If you are prudent sysadmin and keep enabled UAC

It’s recommended never to disable UAC/User Access Control  (there are many instructions to disable it for piracy programs downloaded from the internet, and unfortunately in Mongolia almost all computers even in enterprises have disabled UAC in windows)

The main reason to have enabled UAC is ability for the sysadmin to run installation and system configuration commands without re-login during remote or interactive sessions on asked help workstation. According to the best industrial practices you need to exclude any end user from workstation Local Administrators (depriving rights to install non-authorized programs and change/damage system configurations). If you disabled UAC then there … Read the rest

If you experience problem with pxe to re-image workstation/server thru WDS/windows deployment service

Sometimes you cannot use pxe to boot from WDS and re-image your computer (pxe damaged or you need to re-image in the field far from WDS and office LAN). In this situation you may:

  • export necessary WDS image to wim file
  • you will need 16gb usb flash drive (depends on the size of your customized in WDS system image)
  • create by windows usb tool ordinary Windows 7 USB install disk
  • rename your wim file to install.wim and copy it to USB “sources” folder just replacing existing install.wim file
  • if you now start booting from a such USB disk you will
Read the rest

How to activate thru KMS server recent Enterprise or Pro editions of windows and office.

To activate any Ent, Datacenter, Pro Windows (vista, win7, win8, win8.1, win10, win2008r2, win2012, win2012r2, win2016) or office2010/2013/2016 use installed KMS server:

1. check that you use proper windows (not retail Ultimate, Home edition)

2. find out your KMS cdkey from official Microsoft site: link  for Windows  ; link2 for Windows; link for Office 2013  and link2 for Office2010

3. login to target pc under local admin (on target PC disable firewall)

4. for example if your KMS server has IP address 192.168.0.3 then

For Windows activation:

1. for windows 2008r2 ent

cd c:\windows\system32
c:
cscript slmgr.vbs /ipk 489J6-VHDMP-X63PK-3K798-CPX3Y
Read the rest

Why it is good to use builtin Windows Server Backup on AD Domain Controller

If you intensively use virtualization you may noticed that when you restore very old backup of Domain Controller (just copy of VM or just old backup) you may confront with the problem named “USN rollback”. In this case your restored VM for Domain Controller will not replicate with other Domain Controllers.

The simplest and free way to avoid a such problem is to use for backup builtin WSB/Windows Server Backup – enough to backup only System State, or if you have space BMR/bare metal recovery (allegedly only this Microsoft tool is AD aware backup tool and during restoration deletes/fixes some … Read the rest

If you have problem with trust relationship for your member server or workstation.

Sometime your member server or workstation fails to re-sync Kerberos ticket and shows error for trust relationship :

In this case usually all admins adds this computer to workgroup (removing from AD domain) and re-adds it again to domain. For member servers it’s not always OK.

If you are provident enough you better predict a such scenario and add RSAT/Remote Server Administration Tools to your system image on WDS server, or just install it every time when you format and re-install OS. For member servers just enable RSAT feature, Domain Controllers already have it enabled. If the workstation/member server doesn’t … Read the rest

How to purge everything from shared folder every night

Perhaps you have in company shared folder for exchange of non-confidential large files, temp files and so on.

To clean every night this folder :

  • create on d disk folder stack/buffer or whatever you like,
  • share it
  • schedule bat file with following content:
    rem "Be carefull to be inside of stack folder!!!!"
    cd d:\stack
    d:
    del * /s /q
    for /f "delims=" %%d in ('dir /s /b /ad') do rmdir /s/q "%%d"

IMPORTANT: Be very careful with this script, if you run it in improper place you will delete everything recursively !!!Read the rest

How remotely disable on company AD workstation firewall.

Sometimes you need access remotely and provide help to your end-user, but all your attempts are blocked by remote firewall. Perhaps your Group Policy settings to disable firewall settings don’t work (or even you have opposite setting to enable firewall) or yet not updated on needed workstation. In this situation to avoid visit of user workstation you may do following:

1 way:

  • download psexec
  • on your own admin computer
  • “run as administrator” cmd
  • psxec \\remote-computername cmd
  • now remotely on remote computer
  • run
     netsh firewall set opmode disable

2 way:

Or if you have vPro/AMT access thru out-of-band ip kvm.

3 … Read the rest

Facts about Active Directory to help understand it and properly use.

  1. AD is the basement/heart/glue for all Microsoft (and not only Microsoft) server products. Almost any Microsoft solution is based on AD as a prerequisite. Therefore it’s common misunderstanding and misuse that AD is considered only as side effect (or even as lesser unavoidable evil :)) of implementation of other Microsoft systems like MS Dynamics NAV, Exchange, Lync, Sharepoint. It means you cannot install Exchange without pre-installation and pre-configuration of AD. As a result of a such wrong approach to AD many companies don’t use Active Directory appropriately, some of them completely don’t understand what is the main role of AD
Read the rest