Networking

Group Policy Settings Reference for Windows Server 2008

Windows Server 2008 delivered with Administrative template files (.admx/.adml) policy settings for computer and user configurations. The policy settings included in this spreadsheet cover Windows Server 2008, Windows Vista, Windows Server 2003, Windows XP Professional and Windows 2000.

To configure these policy settings we need use Group Policy objects (GPOs). In addition, this spreadsheet includes the following categories of security policy settings:

• Account Policies (Password Policy, Account Lockout Policy, and Kerberos Policy)
• Local Policies (Audit Policy, User Rights Assignment, and Security Options)
• Event Log
• Restricted Groups
• System Services
• Registry
• File System policy settings

Download here

Universal TCP/IP Network Bootdisk - Version 6.02 Released!

The Universal TCP/IP Network Bootdisk is a DOS bootdisk that provides TCP/IP networking support. It’s designed for use in Microsoft networking environments, on either peer-to-peer or domain based LANs. Currently 94 different network card drivers all included, all on the single 1.44MB disk!

Change Log:
* Added Attansic L2 Driver
* Added Agere ET1310B driver
* Updated Broadcomm B57 Driver + 2 more autodetection ID’s
* Updated Broadcomm NetXtreme II Driver
* Updated Intel Pro 1000 Driver + 6 more autodetection ID’s
* Updated RealTek 8168 Driver
* Updated RealTek 8169 Driver
* Updated Yuken Driver + 16 more ID’s
* Added Nvidia autodetection 0268
* Disabled Ultra DMA on CD-ROM Driver - should prevent freezing issues
* Fixed Set=Drv bug in MakeDisk.bat build file

Note: Take a look at Microsoft Article ID : 811497 to resolve a problems logging on to a Windows 2000-based server or a Windows 2003-based server
Download

PXE, aka Pre-Execution Environment and Acronis - Part 2

Since I’ve published article “PXE, aka Pre-Execution Environment - Part 1” I’ve got a lot of emails with the same question - ‘Where is a Part 2?”. So, here it is.

I know many Network Administrators who work with Acronis products and i also sometime work with those good products. This week i did a project for one of my clients in Seattle, WA. The main idea was to deploy an Acronis image on new servers and configure those servers according to system requirements. So, again, those servers came without floppy drive and CD/DVD and as all of you know, to restore Acronis image on a new machine we have to use Bootable Rescue Media, aka Bootable CD with Acronis on it. Yes, i know, that Acronis provides a products with PXE integrated, but i don’t have it and I’ve used my own PXE server.

The first step I did was create Bootable Rescue Media. Then I took 2 files, kernel.dat and ramdisk.dat  from Acronis’s directory and put them into C:\PXEServer\TFTPRoot\Boot directory. Well, now was the time to make a small changes to our “default” file (default file located in C:\PXEServer\TFTPRoot\Boot\pxelinux.cfg\ directory). After all those changes my “default” file now looks as follow:

DEFAULT menu.c32

LABEL MemTest
MENU LABEL ^Memory Test
kernel memdisk
append initrd=W98_MemTest.IMA

The next steps were pretty simple ;), Boot, Select Acronis from the menu, Select Image for recovery and…..

Thanks to time PXE saved me I was able to spend some time in very beautiful city Seattle.

Relaited Articles
PXE, aka Pre-Execution Environment - Part 1

PXE and Boot Disk which created at Windows XP

Few month ago I published an article “PXE, aka Pre-Execution Environment - Part 1“. In this article, I talked about a problem to use boot disk which created at Windows XP for PXE boot. I’d like to say thanks to Michael Bridge. He found a way to make the Windows XP floppy image of the netbootdisk work.

Under \ pxelinux.cfg \ default

edit the default to

append initrd=.IMA raw

(add “raw” after the image name)
According to this http://syslinux.zytor.com/memdisk.php it allows access to protected mode memory. Michael Bridge, told me that he managed to get the solution on this web site:
http://syslinux.zytor.com/archives/2007-July/008918.html

System Center Virtual Machine Manager 2007 Scripting Guide

Microsoft, exactly for me created a good white paper that I’d like to read:

System Center Virtual Machine Manager 2007 Scripting Guide

A very nice guide of useful script samples for SCVMM - which highlights common tasks:

Adding new Virtual Server hosts.
Configuring new Virtual Server hosts.
Deploying and configuration new virtual machines from the library.
Moving virtual machines between different hosts.

If you are working with Virtual Machine Manager, Must read!

One Line Commands

I’m posting some of my favorite scripts on blog and on my site (http://thesystemadministrator.com). Now, I’d like to show few of “one line commands” scripts. The command entry should all be on one line.

Domain Controllers
Nltest /dclist:%userdnsdomain%

Domain Controller IP Configuration
for /f %i in (’dsquery server -domain %userdnsdomain% -o rdn’) do psexec \\%i ipconfig /all

AD Database disk usage
for /f %i in (’dsquery server -domain %userdnsdomain% -o rdn’) do dir \\%i\admin$\ntds

Content on log files via browser

I’ve a client that runs special program on about 100 servers. This program writes a log on central server every 3 minutes. So, when I checked main server, I found a directory Logs (C:\Logs). Log’s directory contains many log files (each log for each server).  On this server installed and runs a web server, Apache ;). So, I’d like to show a small AppsRuns.php file, which stored on web server. If we go to the http://server1/AppsRuns.php we will see a content of each log file on one web page. This web page refreshing every 10 sec. Here is a content of AppsRuns.php file:

<?php
    $refresh_time = 10; // seconds
    $path = “C:LOGS”;

    header(”Content-Type: text/plain”);
    header(”Refresh: $refresh_time”);

    if($handle = opendir($path)) {
    while (false !== ($file = readdir($handle))) {
        $pi = pathinfo($path . ‘/’ . $file);
        if($pi[’extension’] === ‘txt’) {
        include($path . ‘/’ . $file);
        }
    }
    }
?>

Updates: Free Deployment System Scripts

I have made a small change in my “Free Deployment System“, the set of script allows to deploy, install or run applications on any remote computer.
Equally, I just added a few new lines. In to Config.bat added a new line:

set DSRV= 192.168.211.1

By using a DSRV environment i can set IP or Computer Name of my Deployment Server.
Also, added two new lines to the INSPKG.bat script (Script in original article already changed, so you can simply take a changed script). One of new lines contains following:

%Tools%psexec.exe \%RCOMP% -u %USR% -p %PASS% -i cmd /c md C:Updates

This line creates a directory C:\Updates on remote computer. I use C:\Updates on remote computer to copy there necessary scripts and source of installation programs. The other new line in INSPKG.bat is:

@echo set DSRV=%DSRV%> \%RCOMP%C$updatesconfig.bat

As you can see, by this line I create a config.bat file on remote computer and put in to environment, that sets a name or IP of our deployment server. Additionally, we need to change a package script. So, after changes, our package script looks like follow:

@echo off
call c:updatesconfig.bat
\%DSRV%packages7ZIP7z442.exe /S

So, now, if we are changed our deployment server, we have not to change our packages script.

Free Deployment System

All Network Administrators at least once thought about how to install a program on remote computer without ever touching it. Hopefully, today we have a lot of ways to achieve this goal. The very interesting part of it all is, when ever I provide a consulting services to companies, I hear the same question, “Michael, do you know any FREE solutions to distribute programs, patches or run anything on remote computers?”

I’d like to show you the solution, I’ve created for myself. Let’s call it “Free Deployment System :)”…

“Free Deployment System” contains a set of scripts and free tools. The heart of this system is a PSExec by Sysinternals.

Before I start, let’s clarify few pre-requirements. We need one server or computer that will hold off packages and scripts. The Deployment System will run on this system. We need a user with administration privileges on all remote computers (We can create a user on Domain level and set the necessary permissions to this user).

Ok, now we are ready to start.

Let’s created a directory structure on deployment server.

C:Operation
 |_Scripts
 |_Tools
 |_Packages

In my situation, I don’t have any files in C:\Operation directory. In C:\Operation\Tools directory I have tools that I have been using in my scripts. The main scripts of “Free Deployment System” are located in C:\Operation\Scripts. C:\Operation\Packages contains packages for remote installation. Set a Share on the C:\Operation\Packages and give all users Read Permissions.Now we need to create a few files in C:\Operation\Scripts directory. The first file is #Servers.txt. This file contains an IP addresses or Computer Name of remote computers. Each IP or name should be on new line. In my case #Servers.txt looks as follow:

192.168.3.95
192.168.3.96
192.168.3.97
192.168.3.98
192.168.3.99
192.168.3.10

The next file in our system will be a Config.bat. By using Config.bat I set credentials for connection to remote computers. Config.bat looks as follow:

@echo off
set DM=AdminInfo
set USR=TSAADMIN
set PASS=TSAPassWord

OK, now we are going to create a main script of our system. I named it INSPKG.bat, meaning “Install Packages”. Before show the content of INSPKG.bat I’d like to say a few words about how it works.

INSPKG.bat runs in loop and checks each line of #Servers.txt file and use this addresses as a destination where the installation package should be installed. When the package installed on last computer (last line in #Servers.txt file) INSPKG.bat will stop working. If you have too many computers in your network, the package deployment could take time, be patient. So, INSPKG.bat contains the following lines:

@echo off

Rem *****************************************************************************
Rem *       For 1 envirement use the Pakage file name                           *
Rem *       The general location of all Pakage is: C:OperationPackages        *
Rem *       On remote computer computer should be located  “C:Updates”         *
Rem *                                                                           *
Rem *       Websites:  http://thesystemadministrator.com                        *
Rem *                                                                           *
Rem *****************************************************************************

if {%1}=={} @Echo Please set the Pakagename.The format is INSPKG.bat 7Zip &goto :EOF

set Scripts=C:OperationScripts
set Tools=C:OperationTools
set Packages=C:OperationPackages

call %Scripts%Config.bat

SET IP-SRV=
SET LoopNum=
SET Line=
SET I=
SET RCOMP=
SET Line=0

TYPE %Scripts%#Servers.txt > %TEMP%SRVLIST.txt

FOR /F “TOKENS=*” %%a in (’%Tools%LINEX -c ^<%TEMP%SRVLIST.txt’) do set IP-SRV=%%a
SET /a LoopNum=%IP-SRV% + 1

:LOOP1
SET /a I=%I% + 1
SET /a Line=%Line% + 1
IF “%I%”==”%LoopNum%” goto END
FOR /F “TOKENS=*” %%a in (’%Tools%LINEX -l %Line% ^<%TEMP%SRVLIST.txt’) do set RCOMP=%%a

copy “%Packages%%1%1.bat”  “\%RCOMP%c$Updates\” /Y

@echo Please wait …

%Tools%psexec.exe \%RCOMP% -u %DM%%USR% -p %PASS% -i C:Updates%1.bat

SET Line=%Line%
goto LOOP1

:END
SET IP-SRV=
SET LoopNum=
SET Line=
SET I=
SET RCOMP=
SET Line=

INSPKG.bat should run from a console (cmd.exe) of our deployment server. The format is following:

C:OperationScriptsINSPKG.bat 7Zip

Where, 7Zip is a name of a package. As you can see, in this example, I’m going to deploy a 7-Zip to all computers, but before this I have to create a package. So, for this purpose I’m going to the C:\Operation\Packages directory and create a new directory, 7ZIP. Inside 7ZIP I create a file 7ZIP.bat and put the installation file of 7-Zip. I’m going to install a 7z442.exe on all computers. By using RTFM rule :), I know that to install a 7-Zip in silent mode I have to use switch /S. So, my 7Zip.bat contains the following lines:

@echo off
\192.168.3.39packages7ZIP7z442.exe /S

Note: Change 192.168.3.39 to the IP or name of your Deployment Server.

And, on the final, we need put necessary tools to the C:\Operation\Tools directory. Download last version of PSExec and put it to C:\Operation\Tools directory. In INSPKG.bat I’m using a very cool tool, LINEX.EXE. Linex.exe is a part of “Bill Stewart’s freeware Batch Script Tools”. When I wrote this article, I tried to find an official web site of “Bill Stewart’s freeware Batch Script Tools”, but failed. So, you can download a Linex.exe directly from my web site.As additional example, I’ve created packages for Acrobat Reader and Firefox.  Keep in mind to create a separate directory for each package. The Directory and name of package script should be the same, meaning if you are going to create a package for Firefox inside C:\Operation\Packages create directory Firefox and inside C:\Operation\Packages\Firefox create a script Firefox.bat and also inside C:\Operation\Packages\Firefox put the installation file of Firefox. Here is my Firefox.bat:

@echo off
\192.168.3.39packagesFirefoxFirefoxSetup2.0.0.9.exe -ms 

Note: Change 192.168.3.39 to the IP or name of your Deployment Server.

I hope I didn’t forgot anything .
Let me know what kind of package you are interesting in and I’ll try to create it. I’ll be very happy if you write comment for this article.

Sysinternals tools have been updated

Sysinternals Tools have been updated. PSExec v1.90 improves handling of arguments, BgInfo v4.12 offers improved reporting, Process Explorer v11.04 fixes a memory leak, ADExplorer v1.01, DebugView v4.72 and Process Monitor v1.26 fix some minor bugs.