WindowsAdminGuru BLOG

Two tips for using the command line in Vista. When browsing through your folders using Explorer, you may sometimes want to open a command line window that has your selected folder as its current directory. Vista makes this easy, just right-click on the folder while holding down the Shift key and you'll see a new option called Open Command Prompt Here. This can save you a lot of typing (changing directories) if you work a lot with the command line in Windows, and it’s a welcome addition in Vista. Here's another Vista command-line trick. Right-click on a file or folder in Explorer while holding down the Shift key and select Copy As Path. Then switch to your command prompt window and select Edit then Paste from the menu, and the path of the file or folder you selected will be displayed with quotes around it. **

Until software vendors get totally Vista compatible, having to manually register DLL files is going to be a pretty common task. Here is how to troubleshooting one of the most common errors received while doing this. A common sight when trying to get older software to work with Windows Vista is having to manually register DLL/OCX files using Regsvr32. There has been countless times where I have been working along in a piece of software and then all of a sudden it gives me an error about a DLL that it can’t access. The typical response to this is to run regsvr32 dllname.dll to register the DLL. Occasionally, I run into Error 0x80004005 when registering these files. This error sounds highly complicated, but what it all boils down to is a rights issue. This error basically means that you don’t have the permissions to register the file you are trying to register. This usually brings about the questions, “Wait! I’m logged in as an administrator?!” Under previous versions of Windows, being lo

Most administrators are under the assumption that you need a great deal of free disk space to take advantage of WSUS. This isn’t always the case. Windows Server Update Services (WSUS) provides several advantages for any Windows network. One of the common misconceptions is that you need a significant amount of free disk space to use WSUS at all, but that’s not the case. When installing WSUS, simply uncheck the Store Updates Locally checkbox. This will allow you to use WSUS to approve and manage the updates that are deployed to your workstations without storing them on the server itself. When a client needs to install updates, it will simply download them directly from Microsoft Update based upon what you have approved! **

() This quick tip will show you how to promote a Windows Server 2008 Server Core device to domain controller status. The typical method used to promote a Windows Server 2003/2008 computer to a domain controller is through either the server management console or the dcpromo utility. These tools however are both graphically based, so how do you accomplish this same task in the entirely command-line oriented Windows Server 2008 Server Core? Luckily, the dcpromo utility can be run from Server Core, but there is a little bit of preparation required beforehand. Dcpromo requires an unattended installation file to be run on Server Core. You can create one of these manually, or generate one from a standard Windows Server 2008 installation. After generating one of these unattended installation files you can run the following command to kick off the promotion: Dcpromo /unattend:C:\unattendfile.txt **

-- Office 2007 provides some great new ways to be managed via group policy. Here is what you have to do to utilize those. Microsoft has provided a great deal of additional capabilities when managing Office 2007 with group policy. However, you will not be able to manage these by default without first installing the proper ADM/ADMX templates. You can download these templates from Microsoft, here ( http://www.microsoft.com/downloads/details.aspx?FamilyId=92D8519A-E143-4AEE-8F7A-E4BBAEBA13E7&displaylang=en ) Once downloaded, install the ADM files by opening the group policy editor, right clicking the administrative templates node, selecting Add/Remove Templates, and browsing to the downloaded templates for your language. Alternatively, you can install the ADMX files (when utilizing Windows Server 2008) to your central store within the SYSVOL folder. **

&& Here is a quick tip to finding out where the FSMO roles for a domain are located. When dealing with Active Directory on a domain that is unfamiliar, you may be placed in a situation where you have to verify the location of the domains FSMO roles. One of the quickest ways to do this is through the netdom utility which is part of the Windows Server 2003 support tools package. You can view the location of all five FSMO roles by using this command: Netdom query fsmo **

Windows Server 2008 and Windows Vista utilize the ADMX format for a more efficient group policy implementation in regards to administrative templates. You can better manage administrative templates for group policy by using a central store. The ADMX file format is one of the major improvements to group policy in Windows Server 2008 and Windows Vista. This format replaces the traditional ADM format. One of the new features of this format is the use of a central store. Using a central store, you don’t have to worry with copying newly deployed administrative templates to every individual workstation. All you have to do is place these files in a single folder in the SYSVOL directory on the domain controllers in your network. More specifically, you must create a folder on a domain controller that follows the format \\FQDN\SYSVOL\FQDN\policies\PolicyDefinitions. You would of course, replace FQDN with the Fully Qualified Domain Name of your network. At this point you can place ADMX files in t

There are a number of command line options available to configure Window Server 2008 over the network. For example, Windows Powershell, ServerManager.exe, or a telnet server. However, the tried and true method that has worked so well with just about every type of infrastructure device in use today (including Windows Server 2008, Cisco Routers, Linux servers, and more) is SSH. In this article, learn how to install a SSH Server in Windows Server 2008. SSH is the secure shell, a standard defined in RFC 4251. It is a network protocol that opens up a secure channel between two devices using TCP port 22. This channel can also be used for SFTP and SCP (secure FTP and secure copy, respectively). To make this work, you need a secure server on the system you are connecting to and a secure client on the client you are connecting from. Keep in mind that SSH is completely interoperable between different platforms. For example, you could connect to a SSH server on a Cisco router from a Windows clien

Users were unable to connect to their shares. John discovered that the Cluster service wasn't started, and that any attempts to start it resulted in an error 1068 He attempted to ping the virtual server's IP address and it returned a "request timed out" message. He got the same error when trying to ping the cluster node's public adapter. When he got to the node he found the Cluster service in a Starting state. He soon discovered that he had no network connectivity to or from either Cluster node, and that their network cards were missing from "Network Connections" The only changes made to the network were just a few minor group policy settings to lock down permissions a bit. Maybe that had something to do with this? It looked like it was going to be a long night... This is another fairly common problem. This is not really just a Cluster problem, but that is usually how it is presented to me. Of course if networking is not functional, then Cluster i

For this tip you will need a somewhat newer version of ntfrsutl.exe You can grab a version out of the Service Pack 2 Support Tools download here. Beginning with the version of ntfrsutl.exe in KB 823230 we have the ability to force FRS replication to occur across site boundaries immediately instead of waiting for the schedule to open up. Here is the command's syntax: ntfrsutl forcerepl [computer] /r SetName /p PartnerDnsName = Force FRS to start a replication cycle ignoring the schedule The PartnerDNSName is the FQDN of the server that you want to source from. Here is an example using a DC Name of ContosoDC1 and a PartnerDNSName of ContosoDC2: ntfrsutl forcerepl contosodc1 /r "domain system volume (sysvol share)" /p ContosoDC2.Contoso.com Running the command initiates replication, and returns the following information: LocalComputerName = contosodc1 ReplicaSetGuid = (null) CxtionGuid = (null) ReplicaSetName = domain system volume (sysvol share) PartnerDns

It can be a little tedious to verify replication status in a large Active Directory environment via the Sites and Services snap-in. Here is a command I use quite frequently to check the replication status of all domain controllers: REPADMIN /SHOWREPL * /CSV >showrepl.csv View the file in Microsoft Excel and perform the following filtering options to get a good quick overview of replication health: 1. Hide columns A and B 2. Select the row just under Column headers and choose Window / Freeze Pane (In Excel 2007: View tab, Window, Freeze Panes, Freeze Top Row) 3. Highlight the entire spreadsheet and choose Data / Filter / Auto-Filter 4. Click on the down-arrow for the "Last Failure Status" column, and choose "does not equal" then type in "0" (In Excel 2007: Uncheck the box next to "0") You are left with a list of domain controllers having replication problems. From a cmd prompt, use: "net helpmsg ErrorCodeNumber" to identify the rep

The helpdesk phone had been ringing incessantly all day. Many people throughout the AD forest were unable to login to their respective domains. It seems that accounts throughout the forest had somehow been deleted. John, tired from having been up all night watching "White and Nerdy", was called in to help identify what was going on. Fortunately he had recently enabled auditing for account deletions due to a recent problem that he had. After some serious filtering he was able to find the following event in the Security event log: Event Type: Success Audit Event Source: Security Event Category: Account Management Event ID: 630 Date: 1/17/2007 Time: 12:30:44 AM User: Contoso\JuniorAdmin Computer: DisgruntledXP Description: User Account Deleted: Target Account Name: JustinTurner Target Domain: Contoso Target AccountID: Justin Turner []DEL:3f4567f2-f90b-493e-81a3-dcfc75596cd7 Caller User Name: JuniorAdmin Caller Domain: Contoso This was a little offsetting to say the least.

Yong Guan had scribbled 12 arrows across his office whiteboard, each black line going from one little box he had drawn to another little box. He had written five long formulas up there, too. And that was bad news for cyber criminals. Guan, the Litton Assistant Professor of Electrical and Computer Engineering at Iowa State University, and his students are developing technologies to fight cyber crime and make online activities such as shopping more secure for everyone. Guan and the Iowa State University Research Foundation have filed a patent on one technology that detects "click fraud" -- falsely driving up hits to ads posted on Web sites. Those false hits result in higher costs for pay-per-click advertising. Guan said the invention will help online advertising companies such as Google and Yahoo reduce click fraud. He said his research could also help millions of computer users who don't have the time or expertise to protect their machines with the latest security patches

** WAFS Benefits Fast file access across the WAN: Files are always accessed locally. When changes are made to a file and the file is saved, WAFS’ byte-level differencing causes only those changes to be replicated to all locations in real-time. File-locking: If Mary in Tokyo opens a Word document on the Tokyo server, and a split-second later John opens the same file on the NYC server, John will only be able to open the file as a "read only." Backup: WAFS keeps past versions of files on its primary server. You can retrieve past versions or deleted files, and schedule point-in-time snapshots. Real-time access to newly added files: When a user in Chicago adds a new 30 MB file into a folder, it will appear instantly in Windows Explorer at the San Diego location, even though the file has not been fully replicated. If the San Diego user opens the file, WAFS will stream the data so that certain files will open quickly. High availability: WAFS allows file system access even if the net

A Whole New Option In spite of the failures of both caching technologies like eCDNs and distributed filesystems to address the central issues in WAN file sharing, these technologies do provide important components for solving the WAN file-sharing problem. New WAFS products combine distributed filesystems with caching technology to allow real-time, read-write access to shared file storage from any location, while also providing interoperability with standard file sharing protocols such as NFS and CIFS. WAFS products enable transparent worldwide design collaboration on the same data set, without complicated replication schemes or slow network performance. WAFS products will cache files in a read-write mode at remote locations, thus speeding up data access for remote users tremendously. WAFS enables LAN semantics for file access to be extended to the entire enterprise. WAFS systems usually consist of edge file gateway (EFG) appliances, which are placed at remote offices, and one or more c

Distributed enterprises virtually cover the globe. Remote offices are everywhere and remote office workers now far outnumber those who work out of central office locations. With this distribution of resources, today's companies must manage development efforts across multiple remote locations which means that they must also somehow enable all remote office workers and team members, worldwide, to collaborate on the same shared files and data at the same time. Add to this the fact that file sizes and data storage requirements are increasing year after year, and the efficient sharing of files across distributed enterprises over the wide area network (WAN) has become a Herculean task. File sharing over the WAN - Storage Networking The problem is that although gigabytes of data can easily be shared over a local area network (LAN) using standard file server technology, they cannot so easily be shared across remote offices connected over the WAN. In truth, standard file server protocols pr

Well, it's technically easy enough to set up a scheme, a wide area file system or WAFS, whereby local and remote files can appear to be in the same 'space'. That's what the Unix Network File System does. But both it and any Windows implementation have to overcome a single, basic and real serious problem. Remote data takes far longer to arrive than local data. That's because there is network latency. It takes seconds, even minutes, for MB of data to arrive across a wide area network:- - The longer the distance the longer the delay. - The more data there is the longer the delay. - The more nack-ack messages there are in the network protocol the longer the delay. - The smaller the data transmission unit (packet) the longer the delay. According to Riverhead, WAN round trip latency is around 25 - 200ms whereas a LAN latency figure could be under 1ms, hundreds, even thousands of times less. Several suppliers are developing WAFS implementations that aim to overcome one or

Traditional networked file systems like NFS do not extend to wide-area due to network latency and dynamics introduced in the WAN environment. To address that problem, a wide-area networked file system is based on a traditional networked file system (NFS/CIFS) and extends to the WAN environment by introducing a file redirector infrastructure residing between the central file server and clients. The file redirector infrastructure is invisible to both the central server and clients so that the change to NFS is minimal. That minimizes the interruption to the existing file service when deploying WireFS on top of NFS. The system includes an architecture for an enterprise-wide read/write wide area network file system, protocols and data structures for metadata and data management in this system, algorithms for history based prefetching for access latency minimization in metadata operations, and a distributed randomized algorithm for the implementation of global LRU cache replacement scheme. *

** Wide Area File Services (WAFS) projects go a long way towards cost reduction, simplification, continuity, and even regulatory compliance. However, simply removing the remote file servers and serving all files from the central server is almost certainly a plan for failure. In order to realize all of business benefits of WAFS, steps must be taken to deal with the WAN. File services using CIFS are particularly susceptible to latency, and compared to the LAN, the WAN will bring plenty of latency. Not only performance, but remote file servers often host other services necessary for the remote office. The cost savings of reclaiming remote file server hardware will not be possible if the hardware needs to continue supporting other local services. Complementing all of the other Compass technology, Expand's WAFS solution is a simple software upgrade plug-in available for any of the WAFS-Ready Accelerators. This combination of technology enables not just a file acceleration point solutio

** Active Directory and the Domain Name System (DNS) What is DNS? One can define the domain name system as the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember "handle" for an Internet address. Active Directory relies heavily on DNS to function, but not just any DNS. Active Directory is highly dependent on the Microsoft DNS service found on Windows 2000 Server or Windows Server 2003 systems or equivalents. However, though not highly recommended, it is possible integrate a non-Microsoft DNS to use with Active Directory. Microsoft first introduced a DNS service with Windows NT Server 4.0. However, that early version of DNS from Microsoft is not capable of supporting Active Directory. Windows NT Server 4.0 DNS lacks three specific features: Service Resource Records (SRV RR), Dynamic DNS (DDNS) and Incremental Zone Transfers (IXFR). Without these DNS features, Active Directory cannot fu

** Step 1 Determine if the deletion has already replicated to all of your Global Catalog DC's. If there is a latent GC/DC that has not processed any part of the deletion, then disconnect it from the network or disable inbound replication with the repadmin.exe command. (repadmin /options dc_name +DISABLE_INBOUND_REPL) If there isn't a latent DC, then you will have to find a recent system state backup from a GC/DC from the domain where the deletion occurred. Step 2 Reboot the recovery DC into DS restore mode and perform an authoritative restore (or if you did not find a latent DC, restore the system state and then perform the authoritative restore) Step 3 If you did not have to restore the system state, reboot normally. Reboot with the network cable disconnected if you did restore the system state, and then disable inbound replication with the repadmin command. Initiate outbound replication to all dc's in the domain (and gc's in the forest) with the repadmin /syncall comm

** Dynamic host configuration protocol is used to automatically assign TCP/IP addresses to clients along with the correct subnet mask, default gateway, and DNS server. Two ways for a computer to get its IP address: Using DHCP from a DHCP server. Manual configuration. DHCP Scopes Scope - A range of IP addresses that the DHCP server can assign to clients that are on one subnet. Superscope - A range of IP addresses that span several subnets. The DHCP server can assign these addresses to clients that are on several subnets. Multicast scope - A range of class D addresses from 224.0.0.0 to 239.255.255.255 that can be assigned to computers when they ask for them. A multicast group is assigned to one IP address. Multicasting can be used to send messages to a group of computers at the same time with only one copy of the message. The Multicast Address Dynamic Client Allocation Protocol (MADCAP) is used to request a multicast address from a DHCP server. One way to create a superscope is to se