Saturday, March 28, 2009

How to Hide a User Account on the Logon Screen


Maybe you created a user account on your XP computer so your nephew could use it when he was visiting you. Now he's gone home and you really don't want to see that account choice every time you log on to Windows, but you also don't want to just delete the account because he'll probably be back again next year. Here's how to hide an account from the logon screen:

  • Before editing the registry, always back it up just to be safe.

  • Open the registry editor and navigate to the following key:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
Windows NT \ CurrentVersion \ Winlogon \ SpecialAccounts \
UserList

Note: The SpecialAccounts \ UserList keys may not exist on your computer. If they do not, create them.

  • In the right pane, you'll see a list of items that correspond to the user accounts that exist on the computer but are not shown on the logon screen. You'll probably be surprised at how many there are.

  • Right click an empty space in the right pane, select NEW and DWORD value.
    Right click the new value and rename it to the exact name of the user account you want to hide.

  • Close the registry editor.

Now the account name won't show up on the logon screen. You can unhide the account at any time by deleting the registry key you created. Your nephew can still log onto the account while it's hidden. Just press CTRL+ALT+DEL twice in a row at the logon screen and you'll get the logon dialog box that allows you to type in the username.

Note: This tip works for Windows XP, Windows 7, Windows Server 2008 and Windows Server 2008 R2. The SpecialAccounts key may not exist by default, but if you create it as specified above it works a treat!

Additional Note: I've discovered this tip does not work in Windows Vista because Microsoft removed the "Classic Logon" functionality from this OS. You can still hide the account, but you won't be able to logon as this hidden account by pressing Ctrl-Alt-Del twice. You can, however still switch to this account using user account switching.

Thanks to Deb Shinder for the tip!

Friday, March 27, 2009

Exchange Server Remote Connectivity Analyzer


More Exchange 2007 goodness from the Microsoft Exchange Team!

Have you ever installed an Exchange server and wanted to verify your Internet facing services were setup and configured properly? Things like Exchange ActiveSync, AutoDiscover, Outlook Anywhere (RPC/HTTP), and inbound email. Sure there are cmdlets included in Exchange 2007 like test-ActivesyncConnectivity and test-OWAConnectivity, but these tests can only be run inside your network and effectively only test your internal network connectivity. Or what if you get a call or an escalation regarding one of these services not working? How do you verify if just this user or everyone has a problem? And if there is a problem, where do you start troubleshooting? Is it a DNS problem? Is it a certificate problem? Is a port not open on the firewall?

I'd like to introduce you to the Exchange Remote Connectivity Analyzer (ExRCA) tool which can be accessed at https://www.TestExchangeConnectivity.com.

In this version, the tool will allow you to remotely test the following client types and services:

Exchange ActiveSync

  • Windows Mobile 5, 3rd party devices

  • Windows Mobile 6.1+ with AutoDiscover

Outlook Anywhere (aka RPC/HTTP)


  • Outlook 2003

  • Outlook 2007 with AutoDiscover

Inbound SMTP

The tool will simulate the protocol logic used by the specific client and not only tell you if the scenario was successful, but if it fails, it will tell you exactly where in the process it failed as well as try to guide you to the problem resolution.

Read more about the tool and how it works here!

Thursday, March 26, 2009

Breaking the Artificial Database Size Limit in Exchange 2007 Standard Edition


Exchange Server 2007 has a theoretically unlimited database storage capacity. In reality the limit is 16TB, and this limit is the same in both Standard and Enterprise editions. The storage differences between these two editions have to do with the maximum number of storage groups and databases that can be placed on each server.


Exchange 2007 Standard Edition:
Storage Group – up to 5, Database per SG – up to 5, Database limit – 16 TB.

Exchange 2007 Enterprise Edition:
Storage Group – up to 50, Database per SG – up to 50, Database limit – 16 TB.


Even though E2K7 Standard has a hard 16TB database size limit, there is an artificial limit imposed in the registry. The default cap in RTM is 50GB and the default cap in SP1 is 150GB. Here's how to change this artificial limit:

  • Open RegEdit and navigate to:

HKLM \ SYSTEM \ CurrentControlset \ Services \ MSexchangeIS \ servername \ Private-{respective-DB-GUID}

  • Create a new DWORD value "Database Size Limit in Gb"


  • Assign its decimal value (in GB). For example, enter decimal 200 for a 200GB artificial limit.


  • Restart the Microsoft Exchange Information Store service

Note: E2K7 Enterprise Edition does not have an artificial limit.

Note: If the Exchange Server Best Practices Analyzer (ExBPA) finds that the Database Size Limit in Gb value is present and configured, the Exchange Server Analyzer displays a non-default configuration message.

Wednesday, March 25, 2009

How to Invoke the Window Update Dialog from the Command Line

To run the Windows Update client from the command line, run the command WUAUCLT /ShowWU.

This is useful when the Windows Update icon disappears when you click it. Typically, this means that the Windows Update client is corrupt. When you run wuauclt /ShowWU on these machines, it will bring up the Windows Update dialog box above, but it will show some type of error indicating that it could not download updates. Installing the current Windows Update client will fix this.

You can download the latest Windows Update client (7.2.6001.788) from these locations:

Wednesday, March 18, 2009

How To Enable Change Notification On All Site Links


Normally, there are two replication intervals for Active Directory in a Windows domain: Intra-site (replication between DCs in the same site) and Inter-site (replication between DCs in different Active Directory sites).
Intra-site replication is very fast - typically around 15 seconds. This schedule can be configured via the registry using the following values in the HKLM\SYSTEM\CurrentControlSet\Service\NTDS\Parameters key:

Replicator notify pause after modify (secs)It is a REG_DWORD value of 15 by default
Replicator notify pause between DSAs (secs)It is a REG_DWORD value of 3 by default
See Microsoft TechNet (Active Directory Replication Tools and Settings) for a thorough explanation of what these keys do.Inter-site replication is dictated by the schedule associated with the replication connection in Active Directory Sites and Services. Using this GUI you can specify that the connector never replicates or to replicate once, twice or four times per hour.
Note: The inter-site replication schedule runs based on the server startup time. For example, if the DC starts up at 12:10pm and the replication connector's schedule is set to twice per hour, replication on this connector will occur at 12:10pm, 12:40pm, etc.
But what if you want Intersite replication to occur more frequently than every 15 minutes? For this, you must enable Change Notification on the Active Directory site link. How you do this depends on which OS is on your DC.

For Windows 2003 Domain Controllers:
  • Open ADSIEdit.msc (in the Windows Support Tools) as a Domain Admin
  • Open the Configuration naming context
  • Navigate to Sites > Inter-Site Transports > IP
  • Right-click the siteLink to modify in the results pane and click Properties
  • Locate the options attribute and edit the value from 0 to 1
  • Click OK and repeat for other siteLinks, as necessary.

For Windows 2008 and Windows 2008 R2 Domain Controllers:
You can use the same method as Windows Server 2003 DCs or you can edit the values directly from AD Sites and Services, as follows.
  • Locate the Inter-Site Transport site link to modify, typically DEFAULTIPSITELINK, in AD Sites and Services
  • Right-click the site link and choose Properties
  • Click the Attribute Editor tab
  • Locate the options attribute and edit the value from 0 to 1
  • Click OK and repeat for other Site Links, as necessary.
I also wrote two VBScripts for displaying and configuring Change Notification:
  • DisplayChangeNotification.vbs displays the current value of the options attribute on each site link in the Active Directory domain where it is run.
  • EnableChangeNotification.vbs will enable Change Notification on all site links in the Active Directory domain where it is run by changing the options value to 1.
Both scripts are in the ChangeNotificationScripts.zip file, located here.

Friday, March 13, 2009

The TechEd 2009 Bag

With the cancellation of the TechEd Attendee party this year, no snacks or bottled water last year (until everyone complained), and drastically reduced attendance, what's next? Reusable eco-bags in place of the traditional TechEd backpack?

Hopefully they'll still have shuttles to the conference center or we'll have to start carpooling.

UPDATE: A photo of the real TechEd 2009 bag can be found here.

Thursday, March 12, 2009

TechEd 2009: ClusterFunk!


Now that we've all learned that the Microsoft TechEd 2009 Attendee Party is kaput, I can give you some happier TechEd 2009 party news.

Double-Take Software will be hosting ClusterFunk, an awesome band made up of Double-Take employees and owners, Tuesday night. They play covers from the 70s through today and their musical brew blends bold, strident guitar power and cutting-edge jam sessions to create a medley that stands head and shoulders above your average cover band.

I haven't missed any of their TechEd shows and the folks at Double-Take always put on a great party!


Date:
Tuesday May 12th 8 p.m. to Midnight

Location:
The Conga Room at LA Live
800 West Olympic Boulevard
Suite A169 and A260
Los Angeles, CA 90015

Registration information COMING SOON! Watch this space for more details. I'll let you know when registration is open. Looks like a real happenin' place!

TechEd 2009: No Party for You!


According to folks over at TechEd Connect, Microsoft has cancelled the Thursday night attendee party this year, and boy are they pissed! This is the first time this has happened in the 16 year history of TechEd.

The official Microsoft email informing us of the cancellation reads:

"We have made a change to previously published agendas. The attendee party will no longer take place, however we are planning an alternative social gathering which will continue to provide a great opportunity for attendees to network with each other in a fun social setting. Additionally this year you will receive a full copy of Windows 7 and Windows Server 2008 R2 when released to market as part of registration."

According to the Microsoft TechEd website, Thursday's agenda shows "8:00 PM–Midnight Evening social activity – Futher details to come." (Their mispelling of "Futher", not mine.)

Is this another tale about the sad state of the economy or just another way to cut costs to increase the bottom line? Either way, I say it's bad form to advertise it for months as a reason to attend and then cancel it after thousands have bought their passes.

At least we have the ClusterFunk party to look forward to.

What do you think? Post a comment below.

Tuesday, March 10, 2009

How to Install Windows 7 from a USB Stick


Helmer Zandbergen is a Dutch IT pro who wrote an excellent article that explains how to how to install Windows 7 from a USB stick in 11 easy steps.

All you need is a PC with USB boot-support (any modern PC), Windows 7 installation files, and a USB stick with at least 4 GB free space.

I used this method to install Win7 on my new Asus Eee PC 1000HE netbook and it works great!

  • Plug in your USB stick
  • Open Command Prompt with admin rights (Start –> enter cmd –> press CTRL-SHIFT+ENTER and click Yes at the UAC prompt)
  • Run Diskpart by typing diskpart and press enter
  • Now type List disk (and press enter). My USB stick is Disk 2.
  • Enter the following commands, where I assume that your USB stick is also Disk 2. If your USB stick is Disk 5, just use Disk 5 instead of my Disk 2! Enter the following commands one by one, each followed by Enter:

Select Disk 2

Clean

Create Partition Primary

Select Partition 1

Active

Format FS=FAT32 (depending on the size of your USB stick this can take a moment)

Assign

Exit

  • Now copy the entire content of your Windows 7 DVD (or Windows 7 source folder, if you extracted the ISO) to the root of your USB stick.
  • Now we still have to make the USB stick bootable. Note: If you are currently running a 64-bit OS and the source (on the USB stick) is 32-bit, you can’t run the following command. Just be sure the source (on the USB stick) and the currently running OS are of the same type!
  • In the Command Prompt (which you didn’t close, I hope) type P: (the drive letter of your USB stick) followed by Enter
  • Type CD\Boot followed by Enter
  • To create a bootsector on the USB stick enter Bootsect /NT60 P: (your USB drive letter) followed by Enter.
  • Reboot your PC and change the boot order (in the BIOS) if needed, so the USB stick is first in the boot order.

Thursday, March 5, 2009

Changing the Default Users and Computers Containers in AD

In Active Directory, the default container for user objects is the Users container and the default container for computer objects is the Computers container.

If you create user or computer objects programmatically and do not specify a target OU, the objects will be created in their default container. Also, whenever you join a new computer to the domain the computer object will always be created in the default Computers container, unless you pre-stage the computer object in an OU.

It's important to note that the Computers and Users containers are just that, containers. They are not OUs. Consequently, you cannot apply Group Policy objects directly to these containers. These containers will, however, inherit GPOs from parent objects, such as the Default Domain Policy.

A lot of my customers have large OU structures where user and computer objects are always placed in specific OUs so that the objects get the correct GPOs. Typically, the default Users and Computers containers are empty for these customers. Even so, user or computer objects will sometimes be created in the default containers for various reasons. This can cause problems for these objects because GPOs are not applied correctly.

Here's how to change the default container that Active Directory will use for new user and computer objects:

  • Log into a Domain Controller (Windows Server 2003, 2008 or 2008 R2) as a Domain Admin
  • Open a CMD prompt
  • To change the default container for user objects, enter:

ReDirUsr Container-DN

where Container-DN is the distinguished name of the container that will become the default location for newly created user objects.

For example:

ReDirUsr "OU=Managed Users,DC=mydomain,DC=com"

  • To change the default container for computer objects, enter:

ReDirCmp Container-DN

where Container-DN is the distinguished name of the container that will become the default location for newly created computer objects.

For example:

ReDirCmp "OU=Managed Computers,DC=mydomain,DC=com"

Please note that the domain functional level must be at least Windows Server 2003 for these commands to work.

Tuesday, March 3, 2009

Add RunAs Functionality to Windows Server 2008 for All Users


You may be aware that Windows Server 2008 does not allow you to "Run As a Different User", only "Run As Administrator."

You may also be aware of ShellRunAs, by Sysinternals. ShellRunAs adds command-line RunAs funtionality to the context menu of executable programs. Once installed using the command "ShellRunAs /reg", you can right-click on any program, select "Run as a different user," and enter the credentials of the user you want to run the program as.

This RunAs functionality allows you to logon to a server with low level permissions and still run programs that require higher permissions, thereby keeping your server safe and happy.

The only problem with ShellRunAs is that it is a per user installation. That means that it needs to be "installed" for each user on the server. This is because "ShellRunAs /reg" actually updates the registry for the current user (HKCU) hive. This can be a real problem for servers where a lot of different people logon, such as a Terminal Server.

So how do you provide this functionality for all users on the server? Read on to find out how.

  • Download ShellRunAs from Sysinternals and extract ShellRunAs.exe to %SystemRoot%\System32

  • Use Notepad to create a reg file called ShellRunAs.reg with the following content:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Classes\lnkfile\Shell\Run as different user...\Command]
@="\"C:\\Windows\\System32\\ShellRunas.exe\" \"%1\" %*"

[HKEY_LOCAL_MACHINE\Software\Classes\SystemFileAssociations\.exe\Shell\Run as different user...\Command]
@="\"C:\\Windows\\System32\\ShellRunas.exe\" "%1\"%*"

[HKEY_LOCAL_MACHINE\Software\Classes\SystemFileAssociations\.msc\Shell\Run as different user...\Command]
@="\"C:\\Windows\\System32\\ShellRunas.exe\" \"%1\" %*"

  • Finally, double-click the ShellRunAs.reg file to import it into the registry.

Now right-click an application or program and you will see the new "Run as a different user" menu option. Best of all, it will work for all users on the server without having to register it for each user.

Note: When a user selects Run as a different user for the first time, they will have to accept the end user license agreement. This only happens once because the EULA acceptance is written to the HKCU hive for each user.

By the way, this Run as a different user and Run as Administrator functionality is native in Windows Server 2008 R2.