All post

Monday, July 20, 2009

Find the primary domain controller

3:29 PM No Comments

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain PDC

or, to find the FSMO with (native) Windows Server 2003 commands (Active Directory only):

    NETDOM QUERY /D:mydomain.com FSMO

NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

List all domain controllers

3:28 PM No Comments

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain DC

NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

With (native) Windows Server 2003 commands (Active Directory only):

    DSQUERY Server

or, if you prefer host names only (tip by Jim Christian Flatin):

    DSQUERY Server -o rdn

How do I reset someone's password?

3:25 PM No Comments

With the native NET command:

    NET USER loginname newpassword /DOMAIN

With (native) Windows Server 2003 commands:

    DSQUERY USER -samid loginname | DSMOD USER -pwd newpassword
Note: To prevent the new password from being displayed on screen replace it with an asterisk (*); you will then be prompted (twice) to type the new password "blindly".

What groups is this user a member of?

3:23 PM No Comments

In Windows NT 4 and later, users usually are members of global groups. These global groups in turn are members of (domain) local groups. Access permissions are given to (domain) local groups.
To check if a user has access to a resource, we need to check group membership recursively.
With (native) Windows Server 2003 commands:

    DSQUERY USER -samid loginname | DSGET USER -memberof -expand

What is the full name for this login name?

3:23 PM No Comments

With the native NET command:

    NET USER loginname /DOMAIN | FIND /I " name "

With (native) Windows Server 2003 commands:

    DSQUERY USER -samid *loginname* | DSGET USER -samid -display
Note: The NET command may seem more universal, because it requires neither Active Directory nor Windows Server 2003 commands, but it is language dependent!
For non-English Windows you may need to modify FIND's search string.

What is this collegue's login name?

3:22 PM No Comments

My collegues often forget to mention their logon account name when calling the helpdesk, and the helpdesk doesn't always ask either. I suppose they expect me to know all 1500+ accounts by heart.
With (native) Windows Server 2003 commands only:

    DSQUERY USER -name *lastname* | DSGET USER -samid -display
Note: Windows Server 2003's "DSTools" will work fine in Windows 2000 and XP too, when copied.
Keep in mind, however, that some Windows Server 2003 Active Directory functionality is not available in Windows 2000 Active Directories.

Who is logged on to a computer?

3:20 PM No Comments

We often need to know who is currently logged on to a remote computer.
With native Windows commands only:

    NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"

The first name in the list usually is the logged on user (try playing with the NET NAME command to learn more about the names displayed by NBTSTAT).
This is the fastest way to find the logged on user name, and the results that you do get are correct, but NBTSTAT won't always return a user name, even when a user is logged on.

Using WMIC (Windows XP Professional and later):

    WMIC /Node:remotecomputer ComputerSystem Get UserName

This is arguably the most reliable (native) command to find out who is logged on.

With the help of SysInternals' PSTools:

    PSLOGGEDON -L \\remotecomputer

or:

    PSEXEC \\remotecomputer NET CONFIG WORKSTATION | FIND /I " name "

or:

    PSEXEC \\remotecomputer NET NAME

or:

    PSEXEC \\remotecomputer NETSH DIAG SHOW COMPUTER /V | FIND /i "username"

or:

    FOR /F %%A IN ('REG Query \\remotecomputer\HKU ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (
       FOR /F "tokens=3 delims=\" %%B IN ('REG Query "\\remotecomputer\%%A\Volatile Environment"') DO (
           SET LoggedinUser=%%B
       )
   )

NETSH and WMIC are for XP or later, and are the most reliable of all commands shown here.
WMIC requires WMI enabled remote computers and Windows XP on the administrator's computer; NETSH requires Windows XP on the remote computers.

PSLOGGEDON is a more accurate solution than NBTSTAT, but it will return the last logged on user if no one is currently logged on.

The NET and NBTSTAT commands show more or less identical results, but the NBTSTAT command is much faster.

The REG command is accurate, but may need to be modified depending on the version used. As displayed here, the code is written for REG.EXE 3.0 (XP).

If you want to search lots of computers for logged on users, I recommend you try NBTSTAT first (fast, but it won't always return the user name!), and only switch to NETSH, REG or WMIC (accurate) if NBTSTAT doesn't return a user name.

Credits: Jiří Janyška (WMIC command) and Matthew W. Helton (NETSH command).

How many users are logged on/connected to a server?

3:17 PM No Comments

Sometimes we may need to know how many users are logged on to a (file) server, like maybe when there is a performance degradation.
At the server's console itself, with native commands only:

    NET SESSION | FIND /C "\\"

Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"

By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Domain implementation and Group policies brief overview

10:31 AM No Comments

Thursday, July 9, 2009

Backing Up Domain Controllers

8:02 PM No Comments

It is important to back up your domain controllers to ensure their availability. Backing up a domain controller is like backing up a Microsoft® Exchange member server. The primary difference between backing up a domain controller and backing up an Exchange member server is that you do not have Exchange databases to consider when you back up a domain controller. The method that you use to back up your domain controller depends on the disaster recovery strategy you choose.

When you use Backup to back up the System State data of a domain controller, you also back up the Active Directory® directory service database. To back up the System State data of a domain controller that is running Active Directory, you can use the same procedure as you would for a server that is not a domain controller. However, you must also back up additional files, such as the Active Directory database and log files, and all other files for the system components and services on which Active Directory depends.

The following Active Directory files are part of a System State data backup of a domain controller. By default, these files are located in the Active Directory folder in %SystemRoot%\Ntds.

Active Directory files to back up

File type Definition

Ntds.dit

The Active Directory database.

Edb.chk

The checkpoint file.

Edb*.log

The transaction log files; each file is 10 megabytes (MB).

Res1.log and Res2.log

The reserved transaction log files.

In addition to the System State data, you must also back up the Microsoft Windows® boot partition and system partition when you perform either a Windows backup or a full computer backup of a domain controller.

Circular logging for Active Directory is enabled on domain controllers and cannot be turned off. If you lose all your domain controllers to a disaster and must restore a backup of Active Directory, you will lose data that was written to Active Directory after the backup set was made. Therefore, make regular backups of Active Directory. It is recommended that you back up one domain controller nightly.

Consider the following recommendations before you back up a domain controller:

  • Create a Windows backup set of at least one domain controller to preserve the Active Directory information which is vital to your Exchange servers. If you make changes to your Exchange organization such as (but not limited to) adding new servers, moving users, or adding new storage groups and databases, it is highly recommended that you make a new backup of a domain controller to preserve these changes to Active Directory. You can use the backup of a domain controller to restore the domain controller and the version of Active Directory that was on the domain controller at the time that it was backed up. Additionally, you can choose whether this Active Directory information replicates to other domain controllers. By default, the backup utility (Backup) in Windows Server 2003 performs non-authoritative restores of Active Directory information. Active Directory objects that are part of an authoritative restore replicate from the restored domain controller to the other domain controllers on the network. The Active Directory objects from the backup replace the Active Directory objects in the domain, regardless of the update sequence numbers (USNs). For more information about authoritative restores, see Microsoft Knowledge Base article 241594, "HOW TO: Perform an Authoritative Restore to a Domain Controller in Windows 2000."
  • Create Windows backup sets frequently enough to make sure that they are valid backups. If the date of your System State data backup exceeds the maximum age limit set in Active Directory, the backups are not valid, and your Windows Server 2003 operating system prevents you from restoring Active Directory. For more information, see Knowledge Base article 216993, "Useful shelf life of a system-state backup of Active Directory."
  • Re-create the failed domain controller and populate its copy of Active Directory through replication from the unaffected domain controllers in your organization, instead of restoring your data from a backup.
  • Perform a non-authoritative restore of Active Directory from backup, and then allow the other domain controllers on the network to update the restored domain controller. This method is especially useful when you have a slow link over which to replicate data, a large Active Directory database, or both.

Friday, June 26, 2009

network monitoring software WhatsUpGold

6:36 PM No Comments
network monitoring software/
WhatsUp Gold - Network Monitoring Utility

WhatsUp Gold network management software monitors over 100,000 networks worldwide. At Ipswitch we’ve been dedicated to IT managers for over 15 years and listen to our customer’s network needs.

We strive to simplify your complex networks with easy to understand network management products coupled with excellent support from our own network engineers.

Description
===========
 WhatsUp Gold monitors vital network elements and system
 services and generates an alarm when there is a problem.
 It also facilitates remote support and diagnosis by
 providing beeper, pager, e-mail, and voice notifications
 and allowing users to view the status of a network map
 from a Web browser.

 Designed for PCs operating with Windows NT 4.0 or later,
 Windows 2000, 98, 95, Me, WhatsUp Gold can be installed
 wherever needed and does not require expensive,
 dedicated hardware. It will run in the background on your
 PC. WhatsUp Gold will work with any 32-bit TCP/IP stack,
 such as those bundled with Windows NT and Windows. You
 can configure WhatsUp Gold and start monitoring your
 network without any special training.


New Features (WhatsUp Gold 6.0x)
===============================
- Web Interface now allows web security per map.
- Updated User Interface - toolbars, icons and dialogs made
 more user friendly and intuitive.
- Modified menu layout and context menus.
- Map Improvements: Maps are now vector-based graphics that allow
 snap-to-grids, zoom in and out, and the ability to resize maps
 independently. Map properties now have unlimited color choices.
- Log Improvements: Improved the log file display to allow
 filtering, printing, saving and copying. Also improved the
 management of the log file size.
- Customizable notification plug-in system
- Added an SNMP Viewer tool that lets you quickly view the status
 of interfaces on an SNMP device.
- Performance Reports now allow on-demand reporting, and the ability
 to generate an hourly performance report.
- Added a tool to receive syslog messages.

Installation
============
NOTE: To view performance graphs with WhatsUp Gold, you must
have the ODBC32.dll installed.  (If you have Office 97/98/00
or Windows 2000 it is already installed.)

To install or upgrade WhatsUp Gold:
- If you purchased a WhatsUp Gold CD-ROM, insert the CD-ROM.
  If it does not run automatically, click Start, select Run,
  and then enter the CD path followed by Autorun.exe.
  For example, d:Autorun.exe
- If you downloaded WhatsUp Gold from our web site, run the
  downloaded application, wugoldec.exe.




Upgrading
=========
If you are upgrading from a previous version of WhatsUp
Gold or WhatsUp, you should note the following:
--  Back up any network maps (.db for WhatsUp and .wup for
   WhatsUp Gold). (When you open a .db file in WhatsUp Gold,
   the file is automatically converted to the .wup format
   and saved with a .wup extension.)
--  Back up your SERVICES.INI and HOSTTYPES.INI files.
   During installation, WhatsUp Gold will ask if you want
   to overwrite your old SERVICES.INI and HOSTTYPES.INI
   files; answer No.
--  Be sure that WhatsUp Gold has completely shut down
   before doing an upgrade installation. If you exit
   WhatsUp Gold during a poll, it may take up to 30 seconds
   for WhatsUp Gold to remove itself from memory. If you
   press Ctrl+Alt+Del, WhatsUp Gold will remain in the Windows
   task list until it is removed from memory.
--  Defined notifications are stored in a file named
   IPNOTIFY.INI in your Windows or NT directory.
   This file is shared by other Ipswitch products and is
   therefore not deleted or replaced when you upgrade.



Download here

Monday, June 22, 2009

Official Ways to Disable or Manually Uninstall the Microsoft Windows Genuine Advantage Notifications from Microsoft

6:59 PM No Comments

has released step-by-step removal instructions to disable or manually uninstall pilot or pre-release version of Microsoft Windows Genuine Advantage (WGA) Notifications (KB905474) which is versions that range from 1.5.0527.0 to 1.5.0532.2, although the instructions can also be used to uninstall the updated release and general release of the anti-piracy tool, but it will not be supported. Instead, Microsoft recommends to install general release of WGA Notifications (1.5.0540.0) to replace and uninstall the pre-release version during the pilot program.

If you uninstall or WGA Notifications component in your Windows computer which is part of the Windows Genuine Advantage program, Microsoft will offer the general release version of WGA Notifications at a later date (actually is immediately if you check for updates via Windows Update) through the Microsoft Automatic Update service or Windows / Microsoft Update service. So you must unselect the updates or reject the EULA when asked to install again. Microsoft instructions can be found here, or listed below.

Disable WGA Notifications

  1. Log on to the computer by using an account that has administrative permissions.
  2. Make sure that the WGA Notifications version that exists on the computer is a pilot version listed above. The version format for the pilot version is 1.5.0532.x. In this case, you can uninstall versions 527-532 only (Note: the steps should disable other version of WGA Notifications too). To find the WGA Notifications version, follow these steps:
    1. Click Start, and then click Control Panel.
    2. Double-click Add or uninstall Programs, locate and then click Windows Genuine Advantage Notifications, and then click Click here for support information.
    3. In the Support Info dialog box, verify the version number, and then click Close.
  3. Rename the following files by changing the extension to .old:

Rename %Windir%\system32\WgaLogon.dll to %Windir%\system32\WgaLogon.old
Rename %Windir%\system32\WgaTray.exe to %Windir%\system32\WgaTray.old

  1. Restart the computer.

Uninstall WGA Notifications Manually

  1. Log on to the computer by using an account that has administrative permissions.
  2. Make sure that the WGA Notifications version that exists on the computer is a pilot version that range from 1.5.0527.0 to 1.5.0532.2 (Note: other versions should works too). To find the WGA Notifications version, follow these steps:
    1. Click Start, and then click Control Panel.
    2. Double-click Add or uninstall Programs, locate and then click Windows Genuine Advantage Notifications, and then click Click here for support information.
    3. In the Support Info dialog box, verify the version number, and then click Close.
  3. Rename the following files by changing the extension to .old:

Rename %Windir%\system32\WgaLogon.dll to %Windir%\system32\WgaLogon.old
Rename %Windir%\system32\WgaTray.exe to %Windir%\system32\WgaTray.old

  1. Restart the computer.
  2. Unregister LegitCheckControl.dll by using Regsvr32 with these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. At the command prompt, type the following, and then press ENTER:

Regsvr32 %Windir%\system32\LegitCheckControl.dll /u

  1. Restart the computer.
  2. Click Start, click Run, type cmd, and then click OK.
  3. At the command prompt, delete the following files by typing the Del command and follow by pressing ENTER after you type each command.

Del %Windir%\system32\wgalogon.dll
Del %Windir%\system32\WgaTray.exe
Del %Windir%\system32\LegitCheckControl.dll

  1. At the command prompt, type regedit.
  2. Locate and then right-click the following registry subkeys. Click Delete after you locate each subkey.
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\Notify\WgaLogon
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\Notify\WgaLogon
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\removeremove\WgaNotify
Restart the computer

Disable and Remove Windows Genuine Advantage Notifications Nag Screen

6:23 PM No Comments

This page has been updated, visit the new article on how to bypass and disable the WGA or way to make your Windows genuine permanently.

Microsoft has released WGA Notifications application which effectively turned Microsoft Windows operating system into a ‘nagware’, with a “This copy of Windows is not genuine” warning. What the Windows Genuine Advantage Notifications application does what it will check your Microsoft Windows XP validity. If it found that the copy of Windows XP is not validated, not genuine, counterfeit, unlicensed, pirated, illegal, unauthorised or simply failed the Windows Genuine Advantage validation process, then the notification messages will appear at various places and time.

Disclaimer: This article is for informational and educational purpose only, as most information is found on various part of Internet. Readers should contacts Microsoft if their licensed or OEM software cannot be validated or purchase genuine software.

When you log on to a non-genuine copy of Windows XP, the following notification error message “This copy of Windows is not genuine” will pop-up on the logon process:


And the nicely said “You may be a victim of software counterfeiting” message on the bottom right corner of log-in screen:


Microsoft allows Windows faithfuls to have 2 options: Get Genuine or Resolve Later. Click on Resolve Later will temporarily bypass the notification and let you login into and use Windows nagged with notification icon and messages, which will randomly appear as balloon notification message with an icon in the notification area (system tray).


Clicking on the balloon notification or the notification area icon will lead you to the Windows Genuine Advantage Validation Failure Web page that contains the specifics of the validation failure and the steps that you can take to make the operating system genuine.

To get rid of the WGA notifications that intends to remind you that your Windows is not validated, you can buy a validly licensed copy of genuine Microsoft Windows.

Update: Bypass WGA Validation with Crack or Hack and Disable WGA Notifications Warning Message Workarounds

Latest Version: 1.5.554.0 on October 2006 (distribute to some computers with no known roll-out pattern), 1.5.708.0 on September 2006 (distribute to whoever wants to download from Microsoft Download Center), 1.5.540.0 on 28th June 2006, 1.5.532.2 on 6th June 2006, 1.5.532.0 on 30th May 2006, 1.5.530.0 on 23rd May 2006, 1.5.526.0 on 26th April 2006.

More information on WGA Validation Tool (KB892130) and WGA Notifications (KB905474) which install LegitCheckControl.dll, WgaLogon.dll and WgaTray.exe.

With new release of WGA, some methods no longer works, and some has been updated. Several methods that has certain success on certain people, you may try until you success.


First Method

  1. Lauch Windows Task Manager.
  2. End wgatray.exe process in Task Manager.
  3. Restart Windows XP in Safe Mode.
  4. Delete WgaTray.exe from c:\Windows\System32.
  5. Delete WgaTray.exe from c:\Windows\System32\dllcache.
  6. Lauch RegEdit.
  7. Browse to the following location:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows NT\CurrentVersion\Winlogon\Notify
  8. Delete the folder ‘WgaLogon’ and all its contents
  9. Reboot Windows XP.

Note: With this method, you may be prompted to install WGA Notifications again which can still be unselected.

Second Method

Another alternative suggested by dman is by using System Restore to restore the PC to a previous restore point that WGA Notifications hasn’t kicked in, and then carefully stop KB905474 from been applied to the system. To use System Restore, go to Start -> All Programs -> Accessories -> System Tools -> System Restore.

Note: Again, you may be prompted again to install WGA Notification, so it must be bypassed.

Third Method updated

This method involves using a cracked version of LegitCheckControl.dll to replace the original copy of LegitCheckControl.dll, and thus bypass the WGA validation and make Microsoft believes that your copy of Windows is genuine. To get rid of WGA Notifications warning messages, the patched version of WgaLogon.dll and WgaTray.exe to replace the existing files.

To apply the patch by replacing the files manually, try to end the respective processes in the Task Manager before deleting the existing files. Most likely is you will have to restart your PC in Safe Mode in order to replacing the original copy of LegitCheckControl.dll and related files. However, there has been automatic updater and even cracked WGA installer that automatically apply the patched version of WGA files.

How to Find and Change Windows Product Key and Registration Information

6:05 PM No Comments
Magical Jelly Bean Keyfinder is freeware utility by which you can you do the following:
Find your Windows 95, 98, ME, NT4, 2000, XP, Server 2003, Windows Vista product keys.
Find your Windows 95, 98, ME, NT4, 2000, XP, Server 2003, Windows Vista registration information.
Change your Windows 95, 98, ME, and XP product key. (Windows 2000, 2003, NT4 and Vista supported)
Change your windows registration information.
Find your Microsoft Office 97, Office XP, and Office 2003 installation key. (Office 2000 not supported).

The screenshots provided below illustrate the process of changing your windows product key and registration information.


Is this software legal?
Yes this legal because Microsoft itself has knowledge base article which describes how to change your windows key and provides the script for this process. This freeware utility utilizes those scripts.

You can download this freeware (File Size: 260Kb):Download 1
Download 2

Disclaimer:
Certain antivirus software like Mcafee and Nod32 consider this file as spyware and delete it, but this file is absolutely harmless you can go ahead and try it.

Thursday, June 18, 2009

XP expires

5:43 PM No Comments

To reduce instances of "casual copying" (a nice name for software piracy), Microsoft has implemented a two-stage antipiracy scheme in its upcoming OS. The first stage is the installation and registration counter: this lets you install Windows XP only five times on the same system. (Note that you'll be able to install the final version of XP on only one machine, as opposed to the current beta, which can be installed on five machines for testing purposes.) The second stage creates a profile of the system to prevent you from reinstalling or registering the OS on different PCs.

To make this scheme work, you must activate your copy of Windows--over the Internet or by calling for an activation code--within 30 days of installation. Activation differs from a classic registration process in that no personal information is requested by or sent to Microsoft, just a record that a specific copy of Windows XP is installed on your specific PC. If you fail to activate your copy of the OS within 30 days, your login will fail. (Since XP is based on Windows NT-like privilege levels, you can't use your computer until you log on.)

Microsoft says the scheme should not prevent you from reinstalling your copy of XP on your PC as many times as you need to, as long as it's the same PC or close to it, allowing for some hardware changes. It's the "some" that has most folks worried. In theory, you might have to reactivate your OS if you upgrade significantly or swap out a lot of components because XP might think it's running on a new PC. So far, Microsoft isn't saying what system information the OS uses to determine the "same PC or close to it" status. That means we don't know to what degree you can upgrade your hardware before you cross the invisible line. We also don't know how much, if any, personally identifiable data Microsoft is gathering from your PC.

Microsoft says you can, of course, change at least one and possibly several hardware components--RAM, video or sound cards, CPUs, motherboards, and so on--without having to reactivate your OS. But if you try to reinstall your copy of Windows XP on what Microsoft calls a "different or significantly upgraded or changed PC" (again, the company declined to specify how different), the activation will most likely be rejected, requiring you to call Microsoft to explain and get a new (free) activation code.

Microsoft plans to set up a new call center for U.S.-based customers to expedite activation issues. Many non-U.S. customers will likely have to go through the existing, shared Microsoft technical support lines they currently use. Microsoft says it expects only 2 percent of the total installed base of Windows XP to have to reactivate the OS. Whether the anti-piracy initiative will present problems for consumers or result in fewer upgrades to XP remains to be seen. Remember, the final release is at least a few months off.

Subscribe to: Posts (Atom)