How to clean up downloaded files for Automatic updates / Windows Update

Automatic updates are downloaded in %systemroot%\SoftwareDistribution\Download folder and occupy a lot of space. You can safely delete these files.

Type the following commands in command prompt window

net stop wuauserv

Open Windows Explorer and delete all contents in the folder c:\windows\SoftwareDistribution\Download

Go back to Command prompt window and type net start wuauserv

Be sure to restart Windows before another attempt at getting the updates !!

-------------- End of Document -----------------

Tags: Windows 2000, Windows 2003, Windows XP

Published Date: 20080517

How to remove Outlook Express 5.1, 5.5, or 6.0 from a Windows 2000-based computer

To manually remove Outlook Express 5.1, Outlook Express 5.5, or Outlook Express 6.0 from a Windows 2000-based computer, follow these steps:

Note Make sure that you are logged on to the computer as an administrator.

1. Make sure that system files and file name extensions are visible.

a. Double-click the My Computer icon.

b. On the Tools menu, click Folder Options, and then click the View tab.

c. In the Hide Files and Folders section, click Show hidden files and folders, and then click to clear the Hide file extensions for known file types check box.

d. Click to clear the Hide Protected Operating System Files (Recommended) check box, and then click Yes in the warning message dialog box.

e. Click OK to close the Folder Options dialog box.

2. Delete the Outlook Express registry keys.

To remove Outlook Express, you must delete the registry keys for Outlook Express. To do this, follow these steps:

a. Click Start, click Run, type regedit, and then click OK.

b. Locate the following registry keys, right-click the registry key, and then click Delete:

•HKEY_LOCAL_MACHINE\Software\Microsoft\Outlook Express

•HKEY_CURRENT_USER\Software\Microsoft\Outlook Express

•HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

c. Close Registry Editor.

3. Rename the Outlook Express files.

To complete the removal procedure, rename the Outlook Express files. Each of these files is located in the default file folder and in the C:\Winnt\System32\Dllcache folder. For example, the Msoe.dll file is located in the following folders:

• C:\Program Files\Outlook Express

• C:\Winnt\System32\Dllcache

You must rename the file in both folders to successfully remove Outlook Express. To rename the Outlook Express files, follow these steps:

a. Remove any CDs that are in your CD drive.

b. Start Windows in safe mode.

c. Click Start, point to Search, and then click For Files and Folders.

d. In the Search for files or folders named box, type Msoe.dll, and then click Search Now.

e. Right-click the first Msoe.dll file, and then click Rename.

f. Type Msoe.old, and then press ENTER.

g. To rename the second instance of the Msoe.dll file, repeat steps e and f.

h. When you are prompted about Windows file protection, click Cancel.

i. When you are prompted about whether to keep unrecognized file versions, click Yes.

j. To rename the following files, repeat steps d through i:

• Msoeacct.dll

• Msoert2.dll

• Msoeres.dll

• Msimn.exe

• Oeimport.dll

• Oemiglib.dll

• Oemig50.exe

• Setup50.exe

k. Restart your computer in Normal Mode.

-------------- End of Document -----------------

Tags: Windows 2000, Windows XP

Published Date: 20080516

Important and basic Windbg commands

!analyze –v :analyzes the dump file and provides a best possible diagnosis of the same

!sympath :shows path to your symbol files

lm :lists all loaded modules in memory

lmf :list loaded modules with full path

lmt :list loaded modules with last modified timestamp

!lmi <module name> :Shows header information about the module, including the date and time, which can often tell you whether you're running an older version of a program and need to upgrade

vertarget :Shows information about the system on which you are debugging

!peb :Shows the PEB (process environment block) including DLL information

.trap :Dump a trap frame

.chain :Lists all loaded debugger extensions

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20071109

Finding NIC information remotely using WMIC commands

WMIC is a very useful and very under utilized interface for server / OS management provided in Windows. One very common example that generally requires logging in to the server is to check / set Network card properties. At a command prompt type WMIC and then /? to find the available interfaces that can be queried or set.

To check NIC Configuration tyep the following sequence of commands at the command prompt. For example:

WMIC
/NODE:<hostname>
NICCONFIG Get DNSHostName

NICCONFIG Get DNSDomainSuffixSearchOrder

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20071112

How to create a user-defined service in Windows

Execute the following command at the command promt. You need to have Windows Resource Kit installed on the box. ‘C:\Program Files\Resource Kit\Instsrv.exe <my Service> C:\Program Files\Resource Kit\Srvany.exe’

1. Open Registry editor and go to the following key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<my service>
2. From the Edit menu, click Add Key. Type the following and click OK:
   Key Name: Parameters
   Class : <leave blank>
3. Select the Parameters key and from the Edit menu, click Add Value. Type the following and click OK

Value Name: Application
Data Type : REG_SZ
String : <path>\<application.ext>
where <path>\<application.ext> is the drive and full path to the application executable including the extension (i.e., C:\WinNT\Notepad.exe)

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20071025

How to control AD relication using RepAdmin

Replication is controlled by the Options attribute on the NTDS Settings object as shown in the following table. The Options attribute value is found in ADSIEdit by browsing to Configuration -> Sites -> <Site Name> -> Servers - <Server Name> -> NTDS Settings.

RepAdmin Option	NTDS Settings/Options attribute value
Enable Inbound and Outbound	1
Enable Inbound, Disable Outbound	5
Enable Outbound, Disable Inbound	3
Disable Inbound and Outbound	7

 

Using RepAdmin /Options

Repadmin /options <dcname> <+/-> <DISABLE_INBOUND_REPL/DISABLE_OUTBOUND_REPL>

Here is what it looks like when you disable or enable replication via RepAdmin using the /Options switch. Note that the minus (-) character in front of the option indicates a negative disable or enable. To disable these values, use the plus (+) sign: +DISABLE_INBOUND_REPLICATION, for example.

To enable both inbound and outbound replication:

C:\>repadmin /options wtec-dc1

Current DC Options: IS_GC

To enable only outbound replication:
C:\>repadmin /options wtec-dc1 -disable_outbound_repl
Current DC Options: IS_GC DISABLE_OUTBOUND_REPL
New DC Options: IS_GC

To disable only inbound replication:
C:\>repadmin /options wtec-dc1 +disable_inbound_repl
Current DC Options: IS_GC
New DC Options: IS_GC DISABLE_INBOUND_REPL

To disable inbound and outbound replication:

C:\>repadmin /options wtec-dc1 +disable_outbound_repl +disable_inbound_repl

Current DC Options: IS_GC

New DC Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL

repadmin /Options *  is a good command that produces a quick report to determine if any other DCs have replication purposely disabled.

CAUTION: These commands remain in effect until changed. That is, if you turn on the Disable inbound repl feature, it will remain on (i.e., inbound replication is disabled) until you enable it again using the –disable_inbound_repl command).

There are several reasons why you would want to do this:

1. If a report such as RepAdmin / replsum / bysrc / bydest / sort:delta shows that replication has not happened in the past 60 days (tombstone lifetime). Then you would want to disable outbound replication. Of course, if you have strict replication enabled you will be OK, but it's better to be safe than sorry in this instance. The RepAdmin command is quick and easy. Note that in this case there is really no need to disable inbound replication since the danger is in replicating outbound. Still, I suggest that you play it safe and do both until you determine the existence of lingering objects.
2. If you suspect corruption or issues with a domain controller that you don't want replicated, this command is an easy way to prevent replication from that source. Remember, you can remotely execute RepAdmin. And the DCList option in RepAdmin can be used to specify a single DC, or an asterisk (*) can be used to specify all DCs.
3. For Authoritative Restore: Authoritative restoration is used to move the Active Directory back in time by taking a single system state backup from an earlier date, stopping replication on a DC, then restoring the backup using NTDSUtil's Authoritative Restore feature. When it boots into normal mode and replication is enabled (using RepAdmin), this copy of the Active Directory is pushed out as authoritative and all DCs get a copy. Since you typically want to at least disable inbound replication before starting this -- and then enable it again -- it's easy to forget after the restore that you need to re-enable replication.
4. Lag Sites can be another cause for replication failure. Lag sites are scheduled to replicate only once or twice per week to provide a sort of online backup for a quick authoritative restore. In case of a disaster recovery situation, such as deleting an OU, it's important to disable replication on the lag site DC(s). Some prefer to simply keep replication disabled on the lag DC(s) and manually re-enable it when they want replication. Again, it's easy to forget that it was purposely disabled.

-------------- End of Document -----------------

Tags: Active Directory, Windows Server 2000, Windows Server 2003

Published Date: 20071003

How to convert SID to username and username to SID

PsGetSid makes reading a computer's SID easy, and works across the network so that you can query SIDs remotely. PsGetSid also lets you see the SIDs of user accounts and translate a SID into the name that represents it.

Usage: psgetsid [\\computer[,computer[,...] | @file] [-u username [-p password]]] [account|SID]

If you want to see a computer's SID just pass the computer's name as a command-line argument. If you want to see a user's SID, name the account (e.g. "administrator") on the command-line and an optional computer name.

Specify a user name if the account you are running from doesn't have administrative privileges on the computer you want to query. If you don't specify a password as an option PsGetSid will prompt you for one so that you can type it in without having it echoed to the display.

-------------- End of Document -----------------

Tags: Active Directory, Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905

How to get detailed hardware information of HP / Compaq server

HP / compaq servers generally have the survey / hpdiags utility installed in %system drive%\hp\hpdiags folder. This utility generates a detailed system information file and can be very useful for many diagnostic and inventory purposes.

1. Run the hpdiags.exe utility and it would generate a survey%Date%%Time%.xml file. (This survey file can be quite cryptic and I generally use the following commands to make it a readable html file.)

2. Copy the surveyxxxx.xml file and survey.xsl file to your computer.

3. Download msxsl.exe from microsoft.com

4. Run the command msxsl.exe <input_file.xml> survey.xsl -o <outpul_file.html>at the command prompt. Give fully qualified path names wherever necessary.

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905

Do I have local admin rights?

Find out how in three mouse clicks (or two keys plus a mouse click)....

1. Click 1: Right-Click My Computer

2. Click 2: Select Properties

3. Click 3: Select the "Computer Name" tab

If the "Change" box is available, you're a local administrator. If it's greyed out, you're not. It's that simple.

So as to combine one tip into two, if you didn't know, you could change Clicks 1 and 2 above with 2 keyboard hits: Windows Key + Break.

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905

How to give Read-only access to Event logs to particular users

Sometimes it is necessary to permit certain groups of people access to event logs on domain controllers or other servers in the domain. The most common request is read-only access to various event logs to enable delegated administrators monitor the logs. A good example is giving DNSAdmins read-only access to the DNS event logs.

The process is very cryptic and involves modification of some registry keys. It is documented in the below mentioned KB articles:

http://support.microsoft.com/?id=323076
How to set event log security locally or by using Group Policy in Windows Server 2003
http://support.microsoft.com/kb/842209/en-us
You receive an "Access is denied" error message when you try to access an event log on a Windows Server 2003-based computer or on a Windows 2000-based computer

The default ACLs for each event log is below, which you need to start with as your base then add whatever additional ACLs you want:

Application Log:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

Directory Services:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

DNS Service:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

File Replication Service:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)

Security Event Log:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)

System Event Log:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x5;;;SO)(A;;0x1;;;IU)(A;;0x1;;;SU)(A;;0x1;;;S-1-5-3)(A;;0x1;;;S-1-5-3)(A;;0x2;;;NS)

To add more groups or users to the ACL list, you first need to determine the SID of the user or group. It should start with an "S" and be quite long, such as S-1-5-21-702074188-2833732907-241959117-48998. You can use LDP or other methods to find the SID.

The SDDL syntax for adding read-only access to any of the logs above is:

(A;;0x1;;;<Insert SID here>), for example: (A;;0x1;;;S-1-5-21-702074188-2833732907-241959117-48998)

For the security event log the final ACL would look like:

O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x1;;;S-1-5-21-702074188-2833732907-241959117-48998)

Just cut and paste this into the GPMC for the right event log, and viola! Instant read-only access is granted to a specific user or group

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070829

Run command to lock windows

Ever wondered how can you lock your computer using a script?

Just try typing the below line verbatim on the run window and hit enter. Presto! Your computer is locked.

rundll32.exe user32.dll, LockWorkStation

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20080828

Determine System configuration information of Windows box remotely

I always wanted to gather information such as CPU / RAM / OS Version / Installed OS patches / System Uptime / Installation date and other such details that are required for inventory purpose for Wintel boxes.

Systeminfo is a command line tool enables an administrator to query for basic system configuration information. Below is the parameter list of the command:

1. /S system: Specifies the remote system to connect to.

2. /U [domain\]user: Specifies the user context under which the command should execute.

3. /P [password]: Specifies the password for the given user context. Prompts for input if omitted.

4. /FO format: Specifies the format in which the output is to be displayed. Valid values: "TABLE", "LIST", "CSV".

5. /NH: Specifies that the "Column Header" should not be displayed in the output. Valid only for "TABLE" and "CSV" formats.

6. /?: Displays this help/usage.

This would help a lot in filling your h/w inventory sheets.

--------------- End of Document -----------------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070822

Interactive task’s GUI does not appear on System Console

If a scheduled task fires at such a time when no one is logged into the system, the GUI will not visible to the user if he logs in later on (even from the console). However the process would be running on the system. It happens because:

1. The task is launched in the security context of the 'Run As' configured user of the task.
2. Windows looks for an active available session for that user.
3. If Windows finds a session the task is launched in that user's Desktop.
4. If Windows does not find the user's sessions the task is launched as a background task.

However remember the task would be launched in the console session only if more then one sessions for the same user are active on the box. Running interactive schedule tasks in TS sessions is not advisable and can give unpredictable results.

In contrast if the Task was scheduled as an 'AT' task the GUI would appear to any user who logs in to the console. This is true even if the user logs in to the console after the task was fired up. The following things should be kept in mind for AT tasks.

1. AT tasks run in the SYSTEM security context.
2. An AT task cannot access network resources because it is NOT running as a user.
3. You open an AT task in Task scheduler GUI and do anything, it no longer remains an AT task.

There apparently are two type of schedule tasks available in Windows:

1. Tasks that are scheduled / created using Task scheduler GUI.
2. Tasks that are scheduled / created using 'AT' command.
   

AT tasks can be seen in the GUI of Task scheduler but you cannot create and modify them there. However Task Scheduler tasks are not visible using the AT command.

 

--------------------- End of Document ----------------------------

Tags: Windows Server 2000, Windows Server 2003

Published Date: 20070822

Drives mapped using Startup script or schedule task are not available.

Here are the steps to reproduce.

1. Map a network share to a drive letter using schedule task that fires at System Startup.
2. Using the same login credentials create another schedule task to copy a file from local drive to the mapped drive.
3. Set the above schedule task to fire at any specific time.
4. The 'copying' task would not be able to see the mapped drive. Although both the schedule tasks are running with the same login credentials.

The above is also true for Windows services. Mapped drives are not available to windows services, so it is best to use UNC paths in Windows service code, if required.

The following MS article explains this behavior.

http://support.microsoft.com/kb/180362/en-us

"-In Windows 2000, mappings to specific drive letters are globally accessible as long as the ID used has appropriate permissions." "-In Windows 2003, each individual login session has its own individual drive mappings that are not accessible to other users OR even to the same user in a different login session. In this case, one session is invoked by the first scheduled task, and another by the second, so they would not be able to share the drive mappings."

"On Windows NT and on Windows 2000, drive letters are global to the system. All users on the system share the letters A-Z. Each user does not get their own set of drive letters. This means a user can access the redirected drives of another user if they have the appropriate security access."

-------------------End of Document -------------------------

Tags: Windows Server 2000, Windows Server 2003

Published Date: 20080801