Deploying Vista with WDS

I've just finished rolling out Vista workstations with WDS (Windows Deployment Services) an I ran into a couple of problems which were easy to fix. All in all I have to say it's a big step up from RIS, especially the way you can manage your drivers.

WDS will support Windows XP clients in the mixed mode, but then you are stuck with the old RIS and RipRep methods. The new method is Vista only!

Installing WDS:
You will need a Windows 2003 server to run WDS. If you have already installed RIS on this server you need to install the WDS update. You can find the Windows Deployment Services hotfix in the WDS folder of the WAIK download image.

WDS is a part of Windows 2003 SP2 so for a clean install you will install Windows 2003 SP2 and select WDS in Add/Remove Windows components.

WDS supports two modes:
- Mixed. Supports RIS-style images and WIM image formats using both the old OSChooser-style boot menu and Windows Preinstallation Environment (WinPE).
- Native. Supports WIM images only via PE boot OS.

Open the WDS console and right click on your server, choose configure server and you will be presented with a wizard which will set up the path to store files and the DHCP options.

Add the first Windows image:
After installing WDS you will need to add the first Windows image. To add a new Vista image, expand the server in the WDS console window, right-click on Install Images and select Add Install Image. If there are no Image Groups defined, you’ll be prompted to create one.

WDS looks for a .WIM file which contains the version of Windows you want to install. On the Vista DVD you can find the file in \SOURCES\INSTALL.WIM. Browse to this file and select the verstion you want to deploy:



Now you need to add a Boot Image. Right click on Boot Images and select Add Boot Image. Choose the \SOURCES\BOOT.WIM file as the image source. Right click on the server in the WDS console and click Properties. Select the Boot tab and choose select the boot image and click OK. Don't forget to restart WDS.

That's it! Start a PC with PXE (Most PC's use [F12] to select this mode.) and choose the image you want to install in the PE shell. In my next post I will be discussing customization of the Windows images and creating answer files.

More info:
Deploying WDS Update on Windows Server 2003
Deploy Vista from WDS

New name and logo...

You may have noticed I've changed the name of my blog and added a new logo. You can now also reach my blog via: www.electronicsamurai.com.

Restrict your server to specific countries...

I'm running a SSH server at home to allow me to connect to my computers when I'm away from home. This server is attacked regularly and I don't like it!

Even though I use keys based authentication and no one has successfully compromised my server I'd like to see what can be done about this.

I'm thinking about only allowing IP's from my country (the Netherlands) to connect. Using this site I was able to download a list with all the netblocks in NL. Surprise! There are so many small netblocks in there setting them all up is out of the question.

When I would allow 24.x.x.x, 62.x.x.x-93.x.x.x and 129.x.x.x-217.x.x.x I would allow most of the internet again.

An interesting blog post on NEOHAPSIS.

I'll let you know when I know more.

Exchange 2007 for lazy 2003 admins...

Just finished my third Exchange 2007 migration and now I have some pointers I'd like to share with you.

Installation:
Run the Exchange Readiness check before you make an estimate about the amount of work. Exchange makes fairly large changes to your AD and the setup will fail on any issues with the AD.

Make sure you have installed .NET 2.0 and the latest update updates and PowerShell. Also you need to install WWW and IIS common files. Copy the installation files to harddisk before running the setup. The setup from CD fails regularly.

If you are installing on a DC make sure your new server is a GC. Make sure the server is able to contact the DC's it needs by FQDN and by servername. (Especially the schema master.)

You can install Exchange from the command line, first run setup /preparead and setup /preparedomain. Then for a default install, with all normal modes and legacy support (Public Folders) run setup /mode:install /roles:HT,CA,MB,MT /enablelegacyoutlook.

Finalize installation:
- Open Management Console, enter the productkey.
- Open "Organisation Configuration", "Send Connectors" and create a new send connector. Address Space: *, Source Server: this server and use DNS to route mail.
- Open "Server Configuration", open properties for "Default Servername", open "Permission Groups" tab and enable "Anonymous Users". This enables inbound mail flow to this server.

On your old Exchange server:
- Replicate Public Folders, especially Free/Busy if you are going to support older Outlook clients. Check replication with Get-PublicFolderStatistics in PowerShell.

Frequently used CmdLets:
Some configuration work for Exchange 2007 is done in PowerShell. Here are some usefull CmdLets:

Grant a user full permissions on the mailbox DB, for backup or ExMerge:
Add-ADPermission -Identity "Mailbox Database" -User "Domain\Administrator" -extendedrights send-as,receive-as

Grant a user full permissions on all mailboxes:
Get-Mailbox | Add-MailboxPermission -user "Domain\Administrator" -AccessRights FullAccess

More to come!

Kixtart scripting...

Hi, just wanted to post something to show I'm still alive. I've talked about Kixtart before, a scripting language which is great for Windows login scripts. You can do all sorts of neat stuff with group membership and other system variables.

Because I had nothing better to do I decided to make a silly script which only looks cool. Kinda. In this post on the Kixtart forums I showed this little experiment of mine. I was trying to replicate the Matrix digital rain effect, you decide if I succeeded.


It sort of started a small riot because of the quick and dirty GOTO's I used. Some time later a couple other people built their versions of the digital rain script which were quite incredible. (Multi threading, hiding secret messages in the code.)

Check it out!

Remote support through firewalls for free!

You know how it is, you are on the phone explaining something to a user and you really, really, reaaaaaaaally would like to take over their screen. There are a lot of commercial products to set this up but I have found a free alternative: ShowMyPC.



The tool has a nice simple process for setting up the connection explained here. Some Virusscanners and Vista may give a security warning which can be ignored. The connection is setup via SSL (Port 443) so it should work for most users.

You can even set up your own SSH server if you are concerned with security,

Portable Applications

It's been a little while since my last post, but here's something I would like to share with you:

Portable Apps should be familiar if you have visited my blog before, if not it is a collection of tools you can install on your memory stick to take them everywhere you go. Portable Freeware is another collection of these kind of tools.

But why would you only use these tools on a memory stick? I make more and more use of these tools on my laptop and home system for several reasons:

- Settings are stored with the application
- The registry is kept clean
- Application conflicts are less frequent
- Applications can be moved between systems more easily
- After reinstalling your system, your applications immediately work

Try it!

Open Source software and how to find it...

I'm currently reinstalling my own PC at home. One of the tools I use which isn't open source is (or was) Nero Burning Rom. I wondered if there was any good open source software out there and stumbled upon osalt.com.

They pointed me to InfraRecorder which works just fine for me.

Bye bye Nero!

More cool software

In a previous post I talked about some of the software I use regularly. As you may have noticed I am a firm believer in open source software, especially when it needs to be secure.

A good example is some of the software included with USB sticks for encryption (Article in dutch) (*) Which was fairly easy to crack. With a well known open source tool like TrueCrypt there is a smaller chance this will happen as there are many people who have looked at the source code.

Anyway, to the tools:

Internet:
I use Putty and Cygwin SSHD to set up a secure connection to my computer at home. With tunneling I am able to use RDP to connect to the Windows desktop.

For FTP and SCP I like to use WinSCP.

To surf on public networks I sometimes use Tor which guarantees your anonymity on the internet. (Never use the tool to open anything that uses cleartext passwords!)

Security:
KeePass is a small tool I use to store my passwords. The tool runs on Windows, Linux, Palm and Pocket PC which is great!

As I said I use TrueCrypt to store privacy sensitive files on my laptop and USB sticks.

Utilities:
When there's some software I want to test I like to use Virtual PC or VMWare to make sure my system is not screwed up. You might want to try Sandboxie when virtualisation is not your thing.

(*) I just found the same article in english, here and here.

80 bucks for LTO barcodes? WTF?

I got a brand new HP Autoloader with bar code reader. Very cool since I would no longer need to label the tape and label the tape in the backup program. You can probably imagine my astonishment when no labels were included. No problem... I'll just order a pack HP Q2008A... WTF? 75 euro's?

No way am I gonna pay that amount of money for a piece of paper. There has to be a way I can create my own. I checked the Quantum specs and this shouldn't be a problem. The labels use code 39 barcode encoding. They also specify the allowed characters (8 alphanumeric ending with L1 for LTO1, L2 or L3 for LTO3) for instance 000001L3 or WED001L3.



Ok, that is a start. So how am I going to generate the barcodes? Google is my friend and found me this site.

After some trial and error I discovered these settings work best:



Now all you need to do is create some barcodes and print them on label paper. Make sure you align the labels in the center of the space for labels like this:



In the picture above you can see where you can place the text label.

Cool software (Mostly free)

In this post I'd like to tell something about the software I use for work and play. Most of the software I use is either Open Source or Freeware. I don't mind paying for software, it's just that there is so much good free software around I don't need to. Also most of the developers of Open Source or Freeware are happy with your input on bugs or things you would like to change. In some cases you can make the changes yourself. (If you know what you are doing. ;-))

Internet:
- MSN Messenger, Hotmail and some Google stuff: Calendar, Docs and Reader. I sync my Windows Mobile PDA to Google Calendar using ActiveGcSync. Speaking of which, pRSSreader is the RSS reader on my PDA.

Utilities:
- The file compression utility I use is IZarc, this program supports compression in most current formats it is very small and fast.
- Audio editing in Audacity.
- Image editing in GIMP.
- Video compression in MediaCoder.
- Videoplayer for troublesome files and the tool I use to play TV over the internet: VLC.
- Port scanning in Windows with SuperScan.

Laptop stand for a buck and a half

Working on a laptop can cause some discomfort. I didn't want to spend money on a commercial laptop stand so I built my own. I made mine from 2 pieces of flat aluminium bent into an L-shape, and screwed them together. I put some electrical tape on there to prevent scratches:



If you want to work with your laptop you fold open the stand like this:



It works great!:

Fun with command line variables

Some time ago I needed to set up a log rotation, renaming an existing log file to the current time and date. The thing is dutch dates use a comma and you can't have that. I needed a way to cut the time and date variables in pieces and create my own time and date notation.

I could have used some tools but I like to use the standard Windows tools. I decided to use the set command which has some nice operators:

Set the variable hour to the first 2 characters of the time (offset 0):
set hour=%time:~0,2%

Set the variable minute to the 4th and 5th characters of the time (offset 3):
set minute=%time:~3,2%

Set the variable seconds to the 6th and 7th characters of the time (offset 6):
set second=%time:~6,2%

Then add everything together: copy logfile "C:\Logfiles\%hour%.%minute%.%second%.log"

I just realised that you don't even need to store the hours, minutes and seconds in termporary values. The command copy logfile "C:\Logfiles\%time:~0,2%.%time:~3,2%.%time:~6,2% works just as nice!

Customize RDP connection files

Hi, I'm just back from a vacation in Valloire, FR check it out! Anyways, I promised myself to keep putting cool stuff here, so here we go...

You probably know you can save a remote desktop connection to a file, but have you ever wondered what's in there? Well, just open it up with notepad shall we?

screen mode id:i:1
desktopwidth:i:800
desktopheight:i:600
session bpp:i:16
auto connect:i:1
full address:s:192.168.1.12
winposstr:s:0,3,60,5,1700,1120
password 51:b:01000000D08C9DDF0115D1118C7A....
compression:i:1
keyboardhook:i:2
audiomode:i:2
redirectdrives:i:0
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
displayconnectionbar:i:1
username:s:Administrator
domain:s:AKA
alternate shell:s:
shell working directory:s:
disable wallpaper:i:1
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:1
bitmapcachepersistenable:i:1

The server you are connecting to is set by "full address". Your username and password are set in "username" and "password 51". Please note the password is encrypted for use by the currently logged in user.

With "desktopwidth" and "desktopheight" you can specify the size of the window. You can tweak the RDP session's size to your liking. You can specify the place of the session window on the local screen with "winposstr".

You can find a lot more info here and here.

Run VNC and RDP from hyperlinks

It looks like Google has finally spidered my new blog so I hope to get some more visitors soon. ;-)

Anyways, just wanted to share a handy way to connect to RDP and VNC servers. If you, as I do, use tools like Nagios to monitor my servers, wouldn't it be easy if you could just click a link to start the VNC or RDP connection? Well, you can:

Save the following text as C:\Windows\RDP.js:

var destination=(WScript.Arguments(0))
var search='rdp://'
var rdpexe='C:\\WINDOWS\\system32\\mstsc.exe'
//WScript.Echo(destination)
destination=destination.replace(search, '')
destination=destination.replace('/', '')
var ws = new ActiveXObject("WScript.Shell")
//WScript.Echo(rdpexe + " /v:" + destination)
ws.Exec(rdpexe + " /v:" + destination)

Save the next piece as RDP.reg:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\rdp]
@="URL:Remote Desktop Connection"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\rdp\DefaultIcon]
@="C:\\WINDOWS\\System32\\mstsc.exe"
[HKEY_CLASSES_ROOT\rdp\shell]
[HKEY_CLASSES_ROOT\rdp\shell\open]
[HKEY_CLASSES_ROOT\rdp\shell\open\command]
@="wscript.exe C:\\WINDOWS\\rdp.js %1"

Double click and presto! When you click something like rdp://192.168.0.1 you will be connected to that server by RDP.

VNC is not much more difficult, edit the following text to point to your VNC and save as C:\Windows\VNC.js:

var destination=(WScript.Arguments(0))
var search='vnc://'
//Modify the path to VNC Viewer!
var vncexe='D:\\Apps\\VNC\\vncviewer.exe'
//WScript.Echo(destination)
destination=destination.replace(search, '')
destination=destination.replace('/', '')
var ws = new ActiveXObject("WScript.Shell")
//WScript.Echo(vncexe + " " + destination)
ws.Exec(vncexe + " " + destination)

Save the next piece of text as VNC.reg and doubleclick:

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\vnc]
@="URL:VNC Connection"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\vnc\DefaultIcon]
@="C:\\WINDOWS\\System32\\mstsc.exe"
[HKEY_CLASSES_ROOT\vnc\shell]
[HKEY_CLASSES_ROOT\vnc\shell\open]
[HKEY_CLASSES_ROOT\vnc\shell\open\command]
@="wscript.exe C:\\WINDOWS\\vnc.js %1"

Time sync issues

Damn, damn, dammit! Just finished time synching some servers in seperate networks and if I had these tools before it would have taken half my time.

First the tool I used to diagnose the problem and check which servers were in sync: NTPmonitor.



Then I used this document to setup the server to use NTP sources and synced everything to a reliable NTP source.

Of course I used a stratum 2 source as these servers will not be available to the public. Use your preferred search engine to find public NTP servers.

Get all SUS or WSUS updates

So, you use SUS or WSUS to update your workstations? What if you wanted to quickly update a new system with the latest patches?

You could use a little script like this:

@echo off
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\
WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\
WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\
WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

If Windows Update 3.0 is not installed on this system you may need to run the script and wait until the system wants to reboot. Then you run the script again.

Automatically install networkprinters on a Windows server

Another day, another blog entry!

Say: you want to install all the network printers on a Windows server to a workstation. One very easy way to do this is to use KiXtart. This is a very powerful scripting tool which you can run on Windows.

Install kix32.exe in the netlogon folder and run kix32.exe printers.kix from your login script.

You need to change the following script to the printers you want to use and save the script as printers.kix into the netlogon folder:

cls
Dim $printers[10]
$printers = "\\SERVER01\Printer 1","\\SERVER01\Printer 2","\\SERVER01\Printer 3"

$X = KeyExist("HKEY_CURRENT_USER\Software\Terminator")
If not $X
$X = AddKey("HKEY_CURRENT_USER\Software\Terminator")
Endif

$Y = ReadValue("HKEY_CURRENT_USER\Software\Terminator", "1")
If not @ERROR = 0
$loop=10
while $loop > 1
DelPrinterConnections ()
$loop=$loop - 1
loop
$Y = WriteValue("HKEY_CURRENT_USER\Software\Terminator", "1", "1", "REG_SZ")
If @ERROR = 0
Endif
Endif

For Each $Element In $printers
if AddPrinterConnection ("$Element") = 0
? $Element " was installed!"
endif
Next

function DelPrinterConnections()
dim $c,$bk,$conn
$c=0
$bk="HKEY_CURRENT_USER\Printers\Connections"
$conn=enumkey($bk,$c)
while @error=0
$c=$c+1
$conn=delkey($bk+"\"+$conn)
$conn=enumkey($bk,$c)
? "Networkprinter removed..."
loop
endfunction

This script will remove all old networkprinters an install \\SERVER01\Printer 1, \\SERVER01\Printer 2 and \\SERVER01\Printer 3. It will also change a value in the registry so this script will not change anything until you want it to. This way, if a user has selected a default printer it will not be changed on every logon.

Also you could expand the script to install specific printers for specific users, workstations or even IP adress ranges.

Cool options of the FOR command

The for command allows you to do a lot of cool stuff.

This is what most people use this command for, do stuff for some files or folders in a specific location.

for /D %%v in (*.*) do echo %%v

But did you know you can use this command to interpret comma delimited (csv) files?Display input.txt line by line:

for /F %%v in (input.txt) do echo %%v

Display 3 seperate values delimited by comma's

for /F "tokens=1-3 delims=," %%v in (input.txt) do echo %%v - %%w - %%x

Display first and third value

for /F "tokens=1,3 delims=," %%v in (input.txt) do echo %%v - %%w

Skip line 1

for /F "tokens=1-3 skip=1 delims=," %%v in (input.txt) do echo %%v - %%w - %%x

Why is this cool? Well, you could use it to generate homedirs for users, share the folder and grant the right permissions like this:

@echo off
if %1v==mv goto MAKE
for /F "skip=1 tokens=1" %%v in (users.csv) do call homedir3.cmd m %%v
goto end
:MAKE
md E:\Users\%2
net share %2$=E:\Users\%2 /grant:everyone,full
cacls E:\Users\%2 /E /G %2:C
:END

This script will interpret users.csv and create homedirs for all the users in there. The file uses the same layout as you would use with AddUsers. It even skips the first line so you don't need to change anything in here. You need to save the script as homedir3.cmd as it calls itself to really do something.

Snort/Squill virtual machine

I use Snort as an IDS for some of my clients. The setup of such a system is fairly time consuming which is why I was looking for a Live CD.

But I guess a virtual machine image is just as good. I found a nice one here.

System Information for Windows

Just found a very cool tool to get system information on a Windows system: SIW. This tool displays just about anything you need to know about CPU, disk, running process, sensors, etc.

Download: SIW

Applications and encrypted volume on a USB stick

People, stop spending money on U3 USB sticks! You can just as easily create a stick with your favorite applications and an encrypted volume yourself.

PortableApps is a website that hosts a very nice menu and apps configured to run from the stick. Now you can carry your favorite computer programs along with all of your bookmarks, settings, email and more with you. Use them on any Windows computer. All without leaving any personal data behind.

After installing PortableApps you can create an encrypted volume on your stick. First you need to download the tool we're going to use: TrueCrypt

After installing TrueCrypt you need to copy the following files to the root of your memory stick:

Truecrypt.exe
Truecrypt.sys
Truecrypt Format.exe (If you want to be able to add new volumes on the move.)

Create a TrueCrypt volume in the root of your memory stick, using TrueCrypt Format. I've named this volume data.tc, but you can choose another name. (Make sure you change the autorun.inf as well) Now edit autorun.inf in the root of your memory stick:

[Autorun]
label=My Stick

action=Start PortableApps
open=PortableApps\PortableAppsMenu\PortableAppsMenu.exe
icon=PortableApps\PortableAppsMenu\PortableAppsMenu.exe

action=Mount TrueCrypt Volume
open=truecrypt /v data.tc /lz /q /a /m rm /e

shell=mounttc
shell\mounttc=&Mount
shell\mounttc\command=truecrypt /v data.tc /lz /q /a /m rm /e

shell=dismounttc
shell\dismounttc=&Dismount
shell\dismounttc\command=truecrypt /dz /q

shell=runtc
shell\runtc=Run &TrueCrypt
shell\runtc\command=truecrypt

DVR2WMV alternative...

I use a Windows XP MCE PVR at home and is nice! but the video format Microsoft (DVR-MS) does not play on other media players like XBMC.

To solve this I used to run a little script that would use DVR2WMV to transcode all the files in the Recorded TV folder to WMV and remove the DVR-MS files. This was causing more and more issues, like sound dropping out and files becoming corrupt.

To solve the problem I looked into some other tools and found AutoDVRconvert on the "The Green Button" forums, and this tools seems to do the trick. It can do conversion to WMV and MPG. Not only does this tool work better, it also seems to run much faster, 5 minutes for an hour of video.

The install was causing some problems for me, and the documentation was not very clear so I'll explain.

1. Download AutoDVRconvert
2. Extract all the files to the Recorded TV folder, in my case "D:\Recorded TV"
3. Run register filters.bat in the Recorded TV folder
4. Start AutoDVRconvert and set up an input and output folder

You could configure AutoDVRconvert to delete the original if the conversion was succesful, I'm only going to do this when I am sure everything works fine.

High five!

Dial GPRS connection if no LAN is available

Yes, I know. You could use a commercial tool to acomplish the following: dial a GPRS connection whenever no LAN (Or WLAN) is available. I decided to brew my own little script to do this.

The VB script dials the RAS connection "GPRS" when the connection with the name "Local Area Connection" is not connected to a network. The script does not check if this LAN connects to the internet.

Dim Shell, Hell, GPRS

Set Shell = CreateObject("WScript.Shell")
strComputer = "."
GPRS = "0"

Do
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_NetworkAdapter Where NetConnectionID = 'Local Area Connection'")

For Each objItem in colItems
If objItem.NetConnectionStatus = 7 Then
If GPRS = "0" Then
' Wscript.Echo "LAN verbinding verbroken! Status: " & objItem.NetConnectionStatus
Shell.Run ("rasdial GPRS")
GPRS = "1"
End if
Else
If GPRS = "1" Then
' Wscript.Echo "LAN verbinding actief! Status: " & objItem.NetConnectionStatus
Shell.Run ("rasdial GPRS /DISCONNECT")
GPRS = "0"
End if
End if
Next
Wscript.Sleep 10000
Loop Until Hell="Freezes over!"

Devide your screen with GridMove

Wide monitors are cool, and very useful. You can, for instance, run Word on the main part of your screen and run Messenger in a small part to the side of the screen. (Like a sidebar)

GridMove is a free (Uh... Donationware) tool that allows you to do this quickly and easily.

http://jgpaiva.donationcoders.com/gridmove.html

Try it!

Rewrite EventID.net links (GreaseMonkey)

First things first, the script...

// ==UserScript==
// @name EventID.Net
// @include http://www.eventid.net/*
// ==/UserScript==

var allmskblinks,
thismskblink;
allmskblinks = document.evaluate(
'//a[@href="/subscribersonly.asp?feature=marticle"]',document,null,XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE,null);
for (var i = 0; i < thismskblink =" allmskblinks.snapshotItem(i);" href =" 'http://support.microsoft.com/kb/'+thismskblink.firstChild.nodeValue;

This script will allow you to click through the Mxxxxx links in EventID.net. You need to install the script in Greasemonkey for Firefox.

Firefox download: www.getfirefox.com
Greasemonkey download: greasemonkey.mozdev.org
Installing this script: http://greasemonkey.mozdev.org/using.html

You can download the script here.

Offline files hell

Man... Windows Briefcase sucked but Offline files isn't much better. Anyways... the tool you want is CSCCMD, part of the Windows 2003 RK. Download This enables you to move an offline folder to a new server, delete offline folders whicht don't work anymore and much more. You can find more info on this site: http://blogs.msdn.com/jonathanh/archive/category/6957.aspx
Btw.

I'm using ViceVersa (http://www.tgrmn.com/) for a lot of my clients now and this works great. You might also want to try Microsofts free SyncToy. If you know of better alternative please post in the comments!

Bring local network printers to your terminal server

So you have got a local network printer (Jetdirect, LPD, IP printing) which you would like to use on your terminal server? Here's a quick and dirty solution.

Enable File and printer sharing Share the local network printer Create a local printer on a free LTP port, say LPT3:, with the same drivers as the local network printer Open a command box and type net use LPT3: \\computername\sharename Test to see if the printer is added in your terminal server You need to be an admin on the terminal server to install new drivers. The "net use" should be persistent but if it doesn't work you might want to add a script in your startup folder.

Graphical Login in VNC

This creates a VNC server that does not require authentication for VNC. After connecting a loginbox is displayed so multiple users can login to their desktop on this server. This procedure is heavyly based on this site: http://linuxreviews.org/howtos/xvnc/

First you need to install and configure xinetd and allow xinetd to listen to external calls: open /etc/xinetd.conf Make the line a comment by adding a # in front of it: only_from = localhost

Open /etc/X11/xdm/xdm-config find DisplayManager.requestPort :0 and comment it out by inserting a ! at the beginning of the line.

The user nobody must have a valid shell assigned when using xdm. You will only get a gray screen when connecting to xdm if nobody has the default /bin/false set.

usermod -s /bin/bash nobody

Edit kdmrc

[Xdmcp]
Enable=true
Willing=/etc/X11/xdm/Xwilling
Xaccess=/etc/X11/xdm/Xaccess
Port=177

[X-*-Core]
AllowShutdown=None
AllowRootLogin=false

Optional: Edit /etc/X11/xdm/Xaccess and uncomment the line '* #any host can get a login window by removing the single quote '.

It is better to use 192.168.0.* or 127.0.0.1 than * for security.

Cut & paste the following lines to your /etc/services:

services.txt
vnc-1024x768x16 5900/tcp

Create a file called /etc/xinetd.d/xvncserver

service vnc-1024x768x16
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry 1024x768 -depth 16
}

Restart xinetd
/etc/init.d/xinetd restart

Start or restart the gdm/kdm/xdm service
/etc/init.d/xdm restart

You might want to enable xdm auto start, save this text as /etc/rc.d/init.d/xdm:

[XDM]
#!/bin/sh

# chkconfig: 234 60 60
# processname: /usr/X11R6/bin/xdm
# config: /etc/X11/xdm/xdm-config

# source function library
. /etc/rc.d/init.d/functions

[ -x /usr/X11R6/bin/xdm ] exit 0

prog=/usr/X11R6/bin/xdm

RETVAL=0

start () {
echo -n $"Starting $prog: "
# start daemon
daemon $prog
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/xdm
return $RETVAL
}

stop () {
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/xdm
return $RETVAL
}

restart () {
stop
start
RETVAL=$?
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $prog
RETVAL=$?
;;
restart)
restart
;;
condrestart)
[ -f /var/lock/subsys/xdm ] && restart :
;;
reload)
echo -n $"Reloading $prog: "
killproc $prog -HUP
RETVAL=$?
echo
;;
*)
echo $"Usage: $0 (startstoprestartcondrestartreloadstatus)"
RETVAL=1
esac

exit $RETVAL
[/XDM]

Exchange Administrator Permissions

If you are running an Exchange server and you need to manage users' mailboxes or need to run backups you will want to have full access to the users' mailboxes. In Exchange 5 or earlier you did this with the option "Show permissions page on all objects". In Exchange 2000 and 2003 the easiest way to do this is as follows:

1. Open regedit
2. Browse to HKCU\Software\Microsoft\Exchange\ExAdmin
3. Add Add a "ShowSecurityPage" DWORD value with a value of 1 to

Now you can remove the deny permissions on the organisation for the administrator, domain admins and exchange admins.

Office Administrative Installs

Real men don't click, or so I'm told, so why install Office by hand? You can deploy Office on a network by using a MSI install.

First make an administrative install point on your server by running setup.exe /a from the CD. It will ask you for a location to put the install and user and serial number details.

Now you want to include the latest servicepacks, download the FULL SP from the Microsoft site and extract the file: Office2003SP2....exe /C /T:D:\Temp. (Of course you need to change D:\Temp to the location you want to use.)

Install the update by running this command: msiexec /p D:\Temp\MAINSP2ff.msp /a "D:\MSI\Office 2003 NL\PRO11.MSI" SHORTFILENAMES=TRUE /qb

More details here: http://www.svrops.com/svrops/documents/officeupdate.htm

Welcome!

Hi, and welcome to my little place on the web. I am an IT professional and I desperately needed a place to put things I figured out earlier.