If you have a domain with a Windows NT PDC and Windows 2000 member servers, there is a nasty bug if you have logon time restrictions enabled. Windows 2000 member servers will not allow logon after hours using GMT time zone whereas the PDC and other NT servers in the domain will use your local time zone. A big problem unless you happen to be located in the Greenwich time zone. Lets say you have a domain where logon hours are restricted to between 8am and 5pm. The Windows NT servers correctly follow this policy. In my case being in central standard time in the US, my offset from GMT is -6 hours. The W2K member servers also follow the policy but because of the bug which uses GMT time zone for this restrict, these servers allow logons between 2am and 11am (cst). Not good. There was no patch when this was written (or at least I haven't seen it) as of May 18, 2000.

A related issues: in Windows 2000, the date and time stamps of files that reside on or originate from CD-ROMs are read using the GMT offset rather than using local time zones. If you are recording security files on CD and compare them against the originals or copies on other types of media, you will get a similar puzzling time difference. Same issue as above.

After the Resource Kits, the Admin Companions are next most useful books from Microsoft.