Cannot Add a Site to Trusted Sites

I ran into a weird problem today with a Windows Server 2003 SP2 server, where I could not add a site to the Trusted Sites zone. The error I got was, "There was an unexpected error with your zone settings. Unable to add this zone."

To fix the issue, enable Internet Explorer Enhance Security Configuration in Add/Remove Windows Components, add the desired site to the Trusted Sites zone, and then disable Internet Explorer Enhance Security Configuration again. That seems to fix the corruption in the Trusted Sites zone information. Future sites can then be added without issue.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Fix for Large Framework.log files

The WMI service maintains text log files for all operating systems earlier than Windows Vista and Windows Server 2008. These log files are stored in the %SystemRoot%\System32\WBEM\Logs folder. The log files include:

• Wbemcore.log


• Wbemess.log


• Mofcomp.log


• Wmiadap.log


• Wbemprox.log


• Framework.log


• Winmgmt.log

Most of these log files are configured to automatically wrap every 64KB. When the log file reaches this limit, it is renamed to logfile.lo_ and a new log file is created. Unfortunately, this does not happen with the Framework.log file - it will continue to grow indefinitely. This came to light recently at a client site when the backup team noticed that this file was taking a very long time to back up on Exchange servers. The Framework.log files on these servers exceeded 800MB.

Microsoft wrote a TechNet support article, "The Framework.log file grows larger than 64 KB when you use WMI on a Windows Server 2003 or Windows XP computer," which explains that this is due to permissions problem with the Network Service. As the article explains, the fix is to grant the Network Service account the Delete right on the %SystemRoot%\System32\WBEM\Logs folder.

Here's how to do this for all machines in the domain using Group Policy:

1. Edit the appropriate Group Policy object for the managed computers. I used the Default Domain Policy.
   
2. Navigate to Computer Configuration, Windows Settings, Security Settings, File System
   
3. Right-click File System and select Add File...
   
4. Navigate to the %SystemRoot%\System32\WBEM\Logs folder and click OK. A security window will appear.
   
5. Add the LOCAL SERVICE and NETWORK SERVICE accounts, giving both accounts only Read and Write permissions.
   
6. Click the Advanced button.
   
7. Clear the "Inherit from parent the permission entries that apply to child objects" checkbox.
   
8. Select the NETWORK SERVICE account and click Edit.
   
9. Check Delete under the Allow column and click OK. Repeat for the LOCAL SERVICE account.
   
10. Click OK four times to close all the dialog boxes.

The new security settings will be enforced on target computers on the next Group Policy refresh. After that, the large Framework.log file will be renamed to Framework.lo_ and a new Framework.log file will be created. Once that new logfile grows beyond 64KB it will replace the large file.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to Delegate the Right to Unlock User Accounts

In order to delegate the right to unlock locked user accounts to a user or group in Active Directory, you first need to make the right visible in Active Directory Users and Computers (ADUC).

The %windir%\System32\dssec.dat file contains all the rights attributes that can be exposed in ADUC. These rights attributes are grouped under headings surrounded by square brackets, such as [user] or [computer]. Each attribute is assigned a value (filter) as follows:

0 - Read and Write is exposed
1 - Write is exposed
2 - Read is exposed
7 - Hide the attribute

To modify the filter, open dssec.dat in Notepad. Find the lockoutTime attribute under the [user] heading. Be careful to select the [user] heading, as there's another lockoutTime attribute under [computer]. Change the value of the filter from 7 to 0 (lockoutTime=0) and save the changes.

To delegate the right right to unlock user accounts in ADUC:

1. Right-click the OU or domain in Active Directory Users and Computers and select Delegate Control from the context menu
2. Click Next on the Welcome dialog
3. Click Add to select the user or group and click OK
4. Click Next
5. Select Create a custom task to delegate and click Next
6. Select Only the following objects in the folder. In the list, check User objects and click Next
7. Clear the General checkbox and check the Property-specific box
8. Check both the Read lockoutTime and Write lockoutTime boxes and press Next
9. Click Finish

Note: You only need to edit the dssec.dat file on the computer where you are performing the delegation. You do not need to modify it from any other machine, including the one where the user administration will occur.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Fallback Printer Drivers in RDP and Terminal Server Sessions

Microsoft Remote Desktop Connection provides the ability for users to use the printers installed on their local computer within a Terminal Server session. This behavior is enabled by default, and can be changed in MSTSC (the Remote Desktop Connection client) in Options, Local Resources tab, Printers.

In order for this to work, a printer driver must be installed on the Terminal Server that matches the driver installed on the local computer. This is problematic, since you can't always be sure which printer is installed on connecting computers. If there is no matching printer driver on the server, the user will be unable to print to that printer within the RDP session. You will also see an error in the System Event Log similar to the following when the user
logs into the Terminal Server:

Event Type: Error
Event Source: TermServDevices
Event Category: None
Event ID: 1111
Date: 7/8/2008
Time: 12:51:15 PM
User: N/A
Computer: HOFS01
Description:
Driver HP LaserJet 4250 PCL 5e required for printer !!SERVER1! NetPrinter2 is unknown. Contact the administrator to install the driver before you log in again.

To handle this issue without having to install tons of drivers on your server, you can tell the server to use a "fallback printer driver." If the exact driver is not installed, the server will offer a fallback PCL or PS driver (or both) to use instead. This is configured in Group Policy as shown below. Note that this requires Windows Server 2003 SP1 or later.

For Windows Server 2003, open Group Policy and navigate to Computer Settings, Computer Configuration, Administrative Templates, Windows Components, Terminal Services, Client/Server data redirection, and configure the Configure Terminal Server Fallback Printer Driver Behavior option.

For Windows Server 2008, open Group Policy and navigate to Computer Configuration, Policies, Administrative Templates, Windows Components, Terminal Services, Terminal Server, Printer Redirection and configure the Specify Terminal Server Fallback Printer Driver Behavior option.

Configure the Terminal Server Fallback Printer Driver Behavior to Enabled, Show both PCL and PS if one is not found, as shown below.

When a client logs into the Terminal Server, you will now see the following event in the System Event Log and the client will be able to use their printer.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Managing Printers from the Command Line

I came across this handy way to manage printers from the command line. This makes it really easy to add, delete or change printers from logon scripts and batch files.

rem /y makes printer default

rundll32 printui.dll,PrintUIEntry /in /n file://server/printername
rundll32 printui.dll,PrintUIEntry /in /n file://server/nextprintername /y

If you're wondering what else you can do with the printui.dll, just enter the following at the command line to bring up the command reference, as shown above:

rundll32 printui.dll,PrintUIEntry /?

Good stuff!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

New Certifications

May 2008 was a busy month for me.

In addition to writing a book, I passed five exams in the first three weeks and earned my MCITP:Enterprise Messaging Administrator (the premier Exchange 2007 administrator certification) and three MCTS certifications (SCOM 2007, ForeFront and Exchange 2007).

That makes 34 exams in a row that I've passed without failing, including my CISSP. Yes!! The streak remains unbroken!

I've put together a certifications page that lists the current certifications that I hold, which I'm rather proud of.

Tomorrow I'm off to TechEd and I can't wait! I'll be blogging at least once a day while I'm there. Check my blog all week. If you're going to TechEd yourself, I might meet you at the TechEd Blogger Ultra Lounge. See you there!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Comprehensive List of WSUS Error Codes

I came across a web page a long time ago that lists all(?) of the cryptic WSUS error codes, such as 0x0000041D. This is extremely helpful when troubleshooting WSUS logs and WindowsUpdate.log files. I've found that it's helpful for lots of other Microsoft products, as well! I saved it as a portable MHT file that you can download.

If I could remember where I found this, I would gladly give them credit.

Please to enjoy. WSUS Error Codes

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to Enable RDP Remotely on XP Computers

In a previous article I explained how to enable Remote Desktop access on a remote computer.

I've noticed that these steps do not work on Windows XP computers. It turns out that you need to set two registry keys:

• HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections should be changed from 1 to 0 (zero)
• HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections should be changed from 1 to 0 (zero)

The first setting enables the RDP protocol on the computer to listen on TCP port 3389. The second setting allows users to login via Remote Desktop. Both settings go into effect immediately and do not require a restart.

Note: If the second setting is not changed to 0 you will get a logon message saying, "Unable to log you on because of an account restriction." You will also get this same logon message if you attempt to logon via RDP with an account that has a blank password. The account you use must have a password to logon using Remote Desktop.

I wrote a batch file that will easily enable or disable Remote Desktop on a remote machine. The syntax is: RDP [computername] [ON | OFF]. Copy the code below and save it as RDP.BAT somewhere in your system path (I use C:\Windows).

---Begin Code---

@echo off
SET RemoteComputer=%1
SET RemoteComputer=%RemoteComputer:\=%
if /i "%2"=="on" goto EnableRDP
if /i "%2"=="off" goto DisableRDP
goto Syntax

:EnableRDP
REG ADD "\\%RemoteComputer%\HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services" /v fDenyTSConnections /t REG_DWORD /d 0 /f
if ERRORLEVEL==1 goto Error
REG ADD "\\%RemoteComputer%\HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
echo.
echo Remote Desktop has been enabled on %RemoteComputer%
goto End

:DisableRDPREG ADD "\\%RemoteComputer%\HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services" /v fDenyTSConnections /t REG_DWORD /d 1 /f
if ERRORLEVEL==1 goto Error
REG ADD "\\%RemoteComputer%\HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
echo.
echo Remote Desktop has been disabled on %RemoteComputer%
goto End

:Error
echo.
echo ======================================================================
echo Make sure the remote computer is online and you have sufficient rights
echo to modify its registry.
echo ======================================================================
echo.

:Syntax
echo.
echo RDP enables or disables Remote Desktop on a remote computer
echo Visit http://www.expta.com for details
echo.
echo RDP [computername] [ON ^| OFF]
echo.
echo ON - Disable RDP on the remote computer
echo OFF - Enable RDP on the remote computer
echo.

:End
SET RemoteComputer=

---End Code---

Note that if Group Policy is configured to disable Remote Desktop (Computer Configuration Administrative Templates Windows Components Terminal Services Allow users to connect remotel using Terminal Services) the HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections setting will revert back to 1 after a Group Policy refresh.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Create a Saved Query that Displays Group Members

Saved Queries in Active Directory Users and Computers (ADUC) allow you to create simple or advanced LDAP queries against the Active Directory that can be saved, reused and edited. Examples might be a query displaying all locked out users in the domain or all the users who have a mailbox on a particular Exchange server and have the word "Manager" in their title.

A client I worked with needed a query that displayed all the members of a certain (large) group. This would allow him to select all the users at once and move their mailboxes to another server.

Try as he might, he couldn't get the query to display the group's members. It turns out this is because the group name must be entered using its distiguished name. Here's how to do it:

• Use ADSIEdit.msc (in the Windows Support Tools) and navigate to the group


• View the properties of the group to reveal the distinguishedName attribute value and copy it to the clipboard (shown above)


• Open ADUC, right-click Saved Queries and select New query


• Enter a name for your query, "Accounting Group Members"


• Click the Define Query button


• Select Users, Contacts, and Groups from the Find: dropdown list


• Click the Advanced tab


• Click Field User Member of


• With the condition of "is (exactly)", paste the group's distinguishedName into the Value field and click Add


• Click OK twice to complete the query

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

And there was great rejoicing

Mark Rossinovich (Computer God Extraordinaire) released a free Microsoft plugin that provides right-click Run-as functionality for any application.

• Download ShellRunas v1.0 from http://technet.microsoft.com/en-us/sysinternals/cc300361.aspx


• Extract ShellRunas.exe to your C:\Windows folder


• Run ShellRunas /reg from the command line to register it in the Windows shell

Now when you right-click any application a Run as and Run as different user option will be displayed in the actions menu. Sweet!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Using SMS Trace to View Log Files

I wind up looking at a lot of text logs during troubleshooting. While opening a log in Notepad is quick, it’s also tough to look at a lot of log entries that way. I use the SMS Trace log viewer from the Configuration Manager 2007 Toolkit.

With it, you can easily:

• Find any log line with a specific text


• Highlight lines with specific text


• Filter out lines that contain text to reduce the volume of what you see

Lines with the word "warning" are automatically highlighted in yellow and lines with the word "error" are highlighted in red. It even updates the log every 500 milliseconds to get new entries, which you can adjust.

The System Center Configuration Manager 2007 Toolkit is available here. There is an exe which unpacks to two msi packages. Use the CcmTools.msi which installs the core tools.

When you launch the SMS Log Viewer for the first time, it will prompt you with:

Do you want to make SMS Trace the default log viewer?

I always make it my default viewer.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

New Microsoft Certifications for 2008

As you may know, Microsoft has revamped its certifications this year. These changes bring up a lot of questions about past and present certifications, so I'm writing this to hopefully clear up some confusion.

First, the MCP, MCSA, and MCSE certifications are not being continued with the 2008 product line. However, these certifications are not being removed -- if you're an MCSE on 2000/2003, you're still an MCSE. The MCSE 2003 exams will not be retired until mainstream support for Windows 2003 ends. Considering most of the work I’ll do over the next couple of years will involve 2003 servers and migrations, it's still very relevant that to have an MCSE 2003 certification in addition to the new 2008 certifications.

The new certifications favor specialization -- depth, not breadth. These are the Microsoft Certified Technology Specialist (MCTS) certs. In the past, if you passed any Microsoft exam you became a Microsoft Certified Professional (MCP). Microsoft heard from hiring managers that they couldn't tell if an MCP had the skills they were looking for, so they decided to create certifications based on specific abilities and technologies. For example, you can become an MCTS: Windows Vista Configuration or MCTS: Managing Projects with Microsoft Office Project 2007.

The MCSA/MCSE certifications are being replaced with the Microsoft Certified Information Technology Professional (MCITP) certs. These are based more on job role than specialized in a particular technology (although you need to have MCTS certifications to get your MCITP). MCSA maps to the new MCITP: Server Administrator and MCSE maps to the new MCITP: Enterprise Administrator. There are also some specialty MCITPs, such as MCITP: Messaging Administrator, Database Administrator, Database Developer, etc. If you're interested in upgrading your MCSE to the new 2008 certifications, the MCITP: Enterprise Administrator is the premier certification you should work toward.

The following exams are required to earn an MCITP: Enterprise Administrator:

• 70-640: TS: Windows Server 2008 Active Directory, Configuring


• 70-642: TS: Windows Server 2008 Network Infrastructure, Configuring


• 70-643: TS: Windows Server 2008 Applications, Configuring


• 70-620: TS: Windows Vista, Configuring -or- 70-624: TS: Deploying and Maintaining Windows Vista Client and 2007 Microsoft Office System Desktops


• 70-647: PRO: Windows Server 2008, Enterprise Administrator

If you have a current MCSE 2003 certification you're eligible to take an upgrade exam, 70-649: TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist. This single exam takes the place of 70-640, 70-642 and 70-643. Then, to get your MCITP certification you must take 70-620 or 70-624, and the 70-647 PRO: Enterprise Administrator exams.

If you’re still working toward your MCSE 2003 from MCSE 2000, be aware that the MCSE 2003 upgrade exams, 70-292 and 70-296, are being retired on March 31, 2008.

Note: The 70-647: PRO: Windows Server 2008, Enterprise Administrator exam has not been released yet. It's still in beta through the end of January and will hopefully be released around March 2008. I'm taking the beta exam today, but won't know if I passed for up to 12 weeks(!)

Other notes about the exams and certifications:

• All exams are administered by Prometric. It's pretty easy to schedule, reschedule or cancel an exam from their website.


• You will know the results immediately after taking the exam. Passing score is 700 out of 1000.


• Exams are between 55-65 questions and you are given about 2.5 hours, depending on the exam


• Most questions are multiple choice or pick the two correct answers. Usually there's a couple of drag and drop or click the right area questions.


• The MCSE certification is no longer being used in future certifications. The term "Engineer" is a protected term used by several nations and states. Microsoft was sued in 12 countries and admonished in several states for use of this designation.


• MCSE certifications are not being retired and will remain on your transcript indefinitely


• MCTS/MCITP certifications expire and are removed from your transcript when the technology is no longer generally supported by Microsoft


• MCITP certifications must be renewed every three years


• Exams can be taken in any order, but Microsoft recommends taking the required MCTS exams before the MCITP exam

Microsoft has several resources on the web that describe the certifications beyond what I've covered here, and provide an overview of the knowledge you should have to take the exams.

• Microsoft Certifications Overview


• Preparation Guide for Exam 70-649


• Number of Microsoft Certified Professionals Worldwide


• Get a second chance to pass your Microsoft Certification exam—free offer!

What are your thoughts on the new certification framework? Leave your comments below!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

DEP and Virtual Machines

Data Execution Prevention (DEP) is a security feature included in all versions of Windows since XP SP2. It’s intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow, for example.

DEP runs in two modes: Hardware-enforced DEP for CPUs that support it, and software-enforced DEP for CPUs that don’t. Software DEP is performed by the operating system, and as such, has a (small) performance hit.

It may make sense to disable DEP in virtual machines (especially test VMs) to eek out a little more performance. Read on for an explanation of how to do this.

Software DEP configuration is controlled through switches in the Boot.ini file.

There are four options to set the DEP mode are:

• OptIn - Enables DEP only for OS components, including the Windows kernel and Windows drivers. Administrators can enable DEP for selected executable files with the Application Compatibility Toolkit (ACT).
  
• OptOut - Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. However, administrators can disable DEP on selected executable files with the Control Panel System applet.
  
• AlwaysOn - Enables DEP for the OS and all processes, including the Windows kernel and Windows drivers. All attempts to disable DEP are ignored, and all DEP configuration options are disabled.
  
• AlwaysOff - Disables DEP. Attempts to enable DEP selectively are ignored, and the DEP GUI is disabled.

In Windows Server 2008 and Vista, you use bcdedit to set the DEP mode. The DEP configuration can be viewed using the bcdedit /enum osloader /v command. To configure DEP, use the /set nx switch. For example, to set the currently booted OS to DEP AlwaysOff, you would use the command:

bcdedit /set nx AlwaysOff

You configure DEP in other operating systems from the Advanced tab Performance Settings of the System Control Panel applet.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Call Me Certifiable

This morning I passed the TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist exam (70-649) with a perfect score of 1000. Peesacake exam. Now I get to add another logo and more alphabet soup to my resume.

The exam was 55 questions divided into three sections. The time allotted for the exam was 2 hours, 15 minutes. I spent 32 minutes including the NDA, section reviews and commentary sections. Anyone with a current MCSE and Windows Server 2008 experience should have no trouble with this exam. Good luck!

-----------------

On a side note, Prometric (the sole Microsoft testing center) sucks. They weren't going to let me take the exam because I wasn't on their "list" to take the exam today. I showed them my confirmation page and had to get a manager to confirm that one of the computers was setup for my test. This happened to me a few years ago when I was going for my 2000 MCSE and I wasn't able to take the test. I would not have been a happy camper if that had happened again!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

2008 Scripting Games

February 15 - March 3, 2008

The third annual Scripting Games are coming to the Microsoft Script Center February 15 – March 3, 2008. Mark your calendars now, this will be the biggest scripting competition of the year.

I won my very own Dr. Scripto bobblehead doll at last year's TechEd in Orlando. I can't wait to compete for a matching set!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to Overcome Windows Protected Groups Permissions Problems

Windows Active Directory protects certain built-in groups from ACL modifications. The purpose of this is to prevent these groups, and their members, from becoming inaccessible by applying restrictive permissions to them. For example, an administrator my accidentally (or maliciously) assign Deny All permissions to the Domain Admins group. Doing so will prevent the Domain Admins group members from managing the domain.

To fix this condition, the AdminSDHolder process reapplies default ACL permissions to all protected groups. This background occurs roughly once per hour. A side affect of this is that it removes the permissions inheritance attribute from all AD objects that are members of these protect groups. Membership is transitive, meaning that a user may be a member of a group that is a member of a protected group and will be affected by this process. A common side effect of this behavior is that affected users cannot change properties of their user object in AD or reset their own passwords using ADUC.

As a resolution you can modify the ACL permissions on the AdminSDHolder container in the System container of the domain. The ACL permissions applied to the AdminSDHolder container act as the "template" that is applied to all Windows Protected Groups.

The protected groups in Windows 2000 are:

• Enterprise Administrators
• Schema Administrators
• Domain Administrators
• Administrators

The protected groups in Windows Server 2003 and in Windows 2000 after you apply KB327825 or Service Pack 4 are:

• Administrators
• Account Operators
• Server Operators
• Print Operators
• Backup Operators
• Domain Administrators
• Schema Administrators
• Enterprise Administrators
• Cert Publishers

In addition, the following users are also considered protected:

• Administrator
• Krbtgt

The following steps explain how to modify the permissions on this container to allow members of these groups to modify their own attributes and reset their passwords using ADUC.

• Run Active Directory Users and Computers (ADUC) with Domain Admin rights


• View advanced features by selecting Advanced Features from the View menu


• Select the System container in the selected domain


• Right-click the AdminSDHolder container and select Properties


• Click the Security tab and the Advanced button


• Under Permission Entries select SELF and click Edit


• Assign SELF Full Control permissions. Click OK.


• Click OK to close the Advanced Security Settings for AdminSDHolder window


• Click OK to close the AdminSDHolder Properties window

The new settings will propagate to all members of the Windows Protected Groups the next time the AdminSDHolder background process runs (about an hour).

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Restart Script, Part Deux

In a previous post I listed a batch file that will restart a given service, either on the local machine or a remote one. I rewrote the script to include processing for multiple computers. Simply create a file named "computers.txt" in the folder where you run RESTART.BAT from. Add each remote computer, one per line, to the computers.txt file.

Syntax for RESTART.BAT is: RESTART [\\Computer -OR- COMPUTERS.TXT] ServiceName

@echo off
If "%1" == "" Goto Syntax
If "%1" == "?" Goto Syntax
If "%1" == "/?" Goto Syntax
If "%2" == "" Goto RunLocal
If /I "%1" == "computers.txt" Goto RunMultiple
Goto RunRemote

:RunMultiple
FOR /F "tokens=1" %%i in (computers.txt) do Call :MRunRemote %%i %2
Goto End

:MRunRemote
echo %1 Find "\\" > nul
If %ERRORLEVEL% == 1 Goto Syntax
echo.
echo Working on %1...
sc %1 query %2 Find "."
If %ERRORLEVEL% == 0 Goto :End
sc %1 qc %2 Find "DISABLED" > nul
If %ERRORLEVEL% == 0 echo The requested restart is not valid for this service. & Goto :End

:MStopLoop
echo The %2 service is stopping...
sc %1 stop %2 > nul find "started" > nul
If %ERRORLEVEL% == 0 Goto :MStopLoop
echo The %2 service was stopped successfully.
echo.
echo The %2 service is starting...

:MStartLoop
sc %1 start %2 find "running" > nul
If %ERRORLEVEL% == 0 Goto :MStartLoop
echo The %2 service was started successfully.
Goto :EOF

:RunRemote
echo %1 Find "\\" > nul
If %ERRORLEVEL% == 1 Goto :Syntax
sc %1 query %2 Find "."
If %ERRORLEVEL% == 0 Goto :End
sc %1 qc %2 Find "DISABLED" > nul
If %ERRORLEVEL% == 0 echo The requested restart is not valid for this service. & Goto :End

:StopLoop
echo The %2 service is stopping...
sc %1 stop %2 > nul find "started" > nul
If %ERRORLEVEL% == 0 Goto :StopLoop
echo The %2 service was stopped successfully.
echo.
echo The %2 service is starting...

:StartLoop
sc %1 start %2 find "running" > nul
If %ERRORLEVEL% == 0 Goto :StartLoop
echo The %2 service was started successfully.
Goto :End

:RunLocal
net stop %1 & net start %1
Goto :End

:Syntax
echo.
echo Stops and starts a service on the local or remote computer(s).
echo.
echo Syntax: RESTART [\\Computer -OR- COMPUTERS.TXT] ServiceName
echo.
echo COMPUTERS.TXT is a list of computers to run against. The file must exist
echo in the same working directory. Each computer must begin with \\ and be on
echo its own line.

:End
echo.

Please let me know if you find this useful.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to Enable Remote Desktop from a Remote Machine

[Note: Also see my other article that explains how to enable Remote Desktop for Windows XP computers]

Have you ever tried to connect to a server or workstation via RDP, but can’t because Remote Desktop isn’t enabled? Here’s how you can enable Remote Desktop remotely.

The following procedures assume that you have administrator rights on the target machine.

1. Run Regedit
   
2. Select File Connect Network Registry
   
3. Enter the name of the remote computer and click OK
   
4. At the bottom of the registry tree you will see two hives appear for the remote machine: HKEY_LOCAL_MACHINE and HKEY_USERS
   
5. Navigate to HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
   
6. Double-click fDenyTSConnections in the right-hand pane and change the value from 1 to 0

Another way to accomplish the same task is by using WMIC, the WMI command line utility in Windows 2000, XP, Vista and 2003 Server. Here’s the one line command:

wmic /node:TargetComputer PATH Win32_TerminalServiceSetting WHERE AllowTSConnections=0 CALL SetAllowTSConnections 1

The command above is not case sensitive, by the way.

Note that neither of these methods require a restart of the remote machine, however I have seen it sometimes take a minute to take affect. Remember, patience is a virtue. :)

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Restart Services from the command line

Here's a handy batch file I wrote that stops and starts a service on the local or remote computer from the command line. You must have administrator rights on the target computer for the batch file to run properly.

@echo off
if "%1" == "" Goto Syntax
if "%1" == "?" Goto Syntax
if "%1" == "/?" Goto Syntax
if "%2" == "" Goto RunLocal

:RunRemote
echo %1 Find "\\" > nul
If %errorlevel% == 1 Goto Syntax
sc %1 query %2 Find "."
If %errorlevel% == 0 Goto End
sc %1 qc %2 Find "DISABLED" > nul
If %errorlevel% == 0 echo The requested restart is not valid for this service. & Goto End

:StopLoop
echo The %2 service is stopping...
sc %1 stop %2 > nul find "started" > nul
If %errorlevel% == 0 Goto Loop
echo The %2 service was stopped successfully.
echo.
echo The %2 service is starting...

:StartLoop
sc %1 start %2 find "running" > nul
If %errorlevel% == 0 Goto StartLoop
echo The %2 service was started successfully.
Goto End

:RunLocal
net stop %1 & net start %1
Goto End

:Syntax
echo.
echo Stops and starts a service on the local or remote computer.
echo.
echo Syntax: RESTART [\\Computer] ServiceName

:End
echo.

Copy the text above into Notepad and save it in your Windows folder as "Restart.bat".

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

WinDirStat Disk Utilization Program

I discovered a (free) disk utilization program called WinDirStat that can replace or supplement TreeSize Professional (not free). WinDirStat produces a graphical representation of a drive or folder, showing all the types of files.


The utility can be downloaded from http://windirstat.info/wds_current_unicode.zip. Here's how to use it:

• Login to the machine you want to run it on with an Admin account. You can login locally or via RDP.
• Run WinDirStat
• Select the drive or folder you want to scan and click OK
• WinDirStat will begin scanning the drive and display cute little PacMan style icons showing it's working:

• It may take a while to complete (280GB took about 32 minutes). Running it locally has very little impact on performance, but it does increase disk utilization a bit, but users will probably not notice it (similar to TreeSize).
• Once the scan is complete, you will see a graphical representation of the data on the drive(s) or folder selected (called a Treemap):
  
  
  
• To use this tool, you can do any of the following:
  
  
• Click a large colored area to find out what file(s) are represented (for example, click the large purple areas reveals the files are .TXT files)
• Click an extension in the upper right area will highlight all the files of that type in the Treemap
• Drill down through the folders and files on the upper left area will highlight the folders or files selected in the Treemap
• Double-click part of the map or a file in the upper left area will open the selected file
• You can zoom in and zoom out of the Treemap
• You can delete files directly from WinDirStat
• You can select a file and click Report > Send Mail to Owner to send an email to the owner of the file asking them to clean it up. Note that this requires a working email profile and Outlook on the machine you are running it from.

Unlike TreeSize, you cannot save reports and email them to others. This makes WinDirStat an ad-hoc utility for working on a file server immediately when a free space problem arises. Use TreeSize when you need to create reports or want to save the results for historical reasons.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to tell if your Remote Desktop Connection is from the Console

I do a lot of work using Remote Desktop Connections. Sure beats the old "sneaker net" days where you had to physically log into each server you needed to manage.

I'm sure you know that you can
connect to the console session using MSTSC /CONSOLE from the command line. This is helpful when you need to establish a third RDP session because the other two are in use, or when you need to install software that can only be done from the console.

One of the questions I'm asked is how to tell if you're connected via RDP to the console from the RDP session. To do this, simply open a command prompt and enter QWINSTA. You will see output similar to the screen above.

Take a look at the session ID in the example above. When you're in an RDP session to the console, the session ID will always be 0 (zero). That's all there is to it!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to Debug Windows Memory Dumps

From time to time, we're faced with the dreaded BSOD, or bugcheck, on a Windows machine. The procedures below guide you through the steps necessary to analyze and debug dump files.

For a downloadable copy of these procedures, click here: How%20To%20Debug%20Memory%20Dumps.doc

• Download and install the Microsoft Debugging Tools from http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx


• Go to Start All Programs Debugging Tools For Windows WinDbg


• Click on File Symbol File Path, enter:
  SRV*c:\symbols*http://msdl.microsoft.com/download/symbols and click OK.


• Click File Save Workspace so that your symbols path is saved for future use.


• Now locate your memory dumps. Small memory dumps are usually located in %systemroot%\minidump and Kernel memory dumps are located in %systemroot%\MEMORY.DMP.


• Go to File Open Crash Dump and load the file. You may get a message to save base workspace information. If so, choose No. Now you will get a debugging screen. It may take a little bit to run, since the symbols are downloaded as they are needed. Then you will see information such as:

Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Micros