Where Did SCOPY Go?
XCOPY is the new SCOPY. Plus, disabling the trust password for a domain's workstations.
Q: Where can I find SCOPY in Windows 2003?
A: SCOPY used to be available in Windows NT 4.0 Resource Kit but
is no longer available in Windows 2000/XP/2003. Among other things, SCOPY
allowed you to copy the Access Control List (ACL) and audit settings.
Microsoft has included some of the same functionality that existed in
SCOPY in the XCOPY command. Here are some of the switches that you can
use with XCOPY in Windows 2000/XP/2003:
- XCOPY /F -- Displays full source and destination
file names while copying.
- XCOPY /G -- Allows the copying of encrypted
files to destination that does not support encryption.
- XCOPY /H -- Copies hidden and system files
- XCOPY /O -- Copies file ownership and ACL
- XCOPY /X -- Copies the file audit settings
Type XCOPY /? at the command prompt for a complete
list of options.
Q: How can I disable the computer trust password for our workstations
in the domain?
A: When a trust relationship is created between domains, a password
is used to create the trust. This password is periodically changed on
both sides for security reasons.
Similarly, when workstations join a domain, they establish a secure channel
with the domain controller. Both sides use a password to create this channel
and then automatically change this password every seven days on NT workstations
and every 30 days on Windows 2000 and Windows XP workstations.
Tech HelpJust An
Got a Windows, Exchange or virtualization question
or need troubleshooting help? Or maybe you want a better
explanation than provided in the manuals? Describe
your dilemma in an e-mail to the MCPmag.com editors
at [email protected];
the best questions get answered in this column and garner
the questioner with a nifty Redmond T-shirt.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message, but submit the requested
information for verification purposes.)
The passwords can sometimes get out of synch under certain situations,
such as when workstations get turned off for an extended period of time.
If you want to disable password change, you'll need to modify the registry.
Here's the procedure:
- Start the registry editor, regedit.exe.
- Go to HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters.
- In the right-hand pane, double-click DisablePasswordChange and set
the Value data to decimal 1.
If you would like to change the maximum password age (default is 30 days
on Win2K and WinXP), you can modify the parameter MaximumPasswordAge in
the same registry location as described above in Step 2. This value exists
by default on Win2K and WinXP clients. On NT4 clients, it only exists
if you are using SP4 or later.
If the value doesn't exist, you can add a new DWORD value called MaximumPasswordAge
and then set it to 1. The valid range for this value is between 1 and
Zubair Alexander, MCSE, MCT, MCSA and Microsoft MVP is the founder of SeattlePro Enterprises, an IT training and consulting business. His experience covers a wide range of spectrum: trainer, consultant, systems administrator, security architect, network engineer, author, technical editor, college instructor and public speaker. Zubair holds more than 25 technical certifications and Bachelor of Science degrees in Aeronautics & Astronautics Engineering, Mathematics and Computer Information Systems. His Web site, www.techgalaxy.net, is dedicated to technical resources for IT professionals. Zubair may be reached at [email protected].