Kategori: Uncategorized

Publicerat

Active Directory Roles (FSMO)

Kontrollera vilka servers som har rollerna nu görs enklast med detta kommando

netdom query fsmo (2008r2)

Domain naming operations master
”Ensures that domain dames are unique.
Only one Active Directory Domain Controller in the enterprice has this role”

Finns under ”Active Directory Domains and Trust” högerklicka på rooten och välj operationmasters för att ändra.

RID
”Manages the allocation of RID pools to other Domain Controllers.
Only one Active Directory Domain Controller in the enterprice has this role”

Finns under ”Active Directory Users and Computers” högerklicka på rooten och välj operationmasters för att ändra.

PCD
”The operatios master emulates the functions of a primary Domain Controller (PDC) for pre win2000 clients”
Only one Active Directory Domain Controller in the enterprice has this role”

Finns under ”Active Directory Users and Computers” högerklicka på rooten och välj operationmasters för att ändra.

Infrastructure
”The infastructure ,aster ensures consistency of objects for inter-domain operations
Only one Active Directory Domain Controller in the enterprice has this role”

Finns under ”Active Directory Users and Computers” högerklicka på rooten och välj operationmasters för att ändra.

Schema Master Role
Behöver ”registreras” för att kunn hanteras, dvs finns inget admin verktyg annars…
Detta görs med ”regsvr32 schmgmt.dll”
run mmc och addera ”Active Directory Schema”
Flytta som vanligt…

GC
Kan och bör finnas fler.

 

Publicerat

Batch…

Samlingspost för batch syntaxer… (glömmer dem ju hela tiden)

% Parametrar…

”%0” är parameter noll i en batch, dvs namnet på batch filen själv.

Man kan filtrera den info med följande
d=drive
p=path
n=name
x=extension

Ex.´┐¢
%~dpnx0 = Namnet på batchfilen med extention
%~dp0 = Namnet på sökvägen där batchfilen finns

Exempel på nyttjande: Kopierar in filerna från det share man stog i eller katalog till c:\install och startar setupfilen.
Set dest=c:\install
md %dest%
md %dest%\office
xcopy %~dp0*.* %dest%\office /e /y
start %dest%\office\setup.exe

xcopy /Q /E /I Source DEST\%date%–%time%:~-11,9%%time:~-8,-6%%time:~-5,-3%

 

Backup med 7-zip

”c:\program files\7-zip\7z.exe” a backup.7z >nul
copy backup.7z I:\backup%date%–%time:~-11,-9%%time:~-8,-6%%time:~-5,-3%.7z
del /q backup.7z

 

Publicerat

Fixa TS users problem med Flash

TS Servern fungerar bäst om ingen är inloggad när detta sker..
1. Logga in som admin på Servern
2. Leta reda på filen ”flash10e.ocx”
Sök vägen brukar vara: C:/Windows/System32/Macromed/Flash/Flash10e.ocx
OM inte kolla var den finns alt installera om.
4. Start kör cmd.exe
5. Sätt TS servern i install mode med
Change user / install
6. Kör kommandot nedan för att omregistrera OCXerna :
RegSvr32 C:/Windows/System32/Macromed/Flash/Flash10e.ocx

7. Sätt TS Servern i execute mode igen:
Change user / install

Publicerat

Uninstall trendMicro client – scripted

 

Cool

UT.cmd

  For32-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro
For 64-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6232Node\TrendMicroWorryFree7
[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\UniClient\1600\Misc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6232Node\TrendMicro\UniClient\1600\Misc.] (Probably!) 

Worry free 7 – Automatic uninstallation script x86/x64

REQUIRES UAC ELEVATION !!!!!! aka do run as admin….

———————————–
echo Windows Registry Editor Version 5.00 >%temp%\T.reg
if %PROCESSOR_ARCHITECTURE%==x86 echo [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\UniClient\1600\Misc.] >>%temp%\T.reg
if %PROCESSOR_ARCHITECTURE%==AMD64 echo [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6232Node\TrendMicro\UniClient\1600\Misc.] >>%temp%\T.reg
echo ”NoPwdProtect”=dword:00000000 >>%temp%\T.reg
echo ”Unload_Pwd”= >>%temp%\T.reg
echo ”AllowUninstall”=dword:00000001 >>%temp%\T.reg
echo ”Uninstall_Pwd”=”” >>%temp%\T.reg

regedit /S %temp%\t.reg
msiexec /x {0A07E717-BB5D-4B99-840B-6C5DED52B277} /q /passive

———————————-

uninstall guiden finner man under ”Wolfie” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
Publicerat

Check .net framework version

 

.NET Framework

Klipp in detta script i adressfältet på explorer…

javascript:alert(navigator.userAgent)

Snabb koll kan man göra i följande mapp: %systemroot%\Microsoft.NET\Framework

dir %WINDIR% \Microsoft.Net\Framework\v*

.Net Framework History

  • .NET Framework 1.0 Beta 1 v1.0.????.0 on Nov 2000
  • .NET Framework 1.0 Beta 2 v1.0.2914.0 on Jun 2001
  • .NET Framework 1.0 RTM v1.0.3705.0 on Jan 2002
  • .NET Framework 1.0 SP1 v1.0.3705.209 on Mar 2002
  • .NET Framework 1.0 SP2 v1.0.3705.288 on Aug 2002
  • .NET Framework 1.0 SP3 v1.0.3705.6018 on Aug 2004
  • .NET Framework 1.1 RTM v1.1.4322.573 on Apr 2003
  • .NET Framework 1.1 SP1 v1.1.4322.2032 on Aug 2004
  • .NET Framework 1.1 SP1 v1.1.4322.2300 on Mar 2005 (Windows 2003)
  • .NET Framework 2.0 RTM v2.0.50727.42 on Nov 2005
  • .NET Framework 3.0 RTM v3.0.4506.30 on Nov 2006
  • .NET Framework 3.5 Beta 1 v3.5 on Apr 2007
  • .NET Framework 3.5 Beta 2 v3.5 on Jul 2007
  • .NET Framework 3.5 RTM v3.5on Nov2007
  • .NET Framework4.0 Beta 1 v4.0 onMay 2009
  • .NET Framework4.0 Beta2 v4.0 onOct 2009
  • .NET Framework4.0RC v4.0 onFeb 2010
  • .NET Framework4.0RTM v4.0 on????

 

Versions of the .NET Framework

The released versions of the .NET Framework have the following version information.

.NET Framework version Revision Version
3.5 Original release 3.5.21022.8
3.5 Service Pack 1 3.5.30729.1
3.0 Original release 3.0.4506.30
3.0 Service Pack 1 3.0.4506.648
3.0 Service Pack 2 3.0.4506.2152
2.0 Original release 2.0.50727.42
2.0 Service Pack 1 2.0.50727.1433
2.0 Service Pack 2 2.0.50727.3053
1.1 Original release 1.1.4322.573
1.1 Service Pack 1 1.1.4322.2032
1.1 Service Pack 1 (Windows Server 2003 32-bit version*) 1.1.4322.2300
1.0 Original release 1.0.3705.0
1.0 Service Pack 1 1.0.3705.209
1.0 Service Pack 2 1.0.3705.288
1.0 Service Pack 3 1.0.3705.6018
Publicerat

HOWTO: Update Linksys PAP2 Firmware

PAP2 Firmware Update

Easiest way to do this is via the ”upgrade URL,” the syntax for which is https://IPofPAP2/admin/upgrade?protocol://IPofServer/pathto.bin where [protocol] is http or tftp.

So, pasting ”https://192.168.2.20/admin/upgrade?https://192.168.2.10/spa.bin” into your browser would tell the PAP2 at 192.168.2.20 to download and install the firmware bin file located at https://192.168.2.10/spa.bin.

Please note binx is evidently NOT supported name syntax…. just rename it to bin…

Publicerat

Vista/Win7 Virtual Store

File System and Registry Virtualization

As mentioned previously, many legacy Windows applications were created so you could access parts of the file system and registry that are now locked in Windows Vista, and many of these applications are not being immediately updated. However, Microsoft has devised an interesting solution within Windows Vista to provide backward compatibility so that legacy software still works.

If legacy applications attempt to access protected portions of the file system and registry without the proper permissions, UAC virtualization services silently redirect read and write operations from protected portions of the file system and registry to unprotected user-specific locations. This process is transparent to legacy software and occurs automatically.

Virtualization Example

For example, take a legacy software application that attempts to write to a configuration INI file located in:

C:\Program Files\<application>\Setup.ini

Windows Vista automatically detects that you do not have permission to save to that location. Windows Vista then copies the file (if it already exists) to:

C:\Users\<your_account>\AppData\Local\VirtualStore\Program Files\<application>\Setup.ini

Windows Vista then allows the write operation to succeed at the new file in the VirtualStore folder. Subsequent read and write operations for that file will always use the file copy located in the VirtualStore folder. However, the application will continue to believe that it is accessing the Program Files directory

For most cases this solution is sufficient, but it is not perfect. Data that the application thinks is globally accessible now becomes private to the user and almost invisible to other applications unless they also have virtualization enabled (typically only other legacy applications). Some applications will see one file, and some the other. If the application later tries to delete the INI file, the delete will appear to succeed, yet the file will still exist in the Program Files directory and remain visible to the application. If it retries the delete, an access denied exception will be thrown.

Although the majority of legacy applications run with virtualization, it is a short-term measure, not a long-term solution. Microsoft has already warned that you should not depend on virtualization being a part of future Windows releases after Windows Vista.

Publicerat

Secure TS 2003

Use Active Directory Users and Computers to create a new organizational unit (OU). Right-click the OU, click Properties, and then on the Group Policy tab, click New Policy. Edit this policy with the following settings:
[Computer Configuration\Admin Templates\System\Group Policy]

Enable the following setting:
User Group Policy loopback processing mode
[Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options]

Enable the following settings:
Do not display last user name in logon screen
Restrict CD-ROM access to locally logged-on user only
Restrict floppy access to locally logged-on user only
[Computer Configuration\Administrative Templates\Windows Components\Windows Installer]

Enable the following setting, and set it to Always:
Disable Windows Installer

Note The default setting for Disable Windows Installer prevents any non-managed applications from being installed by a non-administrator. Setting Disable Windows Installer to Always may prevent some of the newer updates from Windows Update from being applied. Therefore, we recommend that you only set Disable Windows Installer to Always if there is a specific need or an identified threat that you must address.
[User Configuration\Windows Settings\Folder Redirection]

Enable the following settings:
Application Data
Desktop
My Documents
Start Menu
[User Configuration\Administrative Templates\Windows Components\Windows Explorer]

Enable the following settings:
Remove Map Network Drive and Disconnect Network Drive
Remove Search button from Windows Explorer
Disable Windows Explorer’s default context menu
Hides the Manage item on the Windows Explorer context menu
Hide these specified drives in My Computer (Enable this setting for A through D.)
Prevent access to drives from My Computer (Enable this setting for A through D.)
Hide Hardware Tab
[User Configuration\Administrative Templates\Windows Components\Task Scheduler]

Enable the following settings:
Prevent Task Run or End
Disable New Task Creation
[User Configuration\Administrative Templates\Start Menu & Taskbar]

Enable the following settings:
Disable and remove links to Windows Update
Remove common program groups from Start Menu
Disable programs on Settings Menu
Remove Network & Dial-up Connections from Start Menu
Remove Search menu from Start Menu
Remove Help menu from Start Menu
Remove Run menu from Start Menu
Add Logoff to Start Menu
Disable changes to Taskbar and Start Menu Settings
Disable and remove the Shut Down command or Remove and prevent access to the Shut Down command

Note In Windows 2000, this setting is named Disable and remove the Shut Down command. In Windows Server 2003, this setting is named Remove and prevent access to the Shut Down command.
[User Configuration\Administrative Templates\Desktop]

Enable the following settings:
Hide My Network Places icon on desktop
Prohibit user from changing My Documents path
[User Configuration\Administrative Templates\Control Panel]

Enable the following setting:
Disable Control Panel
Important When you enable this setting, you prevent administrators from installing any MSI package on to the Terminal Server, even if the explicit Deny is set for the Administrator account.
[User Configuration\Administrative Templates\System]

Enable the following settings:
Disable the command prompt (Set Disable scripts to No)
Disable registry editing tools
[User Configuration\Administrative Templates\System\Logon/Logoff]

Enable the following settings:
Disable Task Manager
Disable Lock Computer
For more information about how to lock down Windows Server 2003 Terminal Server Sessions, visit the following Web site:
https://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en (https://www.microsoft.com/downloads/details.aspx?FamilyID=7f272fff-9a6e-40c7-b64e-7920e6ae6a0d&DisplayLang=en)
The Dsacls.exe tool
Dsacls.exe is a command-line tool that you can use to query the security attributes and to change permissions and security attributes of Active Directory objects. It is the command-line equivalent of the Security tab in the Windows Active Directory snap-in tools such as Active Directory Users and Computers and Active Directory Sites and Services. You can use Dsacls.exe to lock out Terminal Services end-users from files and folders on a Windows Server 2003-based computer or a Microsoft Windows 2000-based computer.

For more information about how to use the Dsacls.exe tool (Dsacls.exe) to manage access control lists (ACLs) for directory services in Windows Server 2003 and Microsoft Windows 2000 Server, click the following article number to view the article in the Microsoft Knowledge Base:
281146 (https://support.microsoft.com/kb/281146/ ) How to use Dsacls.exe in Windows Server 2003 and Windows 2000