Convert lastlogon or laslogontimestamp to date

It is always difficult to convert the large integer value on the account's property. The date is stored as a large integer. To convert it you can use the built in w32tm command:


w32tm /ntte 128787219065874052
[Output] 149059 06:45:06.5874052 - 2/10/2009 12:45:06 AM (local time)

w32tm /ntte 128805109570324972
[Output] 149079 23:42:37.0324972 - 3/2/2009 5:42:37 PM (local time)

------------ End of Document ------------------------
Tags: Active Directory, Windows Server 2003, Windows Server 2008
Published Date: 20090305

Remaining Part

To check the previous par of this post click here.

 

i8042 is a system service that controls ps2 mouse and keyboard ports. Some of the features of this driver are:

• Hardware-dependent, simultaneous operation of a PS/2-style keyboard and mouse device
• Management of I/O Port and IRQ settings and routines
• Plug and Play and power management
• Operation of legacy devices
• Other interface and interaction components between the operating system and these types of devices

However if your server does not have a ps2 device attached or your BIOS disables ps2 ports to save IRQ, i8042 would still search for hardware and if it deos not find any ps2 device OR gets a weird data from BIOS, it would error out.

There are two ways to fix this:

A. Create a parameter in i8042 service properties to identify it as a headless node.

• Go to Start > Run and put "regedit.exe" and click "Ok"
• Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters in Registry Editor
• Add a new REG_DWORD "Headless" and set the value to 1
• Reboot the server.

                       OR Infuse new life in your OLD PC

                            Repair Your Windows XP

B. Disable the i8042 service from registry.

(**Be careful you may not be able to use PS2 Mouse and keyboard if you do so**)

• Go to Start > Run and put "regedit.exe" and click "Ok"
• Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt in Registry Editor
• Change the REG_DWORD value "Start" from  "1" to "4". This sets the i8042 service from SERVICE_BOOT_START to SERVICE_DISABLED
• Reboot the server

The reason why it only happens in some cases only is because some BIOSes have a setting to enable/disable ps2 ports. You can set this to enable, disable or auto.

In auto mode, if it does not detect a ps2 device it might disable the ps2 port to save an irq. However, some BIOSes have no setting at all and behave as "auto" mode by default. If i8042 search for hardware and finds no ps2 or gets a weird data from BIOS pnp, might error out.

DONT LEAVE THIS PAGE NOW.

:::::CHECK THIS SITE before you move on::::::

Fly this holiday anywhere around the world & save on huge on cheapest airfare using an exclusive CheapOair coupon Code HOLIDAY10. Simply plug in this coupon code when buying your airline ticket at CheapOair.com and save $10 on all domestic & international flights. Coupon Code Valid till Dec 2008

-------------- End of Document -----------------

Tags: Windows Server 2003

Published Date: 20090101

How to rename an Exchange Server running on a Windows Cluster

Though I would agree that is not a good idea to rename your Exchange server that is running on a Windows Server Cluster, however you may need to it for various reasons. I did test this in my test environment.

I had two tasks at hand:

1. Rename the cluster name itself
2. Rename the Exchange Virtual Server name

How to rename the cluster:

• To Rename the Cluster right click on the cluster name and choose rename.

• Type the new name of the cluster and you are done.
• Check the properties of 'cluster name' resource to confirm the change of name.

• Take the 'cluster name' resource offline and bring it back online.
• DTC resource would also have gone offline. Bring it online as well.

How to rename the Exchange Virtual Server:

• Bring all the Exchange resources off line including the network name (Exchange Virtual Server network name).
• Rename the Exchange Virtual Server network name resource by choosing properties and editing the parameter of the resource.

• Bring the Exchange Virtual Servername and Exchange Virtual Server IP address resources online.

• Delete the Exchange Virtual Server System Attendant resource. It is necessary because a Windows Cluster server can only run a single instance of Exchange Virtual Server.

• All other dependant resources should also be deleted. choose Yes to do so.

• Move all the databases and log files to an alternate location. If you do not do so Windows will not let you create the System Attendant resource and will complain that the exchange data directory is not empty.

• Create a new System Attendant resource and all other dependant resources would be created automatically.
• Bring all the resources online once and check everything is fine in the cluster administrator.

• Now open Exchange System Manager and you should see both the new and the old Exchange Servers listed.

• If you try removing the old server, Exchange would complain that some users still exist on the server and you cannot remove the Exchange Server.

• Use the following article to find all the users whose AD attributes for current mailbox server has not yet been update to the new server and rip off the Exchange attributes from all these users.

• Put a check mark against the box "This database can be overwritten by a restore" found under Mailstore -> Properties -> Database tab. Do this for all the information stores in the new Exchange Virtual Server.

• Take the System Attendant resource offline from the cluster.
• Copy back all the exchange database and log files that you had copied earlier to an alternate location.
• Bring back the System Attendant and all other resources online.
• Check the Mailstore of the new Exchange Virtual Server and it should now list all the users who had their mailbox on this server.

• Run the MailBox cleanup Agent Exchange System Manager.

• Once you run the mailbox cleanup agent all the mailboxes would appear as disconnected.

• Right click on each mailbox and reconnect them to the correct username in the AD.

Tempuser01 connected to old mailbox:

Tempuser01 with exchange attributes ripped off:

Tempuser01 connected to new mailbox

• Purge all other mailboxes such as SMTP and System Attendant from the new Exchange Server.

• Now remove the old server from Exchange System Manager

-----------------End of Document-------------

Tags: Clustering, Exchange Server, Windows Server 2003

Published Date: 20080609

Extract troubleshooting info from Windows XP BSOD error messages

Microsoft Windows XP systems are notorious for crashing for any number of reasons and in a number of ways. Some of these crashes are mild and can easily be overcome simply by closing a non-responding application or by rebooting the system. However, others are more serious and can bring the entire system to its knees. Microsoft calls these types of crashes “Stop errors” because the operating system stops responding. When a Stop error occurs, the GUI is replaced by a DOS-like blue screen with a cryptic error message followed by a code number. This screen is affectionately referred to as the Blue Screen Of Death, or BSOD for short.

Common BSODs in Windows XP

Now that you have a good idea of how to dissect a BSOD and pull out the relevant pieces of information from all the gibberish on the screen, let’s look at some of the more common BSODs in Windows XP. I’ll only cover just a few of the BSOD conditions, but there are lots of possible Stop errors. For each BSOD I discuss, I’ll provide a link to an article on the Microsoft Knowledge Base that covers that particular Stop error. (Since more than one article might address a Stop error, you may want to search the Knowledge Base if you discover that you need more information.)

STOP:0×0000000A
IRQL_NOT_LESS_OR_EQUAL

This Stop error, which can be caused by either software or hardware, indicates that a kernel-mode process or driver attempted to access a memory location it did not have permission to access or a memory location that exists at a kernel interrupt request level (IRQL) that was too high. A kernel-mode process can access other only processes that have an IRQL that’s equal to or lower than its own.

Troubleshooting a Stop 0×0000000A error in Windows XP

STOP: 0×0000001E
KMODE_EXCEPTION_NOT_HANDLED

This Stop error indicates that indicates that the Windows XP kernel detected an illegal or unknown processor instruction. The problems that cause this Stop error can be either software or hardware related and result from invalid memory and access violations, which are intercepted by Windows’ default error handler if error-handling routines are not present in the code itself.

Possible Resolutions to STOP 0×0A, 0×01E, and 0×50 Errors

STOP: 0×00000050
PAGE_FAULT_IN_NONPAGED_AREA

This Stop error indicates that requested data was not in memory. The system generates an exception error when using a reference to an invalid system memory address. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software (including remote control and antivirus software) might cause this Stop error.

Possible Resolutions to STOP 0×0A, 0×01E, and 0×50 Errors

STOP: 0×0000007B
INACCESSIBLE_BOOT_DEVICE

This Stop error indicates that Windows XP has lost access to the system partition or boot volume during the startup process. Installing incorrect device drivers when installing or upgrading storage adapter hardware typically causes this Stop error. This error could also indicate a possible virus infection.

Troubleshooting Stop 0×0000007B or “0×4,0,0,0″ Error

STOP: 0×0000007F
UNEXPECTED_KERNEL_MODE_TRAP

This Stop error indicates a hardware problem resulting from mismatched memory, defective memory, a malfunctioning CPU, or a fan failure that’s causing overheating.

General causes of “STOP 0×0000007F” errors

STOP: 0×0000009F
DRIVER_POWER_STATE_FAILURE

This Stop error indicates that a driver is in an inconsistent or invalid power state. This Stop error typically occurs during events that involve power state transitions, such as shutting down, or moving in or out of standby or hibernate mode.

Troubleshooting a Stop 0×9F Error in Windows XP

STOP: 0×000000D1
DRIVER_IRQL_NOT_LESS_OR_EQUAL

This Stop error indicates that the system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by faulty or mismatched RAM or a damaged pagefile.

Error Message with RAM Problems or Damaged Virtual Memory Manager

STOP: 0×000000EA
THREAD_STUCK_IN_DEVICE_DRIVER\

This Stop error indicates that a device driver problem is causing the system to pause indefinitely. Typically, this problem is caused by a display driver waiting for the video hardware to enter an idle state. This might indicate a hardware problem with the video adapter or a faulty video driver.

Error message: STOP 0×000000EA THREAD_STUCK_IN_DEVICE_DRIVER

STOP: 0×00000024
NTFS_FILE_SYSTEM

This Stop error indicates that a problem occurred within Ntfs.sys, the driver file that allows the system to read and write to drives formatted with the NTFS file system. (A similar Stop message, 0×00000023, exists for the file allocation table [FAT16 or FAT32)] file systems.)

Troubleshooting Stop 0×24 or NTFS_FILE_SYSTEM Error Messages

STOP: 0xC0000218
UNKNOWN_HARD_ERROR

This Stop error indicates that a necessary registry hive file could not be loaded. The file may be corrupt or missing. The registry file may have been corrupted due to hard disk corruption or some other hardware problem. A driver may have corrupted the registry data while loading into memory or the memory where the registry is loading may have a parity error.

How to Troubleshoot a Stop 0xC0000218 Error Message

STOP: 0xC0000221
STATUS_IMAGE_CHECKSUM_MISMATCH

This Stop message indicates driver, system file, or disk corruption problems (such as a damaged paging file). Faulty memory hardware can also cause this Stop message to appear.

“STOP: C0000221 unknown hard error” or “STOP: C0000221 STATUS_IMAGE_CHECKSUM_MISMATCH” error message occurs

Note: This post has been kept on this blog for personal reference and has been taken from TechRepublic website.

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2003

Published Date: 20080724

How to rebuild the SYSVOL tree when none exists in Active Directory

A Windows admin has trouble promoting the second DC in a domain. It seems that AD replication was working and DNS was healthy, but FRS was not. No SYSVOL or Netlogon share, no SYSVOL tree on the second domain controller. The FRS event log was logging Event ID 13508 events but no 13509 events

 

When tying to force SYSVOL replication, using KB 290762 -- setting BURFLAGS value on the PDC to D4 and on the other DC to D2 -- something went wrong and it wiped out the SYSVOL tree on the primary domain controller. It was as if it had replicated the empty SYSVOL to the PDC instead of the other way around. So there is no SYSVOL tree on either DC.

You can started from scratch, but that is not a good political decision. And you will not have root cause to justify it.

The solution is to create the SYSVOL tree, including junction points and proper ACLs. Of course, you will also need to create the default domain policy and the default domain controller policy.

There is a decent article on the Microsoft Help and Support site, KB 315457 How to rebuild the SYSVOL tree and its content in a domain, but like many articles of this nature, Microsoft tries to cover all the bases.

In addition, the Microsoft's KB assumes you have a SYSVOL tree in the domain -- which we do not have -- so we need to generate a new default domain policy and default domain controller policy. you might  run into an additional problem with other policies that had objects in AD but do not exist in SYSVOL.

I would recommend referring to the KB for details, but this is how you solve the problem of no SYSVOL on any DCs.

Step 1: Stop the FRS service on both DCs and create the SYSVOL tree on the PDC. This is pretty basic. Use Windows Explorer or a command prompt. I used a good DC I had in a lab as a guide. The tree looked like this:

SYSVOL
• Domain
  • DO_NOT_REMOVE_NtFrs_PreInstall_Directory
  • Policies
  • Scripts
• Staging
• Staging Area
• SYSVOL
  • Corp.net

Step 2: Set the ACLs. Just leave the default ACLs on all directories except the DO_NOT_REMOVE_NtFrs_PreInstall_Directory. Again, looking at my lab domain, we removed all users and groups except domain administrators and System I and defined both of them to have "Special Permissions" only. I also set the "DO_NOT_REMOVE" directory attributes to Hidden and Read.

Step 3: Create the junction points. Remember the junction points connect a "real" directory to a "mirrored" directory. The \SYSVOL\domain is the real (Source) directory connected to \SYSVOL\SYSVOL\corp.net, a junction point. \SYSVOL\Staging\Domain is the real (Source) directory connected to \SYSVOL\Staging Areas\Corp.net.

KB 315457 shows how to determine the actual source directory if you need that information, but here is what we did:

Using the linkd command,

linkd "%systemroot%\SYSVOL\SYSVOL\Corp.net" %SYSTEMROOT%\SYSVOL\DOMAIN

linkd "%systemroot%\Sysvol\staging Areas\Corp.net" %systemroot%\sysvol\Staging\Domain

Step 4: Rebuild default domain policies. Using the DCGPOFix tool, available from Microsoft's download site, this was pretty easy. Just run the tool and it asks if you want to create a new default domain policy (answer yes) and if you want to create a new default domain controllers policy (answer yes). At this point, we double-checked to make sure the SYSVOL tree and the policies were all correct.

Step 5: Replicate SYSVOL. We had already found that using KB 290762 wiped out SYSVOL on the PDC, so we didn't want to do that again. Because we only had two DCs and because the file replication service had been stopped, it seemed logical that starting the FRS -- first on the PDC and then the other DC -- would jump-start FRS. SYSVOL was replicated, and we had the SYSVOL share.

This next part isn't really a step. It's something we ran into that you should be aware of. After Step 5, SYSVOL was shared but not NETLOGON. When SYSVOL was deleted from the PDC, it also deleted two custom Group Policies. When SYSVOL was replicated after the rebuild, errors were logged in the event log complaining about these two policies. Using ADSIEdit, we went to Corp.net\system\Policies and deleted the objects for the two deleted policies. Soon, the Netlogon share appeared, and the 1704 event in the application log validated replication of policy.

After doing an operation like this, it's a good idea to check the event logs for related errors and create a sample GPO and see if it replicates.

------------------- End of Document -----------------

Tags: Windows Server 2003

Published Date: 20080709

You may receive Error ID: 5079 (000013d7) after uninstalling Double Take software

When you uninstall/remove Double Take software from your Windows Cluster you may receive the following error message when starting Cluster Administrator.

An error occurred attempting to read properties for the 'Double-Take Source Connection' resource type.

Error ID: 5079 (000013d7)

You can alway safely ignore this error message. However to get rid of it completely just remove the Double Take Resource type from the registry.

Open registry editor and take the backup of current registry.

Delete the following key:

HKEY_LOCAL_MACHINE\Cluster\ResourceTypes\Double-Take Source Connection

------------End Of Document -----------------

Tags: Clustering, Windows Server 2003

Published Date: 20080609

Cleanup $NTServicePackUninstall$ and SoftwareDistribution Folder

Service pack and Windows update installations leave a lot of unnecessary files in the %SystemRoot% folder. They occupy a lot of space and you can safely delete these files. Do this only when you are sure that you will not need to uninstall any of the updates or Service Pack.

To remove the Service Pack uninstall files

1. Go to C:\WINDOWS and delete "$NTServicePackUinistall$"
2. Go to Add/Remove Programs.
3. Click "Service Pack 1"(2)(3), there will be an error since you just deleted the file.
4. Click YES to delete the shortcut.
5. Use similar procedure to delete uninstall files for the updates.
   

The updates will be in this format "$NTUninstall********"
Do NOT delete "$hf_mig$"

To remove the Automatic updates' files in SoftwareDistribution Folder

Automatic updates are downloaded in %systemroot%\SoftwareDistribution\Download folder and occupy a lot of space. You can safely delete these files.

1. Open a command prompt window
2. type net stop wuauserv and press enter
3. Open Windows Explorer and delete all contents in the folder c:\windows\SoftwareDistribution\Download
4. Go back to Command prompt window and type net start wuauserv and press enter

Be sure to restart Windows before before another attempt at getting the updates !!

--------------------End of Document ----------------

Tags: Windows Server 2003, Windows Server 2008, Windows XP

Published Date: 20080519

How to clean up downloaded files for Automatic updates / Windows Update

Automatic updates are downloaded in %systemroot%\SoftwareDistribution\Download folder and occupy a lot of space. You can safely delete these files.

Type the following commands in command prompt window

net stop wuauserv

Open Windows Explorer and delete all contents in the folder c:\windows\SoftwareDistribution\Download

Go back to Command prompt window and type net start wuauserv

Be sure to restart Windows before another attempt at getting the updates !!

-------------- End of Document -----------------

Tags: Windows 2000, Windows 2003, Windows XP

Published Date: 20080517

How to manually rebuild Performance Counter Library values

When you use the System Monitor tool, some counters may be missing or do not contain counter data. The base set of performance counter libraries may become corrupted and may need to be rebuilt along with any extensible counters. This behavior may occur if certain extensible counters corrupt the registry, or if some Windows Management Instrumentation (WMI)-based programs modify the registry.

To rebuild the base performance counter libraries manually:

1. Copy Perfc009.dat and Perfh009.dat to %Systemroot%\System32 folder.

2. Start Registry Editor, and then locate the following key in the registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Perflib

3. In the registry, change the LastCounter value to 1846 (decimal), and change the LastHelp value to 1847 (decimal).

4. Locate the following registry key to search for services that have a Performance subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services

5. Remove the following values from the Performance subkey (if they exist):

• FirstCounter

• FirstHelp

• LastCounter

• LastHelp

You can also use the Exctrlst.exe tool to locate the performance counter dynamic-link library files (DLLs) that are installed, and then access the registry to remove the DWORD values. You now have a workable performance registry that contains only system base counters.

After you have completed this procedure, you must re-add the extensible counters from the list of services. Before you do so, however, you must identify the .ini file that is used to load the counters:

5. Run the batch file counters.bat

-------------- End of Document -----------------

Tags: Windows XP, Windows 2003

Published Date: 20080515

If Windows Update does not work

If Windows update does not work properly and you are receiving error repeatedly when you are trying to update windows from microsoft website use these commands to configure windows update from scratch.

net stop bits
net stop /s wuauserv
regsvr32 /u wuaueng.dll /s
del /f /s /q %windir%\SoftwareDistribution\*.*
del /f /s /q %windir%\windowsupdate.log

regsvr32 wuapi.dll
regsvr32 wuaueng1.dll
regsvr32 wuaueng.dll
regsvr32 wucltui.dll
regsvr32 wups2.dll
regsvr32 wups.dll
regsvr32 wuweb.dll

net start bits
net start wuauserv
wuauclt.exe /resetauthorization /detectnow

-------------- End of Document -----------------

Tags: Windows XP, Windows 2003

Published Date: 20080514

Disable Reading or Writing to USB and other removable mass storage devices

You can prevent users from using any portable USB removable disk or flash drive by using a custom .ADM file that can be imported into the Local Group Policy (thus effecting only the local computer) or by using Active Directory-based Group Policy Objects (also known as GPOs).

Note: This tip will allow you to restrict usage of USB removable disks, but will continue to allow usage of USB mice, keyboards or any other USB-based device that is NOT a portable disk. I am assuming that AD based GPs would be used. The same result can be achieved by changing the location of adm template file and using Local Group Policy instead.

It's worth mentioning that in Windows Vista Microsoft has implemented a much more sophisticated method of controlling USB disks via GPO. If you have Windows Vista client computers in your organization you can use GPO settings edited from one of the Vista machines to control if users will be able to install and use USB disks, plus the ability to control exactly what device can or cannot be used on their machines.

Step 1: Create a simple text file named removable_storage.adm with the following content and save it to "%systemroot%\inf\" directory on the domain controller you would be creating the GP.

********** Start of File **********

CLASS MACHINE
CATEGORY "Custom Policy Settings"
CATEGORY "Resrtict Removable Drives"
  POLICY "Disable USB Removable Drives"
   KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
   EXPLAIN !!explaintextusb
     PART "usbstore.sys driver status" DROPDOWNLIST REQUIRED
       VALUENAME "Start"
       ITEMLIST
        NAME "Started" VALUE NUMERIC 3 DEFAULT
        NAME "Stopped" VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY "Disable CD-ROM"
   KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
   EXPLAIN !!explaintextcd
     PART "cdrom.sys driver status" DROPDOWNLIST REQUIRED
       VALUENAME "Start"
       ITEMLIST
        NAME "Started" VALUE NUMERIC 1 DEFAULT
        NAME "Stopped" VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY "Disable Floppy"
   KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
   EXPLAIN !!explaintextflpy
     PART "flpydisk.sys driver status" DROPDOWNLIST REQUIRED
       VALUENAME "Start"
       ITEMLIST
        NAME "Started" VALUE NUMERIC 3 DEFAULT
        NAME "Stopped" VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY "Disable High Capacity Floppy"
   KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
   EXPLAIN !!explaintextls120
     PART "sfloppy.sys driver status" DROPDOWNLIST REQUIRED
       VALUENAME "Start"
       ITEMLIST
        NAME "Started" VALUE NUMERIC 3 DEFAULT
        NAME "Stopped" VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY "Write Protect USB Removable Drives"
   KEYNAME "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
   EXPLAIN !!explaintextwriteprotect
     PART "Write Protect USB Removable Drives status" DROPDOWNLIST REQUIRED
       VALUENAME "WriteProtect"
       ITEMLIST
        NAME "Off" VALUE NUMERIC 0 DEFAULT
        NAME "On" VALUE NUMERIC 1
       END ITEMLIST
     END PART
   END POLICY 
END CATEGORY
END CATEGORY

[strings]
explaintextusb="Disables the USB Removable Drives capability by disabling the usbstor.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the usbstore.sys driver status in the drop-down list.  \n\nNote that this will only prevent usage of newly plugged-in USB Removable Drives or Flash Drives, devices that were plugged-in while this option was not configured will continue to function normally. Also, devices that use the same device or hardware ID (for example - 2 identical Flash Disks made by the same manufacturer) will still function if one of them was plugged-in prior to the configuration of this setting. In order to successfully block them you will need to make sure no USB Removable Drive is plugged-in while you set this option. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the usbstore.sys driver status in the drop-down list."
explaintextcd="Disables the CD-ROM Drive by disabling the cdrom.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the cdrom.sys driver status in the drop-down list. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the cdrom.sys driver status in the drop-down list."
explaintextflpy="Disables the Floppy Drive by disabling the flpydisk.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the flpydisk.sys driver status in the drop-down list. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the flpydisk.sys driver status in the drop-down list."
explaintextls120="Disables the High Capacity Floppy Drive by disabling the sfloppy.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the sfloppy.sys driver status in the drop-down list. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the sfloppy.sys driver status in the drop-down list."
explaintextwriteprotect="Enforces write protection on all USB Removable Drives. \n\nSelect the ENABLED radiobox, then select ON for the Write Protect USB Removable Drives status in the drop-down list. \n\nIn order to disable write protection on USB Removable Drives select OFF for the Write Protect USB Removable Drives status in the drop-down list."

*********** End of File ************

Step 2: Adding .adm files to the Administrative Templates in a GPO

Open the Group Policy Management Console (or GPMC) from the Administrative Tools folder in the Stat menu, or by typing gpmc.msc in the Run command.

Right-click an existing GPO (or create a new GPO, then right-click on it) and select Edit.

Expand either the Computer settings or Users settings sections of the GPO. Go to the appropriate Administrative Templates section and right-click it. Select Add/Remove Templates.

In the Add/Remove Templates window click Add.

Browse to the location of the required .ADM file and click Open.

In the Add/Remove Templates window notice that the new .ADM file is listed, then click Close.

Now re-open the Administrative Templates section and browse to the new settings location.

Step 3: In order to successfully view and configure the new .ADM file settings you will need to change the default filtering view for the GPO Editor (or GPedit.msc). Unless you change these settings, the right pane will appear empty, even though it has the settings in it.

Follow these steps:

In GPEdit.msc (or any other GPO Editor window you're using) click on View -> Filtering.

Click to un-select the "Only show policy settings that can be fully managed" check-box. Click Ok.

Now you will be able to see the new settings in the right pane:

You can now configure any of the above settings:

Note: You do not need the adm template stored in inf directory any more as it is copied along with the policy folder in the Sysvol share. However you might need it to modify the template if required.

-------------- End of Document -----------------

Tags: Active Directory, Group Policy, Windows 2003

Published Date: 20080507

Auto lock the system after Autologon and send notification.

The steps outlined below would help you with three things:

1. Autologon to a system with a particular account
2. Send a notification mail when that account is logged in to the system after a reboot
3. Lock the system automatically once the account has been logged on

Step 1 - Enable Autologon:

1. Go to Start > Run and put "regedit.exe" and click "Ok"
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon in Registry Editor
3. Change the REG_SZ "DefaultUserName" value to the username you want to autologon to the system
4. Change the REG_SZ "DefaultPassword" value to the password of the user you want to autologon to the system. (If the key does not exist then do create it)
5. Change the REG_SZ "DefaultdomainName" value to the domain name you wish to logon to (If the key does not exist then do create it)
6. Add a new REG_SZ "AutoAdminLogon" and set the value to 1
7. Close Registry editor

Step 2 - Prepare notification files:

1. Create a directory C:\Autologon;
2. Create the files chkLogtime.vbs, Locksystem.cmd and Delchklog.cmd with the contents mentioned in Annexure I below

Step 3 - Setup up notification and autolock:

1. Go to Start > Run and put "regedit.exe" and click "Ok"
2. Navigate to HKEY_USERS\<SID of particular user>\software\Microsoft\Windows\CurrentVersion\Run in Registry Editor
3. Add a new REG_SZ "ChkLogtime" and set the value to C:\Autologon\ChkLogtime.vbs
4. Add a new REG_SZ "LockSystem" and set the value to C:\Autologon\Locksystem.cmd

Step 4 - Enable notification:

1. Open Group Policy Object Editor
2. Navigate to Local Computer Policy\Computer Configuration\Windows Settings\Scripts\ (Startup/shutdown)
3. Double click on Shutdown in the right hand pane
4. Click Add and Browse to the file C:\Autologon\Delchklog.cmd
5. Click OK twice and close Group Policy Object Editor

NOTES:

1. The Autologon would not work if the LegalNotice warning window is enabled at the domain level. You might have to do additional configuration to disable this.
2. Automatic reboots will not work unless you specify ‘/F’ switch in your reboot script.

Annexure I

ChkLogTime.vbs
Dim WShell,SrvName
Set objFSO = Wscript.CreateObject("Scripting.FileSystemObject")
Set WShell = WScript.CreateObject("WScript.Shell")
If objFSO.FileExists("C:\Autologon\ChkLogTimeskip.txt") Then
wscript.Quit
Else
Set objFile = objFSO.CreateTextFile("C:\Autologon\ChkLogTimeskip.txt")
SrvName = Trim(WShell.ExpandEnvironmentStrings("%COMPUTERNAME%"))
User=Trim(WShell.ExpandEnvironmentStrings("%USERNAME%"))
LogTime= User &" is successfully logged onto " & SrvName &" after scheduled reboot at "& Now
objFile.writeline LogTime
objfile.close
Call SendMailAlerts(LogTime, User, SrvName)
End IF
Wscript.Quit
#################### Send Email Alerts ########################
Function SendMailAlerts(LogTime, User, SrvName)
RecipientList ="mukulag@gmail.com"
smtpsrv = "smtp.mukulag.com"
Set objEmail = CreateObject("CDO.Message")
objEmail.From = "MyServer@mukulag.com"
objEmail.To = RecipientList
objEmail.Subject = User & " has logged on succesfully to " & SrvName " at "  & Now
objEmail.TextBody = LogTime
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = smtpsrv
objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objEmail.Configuration.Fields.Update
objEmail.Send
End Function
'##################### End Send Email Alerts ###########################

Locksystem.cmd

rundll32.exe user32.dll, LockWorkStation

DelChkLog.cmd

Del C:\Autologon\ChkLogTimeskip.txt /F

-------------- End of Document -----------------

Tags: Windows Server 2003

Published Date: 20071207

Important and basic Windbg commands

!analyze –v :analyzes the dump file and provides a best possible diagnosis of the same

!sympath :shows path to your symbol files

lm :lists all loaded modules in memory

lmf :list loaded modules with full path

lmt :list loaded modules with last modified timestamp

!lmi <module name> :Shows header information about the module, including the date and time, which can often tell you whether you're running an older version of a program and need to upgrade

vertarget :Shows information about the system on which you are debugging

!peb :Shows the PEB (process environment block) including DLL information

.trap :Dump a trap frame

.chain :Lists all loaded debugger extensions

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20071109

i8042prt failed to load on boot

When you boot up your computer you get a message that atleast one service failed to start. On checking the eventlogs you figure out that i8042prt failed to load. You do not face this issue on all your computers but mostly on 'headless' servers.

You get the following error message in Windows event logs.

Event Type:                 Error
Event Source:              Service Control Manager
Event Category:           None
Event ID:                     7026
Date:                          11/13/2007
Time:                         9:51:01 AM
User:                          N/A
Description:
The following boot-start or system-start driver(s) failed to load: i8042prt

To view the complete article please click here

 

 

 

Latest ps2 games

Are you a party maniac?

Do you like to party?

Opportunity to earn and party as well

DONT LEAVE THIS PAGE NOW.

:::::CHECK THIS SITE before you move on::::::

Fly this holiday anywhere around the world & save on huge on cheapest airfare using an exclusive CheapOair coupon Code HOLIDAY10. Simply plug in this coupon code when buying your airline ticket at CheapOair.com and save $10 on all domestic & international flights. Coupon Code Valid till Dec 2008

Infuse new life in your OLD PC

Repair Your Windows XP

-------------- End of Document -----------------

Tags: Windows Server 2003

Published Date: 20071113

Finding NIC information remotely using WMIC commands

WMIC is a very useful and very under utilized interface for server / OS management provided in Windows. One very common example that generally requires logging in to the server is to check / set Network card properties. At a command prompt type WMIC and then /? to find the available interfaces that can be queried or set.

To check NIC Configuration tyep the following sequence of commands at the command prompt. For example:

WMIC
/NODE:<hostname>
NICCONFIG Get DNSHostName

NICCONFIG Get DNSDomainSuffixSearchOrder

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20071112

How to create a user-defined service in Windows

Execute the following command at the command promt. You need to have Windows Resource Kit installed on the box. ‘C:\Program Files\Resource Kit\Instsrv.exe <my Service> C:\Program Files\Resource Kit\Srvany.exe’

1. Open Registry editor and go to the following key. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<my service>
2. From the Edit menu, click Add Key. Type the following and click OK:
   Key Name: Parameters
   Class : <leave blank>
3. Select the Parameters key and from the Edit menu, click Add Value. Type the following and click OK

Value Name: Application
Data Type : REG_SZ
String : <path>\<application.ext>
where <path>\<application.ext> is the drive and full path to the application executable including the extension (i.e., C:\WinNT\Notepad.exe)

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20071025

How to control AD relication using RepAdmin

Replication is controlled by the Options attribute on the NTDS Settings object as shown in the following table. The Options attribute value is found in ADSIEdit by browsing to Configuration -> Sites -> <Site Name> -> Servers - <Server Name> -> NTDS Settings.

RepAdmin Option	NTDS Settings/Options attribute value
Enable Inbound and Outbound	1
Enable Inbound, Disable Outbound	5
Enable Outbound, Disable Inbound	3
Disable Inbound and Outbound	7

 

Using RepAdmin /Options

Repadmin /options <dcname> <+/-> <DISABLE_INBOUND_REPL/DISABLE_OUTBOUND_REPL>

Here is what it looks like when you disable or enable replication via RepAdmin using the /Options switch. Note that the minus (-) character in front of the option indicates a negative disable or enable. To disable these values, use the plus (+) sign: +DISABLE_INBOUND_REPLICATION, for example.

To enable both inbound and outbound replication:

C:\>repadmin /options wtec-dc1

Current DC Options: IS_GC

To enable only outbound replication:
C:\>repadmin /options wtec-dc1 -disable_outbound_repl
Current DC Options: IS_GC DISABLE_OUTBOUND_REPL
New DC Options: IS_GC

To disable only inbound replication:
C:\>repadmin /options wtec-dc1 +disable_inbound_repl
Current DC Options: IS_GC
New DC Options: IS_GC DISABLE_INBOUND_REPL

To disable inbound and outbound replication:

C:\>repadmin /options wtec-dc1 +disable_outbound_repl +disable_inbound_repl

Current DC Options: IS_GC

New DC Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL

repadmin /Options *  is a good command that produces a quick report to determine if any other DCs have replication purposely disabled.

CAUTION: These commands remain in effect until changed. That is, if you turn on the Disable inbound repl feature, it will remain on (i.e., inbound replication is disabled) until you enable it again using the –disable_inbound_repl command).

There are several reasons why you would want to do this:

1. If a report such as RepAdmin / replsum / bysrc / bydest / sort:delta shows that replication has not happened in the past 60 days (tombstone lifetime). Then you would want to disable outbound replication. Of course, if you have strict replication enabled you will be OK, but it's better to be safe than sorry in this instance. The RepAdmin command is quick and easy. Note that in this case there is really no need to disable inbound replication since the danger is in replicating outbound. Still, I suggest that you play it safe and do both until you determine the existence of lingering objects.
2. If you suspect corruption or issues with a domain controller that you don't want replicated, this command is an easy way to prevent replication from that source. Remember, you can remotely execute RepAdmin. And the DCList option in RepAdmin can be used to specify a single DC, or an asterisk (*) can be used to specify all DCs.
3. For Authoritative Restore: Authoritative restoration is used to move the Active Directory back in time by taking a single system state backup from an earlier date, stopping replication on a DC, then restoring the backup using NTDSUtil's Authoritative Restore feature. When it boots into normal mode and replication is enabled (using RepAdmin), this copy of the Active Directory is pushed out as authoritative and all DCs get a copy. Since you typically want to at least disable inbound replication before starting this -- and then enable it again -- it's easy to forget after the restore that you need to re-enable replication.
4. Lag Sites can be another cause for replication failure. Lag sites are scheduled to replicate only once or twice per week to provide a sort of online backup for a quick authoritative restore. In case of a disaster recovery situation, such as deleting an OU, it's important to disable replication on the lag site DC(s). Some prefer to simply keep replication disabled on the lag DC(s) and manually re-enable it when they want replication. Again, it's easy to forget that it was purposely disabled.

-------------- End of Document -----------------

Tags: Active Directory, Windows Server 2000, Windows Server 2003

Published Date: 20071003

How to convert SID to username and username to SID

PsGetSid makes reading a computer's SID easy, and works across the network so that you can query SIDs remotely. PsGetSid also lets you see the SIDs of user accounts and translate a SID into the name that represents it.

Usage: psgetsid [\\computer[,computer[,...] | @file] [-u username [-p password]]] [account|SID]

If you want to see a computer's SID just pass the computer's name as a command-line argument. If you want to see a user's SID, name the account (e.g. "administrator") on the command-line and an optional computer name.

Specify a user name if the account you are running from doesn't have administrative privileges on the computer you want to query. If you don't specify a password as an option PsGetSid will prompt you for one so that you can type it in without having it echoed to the display.

-------------- End of Document -----------------

Tags: Active Directory, Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905

How to get detailed hardware information of HP / Compaq server

HP / compaq servers generally have the survey / hpdiags utility installed in %system drive%\hp\hpdiags folder. This utility generates a detailed system information file and can be very useful for many diagnostic and inventory purposes.

1. Run the hpdiags.exe utility and it would generate a survey%Date%%Time%.xml file. (This survey file can be quite cryptic and I generally use the following commands to make it a readable html file.)

2. Copy the surveyxxxx.xml file and survey.xsl file to your computer.

3. Download msxsl.exe from microsoft.com

4. Run the command msxsl.exe <input_file.xml> survey.xsl -o <outpul_file.html>at the command prompt. Give fully qualified path names wherever necessary.

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905

Do I have local admin rights?

Find out how in three mouse clicks (or two keys plus a mouse click)....

1. Click 1: Right-Click My Computer

2. Click 2: Select Properties

3. Click 3: Select the "Computer Name" tab

If the "Change" box is available, you're a local administrator. If it's greyed out, you're not. It's that simple.

So as to combine one tip into two, if you didn't know, you could change Clicks 1 and 2 above with 2 keyboard hits: Windows Key + Break.

-------------- End of Document -----------------

Tags: Windows XP, Windows Server 2000, Windows Server 2003

Published Date: 20070905