Outlook 2003 (with Service Pack 2) Links Blocker

Today I’ve got an email with the message “Your web site is better than others”. I’m very happy with this. By the chance I want to visit the comment link in the email, I discovered a very exciting security feature of Outlook 2003 (with Service Pack 2).

If the email message is from an address not in the “Safe Senders List”, Outlook 2003 (with Service Pack 2) will block the links in the message. If we click the links, Outlook does not start Internet Explorer to access the URL, but pops up a dialog box (Figure 1).

 Figure 1

In order to be able to visit links directly from Outlook 2003 (with Service Pack 2), we need to “unblock” them. Note the information bar above the recipient email address (Figure 2). Click it, and then we will see a context menu with 3 options.

1. Turn on Links (not recommended)
This is to simply unblock the links in the email message. Microsoft doesn’t recommend this because not all customers know the links in emails may be unsafe.

2. Add Sender to Safe Senders List
This option is to add the specific sender, in this case, “postmaster at msmvps.com”, to the Safe Senders List. If we select this option, links in future emails from this email address will not be blocked.

3. Add the Domain @msmvps.com to the Safe Senders List
This option is similar to the second one, but adds the whole domain to the Safe Senders List. If we select this option, links in future emails from any address of the “msmvps.com” domain will not be blocked.

      Figure 2

Move Operations Master Roles by ntdsutil

What would happen if we didn’t either use dcpromo to demote the first domain controller before removing it from the domain or move each Operations Master role seperately before removing the computer?

We could use command line tool to assign the Operations Master roles to a new DC.

  1. Log on to a member server or domain controller with an administrator account.
  2. Click “Start”, click “run”, and enter “cmd“
  3. Enter “ntdsutil“
  4. Enter “roles“
  5. Enter “connections“
  6. Enter “connect to server [ServerName]
  7. Enter “quit“ to return to the roles level
  8. Enter “transfer [RoleName] “
  9. Click “Yes“ on the confirmation dialog

The commend line tool ntdsutil will then transfer the specific role to the specific domain controller. The figure below shows an example.


Windows OneCare Beta Preview

By Nuo Yan

I’ve been a Windows OneCare Beta tester for several weeks but never had enough time to write an article about this amazing system protection and optimization software. Today, when I finished the latest survey I decided to spend some time to write this article to introduce Windows OneCare.

Note: The version of Windows OneCare mentioned in this article is the 0.6.0692.42 build. The features may subject to change in the future versions.


 As a beta tester, I installed Windows OneCare through Microsoft BetaPlace. The whole process is web-based on a web site called Windows OneCare live.  I have specially set up a new Windows XP Professional with Service Pack 2 Virtual PC for the Windows OneCare test. Before I install Windows OneCare, the Windows XP security center detected I didn’t install any anti-virus product, as I showed in figure 1.

Figure 1

Then I logged in to the web site and began the installation. Figure 2 shows the web page.

Figure 2

Click on “Start Setup Now”, and the installation web will check the system and settings. If the system or settings don’t meet the requirement, the setup cannot be continued. Figure 3 shows the web page asking the user to perform system and settings check.

Figure 3

Click “Continue”, it will perform the check and either guide the user to quit setup or to finish downloading and installation.

Using Windows OneCare

After downloading and finishing the web-based installation wizard, the computer needs to be rebooted to complete the installation. Then we could see the Windows OneCare icon in the System Tray area. Double click it, then we could see its interface (Figure 4).

Figure 4

Clearly, its 3 most useful features are listed in the main interface. “Protection Plus” can be used to scan for virus; “Performance Plus” can be used to run a series of tasks including scanning virus, backing up files, defragmenting disk, and cleaning unnecessary files; “Backup and Restore”  is tool for backing up files to a CD or DVD.

Let’s have a look at each function.  By clicking “Scan for virus” link under “Protection Plus”, we could scan for virus on the computer.  Figure 5 shows the Windows OneCare Antivirus dialog box. This is used for selecting what disks, folders or files the user wants to scan. 

Figure 5

After selection, click “Scan”. The Antivirus program will begin the scanning process, as figure 6 shows.

Figure 6

When it finishes scanning, it will generate a report and show a abstract on the dialog box (Figure 7). Click “Show Details” button it will show you the entire report.

Figure 7

Let’s return to the main interface and try the “Performance Plus”. Click “Run Tune-up”, the “Windows OneCare Tune-up” dialog box will do the entire work automatically (Figure 8).

   Figure 8

We could always “Close” the dialog box; however, closing it doesn’t mean stopping the tune-up. We should click “Cancel Tune-up” if we want to stop it.

As we could see the second step of the “tune-up” is to check the files in the computer that needing backup. You may still remember I mentioned we are only able to back up files to a CD or DVD by using Windows OneCare. As in this case I’m running Windows OneCare in a Virtual PC, I don’t have a CD or DVD burner. Windows OneCare knows that. So it tells me I don’t have a burner and need to turn off the backup feature (Figure 9).

   Figure 9

As same as the antivirus feature, when it finishes the tune-up process, it will generate a detailed report. Let’s click “View Report” (Figure 10) to take a look at the report (Figure 11).

Figure 10

Figure 11

I can’t show you the back up feature because I don’t a CD burner in the Virtual PC.  What I can show at this time, is some settings of Windows OneCare.

Windows OneCare Settings

Windows OneCare is extremely easy to use. Even in the “Settings” part, I believe every end user would be able to deal with the settings of Windows OneCare without learning much. From the main interface, click “View and Change Settings” link on the left side of the window. The “Windows OneCare Settings” dialog box has 5 tabs. The first tab is for setting automatic tune-up. I recommend keeping the default settings to let Windows OneCare tune-up the computer automatically once each week. However, we could choose any time we’d like to make this happen. I also recommend selecting “Include hard disk cleanup in Tune-up.” Then it will automatically delete those unnecessary temporary files. Figure 12 shows the “Tune-up” tab.

Figure 12

The second tab is “Backup”. This is for Windows OneCare to remind the user when there’re new files need to be backed up. Figure 13 shows the “Backup” tab.

Figure 13

The third tab is “Antivirus”. By enabling the antivirus feature, we could use Windows OneCare to scan virus and monitor virus. I strongly recommend enabling the antivirus part of Windows OneCare. It’s also one of the key features Windows OneCare offers.

Figure 14

The fourth tab named “Firewall”. Amazing? Yes! Windows OneCare includes a full functioning firewall! Now, you may think Windows XP Service Pack 2 already has its built-in firewall, so only one can be used. Really? No! Let’s keep the original Windows Firewall enabled, and then enable the Windows OneCare firewall in the “firewall” tab (Figure 15).

Figure 15

Then click “Start”, click “Control Panel” and then click “Security Center”. Expand the Firewall option and we could see the most amazing things. Figure 16 shows how amazing it is.

Figure 16

As we can see, “Windows OneCare Firewall is currently ON…” Yes, and I think I needn’t say anything more.

Let’s return to the Windows OneCare Settings. The last tab is “Log” (Figure 17). If we enable logging, it will log any action Windows OneCare performs. This would be good for future troubleshooting.

Figure 17

Well, this is Windows OneCare. I think it’s a very powerful and easy to use system protection product. As same as what you may think, I’m looking forward to seeing the next versions of it. I will introduce the differences and additional features in the future versions of this software on my blog once I have tested it. Hope you will like.  

Don’t Forget The Operations Masters

Many IT people would add DCs to the existing Windows network some times after the first implement. At the same time, many IT people like to remove some early DCs from the network because their newly added ones are more powerful.

However, many IT people meet problems. Their domain no longer functioning properly after removing the early (exactly first) DCs. This is because the first DC is by default the Operations Master. Before removing it from the network, the administrator needs to run “dcpromo” to demote the DC to a member server. During this process it will automatically transfer the Operations Master roles to other DCs.

So, remember that even in the Windows Server 2003 domains, the DCs are not equal. Don’t forget the Operations Master roles when removing old servers.

Add NICs to Existing Virtual PC

Virtual PC is a fantastic tool to help us build test or experimental environment of Windows Server System.

Suppose now we are building a test environment for Windows Server 2003 and its updates. The purpose is to simulate the company’s real network environment and test the Service Pack and other updates.

We setup the workstations, member servers and domain controllers on Virtual PC successfully. The next step is to make the scenario as same as the real life environment. We begin to build the Network Address Translation (NAT) server. At this time, we need 2 NICs on the virtual machine. However, by default after installation, there is only one in this virtual Windows Server 2003 and there is only one real NIC in the host computer.

How can we do that? How can we add another NIC to the Windows Server 2003 virtual machine so that we could simulate the real life NAT environment?

Actually we could finish this work within a minute. First, shut down the virtual machine we need to add NICs to. Then start Virtual PC 2004, click the virtual machine we need to add NICs to.  Click “Action”, then click “Settings…”. On the new dialog box, click “Networking”. In the right pane, click the dropbox on the right of “Number of network adapters” and choose the total number of NICs we want in this system. Note, here is to choose the total number of NICs we want in this particular virtual machine, but not to choose the number of NICs we want to add to this particular virtual machine. Then we will need to set the scope of the added NIC(s). “Local only” means the particular virtual NIC could only have network connection with virtual machines on the same host computer. We could see another option is the name of the host NIC (we assumed only one NIC in the host computer), this option means the particular virtual NIC could have network connections with virtual machines on the same host computer, the host computer, and computers connectted to the host computer through the host’s NIC. If we’re configuring the first virtual NIC on a virtual machine, we also can see another option called “NAT”. It’s almost the same meaning as the real life NAT concept. After configuring the virtual NICs, click “OK” to close the dialog box.

We’ve done. Turn on the particular virtual machine we’ve just configured, we will see another LAN interface is right there. Then we could do the simulation of the real life environment, for instance, the NAT environment, and continue testing the Service Pack and updates in the simulated environment.

To learn more about Virtual PC 2004, please visit:



Where to Find IP Security Monitor in Windows Server 2003 and Windows XP?

Microsoft has changed the way IPSec Monitor runs in Windows Server 2003. Dislike it’s in Windows 2000, we can’t start IPSec Monitor by clicking “start”- “Run” then enter “ipsecmon”.

In Windows Server 2003, IPSec Monitor becomes a MMC-based tool. We can start it from MMC:

  • Click “start”- “Run”
  • Enter “MMC”
  • Click “File” – “Add/Remove Snap-in…”
  • Click “Add”, and double-click “IP Security Monitor”
  • Click “Close” and click “OK”.

We’re all set. Now we can use the powerful tool to check whether our IPSec configurations functions well or not.

In Windows XP, IP Security Monitor starts the same way as it is in Windows Server 2003. In fact, Windows XP is the first operating system that Microsoft changes the IP Security Monitor after Windows 2000.

Adding MSN Search to our own web site

It’s not necessary for us to write the search function by ourselves. MSN Search provides codes for site owners.

We can add a search box to our blog by adding (and modifying) these codes:

<!– Site search from MSN –> <!– Site search from MSN –>
<form method=”get” action=”http://search.msn.com/results.aspx”>
<td width=75>
<a href=”http://search.msn.com/” target=”_blank”>
<img src=”http://search.msn.com/s/affillogo.gif” border=”0″ ALT=”MSN Search”/>
<input type=”text” name=”q” size=”10″ />
<input type=”submit” value=”Search”/>
<input type=”hidden” name=”q1″ value=”site:msmvps.com/nuoyan”/>
<!– Site Search from MSN –>
<A href<!– Site Search from MSN –>

Change my URL “http://msmvps.com/nuoyan” to yours, and you will be all set.

Enabling IP Routing for Windows XP

We got a few computers (less than 10) in 2 subnets. We have one Windows XP computer with 2 LAN adapters. We want to use this computer as a very simple router in the middle of the two subnets.

In NT 4 we can simply open the properties of TCP/IP and check “Enable IP Routing”.  However,  in Windows XP we don’t have this checkbox in TCP/IP properties. To make the same effect, we need to change something in the registry.

Click “Start”, click “run” and enter “regedit”.

Locate “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters”, we can find a value called “IPEnableRouter”. Let’s double click it and set the value to “1”. We are all set then.

This is not good for large enterprises. But for some specific very small businesses enabling Windows XP as the simple router will save the cost, as we don’t need to buy a new copy of Windows Server 2003 only for the Routing feature.

Good Network Connections Diagnostics Tool – Windows XP, Windows Server 2003

You got a new computer or server, and you spent a long time configured all network settings. Now you want to make sure the software, hardware and network connections are functioning normally.

A buit-in tool in Windows XP and Windows Server 2003 can help you.

Click “Start”, click “run” and enter “cmd” to open the Command Console.

Enter “netsh diag gui”, the Network Diagnostics tool starts (see the figure below).

Click on “Scan your system”, the tool will scan the software, hardware and network connections settings. (see the figure below)

When the scaning process completes, it will generate a report to show you whether your system has passed or failed the scan (see the figure below). You can also expand the nodes to see the details.

Please note, the server your computer program has connected to may have security concerns to disable “ping“s. You may get a failed message because of the server’s configuration. Just don’t worry about that. I recommend you to expand the nodes to check all details, especially for failed ones.