Category: Windows Servers

Home folders renamed to My Documents

When you redirect users home folders to network share the folders are show as My Documents folder.

This is a bug in Windows 7 
http://support.microsoft.com/kb/947222

Solution:

Do not grant the Read permission to the administrator for the Desktop.ini files on the server. To do this, follow these steps:

Note If more than one Desktop.ini file exists, follow these steps for all the Desktop.ini files.

  1. Right-click the Desktop.ini file, click Properties, and then click the Security tab.
  2. In the Group or user names pane, click Administrators.
  3. Click to select the Deny check box for the Read permission.
  4. Click OK.

If you have 1000+ home folders this is not great thing to do Sad smile

Richard Willis created a nice powershell script that will do it for you Open-mouthed smile
You need only change the groupName to the group that you will give deny read permissions.
Save the script in de home folder where all the “My Documents” are and run the script.

The Script:
———————————————————————————————————–

$folders = Get-ChildItem | where-object {$_.psiscontainer};
foreach ($folder in $folders)
{
$desktopIni = Get-ChildItem $folder -Filter desktop.ini -Force
if ($desktopIni -ne $null)
{
$Acl = Get-Acl $desktopIni.FullName
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule `
("groupName","Read","Deny")
$Acl.SetAccessRule($Ar)
Set-Acl $desktopIni.FullName $Acl
}
}

———————————————————————————————————-

Remote Desktop Services Component Architecture Poster

This poster provides a visual reference for understanding key Remote Desktop Services technologies in Windows Server 2008 R2. It explains the functions and roles of Remote Desktop Session Host, Remote Desktop Virtualization Host, Remote Desktop Connection Broker, Remote Desktop Web Access, Remote Desktop Gateway, RemoteFX and Remote Desktop Licensing.

To Download: Click on the picture.

image

Windows Cannot Find GPEdit.MSC

I get this error on a Windows 2003 R2 x64 machine when I wanted to use the Group Policy Management Console.

image

Solution is really simple:

1- Browse to "%windir%\system32\" and copy gpedit.msc
2- Browse to "%windir%\syswow64\" and paste gpedit.msc
Now it works again Smile

Enable Windows 7 Features through Group Policy

I love Windows 7. But there is one thing a hate about Windows 7.
There is no nice way to enable Windows 7 Features trough Group Policy.

So I created a small visual basis script that i used as a startup script.

It checks if adsnapins.txt exist in the program files files. If exsist do nothing if it don’t exsist enable the feature.

Windows7ADSnapIns.vbs

‘Installeerd Windows 7 AD Management Snapins.
’13-07-2010 Ward Vissers

Set fso = CreateObject("Scripting.FileSystemObject")

If Not (fso.FileExists("C:\Program Files\adsnapins.txt")) Then
    Dim Wsh
    Set wsh = CreateObject("WScript.Shell")
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns", ,1
    fso.CopyFile "\\ad.local\afs\install\Windows7Feature\adsnapins.txt", "C:\Program Files\adsnapins.txt"

End If

Set fso = Nothing

Enable the Change Password feature with Outlook Web Access on a Windows 2003 Exchange 2007 Server

First Step create the IISADMPWD virtual directory, do the following:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.  
  2. Right-click the default Web site, point to New, and then click Virtual Directory. image
  3. In the Virtual Directory Creation wizard, type IISADMPWD in the Alias box, and then click Next.
    image 
  4. In the Directory box, type c:\windows\system32\inetsrv\iisadmpwd or the location where your hard disk is your default hard disk, and then click Next.
    image
  5. Verify that only the Read and Run script check boxes are selected, such as the ASP check box, click Next, and then click Finish.
    image  image
  6. Verify that the IISADMPWD virtual directory has only basic authentication is set
    image
  7. If you use Windows 2003/IIS 6.0, verify that the application pool is set to MSExchangeOWAAppPool
    image 
  8. Register the IISpwchg.dll file in the Iisadmpwd directory:
    Click Start, and then click Run.
    In the Open box, type the following, and then press ENTER:
    regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll
  9. Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change functionality is enabled:
    Click Start, and then click Run.
    In the Open box, type cmd, and then press ENTER.
    Locate the C:\Inetpub\Adminscripts directory.
    Type the following command, and then press ENTER:
    cscript.exe adsutil.vbs set w3svc/passwordchangeflags 1

    0: This is the default value. This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.
    1: This value permits password changes on non-secure ports. This value is useful if SSL is not enabled.
    2: This value disables the Password Change functionality.
    4: This value disables the advance notification of password expiration.

  10. Do not forget to enable Active Server Pages.
    image 
    Source http://support.microsoft.com/kb/297121

Windows Server 2008 R2: Hyper-V Component Architecture Poster

The Hyper V documentation team has done a great job of putting together a detailed Windows Server 2008 R2: Hyper-V Component Architecture Poster.  Download the .PDFimage

The poster provides details on the inner workings of things like:

  • Virtual Networking
  • Virtual Storage
  • Live Migration
  • Virtual Machine Snapshots
  • Virtual Machine File Management

When trying to activate you get 0xC004F074 with description "The Key Management Server (KMS) is unavailable"

Error:
image

The KMS host that is used is very probably a Windows Server 2008 KMS host that cannot standard activate Windows 7 and 2008 R2 machines.

When you do not have Windows Server 2008 R2 KMS host key have then you must have a Volume License agreement so that your request your Windows 7 and Windows 2008 R2 kms keys.

Resolution

Step 1:
-If the KMS host a Windows Server 2003 SP2 machine is you have the update from the KB article KB968915 install and restart the machine.
-If the KMS host a Windows Server 2008 SP2 machine is you have the update from the KB article KB968912 install and start the new machine.
-If the KMS host one Windows Server 2008 R2 machine is you have to install any further update.

Step 2:
You the new KMS host key import now. The commands are as follows:

1. Uninstall KMS license Key on host – slmgr.vbs /upk

2. Install Windows Server 2008 R2 KMS license key – slmgr.vbs /ipk <Your Key>

3. Activate KMS server online: slmgr.vbs /ato

4. Net Stop slsvc

5. Net Start slsvc

The clients can now activate

Migrate a DFS Namespace to Windows Server 2008 Mode

When you plan to use to upgrade your DFS domain namespace to 2008 Mode there are some requirements:
– The forest uses the Windows Server 2003 or higher forest functional level
– The domain uses the Windows Server 2008 or higher domain functional level
– All namespace servers are running Windows Server 2008 or (2008 R2)

1. Installing latest DFS Hotfix on servers where Distributed File System (DFS) technologies is installed
2. Dfsutil root export \\domain\namespace path\filename.xml
3. Remove all Namespace Servers
4. Dfsutil root remove \\domain\namespace
5. Dfsutil root adddom \\server\namespace v2
6. Dfsutil root import merge path\filename.xml \\domain\namespace
7. Add all Namespace servers
8. Tuning replication performance in DFSR (especially on Win2008 R2)

Defrag your Virtual Machines (VMs’)

Just like any other operating system, over time, a disk will become fragmented. Virtual machines are no different. The time that it takes for a disk to become fragmented depends on what data is being added to and removed from the virtual machine hard drive.

Why use MyDefrag instead of the standard Windows defragger?

  • Much faster.
  • Totally automatic, extremely easy to use.
  • Optimized for daily use.
  • Disk optimization, several strategies.
  • Directories are placed together.
  • Reclaims NTFS reserved areas after disk-full.
  • Maintains free spaces for temporary files.
  • Can defragment very full harddisks.
  • Can defragment very large files.
  • Can defragment individual directories and files.
  • Can be run automatically with the Windows Scheduler.
  • Can be used from the commandline.
  • Can be used as a screen saver.
  • Can be run from cdrom or memory stick.
  • Script language, can be customized.
  • Better voor VCB, VDR, DPM & Snapshots.

When you run MyDeFrag.exe with /verysilent it detect automatically the OS and then install x86 or x64 version from MyDefrag. It’s always installed at c:\program files. You can deploy it with MDT 2010 automatically when installing the OS. Or run it from a network share.

You can use Group Policy Preferences to schedule it. 
image

Best Practices Analyzer Updates for Server 2008 R2

Update for Best Practices Analyzer for HYPER-V for Windows Server 2008 R2 x64 Edition (KB977238) You can use Hyper-V Best Practices Analyzer to scan a server that is running the Hyper-V role, and help identify configurations that do not comply with the best practices of Microsoft for this role.

Update for Best Practices Analyzer for DHCP Server for Windows Server 2008 R2 x64 Edition (KB977236) You can use DHCP Best Practices Analyzer to scan a server that is running the DHCP role and help identify configurations that do not comply with the best practices from Microsoft for this role.

Update for Best Practices Analyzer for Network Policy and Access Services for Windows Server 2008 R2 x64 Edition (NPAS) (KB977239) You can use the Network Policy and Access Services update for Best Practices Analyzer to scan a server that is running one or more of following the role services: Network Policy Server, Health Registration Authority, and Routing and Remote Access Service.

Update for Best Practices Analyzer for File Services for Windows Server 2008 R2 x64 Edition (KB981111) You can use File Services Best Practices Analyzer to scan a server that is running the File Services role and one or more of following role services: DFS Namespaces, DFS Replication, File Server, File Server Resource Manager, Services for Network File System.

Update for Best Practices Analyzer for Active Directory Rights Management Services for Windows Server 2008 R2 x64 Edition (KB981391) You can use Active Directory Rights Management Services Best Practices Analyzer to scan a server that is running the AD RMS role and help identify configurations that do not comply with the best practices of Microsoft for this role.

Update for Best Practices Analyzer for Windows Server Update Services for Windows Server 2008 R2 x64 Edition (KB981390) You can use the Windows Server Update Services (WSUS) update for Best Practices Analyzer to scan a server that is running WSUS.

Update for Best Practices Analyzer for Application Server for Windows Server 2008 R2 x64 Edition (KB981392) You can use the Application Server update for Best Practices Analyzer to scan a server

Translate »