Help Stop SOPA/PIPA

Posted on January 17, 2012 by Christoffer Steding

PROTECT IP / SOPA Breaks The Internet from Fight for the Future on Vimeo.

Posted in Uncategorized | Leave a comment

Configure Windows 2008 / 2008 R2 core

Posted on January 14, 2012 by Christoffer Steding

Why should I run server core?

It is a minimal Windows Installation that can run specific server roles. This reduces the attack surface on the server. Windows 2008 and 2008 R2 core consumes less memory and CPU than a “regular” Windows 2008 installation does. And yes you can install antivirus software and other programs as long as you can install them silent.

How do I configure the server?

In 2008 R2 you can use the command sconfig to do basic configuration. This is the easiest way to configure the server.

 

In the 2008 version of server core you need to configure the server using script or third party software.
I like Core Configuration Console (CCC) that can be downloaded from http://www.nullsession.com/downloads
If you don’t want to use CCC you have some commands below to configure your server.

Configure Static IP address:

The following command configures the interface named Local Area Connection with the static IP address 192.168.0.19, the subnet mask of 255.255.255.0, and a default gateway of 192.168.0.1:

“Local Area Connection” is the name of the network connection that you want to configure.
To find the name of your connection you can use ipconfig.

netsh interface ipv4 set address name=”Local Area Connection” static 192.168.0.19 255.255.255.0 192.168.0.1

netsh interface ipv4 add dnsserver name=”Local Area Connection” address=192.168.0.11

netsh interface ipv4 add dnsserver name=”Local Area Connection” address=192.168.0.19 index=2

Disable Firewall:

netsh advfirewall set AllProfiles state off

Rename Server:
To find the current name of your server type hostname.

netdom renamecomputer server_name /newname:dc02

Restart Server:

shutdown /r /t 0

Join domain:

netdom join /d:compit.local dc02 /ud:compit\administrator /pd:password

Now when you have configured your server it’s time to start adding roles that you want on your server.

 

 

 

 

Posted in Core, Windows Server | Tagged , , | Leave a comment

Update Username, time and computer model in the computer description field when user logon.

Posted on January 7, 2012 by Christoffer Steding

This script is good when you want to know who is using a specific computer and the model of the computer. The description is updated every time a user logs on to a computer.

To use the script create a new GPO or use an existing GPO and add the VB script as a logon script.
Link the GPO to the computers OU.
For the users to be able to update the description field you need to delegate the control to the users to do so. Follow the guide below.

You can download the script from this link.

http://www.compit.se/download/script/SetCompDesc.zip

Delegate control to users to write in the computer description field

Right click on the OU that you want to give the users the right to update the description field.
Choose the Delegate Control…

  1. Delegation of Control wizard will start .
  2. Add the Group that you want to give the right to.
  3. Choose to Create a custom task to delegate.
  4. Select Only the following objects in the folder
    Then select Computer objects
  5. Choose Property-specific and then select Write Description
  6. Read the summary box so that everything is correct and press Finish

 

Now you have Delegated the rights to the users to update the description field in the OU that you selected.

Posted in Active Directory, Scripting | Tagged | Leave a comment

Managing HP drivers in SCCM and MDT.

Posted on December 5, 2011 by Christoffer Steding

Everybody that is working with deployment loves drivers and new computer models.
One good thing is that more and more PC manufacture is making it easier to handle drivers for their models.

To manage drivers for HP you can use HP SoftPaq Download Manager and HP System Software Manager.

* SoftPaqs = Applications and Drivers for HP Computers and Servers.

How does SDM and SSM work together?

  1. HP SDM connects to Internet to download the desired SoftPaqs for the computers.
  2. The SoftPaqs are saved in a shared folder on for example the server where you have your deployment share.
  3. SSM connects to the shared folder and checks for available SoftPaqs for the system that is being deployed and Installs the SoftPaqs.

 

HP SoftPaq Download Manager (SDM) – Lets you easy download drivers from HP.
http://www.hp.com/go/SDM

 

HP System Software Manager (SSM)– Installs the drivers on your computer during the Task Sequences.
http://www.hp.com/go/SSM

 

Configure SSM.

To run and setup SSM in admin mode, perform the following steps:

  1. Navigate to Hewlett-Packard\SSM in the Program Files directory (or Program Files (x86) if running 64-bit Windows), and then run SSM.exe
  2. When prompted for the location of the file share, navigate to the SDM download directory. Type the name you want to use for the file share, and then click Next.
  3. If you are presented with a message about SSM.CAB being missing, double-click on the specified text to copy the file to the file store, and then click Next until you reach client options.
  4. Select Reboot client upon completion of upgrades, and then click Next.
  5. Click Next until you reach the Build Database window.
  6. Select Check ftp.hp.com for CVA file updates first. This causes SSM to update the specification file for each SoftPaq, which may include bug fixes and expanded coverage.
  7. Click Build Database, and wait for the build process to finish.
  8. Click Finish to complete the process.
  9. Copy ssm.exe to the root of the SDM download directory. This allows easier execution of SSM from the network.

Configure SSM for use with a Task Sequences.

  1. Create a new application in MDT. Select Application without source files …..
  2. Enter HP SSM for application name.
  3. Enter the Command line \\server-name\share\ssm.exe . /install
  4. Press next a couple of times.
  5. Go to your Task Sequence and take properties.
  6. Add the application HP SSM

When HP SSM is executed it will check in the drivers folder for missing drivers and applications for the machine.

 

For more information you can read the following white papers from HP.

http://www.compit.se/download/deployment/system_software_mgr.pdf

http://www.compit.se/download/deployment/HP_drivers_MDT_SDM_SSM.pdf

Posted in Deployment | Tagged , , , , | Leave a comment

ISA Server 2004 and Gzip Compression.

Posted on October 28, 2011 by Christoffer Steding

I know that ISA 2004 is a really old but still there is a lot of them out there.
I came to a customer that had problems to get the compression from their webserver
to work.

They had a web publishing rule that published their web pages to the internet.
The web server was configured to use compression but it never did.
The reason for that is that the webserver doesn’t receives the accept-encoding header
from the browser and assumes that the browser doesn’t support compression.

To get this to work you have to change the web publishing rule to send accept encoding header
this is set to false by default in ISA 2004 and you can’t change this in the GUI.

If you change this to TRUE it will work for you. The way to change it is buy using a script below.

ruleName = WScript.Arguments(0)
Set FW = CreateObject (“FPC.Root”)
Set myRule = FW.GetContainingArray.ArrayPolicy.PolicyRules.Item (ruleName)
myRule.WebPublishingProperties.SendAcceptEncodingHeader = True
myRule.Save
WScript.Echo “Settings changed for ” & ruleName

Run it from the commandline:
WScript yourScriptName.vbs YourRule-Name

Posted in Scripting | Tagged | Leave a comment

Warning: Attribute userAccountControl is: 0×82020

Posted on September 2, 2011 by Christoffer Steding

New customer New problem do I need to say more?

Starting test: MachineAccount

Warning: Attribute userAccountControl of DC01 is:

0×82020 = ( PASSWD_NOTREQD | SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )

Typical setting for a DC is

0×82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )

This may be affecting replication?

……………………. DC01 passed test MachineAccount

To change the value to the correct value (532480) open ADSI Edit and go to OU=Domain Controllers and choose Properties on the Domain Controller where you have the problem.

In the Attribute Editor look for userAccountControl and click on Edit. Change the Value to 532480 with is the same as 0×82000 and click OK twice.

Run a new DCdiag to check that the problem is solved.

Starting test: MachineAccount

……………………. DC01 passed test MachineAccount

Posted in Active Directory | Tagged , , | Leave a comment

DCdiag – Got error while checking LDAP and RPC connectivity.

Posted on August 23, 2011 by Christoffer Steding

When running DCdiag on an Windows 2008 server i received the error:

Message 0×621 not found.

         Got error while checking LDAP and RPC connectivity. Please check your

         firewall settings.

         ……………………. DC01 failed test Connectivity

After checking my firewall I when ‘t on to Google to ask, I found some suggestions to check the cables, switch and network teaming. After dissolving the network teaming on the server the server passed the connectivity test, another solution could be to update to the latest Nic teaming software.

Testing server: Default-First-Site-Name\DC01

      Starting test: Connectivity

         ……………………. DC01 passed test Connectivity

Microsoft has now released a patch to correct this problem. You can find more info here http://support.microsoft.com/kb/978387

Posted in Active Directory | Tagged , | Leave a comment

Migrating client computers using a computer start up script.

Posted on August 15, 2011 by Christoffer Steding

What is the easy way to migrate computers to a new domain? Running around to every single computer or have a computer start up script do the job for you? Since I get enough training on the gym I decided to go with the script.

My mission was to migrate 120 client computers running Windows XP, Windows 7 and Vista. The computers where going to get new computer names and the users was getting new logon names.
The user was going to keep the old profile with the new username.

I used ForensIT User Profile Wizard and a GPO to migrate the computers. You can read more about ForensIT here http://www.forensit.com/domain-migration.html

When I bought it the price was 2$ / PC so it was worth every cent.

After the program is installed you start User Profile Wizard Deployment Kit and just follow the wizard and set the settings that you want to use.

By default the log file is saved on the client computer, I changed it to a server share where all computers have write access. So I could see witch computers was migrated.

When you are done with the wizard there is some tweaks you can do in the profwiz.xml file.
I changed the ProtocolPriority to LDAP otherwise it is using NETBIOS to AD the computer to Active Directory. For more info read the Administration Guide.

Migration flag:
When a computer is successfully migrated the script create a migration flag so you need to delete this flag if you are going to migrate a computer more than one time in you test environment. The flag file is written to C:\Documents and Settings\All Users\Application Data (on XP) if the migration is successful. By default this is called “ForensiTMigrated”

More tools:
You can download sample scripts and other good tools from
http://www.forensit.com/support-downloads.html


Posted in Active Directory, Scripting, Windows 7 | Leave a comment

Windows Repair Small Business Server 2003

Posted on June 1, 2011 by Christoffer Steding

 A couple of days ago I got a problem with one of my customers Smal Business Server 2003, the mouse, keyboard and nic stopped working. I tried to start the server in safe mode but that did not help.
After searching Google for a while i realized that there was no answer to the question I had. So the only thing left to do was to try.

I booted the server on the Windows Small Business Server 2003 disc 1.

Then:

  1. Press Enter to install Windows
  2. The setup will find that there is already a Windows installation.
  3. Press R to do a repair.
  4. Wait will Windows is installing.
  5. When Windows is installed logon to the server and configure the IP adress for the server.
    Here you can get a problem with that the IP is already assigned to another network card.
    If so read this KB http://support.microsoft.com/kb/315539
  6. When that is done run windows update, I had problem with Internet Explorer first so I had to download Internet Explorer 8 on another computer and install it, then a restart and after that i could run Windows update from Internet Explorer.
  7. After all the updates are installed check so that everything is working. And check the event logs for any errors.

 

Good Luck Chris

Posted in Uncategorized, Windows Server | Tagged | Leave a comment

Installing Cisco VPN client using MDT 2010

Posted on March 25, 2011 by Christoffer Steding

The problem with Cisco VPN client is that it will not let you install it from a network location.
To solve this problem I used a script to copy the files to the local computer and then installed it from there.

xcopy Ciscovpn “%TEMP%” /E /C /I /Q /H /R /Y /Z
START /WAIT msiexec /i “%TEMP%\vpnclient_setup.msi” /qb!- Reboot=Suppress

If you want you can use make and model to always have it install if it is a laptop.

Posted in Uncategorized | Leave a comment