NT Security

This command-line utility is called PASSPROP and can be used to set two domain policy flags: whether passwords must be complex, and whether the administrator account can be locked out. For details on syntax and usage, run "passprop," with no parameters, at the command prompt. -- Jon Udell, executive editor

I enjoyed "NT Security" even though I don't use NT machines. One nit: You said a router would only have to allow TCP ports 80 and 21 into the server. Most FTP servers support the PASV command, and a number of firewalls no w require that their clients use it. This implies that you must allow the incoming TCP connections for the second channel to the FTP server. I have no idea if the NT FTP server chooses the PASV port in a predictable way, but the router rules would have to allow whatever incoming ports were needed.

Bill Cheswick
Bell Laboratories
ches@bell-labs.com

Thanks for pointing that out. It does complicate matters, since the inbound port seems to be chosen at random. I should have subtracted FTP from the example. -- Jon Udell, executive editor

In "NT Security" you ask for a way to suppress the connection banner when logging onto a Windows NT FTP server. I took the challenge. I found the message in the file FTPSVC.DLL. I copied the file to a DOS system, examined it with Norton Utilities, found the messages, replaced the characters with spaces, saved the file, and copied it back to the NT System root area (you have to stop the FTP server-service to do this). Y ou can replace the original message -- Windows NT FTP Server (%s) -- with anything within that number of characters (27).

Halvard Gomo
Ulset, Norway
gomo@online.no

Thanks! It'd be nice for Microsoft to make that a registry setting, wouldn't it? -- Jon Udell, executive editor