not found:
1. Insert and boot from your WindowsXP CD.
2. At the first R=Repair option, press the R key
3. Press the number that corresponds to the correct location for the installation of Windows you want to repair.
Typically this will be #1
4. Change to the drive that has the CD ROM.
5. CD i386
6. expand ntkrnlmp.ex_ C:\Windows\System32\ntoskrnl.exe
7. If WindowsXP is installed in a different location, just make the necessary change to C:\Windows
8. Take out the CD ROM and type exit
Repair Install
If XP is corrupted to the point where none of the previous solutions get it to boot,
you can do a Repair Install that might work as well as keep the current settings.
Make sure you have your valid WindowsXP key.
The whole process takes about half an hour depending on your computer
If you are being prompted for the administrator’s password, you need to choose the 2nd repair option, not the first.
1. Insert and boot from your WindowsXP CD
2. At the second R=Repair option, press the R key
3. This will start the repair
4. Press F8 for I Agree at the Licensing Agreement
5. Press R when the directory where WindowsXP is installed is shown. Typically this is C:\WINDOWS
6. It will then check the C: drive and start copying files
7. It will automatically reboot when needed. Keep the CD in the drive.
8. You will then see the graphic part of the repair that is like during a normal install of XP (Collecting Information, Dynamic Update, Preparing Installation, Installing Windows, Finalizing Installation)
9. When prompted, click on the Next button
10. When prompted, enter your XP key
11. Normally you will want to keep the same Workgroup or Domain name
12. The computer will reboot
13. Then you will have the same screens as a normal XP Install
14. Activate if you want (usually a good idea)
15. Register if you want (but not necessary)
16. Finish
17. At this point you should be able to log in with any existing accounts.
Services You Can Disable
There are quite a few services you can disable from starting automatically.
This would be to speed up your boot time and free resources.
They are only suggestions so I suggestion you read the description of each one when you run Services
and that you turn them off one at a time.
Some possibilities are:
• Alerter - Sends alert messages to specified users that are connected to the server computer.
• Application Management - Allows software to tap directly into the Add/Remove Programs feature via the Windows Installer technology.
• Background Intelligent Transfer Service - The Background Intelligent Transfer service is used by programs (such as Windows AutoUpdate) to download files by using spare bandwidth.
• Clipbook - ClipBook permits you to cut and paste text and graphics over the network.
• Error Reporting Service - Allows applications to send error reports to Microsoft in the event of an application fault.
• Fast User Switching - Windows XP allows users to switch quickly between accounts, without requiring them to log off.
• Help and Support - Allows the XP Built-in Help and Support Center to run.
• IMAPI CD-Burning COM Service - You don’t need this if you have other software to create CDs.
• Indexing Service - Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
• IP SEC - Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. If you are not on a domain, you likely don’t need this running.
• Messenger - Transmits net send and Alerter service messages between clients and servers. This is how a lot of pop-up windows start appearing on your desktop.
• Net Logon - Supports pass-through authentication of account logon events for computers in a domain. If you are not on a domain, you don’t need this running
• Network DDE - Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers.
• NT LM Security Support Provider - Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
• Performance Logs and Alerts - Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If you don’t need to monitor your performance logs, then you don’t need this service.
• Portable Media Serial Number - Retrieves the serial number of any portable music player connected to your computer
• QOS RSVP - Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
• Remote Desktop Help Session Manager - Manages and controls Remote Assistance. If you are not using Remote Desktop you don’t need this service.
• Remote Registry - Enables remote users to modify registry settings on this computer.
• Routing & Remote Access - Offers routing services to businesses in local area and wide area network environments. Allows dial-in access.
• Secondary Login - Enables starting processes under alternate credentials. This is what allows you to run an application as another user.
• Smart Card - Manages access to smart cards read by this computer.
• Smart Card Helper - Enables support for legacy non-plug and play smart-card readers used by this computer.
• SSDP Discovery Service - Enables discovery of UPnP devices on your home network.
• TCP/IP NetBIOS Helper - Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. This should not be needed in today’s network environment.
• Telnet - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients.
• Uninterruptible Power Supply Service - Manages an uninterruptible power supply (UPS) connected to the computer.
• Universal Plug and Play Device Host - Provides support to host Universal Plug and Play devices
• Upload Manager - Manages synchronous and asynchronous file transfers between clients and servers on the network.
• Volume Shadow Copy Service - Manages and implements Volume Shadow Copies used for backup and other purposes.
• Web Client - Enables Windows-based programs to create, access, and modify non-local files across the Internet.
• Wireless Zero Configuration - Provides automatic configuration for the 802.11 adapters
• WMI Performance Adapter - Provides performance library information from WMI HiPerf providers.
Running Network Diagnostics
Network Diagnostics scans your system to gather information about your hardware, software, and network connections.
Start / Run / NETSH DIAG GUI
The following is the type of information that can be displayed:
• Ping
• Connect
• Show
• Verbose
• Save to Desktop
• Mail Service
• News Service
• Internet Proxy Server
• Computer Information
• Operating System
• Windows Version
• Modems
• Network Clients
• Network Adapters
• Domain Name System (DNS)
• Dynamic Host Configuration Protocol (DHCP)
• Default Gateways
• Internet Protocol Address
• Windows Internet Naming Service (WINS)
Not Viewing Zip Files as Folders
If you want to turn of WindowsXP showing Zip files as folders,
just run:
regsvr32 /u zipfldr.dll
Hiding a XP Computer from Network Neighborhood
If you want to share files from a XP computer,
yet want to remove it from showing up in the Network Neighborhood,
Run net config server /hidden:yes
Viewing Installed Drivers
If you want to see a list of installed drivers, you can run the driverquery program
There are a lot of available switches to view different types of information.
On use can be to export to a CSV file for viewing in Excel
An example would then be:
Driverquery /v /fo csv > drivers.csv
Identify Faulty Device Drivers
If you are having problems with lockups, blue screens, or can only get to safe mode,
often the problem is due to a faulty device driver.
One way to help identify them is through the use of the Verfier program
1. Start / Run / Verifier
2. Keep the default of Create Standard Settings
3. Select the type of drivers you want to confirm
4. A list of drivers to be verified on the next boot will be shown.
5. Reboot
6. If your computer stops with a blue screen, you should get an error message with the problem driver
7. To turn off the Verifier, run verifier /reset
Determining Which Services are Associated with SVCHOST
Since so many critical services are run with each svchost,
You can see which ones are being used by opening a cmd prompt and running:
tasklist /svc /fi “imagename eq svchost.exe”
Opening Shared Folders Snap-In
To manage all your shared folders, you can run the snap-in directly
Start / Run / fsmgmt.msc
This will show you all your shared folders in a single window
You can also see what other computers are connected and what files they have open
Running CHKDSK
One way to run a chkdsk (this is like Scandisk that was with Win9X), is to
1. Double click on My Computer
2. Right click on the drive you want to check
3. Select Properties
4. Click on the Tools tab
5. Click on the Check Now button
6. Check to Automatically fix file system errors - This is the same as running chkdsk /f
7. If you want to Scan for and attempt recovery of bad sectors, check that box - This is the same as running chkdsk /R. It can also add a lot of time to the scan
8. Reboot if necessary
You can also run chkdsk from the command line with will give you more options.
The following switches are available:
/F - fix any errors
/R - identifies bad sectors
/V - with FAT32, displays a verbose output
With NTFS Volumes:
/I - Performs simpler check (stage 2)
/C - Skips the checking of cycles within folder structures
/X - Forces the volume to dismount if necessary. Intended for server administrators and should be avoided for normal use
Repairing Damaged Winsock2
The symptoms when Winsock2 is damaged shows when you try to release and renew the IP address using IPCONFIG.
And you get the following error message:
An error occurred while renewing interface ‘Internet’: An operation was attempted on something that is not a socket.
Also Internet Explorer may give the following error message:
The page cannot be displayed Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them.
—–
If you have WindowsXP with Service Pack 2, there is a one line command you can run to reset the winsock2 registry entries
netsh winsock reset catalog
——
There are two easy ways to determine if Winsock2 is damaged:
From the XP source files, go to the Support / Tools directory
Winsock Test Method 1
Run netdiag /test:winsock
The end should say Winsock test ….. passed
Winsock Test Method 2
1. Run Msinfo32
2. Click on the + by Components
3. Click on the by Network
4. Click on Protocol
5. There should be 10 sections if the Winsock2 key is ok
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
MSAFD NetBIOS [\Device\NetBT_Tcpip…
If the names are anything different from those in this list, then likely Winsock2 is corrupted and needs to be repaired.
If you have any 3rd party software installed, the name MSAFD may be changed.
There should be no fewer than 10 sections.
To repair Winsock2
1. Run Regedit
2. Delete the following two registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
Download Reg file to delete these entries
1. Restart the computer
2. Go to Network Connections
3. Right click and select Properties
4. Click on the Install button
5. Select Protocol
6. Click on the Add button
7. Click on the Have Disk button
8. Browse to the \Windows\inf directory
9. Click on the Open button
10. Click on the OK button
11. Highlight Internet Protocol (TCP/IP)
12. Click on the OK button
13. Reboot
Configuring SMTP Virtual Servers (IIS 6.0)
There are two identifying features for a Simple Mail Transfer Protocol (SMTP) virtual server: the display name and the IP address/TCP port combination. Setup assigns a Microsoft Management Console display name for the default SMTP virtual server. You can keep the name (Default SMTP Virtual Server) or change it using the following steps. You can also select the IP address that will be associated with this SMTP virtual server.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To identify an SMTP virtual server
1. In IIS Manager, right-click the SMTP virtual server, and then click Rename.
2. Type a new name for the virtual server name if you want to change it from the default. Do not use extended characters when naming your SMTP virtual server.
3. Right-click the SMTP virtual server, and click Properties.
4. On the General tab, in the IP address list, click the IP address for this virtual server. The SMTP virtual server can respond to connection requests for all IP addresses configured on the computer. To identify the TCP port for each IP address configured for the virtual server, click Advanced. Port 25 is the SMTP standard TCP port and is recommended. More than one virtual server can use Port 25, provided they are associated with different IP addresses.
Starting, Stopping, or Pausing SMTP Virtual Servers (IIS 6.0)
The Default SMTP Virtual Server starts upon installation of the SMTP service. You can pause, stop, and start it in IIS Manager.
You can also start, stop, and pause the entire SMTP service. However, if you have more than one virtual server, stopping the service affects all of the Simple Mail Transfer Protocol (SMTP) virtual servers running on your computer. When the SMTP service is stopped, you cannot use IIS in Microsoft Management Console (MMC) to perform administrative functions on any SMTP virtual server.
Important
Make sure only trusted administrators in your organization have the necessary permissions to start or stop an SMTP virtual server. For more information, see Setting Operator Permissions.
You can stop and start the SMTP service manually. However, while it is operating, you must be careful when stopping, pausing, or restarting the service to minimize the impact on users.
If the default startup setting is Manual, you can use IIS in Microsoft Management Console (MMC) to start a Simple Mail Transfer Protocol (SMTP) virtual server.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To start an SMTP virtual server
• In IIS Manager, expand the local computer, right-click the SMTP virtual server, and click Start.
You can stop a Simple Mail Transfer Protocol (SMTP) virtual server for configuration changes and maintenance.
To stop an SMTP virtual server
• In IIS Manager, expand the local computer, right-click the SMTP virtual server, and click Stop.
You can pause a Simple Mail Transfer Protocol (SMTP) virtual server for configuration changes and maintenance. Pausing prevents new client connections, but it enables the virtual server to continue processing existing client connections and delivering queued messages.
To pause an SMTP virtual server
• In IIS Manager, expand the local computer, right-click the SMTP virtual server, and click Pause.
Starting, Stopping, or Pausing the SMTP Service (IIS 6.0)
The SMTP service runs as a service on Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition, and it starts upon installation. Although there is only one SMTP service on a computer, it is possible to have more than one Simple Mail Transfer Protocol (SMTP) virtual server. You can start, stop, or pause each virtual server independently of one another while the SMTP service is running.
If you have more than one SMTP virtual server, it is important to remember that pausing or stopping the entire SMTP service will affect all of the SMTP virtual servers. When the service is stopped, you cannot use IIS in Microsoft Management Console (MMC) to perform administrative functions on any SMTP virtual server.
Note
The one exception is that you can start a virtual server while the SMTP service is stopped. Starting an SMTP virtual server will also restart the entire SMTP service. This, in turn, will start all other SMTP virtual servers that had been running when the SMTP service was originally stopped.
When you start the SMTP service, it accepts new connections from users. When you stop the SMTP service, it does not accept new connections. When you pause the SMTP service, every running SMTP virtual server will cease accepting new connections but will continue to service existing connections.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To start, stop, or pause the SMTP service
1. From the Start menu, point to Administrative Tools, and then click Component Services.
2. In the console tree, click Services (Local).
3. In the details pane, right-click Simple Mail Transfer Protocol (SMTP), and then click Start, Stop, or Pause.
Configuring Startup Settings (IIS 6.0)
You can use Administrative Tools to configure the default state of the SMTP service at startup.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
1. From the Start menu, point to Administrative Tools, and then click Component Services.
2. In the console tree, click Services (Local).
3. In the details pane, right-click Simple Mail Transfer Protocol (SMTP), and then click Properties.
4. On the General tab, in the Startup type list, click Automatic, Manual, or Disabled.
Setting Connections (IIS 6.0)
A connection is initiated whenever a message is sent to or received from a remote server.
Note
Designating the TCP port that the SMTP service uses to receive incoming messages is done when you configure the Simple Mail Transfer Protocol (SMTP) virtual server.
Setting connection limits and imposing connection time-outs can make it more difficult for someone to initiate a malicious attack (such as denial of service) against your virtual server.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To configure incoming connections
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. On the General tab, select the Limit number of connections to check box (the default is no limit), and set the following options.
To configure outbound connections
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Outbound connections.
3. In the Outbound Connections dialog box, select a check box and set the following options.
Creating Additional SMTP Virtual Servers (IIS 6.0)
In most cases, you should need only one Simple Mail Transfer Protocol (SMTP) virtual server. However, if you are hosting multiple domains and want to have more than one default domain, for example, you can create multiple SMTP virtual servers. To an end user, each SMTP virtual server appears as a separate server with a unique IP address/TCP port combination.
When you create an SMTP virtual server, you are prompted to enter a path to your home directory. This directory must be local to the computer on which the SMTP service runs.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To create a new SMTP virtual server
1. If the SMTP virtual server will be using a new IP address, configure an IP address. From the Start menu, click Control Panel, and then double-click Network Connections. See Windows Server 2003 family Help for more information on Network Connections.
2. After you configure the IP address, in IIS Manager, right-click an existing SMTP virtual server, point to New, and then click Virtual Server.
3. Follow the steps in the New SMTP Virtual Server Wizard. Be sure to select an IP address/TCP port combination that is not being used by another SMTP virtual server. The recommended TCP port is 25, which is the SMTP standard TCP port. More than one virtual server can use the same TCP port provided they are configured with different IP addresses.
4. If the default startup setting for SMTP Service is set to Automatic, the new SMTP virtual server will start automatically. If it doesn't start, it is because you selected an IP address/TCP port combination that is already in use.
5. Configure the new SMTP virtual server.
Setting Up Virtual Servers for Clustering (IIS 6.0)
A server cluster is a group of independent computer systems, known as nodes, working together as a single system to ensure that mission-critical applications and resources remain available to clients. Server clusters provide high availability. High availability in a Simple Mail Transfer Protocol (SMTP) server cluster means that, if one virtual server fails, its work is dispersed to the remaining virtual servers in the cluster, ensuring mail service is not interrupted. The other benefit of server clusters is the failover of server resources, which is when a virtual server goes down and another one comes online to assumes its role.
In clustering, a node is a system that has a working installation of Windows Server 2003, Enterprise Edition and the Cluster service. Microsoft recommends creating a new virtual server on your node for clustering, rather than reconfiguring your default SMTP virtual server.
For more information about Windows Clustering and server clusters, see Windows Server 2003, Enterprise Edition Help. That documentation contains detailed information about setting up and administrating server clusters.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set up an SMTP virtual server for clustering
1. If necessary, change the default startup setting of the SMTP Service to Manual.
2. Before creating a new virtual server, in IIS Manager, right-click Default SMTP Virtual Server, and then click Properties.
3. On the General tab, click Advanced.
4. Under Address, double-click All Unassigned.
5. In the Identification box, change the TCP port number from 25, which is the default setting, to another port number -- any unassigned port will work. Type in the new port number, making sure it is unique, and then click OK.
6. Create a new SMTP virtual server. After it is created, you will have to manually start the new virtual server. Use the default TCP port on the new virtual server, which is port 25.
Important
When you get to the Select Home Directory and Default Domain screen of the New SMTP Virtual Server Wizard, be sure to type paths to the shared resource that will be used in clustering. Do not type paths to a local hard drive.
7. Run the iiscnfg /copy command to copy the IIS configuration on your node to the other nodes in the server cluster. At a command prompt, navigate to the systemroot\System32\Inetsrv directory on your node, and then type iiscnfg /copy /ts target server /tu userid /tp password where the following is true:
• /ts is another node in the same cluster.
• /tu is the user ID to use when connecting to the target server.
• /tp is the password associated with the specified user ID.
Important
The /copy operation does not copy the server content, such as Web pages and FTP files, that is associated with the IIS configuration. This command changes the computer-specific and system-specific properties in the metabase so that they are valid on the target computer. However, it does not adjust the directory or file paths. As a result, you might need to configure valid paths on the target computer.
Enabling Protocol Logging (IIS 6.0)
Use the General tab to enable transaction logging and to select the format. When setting up the log file, keep in mind that the log formats and default file names are the same as those used by other IIS services. If you choose the default names, all transactions for all services are recorded in the same file. You can set up a separate file for each service if you want to maintain separate records.
If you set up the file in a location other than the default, make sure it is stored on a local drive and not on a network.
Auditing server activity with log files is a good way to detect if unauthorized external users are attempting to access your virtual server, or if internal users are trying to access resources they do not have permission to access. For more information about auditing and using Event Viewer, see Windows Server 2003 family Help.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To enable logging that uses one of the ASCII text formats
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. On the General tab, select the Enable logging check box.
3. In the Active log format list, click a transaction log format. If you chose the W3C Extended Log File Format, click the Advanced tab, and then click the items you want to track.
4. Click Properties, and then set the log file size and location.
To enable logging that uses the ODBC format
1. Set up an ODBC-compliant database.
2. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
3. On the General tab, select the Enable logging check box.
4. In the Active log format list, click ODBC Logging.
5. Click Properties, and then set the log file size and location.
Setting Operator Permissions (IIS 6.0)
You can designate which user accounts can have operator permissions for the Simple Mail Transfer Protocol (SMTP) virtual server. After Windows user accounts are set up, you can grant permissions by selecting the account from a list. These permissions can be rescinded by removing the account from the list of virtual server operators.
Important You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To assign operator permissions
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Security tab, and click Add.
3. Select a Windows user account, and then click OK. The selected account will now appear in Operators.
To remove operator permissions
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Security tab, and in the Operators list, click the operator you want to remove.
3. Click Remove.
Requiring Authentication for Incoming Connections (IIS 6.0)
There are three authentication methods available. You can choose one, two, or all three methods. All three are set by default.
Important
The default mail relay settings on the SMTP virtual server allow only mail from authenticated users to be relayed. Therefore, to allow users in your organization to send mail through the virtual server, users must first be authenticated. By choosing one of the methods in the Authentication dialog box, your users will be able to send mail and, at the same time, unauthorized users will not be able to use your virtual server to relay mail.
Authentication option Description
Anonymous access An account name or password is not required. You can use this option to disable authentication for the Simple Mail Transfer Protocol (SMTP) virtual server.
Basic authentication An account name and a password are sent using plaintext. Specify a Windows domain that is appended to the account name for authentication.
Integrated Windows authentication A Windows account name and password are authenticated using this option.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To disable authentication for incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Anonymous access check box, and then clear the remaining check boxes for the other options.
To set clear text authentication for incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Basic authentication check box.
4. In the Default domain box, type a Windows domain name. This default domain differs from the SMTP virtual server default domain.
To use Integrated Windows authentication to authenticate incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Integrated Windows Authentication check box.
Requiring Authentication for Outbound Messages (IIS 6.0)
You can configure the Simple Mail Transfer Protocol (SMTP) virtual server to provide the authentication credentials required by a receiving server. There are three types of authentication available: anonymous, Basic (plaintext), and Integrated Windows authentication. Anonymous requires no authentication. With the plaintext option, the account name and password of the server you're connecting to are transmitted in plaintext. The Integrated Windows authentication option requires a Windows account name and password.
The option set here can be overridden for a specific remote domain. Overriding the authentication settings for a remote domain enables you to set the virtual server authentication level to handle most of the transmissions, while allowing exceptions for individual addresses. The following table describes several configuration examples.
SMTP transmissions Authentication option
Messages are commonly sent to multiple addresses. Disable authentication for the SMTP virtual server. If attempts to deliver messages to an address fail because of authentication requirements, add a remote domain for the address. Then enable authentication for the domain at the same level required by the server.
Messages are commonly sent to one address, which requires authentication. Determine what level of authentication is required to connect. Then enable authentication for the SMTP virtual server using the same level. If you want to then send messages to other addresses, set up remote domains and set different authentication options. If you use this option, it is likely that the account name used is the one that identifies the computer set up as the smart host.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To disable authentication for outgoing messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Outbound Security.
3. Click Anonymous access.
4. Clear all other options.
To set Basic authentication for outgoing messages
1. In IIS Manager, select the SMTP virtual server, and then click Properties on the Action menu.
2. On the Delivery tab, click Outbound Security to open the Outbound Security dialog box.
3. Click Basic authentication.
4. Under User name and Password, type the account name and password that will grant you access to the computer you are connecting to.
Important
If Basic authentication is your only authentication method, it is strongly recommended that you also require TLS encryption to avoid unauthorized detection of user names and passwords.
To set Integrated Windows authentication for outgoing messages
1. In IIS Manager, select the SMTP virtual server, and then click Properties on the Action menu.
2. On the Delivery tab, click Outbound Security to open the Outbound Security dialog box.
3. Select the Integrated Windows Authentication check box.
4. Under Account and Password, type a Windows account name and password that will grant you access to the computer you're connecting to.
Setting IP Access Restrictions to Servers (IIS 6.0)
You can grant or deny Simple Mail Transfer Protocol (SMTP) virtual server access to specific IP addresses. By default, the SMTP virtual server is accessible to all IP addresses. You can set restrictions by specifying a single IP address, a group of addresses using a subnet mask, or a domain name.
Important You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To set IP address access restrictions
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Connection control, click Connection.
3. Click either Only the list below or All except the list below.
4. To add to the list of computers, click Add.
5. To delete from the list of computers, select a listing, and then click Remove.
Configuring SMTP Virtual Server Relay Restrictions (IIS 6.0)
IIS includes a full-featured SMTP virtual server that you can use to receive and relay e-mail messages to other SMTP servers on your network or to servers on the Internet. The relay function is useful for internal network clients that might have to forward mail to other SMTP servers, and it is useful for IIS programs that need access to an SMTP server to forward mail.
For a user or computer to relay e-mail messages through an SMTP virtual server, the following two conditions must be met:
• The user or computer can access the SMTP virtual server.
• The SMTP virtual server is configured to relay e-mail messages to other domains.
When an SMTP virtual server relays e-mail messages, it can forward mail that is addressed to any e-mail domain. With this feature, an SMTP virtual server can forward mail to any internal or external network SMTP server for which it can resolve an MX record. However, if the SMTP virtual server is accessible to Internet users, mail relay should not be enabled. With mail relay enabled, malicious users might forward e-mail to your SMTP virtual server, distributing unwanted messages to other computers and reducing the available bandwidth for your internal connection.
By default, the SMTP service blocks computers from relaying unwanted mail through the virtual server. To enable relay access through the SMTP virtual server, click Relay on the Access tab. By default, all computers are blocked except those that meet the authentication requirements that are designated in the Authentication box, which you can view by clicking Authentication on the Access the tab.
You can also allow messages to be relayed to a specific remote domain. The domain setting overrides the SMTP virtual server setting. For more information about relaying messages to a remote domain, see Configuring Remote Domains.
If you enable mail relay on your SMTP virtual server, then you can specify the relay restrictions that are described in the following table.
Option Description
Only the list below This option allows only the computers specified in the list to relay messages through the SMTP virtual server.
All except the list below This option allows all computers, except the computers that are specified in the list, to relay messages through the SMTP virtual server. This option is set by default, along with the Allow all computers which successfully authenticate to relay, regardless of the list above option.
Add and Remove Clicking these buttons allows you to grant or deny relay access by adding to or removing from the list of computers.
Allow all computers which successfully authenticate to relay, regardless of the list above This option allows computers that meet authentication requirements set in the Authentication box to relay messages to the SMTP virtual server. This option is set by default.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To add relay restrictions to an SMTP virtual server
1. In IIS Manager, right-click the SMTP Virtual Server for which you want to add relay restrictions, and then click Properties.
2. Click the Access tab, and then click Authentication.
3. To enable the appropriate level of authentication for your server, select either (or both) the Basic authentication or the Integrated Windows Authentication check box, clear the Anonymous access check box, and then click OK.
Note
If you enable Anonymous access and do not enable Basic authentication and Integrated Windows authentication, then authentication is no longer enabled, which means that all users and computers can access the SMTP virtual server.
4. On the Access tab, under Relay restrictions, click Relay.
5. In the Relay Restrictions box, click Add, and then do the following to add a single computer, a group of computers, or a domain:
• To add a single computer, click Single computer, type the IP address of the computer that you want to add, and then click OK.
• To add a group of computers, click Group of computers, type the subnet address and the subnet mask of the group into the corresponding boxes, and then click OK.
• To add a domain, click Domain, type the domain name that you want to add, and then click OK.
6. To apply your configuration changes, click OK twice.
To remove relay restrictions from an SMTP virtual server
1. In IIS Manager, right-click the SMTP virtual server for which you want to remove relay restrictions, and then click Properties.
2. Click the Access tab, and then click Relay.
3. In the Relay Restrictions box, select either the Only the list below or the All except the list below check box.
4. If you want to add exceptions, click Add and then specify the computer, group of computers, or domain for which you want to retain relay restrictions.
Requiring TLS Encryption (IIS 6.0)
You can require that all clients use Transport Layer Security (TLS) encryption, a generic security protocol similar to Secure Sockets Layer (SSL), to connect to the default Simple Mail Transfer Protocol (SMTP) virtual server. This option secures the connection, but it is not used for authentication.
When requiring Basic authentication on your virtual servers, it is strongly recommended that you also use TLS encryption. Without encryption, user names and passwords can be easily intercepted.
To use TLS encryption for the virtual server, you must create key pairs and configure key certificates. Clients can then use TLS to encrypt the session with the SMTP service, therefore, all messages sent. The SMTP service can also use TLS to encrypt sessions with remote servers.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To create and manage key certificates
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Secure communication, click Certificate to set up new key certificates and manage installed key certificates for the SMTP virtual server.
Key pairs consist of a number of bits that indicate the key's security level. You can strengthen security by increasing the encryption level from 40 bits (the default) to 128 bits. The greater the number of bits, the more difficult the item is to decrypt. Users attempting to secure access must use the same encryption level that you set or messages will be returned with a non-delivery report (NDR).
To set TLS encryption levels for the server
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Click Basic authentication.
4. Select the Require TLS encryption check box.
Note
There are two additional TLS options available. To use TLS for all outgoing connections, click Outbound Security on the Delivery tab, and then click TLS encryption. Also, if a server you commonly connect to requires the use of TLS for all incoming connections, you can create a remote domain and click TLS encryption when creating the domain.
Message Delivery Options (IIS 6.0)
Use the Delivery tab to set all delivery and routing options. Settings can be grouped into three categories, which are listed below.
Routing Options
• Smart host: Designates a server through which to route all outgoing messages.
• Message hop count: Determines the maximum number of servers a message is routed through before being considered undeliverable.
• Fully qualified domain name (FQDN): Clarifies the address to use in message exchanger (MX) records.
Top of page
Transmission Options
• Retry attempts and retry interval: Determines how many times to resend a message, and at what intervals, before the message is considered undeliverable.
• Delivery using Pickup directory: Allows you to transmit messages composed as a text file.
Top of page
Security Options
• Outbound security: Allows you to use authentication and Transport Layer Security (TLS) encryption for outgoing messages.
• Reverse DNS lookup: Verifies that the message actually originated from the computer and the domain listed in the From field.
• Masquerade domains: Replaces any local domain name used in any Mail From lines in the protocol with a different domain name. This is the name you want stamped on outgoing
Configuring Retry Attempts and Intervals (IIS 6.0)
If a message cannot be delivered on the first attempt, the SMTP service sends it again from the Queue directory after a specified time. You can set the interval between delivery attempts. You can also designate the number of times to attempt to deliver a message. After the limit is reached, the message is returned to the sender with a non-delivery report (NDR) and copies of the message and NDR are sent to the location you designate. The NDR is placed in the Queue directory and goes through the same delivery process as messages. When the NDR reaches the maximum number of retry attempts, the NDR and message are sent to the Badmail directory.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To configure retry attempt and interval settings
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab.
3. In the First retry interval (minutes) box, type a value for the amount of time to wait before retrying message delivery. The default is 15 minutes.
4. In the Second retry interval (minutes) box, type a value for the amount of time to wait before retrying message delivery. The default is 30 minutes, which is 30 minutes after the First retry interval.
5. In the Third retry interval (minutes) box, type a value for the amount of time to wait before retrying message delivery. The default is 60 minutes, which is 60 minutes after the Second retry interval.
6. In the Subsequent retry interval (minutes) box, type a value for the amount of time to attempt delivery before posting a notification. The default is 240 minutes.
Top of page
Delay Notification
To allow for network delays, you can set a delay period to expire before sending the delivery notification. The minimum value is 1 minute, the default is 12 hours, and the maximum value is 9999 days. Use the drop-down menu beside the value field to use minutes, hours, or days.
Top of page
Expiration Timeout
Type a value for messages that have not been delivered after all retries and delays have expired. The minimum value is 1 minute, the default is 2 days, and the maximum value is 9999 days. Use the drop-down menu beside the value field to use minutes, hours, or days.
Setting the Message Hop Count (IIS 6.0)
When a message is delivered, it may be routed to a number of servers before reaching its final destination. You can designate how many servers the message is allowed to pass through. This is called the hop count.
After the hop count is set, the Simple Mail Transfer Protocol (SMTP) server counts the hops listed in the Received lines of the message header. When the number of Received fields exceeds the maximum hop count setting, the message is returned to the sender with a non-delivery report (NDR).
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set the message hop count
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. In the Maximum hop count box, type a value for the number of hops a message can take between the source and destination servers. The default is 15 hops.
Setting the Masquerade Domain (IIS 6.0)
The masquerade domain replaces any local domain name used in any Mail From lines in the protocol. The replacement occurs on the first hop only.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To set the masquerade domain
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. In the Masquerade domain box, type a domain name that you want to appear in message headers, instead of the actual name of the domain.
Note
All replies to such messages will be routed through the SMTP virtual server that uses the masquerade domain.
Setting Fully Qualified Domain Names (IIS 6.0)
An e-mail domain must be able to be resolved through Domain Name System (DNS). There are two DNS records that are used to resolve an e-mail domain. In most cases, a mail exchanger (MX) record is set up to associate an e-mail domain with the fully qualified domain name (FQDN) of one or more Simple Mail Transfer Protocol (SMTP) virtual servers that serve that domain. Each SMTP server referenced in the MX record must have an address (A) record. The A record maps a given FQDN to its IP address.
It is possible to just have an A record set up for an e-mail domain. In this scenario, the A record maps the domain to the IP address or addresses of the SMTP virtual server or servers that serve that domain. Adding an MX record, however, is recommended over using an A record by itself, because an MX record allows an SMTP administrator to specify an ordered list of servers to use for clients sending mail to that e-mail domain. Microsoft SMTP Service always checks first for an MX record before falling back to an A record, so setting up MX records on your virtual server can improve performance. And, in some cases, the A record is used for other purposes, such as HTTP, although the MX record is generally used only for SMTP. The MX record allows one server to handle http://example.com (HTTP clients use the A record) and another server to handle someone@example.com (SMTP clients use the MX record).
On the SMTP service, there are two options for specifying an FQDN. You can use the name specified on the Network Identification tab of System Properties in Control Panel, or you can specify a unique FQDN for the SMTP virtual server you are configuring.
At startup, the name designated on the Network Identification tab of System Properties is automatically used for the FQDN. If you change the name (either manually or by joining a domain), the new name is automatically used for the FQDN the next time the computer is restarted. No action is required to update the FQDN for the virtual server.
To override the automatic use of the computer and domain names on the Network Identification tab, change the FQDN in the Advanced Delivery dialog box, accessed through the Delivery tab. The SMTP service can then use the designated name instead of the one specified on the Network Identification tab.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To change the FQDN
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. In the Fully-qualified domain name box, type the FQDN.
Configuring Smart Hosts (IIS 6.0)
You can route all outgoing messages for remote domains through a smart host instead of sending them directly to the domain. This enables you to route messages over a connection that may be more direct or less costly than other routes. The smart host is similar to the route domain option for remote domains. The difference is that, after a smart host is designated, all outgoing messages are routed to that server. With a route domain, only messages for the remote domain are routed to a specific server.
Important
Make sure your designated smart host is secure and administered by a trusted authority, especially when forwarding sensitive information.
If you set up a smart host, you can still designate a different route for a remote domain. The route domain setting overrides the smart host setting.
You can identify the smart host by fully qualified domain name (FQDN) or an IP address (but if you change the IP address, you would have to change it on every virtual server as well). If you use an IP address, enclose it in brackets ([ ]) to increase system performance. The SMTP service checks first for a server name, and then an IP address. The brackets identify the value as an IP address, so the DNS lookup is bypassed.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set up a smart host
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. In the Smart host box, type the name of the smart host server. You can type a string to represent a name or enter an IP address.
4. If you want the SMTP service to attempt to deliver remote messages directly before forwarding them to the smart host server, select the Attempt direct delivery before sending to smart host check box. The default is to send all remote messages to the smart host, not to attempt direct delivery.
Enabling Reverse DNS Lookup (IIS 6.0)
If you select this option, the SMTP service will attempt to verify that the client’s IP address matches the host/domain submitted by the client in the EHLO/HELO command. If the reverse DNS lookup is successful, the RECEIVED header will remain intact. If the verification is unsuccessful, "unverified" appears after the IP address in the RECEIVED header of the message. If the reverse DNS lookup fails, "RDNS failed" will appear in the RECEIVED header of the message.
Because this feature verifies addresses for all incoming messages, its use could affect SMTP service performance. Clear the check box to disable the feature.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To enable reverse DNS lookup
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. Select the Perform reverse DNS lookup on incoming messages check box.
Setting Message Size Limits (IIS 6.0)
There are two message size limit settings. The first, Limit message size to, is a preferred message limit for the virtual server. This is what the SMTP service will advertise as the maximum message size this Simple Mail Transfer Protocol (SMTP) virtual server will accept. If a mail client sends a message that exceeds the limit, they will get an error. If a remote server supports EHLO, it will detect the advertised maximum message size value when it connects to the SMTP virtual server and won't attempt to deliver a message that exceeds the limit. Instead it will simply send a non-delivery report (NDR) to the sender of the message. A remote server that does not support EHLO will try to send a message that exceeds the size limit, but will still end up sending an NDR to the sender when the message doesn't go through.
Limit session size to is the maximum amount of data accepted during the total connection. This is the sum of all messages sent during the connection (applying to the message body only).
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set message size limits
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Messages tab, select the Limit message size to (KB) check box, and then type a value (in kilobytes) for the maximum size of a message. The default is 2048 KB. The minimum value is 1 KB.
3. Select the Limit session size to (KB) check box, and then type a value to indicate the maximum total size (in kilobytes) of all messages in a given connection. This number will always be larger than the maximum message size and should be set carefully because the connecting message transfer agent (MTA) is likely to resubmit the message repeatedly. The default size is 10240 KB. This value should be greater than or equal to the value entered for Limit message size to (KB).
Setting Recipient Limits (IIS 6.0)
You can determine the maximum number of recipients for a single message sent in one connection. The default is 100, which is the minimum number specified in Request for Comment (RFC) 821. Many clients return messages with a non-delivery report (NDR) after an error message is received, indicating that the maximum number of recipients has been exceeded. The SMTP service does not return messages in this instance. It opens a new connection immediately and processes the remaining recipients. For example, if the recipient limit is set to 100 and a message with 105 recipients is received, the first 100 are delivered in one connection. Then, a new connection is opened, and the message is processed for the remaining five recipients.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set recipient limits
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Messages tab, select the Limit number of recipients per message to check box, and then type a number to represent the recipient limit. To impose no limit, clear the check box.
Limiting the Number of Messages per Connection (IIS 6.0)
This option enables you to limit the number of messages sent in a single connection. It also provides a method to improve system performance by allowing the use of multiple connections to deliver messages to a remote domain. When the set limit is reached, a new connection is automatically opened and the transmission continues until all messages are delivered.
For example, if you commonly send a large number of messages to certain remote domains, you could set the Limit number of messages per connection to value to a relatively small number, such as 20. As a result, when sending 100 messages in one session, the SMTP service immediately opens a new connection after the first 20 are sent, another after the next 20 are sent, and so on. In this case, there could be up to five simultaneous connections delivering queued messages to one destination. Message delivery would be faster because fewer messages are delivered simultaneously, instead of in one long stream over one connection.
To determine a value for the limit, review the Messages Sent/sec performance counter for the SMTP Server object in System Monitor. The Limit number of messages per connection to value should be less than the value indicated by the performance counter. If the counter indicates a value of 30, and you set your maximum connections to 50, no simultaneous connection would be opened because the server would not exceed 30 messages per second. It would work as though the messages were sent in one long stream over one connection. This setting affects outgoing messages only. You can use it to increase your server output speed, but it has no effect on the rate that other servers process incoming messages.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To limit the number of messages sent in one connection
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Messages tab, select the Limit number of messages per connection to check box, and then type a value in the box. The default is 20.
Storing Non-Delivery Reports (IIS 6.0)
When a message is undeliverable, the SMTP service returns it to the sender with a non-delivery report (NDR). You can also designate that copies of the NDR be sent to a location of your choice. If the NDR cannot be delivered to the sender, a copy of the message is put in the Badmail directory.
All NDRs go through the same delivery process as other messages, including attempts to resend the message. If the NDR has reached the retry limit and cannot be delivered to the sender, a copy of the message is placed in the Badmail directory. Messages placed in the Badmail directory cannot be delivered or returned.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set a storage location for NDRs
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Messages tab, in the Send copy of Non-Delivery Report to box, type the e-mail address of the mailbox you want to use to store copies of the NDRs. This address can be any valid SMTP e-mail address and is optional. To disable the feature, clear the text box.
3. In the Badmail directory box, type the directory you want to use to store undeliverable messages. The default location is X:\Inetpub\Mailroot\Badmail, where X is the drive on which IIS is installed. Click Browse to select another folder. You can designate a different directory, provided it is on the same computer as the SMTP service.
Creating SMTP Domains (IIS 6.0)
You can create two types of domains in the SMTP service: alias and remote. Alias domains allow you to create secondary domains that point to the default domain and use its settings, including the Drop directory. Any message sent to an alias domain is stamped with the default domain name.
Remote domains can be set for domains to which you commonly send messages. For each remote domain, you can set a predetermined delivery route and require that Transport Layer Protocol (TLS) encryption be used in all sessions with that domain. You can also use a wildcard character in the name so that all inclusive domains for the domain you are creating use the same settings. Use an asterisk (*) as the first character, followed by a period (.). For example, you can use the asterisk as a wildcard in the following format:
*.example.com
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To create an alias domain
1. In IIS Manager, expand the SMTP virtual server, right-click Domains, point to New, and then click Domain.
2. Use the New SMTP Domain Wizard to set up a local (alias) domain.
To create a remote domain
1. In IIS Manager, expand the SMTP virtual server, right-click Domains, point to New, and then click Domain.
2. In Welcome to the New SMTP Domain Wizard, ensure that the Remote option is selected, and click Next.
3. In Domain Name, in the Name text box, type a name for the new domain, and then click Finish.
You can use a wildcard character. For example, type *.contoso.comif you want mail to be delivered to any of the contoso.com SMTP servers.
4. Right-click the domain you just created, and then click Properties.
5. Select the Allow incoming mail to be relayed to this domaincheck box.
6. Click Outbound Security, and then configure the authentication and provide the credentials required by the SMTP server to which the smart host will connect.
Deleting SMTP Domains (IIS 6.0)
You can delete domains that you have added. You cannot delete the default domain, unless you first add an alias domain and then make that domain the default domain.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To delete a domain
1. In IIS Manager, expand the SMTP virtual server, and click Domains.
2. In the details pane, right-click the domain you want to delete, and click Delete.
Designating Default Domains (IIS 6.0)
The default domain is used to stamp messages from addresses that do not have a domain. A Simple Mail Transfer Protocol (SMTP) virtual server can have one default domain that cannot be deleted.
To name a default domain, you can use the name specified on the DNS tab for the TCP/IP protocol in the Network application in Control Panel. This domain name is also used for all other services. Alternatively, you can specify a unique domain to serve as the default for the SMTP service only.
At startup, the name designated on the DNS tab for the TCP/IP protocol in the Network application in Control Panel is automatically used for the default domain. If you change the name on the DNS tab, the new name is used automatically for the default domain the next time the service is started. No action is required to update the default domain for the SMTP service.
To override the automatic use of the network domain, specify the default domain on the General tab. The SMTP service can then use the designated name instead of the network domain.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To rename the default domain
1. In IIS Manager, expand the SMTP virtual server, and then click Domains.
2. In the details pane, right-click a domain name, and then click Rename.
3. Type a new name for the default domain.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To identify an SMTP virtual server
1. In IIS Manager, right-click the SMTP virtual server, and then click Rename.
2. Type a new name for the virtual server name if you want to change it from the default. Do not use extended characters when naming your SMTP virtual server.
3. Right-click the SMTP virtual server, and click Properties.
4. On the General tab, in the IP address list, click the IP address for this virtual server. The SMTP virtual server can respond to connection requests for all IP addresses configured on the computer. To identify the TCP port for each IP address configured for the virtual server, click Advanced. Port 25 is the SMTP standard TCP port and is recommended. More than one virtual server can use Port 25, provided they are associated with different IP addresses.
Starting, Stopping, or Pausing SMTP Virtual Servers (IIS 6.0)
The Default SMTP Virtual Server starts upon installation of the SMTP service. You can pause, stop, and start it in IIS Manager.
You can also start, stop, and pause the entire SMTP service. However, if you have more than one virtual server, stopping the service affects all of the Simple Mail Transfer Protocol (SMTP) virtual servers running on your computer. When the SMTP service is stopped, you cannot use IIS in Microsoft Management Console (MMC) to perform administrative functions on any SMTP virtual server.
Important
Make sure only trusted administrators in your organization have the necessary permissions to start or stop an SMTP virtual server. For more information, see Setting Operator Permissions.
You can stop and start the SMTP service manually. However, while it is operating, you must be careful when stopping, pausing, or restarting the service to minimize the impact on users.
If the default startup setting is Manual, you can use IIS in Microsoft Management Console (MMC) to start a Simple Mail Transfer Protocol (SMTP) virtual server.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To start an SMTP virtual server
• In IIS Manager, expand the local computer, right-click the SMTP virtual server, and click Start.
You can stop a Simple Mail Transfer Protocol (SMTP) virtual server for configuration changes and maintenance.
To stop an SMTP virtual server
• In IIS Manager, expand the local computer, right-click the SMTP virtual server, and click Stop.
You can pause a Simple Mail Transfer Protocol (SMTP) virtual server for configuration changes and maintenance. Pausing prevents new client connections, but it enables the virtual server to continue processing existing client connections and delivering queued messages.
To pause an SMTP virtual server
• In IIS Manager, expand the local computer, right-click the SMTP virtual server, and click Pause.
Starting, Stopping, or Pausing the SMTP Service (IIS 6.0)
The SMTP service runs as a service on Windows Server 2003, Standard Edition and Windows Server 2003, Enterprise Edition, and it starts upon installation. Although there is only one SMTP service on a computer, it is possible to have more than one Simple Mail Transfer Protocol (SMTP) virtual server. You can start, stop, or pause each virtual server independently of one another while the SMTP service is running.
If you have more than one SMTP virtual server, it is important to remember that pausing or stopping the entire SMTP service will affect all of the SMTP virtual servers. When the service is stopped, you cannot use IIS in Microsoft Management Console (MMC) to perform administrative functions on any SMTP virtual server.
Note
The one exception is that you can start a virtual server while the SMTP service is stopped. Starting an SMTP virtual server will also restart the entire SMTP service. This, in turn, will start all other SMTP virtual servers that had been running when the SMTP service was originally stopped.
When you start the SMTP service, it accepts new connections from users. When you stop the SMTP service, it does not accept new connections. When you pause the SMTP service, every running SMTP virtual server will cease accepting new connections but will continue to service existing connections.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To start, stop, or pause the SMTP service
1. From the Start menu, point to Administrative Tools, and then click Component Services.
2. In the console tree, click Services (Local).
3. In the details pane, right-click Simple Mail Transfer Protocol (SMTP), and then click Start, Stop, or Pause.
Configuring Startup Settings (IIS 6.0)
You can use Administrative Tools to configure the default state of the SMTP service at startup.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
1. From the Start menu, point to Administrative Tools, and then click Component Services.
2. In the console tree, click Services (Local).
3. In the details pane, right-click Simple Mail Transfer Protocol (SMTP), and then click Properties.
4. On the General tab, in the Startup type list, click Automatic, Manual, or Disabled.
Setting Connections (IIS 6.0)
A connection is initiated whenever a message is sent to or received from a remote server.
Note
Designating the TCP port that the SMTP service uses to receive incoming messages is done when you configure the Simple Mail Transfer Protocol (SMTP) virtual server.
Setting connection limits and imposing connection time-outs can make it more difficult for someone to initiate a malicious attack (such as denial of service) against your virtual server.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To configure incoming connections
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. On the General tab, select the Limit number of connections to check box (the default is no limit), and set the following options.
To configure outbound connections
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Outbound connections.
3. In the Outbound Connections dialog box, select a check box and set the following options.
Creating Additional SMTP Virtual Servers (IIS 6.0)
In most cases, you should need only one Simple Mail Transfer Protocol (SMTP) virtual server. However, if you are hosting multiple domains and want to have more than one default domain, for example, you can create multiple SMTP virtual servers. To an end user, each SMTP virtual server appears as a separate server with a unique IP address/TCP port combination.
When you create an SMTP virtual server, you are prompted to enter a path to your home directory. This directory must be local to the computer on which the SMTP service runs.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To create a new SMTP virtual server
1. If the SMTP virtual server will be using a new IP address, configure an IP address. From the Start menu, click Control Panel, and then double-click Network Connections. See Windows Server 2003 family Help for more information on Network Connections.
2. After you configure the IP address, in IIS Manager, right-click an existing SMTP virtual server, point to New, and then click Virtual Server.
3. Follow the steps in the New SMTP Virtual Server Wizard. Be sure to select an IP address/TCP port combination that is not being used by another SMTP virtual server. The recommended TCP port is 25, which is the SMTP standard TCP port. More than one virtual server can use the same TCP port provided they are configured with different IP addresses.
4. If the default startup setting for SMTP Service is set to Automatic, the new SMTP virtual server will start automatically. If it doesn't start, it is because you selected an IP address/TCP port combination that is already in use.
5. Configure the new SMTP virtual server.
Setting Up Virtual Servers for Clustering (IIS 6.0)
A server cluster is a group of independent computer systems, known as nodes, working together as a single system to ensure that mission-critical applications and resources remain available to clients. Server clusters provide high availability. High availability in a Simple Mail Transfer Protocol (SMTP) server cluster means that, if one virtual server fails, its work is dispersed to the remaining virtual servers in the cluster, ensuring mail service is not interrupted. The other benefit of server clusters is the failover of server resources, which is when a virtual server goes down and another one comes online to assumes its role.
In clustering, a node is a system that has a working installation of Windows Server 2003, Enterprise Edition and the Cluster service. Microsoft recommends creating a new virtual server on your node for clustering, rather than reconfiguring your default SMTP virtual server.
For more information about Windows Clustering and server clusters, see Windows Server 2003, Enterprise Edition Help. That documentation contains detailed information about setting up and administrating server clusters.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set up an SMTP virtual server for clustering
1. If necessary, change the default startup setting of the SMTP Service to Manual.
2. Before creating a new virtual server, in IIS Manager, right-click Default SMTP Virtual Server, and then click Properties.
3. On the General tab, click Advanced.
4. Under Address, double-click All Unassigned.
5. In the Identification box, change the TCP port number from 25, which is the default setting, to another port number -- any unassigned port will work. Type in the new port number, making sure it is unique, and then click OK.
6. Create a new SMTP virtual server. After it is created, you will have to manually start the new virtual server. Use the default TCP port on the new virtual server, which is port 25.
Important
When you get to the Select Home Directory and Default Domain screen of the New SMTP Virtual Server Wizard, be sure to type paths to the shared resource that will be used in clustering. Do not type paths to a local hard drive.
7. Run the iiscnfg /copy command to copy the IIS configuration on your node to the other nodes in the server cluster. At a command prompt, navigate to the systemroot\System32\Inetsrv directory on your node, and then type iiscnfg /copy /ts target server /tu userid /tp password where the following is true:
• /ts is another node in the same cluster.
• /tu is the user ID to use when connecting to the target server.
• /tp is the password associated with the specified user ID.
Important
The /copy operation does not copy the server content, such as Web pages and FTP files, that is associated with the IIS configuration. This command changes the computer-specific and system-specific properties in the metabase so that they are valid on the target computer. However, it does not adjust the directory or file paths. As a result, you might need to configure valid paths on the target computer.
Enabling Protocol Logging (IIS 6.0)
Use the General tab to enable transaction logging and to select the format. When setting up the log file, keep in mind that the log formats and default file names are the same as those used by other IIS services. If you choose the default names, all transactions for all services are recorded in the same file. You can set up a separate file for each service if you want to maintain separate records.
If you set up the file in a location other than the default, make sure it is stored on a local drive and not on a network.
Auditing server activity with log files is a good way to detect if unauthorized external users are attempting to access your virtual server, or if internal users are trying to access resources they do not have permission to access. For more information about auditing and using Event Viewer, see Windows Server 2003 family Help.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To enable logging that uses one of the ASCII text formats
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. On the General tab, select the Enable logging check box.
3. In the Active log format list, click a transaction log format. If you chose the W3C Extended Log File Format, click the Advanced tab, and then click the items you want to track.
4. Click Properties, and then set the log file size and location.
To enable logging that uses the ODBC format
1. Set up an ODBC-compliant database.
2. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
3. On the General tab, select the Enable logging check box.
4. In the Active log format list, click ODBC Logging.
5. Click Properties, and then set the log file size and location.
Setting Operator Permissions (IIS 6.0)
You can designate which user accounts can have operator permissions for the Simple Mail Transfer Protocol (SMTP) virtual server. After Windows user accounts are set up, you can grant permissions by selecting the account from a list. These permissions can be rescinded by removing the account from the list of virtual server operators.
Important You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /user:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To assign operator permissions
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Security tab, and click Add.
3. Select a Windows user account, and then click OK. The selected account will now appear in Operators.
To remove operator permissions
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Security tab, and in the Operators list, click the operator you want to remove.
3. Click Remove.
Requiring Authentication for Incoming Connections (IIS 6.0)
There are three authentication methods available. You can choose one, two, or all three methods. All three are set by default.
Important
The default mail relay settings on the SMTP virtual server allow only mail from authenticated users to be relayed. Therefore, to allow users in your organization to send mail through the virtual server, users must first be authenticated. By choosing one of the methods in the Authentication dialog box, your users will be able to send mail and, at the same time, unauthorized users will not be able to use your virtual server to relay mail.
Authentication option Description
Anonymous access An account name or password is not required. You can use this option to disable authentication for the Simple Mail Transfer Protocol (SMTP) virtual server.
Basic authentication An account name and a password are sent using plaintext. Specify a Windows domain that is appended to the account name for authentication.
Integrated Windows authentication A Windows account name and password are authenticated using this option.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To disable authentication for incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Anonymous access check box, and then clear the remaining check boxes for the other options.
To set clear text authentication for incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Basic authentication check box.
4. In the Default domain box, type a Windows domain name. This default domain differs from the SMTP virtual server default domain.
To use Integrated Windows authentication to authenticate incoming messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Select the Integrated Windows Authentication check box.
Requiring Authentication for Outbound Messages (IIS 6.0)
You can configure the Simple Mail Transfer Protocol (SMTP) virtual server to provide the authentication credentials required by a receiving server. There are three types of authentication available: anonymous, Basic (plaintext), and Integrated Windows authentication. Anonymous requires no authentication. With the plaintext option, the account name and password of the server you're connecting to are transmitted in plaintext. The Integrated Windows authentication option requires a Windows account name and password.
The option set here can be overridden for a specific remote domain. Overriding the authentication settings for a remote domain enables you to set the virtual server authentication level to handle most of the transmissions, while allowing exceptions for individual addresses. The following table describes several configuration examples.
SMTP transmissions Authentication option
Messages are commonly sent to multiple addresses. Disable authentication for the SMTP virtual server. If attempts to deliver messages to an address fail because of authentication requirements, add a remote domain for the address. Then enable authentication for the domain at the same level required by the server.
Messages are commonly sent to one address, which requires authentication. Determine what level of authentication is required to connect. Then enable authentication for the SMTP virtual server using the same level. If you want to then send messages to other addresses, set up remote domains and set different authentication options. If you use this option, it is likely that the account name used is the one that identifies the computer set up as the smart host.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To disable authentication for outgoing messages
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Outbound Security.
3. Click Anonymous access.
4. Clear all other options.
To set Basic authentication for outgoing messages
1. In IIS Manager, select the SMTP virtual server, and then click Properties on the Action menu.
2. On the Delivery tab, click Outbound Security to open the Outbound Security dialog box.
3. Click Basic authentication.
4. Under User name and Password, type the account name and password that will grant you access to the computer you are connecting to.
Important
If Basic authentication is your only authentication method, it is strongly recommended that you also require TLS encryption to avoid unauthorized detection of user names and passwords.
To set Integrated Windows authentication for outgoing messages
1. In IIS Manager, select the SMTP virtual server, and then click Properties on the Action menu.
2. On the Delivery tab, click Outbound Security to open the Outbound Security dialog box.
3. Select the Integrated Windows Authentication check box.
4. Under Account and Password, type a Windows account name and password that will grant you access to the computer you're connecting to.
Setting IP Access Restrictions to Servers (IIS 6.0)
You can grant or deny Simple Mail Transfer Protocol (SMTP) virtual server access to specific IP addresses. By default, the SMTP virtual server is accessible to all IP addresses. You can set restrictions by specifying a single IP address, a group of addresses using a subnet mask, or a domain name.
Important You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To set IP address access restrictions
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Connection control, click Connection.
3. Click either Only the list below or All except the list below.
4. To add to the list of computers, click Add.
5. To delete from the list of computers, select a listing, and then click Remove.
Configuring SMTP Virtual Server Relay Restrictions (IIS 6.0)
IIS includes a full-featured SMTP virtual server that you can use to receive and relay e-mail messages to other SMTP servers on your network or to servers on the Internet. The relay function is useful for internal network clients that might have to forward mail to other SMTP servers, and it is useful for IIS programs that need access to an SMTP server to forward mail.
For a user or computer to relay e-mail messages through an SMTP virtual server, the following two conditions must be met:
• The user or computer can access the SMTP virtual server.
• The SMTP virtual server is configured to relay e-mail messages to other domains.
When an SMTP virtual server relays e-mail messages, it can forward mail that is addressed to any e-mail domain. With this feature, an SMTP virtual server can forward mail to any internal or external network SMTP server for which it can resolve an MX record. However, if the SMTP virtual server is accessible to Internet users, mail relay should not be enabled. With mail relay enabled, malicious users might forward e-mail to your SMTP virtual server, distributing unwanted messages to other computers and reducing the available bandwidth for your internal connection.
By default, the SMTP service blocks computers from relaying unwanted mail through the virtual server. To enable relay access through the SMTP virtual server, click Relay on the Access tab. By default, all computers are blocked except those that meet the authentication requirements that are designated in the Authentication box, which you can view by clicking Authentication on the Access the tab.
You can also allow messages to be relayed to a specific remote domain. The domain setting overrides the SMTP virtual server setting. For more information about relaying messages to a remote domain, see Configuring Remote Domains.
If you enable mail relay on your SMTP virtual server, then you can specify the relay restrictions that are described in the following table.
Option Description
Only the list below This option allows only the computers specified in the list to relay messages through the SMTP virtual server.
All except the list below This option allows all computers, except the computers that are specified in the list, to relay messages through the SMTP virtual server. This option is set by default, along with the Allow all computers which successfully authenticate to relay, regardless of the list above option.
Add and Remove Clicking these buttons allows you to grant or deny relay access by adding to or removing from the list of computers.
Allow all computers which successfully authenticate to relay, regardless of the list above This option allows computers that meet authentication requirements set in the Authentication box to relay messages to the SMTP virtual server. This option is set by default.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To add relay restrictions to an SMTP virtual server
1. In IIS Manager, right-click the SMTP Virtual Server for which you want to add relay restrictions, and then click Properties.
2. Click the Access tab, and then click Authentication.
3. To enable the appropriate level of authentication for your server, select either (or both) the Basic authentication or the Integrated Windows Authentication check box, clear the Anonymous access check box, and then click OK.
Note
If you enable Anonymous access and do not enable Basic authentication and Integrated Windows authentication, then authentication is no longer enabled, which means that all users and computers can access the SMTP virtual server.
4. On the Access tab, under Relay restrictions, click Relay.
5. In the Relay Restrictions box, click Add, and then do the following to add a single computer, a group of computers, or a domain:
• To add a single computer, click Single computer, type the IP address of the computer that you want to add, and then click OK.
• To add a group of computers, click Group of computers, type the subnet address and the subnet mask of the group into the corresponding boxes, and then click OK.
• To add a domain, click Domain, type the domain name that you want to add, and then click OK.
6. To apply your configuration changes, click OK twice.
To remove relay restrictions from an SMTP virtual server
1. In IIS Manager, right-click the SMTP virtual server for which you want to remove relay restrictions, and then click Properties.
2. Click the Access tab, and then click Relay.
3. In the Relay Restrictions box, select either the Only the list below or the All except the list below check box.
4. If you want to add exceptions, click Add and then specify the computer, group of computers, or domain for which you want to retain relay restrictions.
Requiring TLS Encryption (IIS 6.0)
You can require that all clients use Transport Layer Security (TLS) encryption, a generic security protocol similar to Secure Sockets Layer (SSL), to connect to the default Simple Mail Transfer Protocol (SMTP) virtual server. This option secures the connection, but it is not used for authentication.
When requiring Basic authentication on your virtual servers, it is strongly recommended that you also use TLS encryption. Without encryption, user names and passwords can be easily intercepted.
To use TLS encryption for the virtual server, you must create key pairs and configure key certificates. Clients can then use TLS to encrypt the session with the SMTP service, therefore, all messages sent. The SMTP service can also use TLS to encrypt sessions with remote servers.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To create and manage key certificates
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Secure communication, click Certificate to set up new key certificates and manage installed key certificates for the SMTP virtual server.
Key pairs consist of a number of bits that indicate the key's security level. You can strengthen security by increasing the encryption level from 40 bits (the default) to 128 bits. The greater the number of bits, the more difficult the item is to decrypt. Users attempting to secure access must use the same encryption level that you set or messages will be returned with a non-delivery report (NDR).
To set TLS encryption levels for the server
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Access tab, and under Access control, click Authentication.
3. Click Basic authentication.
4. Select the Require TLS encryption check box.
Note
There are two additional TLS options available. To use TLS for all outgoing connections, click Outbound Security on the Delivery tab, and then click TLS encryption. Also, if a server you commonly connect to requires the use of TLS for all incoming connections, you can create a remote domain and click TLS encryption when creating the domain.
Message Delivery Options (IIS 6.0)
Use the Delivery tab to set all delivery and routing options. Settings can be grouped into three categories, which are listed below.
Routing Options
• Smart host: Designates a server through which to route all outgoing messages.
• Message hop count: Determines the maximum number of servers a message is routed through before being considered undeliverable.
• Fully qualified domain name (FQDN): Clarifies the address to use in message exchanger (MX) records.
Top of page
Transmission Options
• Retry attempts and retry interval: Determines how many times to resend a message, and at what intervals, before the message is considered undeliverable.
• Delivery using Pickup directory: Allows you to transmit messages composed as a text file.
Top of page
Security Options
• Outbound security: Allows you to use authentication and Transport Layer Security (TLS) encryption for outgoing messages.
• Reverse DNS lookup: Verifies that the message actually originated from the computer and the domain listed in the From field.
• Masquerade domains: Replaces any local domain name used in any Mail From lines in the protocol with a different domain name. This is the name you want stamped on outgoing
Configuring Retry Attempts and Intervals (IIS 6.0)
If a message cannot be delivered on the first attempt, the SMTP service sends it again from the Queue directory after a specified time. You can set the interval between delivery attempts. You can also designate the number of times to attempt to deliver a message. After the limit is reached, the message is returned to the sender with a non-delivery report (NDR) and copies of the message and NDR are sent to the location you designate. The NDR is placed in the Queue directory and goes through the same delivery process as messages. When the NDR reaches the maximum number of retry attempts, the NDR and message are sent to the Badmail directory.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To configure retry attempt and interval settings
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab.
3. In the First retry interval (minutes) box, type a value for the amount of time to wait before retrying message delivery. The default is 15 minutes.
4. In the Second retry interval (minutes) box, type a value for the amount of time to wait before retrying message delivery. The default is 30 minutes, which is 30 minutes after the First retry interval.
5. In the Third retry interval (minutes) box, type a value for the amount of time to wait before retrying message delivery. The default is 60 minutes, which is 60 minutes after the Second retry interval.
6. In the Subsequent retry interval (minutes) box, type a value for the amount of time to attempt delivery before posting a notification. The default is 240 minutes.
Top of page
Delay Notification
To allow for network delays, you can set a delay period to expire before sending the delivery notification. The minimum value is 1 minute, the default is 12 hours, and the maximum value is 9999 days. Use the drop-down menu beside the value field to use minutes, hours, or days.
Top of page
Expiration Timeout
Type a value for messages that have not been delivered after all retries and delays have expired. The minimum value is 1 minute, the default is 2 days, and the maximum value is 9999 days. Use the drop-down menu beside the value field to use minutes, hours, or days.
Setting the Message Hop Count (IIS 6.0)
When a message is delivered, it may be routed to a number of servers before reaching its final destination. You can designate how many servers the message is allowed to pass through. This is called the hop count.
After the hop count is set, the Simple Mail Transfer Protocol (SMTP) server counts the hops listed in the Received lines of the message header. When the number of Received fields exceeds the maximum hop count setting, the message is returned to the sender with a non-delivery report (NDR).
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set the message hop count
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. In the Maximum hop count box, type a value for the number of hops a message can take between the source and destination servers. The default is 15 hops.
Setting the Masquerade Domain (IIS 6.0)
The masquerade domain replaces any local domain name used in any Mail From lines in the protocol. The replacement occurs on the first hop only.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc %systemroot%\system32\inetsrv\iis.msc".
Procedures
To set the masquerade domain
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. In the Masquerade domain box, type a domain name that you want to appear in message headers, instead of the actual name of the domain.
Note
All replies to such messages will be routed through the SMTP virtual server that uses the masquerade domain.
Setting Fully Qualified Domain Names (IIS 6.0)
An e-mail domain must be able to be resolved through Domain Name System (DNS). There are two DNS records that are used to resolve an e-mail domain. In most cases, a mail exchanger (MX) record is set up to associate an e-mail domain with the fully qualified domain name (FQDN) of one or more Simple Mail Transfer Protocol (SMTP) virtual servers that serve that domain. Each SMTP server referenced in the MX record must have an address (A) record. The A record maps a given FQDN to its IP address.
It is possible to just have an A record set up for an e-mail domain. In this scenario, the A record maps the domain to the IP address or addresses of the SMTP virtual server or servers that serve that domain. Adding an MX record, however, is recommended over using an A record by itself, because an MX record allows an SMTP administrator to specify an ordered list of servers to use for clients sending mail to that e-mail domain. Microsoft SMTP Service always checks first for an MX record before falling back to an A record, so setting up MX records on your virtual server can improve performance. And, in some cases, the A record is used for other purposes, such as HTTP, although the MX record is generally used only for SMTP. The MX record allows one server to handle http://example.com (HTTP clients use the A record) and another server to handle someone@example.com (SMTP clients use the MX record).
On the SMTP service, there are two options for specifying an FQDN. You can use the name specified on the Network Identification tab of System Properties in Control Panel, or you can specify a unique FQDN for the SMTP virtual server you are configuring.
At startup, the name designated on the Network Identification tab of System Properties is automatically used for the FQDN. If you change the name (either manually or by joining a domain), the new name is automatically used for the FQDN the next time the computer is restarted. No action is required to update the FQDN for the virtual server.
To override the automatic use of the computer and domain names on the Network Identification tab, change the FQDN in the Advanced Delivery dialog box, accessed through the Delivery tab. The SMTP service can then use the designated name instead of the one specified on the Network Identification tab.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To change the FQDN
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. In the Fully-qualified domain name box, type the FQDN.
Configuring Smart Hosts (IIS 6.0)
You can route all outgoing messages for remote domains through a smart host instead of sending them directly to the domain. This enables you to route messages over a connection that may be more direct or less costly than other routes. The smart host is similar to the route domain option for remote domains. The difference is that, after a smart host is designated, all outgoing messages are routed to that server. With a route domain, only messages for the remote domain are routed to a specific server.
Important
Make sure your designated smart host is secure and administered by a trusted authority, especially when forwarding sensitive information.
If you set up a smart host, you can still designate a different route for a remote domain. The route domain setting overrides the smart host setting.
You can identify the smart host by fully qualified domain name (FQDN) or an IP address (but if you change the IP address, you would have to change it on every virtual server as well). If you use an IP address, enclose it in brackets ([ ]) to increase system performance. The SMTP service checks first for a server name, and then an IP address. The brackets identify the value as an IP address, so the DNS lookup is bypassed.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set up a smart host
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. In the Smart host box, type the name of the smart host server. You can type a string to represent a name or enter an IP address.
4. If you want the SMTP service to attempt to deliver remote messages directly before forwarding them to the smart host server, select the Attempt direct delivery before sending to smart host check box. The default is to send all remote messages to the smart host, not to attempt direct delivery.
Enabling Reverse DNS Lookup (IIS 6.0)
If you select this option, the SMTP service will attempt to verify that the client’s IP address matches the host/domain submitted by the client in the EHLO/HELO command. If the reverse DNS lookup is successful, the RECEIVED header will remain intact. If the verification is unsuccessful, "unverified" appears after the IP address in the RECEIVED header of the message. If the reverse DNS lookup fails, "RDNS failed" will appear in the RECEIVED header of the message.
Because this feature verifies addresses for all incoming messages, its use could affect SMTP service performance. Clear the check box to disable the feature.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To enable reverse DNS lookup
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Delivery tab, and click Advanced.
3. Select the Perform reverse DNS lookup on incoming messages check box.
Setting Message Size Limits (IIS 6.0)
There are two message size limit settings. The first, Limit message size to, is a preferred message limit for the virtual server. This is what the SMTP service will advertise as the maximum message size this Simple Mail Transfer Protocol (SMTP) virtual server will accept. If a mail client sends a message that exceeds the limit, they will get an error. If a remote server supports EHLO, it will detect the advertised maximum message size value when it connects to the SMTP virtual server and won't attempt to deliver a message that exceeds the limit. Instead it will simply send a non-delivery report (NDR) to the sender of the message. A remote server that does not support EHLO will try to send a message that exceeds the size limit, but will still end up sending an NDR to the sender when the message doesn't go through.
Limit session size to is the maximum amount of data accepted during the total connection. This is the sum of all messages sent during the connection (applying to the message body only).
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set message size limits
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Messages tab, select the Limit message size to (KB) check box, and then type a value (in kilobytes) for the maximum size of a message. The default is 2048 KB. The minimum value is 1 KB.
3. Select the Limit session size to (KB) check box, and then type a value to indicate the maximum total size (in kilobytes) of all messages in a given connection. This number will always be larger than the maximum message size and should be set carefully because the connecting message transfer agent (MTA) is likely to resubmit the message repeatedly. The default size is 10240 KB. This value should be greater than or equal to the value entered for Limit message size to (KB).
Setting Recipient Limits (IIS 6.0)
You can determine the maximum number of recipients for a single message sent in one connection. The default is 100, which is the minimum number specified in Request for Comment (RFC) 821. Many clients return messages with a non-delivery report (NDR) after an error message is received, indicating that the maximum number of recipients has been exceeded. The SMTP service does not return messages in this instance. It opens a new connection immediately and processes the remaining recipients. For example, if the recipient limit is set to 100 and a message with 105 recipients is received, the first 100 are delivered in one connection. Then, a new connection is opened, and the message is processed for the remaining five recipients.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set recipient limits
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Messages tab, select the Limit number of recipients per message to check box, and then type a number to represent the recipient limit. To impose no limit, clear the check box.
Limiting the Number of Messages per Connection (IIS 6.0)
This option enables you to limit the number of messages sent in a single connection. It also provides a method to improve system performance by allowing the use of multiple connections to deliver messages to a remote domain. When the set limit is reached, a new connection is automatically opened and the transmission continues until all messages are delivered.
For example, if you commonly send a large number of messages to certain remote domains, you could set the Limit number of messages per connection to value to a relatively small number, such as 20. As a result, when sending 100 messages in one session, the SMTP service immediately opens a new connection after the first 20 are sent, another after the next 20 are sent, and so on. In this case, there could be up to five simultaneous connections delivering queued messages to one destination. Message delivery would be faster because fewer messages are delivered simultaneously, instead of in one long stream over one connection.
To determine a value for the limit, review the Messages Sent/sec performance counter for the SMTP Server object in System Monitor. The Limit number of messages per connection to value should be less than the value indicated by the performance counter. If the counter indicates a value of 30, and you set your maximum connections to 50, no simultaneous connection would be opened because the server would not exceed 30 messages per second. It would work as though the messages were sent in one long stream over one connection. This setting affects outgoing messages only. You can use it to increase your server output speed, but it has no effect on the rate that other servers process incoming messages.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To limit the number of messages sent in one connection
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Messages tab, select the Limit number of messages per connection to check box, and then type a value in the box. The default is 20.
Storing Non-Delivery Reports (IIS 6.0)
When a message is undeliverable, the SMTP service returns it to the sender with a non-delivery report (NDR). You can also designate that copies of the NDR be sent to a location of your choice. If the NDR cannot be delivered to the sender, a copy of the message is put in the Badmail directory.
All NDRs go through the same delivery process as other messages, including attempts to resend the message. If the NDR has reached the retry limit and cannot be delivered to the sender, a copy of the message is placed in the Badmail directory. Messages placed in the Badmail directory cannot be delivered or returned.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To set a storage location for NDRs
1. In IIS Manager, right-click the SMTP virtual server, and then click Properties.
2. Click the Messages tab, in the Send copy of Non-Delivery Report to box, type the e-mail address of the mailbox you want to use to store copies of the NDRs. This address can be any valid SMTP e-mail address and is optional. To disable the feature, clear the text box.
3. In the Badmail directory box, type the directory you want to use to store undeliverable messages. The default location is X:\Inetpub\Mailroot\Badmail, where X is the drive on which IIS is installed. Click Browse to select another folder. You can designate a different directory, provided it is on the same computer as the SMTP service.
Creating SMTP Domains (IIS 6.0)
You can create two types of domains in the SMTP service: alias and remote. Alias domains allow you to create secondary domains that point to the default domain and use its settings, including the Drop directory. Any message sent to an alias domain is stamped with the default domain name.
Remote domains can be set for domains to which you commonly send messages. For each remote domain, you can set a predetermined delivery route and require that Transport Layer Protocol (TLS) encryption be used in all sessions with that domain. You can also use a wildcard character in the name so that all inclusive domains for the domain you are creating use the same settings. Use an asterisk (*) as the first character, followed by a period (.). For example, you can use the asterisk as a wildcard in the following format:
*.example.com
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To create an alias domain
1. In IIS Manager, expand the SMTP virtual server, right-click Domains, point to New, and then click Domain.
2. Use the New SMTP Domain Wizard to set up a local (alias) domain.
To create a remote domain
1. In IIS Manager, expand the SMTP virtual server, right-click Domains, point to New, and then click Domain.
2. In Welcome to the New SMTP Domain Wizard, ensure that the Remote option is selected, and click Next.
3. In Domain Name, in the Name text box, type a name for the new domain, and then click Finish.
You can use a wildcard character. For example, type *.contoso.comif you want mail to be delivered to any of the contoso.com SMTP servers.
4. Right-click the domain you just created, and then click Properties.
5. Select the Allow incoming mail to be relayed to this domaincheck box.
6. Click Outbound Security, and then configure the authentication and provide the credentials required by the SMTP server to which the smart host will connect.
Deleting SMTP Domains (IIS 6.0)
You can delete domains that you have added. You cannot delete the default domain, unless you first add an alias domain and then make that domain the default domain.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To delete a domain
1. In IIS Manager, expand the SMTP virtual server, and click Domains.
2. In the details pane, right-click the domain you want to delete, and click Delete.
Designating Default Domains (IIS 6.0)
The default domain is used to stamp messages from addresses that do not have a domain. A Simple Mail Transfer Protocol (SMTP) virtual server can have one default domain that cannot be deleted.
To name a default domain, you can use the name specified on the DNS tab for the TCP/IP protocol in the Network application in Control Panel. This domain name is also used for all other services. Alternatively, you can specify a unique domain to serve as the default for the SMTP service only.
At startup, the name designated on the DNS tab for the TCP/IP protocol in the Network application in Control Panel is automatically used for the default domain. If you change the name on the DNS tab, the new name is used automatically for the default domain the next time the service is started. No action is required to update the default domain for the SMTP service.
To override the automatic use of the network domain, specify the default domain on the General tab. The SMTP service can then use the designated name instead of the network domain.
Important
You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".
Procedures
To rename the default domain
1. In IIS Manager, expand the SMTP virtual server, and then click Domains.
2. In the details pane, right-click a domain name, and then click Rename.
3. Type a new name for the default domain.
Did you know
Did you know... How to disable the original Administrator account In Windows Server 2003, for the first time, you CAN disable the Administrator account. My point is that every hacker knows that Windows has a username called Administrator, so defend it by disabling the account. (Right Click the Administrator, Disable) Obviously you must create another account with administrative privileges.
Did you know... How to view Advanced features
As you are an expert, display all those hidden menus and folders. a) Go to the Active Directory Users and Computers, Select View (Menu) then check: Advanced Features. Now you should see the 'LostAndFound' folder and so be able to check for any orphaned users. b) Select the DNS Icon, View (Menu), Advanced. c) Device Manager, Show Hidden Devices.
Did you know... The easiest way to bring up the System Icon
(Windows Key) + Pause/Break (Key)
Did you know... How to Identify unused accounts
Use the DSQUERY computer -inactive NumberOfWeeks command to identify all machines that were not logged on to Active Directory during the specified NumberOfweeks.
Note that the command above should be used if your domain is running at the Windows Server 2003 functional level. If your domain still has Windows 2000 computers in it and is running in the mixed-mode functional level, use DSQUERY computer -stalepwd NumberOfDays instead.
Deploying a Windows XP Embedded Runtime
Deploying a Windows XP Embedded runtime to your device can be very easy, but there are a few tips to help you avoid the pitfalls. For clarity, I'm using "deploying an image" to mean moving the runtime image to the device and booting the runtime on that device; and for simplicity, I'll use a standard integrated device electronics (IDE) hard drive as our boot media.
Did you know... How to view Advanced features
As you are an expert, display all those hidden menus and folders. a) Go to the Active Directory Users and Computers, Select View (Menu) then check: Advanced Features. Now you should see the 'LostAndFound' folder and so be able to check for any orphaned users. b) Select the DNS Icon, View (Menu), Advanced. c) Device Manager, Show Hidden Devices.
Did you know... The easiest way to bring up the System Icon
(Windows Key) + Pause/Break (Key)
Did you know... How to Identify unused accounts
Use the DSQUERY computer -inactive NumberOfWeeks command to identify all machines that were not logged on to Active Directory during the specified NumberOfweeks.
Note that the command above should be used if your domain is running at the Windows Server 2003 functional level. If your domain still has Windows 2000 computers in it and is running in the mixed-mode functional level, use DSQUERY computer -stalepwd NumberOfDays instead.
Deploying a Windows XP Embedded Runtime
Deploying a Windows XP Embedded runtime to your device can be very easy, but there are a few tips to help you avoid the pitfalls. For clarity, I'm using "deploying an image" to mean moving the runtime image to the device and booting the runtime on that device; and for simplicity, I'll use a standard integrated device electronics (IDE) hard drive as our boot media.
How to Disable Notification Area Balloon Tips in Windows XP
Purpose:
The purpose of this article is to teach you the way to disable notification area balloon tips in windows XP.
Notification Area Balloon Tips:
Balloon tips are displayed to notify the user of occurrences such as low disk space, the installation of new programs, and the fact that notification area icons have been hidden.
To disable notification area balloon tips
Follow these steps
This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs.
1. Click Start, click Run, in the open box type regedit and then click OK.
2. The Registry Editor console will open. Expand the following key:
HKEY_CURRENT_USER Software Microsoft Windows
CurrentVersion Explorer Advanced
3. In the details pane right click, point to New and then click DWORD value and name it EnableBalloonTips
4. Double-click this new entry and then give it a hexadecimal value of 0.
5. Exit the registry editor.
The purpose of this article is to teach you the way to disable notification area balloon tips in windows XP.
Notification Area Balloon Tips:
Balloon tips are displayed to notify the user of occurrences such as low disk space, the installation of new programs, and the fact that notification area icons have been hidden.
To disable notification area balloon tips
Follow these steps
This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs.
1. Click Start, click Run, in the open box type regedit and then click OK.
2. The Registry Editor console will open. Expand the following key:
HKEY_CURRENT_USER Software Microsoft Windows
CurrentVersion Explorer Advanced
3. In the details pane right click, point to New and then click DWORD value and name it EnableBalloonTips
4. Double-click this new entry and then give it a hexadecimal value of 0.
5. Exit the registry editor.
Subscribe to:
Posts (Atom)
