Sunday, July 26, 2009

Repair Missing NTLDR File Using Windows XP Installation CD


Had you ever overcome this situation? Most of system damage of file corrupted issues can be fixed using the Windows XP installation CD.

Just simply follow the above instruction :

a. Boot your computer from your Windows XP CD.

b. When a prompt “press any key to boot from the CD….”, simply hit any key.

c. Once you are in the Windows XP setup menu press the “R” key that’s means to repair the Windows XP system’s file.

d. Log into your Windows installation By pressing the “1″ >> “enter”, you will now logged into your Windows installation process.

e. Then, you’ll be asked for your administrator password, enter that password. If there is no password for your administrator account, just leave it blank.

f. Copy the below two files below using the command line given to the root directory of the primary hard disk [ex : c:/ <<-this is your root directory] from the CD-ROM [ex : f:/ <<-this is your CD-ROM drive letter]. My example above maybe vary to others computer. The command line is ; • copy f:\i386\ntldr c:\ • copy f:\i386\ntdetect.com c:\ g. The example of completed task is like the screen below :

h. After these files have been successfully copied, just remove the CD from the computer and reboot.

Driver Genius Pro v8.0


Driver Genius Professional is a powerful driver manager for Windows that can backup, restore, search and update your drivers automatically in just a several clicks!


[9.6MB]

GetDataBack for NTFS & FAT

Runtime GetDataBack for FAT/NTFS v3.66

Data Recovery Software - GetDataBack is a highly advanced data recovery software, which will help you to get your data back when your drive's partition table, boot record, Master File Table or root directory is corrupt or lost, when a virus has hit the drive, files were deleted, the drive was formatted or struck by a power failure. GetDataBack comes in two flavours, NTFS and FAT depending on what file system you have.

GetDataBack will recover your data if the hard drive's partition table, boot record, FAT/MFT or root directory are lost or damaged, data was lost due to a virus attack, the drive was formatted, fdisk has been run, a power failure has caused a system crash, files were lost due to a software failure, files were accidentally deleted...

GetDataBack can even recover your data when the drive is no longer recognized by Windows. It can likewise be used even if all directory information - not just the root directory- is missing. GetDataBack can even recover your data when the drive is no longer recognized by Windows. It can likewise be used even if all directory information - not just the root directory- is missing.

The tool works at partition level and will restore files and folders exactly how they used to be. It recovers data from floppy and ZIP disks, drive images and even remote drives connected by a serial cable or TCP/IP. As the name says, it restores files from FAT/ NTFS disks - file system used by Windows NT/2000/XP, yet works on all Windows systems. Make sure you never install the program on the to-be-recovered drive and you will never lose important data.

Advanced algorithms will make sure that all directories and sub directories are put together as they were, and that long file names are reconstructed correctly. GetDataBack is read-only, meaning the program will never attempt to write to the drive you are about to recover. Please make sure to read the safety instructions...

The software enables the regular user to conduct his own data recovery by guiding him through three easy to understand steps, thus gives the advanced user the possibility to interfere with the recovery and improve the results, by examining the scan log, the file system details, file and directory information, by selecting the sector range to be scanned, by choosing excessive search for file systems or search for lost files, by calling Runtime's DiskExplorer.

Recover files over your local network or over a serial cable - This feature enables you to run GetDataBack on one computer ("remote") while accessing the drives of another computer ("host"). Recovering data over a network is useful, especially when you are not able to remove the drive you want to recover from and attach it to another computer.

GetDataBack recovers from:
• Hard drives (IDE, SCSI, SATA)
• USB drives
• Firewire drives
• Partitions
• Dynamic Disks
• Floppy drives
• Drive images
• Zip/Jaz drive
• Compact Flash Cards
• Smart Media Cards
• Secure Digital Cards
• USB Flash Drive
• iPod Disks

[5.1MB]
[download now]

Password : www.dl4all.com

Assign Folder as a Drive

Had you heard about assigning a folder as a drive? Several user may need a daily used folder as a drive that appear in "my computer". Here it's the trick;
  1. Open up "command prompt" by typing "cmd" at run box
  2. At "command prompt", type; "subst [drive letter] [folder path address]". eg: "subst m: d:\userfolder"
  3. Hit enter and you can see [as an example a new drive: m:\ drive appear in "my computer"
  4. Simple and easy huh? This assigned drive will be deactivate when you reboot your comp.
  5. So, you can make an auto startup program for this assigned drive.
  6. Here come the trick; Simply open up notepad and type this codes : "subst [drive letter] [folder path address]". eg: "subst m: d:\userfolder" and save it as "urfilename".bat.
  7. This is a batch file that runs the command when you double-click it. "urfilename" refer to any name that you want to put. But make sure you keep the file with *.bat extension in order to make it able to be executed.
  8. Then, simply copy this file to the startup folder under "start>all programs>startup"
  9. This means you have just set up that batch file to runs every time the comp rebooted

Log In Several User In Yahoo! messenger 8

Wanna log in several user in one Yahoo! messenger? Here come the simple trick:


Step 1
Fire up notepad and type :
REGEDIT4
[HKEY_CURRENT_USER\Software\yahoo\pager\Test]
"Plural"=dword:00000001

Step 2
Save the document as Ym8MultiLogin.reg

Step 3
Merge the file that you had just created into the registry and bling!! You can now login with several user in one Yahoo! messenger. Just make sure that you uncheck the "automatic login" at Yahoo! messenger startup.

p/s: you can create uninstallation file by changing the ["Plural"=dword:] value from "00000001" to "00000000" and save it as Ym8MultiLogin_uninstall.reg .If you want to download both of the registration files by simply clicking [here]

Customizing The System Tray Clock

Now, here is a nice trick for you. Customizing your system tray clock like the picture above. It has been applied to my comp :). Pretty nice. But maybe you can corrupt some trial licenses of software that you may have installed. Here it is :

Step 1
Open up your registry editor [start > run > type "regedit"]

Step 2
Navigate to : HKEY_CURRENT_USER\Control Panel\International

Step 3
There is two strings named "s1159" and "s2359". By default, the "s1159" is for AM and "s2359" is for PM. Just right click to the value and edit the AM and PM text. Make sure the text is not too long because if it is too long, it will be a problem to view it.

Step 4
If both of the string is not in there, just create the two strings "s1159" and "s2359"

Now, you have a special clock of your own. Change applied may start to active after user logoff or restart the comp. Else, just refresh your desktop to activate it.. Happy modding :) =X and good luck

Fixing Double-Click Problems In Your Drive

Cannot double-click your drive? My buddy : right here have a brief explanation about how to fix it using flash disinfector and CHKDSK. But here is my solution to fix it within the power of Command Prompt [CMD]

Several things you must know first :

1. When you double-click your drive, it can't be accessed and an alert pop-out : "cannot find file.js@file.exe@file.vbs@something similar".

2. What is the main problems?
Autorun.inf file cannot find the specific file to be executed [been deleted due to virus alert from antivirus software or accidentally deleted]

3. Autorun.inf usage :
  • Not all "autorun.inf" is written to execute the VIRUS.
  • "autorun.inf" may also automatically load a programs in the Interactive-CD media.
  • It can load a portable software for USB drive such as "PortableApps"
  • You can set your drive icon by write some codes in it [will be posted later]
  • So, "autorun.inf" is NOT A VIRUS. It's a kinda file that run under System Explorer.
Looking by the two main cause of these problems, there is 2 simple solution here:

1st :
If you accidentally deleted the files [the programs compiled with "autorun.inf" accidentally deleted]
Solution :
Just unhide the "hidden folder" [tool > folder options > views > "tick" the "show hidden files & folder"]. Then you can delete the "autorun.inf" files [navigate into the drive using the "address bar"]. Your drive can be accessed by using double-click after the comp rebooted.

2nd :
If the files compiled with "autorun.inf" have been deleted automatically due to antivirus response to a suspected files, which means, the compiled files with "autorun.inf" is a virus suspected file. So, the virus can't be executed when you double-click the drive. Antivirus won't delete the "autorun.inf" because it is NOT A VIRUS.
Solution :
Open up Command Prompt [start > run > type "CMD"]

  • The command prompt will now open. Type "attrib -s -h -r -a x:\autorun.inf"
  • Then type "del x:\autorun.inf"

Explanation :
"attrib" : attribute
"s" : system file attribute
"h" : hidden file attribute
"r" : read-only file attribute
"a" : archive file attribute
"x" : this should be change with your drive letter such as C or D or any drive you want to fix
"del" : delete file
"-" : this -ve sign stand for remove, so that it will remove the attribute within the files

So. After you runs the command above, you have successfully remove the "autorun.inf" file in your drive. Just make sure you change the "x" value with your drive letter. Reboot the computer and it's done. Below is a sample advance batch file to remove "autorun.inf" that i've made specially for all my blog reader using these commands above.

Downlaod a sample batch file click here

Change/Add Restrictions And Features [a further info about registry tweak & hack]

If you want to make restrictions to what users can do, you can edit the Registry. You can add and delete Windows features in this key shown below.

Certain things you must know about registry editor:

  1. It's very sensitive. Make sure you change anything inside it if you didn't know about it
  2. Boolean is where elements or "bits" each contain only two possible values, called various names [eg : yes@no, true@false , 1@2]
  3. The Boolean number "0" is for ON
  4. The Boolean number "1" is for OFF
  5. [eg : To make a printer undeleteable set "NoDeletePrinter" boolean to 1. That The value "NoDeletePrinter" will be activated]
Open RegEdit [start > run > "regedit"] and navigate to :

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\

Under "Explorer" subkey, this "DWORD" value can be created :
  1. NoDeletePrinter : Disables Deletion of Printers
  2. NoAddPrinter : Disables Addition of Printers
  3. NoRun : Disables Run Command
  4. NoSetFolders : Removes Folders from Settings on Start Menu
  5. NoSetTaskbar : Removes Taskbar from Settings on Start Menu
  6. NoFind : Removes the Find Command
  7. NoDrives : Hides Drives in My Computers
  8. NoNetHood : Hides the Network Neighborhood
  9. NoDesktop : Hides all icons on the Desktop
  10. NoLogoff : Hides the Log Off in the Start Menu
  11. NoRecentDocsMenu : Hides the Documents shortcut at the Start button
  12. DisableRegistryTools : Disable Registry Editing Tools
  13. NoChangeStartMenu : Disables changes to the Start Menu
  14. NoFileMenu : Hides the Files Menu in Explorer
  15. NoActiveDesktop : No Active Desktop
  16. NoFolderOptions : Hides the Folder Options in the Explorer
  17. ClearRecentDocsOnExit : Empty the recent Docs folder on reboot
  18. NoActiveDesktopChanges : No changes allowed
  19. NoInternetIcon : No Internet Explorer Icon on the Desktop
  20. NoFavoritesMenu : Hides the Favorites menu
  21. NoClose : Disables Shutdown
  22. NoRecentDocsHistory: Clears history of Documents
  23. NoSaveSettings : Don't save settings on exit
  24. NoControlPanel :Hide the control panel visibility
  25. NoCDBurning : Disable Cd burning
Under " System" subkey, this "DWORD" value can be created :
  1. NoDispCPL : Disable Display Control Panel
  2. NoPwdPage : Hide Password Change Page
  3. NoDispScrSavPage : Hide Screen Saver Page
  4. NoDispBackgroundPage : Hide Background Page
  5. NoSecCPL : Disable Password Control Panel
  6. NoDispAppearancePage : Hide Appearance Page
  7. NoDispSettingsPage : Hide Settings Page
  8. NoDevMgrPage : Hide Device Manager Page
  9. NoConfigPage : Hide Hardware Profiles Page
  10. NoVirtMemPage : Hide Virtual Memory Button
  11. NoAdminPage : Hide Remote Administration Page
  12. NoProfilePage : Hide User Profiles Page
  13. NoFileSysPage : Hide File System Button

Alternatively, if you want to create a string or edit it without opening Registry Editor, you can just fire up these string in the "run box" :
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer /v DisableRegistryTools /t REG_DWORD /d 0 /f
This can be more easier for you to add or change the value in the Registry Editor. In a long explanation :
  • REG ADD : adding a registry value
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer : It will navigate through this value
  • /v DisableRegistryTools : It will create a value named "DisableRegistryTool". This can be change to your desired value that you want to create.
  • /t REG_DWORD : And the value created is a "DWORD" value type
  • 0 : The boolean is set to "0" [off]. "1" = [on]
  • /f : The data will be force overwritten without any

Create Your Own Password Protected Folder

Ever had a situation where you want to keep your file secretly. Avoid others from accessing your private data by your own application! Write the codes by yourself. In today how2.0 tutorial, i'll teach you a simple batch [*.bat] file programming, using only your notepad. This program runs under command prompt "CMD". Maybe it's too advance to learn this before you know about the basic of batch [*.bat] file itself. But nevermind, i'll explain the codes for your understanding. Yeah, lets rock the codes!! Here it is :

Step 1
Firstly, i'll explain about the method used in this batch [*.bat] program.

1st method :
Here, we'll use an unique method to create a folder that seen as "control panel". Magic? Yeah. This unique string : Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} ,represent as "control panel" folder. So, if you rename any folder using this string, it will become a "control panel" but actually that is your folder. The is many more unique string such as:

  • Internet Explorer.{FBF23B42-E3F0-101B-8488-00AA003E56F8}
  • Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
  • My Computer.{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • My Documents.{ECF03A32-103D-11d2-854D-006008059367}
  • Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}
You can change the middle string such as, "MyOwnFolder.{21EC2020-3AEA-1069-A2DD-08002B30309D}". The folder will appear as "control panel" icon, named "MyOwnFolder", but you will also redirected to control panel folder. Thats means, your folder cannot be accessed as usual. The data inside the folder will remain safety.

2nd method :
We'll change the folder attributes to "system files attribute" and "hidden files attribute" by using "attrib" method that i've explain in my last post. [attrib x:/filename +s +h]

Step 2
Copy & Paste these codes into your notepad [start > run > "notepad"]. These codes combine the two method i've mention above to secure your folder.

cls
@ECHO OFF
title Folder Passworder [Beta Test] by zXara
if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK
if NOT EXIST Locker goto MDLOCKER
:CONFIRM
echo Are you sure u want to Lock the folder(Y/N)
set/p "cho=>"
if %cho%==Y goto LOCK
if %cho%==y goto LOCK
if %cho%==n goto END
if %cho%==N goto END
echo Invalid choice.
goto CONFIRM
:LOCK
ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
echo Folder locked
goto End
:UNLOCK
echo Enter password to Unlock folder
set/p "pass=>"
if NOT %pass%== password goto FAIL
attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}"
ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker
echo Folder Unlocked successfully
goto End
:FAIL
echo Invalid password
goto end
:MDLOCKER
md Locker
echo Locker created successfully
goto End
:End

[explanation]
  1. @ECHO OFF <<- the programs header
  2. title Folder Passworder [Beta Test] by zXara <<- your program title
  3. if EXIST "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" goto UNLOCK <<- tell CMD to go to :UNLOCK path it the folder "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" is exist
  4. if NOT EXIST Locker goto MDLOCKER <<- tell the CMD to go to :MDLOCKER path if the folder "Locker" does'nt exist
  5. :CONFIRM <<- Command path
  6. echo Are you sure u want to Lock the folder(Y/N) <<- tell CMD to print out text "Are you sure u want to Lock the folder(Y/N)" on the screen
  7. set/p "cho=>" <<- Choice selection
  8. if %cho%==Y goto LOCK <<- tell CMD to go to :LOCK path if key Y was pressed
  9. if %cho%==y goto LOCK <<- tell CMD to go to :LOCK path if key y was pressed
  10. if %cho%==n goto END <<- tell CMD to go to :LOCK path if key n was pressed
  11. if %cho%==N goto END <<- tell CMD to go to :LOCK path if key N was pressed
  12. echo Invalid choice. <<- tell CMD to print out text "Invalid choice" on the screen
  13. goto CONFIRM <<- tell CMD to go to :CONFIRM path
  14. :LOCK <<- Command path
  15. ren Locker "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" <<-CMD will rename the "locker" folder to "control panel"
  16. attrib +h +s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" <<- CMD will add "system" & "hidden" file attribute to the folder
  17. echo Folder locked <<- tell CMD to print out text "Folder locked" on the screen
  18. goto End <<- tell the CMD to go to :UNLOCK path
  19. :UNLOCK <<-Command path
  20. echo Enter password to Unlock folder <<- tell CMD to print out text "Enter password to Unlock folder" on the screen
  21. set/p "pass=>" <<- Choice selection
  22. if NOT %pass%== password goto FAIL <<-here it is, if the password is not "password", CMD will move to :FAIL path
  23. attrib -h -s "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" <<- CMD will remove "system" & "hidden" file attribute to the folder
  24. ren "Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}" Locker <<-CMD will rename the "control panel" folder to "locker"
  25. echo Folder Unlocked successfully <<- tell CMD to print out text "Folder Unlocked successfully " on the screen
  26. goto End< <- tell CMD to go to :END path
  27. :FAIL <<- Command path
  28. echo Invalid password <<- tell CMD to print out text "Invalid password" on the screen
  29. goto END <<- tell the CMD to go to :ENDpath
  30. :MDLOCKER <<- Command path
  31. md Locker <<- CDM will create "locker" folder
  32. echo Locker created successfully <<- tell CMD to print out text "Locker created successfully" on the screen
  33. goto END <<- tell the CMD to go to :END path
  34. :END <<- Command path
What a long explanation is'nt it.. huh.. I also burn my finger typing these post.. Hehe.. but it's my pleasure to share my knowledge with you all. :)
Ok, By simple explanation, you must change the "password" in line 22 to your own password. You can also change the title name in the 2nd line to your own. Hope you can find this tutorial useful, and, good luck coders :)

Step 3
Now you can save your file as anyfileneme.bat . You can put any name that you want as long as you keep the extension as *.bat. Now you can put your secret data inside the "locker" folder.
note that AVG will detect these commands as a HackTool. So, Make sure u make an exception list for this file to AVG. This why I hate AVG so much ~ daa

Monday, July 20, 2009

Attrib command ( Change attributes of a file or folder)

Displays, sets, or removes attributes assigned to files or directories. If used without parameters, attrib displays attributes of all files in the current directory.


Syntax

attrib [{+|-}r] [{+|-}a] [{+|-}s] [{+|-}h] [{+|-}i] [:][][] [/s [/d] [/l]]

Parameters

Parameter Description

{+|-}r

Sets (+) or clears (-) the Read-only file attribute.

{+|-}a

Sets (+) or clears (-) the Archive file attribute.

{+|-}s

Sets (+) or clears (-) the System file attribute.

{+|-}h

Sets (+) or clears (-) the Hidden file attribute.

{+|-}i

Sets (+) or clears (-) the Not Content Indexed file attribute.

[:][][]

Specifies the location and name of the directory, file, or group of files for which you want to display or change attributes. You can use the ? and * wildcard characters in the FileName parameter to display or change the attributes for a group of files.

/s

Applies attrib and any command-line options to matching files in the current directory and all of its subdirectories.

/d

Applies attrib and any command-line options to directories.

/l

Applies attrib and any command-line options to the Symbolic Link, rather than the target of the Symbolic Link.

/?

Displays help at the command prompt.

Remarks

  • You can use wildcard characters (? and *) with the FileName parameter to display or change the attributes for a group of files.
  • If a file has the System (s) or Hidden (h) attribute set, you must clear the attribute before you can change any other attributes for that file.
  • The Archive attribute (a) marks files that have changed since the last time they were backed up. Note that the xcopycommand uses archive attributes.

Examples

To display the attributes of a file named News86 that is located in the current directory, type:

attrib news86 

To assign the Read-only attribute to the file named Report.txt, type:

attrib +r report.txt 

To remove the Read-only attribute from files in the Public directory and its subdirectories on a disk in drive B, type:

attrib -r b:\public\*.* /s 

To set the Archive attribute for all files on drive A, and then clear the Archive attribute for files with the .bak extension, type:

attrib +a a:*.* & attrib -a a:*.bak 

With (native) Windows NT 4+ commands:

    NET LOCALGROUP Administrators

Or, to remove header and footer lines:


FOR /F "delims=[]" %%A IN ('NET LOCALGROUP Administrators ˆ| FIND /N "----"') DO SET HeaderLines=%%A
FOR /F "tokens=*" %%A IN ('NET LOCALGROUP Administrators') DO SET FooterLine=%%A
NET LOCALGROUP Administrators | MORE /E +%HeaderLines% | FIND /V "%FooterLine%"

"I need an up-to-date list of disk space usage for all servers, on my desk in 5 minutes"

Sounds familiar?

With (native) Windows XP Professional or Windows Server 2003 commands:

    FOR /F %%A IN (servers.txt) DO (
WMIC /Node:%%A LogicalDisk Where DriveType="3" Get DeviceID,FileSystem,FreeSpace,Size /Format:csv | MORE /E +2 >> SRVSPACE.CSV
)

The only prerequisites are:

  1. SRVSPACE.CSV should not exist or be empty,
  2. a list of server names in a file named SERVERS.TXT, one server name on each line,
  3. and WMIC.EXE, which is native in Windows XP Professional, Windows Server 2003 and Vista.

The CSV file format is ServerName,DeviceID,FileSystem,FreeSpace,Size (one line for each harddisk partition on each server).

If you have a strict server naming convention, SERVERS.TXT itself can be generated with the NET command:

    FOR /F "delims=\  " %%A IN ('NET VIEW ^| FINDSTR /R /B /C:"\\\\SRV\-"') DO (>>SERVERS.TXT ECHO.%%A)
Notes: (1) assuming server names start with "SRV-"; modify to match your own naming convention.
(2) delims is a backslash, followed by a tab and a space.

Delete a computer account

With native Windows 2000 commands:

    NETDOM /DOMAIN:MyDomain MEMBER \\computer2Bdeleted /DELETE

NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

List all workstations

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain WORKSTATION

NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

Find the primary domain controller

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain PDC

or, to find the FSMO with (native) Windows Server 2003 commands (Active Directory only):

    NETDOM QUERY /D:mydomain.com FSMO

NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

List all domain controllers

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain DC

NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

With (native) Windows Server 2003 commands (Active Directory only):

    DSQUERY Server

or, if you prefer host names only (tip by Jim Christian Flatin):

    DSQUERY Server -o rdn

How do I reset someone's password?

With the native NET command:

    NET USER loginname newpassword /DOMAIN

With (native) Windows Server 2003 commands:

    DSQUERY USER -samid loginname | DSMOD USER -pwd newpassword
Note: To prevent the new password from being displayed on screen replace it with an asterisk (*); you will then be prompted (twice) to type the new password "blindly".

What groups is this user a member of?

In Windows NT 4 and later, users usually are members of global groups. These global groups in turn are members of (domain) local groups. Access permissions are given to (domain) local groups.
To check if a user has access to a resource, we need to check group membership recursively.
With (native) Windows Server 2003 commands:

    DSQUERY USER -samid loginname | DSGET USER -memberof -expand

What is the full name for this login name?

With the native NET command:

    NET USER loginname /DOMAIN | FIND /I " name "

With (native) Windows Server 2003 commands:

    DSQUERY USER -samid *loginname* | DSGET USER -samid -display
Note: The NET command may seem more universal, because it requires neither Active Directory nor Windows Server 2003 commands, but it is language dependent!
For non-English Windows you may need to modify FIND's search string.

What is this collegue's login name?

My collegues often forget to mention their logon account name when calling the helpdesk, and the helpdesk doesn't always ask either. I suppose they expect me to know all 1500+ accounts by heart.
With (native) Windows Server 2003 commands only:

    DSQUERY USER -name *lastname* | DSGET USER -samid -display
Note: Windows Server 2003's "DSTools" will work fine in Windows 2000 and XP too, when copied.
Keep in mind, however, that some Windows Server 2003 Active Directory functionality is not available in Windows 2000 Active Directories.

Who is logged on to a computer?

We often need to know who is currently logged on to a remote computer.
With native Windows commands only:

    NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"

The first name in the list usually is the logged on user (try playing with the NET NAME command to learn more about the names displayed by NBTSTAT).
This is the fastest way to find the logged on user name, and the results that you do get are correct, but NBTSTAT won't always return a user name, even when a user is logged on.

Using WMIC (Windows XP Professional and later):

    WMIC /Node:remotecomputer ComputerSystem Get UserName

This is arguably the most reliable (native) command to find out who is logged on.

With the help of SysInternals' PSTools:

    PSLOGGEDON -L \\remotecomputer

or:

    PSEXEC \\remotecomputer NET CONFIG WORKSTATION | FIND /I " name "

or:

    PSEXEC \\remotecomputer NET NAME

or:

    PSEXEC \\remotecomputer NETSH DIAG SHOW COMPUTER /V | FIND /i "username"

or:

    FOR /F %%A IN ('REG Query \\remotecomputer\HKU ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (
FOR /F "tokens=3 delims=\" %%B IN ('REG Query "\\remotecomputer\%%A\Volatile Environment"') DO (
SET LoggedinUser=%%B
)
)

NETSH and WMIC are for XP or later, and are the most reliable of all commands shown here.
WMIC requires WMI enabled remote computers and Windows XP on the administrator's computer; NETSH requires Windows XP on the remote computers.

PSLOGGEDON is a more accurate solution than NBTSTAT, but it will return the last logged on user if no one is currently logged on.

The NET and NBTSTAT commands show more or less identical results, but the NBTSTAT command is much faster.

The REG command is accurate, but may need to be modified depending on the version used. As displayed here, the code is written for REG.EXE 3.0 (XP).

If you want to search lots of computers for logged on users, I recommend you try NBTSTAT first (fast, but it won't always return the user name!), and only switch to NETSH, REG or WMIC (accurate) if NBTSTAT doesn't return a user name.

Credits: Jiří Janyška (WMIC command) and Matthew W. Helton (NETSH command).

How many users are logged on/connected to a server?

Sometimes we may need to know how many users are logged on to a (file) server, like maybe when there is a performance degradation.
At the server's console itself, with native commands only:

    NET SESSION | FIND /C "\\"

Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"

By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Domain implementation and Group policies brief overview

Thursday, July 9, 2009

Backing Up Domain Controllers

It is important to back up your domain controllers to ensure their availability. Backing up a domain controller is like backing up a Microsoft® Exchange member server. The primary difference between backing up a domain controller and backing up an Exchange member server is that you do not have Exchange databases to consider when you back up a domain controller. The method that you use to back up your domain controller depends on the disaster recovery strategy you choose.

When you use Backup to back up the System State data of a domain controller, you also back up the Active Directory® directory service database. To back up the System State data of a domain controller that is running Active Directory, you can use the same procedure as you would for a server that is not a domain controller. However, you must also back up additional files, such as the Active Directory database and log files, and all other files for the system components and services on which Active Directory depends.

The following Active Directory files are part of a System State data backup of a domain controller. By default, these files are located in the Active Directory folder in %SystemRoot%\Ntds.

Active Directory files to back up

File type Definition

Ntds.dit

The Active Directory database.

Edb.chk

The checkpoint file.

Edb*.log

The transaction log files; each file is 10 megabytes (MB).

Res1.log and Res2.log

The reserved transaction log files.

In addition to the System State data, you must also back up the Microsoft Windows® boot partition and system partition when you perform either a Windows backup or a full computer backup of a domain controller.

Circular logging for Active Directory is enabled on domain controllers and cannot be turned off. If you lose all your domain controllers to a disaster and must restore a backup of Active Directory, you will lose data that was written to Active Directory after the backup set was made. Therefore, make regular backups of Active Directory. It is recommended that you back up one domain controller nightly.

Consider the following recommendations before you back up a domain controller:

  • Create a Windows backup set of at least one domain controller to preserve the Active Directory information which is vital to your Exchange servers. If you make changes to your Exchange organization such as (but not limited to) adding new servers, moving users, or adding new storage groups and databases, it is highly recommended that you make a new backup of a domain controller to preserve these changes to Active Directory. You can use the backup of a domain controller to restore the domain controller and the version of Active Directory that was on the domain controller at the time that it was backed up. Additionally, you can choose whether this Active Directory information replicates to other domain controllers. By default, the backup utility (Backup) in Windows Server 2003 performs non-authoritative restores of Active Directory information. Active Directory objects that are part of an authoritative restore replicate from the restored domain controller to the other domain controllers on the network. The Active Directory objects from the backup replace the Active Directory objects in the domain, regardless of the update sequence numbers (USNs). For more information about authoritative restores, see Microsoft Knowledge Base article 241594, "HOW TO: Perform an Authoritative Restore to a Domain Controller in Windows 2000."
  • Create Windows backup sets frequently enough to make sure that they are valid backups. If the date of your System State data backup exceeds the maximum age limit set in Active Directory, the backups are not valid, and your Windows Server 2003 operating system prevents you from restoring Active Directory. For more information, see Knowledge Base article 216993, "Useful shelf life of a system-state backup of Active Directory."
  • Re-create the failed domain controller and populate its copy of Active Directory through replication from the unaffected domain controllers in your organization, instead of restoring your data from a backup.
  • Perform a non-authoritative restore of Active Directory from backup, and then allow the other domain controllers on the network to update the restored domain controller. This method is especially useful when you have a slow link over which to replicate data, a large Active Directory database, or both.