If Windows Update does not work

If Windows update does not work properly and you are receiving error repeatedly when you are trying to update windows from microsoft website use these commands to configure windows update from scratch.

net stop bits
net stop /s wuauserv
regsvr32 /u wuaueng.dll /s
del /f /s /q %windir%\SoftwareDistribution\*.*
del /f /s /q %windir%\windowsupdate.log

regsvr32 wuapi.dll
regsvr32 wuaueng1.dll
regsvr32 wuaueng.dll
regsvr32 wucltui.dll
regsvr32 wups2.dll
regsvr32 wups.dll
regsvr32 wuweb.dll

net start bits
net start wuauserv
wuauclt.exe /resetauthorization /detectnow

-------------- End of Document -----------------

Tags: Windows XP, Windows 2003

Published Date: 20080514

Disable Reading or Writing to USB and other removable mass storage devices

You can prevent users from using any portable USB removable disk or flash drive by using a custom .ADM file that can be imported into the Local Group Policy (thus effecting only the local computer) or by using Active Directory-based Group Policy Objects (also known as GPOs).

Note: This tip will allow you to restrict usage of USB removable disks, but will continue to allow usage of USB mice, keyboards or any other USB-based device that is NOT a portable disk. I am assuming that AD based GPs would be used. The same result can be achieved by changing the location of adm template file and using Local Group Policy instead.

It's worth mentioning that in Windows Vista Microsoft has implemented a much more sophisticated method of controlling USB disks via GPO. If you have Windows Vista client computers in your organization you can use GPO settings edited from one of the Vista machines to control if users will be able to install and use USB disks, plus the ability to control exactly what device can or cannot be used on their machines.

Step 1: Create a simple text file named removable_storage.adm with the following content and save it to "%systemroot%\inf\" directory on the domain controller you would be creating the GP.

********** Start of File **********

CLASS MACHINE
CATEGORY "Custom Policy Settings"
CATEGORY "Resrtict Removable Drives"
  POLICY "Disable USB Removable Drives"
   KEYNAME "SYSTEM\CurrentControlSet\Services\USBSTOR"
   EXPLAIN !!explaintextusb
     PART "usbstore.sys driver status" DROPDOWNLIST REQUIRED
       VALUENAME "Start"
       ITEMLIST
        NAME "Started" VALUE NUMERIC 3 DEFAULT
        NAME "Stopped" VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY "Disable CD-ROM"
   KEYNAME "SYSTEM\CurrentControlSet\Services\Cdrom"
   EXPLAIN !!explaintextcd
     PART "cdrom.sys driver status" DROPDOWNLIST REQUIRED
       VALUENAME "Start"
       ITEMLIST
        NAME "Started" VALUE NUMERIC 1 DEFAULT
        NAME "Stopped" VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY "Disable Floppy"
   KEYNAME "SYSTEM\CurrentControlSet\Services\Flpydisk"
   EXPLAIN !!explaintextflpy
     PART "flpydisk.sys driver status" DROPDOWNLIST REQUIRED
       VALUENAME "Start"
       ITEMLIST
        NAME "Started" VALUE NUMERIC 3 DEFAULT
        NAME "Stopped" VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY "Disable High Capacity Floppy"
   KEYNAME "SYSTEM\CurrentControlSet\Services\Sfloppy"
   EXPLAIN !!explaintextls120
     PART "sfloppy.sys driver status" DROPDOWNLIST REQUIRED
       VALUENAME "Start"
       ITEMLIST
        NAME "Started" VALUE NUMERIC 3 DEFAULT
        NAME "Stopped" VALUE NUMERIC 4
       END ITEMLIST
     END PART
   END POLICY
  POLICY "Write Protect USB Removable Drives"
   KEYNAME "SYSTEM\CurrentControlSet\Control\StorageDevicePolicies"
   EXPLAIN !!explaintextwriteprotect
     PART "Write Protect USB Removable Drives status" DROPDOWNLIST REQUIRED
       VALUENAME "WriteProtect"
       ITEMLIST
        NAME "Off" VALUE NUMERIC 0 DEFAULT
        NAME "On" VALUE NUMERIC 1
       END ITEMLIST
     END PART
   END POLICY 
END CATEGORY
END CATEGORY

[strings]
explaintextusb="Disables the USB Removable Drives capability by disabling the usbstor.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the usbstore.sys driver status in the drop-down list.  \n\nNote that this will only prevent usage of newly plugged-in USB Removable Drives or Flash Drives, devices that were plugged-in while this option was not configured will continue to function normally. Also, devices that use the same device or hardware ID (for example - 2 identical Flash Disks made by the same manufacturer) will still function if one of them was plugged-in prior to the configuration of this setting. In order to successfully block them you will need to make sure no USB Removable Drive is plugged-in while you set this option. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the usbstore.sys driver status in the drop-down list."
explaintextcd="Disables the CD-ROM Drive by disabling the cdrom.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the cdrom.sys driver status in the drop-down list. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the cdrom.sys driver status in the drop-down list."
explaintextflpy="Disables the Floppy Drive by disabling the flpydisk.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the flpydisk.sys driver status in the drop-down list. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the flpydisk.sys driver status in the drop-down list."
explaintextls120="Disables the High Capacity Floppy Drive by disabling the sfloppy.sys driver. \n\nSelect the ENABLED radiobox, then select STOPPED for the sfloppy.sys driver status in the drop-down list. \n\nIn order to re-enable the usage of USB Removable Drives select STARTED for the sfloppy.sys driver status in the drop-down list."
explaintextwriteprotect="Enforces write protection on all USB Removable Drives. \n\nSelect the ENABLED radiobox, then select ON for the Write Protect USB Removable Drives status in the drop-down list. \n\nIn order to disable write protection on USB Removable Drives select OFF for the Write Protect USB Removable Drives status in the drop-down list."

*********** End of File ************

Step 2: Adding .adm files to the Administrative Templates in a GPO

Open the Group Policy Management Console (or GPMC) from the Administrative Tools folder in the Stat menu, or by typing gpmc.msc in the Run command.

Right-click an existing GPO (or create a new GPO, then right-click on it) and select Edit.

Expand either the Computer settings or Users settings sections of the GPO. Go to the appropriate Administrative Templates section and right-click it. Select Add/Remove Templates.

In the Add/Remove Templates window click Add.

Browse to the location of the required .ADM file and click Open.

In the Add/Remove Templates window notice that the new .ADM file is listed, then click Close.

Now re-open the Administrative Templates section and browse to the new settings location.

Step 3: In order to successfully view and configure the new .ADM file settings you will need to change the default filtering view for the GPO Editor (or GPedit.msc). Unless you change these settings, the right pane will appear empty, even though it has the settings in it.

Follow these steps:

In GPEdit.msc (or any other GPO Editor window you're using) click on View -> Filtering.

Click to un-select the "Only show policy settings that can be fully managed" check-box. Click Ok.

Now you will be able to see the new settings in the right pane:

You can now configure any of the above settings:

Note: You do not need the adm template stored in inf directory any more as it is copied along with the policy folder in the Sysvol share. However you might need it to modify the template if required.

-------------- End of Document -----------------

Tags: Active Directory, Group Policy, Windows 2003

Published Date: 20080507

Basic configuration of Windows Server 2008 core via CLI commands

To set the server with a static IP address

1. At a command prompt, type the following:

netsh interface ipv4 show interfaces

2. Look at the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter, make a note of the number corresponding to the network adapter for which you wish to set a static IP address.

3. Type the following

netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>

netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP> index=1

To set the administrative password in Windows Server 2008

1. Type the following at the command prompt:

net user administrator *

2. When prompted to enter the password, type the new password for the administrator user account and press ENTER

3. When prompted, retype the password and press ENTER.

To change the name of the server

1. Determine the current name of the server with the hostname or ipconfig /all commands.

2. Type the following at the command prompt:

netdom renamecomputer <ComputerName> /NewName:<NewComputerName>

3. Restart the computer by typing the following at a command prompt: shutdown /r /t 0

Add or Remove a user to the local Administrators group

net localgroup Administrators /add [domain]\[username]

net localgroup Administrators /delete [domain]\[username]

To manage a server running a Server Core installation by using the Windows Remote Shell

1. To enable Windows Remote Shell on a server running a Server Core installation, type the following command at a command prompt:

WinRM quickconfig

2. Click Y to accept the default settings. Note: The WinRM quickconfig setting enables a server running a Server Core installation to accept Windows Remote Shell connections.

3. On the remote computer, at a command prompt, use WinRS.exe to run commands on a server running a Server Core installation. For example, to perform a directory listing of the Windows folder, type:

winrs -r:<ServerName> cmd

To activate the server, at a command prompt, type:

slmgr.vbs –ato

If activation is successful, no message will return in the command prompt. To activate the server remotely type the following at the command prompt:

cscript slmgr.vbs -ato <servername> <username> <password>

Retrieve the GUID of the computer by typing:

cscript slmgr.vbs -did

Verify that License status is set to Licensed (activated).

cscript slmgr.vbs -dli <GUID>

To join or remove a Windows 2008 server to a domain, at a command prompt, type:

netdom join <ComputerName> /domain:<DomainName> /userd:<UserName> /passwordd:*

netdom remove <ComputerName> /Domain:<DomainName>

Restart the server to complete the operation

Enable ICMP Replies (via local Command Prompt)

1. On your Server Core machine, at a command prompt, type the following

netsh firewall set icmpsetting 8

2. You can always run the following command in order to disable this option:

netsh firewall set icmpsetting 8 disable

Enable ICMP Replies (via Windows Firewall Management Snap-in from a remote computer)

1. You will first have to enable the Server Core server to allow remote Windows firewall Management connections. To do so, please follow the steps outlined below.

2. After performing the below steps, you will be able to enable or disable any Firewall rule from the remote snap-in.

3. In order to enable ICMP Echo Replies from the Server Core server, allowing the administrators to test for connectivity issues with the server, go to Inbound Rules.

4. In the results pane scroll down till you find File and Printer Sharing (Echo Request – ICMPv4-In), right-click it and choose Enable.

Enable ICMP Replies (via the Windows Remote Shell)

1. To enable Windows Remote Shell on a server running a Server Core installation, type the following command at a command prompt:

WinRM quickconfig

2. Click Y to accept the default settings.

3. On the remote computer, at a command prompt, use WinRS.exe to run commands on a server running a Server Core installation. For example, to perform a directory listing of the Windows folder, type:

winrs -r:<ServerName> cmd

4. You can now type the command :

netsh firewall set icmpsetting 8

Enable remote management through the firewall

1. On your Server Core machine, at a command prompt, type the following:

netsh advfirewall set currentprofile settings remotemanagement enable

2. You can always run the following command in order to disable this option:

netsh advfirewall set currentprofile settings remotemanagement disable

3. Open the Windows Firewall snap-in on a remote computer running Windows Server 2008 or Windows Vista, click Start > Run, then type MMC and press ENTER.

4. Click File > Add/Remove Snap-in. In the Add or remove snap-ins, scroll down till you find the Windows Firewall with advanced security snap-in.

5. Click Add, then in Another Computer, type the name or IP Address of the Server Core server you want to manage.

6. After a short loading, if all is ok, you will be presented with the management GUI of the remote server. You can now create new Firewall rules, enable or disable existing rules, export your settings or disable the Firewall altogether.

7. For example, to enable the rule allowing Remote Desktop connections to the Server Core, go to Inbound Rules. In the results pane scroll down till you find Remote Desktop (Tcp-in), right-click it and choose Enable.

-------------- End of Document -----------------

Tags: Windows Server 2008

Published Date: 20080404

How to disable IPv6 stack on Windows Server 2008 core

Unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista and Windows Server 2008 by doing one of the following:

Windows Server Core:

1. Export the registry key

reg export hklm\system\currentcontrolset\services\tcpip6\parameters c:\regipv6.txt

2. Add the following key under parameters using the command mentioned below

reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 255

Windows Server Full installation:

1. In the Network Connections folder, obtain properties on all of your connections and adapters and clear the check box next to the Internet Protocol version 6 (TCP/IPv6) component in the list under “This connection uses the following items”.

This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface.

2. Add the following registry value (DWORD type) set to 0xFF:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents

This method disables IPv6 on all your LAN interfaces, connections, and tunnel interfaces but does not disable the IPv6 loopback interface. You must restart the computer for this registry value to take effect.

If you disable IPv6, you will not be able to use Windows Meeting Space or any application that relies on the Windows Peer-to-Peer Networking platform or the Teredo transition technology.

Please do have a look at the article http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx before making any changes to the system to know about the effects on the system.

-------------- End of Document -----------------

Tags: Windows Server 2008

Published Date: 20080403

Managing Telnet Server service in Windows Server 2008 using CLI

To install Telnet client or server use one of the following commands

Full Installation:

Servermanagercmd –install telnet-server

Servermanagercmd –install telnet-client

Core Installation:

Ocsetup TelnetServer (case sensitive)

Ocsetup TelnetClient (case sensitive)

Note: After installation the Telnet Server service is disabled and in stopped mode. You need to manaually enable it and start the service. No confirmation message is displayed before or after completion of installation

To uninstall Telnet client or server use one of the following commands

Full Installation:

Servermanagercmd –remove telnet-server

Servermanagercmd –remove telnet-client

Core Installation:

ocsetup TelnetServer /uninstall (case sensitive)

ocsetup TelnetClient /uninstall (case sensitive)

To verify if the Telnet Client and/or server is installed on the server:

Full Installation:

Servermanagercmd –q

Core Installation:

oclist

-------------- End of Document -----------------

Tags: Windows Server 2008

Published Date: 20080401