Category: Windows Servers

Microsoft Assessment and Planning Toolkit 5.5

The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop and server migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help organizations accelerate their IT infrastructure planning process, and gather more detail on assets that reside within their current environment. MAP also provides server utilization data for Hyper-V server virtualization planning; identifying server placements, and performing virtualization candidate assessments, including ROI analysis for server consolidation with Hyper-V.

MAP helps make the following IT planning projects faster and easier:

  • Migration to Windows 7, Windows Server 2008 R2, and Microsoft Office 2010
  • Migration to Windows 7 compatible versions of Internet Explorer
  • Migration to cloud-based services
  • Server virtualization with Hyper-V
  • SQL Server consolidation and migration to SQL Server 2008 R2
  • Assessment of current software usage and client access history for simplified software asset management
  • PC security assessment and migration to Microsoft Forefront Client Security

You can use MAP to inventory the following technologies:

  • Windows 7
  • Windows Vista
  • Windows XP Professional
  • Office 2010 and previous versions
  • Windows Server 2008 or Windows Server 2008 R2
  • Windows Server 2003 or Windows Server 2003 R2
  • Windows 2000 Professional or Windows 2000 Server
  • VMware ESX
  • VMware ESXi
  • VMware Server
  • Linux variants
  • LAMP application stack discovery
  • SQL Server 2008
  • SQL Server 2008 R2
  • MySQL
  • Oracle
  • Sybase

Download MAP 5.5 HERE

Home folders renamed to My Documents

When you redirect users home folders to network share the folders are show as My Documents folder.

This is a bug in Windows 7 
http://support.microsoft.com/kb/947222

Solution:

Do not grant the Read permission to the administrator for the Desktop.ini files on the server. To do this, follow these steps:

Note If more than one Desktop.ini file exists, follow these steps for all the Desktop.ini files.

  1. Right-click the Desktop.ini file, click Properties, and then click the Security tab.
  2. In the Group or user names pane, click Administrators.
  3. Click to select the Deny check box for the Read permission.
  4. Click OK.

If you have 1000+ home folders this is not great thing to do Sad smile

Richard Willis created a nice powershell script that will do it for you Open-mouthed smile
You need only change the groupName to the group that you will give deny read permissions.
Save the script in de home folder where all the “My Documents” are and run the script.

The Script:
———————————————————————————————————–

$folders = Get-ChildItem | where-object {$_.psiscontainer};
foreach ($folder in $folders)
{
$desktopIni = Get-ChildItem $folder -Filter desktop.ini -Force
if ($desktopIni -ne $null)
{
$Acl = Get-Acl $desktopIni.FullName
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule `
("groupName","Read","Deny")
$Acl.SetAccessRule($Ar)
Set-Acl $desktopIni.FullName $Acl
}
}

———————————————————————————————————-

Remote Desktop Services Component Architecture Poster

This poster provides a visual reference for understanding key Remote Desktop Services technologies in Windows Server 2008 R2. It explains the functions and roles of Remote Desktop Session Host, Remote Desktop Virtualization Host, Remote Desktop Connection Broker, Remote Desktop Web Access, Remote Desktop Gateway, RemoteFX and Remote Desktop Licensing.

To Download: Click on the picture.

image

Windows Cannot Find GPEdit.MSC

I get this error on a Windows 2003 R2 x64 machine when I wanted to use the Group Policy Management Console.

image

Solution is really simple:

1- Browse to "%windir%\system32\" and copy gpedit.msc
2- Browse to "%windir%\syswow64\" and paste gpedit.msc
Now it works again Smile

Enable Windows 7 Features through Group Policy

I love Windows 7. But there is one thing a hate about Windows 7.
There is no nice way to enable Windows 7 Features trough Group Policy.

So I created a small visual basis script that i used as a startup script.

It checks if adsnapins.txt exist in the program files files. If exsist do nothing if it don’t exsist enable the feature.

Windows7ADSnapIns.vbs

‘Installeerd Windows 7 AD Management Snapins.
’13-07-2010 Ward Vissers

Set fso = CreateObject("Scripting.FileSystemObject")

If Not (fso.FileExists("C:\Program Files\adsnapins.txt")) Then
    Dim Wsh
    Set wsh = CreateObject("WScript.Shell")
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS", ,1
    wsh.run "dism /online /enable-feature /featurename:RemoteServerAdministrationTools-Roles-AD-DS-SnapIns", ,1
    fso.CopyFile "\\ad.local\afs\install\Windows7Feature\adsnapins.txt", "C:\Program Files\adsnapins.txt"

End If

Set fso = Nothing

Enable the Change Password feature with Outlook Web Access on a Windows 2003 Exchange 2007 Server

First Step create the IISADMPWD virtual directory, do the following:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.  
  2. Right-click the default Web site, point to New, and then click Virtual Directory. image
  3. In the Virtual Directory Creation wizard, type IISADMPWD in the Alias box, and then click Next.
    image 
  4. In the Directory box, type c:\windows\system32\inetsrv\iisadmpwd or the location where your hard disk is your default hard disk, and then click Next.
    image
  5. Verify that only the Read and Run script check boxes are selected, such as the ASP check box, click Next, and then click Finish.
    image  image
  6. Verify that the IISADMPWD virtual directory has only basic authentication is set
    image
  7. If you use Windows 2003/IIS 6.0, verify that the application pool is set to MSExchangeOWAAppPool
    image 
  8. Register the IISpwchg.dll file in the Iisadmpwd directory:
    Click Start, and then click Run.
    In the Open box, type the following, and then press ENTER:
    regsvr32 c:\windows\system32\inetsrv\iisadmpwd\iispwchg.dll
  9. Configure the PasswordChangeFlags property in the metabase to make sure that the Password Change functionality is enabled:
    Click Start, and then click Run.
    In the Open box, type cmd, and then press ENTER.
    Locate the C:\Inetpub\Adminscripts directory.
    Type the following command, and then press ENTER:
    cscript.exe adsutil.vbs set w3svc/passwordchangeflags 1

    0: This is the default value. This value indicates that you must use a Secure Sockets Layer (SSL) connection when you change the password.
    1: This value permits password changes on non-secure ports. This value is useful if SSL is not enabled.
    2: This value disables the Password Change functionality.
    4: This value disables the advance notification of password expiration.

  10. Do not forget to enable Active Server Pages.
    image 
    Source http://support.microsoft.com/kb/297121

Windows Server 2008 R2: Hyper-V Component Architecture Poster

The Hyper V documentation team has done a great job of putting together a detailed Windows Server 2008 R2: Hyper-V Component Architecture Poster.  Download the .PDFimage

The poster provides details on the inner workings of things like:

  • Virtual Networking
  • Virtual Storage
  • Live Migration
  • Virtual Machine Snapshots
  • Virtual Machine File Management

When trying to activate you get 0xC004F074 with description "The Key Management Server (KMS) is unavailable"

Error:
image

The KMS host that is used is very probably a Windows Server 2008 KMS host that cannot standard activate Windows 7 and 2008 R2 machines.

When you do not have Windows Server 2008 R2 KMS host key have then you must have a Volume License agreement so that your request your Windows 7 and Windows 2008 R2 kms keys.

Resolution

Step 1:
-If the KMS host a Windows Server 2003 SP2 machine is you have the update from the KB article KB968915 install and restart the machine.
-If the KMS host a Windows Server 2008 SP2 machine is you have the update from the KB article KB968912 install and start the new machine.
-If the KMS host one Windows Server 2008 R2 machine is you have to install any further update.

Step 2:
You the new KMS host key import now. The commands are as follows:

1. Uninstall KMS license Key on host – slmgr.vbs /upk

2. Install Windows Server 2008 R2 KMS license key – slmgr.vbs /ipk <Your Key>

3. Activate KMS server online: slmgr.vbs /ato

4. Net Stop slsvc

5. Net Start slsvc

The clients can now activate

Migrate a DFS Namespace to Windows Server 2008 Mode

When you plan to use to upgrade your DFS domain namespace to 2008 Mode there are some requirements:
– The forest uses the Windows Server 2003 or higher forest functional level
– The domain uses the Windows Server 2008 or higher domain functional level
– All namespace servers are running Windows Server 2008 or (2008 R2)

1. Installing latest DFS Hotfix on servers where Distributed File System (DFS) technologies is installed
2. Dfsutil root export \\domain\namespace path\filename.xml
3. Remove all Namespace Servers
4. Dfsutil root remove \\domain\namespace
5. Dfsutil root adddom \\server\namespace v2
6. Dfsutil root import merge path\filename.xml \\domain\namespace
7. Add all Namespace servers
8. Tuning replication performance in DFSR (especially on Win2008 R2)

Defrag your Virtual Machines (VMs’)

Just like any other operating system, over time, a disk will become fragmented. Virtual machines are no different. The time that it takes for a disk to become fragmented depends on what data is being added to and removed from the virtual machine hard drive.

Why use MyDefrag instead of the standard Windows defragger?

  • Much faster.
  • Totally automatic, extremely easy to use.
  • Optimized for daily use.
  • Disk optimization, several strategies.
  • Directories are placed together.
  • Reclaims NTFS reserved areas after disk-full.
  • Maintains free spaces for temporary files.
  • Can defragment very full harddisks.
  • Can defragment very large files.
  • Can defragment individual directories and files.
  • Can be run automatically with the Windows Scheduler.
  • Can be used from the commandline.
  • Can be used as a screen saver.
  • Can be run from cdrom or memory stick.
  • Script language, can be customized.
  • Better voor VCB, VDR, DPM & Snapshots.

When you run MyDeFrag.exe with /verysilent it detect automatically the OS and then install x86 or x64 version from MyDefrag. It’s always installed at c:\program files. You can deploy it with MDT 2010 automatically when installing the OS. Or run it from a network share.

You can use Group Policy Preferences to schedule it. 
image

Translate »