Tuesday, March 27, 2012

Windows Server 2008 R2: KMS for Windows and Office


KMS for OfficeOffice 2010

-Download the KeyManagementServiceHost.exe
-Open KeyManagementServiceHost.exe
-Type in the KMS key

Client VL for Win 7
Vista Business / Vista Enterprise, Win7 Professional / Win7 Enterprise

 KMS A
Windows Web Server 2008 / Windows Server 2008 HPC Edition / Client VL

 KMS B
Windows Server 2008 Standard / Windows Server 2008 Enterprise / Client VL

 KMS C
Windows Server 2008 Datacenter /Windows Server 2008 für Itanium-based Systems / Client VL


Showing status for Office only:
slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864



 KMS for Windows
Type in the KMS key with the paramaeter:
slmgr.vbs /ipk 12345-12345-12345-12345-12345

Activate the KMS key:
slmgr.vbs /ato



Showing status for Windows KMS Hosts:
slmgr.vbs /dlv
slmgr.vbs /dlv all


You can also check the KMS Events in the Eventviewer:

Eingestellt von No comments:

Monday, March 26, 2012

WDS: Integrate a languagepack with DSIM


Showing the index you have to use!
Dism /get-wiminfo /wimfile:C:\images\Win7.Ent.EN-EN.WIM


Dism /Mount-WIM /WimFile:C:\Images\Win7.Ent.EN-EN.WIM /Index:"1" /MountDir:C:\mount


Now download the language pack you want to integrate and create a directory C:\Scratch, because the files have to save temporally.


Dism /Image:C:\mount /ScratchDir:C:\Scratch /add-package /packagepath:C:\Languagepacks\lpGER.cab


Command to show information about the installed language packs.
Dism /Image:C:\mount /get-Intl



Optional you can add some other Language Packages, if you want.

To save the changes you have to unmount the Image.
Dism /Unmount-WIM /MountDir:C:\mount /Commit

------------------------------------------------------------------------------------------------------------
Set a standard Input System and User-Locale in the XML file
For a standard Input-, System- and User-Locale edit the ImageUnattend.xml:


For German 32bit

<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>de-DE; en-US</InputLocale>
<SystemLocale>de-DE</SystemLocale>
<UserLocale>de-DE</UserLocale>
</component>


For English 32bit

<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>en-US; de-DE</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UserLocale>en-US</UserLocale>
</component>
Eingestellt von 2 comments:

WDS: Integrate a hotfix using DSIM



1.Check Index of the wim file
Dism /get-wiminfo /wimfile:c:\images\install.WIM


2.Mount image
Dism /mount-wim /wimfile:c:\images\install.wim /mountdir:c:\mount /index:1


3.Expand the Hotfix with 7zip and extract the cab file



4.Add the cab file to the wim
Dism /image:c:\images\install.wim /add-package /Packagepath:c:\hotfix\Windows6.1-KB2028749-x86.cab


5.Unmount image and commit changes
Dism /unmount-wim /mountdir:c:\mount /Commit
Eingestellt von No comments:

AD: MSI Software Rollout via GPO with groups


In ADUC
Create a global group named "GG-Workstations Department X"
Create a local group in ADUC named "LG-Software XY 9.1.0" and add it to "GG-Workstations Department X"
Add the local group "LG-Software XY 9.1.0" to the Software folder.

In GPO management
Create a gpo for the Software and link it to the right OU
Under tab Scope, Security Filtering and Remove Authenticated Users and add the local group
Right click on the policy and click Edit
Expand Computer Management>Policies>Software Settinsgs>Software installation
Right click Software installation click New> package
Browse to the package
Click Advanced
General Tab: Type in the Software Name, Version, language and location
Deployment: Set "Uninstall this application when it falls ou of the scope of management", Click Advanced and set "Ignore language when deploying this package"
Modifications: For MST files
Security: Remove Authenticated users(Click Advanced,Choose Authenticated Users and deselect Include inheritable… Click Add, After this Aplly and click Yes), add the local group
Eingestellt von No comments:

ADUC: Additional account info in Active Directory Users and Computers

Hi guys,
for getting additional account info in ADUC following the following steps:

Downloading the files:
-acctinfo.dll
-lockoutstatus.exe

Create a shortcut for ADUC runs in 32bit context:



















Save the files to the same location.

For 32bit using the following cmd

@echo off


echo This program will register the Acctinfo tab Add-on to AD Users and Computers and integrate the lockoutstatus.exe hf TIM
echo.


xcopy lockoutstatus.exe "%systemroot%\system32\" /e /y > nul:
xcopy acctinfo.dll "%systemroot%\system32\" /e /y > nul:
regsvr32 "%systemroot%\system32\acctinfo.dll" /s


exit


For 64bit using this

@echo off


echo This program will register the Acctinfo tab Add-on to AD Users and Computers and integrate the lockoutstatus.exe hf TIM
echo.


xcopy dsa32.lnk "%systemdrive%\Users\%username%\desktop\" > nul:
xcopy lockoutstatus.exe "%systemroot%\syswow64\"/e /y > nul:
xcopy acctinfo.dll "%systemroot%\syswow64\" /e /y > nul:
regsvr32 "%systemroot%\syswow64\acctinfo.dll" /s


exit



After you run the cmd restart ADUC and it will give you a new tab:




Eingestellt von 2 comments:

Thursday, March 22, 2012

AD: GPO Disable Games in Windows XP


Open GPO Management, create a new GPO and go to:
Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies
Rightclick "Additional Rules" and click on "New Path Rule..."




















Now type in the following paths:
%SystemRoot%\system32\freecell.exe
%SystemRoot%\system32\mshearts.exe
%SystemRoot%\system32\sol.exe
%SystemRoot%\system32\spider.exe
%SystemRoot%\system32\winmine.exe
C:\Program Files\MSN Gaming Zone
C:\Program Files\Windows NT\Pinball\PINBALL.EXE

Eingestellt von 3 comments:

AD: Powershell cmdlets


Add-ADDomainControllerPasswordReplicationPolicy
Add-ADGroupMember
Clear-ADAccountExpiration
Disable-ADOptionalFeature
Enable-ADOptionalFeature
Get-ADAccountResultantPasswordReplicationPolicy
Get-ADComputerServiceAccount
Get-ADDomain
Get-ADDomainControllerPasswordReplicationPolicy
Get-ADFineGrainedPasswordPolicy
Get-ADForest
Get-ADGroupMember
Get-ADOptionalFeature
Get-ADPrincipalGroupMembership
Get-ADServiceAccount
Get-ADUserResultantPasswordPolicy
Move-ADDirectoryServer
Move-ADObject
New-ADFineGrainedPasswordPolicy
New-ADObject
New-ADServiceAccount
Remove-ADComputer
Remove-ADDomainControllerPasswordReplicationPolicy
Remove-ADFineGrainedPasswordPolicySubject
Remove-ADGroupMember
Remove-ADOrganizationalUnit
Remove-ADServiceAccount
Rename-ADObject
Restore-ADObject
Set-ADAccountControl
Set-ADAccountPassword
Set-ADDefaultDomainPasswordPolicy
Set-ADDomainMode
Set-ADForest
Set-ADGroup
Set-ADOrganizationalUnit
Set-ADUser
Unlock-ADAccount

Eingestellt von No comments:

AD: Active Directory Tools

Onboard


Event Logs

DCDIAG
Domaincontroller Diagnostic Tools

NETDIAG
Showing issue for the DC network

DNSLINT
For checking DNS

NETSH
DHCP, Network options

Repadmin
Replication tool


Data Collector Sets
Performance Diagnostics for AD, System and more.




FREE Third Party Tools


AD Topology Diagrammer(Visio required)

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13380

AD Tidy Free Edition
Query AD for last logged on Attributes of User/Computer accounts. Move Delete  and more options available.
http://www.cjwdev.co.uk/Software/ADTidy/Info.html

AD Info Free Edition
Query AD for Information about AD objects
http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html

LIZA
Analyse ACL on Active Directory
http://www.ldapexplorer.com/en/liza.htm

LUMAX
LDAP Explorer and Maintenance
http://www.ldapexplorer.com/en/lumax.htm
Eingestellt von 2 comments:

ADUC: Create a custom LDAP Query


To create a custom Saved Query, follow these steps.

  1. Right-click Saved Queries and click the New-Query option
  2. Type in a name for your saved query, such as "Search"
  3. Click the Define Query button
  4. Under the Find drop-down list, select Custom Search
  5. Click the Advanced tab
  6. Type in your query
 

Some example for LDAP Queries:

Finds all disabled User Accounts

Finds all groups that have no members

Finds all locked out User Accounts
Eingestellt von 1 comment:

Windows Server: Printserver Migration from 2003 to 2008


For a Migration do the following steps:

1. Cleanup the old server.
2. !!!Update all Drivers to x86 and x64 on the old server!!! The x86 and x64 drivers must be the same. Use Universal Print Driver if you can.
Link HP:
http://h20271.www2.hp.com/SMB-AP/cache/380442-0-0-14-121.html
Link Lexmark:
http://www1.lexmark.com/en_US/software/upd/index.shtml
Link Brother:
http://welcome.solutions.brother.com/BSC/public/us/us/en/faq/faq/000000/002700/000074/faq002774_000.html?reg=us&c=us&lang=en&prod=mfc9010cn_us
3. Expand the tree, then right click on Print Servers and click on Add/Remove Servers .
4. Enter the name of the print server you want to migrate the printers off of and select Add to List, then click Apply.
5. Right Click on the server and select Export Printers to a File and save that file.
6. After the export is complete, right click on your new server in the tree.
7. Select Import Printer from a File, and select the export.
8. Follow the wizard…
Eingestellt von No comments:

AD: Well known SIDs in Active Directory

---FOR USERS---

User Well known SID

Creator Owner S-1-3-0
Administrator S-1-5-21domain-500
Guest S-1-5-21domain-501
KRBTGT S-1-5-21domain-502
Interactive S-1-5-4
Anonymous S-1-5-7

---FOR GROUPS---

Group Well known SID

Everyone S-1-1-0
Enterprise Domain Controllers S-1-5-9
Authenticated Users S-1-5-11
Domain Admins S-1-5-21domain-512
Domain Users S-1-5-21domain-513
Domain Computers S-1-5-21domain-515
Domain Controllers S-1-5-21domain-516
Cert Publishers S-1-5-21domain-517
Schema Admins S-1-5-21domain-518
Enterprise Admins S-1-5-21domain-519
Group Policy Creator Owners S-1-5-21domain-520
Administrators S-1-5-32-544
Users S-1-5-32-545
Guests S-1-5-32-546
Account Operators S-1-5-32-548
Server Operators S-1-5-32-549
Print Operators S-1-5-32-550
Backup Operators S-1-5-32-551
Replicators S-1-5-32-552
Pre-Windows 2000 Compatible Access S-1-5-32-554
Remote Desktop Users S-1-5-32-555
Network Configuration Operators S-1-5-32-556
Incoming Forest Trust Builders S-1-5-32-557
Enterprise Read-only Domain Controllers S-1-5-21domain-498
Read-only Domain Controllers S-1-5-21domain-521
Allowed RODC Password Replication Group S-1-5-21domain-571
Denied RODC Password Replication Group S-1-5-21domain-572
Event Log Readers S-1-5-32-573





Eingestellt von No comments:

Wednesday, March 21, 2012

AD: Create a Fine-Grained Password Policy

Req.: Windows Server 2008


-Open ADSI Edit
-Go to CN=System, CN=Possword Settings Container
-Right click select New>Object
-Select the class msDS-PasswordSettings and click Next
-Enter the values msDS-Minimum PasswordAge (format Days:Hours:Minutes:Seconds)01:00:00:00
-Assign this policy to a group:

Rightclick object
Got to Attribute msDS-PSOAppliesTo
Click Edit and select Add Windows Account. Type in the group name.



Eingestellt von No comments:

WDS: Setup WDS with wdsutil

After you adding the WDS role to your Windows Server 2008 R2 you can Setup the WDS using a cmd file.Copy your images and unattend files to the server.

WDSUTILSetup.cmd

cmd = "wdsutil /initialize-server /reminst:F:\RemoteInstall"

cmd = "wdsutil /Set-Server /AnswerClients:all"

cmd = "wdsutil /Add-Image /ImageFile:"C:\boot.wim" /ImageType:Boot"

cmd = "wdsutil /add-image /Imagefile:"C:\capture.wim" /ImageType:Boot"

cmd = "wdsutil /add-Imagegroup /Imagegroup:BasicImages"

cmd = "wdsutil /Add-Image /ImageFile:"C:\Install.wim" /ImageType:Install /ImageGroup:BasicImages"

cmd = "WDSUTIL /Set-Server /WdsUnattend /Policy:Enabled /File:Unattendx86.xml /Architecture:x86"
Eingestellt von No comments:

WDS: Integrate drivers into a WIM file with DISM


1. Download and install WAIK



2.Mount the Image
Create folders "Images" and "mount" on c:\
BOOT.WIM=>
dism /mount-wim /WimFile:c:\Images\boot.wim /index:2 /MountDir:c:\mount

INSTALL.WIM=>

 dism /mount-wim /WimFile:c:\Images\Install.wim /index:1 /MountDir:c:\mount


3. Administrate drivers
-3.1 Get drivers
-dism /image:c:\mount /get-drivers


-3.2 Add drivers
-3.2.1 with *.inf
-dism /image:c:\mount /add-driver /driver:c:\HP7700\heki.inf
-3.2.2 add drivers in a specified folder
-Type in /recurse to install all drivers in one folder
Example:
dism /image:c:\mount /add-driver /driver:c:\drv /recurse


-3.3 Delete driver

-3.3.1 info driver
- dism /image:c:\mount /get-driverinfo /driver:oem1.inf

-3.3.2 delete driver
-Dism /Image:c:\mount /remove-driver /Driver:oem1.inf



4. Image unmount
Dism /unmount-wim /MountDir:c:\mount /commit



5. Adding the Image to the WDS
Delete the old Image and add the new.
If you only replace the old image sometimes the changes will not be applied.
Eingestellt von 2 comments:

WDS: Skiprearm in Win7 Sysprep Process

Normally you can only capture a Windows 7 Image three times, with the following XML you can skip the rearm process and you can capture unlimited times!



skiprearm.xml:
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="generalize">
<component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/Tims/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>


Save the script to c:\Windows


Invoke sysprep like:
sysprep /generalize /oobe /shutdown /unattend:c:\Windows\skiprearm.xml
Eingestellt von No comments:

WDS: Activate Office 2010 after Imaging

This works for an english OS. For other languages change "Program Files".



For Win XP
Create "actOffice10en.bat" under D:\RemoteInstall\Images\ImageGroup\WinXP\$OEM$\$1\adm


actOffice10en.bat
net start "osppsvc"
cd c:\windows\system32\cscript
cscript.exe C:\"Program Files\Microsoft Office\Office14\OSPP.VBS" /act


Aadd the entry in sysprep.inf
[GuiRunOnce]
Command1=c:\adm\actOffice10en.bat



For Win7
Create the SetupComplete.cmd under D:\RemoteInstall\Images\ ImageGroup \Win7\$OEM$\$$\Setup\Scripts


SetupComplete.cmd
net start "sppsvc"
cd c:\windows\system32\cscript
cscript.exe C:\"Program Files\Microsoft Office\Office14\OSPP.VBS" /act
Eingestellt von No comments:

Windows: Create a custom MMC for Administration




Type in the start search box mmc.exe
Click on File and select Add/Remove Snap-in...
Select the Snap-Ins you want to use.

Click Save As to save your custom console.

Eingestellt von No comments:
Subscribe to: Posts (Atom)