Author Archives: Munkhtuvshin Baatar

How for free start to monitor what your users print on company printers

Small and free Paper Cut program is very easy to install and start to use to collect information about who, when, from what workstation and how many pages printed. Program works as a service and it seems that program intercepts from spooler service all information for own reports or maybe just parses event log? Surely if you have scripting skills you will get almost the same information for free from EventLog after parsing by script – but this program is easier to setup and configure.

One more recommendation – even for network printers with NIC better to install such printers … Read the rest

If you are prudent sysadmin and keep enabled UAC

It’s recommended never to disable UAC/User Access Control  (there are many instructions to disable it for piracy programs downloaded from the internet, and unfortunately in Mongolia almost all computers even in enterprises have disabled UAC in windows)

The main reason to have enabled UAC is ability for the sysadmin to run installation and system configuration commands without re-login during remote or interactive sessions on asked help workstation. According to the best industrial practices you need to exclude any end user from workstation Local Administrators (depriving rights to install non-authorized programs and change/damage system configurations). If you disabled UAC then there … Read the rest

If you experience problem with pxe to re-image workstation/server thru WDS/windows deployment service

Sometimes you cannot use pxe to boot from WDS and re-image your computer (pxe damaged or you need to re-image in the field far from WDS and office LAN). In this situation you may:

  • export necessary WDS image to wim file
  • you will need 16gb usb flash drive (depends on the size of your customized in WDS system image)
  • create by windows usb tool ordinary Windows 7 USB install disk
  • rename your wim file to install.wim and copy it to USB “sources” folder just replacing existing install.wim file
  • if you now start booting from a such USB disk you will
Read the rest

How to activate thru KMS server recent Enterprise or Pro editions of windows and office.

To activate any Ent, Datacenter, Pro Windows (vista, win7, win8, win8.1, win10, win2008r2, win2012, win2012r2, win2016) or office2010/2013/2016 use installed KMS server:

1. check that you use proper windows (not retail Ultimate, Home edition)

2. find out your KMS cdkey from official Microsoft site: link  for Windows  ; link2 for Windows; link for Office 2013  and link2 for Office2010

3. login to target pc under local admin (on target PC disable firewall)

4. for example if your KMS server has IP address 192.168.0.3 then

For Windows activation:

1. for windows 2008r2 ent

cd c:\windows\system32
c:
cscript slmgr.vbs /ipk 489J6-VHDMP-X63PK-3K798-CPX3Y
Read the rest

Why it is good to use builtin Windows Server Backup on AD Domain Controller

If you intensively use virtualization you may noticed that when you restore very old backup of Domain Controller (just copy of VM or just old backup) you may confront with the problem named “USN rollback”. In this case your restored VM for Domain Controller will not replicate with other Domain Controllers.

The simplest and free way to avoid a such problem is to use for backup builtin WSB/Windows Server Backup – enough to backup only System State, or if you have space BMR/bare metal recovery (allegedly only this Microsoft tool is AD aware backup tool and during restoration deletes/fixes some … Read the rest

If you have problem with trust relationship for your member server or workstation.

Sometime your member server or workstation fails to re-sync Kerberos ticket and shows error for trust relationship :

In this case usually all admins adds this computer to workgroup (removing from AD domain) and re-adds it again to domain. For member servers it’s not always OK.

If you are provident enough you better predict a such scenario and add RSAT/Remote Server Administration Tools to your system image on WDS server, or just install it every time when you format and re-install OS. For member servers just enable RSAT feature, Domain Controllers already have it enabled. If the workstation/member server doesn’t … Read the rest

How to purge everything from shared folder every night

Perhaps you have in company shared folder for exchange of non-confidential large files, temp files and so on.

To clean every night this folder :

  • create on d disk folder stack/buffer or whatever you like,
  • share it
  • schedule bat file with following content:
    rem "Be carefull to be inside of stack folder!!!!"
    cd d:\stack
    d:
    del * /s /q
    for /f "delims=" %%d in ('dir /s /b /ad') do rmdir /s/q "%%d"

IMPORTANT: Be very careful with this script, if you run it in improper place you will delete everything recursively !!!Read the rest

How remotely disable on company AD workstation firewall.

Sometimes you need access remotely and provide help to your end-user, but all your attempts are blocked by remote firewall. Perhaps your Group Policy settings to disable firewall settings don’t work (or even you have opposite setting to enable firewall) or yet not updated on needed workstation. In this situation to avoid visit of user workstation you may do following:

1 way:

  • download psexec
  • on your own admin computer
  • “run as administrator” cmd
  • psxec \\remote-computername cmd
  • now remotely on remote computer
  • run
     netsh firewall set opmode disable

2 way:

Or if you have vPro/AMT access thru out-of-band ip kvm.

3 … Read the rest