You can use the attached queries to apply GPOs only to a specific Operating System. This can prevent problems, like applying a server GPO to a client and vice versa. You can also use this, to only apply mappings on client OS.
Windows Server 2012 DC
select * from Win32_OperatingSystem where Version like "6.2%" and ProductType = "2"
Windows Server 2012
select * from Win32_OperatingSystem where Version like "6.2%" and ProductType = "3"
Windows 8
select * from Win32_OperatingSystem where Version like "6.2%" and ProductType = "1"
Windows Server 2008 R2
select * from Win32_OperatingSystem where Version like "6.1%" and ProductType = "3"
Windows Server 2008 R2 DC
select * from Win32_OperatingSystem where Version like "6.1%" and ProductType = "2"
Windows 7
select * from Win32_OperatingSystem where Version like "6.1%" and ProductType = "1"
Windows Server 2008
select * from Win32_OperatingSystem where Version like "6.0%" and ProductType = "3"
Windows Server 2008 DC
select * from Win32_OperatingSystem where Version like "6.0%" and ProductType = "2"
Windows Vista
select * from Win32_OperatingSystem where Version like "6.0%" and ProductType = "1"
Windows Server 2003
select * from Win32_OperatingSystem where Version like "5.2%" and ProductType = "3"
Windows XP
select * from Win32_OperatingSystem where (Version like "5.1%" or Version like "5.2%") and ProductType = "1"
Wednesday, December 19, 2012
Windows Server 2012 Core Network Companion Guide: Group Policy Deployment
Hi guys,
Microsoft released a guide for deploying GPOs via group membership.
Microsoft released a guide for deploying GPOs via group membership.
"This guide provides instructions for deploying Group Policy settings to a set of client computers or users by using membership groups rather than account location in the OU hierarchy of a domain."You can download this guide here.
Roaming profile users experience slow logons on Windows 7
SYPTOMS:
Roaming profile users experience slow logons on Windows 7.
RESOLUTION:
- Check the network cables, workstation hardware etc. and change it if required.
- Check the size of the profile (Create Quotas via Policy) and delete some files.
- Check if the correct network card drivers are installed on affected workstations.
- Check if the network path is working in your policy or user object defined for Roaming Profile.
- Check the permissions on the Server are set right.
- Check this hotfix if you implemented the described scenario in the MS article.
STEPS FOR THE FUTURE:
- Exclude some folders from roaming to reduce the profile size
Apply the following settings via GPO:
GPO Path: "User Configuration/Policies/Administrative Templates/System/User Profiles"
"Exclude directories in roaming profile" set to "Enabled"
For example type in the following: AppData\Roaming\OpenOffice.org
- Create Quotas via Policy
GPO Path: "User Configuration/Policies/Administrative Templates/System/User Profiles"
Set the settings for the Policy "Limit profile size"
Roaming profile users experience slow logons on Windows 7.
RESOLUTION:
- Check the network cables, workstation hardware etc. and change it if required.
- Check the size of the profile (Create Quotas via Policy) and delete some files.
- Check if the correct network card drivers are installed on affected workstations.
- Check if the network path is working in your policy or user object defined for Roaming Profile.
- Check the permissions on the Server are set right.
- Check this hotfix if you implemented the described scenario in the MS article.
STEPS FOR THE FUTURE:
- Exclude some folders from roaming to reduce the profile size
Apply the following settings via GPO:
GPO Path: "User Configuration/Policies/Administrative Templates/System/User Profiles"
"Exclude directories in roaming profile" set to "Enabled"
For example type in the following: AppData\Roaming\OpenOffice.org
- Create Quotas via Policy
GPO Path: "User Configuration/Policies/Administrative Templates/System/User Profiles"
Set the settings for the Policy "Limit profile size"
WDS Error: "PXE-E55: ProxyDHCP service did not reply to request on port 4011"
Hi guys,
if you getting this error, on the PXE Boot, it could be that your workstation is saved on a WDS database for rejected and approved devices. To delete this entries you can run the following commands on your WDS server.
Wdsutil.exe /delete-autoadddevices /devicetype:rejecteddevices
Wdsutil.exe /delete-autoadddevices /devicetype:approveddevices
Now you are able to image the affected workstations.
if you getting this error, on the PXE Boot, it could be that your workstation is saved on a WDS database for rejected and approved devices. To delete this entries you can run the following commands on your WDS server.
Wdsutil.exe /delete-autoadddevices /devicetype:rejecteddevices
Wdsutil.exe /delete-autoadddevices /devicetype:approveddevices
Now you are able to image the affected workstations.
Tuesday, November 27, 2012
Windows Server 2012 and Windows 8 Test Lab Guides
Hi all,
in the MS TechNet Wiki is a cool article for a Windows Server 2012 Test Lab. In this article are helpful testlab guides to demonstrate the new features and functionality in Windows Server 2012 and Windows 8.
You can check it here.
in the MS TechNet Wiki is a cool article for a Windows Server 2012 Test Lab. In this article are helpful testlab guides to demonstrate the new features and functionality in Windows Server 2012 and Windows 8.
You can check it here.
Monday, November 26, 2012
Disable an Active Directory account on a schedule
Every AD Admin knows this thing. Request 891237843 ->Please disable the User XY on next saturday at 12 pm. Its weekend so don´t waste your time with this things... Here is a guide for creating a schedule task that do this job for you!
First create a batch file like this:
dsmod user "CN=Bad Person,OU=Users,DC=companyX,DC=com" -disabled yes
You have to know the users DN. You can find it in Active Directory Users and Computers (ADUC) in the Users Properties. In the properties select the tab "Attribute Editor" tab and go to "distinguishedName". Double click on it and copy the value. Replace my sample DN CN=Bad Person,OU=Users,DC=companyX,DC=com in the script with your users DN and save it.
On your DC or on a admin workstation that have DSMOD installed, create a schedule task that run the created batch file.
One example for creating a Schedule Task on Windows Server 2008 R2:
Open the "Task Scheduler" that is located in "Administrative Tools". Right-click "Task Scheduler Libary" and select "Create Task...".
Task Settings:
-General tab
Select "Run whether user is logged on or not"
-Triggers tab
Click on "New..", select "On a schedule" and set the time you want to disable the user.
-Actions tab
Click on "New..", select "Start a program" and "Browse" to your created batch file.
Confirm all by clicking "OK" and entering your credentials or credentials from a task user.
Note: The account that run the task need the required rights to disable a User account.
First create a batch file like this:
dsmod user "CN=Bad Person,OU=Users,DC=companyX,DC=com" -disabled yes
You have to know the users DN. You can find it in Active Directory Users and Computers (ADUC) in the Users Properties. In the properties select the tab "Attribute Editor" tab and go to "distinguishedName". Double click on it and copy the value. Replace my sample DN CN=Bad Person,OU=Users,DC=companyX,DC=com in the script with your users DN and save it.
On your DC or on a admin workstation that have DSMOD installed, create a schedule task that run the created batch file.
One example for creating a Schedule Task on Windows Server 2008 R2:
Open the "Task Scheduler" that is located in "Administrative Tools". Right-click "Task Scheduler Libary" and select "Create Task...".
Task Settings:
-General tab
Select "Run whether user is logged on or not"
-Triggers tab
Click on "New..", select "On a schedule" and set the time you want to disable the user.
-Actions tab
Click on "New..", select "Start a program" and "Browse" to your created batch file.
Confirm all by clicking "OK" and entering your credentials or credentials from a task user.
Note: The account that run the task need the required rights to disable a User account.
Thursday, October 18, 2012
Explore Google data center
Video: Explore a Google data center with Street View
You can also explore Googles datacenter on your own in Street View.
Tuesday, October 16, 2012
Windows 7: How to Remove Games link from Start Menu with Group Policy
- Create a new GPO and link it under the OU that the user is located.
- Go to User Configuration, Policies, Administrative Templates, Start Menu and Taskbar and enable "Remove Games link from Start Menu".
...
- You can also apply the following to prevent the user from acces and hide the A, B , C and D drive from my Computer.
- Go to User Configuration, Policies, Administrative Templates, Windows Components/Windows Explorer. Now enable "Hide these specified drives in My Computer" and Restrict A, B, C and D drives only. Also enable "Prevent access to drives from My Computer" and Restrict A, B, C and D drives only.
Note:
If the user is a administrator the policy will not be set.
- Go to User Configuration, Policies, Administrative Templates, Start Menu and Taskbar and enable "Remove Games link from Start Menu".
...
- You can also apply the following to prevent the user from acces and hide the A, B , C and D drive from my Computer.
- Go to User Configuration, Policies, Administrative Templates, Windows Components/Windows Explorer. Now enable "Hide these specified drives in My Computer" and Restrict A, B, C and D drives only. Also enable "Prevent access to drives from My Computer" and Restrict A, B, C and D drives only.
Note:
If the user is a administrator the policy will not be set.
Friday, October 12, 2012
Windows 8: Unattend Installation using WDS
---Setup---
- Download the ISO file for Windows 8 from the Microsoft Homepage.
- Extract the "Install.wim" and "boot.wim" with 7zip or another tool. The WIM files are located in the "sources" folder.
- Rename the Install.wim i.e. to Win8.ENT.EN and add it to your WDS Server.
Win8 = Windows 8
ENT=Enterprise
EN=English
- Add the boot.wim as boot image also to your server.
- On your server go to "\RemoteInstall\Images\Basic Images\" and create a folder that have the same name that your image have "Win8.ENT.EN".
- In the folder "Win8.ENT.EN" created a folder named "Unattend".
- Open Notepad and copy in the follwoing text and save it as ImageUnattend.xml in the "Unattend" folder. You have to change the domain join ,time zone and locale settings.
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>*</ComputerName>
<TimeZone>W. Europe Standard Time</TimeZone>
</component>
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>YOURdomain.com</Domain>
<Password>PW678231bn!8</Password>
<Username>domainjoin</Username>
</Credentials>
<JoinDomain>YOURdomain.com</JoinDomain>
</Identification>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>de-de</InputLocale>
<UILanguage>de-de</UILanguage>
<UserLocale>de-de</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<Themes>
<DefaultThemesOff>true</DefaultThemesOff>
</Themes>
<UserAccounts>
<AdministratorPassword>
<Value>AdminPW123!</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>AdminPW123!</Value>
<PlainText>true</PlainText>
</Password>
<Description>Admin Account</Description>
<DisplayName>Admin</DisplayName>
<Group>Administrators</Group>
<Name>admin</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:d:/install.wim#Windows 8 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
- The image will be automatically linked to your xml file.
- For HDD disk configuration settings you have to add a second xml. Save the following XML to "\RemoteInstall\WdsClientUnattend" and name it Unattend64.xml
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<WillShowUI>OnError</WillShowUI>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>System</Label>
<Letter>C</Letter>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<WindowsDeploymentServices>
<Login>
<Credentials>
<Domain></Domain>
<Username></Username>
<Password></Password>
</Credentials>
</Login>
<ImageSelection>
<WillShowUI>OnError</WillShowUI>
<InstallImage>
<ImageName></ImageName>
<ImageGroup></ImageGroup>
<FileName></FileName>
</InstallImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
</ImageSelection>
</WindowsDeploymentServices>
</component>
</settings>
</unattend>
- After this open the WDS console go to the "Client" tab, select "Enable unattended installation" and choose your created xml file for "ia64 architecture" and "x64 architecture". For ia64 change the XML.
- The user who start the installation, have to enter his credentials and to choose the uploaded Windows 8 image. You can also point to an image and provide the credentials in the XML.
---Settings that will be applied----
Admin Account => PW = AdminPW123!, Name = admin
LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>AdminPW123!</Value>
<PlainText>true</PlainText>
</Password>
<Description>Local Admin</Description>
<DisplayName>Admin</DisplayName>
<Group>Administrators</Group>
<Name>admin</Name>
</LocalAccount>
</LocalAccounts>
Computer name => Random
<ComputerName>*</ComputerName>
For using the prestaged computer object in Active Directory use the following
<ComputerName>%machinename%</ComputerName>
Locale/Language => Germany for other locations see Windows Locale Codes
<InputLocale>de-de</InputLocale>
<UILanguage>de-de</UILanguage>
<UserLocale>de-de</UserLocale>
---Notes---
You can created your own XML with encrypted user passwords etc. using Windows ADK
- Download the ISO file for Windows 8 from the Microsoft Homepage.
- Extract the "Install.wim" and "boot.wim" with 7zip or another tool. The WIM files are located in the "sources" folder.
- Rename the Install.wim i.e. to Win8.ENT.EN and add it to your WDS Server.
Win8 = Windows 8
ENT=Enterprise
EN=English
- Add the boot.wim as boot image also to your server.
- On your server go to "\RemoteInstall\Images\Basic Images\" and create a folder that have the same name that your image have "Win8.ENT.EN".
- In the folder "Win8.ENT.EN" created a folder named "Unattend".
- Open Notepad and copy in the follwoing text and save it as ImageUnattend.xml in the "Unattend" folder. You have to change the domain join ,time zone and locale settings.
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>*</ComputerName>
<TimeZone>W. Europe Standard Time</TimeZone>
</component>
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>YOURdomain.com</Domain>
<Password>PW678231bn!8</Password>
<Username>domainjoin</Username>
</Credentials>
<JoinDomain>YOURdomain.com</JoinDomain>
</Identification>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>de-de</InputLocale>
<UILanguage>de-de</UILanguage>
<UserLocale>de-de</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<Themes>
<DefaultThemesOff>true</DefaultThemesOff>
</Themes>
<UserAccounts>
<AdministratorPassword>
<Value>AdminPW123!</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>AdminPW123!</Value>
<PlainText>true</PlainText>
</Password>
<Description>Admin Account</Description>
<DisplayName>Admin</DisplayName>
<Group>Administrators</Group>
<Name>admin</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:d:/install.wim#Windows 8 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
- The image will be automatically linked to your xml file.
- For HDD disk configuration settings you have to add a second xml. Save the following XML to "\RemoteInstall\WdsClientUnattend" and name it Unattend64.xml
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<WillShowUI>OnError</WillShowUI>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>System</Label>
<Letter>C</Letter>
<Order>1</Order>
<PartitionID>1</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<WindowsDeploymentServices>
<Login>
<Credentials>
<Domain></Domain>
<Username></Username>
<Password></Password>
</Credentials>
</Login>
<ImageSelection>
<WillShowUI>OnError</WillShowUI>
<InstallImage>
<ImageName></ImageName>
<ImageGroup></ImageGroup>
<FileName></FileName>
</InstallImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>1</PartitionID>
</InstallTo>
</ImageSelection>
</WindowsDeploymentServices>
</component>
</settings>
</unattend>
- After this open the WDS console go to the "Client" tab, select "Enable unattended installation" and choose your created xml file for "ia64 architecture" and "x64 architecture". For ia64 change the XML.
- The user who start the installation, have to enter his credentials and to choose the uploaded Windows 8 image. You can also point to an image and provide the credentials in the XML.
---Settings that will be applied----
Admin Account => PW = AdminPW123!, Name = admin
LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>AdminPW123!</Value>
<PlainText>true</PlainText>
</Password>
<Description>Local Admin</Description>
<DisplayName>Admin</DisplayName>
<Group>Administrators</Group>
<Name>admin</Name>
</LocalAccount>
</LocalAccounts>
Computer name => Random
<ComputerName>*</ComputerName>
For using the prestaged computer object in Active Directory use the following
<ComputerName>%machinename%</ComputerName>
Locale/Language => Germany for other locations see Windows Locale Codes
<InputLocale>de-de</InputLocale>
<UILanguage>de-de</UILanguage>
<UserLocale>de-de</UserLocale>
---Notes---
You can created your own XML with encrypted user passwords etc. using Windows ADK
Friday, September 21, 2012
WDS: WDS can not start Error 0x2740
Error message:
An error occurred while trying to start the Windows Deployment Services server.
Error Information: 0x2740
This error could be occured because your site is using a DC without a GC role.
You can solve the issue by:
Make your local DC to a GC.
or
Pointing to your local DC and to a GC.
-Open the WDS console and right-click on the servername.
-Select properties and choose the advanced tab.
-Type in your local DC and a GC that can be reached from the local site.
An error occurred while trying to start the Windows Deployment Services server.
Error Information: 0x2740
This error could be occured because your site is using a DC without a GC role.
You can solve the issue by:
Make your local DC to a GC.
or
Pointing to your local DC and to a GC.
-Open the WDS console and right-click on the servername.
-Select properties and choose the advanced tab.
-Type in your local DC and a GC that can be reached from the local site.
Tuesday, August 21, 2012
Windows Server 2008: E-MAIL AD Account Lockout Notification
Hi,
today I want to show you one way for Account Lockout Notification, with a schedule
task on a event, starting a batch file thats send a mail via blat.exe.
-Download the blat.exe
-Set the Mail server settings with the blat.exe on your server. For help type in blat.exe /?
-Create the LockoutALL.bat and copy the blat.exe to "c:\EventLogs" on your DC.
AccountLockoutSend.bat
del c:\EventLogs\4740.txt
wevtutil.exe qe Security
/q:*[System[EventID=4740]] /rd:true /c:1 /f:text >>
c:\EventLogs\4740.txt
c:\EventLogs\blat.exe c:\EventLogs\4740.txt -to Tim@companyX.com
-subject "Account Lockout Company X"
-Create a schedule New task and set Run whether user is logged on or not
-Go to the "Trigger" tab and Select "New", choose "Begin the task: On an event" Event details -> Log: Security,Source Microsoft-Windows-Security-Auditing,Event ID: 4740
-In the "Actions" tab choose the "LockoutALL.bat".
-Save the task.
Tuesday, July 17, 2012
User Provisioning App for Exchange mailbox, Active Directory and Lync accounts
Hi guys,
this is a cool tool for User Account provisioning in your Microsoft environment.
Z-Hire-Employee-Provisionin App
this is a cool tool for User Account provisioning in your Microsoft environment.
"Z-Hire automates the IT account creation process for Exchange mailbox, Active Directory, Lync accounts and Office 365 cloud deployments. With just a click of the button, your Exchange mailbox, and Active directory and Lync accounts will be created simultaneousy. This app can also create and set custom settings for Office 365 accounts using templates. Z-Hire serves as the platform for new hire accounts by allowing auto-creation of major IT accounts with the option for custom scripts. Z-hire will increase your account deployment time by 600%, without the need for complicated and expensive identity management solutions. Some of the features include:Download Link:
- Environment Auto discovery (AD/Exchange/Lync)
- Support for Active Directory, Exchange, Lync 2010 and Office 365 accounts
- Template based deployment (allows consistency for all user accounts)
- Office 365 account creation with major attributes
- Active Directory account creation with major attributes
- Active Directory group selection
- Active Directory duplicate SamAccountName verification
- Lync 2010 account creation supporting all policies
- Faster performance (compared to previous version)
- Best of all, it's freeware!"
Z-Hire-Employee-Provisionin App
Tuesday, June 26, 2012
Remote Server Administration Tools (RSAT) for Windows 8
"Remote Server Administration Tools for Windows 8 Release Preview includes Server Manager, Microsoft Management Console (MMC) snap-ins, consoles, Windows PowerShell cmdlets and providers, and command-line tools for managing roles and features that run on Windows Server 2012. In limited cases, the tools can be used to manage roles and features that are running on Windows Server 2008 R2 or Windows Server 2008. Some of the tools work for managing roles and features on Windows Server 2003"
Thursday, June 21, 2012
ADUC: Add the Remote Install Tab in Win7/Vista and the option to add the GUID by creating Computer
After installing RSAT...
Copy the following files from a Windows Server 2008 or Windows Server 2008 R2 if you using a 64bit system:
imadmui.dll
imadmui.dll.mui
Save the following as RemoteTab.bat
@echo off
echo This program will add the option to type in the GUID by adding Computer accounts with ADUC and add also the Remote Install tab hf TIM
echo.
xcopy imadmui.dll "%systemroot%\system32\" /e /y > nul:
xcopy imadmui.dll.mui "%systemroot%\system32\EN-US\" /e /y > nul:
regsvr32 "%systemroot%\system32\imadmui.dll" /s
exit
Put the three files in the some folder and doubleclick the "RemoteTab.bat".
If you get a Access Denied message turn off the UAC and reboot the system and try again.
Copy the following files from a Windows Server 2008 or Windows Server 2008 R2 if you using a 64bit system:
imadmui.dll
imadmui.dll.mui
Save the following as RemoteTab.bat
@echo off
echo This program will add the option to type in the GUID by adding Computer accounts with ADUC and add also the Remote Install tab hf TIM
echo.
xcopy imadmui.dll "%systemroot%\system32\" /e /y > nul:
xcopy imadmui.dll.mui "%systemroot%\system32\EN-US\" /e /y > nul:
regsvr32 "%systemroot%\system32\imadmui.dll" /s
exit
Put the three files in the some folder and doubleclick the "RemoteTab.bat".
If you get a Access Denied message turn off the UAC and reboot the system and try again.
Friday, June 15, 2012
Free ebooks from Microsoft Press
Free ebook: Introducing Windows Server 2012 (based on Beta)
http://go.microsoft.com/FWLink/?Linkid=251464
http://go.microsoft.com/FWLink/?Linkid=251464
Free ebook: Introducing Microsoft SQL Server 2012
http://blogs.msdn.com/b/microsoft_press/archive/2012/03/15/free-ebook-introducing-microsoft-sql-server-2012.aspx
Free ebook: Introducing Microsoft SQL Server 2008 R2
http://blogs.msdn.com/b/microsoft_press/archive/2010/04/14/free-ebook-introducing-microsoft-sql-server-2008-r2.aspx
Free ebook: Introducing Windows Server 2008 R2
Free ebook: Understanding Microsoft Virtualization Solutions (Second Edition)
Free eBook: Microsoft Office 365: Connect and Collaborate Virtually Anywhere, Anytime
Free ebook: First Look Microsoft Office 2010
Free ebook: Security and Privacy for Microsoft Office Users
Free ebook: Deploying Windows 7, Essential Guidance
Free ebook: Moving to Microsoft Visual Studio 2010
Free ebook: Programming Windows Phone 7, by Charles Petzold
Tuesday, June 12, 2012
Microsoft Virtual Labs
Exchange Server:
http://technet.microsoft.com/en-us/virtuallabs/bb499043
Windows Server 2008:
http://technet.microsoft.com/en-us/virtuallabs/cc164207
Windows 7:
http://technet.microsoft.com/en-us/virtuallabs/ee862412
Lync Server 2010:
http://technet.microsoft.com/en-us/virtuallabs/gg720285
Sharepoint:
http://technet.microsoft.com/en-us/virtuallabs/bb512933
System Center:
http://technet.microsoft.com/en-us/virtuallabs/bb539977
Windows SBS:
http://technet.microsoft.com/en-us/virtuallabs/ff465366
http://technet.microsoft.com/en-us/virtuallabs/bb499043
Windows Server 2008:
http://technet.microsoft.com/en-us/virtuallabs/cc164207
Windows 7:
http://technet.microsoft.com/en-us/virtuallabs/ee862412
Lync Server 2010:
http://technet.microsoft.com/en-us/virtuallabs/gg720285
Sharepoint:
http://technet.microsoft.com/en-us/virtuallabs/bb512933
System Center:
http://technet.microsoft.com/en-us/virtuallabs/bb539977
Windows SBS:
http://technet.microsoft.com/en-us/virtuallabs/ff465366
Tuesday, June 5, 2012
WDS: Error Code 0xc1420127 by try to adding drivers the boot image
If you trying to add a driver to your boot image and you recieve the following error:
Error Occurred while trying to execute this command.
Error Code: 0xc1420127
The following steps have to solve the issue:
-Clear temp directories
-Open registry and go to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIMMount\Mounted Images" and delete keys below
-If the error appears as before, restart the WDS service
Error Occurred while trying to execute this command.
Error Code: 0xc1420127
The following steps have to solve the issue:
-Clear temp directories
-Open registry and go to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIMMount\Mounted Images" and delete keys below
-If the error appears as before, restart the WDS service
Tuesday, May 8, 2012
Powershell: Get a list with Username and Mail address from AD
Get a list with Username and Mail address. The output of the query will be saved in "c:\mail.txt".
Download-Link:
http://gallery.technet.microsoft.com/Get-a-list-with-Username-9a908c37/file/57193/1/GetUserMail.txt
(Import-Module ActiveDirectory required)
Sample Output:
SamAccountName Mail
-------------- ----
User1 User1@corp.de
User2 User2@corp.nl
User3 User3@corp.fr
Download-Link:
http://gallery.technet.microsoft.com/Get-a-list-with-Username-9a908c37/file/57193/1/GetUserMail.txt
(Import-Module ActiveDirectory required)
Sample Output:
SamAccountName Mail
-------------- ----
User1 User1@corp.de
User2 User2@corp.nl
User3 User3@corp.fr
Tuesday, April 24, 2012
Windows: Can´t minimize Windows 7 RDP window
To solve this problem, do the following steps:
Go to "System Properties/Advanced", "Performance" and click on "Settings".
On "Visual Effects", select "Custom:" and deselect "Animate windows when minimizing and maximizing".
Regards,
Tim
Go to "System Properties/Advanced", "Performance" and click on "Settings".
On "Visual Effects", select "Custom:" and deselect "Animate windows when minimizing and maximizing".
Regards,
Tim
AD: Map a printer via Group Policy Preferences (GPP)
Hi,
find attatched a short manual for Mapping a printer via GPP.
-Create a printer object on print server i.e. P_X555
-Create a local group "lg-prt-P_X555 Users" and give them Print acces on the printer object on the server.
-Create a global group "gg-prt-Map P_X555" and nist "lg-prt-P_X555 Users" in it.
-Create a GPO for printers i.e. "ALL Printers Location1"
-Delete Authenticated Users from GPO scope and add "lg-prt-P_X555 Users"
-Go to the server, right-click the printer P_X555, select "Deploy with Group Policy..." and browse to the created GPO "ALL Printers Location1"
Finally add users to "gg-prt-Map P_X555" and the printer will be mapped.
NOTE: For XP you must download the pushprinterconnection.exe and built a policy that points to the exe. Then add the local group to the scope of the policy. Download and install or push via WSUS the following KB to using GPP with XP http://www.microsoft.com/download/en/details.aspx?id=3628 . For Vista: http://www.microsoft.com/en-us/download/details.aspx?id=15198
find attatched a short manual for Mapping a printer via GPP.
-Create a printer object on print server i.e. P_X555
-Create a local group "lg-prt-P_X555 Users" and give them Print acces on the printer object on the server.
-Create a global group "gg-prt-Map P_X555" and nist "lg-prt-P_X555 Users" in it.
-Create a GPO for printers i.e. "ALL Printers Location1"
-Delete Authenticated Users from GPO scope and add "lg-prt-P_X555 Users"
-Go to the server, right-click the printer P_X555, select "Deploy with Group Policy..." and browse to the created GPO "ALL Printers Location1"
Finally add users to "gg-prt-Map P_X555" and the printer will be mapped.
NOTE: For XP you must download the pushprinterconnection.exe and built a policy that points to the exe. Then add the local group to the scope of the policy. Download and install or push via WSUS the following KB to using GPP with XP http://www.microsoft.com/download/en/details.aspx?id=3628 . For Vista: http://www.microsoft.com/en-us/download/details.aspx?id=15198
Wednesday, April 11, 2012
Windows: Rename a computer locally and remotely
You can rename a Computer by logging on to the computer or via your admin workstation remotely.
LOCALLY:
1. Open System Properties from Control Panel.
2. In the Computer Name, Domain, And Workgroup Settings section, click "Change
Settings".
3. If you are prompted by User Account Control, click "Continue".
4. On the "Computer Name" tab, click "Change".
5. Type the new name and click "OK" twice to close the dialog boxes.
6. Restart the computer to allow the change to take effect.
REMOTELY:
In Command Prompt, you can use the NetDom command with the following syntax:
netdom renamecomputer machinename /newname:newname /reboot:30
EXAMPLE:
C:\>netdom renamecomputer PC00100 /NewName:PC00010
This operation will rename the computer PC00100
to PC00010.
Certain services, such as the Certificate Authority, rely on a fixed machine
name. If any services of this type are running on PC00100,
then a computer name change would have an adverse impact.
Do you want to proceed (Y or N)?
y
The computer needs to be restarted in order to complete the operation.
The command completed successfully.
Tuesday, March 27, 2012
Windows Server 2008 R2: KMS for Windows and Office
KMS for OfficeOffice 2010
-Download the KeyManagementServiceHost.exe
-Open KeyManagementServiceHost.exe
-Type in the KMS key
Client VL for Win 7
Vista Business / Vista Enterprise, Win7 Professional / Win7 Enterprise
KMS A
Windows Web Server 2008 / Windows Server 2008 HPC Edition / Client VL
KMS B
Windows Server 2008 Standard / Windows Server 2008 Enterprise / Client VL
KMS C
Windows Server 2008 Datacenter /Windows Server 2008 für Itanium-based Systems / Client VL
Showing status for Office only:
slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864
KMS for Windows
Type in the KMS key with the paramaeter:
slmgr.vbs /ipk 12345-12345-12345-12345-12345
Activate the KMS key:
slmgr.vbs /ato
Showing status for Windows KMS Hosts:
slmgr.vbs /dlv
slmgr.vbs /dlv all
You can also check the KMS Events in the Eventviewer:
Monday, March 26, 2012
WDS: Integrate a languagepack with DSIM
Showing the index you have to use!
Dism /get-wiminfo /wimfile:C:\images\Win7.Ent.EN-EN.WIM
Dism /Mount-WIM /WimFile:C:\Images\Win7.Ent.EN-EN.WIM /Index:"1" /MountDir:C:\mount
Now download the language pack you want to integrate and create a directory C:\Scratch, because the files have to save temporally.
Dism /Image:C:\mount /ScratchDir:C:\Scratch /add-package /packagepath:C:\Languagepacks\lpGER.cab
Command to show information about the installed language packs.
Dism /Image:C:\mount /get-Intl
Optional you can add some other Language Packages, if you want.
To save the changes you have to unmount the Image.
Dism /Unmount-WIM /MountDir:C:\mount /Commit
------------------------------------------------------------------------------------------------------------
Set a standard Input System and User-Locale in the XML file
For a standard Input-, System- and User-Locale edit the ImageUnattend.xml:
For German 32bit
<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>de-DE; en-US</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UserLocale>de-DE</UserLocale>
</component>
For English 32bit
<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-US; de-DE</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UserLocale>en-US</UserLocale>
</component>
WDS: Integrate a hotfix using DSIM
1.Check Index of the wim file
Dism /get-wiminfo /wimfile:c:\images\install.WIM
2.Mount image
Dism /mount-wim /wimfile:c:\images\install.wim /mountdir:c:\mount /index:1
3.Expand the Hotfix with 7zip and extract the cab file
4.Add the cab file to the wim
Dism /image:c:\images\install.wim /add-package /Packagepath:c:\hotfix\Windows6.1-KB2028749-x86.cab
5.Unmount image and commit changes
Dism /unmount-wim /mountdir:c:\mount /Commit
AD: MSI Software Rollout via GPO with groups
In ADUC
Create a global group named "GG-Workstations Department X"
Create a local group in ADUC named "LG-Software XY 9.1.0" and add it to "GG-Workstations Department X"
Add the local group "LG-Software XY 9.1.0" to the Software folder.
In GPO management
Create a gpo for the Software and link it to the right OU
Under tab Scope, Security Filtering and Remove Authenticated Users and add the local group
Right click on the policy and click Edit
Expand Computer Management>Policies>Software Settinsgs>Software installation
Right click Software installation click New> package
Browse to the package
Click Advanced
General Tab: Type in the Software Name, Version, language and location
Deployment: Set "Uninstall this application when it falls ou of the scope of management", Click Advanced and set "Ignore language when deploying this package"
Modifications: For MST files
Security: Remove Authenticated users(Click Advanced,Choose Authenticated Users and deselect Include inheritable… Click Add, After this Aplly and click Yes), add the local group
ADUC: Additional account info in Active Directory Users and Computers
Hi guys,
for getting additional account info in ADUC following the following steps:
Downloading the files:
-acctinfo.dll
-lockoutstatus.exe
Create a shortcut for ADUC runs in 32bit context:
For 32bit using the following cmd
@echo off
echo This program will register the Acctinfo tab Add-on to AD Users and Computers and integrate the lockoutstatus.exe hf TIM
echo.
xcopy lockoutstatus.exe "%systemroot%\system32\" /e /y > nul:
xcopy acctinfo.dll "%systemroot%\system32\" /e /y > nul:
regsvr32 "%systemroot%\system32\acctinfo.dll" /s
exit
For 64bit using this
@echo off
echo This program will register the Acctinfo tab Add-on to AD Users and Computers and integrate the lockoutstatus.exe hf TIM
echo.
xcopy dsa32.lnk "%systemdrive%\Users\%username%\desktop\" > nul:
xcopy lockoutstatus.exe "%systemroot%\syswow64\"/e /y > nul:
xcopy acctinfo.dll "%systemroot%\syswow64\" /e /y > nul:
regsvr32 "%systemroot%\syswow64\acctinfo.dll" /s
exit
for getting additional account info in ADUC following the following steps:
Downloading the files:
-acctinfo.dll
-lockoutstatus.exe
Create a shortcut for ADUC runs in 32bit context:
Save the files to the same location.
For 32bit using the following cmd
@echo off
echo This program will register the Acctinfo tab Add-on to AD Users and Computers and integrate the lockoutstatus.exe hf TIM
echo.
xcopy lockoutstatus.exe "%systemroot%\system32\" /e /y > nul:
xcopy acctinfo.dll "%systemroot%\system32\" /e /y > nul:
regsvr32 "%systemroot%\system32\acctinfo.dll" /s
exit
For 64bit using this
@echo off
echo This program will register the Acctinfo tab Add-on to AD Users and Computers and integrate the lockoutstatus.exe hf TIM
echo.
xcopy dsa32.lnk "%systemdrive%\Users\%username%\desktop\" > nul:
xcopy lockoutstatus.exe "%systemroot%\syswow64\"/e /y > nul:
xcopy acctinfo.dll "%systemroot%\syswow64\" /e /y > nul:
regsvr32 "%systemroot%\syswow64\acctinfo.dll" /s
exit
After you run the cmd restart ADUC and it will give you a new tab:
Thursday, March 22, 2012
AD: GPO Disable Games in Windows XP
Open GPO Management, create a new GPO and go to:
Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies
Rightclick "Additional Rules" and click on "New Path Rule..."
Now type in the following paths:
%SystemRoot%\system32\freecell.exe
%SystemRoot%\system32\mshearts.exe
%SystemRoot%\system32\sol.exe
%SystemRoot%\system32\spider.exe
%SystemRoot%\system32\winmine.exe
C:\Program Files\MSN Gaming Zone
C:\Program Files\Windows NT\Pinball\PINBALL.EXE
AD: Powershell cmdlets
Add-ADDomainControllerPasswordReplicationPolicy
Add-ADGroupMember
Clear-ADAccountExpiration
Disable-ADOptionalFeature
Enable-ADOptionalFeature
Get-ADAccountResultantPasswordReplicationPolicy
Get-ADComputerServiceAccount
Get-ADDomain
Get-ADDomainControllerPasswordReplicationPolicy
Get-ADFineGrainedPasswordPolicy
Get-ADForest
Get-ADGroupMember
Get-ADOptionalFeature
Get-ADPrincipalGroupMembership
Get-ADServiceAccount
Get-ADUserResultantPasswordPolicy
Move-ADDirectoryServer
Move-ADObject
New-ADFineGrainedPasswordPolicy
New-ADObject
New-ADServiceAccount
Remove-ADComputer
Remove-ADDomainControllerPasswordReplicationPolicy
Remove-ADFineGrainedPasswordPolicySubject
Remove-ADGroupMember
Remove-ADOrganizationalUnit
Remove-ADServiceAccount
Rename-ADObject
Restore-ADObject
Set-ADAccountControl
Set-ADAccountPassword
Set-ADDefaultDomainPasswordPolicy
Set-ADDomainMode
Set-ADForest
Set-ADGroup
Set-ADOrganizationalUnit
Set-ADUser
Unlock-ADAccount
AD: Active Directory Tools
Onboard
Event Logs
DCDIAG
Domaincontroller Diagnostic Tools
NETDIAG
Showing issue for the DC network
DNSLINT
For checking DNS
NETSH
DHCP, Network options
Repadmin
Replication tool
Data Collector Sets
Performance Diagnostics for AD, System and more.
FREE Third Party Tools
AD Topology Diagrammer(Visio required)
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13380
AD Tidy Free Edition
Query AD for last logged on Attributes of User/Computer accounts. Move Delete and more options available.
http://www.cjwdev.co.uk/Software/ADTidy/Info.html
AD Info Free Edition
Query AD for Information about AD objects
http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html
LIZA
Analyse ACL on Active Directory
http://www.ldapexplorer.com/en/liza.htm
LUMAX
LDAP Explorer and Maintenance
http://www.ldapexplorer.com/en/lumax.htm
Event Logs
DCDIAG
Domaincontroller Diagnostic Tools
NETDIAG
Showing issue for the DC network
DNSLINT
For checking DNS
NETSH
DHCP, Network options
Repadmin
Replication tool
Data Collector Sets
Performance Diagnostics for AD, System and more.
FREE Third Party Tools
AD Topology Diagrammer(Visio required)
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13380
AD Tidy Free Edition
Query AD for last logged on Attributes of User/Computer accounts. Move Delete and more options available.
http://www.cjwdev.co.uk/Software/ADTidy/Info.html
AD Info Free Edition
Query AD for Information about AD objects
http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html
LIZA
Analyse ACL on Active Directory
http://www.ldapexplorer.com/en/liza.htm
LUMAX
LDAP Explorer and Maintenance
http://www.ldapexplorer.com/en/lumax.htm
ADUC: Create a custom LDAP Query
To create a custom Saved Query, follow these steps.
- Right-click Saved Queries and click the New-Query option
- Type in a name for your saved query, such as "Search"
- Click the Define Query button
- Under the Find drop-down list, select Custom Search
- Click the Advanced tab
- Type in your query
Finds all disabled User Accounts
Finds all groups that have no members
Finds all locked out User Accounts
Windows Server: Printserver Migration from 2003 to 2008
For a Migration do the following steps:
1. Cleanup the old server.
2. !!!Update all Drivers to x86 and x64 on the old server!!! The x86 and x64 drivers must be the same. Use Universal Print Driver if you can.
Link HP:
http://h20271.www2.hp.com/SMB-AP/cache/380442-0-0-14-121.html
Link Lexmark:
http://www1.lexmark.com/en_US/software/upd/index.shtml
Link Brother:
http://welcome.solutions.brother.com/BSC/public/us/us/en/faq/faq/000000/002700/000074/faq002774_000.html?reg=us&c=us&lang=en&prod=mfc9010cn_us
3. Expand the tree, then right click on Print Servers and click on Add/Remove Servers .
4. Enter the name of the print server you want to migrate the printers off of and select Add to List, then click Apply.
5. Right Click on the server and select Export Printers to a File and save that file.
6. After the export is complete, right click on your new server in the tree.
7. Select Import Printer from a File, and select the export.
8. Follow the wizard…
AD: Well known SIDs in Active Directory
---FOR USERS---
User Well known SID
Creator Owner S-1-3-0
Administrator S-1-5-21domain-500
Guest S-1-5-21domain-501
KRBTGT S-1-5-21domain-502
Interactive S-1-5-4
Anonymous S-1-5-7
---FOR GROUPS---
Group Well known SID
Everyone S-1-1-0
Enterprise Domain Controllers S-1-5-9
Authenticated Users S-1-5-11
Domain Admins S-1-5-21domain-512
Domain Users S-1-5-21domain-513
Domain Computers S-1-5-21domain-515
Domain Controllers S-1-5-21domain-516
Cert Publishers S-1-5-21domain-517
Schema Admins S-1-5-21domain-518
Enterprise Admins S-1-5-21domain-519
Group Policy Creator Owners S-1-5-21domain-520
Administrators S-1-5-32-544
Users S-1-5-32-545
Guests S-1-5-32-546
Account Operators S-1-5-32-548
Server Operators S-1-5-32-549
Print Operators S-1-5-32-550
Backup Operators S-1-5-32-551
Replicators S-1-5-32-552
Pre-Windows 2000 Compatible Access S-1-5-32-554
Remote Desktop Users S-1-5-32-555
Network Configuration Operators S-1-5-32-556
Incoming Forest Trust Builders S-1-5-32-557
Enterprise Read-only Domain Controllers S-1-5-21domain-498
Read-only Domain Controllers S-1-5-21domain-521
Allowed RODC Password Replication Group S-1-5-21domain-571
Denied RODC Password Replication Group S-1-5-21domain-572
Event Log Readers S-1-5-32-573
User Well known SID
Creator Owner S-1-3-0
Administrator S-1-5-21domain-500
Guest S-1-5-21domain-501
KRBTGT S-1-5-21domain-502
Interactive S-1-5-4
Anonymous S-1-5-7
---FOR GROUPS---
Everyone S-1-1-0
Enterprise Domain Controllers S-1-5-9
Authenticated Users S-1-5-11
Domain Admins S-1-5-21domain-512
Domain Users S-1-5-21domain-513
Domain Computers S-1-5-21domain-515
Domain Controllers S-1-5-21domain-516
Cert Publishers S-1-5-21domain-517
Schema Admins S-1-5-21domain-518
Enterprise Admins S-1-5-21domain-519
Group Policy Creator Owners S-1-5-21domain-520
Administrators S-1-5-32-544
Users S-1-5-32-545
Guests S-1-5-32-546
Account Operators S-1-5-32-548
Server Operators S-1-5-32-549
Print Operators S-1-5-32-550
Backup Operators S-1-5-32-551
Replicators S-1-5-32-552
Pre-Windows 2000 Compatible Access S-1-5-32-554
Remote Desktop Users S-1-5-32-555
Network Configuration Operators S-1-5-32-556
Incoming Forest Trust Builders S-1-5-32-557
Enterprise Read-only Domain Controllers S-1-5-21domain-498
Read-only Domain Controllers S-1-5-21domain-521
Allowed RODC Password Replication Group S-1-5-21domain-571
Denied RODC Password Replication Group S-1-5-21domain-572
Event Log Readers S-1-5-32-573
Wednesday, March 21, 2012
AD: Create a Fine-Grained Password Policy
Req.: Windows Server 2008
-Open ADSI Edit
-Go to CN=System, CN=Possword Settings Container
-Right click select New>Object
-Select the class msDS-PasswordSettings and click Next
-Enter the values msDS-Minimum PasswordAge (format Days:Hours:Minutes:Seconds)01:00:00:00
-Assign this policy to a group:
-Open ADSI Edit
-Go to CN=System, CN=Possword Settings Container
-Right click select New>Object
-Select the class msDS-PasswordSettings and click Next
-Enter the values msDS-Minimum PasswordAge (format Days:Hours:Minutes:Seconds)01:00:00:00
-Assign this policy to a group:
Rightclick object
Got to Attribute msDS-PSOAppliesTo
Click Edit and select Add Windows Account. Type in the group name.
Got to Attribute msDS-PSOAppliesTo
Click Edit and select Add Windows Account. Type in the group name.
WDS: Setup WDS with wdsutil
After you adding the WDS role to your Windows Server 2008 R2 you can Setup the WDS using a cmd file.Copy your images and unattend files to the server.
WDSUTILSetup.cmd
cmd = "wdsutil /initialize-server /reminst:F:\RemoteInstall"
cmd = "wdsutil /Set-Server /AnswerClients:all"
cmd = "wdsutil /Add-Image /ImageFile:"C:\boot.wim" /ImageType:Boot"
cmd = "wdsutil /add-image /Imagefile:"C:\capture.wim" /ImageType:Boot"
cmd = "wdsutil /add-Imagegroup /Imagegroup:BasicImages"
cmd = "wdsutil /Add-Image /ImageFile:"C:\Install.wim" /ImageType:Install /ImageGroup:BasicImages"
cmd = "WDSUTIL /Set-Server /WdsUnattend /Policy:Enabled /File:Unattendx86.xml /Architecture:x86"
WDSUTILSetup.cmd
cmd = "wdsutil /initialize-server /reminst:F:\RemoteInstall"
cmd = "wdsutil /Set-Server /AnswerClients:all"
cmd = "wdsutil /Add-Image /ImageFile:"C:\boot.wim" /ImageType:Boot"
cmd = "wdsutil /add-image /Imagefile:"C:\capture.wim" /ImageType:Boot"
cmd = "wdsutil /add-Imagegroup /Imagegroup:BasicImages"
cmd = "wdsutil /Add-Image /ImageFile:"C:\Install.wim" /ImageType:Install /ImageGroup:BasicImages"
cmd = "WDSUTIL /Set-Server /WdsUnattend /Policy:Enabled /File:Unattendx86.xml /Architecture:x86"
WDS: Integrate drivers into a WIM file with DISM
1. Download and install WAIK
2.Mount the Image
Create folders "Images" and "mount" on c:\
BOOT.WIM=>
dism /mount-wim /WimFile:c:\Images\boot.wim /index:2 /MountDir:c:\mount
INSTALL.WIM=>
dism /mount-wim /WimFile:c:\Images\Install.wim /index:1 /MountDir:c:\mount
3. Administrate drivers
-3.1 Get drivers
-dism /image:c:\mount /get-drivers
-3.2 Add drivers
-3.2.1 with *.inf
-dism /image:c:\mount /add-driver /driver:c:\HP7700\heki.inf
-3.2.2 add drivers in a specified folder
-Type in /recurse to install all drivers in one folder
Example:
dism /image:c:\mount /add-driver /driver:c:\drv /recurse
-3.3 Delete driver
-3.3.1 info driver
- dism /image:c:\mount /get-driverinfo /driver:oem1.inf
-3.3.2 delete driver
-Dism /Image:c:\mount /remove-driver /Driver:oem1.inf
4. Image unmount
Dism /unmount-wim /MountDir:c:\mount /commit
5. Adding the Image to the WDS
Delete the old Image and add the new.
If you only replace the old image sometimes the changes will not be applied.
WDS: Skiprearm in Win7 Sysprep Process
Normally you can only capture a Windows 7 Image three times, with the following XML you can skip the rearm process and you can capture unlimited times!
skiprearm.xml:
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/Tims/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
Save the script to c:\Windows
Invoke sysprep like:
sysprep /generalize /oobe /shutdown /unattend:c:\Windows\skiprearm.xml
skiprearm.xml:
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/Tims/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
Save the script to c:\Windows
Invoke sysprep like:
sysprep /generalize /oobe /shutdown /unattend:c:\Windows\skiprearm.xml
WDS: Activate Office 2010 after Imaging
This works for an english OS. For other languages change "Program Files".
For Win XP
Create "actOffice10en.bat" under D:\RemoteInstall\Images\ImageGroup\WinXP\$OEM$\$1\adm
actOffice10en.bat
net start "osppsvc"
cd c:\windows\system32\cscript
cscript.exe C:\"Program Files\Microsoft Office\Office14\OSPP.VBS" /act
Aadd the entry in sysprep.inf
[GuiRunOnce]
Command1=c:\adm\actOffice10en.bat
For Win7
Create the SetupComplete.cmd under D:\RemoteInstall\Images\ ImageGroup \Win7\$OEM$\$$\Setup\Scripts
SetupComplete.cmd
net start "sppsvc"
cd c:\windows\system32\cscript
cscript.exe C:\"Program Files\Microsoft Office\Office14\OSPP.VBS" /act
For Win XP
Create "actOffice10en.bat" under D:\RemoteInstall\Images\ImageGroup\WinXP\$OEM$\$1\adm
actOffice10en.bat
net start "osppsvc"
cd c:\windows\system32\cscript
cscript.exe C:\"Program Files\Microsoft Office\Office14\OSPP.VBS" /act
Aadd the entry in sysprep.inf
[GuiRunOnce]
Command1=c:\adm\actOffice10en.bat
For Win7
Create the SetupComplete.cmd under D:\RemoteInstall\Images\ ImageGroup \Win7\$OEM$\$$\Setup\Scripts
SetupComplete.cmd
net start "sppsvc"
cd c:\windows\system32\cscript
cscript.exe C:\"Program Files\Microsoft Office\Office14\OSPP.VBS" /act
Windows: Create a custom MMC for Administration
Type in the start search box mmc.exe
Click on File and select Add/Remove Snap-in...
Select the Snap-Ins you want to use.
Click Save As to save your custom console.
Subscribe to:
Posts (Atom)