Windows Server 2003 Tuned Secuity & Speed Tcp/IP (all) Parameters List fully doc

Windows Server 2003 Tuned Secuity & Speed Tcp/IP (all) Parameters List fully doc
Posted by Alec§taar

following table
;
;SMALL SYSTEM (Less than 19 MB RAM) - Server = 500, Pro/Workstation = 250
;MEDIUM SYSTEM (19–63 MB RAM) - Server = 1000 , Pro/Workstation = 500
;LARGE SYSTEM (64 MB or more RAM) - Server = 2,000 , Pro/Workstation = 1,000
;
;Acceptable Ranges - 0x0–0xFFFFFFFF (connects)
;
;DEFAULT = see table above (Varies w/ the system & amount of physical memory on the computer. See description.)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpTimedWaitDelay"=dword:0000001e
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;When a TCP connection is closed, the socket-pair is placed into a state known as TIME-WAIT. This is done so
;that a new connection doesnt use the same protocol, source IP address, destination IP address, source port,
;& destination port until enough time has passed to ensure that any segments that may have been misrouted or
;delayed are not delivered unexpectedly. RFC 793 specifies the length of time that the socket-pair should not
;be reused as 2;maximum segment lifetimes (2 MSL), or four minutes. This is the default setting for Windows
;Server 2003 TCP/IP. However, w/ this default setting, some ne2rk applications that perform many outbound
;connects in a short time may use up all available ports before the ports can be recycled. Windows Server
;2003 TCP/IP offers 2 methods of controlling this behavior. First, the TcpTimedWaitDelay registry parameter
;can be used to alter this value. Windows Server 2003 TCP/IP allows it to be set as low as 30 seconds, which
;should not cause problems in most environments. Second, the # of user-accessible ephemeral ports that can be
;used to source outbound connects is configurable using the MaxUserPorts registry parameter. By default,
;when an application requests any socket from the system to use for an outbound call, a port between the
;values of 1024 & 5000 is supplied. The ;MaxUserPorts parameter can be used to set the value of the uppermost
;port that the administrator chooses to allow for outbound connects. For instance, setting this value to
;10,000 (decimal) would make approximately 9000 user ports available for outbound connects. For more details
;on this concept, see RFC 793. See also the MaxFreeTcbs (below next) & MaxHashTableSize (next one after)
;registry parameters in Appendix A.
;
;DEFAULT = 30 second default based on MaxUserPorts ephemeral ports
; (short lived ports (dynamics that change ALOT per netstat -ano I have seen)
; usually WAY high up in the IP range 5000-65535 etc. in my experience)
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxFreeTWTcbs"=dword:000007d0
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines the # of partitions in the Transport Control Block (TCB) table.
;Partitioning the TCB table minimizes contention for table access. Especially useful on SMP/HT systems.
;This controls the # of Transport Control Blocks (TCBs) in the TIME-WAIT state that are allowed on the
;TIME-WAIT state list. Once this # is exceeded, the oldest TCB will be scavenged from the list. In order to
;maintain connects in the TIME-WAIT state for at least 60 seconds, this value should be >= (60 * (the rate
;of graceful connection closures per second)) for the computer. The default value is adequate for most cases
;
;Acceptable ranges - 0x1–0xFFFF
;
;DEFAULT = 0x4 (1000 decimal)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;Do not change the value of this entry before studying the effect of different values in a test environment.
;When testing, do not enter a value greater than 2 times the # of processors on the computer.
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxHashTableSize"=dword:00000800
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines the size of the hash table in which TCP control blocks (TCBs) are stored.
;TCP stores control blocks in a hash table so it can find them very quickly. If you adjust the # of
;TCBs the system creates (as specified by the value of the MaxFreeTcbs entry), you should also adjust
;the value of this entry proportionately.
;This value should be set to a power of 2 (for example, 512, 1024, 2048, & so on.) If this value is not a
;power of 2, the system configures the hash table to the next power of 2 value (for example, a setting of
;513 is rounded up to 1024.) This value controls how fast the system can find a TCB & should be increased
;if MaxFreeTcbs is increased from the default.
;
;The value of this entry must be a power of 2. If you change the value, the system rounds the
;value you enter to the next higher power of 2.
;
;Acceptable Ranges - 64–65,536 (table entries) 0x40–0x10000 (64-65536 decimal)
;
;DEFAULT = 512
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxNormLookupMemory"=dword:00030d40
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines the maximum amount of system memory that TCP can allocate for the routing table & its data
;This controls the maximum amount of memory that the system allows for the route table data & the routes
;themselves. It is designed to prevent memory exhaustion on the computer caused by adding large #s of routes.
;
;Acceptable Ranges - 0x0 | 0x1–0xFFFFFFFE (bytes) | 0xFFFFFFFF
;Values Table:
;
;0x0 = There is no TCP routing table.
;0x1–0xFFFFFFFE = Specifies the maximum amount of system memory that can be allocated to the TCP routing table.
;0xFFFFFFFF = There is no limit on the amount of system memory that TCP can allocate to the TCP routing table.
;
;The default value for this entry is determined both by the amount of physical memory on the computer
;when TCP/IP starts & by the version of Windows running on the computer, as shown in the following table:
;
;The following default values are used:
;
;Small is defined as a computer w/ less than 19 MB of RAM,
;Medium is 19–63 MB of RAM,
;& Large is 64 MB or more of RAM.
;
;< 19 MB -> Server = 0x25800 (150 KB = 1,000 routes), Pro/Workstation = 0x25800 (150 KB = 1,000 routes)
;19–63 MB -> Server ONLY = 0x180000 (1.5 MB = 10,000 routes)
;64mb > -> Server ONLY = 0x500000 (5 MB = 40,000 routes)
;
;For Windows Server 2003:
;
;Small system—150,000 bytes, which accommodates 1000 routes
;Medium system—1,500,000 bytes, which accommodates 10,000 routes
;Large system—5,000,000 bytes, which accommodates 40,000 routes
;
; (150,000 bytes, which accommodates 1000 routes)
;
;DEFAULT = (Varies w/ the system & amount of physical memory on the computer. See description.)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;************************************************************************************************************
;BEGIN AFD registry subsection [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters] related
;************************************************************************************************************
;============================================================================================================
"IgnorePushBitOnReceives"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Setting This to a 1 causes Afd.sys to treat all incoming packets as though the push bit was set.
;This should only be done when necessary to work around client TCP/IP implementations that are not properly
;pushing data.
;
;If a client program is run on a computer w/ a TCP/IP implementation that doesnt set the PUSH bit on sends,
;response delays may result. It's best to correct this on the client side; however, a configuration parameter
; (IgnorePushBitOnReceives) added to Afd.sys to force it to treat all arriving packets as though the PUSH bit
;were set.
;
;Normally, Windows Server 2003 completes a Windows Sockets Receive when one of the following occurs:
;
;Data arrives w/ the push bit set.
;
;The user recv buffer is full.
;
;0.5 seconds have elapsed since any data arrived.
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DefaultReceiveWindow"=dword:0000e666
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;The # of receive bytes that AFD buffers on a connection before imposing flow control.
;For some applications, a larger value here gives slightly better performance at the expense of
;increased resource utilization. Applications can modify this value on a per-socket basis w/
;the SO_RCVBUF socket option.
;
;DEFAULT = 4096/8192/8192
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DefaultSendWindow"=dword:0000e666
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This is similar to DefaultReceiveWindow, but for the send side of connects. (See setting above this one)
;
;DEFAULT = 4096/8192/8192
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"SmallBufferSize"=dword:00000800
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;The size in bytes of small buffers used by AFD.
;
;DEFAULT = 128
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MediumBufferSize"=dword:00001000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;The size, in bytes, of medium buffers used by AFD.
;
;DEFAULT = 1504
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"LargeBufferSize"=dword:00002000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;The size, in bytes, of large buffers used by AFD. Smaller values use less memory & larger values can improve
;performance. LargeBufferSize are in Megabytes (MB) & need to be adjusted according to the configuration of
;your server. The buffers are allocated from physical memory, so set the sizes accordingly.
;
;DEFAULT = PAGE_SIZE (4096 bytes on i386, 8192 bytes on Alpha)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;************************************************************************************************************
;END AFD registry subsection [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters] related
;************************************************************************************************************
;============================================================================================================
"CacheTimeout"=dword:0000ea60
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the time interval that names are cached in the remote name table.
;The nbtstat –c command can be used to view the remaining time for each name in the cache.
;
;Acceptable Ranges - 0xEA60–0xFFFFFFFF
;
;DEFAULT = 0x927c0 (600000 milliseconds = 10 minutes)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"AllowUserRawAccess"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;For information about raw sockets, see the Windows Sockets Specification link on the Web Resources page:
;http://www.sockets.com/winsock.htm
;http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/winsock/tcp_ip_raw_sockets_2.asp
;
;Determines whether users who are not administrators can use raw sockets. By default, only users in
;the Administrators group can use them.
;This controls access to raw sockets. If true, non - administrative users have access to raw sockets.
;By default, only administrators have access to raw sockets. For more information on raw sockets, see the
;Windows Sockets Specifications available from ftp://ftp.microsoft.com/bussys/winsock/winsock2/.
;
;When an application sends a datagram it may or may not include the IP header at the front of the
;outgoing datagrams depending on the IP_HDRINCL option set for the socket.
;An application always gets the IP header at the front of each received datagram regardless of the
;P_HDRINCL option
;
;If a foreign address is defined for the socket, it should correspond to the source address as
;specified in the IP header of the received datagram.
;
;IMPORTANT: OPENS THE DOOR FOR SPOOFING UDP HEADERS OR NOT SENDING ANY INFORMATION AT ALL IN PACKETS FOR
;SOURCE vs. DESTINATION:
;
;"The Microsoft implementation of TCP/IP on Windows is capable of opening a raw UDP socket:
;
;An application may specify the foreign IP address by calling connect functions. If no foreign IP address
;is specified for the socket, the datagrams are copied into the socket regardless of the source IP address
;in the IP header of the received datagram. (In other words you DON'T KNOW where they came from!)
;
;It is important to understand that SOCK_RAW sockets may get many unexpected datagrams. For
;example, a PING program may use SOCK_RAW sockets to send ICMP echo requests. While the
;application is expecting ICMP echo responses, all other ICMP messages (such as ICMP
;HOST_UNREACHABLE) may be delivered to this application also. Moreover, if several SOCK_RAW
;sockets are open on a machine at the same time, the same datagrams may be delivered to all the
;open sockets. An application must have a mechanism to recognize its datagram & to ignore all
;others. Such mechanism may include inspecting the received IP header–using unique identifiers in the
;ICMP header (ProcessID, for example), & so forth."
;
; * i.e.-> Now, was Mr. Steve Gibson Wrong worrying about this? I think not & agree w/ him... apk
;
;DEFAULT = 0 (off/false) Only administrators can use raw sockets & 1 (on/true) All users can use raw sockets.
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;I would only leave this to admin. users... apk
;============================================================================================================
"ArpCacheLife"=dword:000002bc
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines how long an unreferenced entry can remain in the Address Resolution Protocol (ARP) cache
;table. Entries cannot remain in the table longer than specified by the value of this entry. However,
;entries can be removed sooner if the table space they occupy is needed to store a new entry.
;By default, this entry applies to unreferenced entries, & the ArpCacheMinReferencedLife entry
;applies to referenced entries, which defaults to a duration of 10 minutes. However, referenced entries
;must remain in the table at least as long as unreferenced entries. Therefore, if the value of this entry
;is greater than or equal to the value of the ArpCacheMinReferencedLife entry, the
;ArpCacheMinReferencedLife entry is ignored, & the ArpCacheLife entry applies to both referenced
;& unreferenced entries.
;
;ArpCacheMinReferencedLife (see next entry) controls the minimum time until a referenced ARP cache entry
;expires. This can be used in combination w/ the ArpCacheLife parameter, as follows:
;
;In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a 2-minute time-out
;on unused entries & a ten-minute time-out on used entries
;
;If ArpCacheLife is greater than or equal to ArpCacheMinReferencedLife, referenced & unreferenced ARP cache
;entries expire in ArpCacheLife seconds.
;If ArpCacheLife is less than ArpCacheMinReferencedLife, unreferenced entries expire in ArpCacheLife seconds,
;& referenced entries expire in ArpCacheMinReferencedLife seconds.
;
;Entries in the ARP cache are referenced each time that an outbound packet is sent to the IP
;address in the entry.
;
;Acceptable Ranges -> 0–0xFFFFFFFF / 0x0–0xFFFFFFFF (seconds)
;
;DEFAULT = 10 minutes (600 seconds) on USED entries & 0x78 (120 seconds = 2 minutes) on unused entries for
;its aging algorithm...
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a 2-minute time-out on
;unused entries & a ten-minute time-out on used entries
;
;This doesnt affect ARP cache table entries that are added manually. TCP/IP doesnt remove manual entries
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"ArpCacheMinReferencedLife"=dword:000002bc
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;ArpCacheMinReferencedLife controls the minimum time until a referenced ARP cache entry expires. This
;can be used in combination w/ the ArpCacheLife parameter, as follows:
;
;In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a 2-minute time-out on
;unused entries & a ten-minute time-out on used entries
;
;If ArpCacheLife is greater than or equal to ArpCacheMinReferencedLife, referenced & unreferenced ARP cache
;entries expire in ArpCacheLife seconds.
;If ArpCacheLife is less than ArpCacheMinReferencedLife, unreferenced entries expire in ArpCacheLife seconds,
;& referenced entries expire in ArpCacheMinReferencedLife seconds.
;
;Entries in the ARP cache are referenced each time that an outbound packet is sent to the
;IP address in the entry.
;
;DEFAULT = 600 seconds (10 minutes)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a 2-minute time-out on
;unused entries & a ten-minute time-out on used entries
;
;Entries in the ARP cache are referenced each time that an outbound packet is sent to the IP address
;in the entry.
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DefaultRegistrationTTL"=dword:00000014
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This can be used to control the TTL value sent w/ dynamic DNS registrations.
;
;Acceptable Ranges - 0–0xFFFFFFFF
;
;DEFAULT = 0x4B0 (1200 decimal, or 20 minutes)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DefaultTTL"=dword:00000030
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Specifies the default time-to-live (TTL) value set in the header of outgoing IP packets. The TTL determines
;the maximum amount of time that an IP packet may live in the ne2rk w/out reaching its destination.
;It is effectively a limit on the # of links on which an IP packet is allowed to travel before being discarded.
;
;Acceptable Ranges -> 0–0xff (0–255 decimal)
;
;DEFAULT = 128
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableAddressSharing"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This is used to prevent address sharing (SO_REUSEADDR) between processes so that if a process
;opens a socket, no other process can steal data from it. A similar effect can be achieved if an application
;uses the new socket option SO_EXCLUSIVEADDRUSE. This setting allows administrators to secure older
;applications that are not aware of this option.
;
;DEFAULT = 0 (off/false)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableReplaceAddressesInConflicts"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This is used to turn off the address registration conflict rule that the last writer wins.
;By default, a computer doesnt replace any current records on the DNS server that do not appear to
;have been owned by it at one time.
;
;DEFAULT = 0 (off/false)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableReverseAddressRegistrations"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This can be used to turn off DNS dynamic update reverse address (PTR) record registration.
;If the DHCP server that configures this computer is running Windows Server 2003, then it is capable of
;registering the PTR record w/ the DNS dynamic update protocol. However, if the DHCP server is not capable
;of performing DNS dynamic update PTR registrations & you do not want to register PTR records w/ the DNS
;dynamic update protocol, set This to 1.
;
;Disables the Domain Name System (DNS) dynamic update registration of PTR (pointer) records by this DNS
;client. PTR (pointer) records associate an IP address w/ a computer name.
;
;This entry is designed for enterprises in which the primary DNS server that is authoritative for the
;reverse lookup zone cannot or is configured not to perform dynamic updates. It reduces unnecessary
;ne2rk traffic & eliminates event log errors that record failed attempts to register PTR records.
;
;Acceptable parameters -> 0 = Register PTR records, 1 = Do not register PTR records.
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisjointNameSpace"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This instructs the DNR to treat each interface as a disjoint name space. On a multihomed computer,
;a query to the DNS server(s) that is/are configured for one interface may result in a name error. This
;parameter is used to instruct the resolver to try the query against the possible DNS servers that are
;configured for other interfaces before returning results.
;
;DEFAULT = 1 (Off/False boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"EnablePMTUBHDetect"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Setting This to 1 (true) causes TCP to try to detect PMTU black hole routers while doing Path MTU
;Discovery. A PMTU black hole router doesnt return ICMP Destination Unreachable messages when it needs to
;fragment an IP datagram w/ the Don’t Fragment bit set. TCP depends on receiving these messages to perform
;Path MTU Discovery. w/ this feature enabled, TCP tries to send segments w/out the Don’t Fragment bit set
;if several retransmissions of a segment go unacknowledged91. If the segment is acknowledged as a result, the
;MSS is decreased & the Don’t Fragment bit is set in future packets on the connection. Enabling PMTU black
;hole detection increases the maximum # of retransmissions that are performed for a given segment.
;
;Enabling black hole detection increases the maximum # of times TCP retransmits a given segment.
;
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;DEFAULT = 0 (off/false boolean switch)
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"IPReassemblyTimeOut"=dword:0000005a
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Determines how long IP accepts fragments when attempting to reassemble a previously fragmented packet.
;That is, if a packet is fragmented, all of the fragments must make it to the destination w/in this time
;limit; otherwise, the fragments will be discarded & the packet will be lost.
;
;DEFAULT = 60 seconds
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"NoNameReleaseOnDemand"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines whether the computer releases its NetBIOS name when it receives a name-release
;request from the ne2rk. It was added to allow the administrator to protect the machine against malicious
;name-release attacks.
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned Recommended 1 for security purposes... apk
;
;============================================================================================================
"QueryIpMatching"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This controls whether or not the IP address of the DNS server queried is matched to the IP address
;of the server that sent the DNS response. This can be used as a primitive security feature to ensure that
;the resolver is not being fooled by a random query response from some computer other than the intended
;DNS server.
;
;By default, the resolver accepts responses from the servers that it did not query. This feature speeds
;performance but can be a security risk, especially effective in DnsCache parms area of registry as well
;... apk per 2nd URL above.
;
;THIS ALSO CAN BE ADDED TO -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters
;
;DEFAULT = 0 (off/false boolean switch) Depending on if you want "positive dns caching" or
;"negative dns caching"
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;ipconfig.exe /flushdns typed in @ DOS prompt console window tty terminal clears the DNS cache
;
;TWEAK PARAMETERS: tuned 0 is faster ne2rk performance, 1 is more secure... apk
;
;============================================================================================================
"SackOpts"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This controls whether or not Selective Acknowledgment (SACK) support, as specified in RFC 2018,
;is enabled. SACK described in more detail in “Transmission Control Protocol (TCP)” section of this paper.
;
;Enables & disables the Selective Acknowledgment (SACK) feature of Win2k TCP/IP. SACK is specified in
;RFC 2018, TCP Selective Acknowledgement Options.
;
;SACK is an optimizing feature that lets you acknowledge receipt of individual blocks of data in a continuous
;sequence, rather than just the last sequence #. The recipient can tell the sender that one or more data
;blocks are missing from the middle of a sequence, & the sender can retransmit only the missing data.
;
;DEFAULT = 1 (on-off boolean switches)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"UpdateSecurityLevel"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This can be used to control the security that is used for DNS dynamic updates. It defaults to 0,
;to try nonsecure update, & if refused, to send Windows Server 2003 secure dynamic updates. Valid values
;are listed below:
;
;0x00000000—default, nonsecure updates
;
;0x00000010—security OFF (16 decimal)
;
;0x00000100—secure ONLY ON (256 decimal)
;
;Acceptable Ranges -> 0,0x00000010, 0x00000020, 0x00000100
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpUseRFC1122UrgentPointer"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines whether TCP uses the RFC 1122 or RFC 793 specification for urgent data
; (used by BSD-derived systems). There are 2 ways to interpret the value of the Urgent Pointer field in the
;TCP header: RFC 793 defines the value as indicating first byte of normal data, RFC 1122 defines the value
;as indicating the last byte of urgent data. These 2 interpretations are not interoperable. Windows Server
;2003 TCP/IP defaults to the RFC 793 interpretation (BSD mode).
;
;DEFAULT = 1/0 (on-off boolean switches)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"Transmitworker"=dword:00000020
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Datagrams smaller than the value of This go through the fast I/O path or are buffered on send.
;Larger ones are held until the datagram is actually sent. The default value was found by testing to be
;the best overall value for performance. Fast I/O means copying data & bypassing the I/O subsystem,
;instead of mapping memory & going through the I/O subsystem. This is advantageous for small amounts
;of data. Changing this value is not generally recommended.
;
;DEFAULT = 1024
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"FastSendDatagramThreshold"=dword:00001000
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Datagrams smaller than the value of This go through the fast I/O path or are buffered on send.
;Larger ones are held until the datagram is actually sent. The default value was found by testing to be the
;best overall value for performance. Fast I/O means copying data & bypassing the I/O subsystem, instead of
;mapping memory & going through the I/O subsystem. This is advantageous for small amounts of data.
;Changing this value is not generally recommended.
;
;DEFAULT = 1024
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned DON'T! apk
;
;============================================================================================================
"MaxFastTransmit"=dword:0000fa00
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This controls the maximum amount of data that is transferred in a TransmitFile request on the fast
;path. Fast I/O is essentially copying data & bypassing the I/O subsystem, instead of mapping memory &
;going through the I/O subsystem. This is advantageous for small amounts of data. Changing this value is
;not generally recommended.
;
;Acceptable Ranges -> 0–0xffffffff
;
;DEFAULT = 64kb
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"IGMPLevel"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines to what extent the system supports IP multicasting & participates in the Internet
;Group Management Protocol. At level 0, the system provides no multicast support. At level 1, the system can
;send IP multicast packets but cannot receive them. At level 2, the system can send IP multicast packets &
;fully participate in IGMP to receive multicast packets.
;
;Acceptable Ranges -> 0,1,2
;
;DEFAULT = 2
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"BCastNameQueryCount"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the # of times NetBT broadcasts a query for a specific name w/out receiving a response.
;
;Acceptable Ranges -> 1–0xFFFF
;
;DEFAULT = 3
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"BcastQueryTimeout"=dword:00000064
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the time interval between successive broadcast name queries for the same name.
;
;Acceptable Ranges -> 100–0xFFFFFFFF
;
;DEFAULT = 0x2ee (750 decimal)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"KeepAliveInterval"=dword:0000015e
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines the interval between TCP keep-alive retransmissions until a response is received.
;Once a response is received, the delay until the next keep-alive transmission is again controlled by the
;value of KeepAliveTime. The connection is aborted after the # of retransmissions specified by
;TcpMaxDataRetransmissions have gone unanswered.
;
;Acceptable Parameter Ranges -> 1–0xFFFFFFFF
;
;DEFAULT = 1000 (one second)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"NameSrvQueryTimeout"=dword:00000064
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the time interval between successive name queries to WINS for a specified name
;
;Acceptable Parameter Ranges -> 100–0xFFFFFFFF
;
;DEFAULT = 1500 (1.5 seconds)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"SessionKeepAlive"=dword:00001c20
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the time interval between keep-alive transmissions on a session. Setting the value
;to 0xFFFFFFF disables keep-alives.
;
;Acceptable Parameter Ranges -> 60,000–0xFFFFFFFF
;
;DEFAULT = 3,600,000 (1 hour)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"DisableUserTOSSetting"=dword:00000001
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This can be used to allow programs to manipulate the Type Of Service (TOS) bits in the header of
;outgoing IP packets. In Windows Server 2003, this defaults to True. In general, individual applications
;should not be allowed to manipulate TOS bits.
;
;DEFAULT = 1 (on/true boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"Size/Small/Medium/Large"=dword:00000003
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This value determines the size of the name tables that are used to store local & remote names.
;In general, a setting of 1 (small) is adequate. If the system is acting as a proxy name server,
;the value is automatically set to 3 (large) to increase the size of the name cache hash table.
;
;Hash table buckets are sized as follows:
;Acceptable Paramter Ranges -> 1, 2, 3 (small 16, medium 128, large 256)
;
;DEFAULT = 1 (small)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"MaxNumForwardPackets"=dword:0000024a
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This limits the total # of IP packet headers that can be allocated for the router packet
;queue. This value must be greater than or equal to the value of the NumForwardPackets parameter. See the
;description of NumForwardPackets for more details
;
;Acceptable Parameter Ranges -> 1–0xFFFFFFFF
;
;DEFAULT = 0xFFFFFFFF
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"NumForwardPackets"=dword:0000024a
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;This determines the # of IP packet headers that are allocated for the router packet queue.
;When all headers are in use, the system attempts to allocate more, up to the value configured for
;MaxNumForwardPackets (above). This value should be at least as large as the ForwardBufferMemory value
;divided by the maximum IP data size of the ne2rks that are connected to the router. It should be no
;larger than the ForwardBufferMemory value divided by 256 because at least 256 bytes of forward buffer
;memory is used for each packet. The optimal # of forward packets for a given ForwardBufferMemory
;size depends on the type of traffic that is carried on the ne2rk & is somewhere between these 2
;values. This is ignored & no headers are allocated if routing is not enabled.
;
;Determines how many IP packet headers TCP allocates to the router packet queue when the system starts.
;The value of this entry is used only when routing is enabled & headers are allocated.
;
;When all of the IP packet headers allocated at startup are in use, the router begins to randomly
;discard packets from the queue.
;
;DEFAULT = 1/0 (on-off boolean switches)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
;************************************************************************************************************
;START FOUND @ SECTION OF MICROSOFT REGARDING TCP TRANSPORTS (odd entries not found anyplace else)... apk
;************************************************************************************************************
;============================================================================================================
"TcpRecvSegmentSize"=dword:000005c0
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum receive segment size.
;
;DEFAULT = 1460
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"ArpCacheSize"=dword:00000080
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Determines the maximum # of entries that the ARP cache table can hold. The ARP cache is allowed to
;grow dynamically until this size is reached. After the table reaches this size
;new entries can only be added by replacing the oldest entries that exist.
;
;DEFAULT = 62
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TCPDisableReceiveChecksum"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies whether Checksums is disabled on receive.
;
;DEFAULT = 1 (on/true boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned set to 0 so no checksum is generated on received packets for speed
;
;============================================================================================================
"TCPDisableSendChecksum"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/A
;
;Specifies whether Checksums is disabled on send.
;
;DEFAULT = 1 (on/true boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned set to 0 so no checksum is generated on sent packets for speed
;
;============================================================================================================
"TcpKeepCnt"=dword:00000064
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies how often TCP/IP will generate keep-alive traffic. When TCP/IP determines that no activity has
;occurred on the connection w/in the specified time, it generates keep-alive traffic to probe the
;connection. After trying TcpKeepTries # of times to deliver the keep-alive traffic w/out success,
;it marks the connection as down.
;
;DEFAULT = 120
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpKeepTries"=dword:0000000a
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum # of times that TCP/IP will attempt to deliver keep-alive traffic before marking
;a connection as down.
;
;DEFAULT = 20
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpLogLevel"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies how verbose TCP/IP should be about logging events in the event log. The highest level of
;verbosity is 16, & 1 is the lowest level. The following shows general information about these levels.
;
;DEFAULT = 16 (log everything)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpMaxConnectAttempts"=dword:00000002
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum # of times TCP/IP attempts to establish a connection before reporting failure.
;The initial delay between connection attempts is 3 seconds. This delay is doubled after each attempt.
;
;DEFAULT = 3
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpSendDownMax"=dword:00008000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum # of bytes queued by TCP/IP.
;
;DEFAULT = 16384
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"TcpSendSegmentSize"=dword:000005c0
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies the maximum send segment size.
;
;DEFAULT = 1460
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"UDPDisableSendChecksum"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies whether Checksums is disabled on send of udp datagrams.
;
;DEFAULT = 0 (off/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
"UDPDisableReceiveChecksum"=dword:00000000
;------------------------------------------------------------------------------------------------------------
;
;http://support.microsoft.com/kb/q102973/
;
;Specifies whether Checksums is disabled on Receive of udp datagrams.
;
;DEFAULT = 0 (on/false boolean switch)
;Win2k doesnt add this entry to the registry. You can add it by editing the registry
;Is used, but not present @ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
;************************************************************************************************************
;EXTRA-SETTINGS LIKE MSS, MTU, MAXMTU, & RWIN... apk
;From ->
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
; (for tuning, refer to APK Speedguide in URL @ top of this page &/or www.speedguide.net ... apk
;************************************************************************************************************
;============================================================================================================
;MTU
;
;Key: Tcpip\Parameters\Interfaces\interfaceGUID
;
;Value Type: REG_DWORD—#
;
;ValidRange: 88–the MTU of the underlying ne2rk
;
;Default: 0xFFFFFFFF
;Description: This overrides the default Maximum Transmission Unit (MTU) for a ne2rk interface.
;The MTU is the maximum IP packet size, in bytes, that can be transmitted over the underlying ne2rk.
;For values larger than the default for the underlying ne2rk, the ne2rk default MTU is used.
;For values smaller than 88, the MTU of 88 is used.
;Note: Windows Server 2003 TCP/IP uses PMTU detection by default & queries the NIC driver to find out
;what local MTU is supported. Altering the MTU parameter is generally not necessary & may result in
;reduced performance. See the "Path Maximum Transmission Unit (PMTU) Discovery" section of this paper
;for more details.
;============================================================================================================
;************************************************************************************************************
;************************************************************************************************************
;START DEPRECATED/OBSOLETE ENTRIES SECTION PER MICROSOFT WINDOWS 9x TCP/IP PARAMETERS ENTRIES...apk
;************************************************************************************************************
;============================================================================================================
;"ForwardBroadcasts"=dword:00000000 (Deprecated - 2000 onwards dont use this: commented off semi colon @ start)
;------------------------------------------------------------------------------------------------------------
;
;http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/ne2rking/tcpip03.mspx#ECAA
;
;Do not delete this entry from the registry or change its value, can cause damage! apk
;2000 onwards doesnt use the above period to ForwardBroadCasts to other machines on ne2rks... apk
;
;DEFAULT = 0 (off/false) on Windows Server 2003
;
;TWEAK PARAMETERS: tuned
;
;============================================================================================================
;************************************************************************************************************
;END DEPRECATED/OBSOLETE ENTRIES SECTION PER MICROSOFT WINDOWS 9x TCP/IP PARAMETERS ENTRIES...apk
;****************************************************************************************************
[Edited by Alec§taar on 2005-01-14 15:47:53]

Printed from NT Compatible