I needed to reset a forgotten administrator password on a Windows 7 PC the other day and used this oldie but goodie password reset CD (worked a treat). A very useful tool to have.
http://pogostick.net/~pnh/ntpasswd/
Over the last few months my colleague Jon has been providing me with some very useful Powershell snippets which I thought I’d share. A number of them require the Quest ActiveRoles Management Shell for Active Directory
Display Group memberships for a user.
(Get-QADUser username).MemberOf
Display the members of an Active Directory Group
Get-QADGroupMember "Groupname" | ft name,displayname -a
Bulk remove machine from Windows DNS
The text file contains a list on NetBios machine names.
gc computers.txt | %{dnscmd dnsservername /RecordDelete campus.ncl.ac.uk "$_" A}
Recuse through a Directory Structure and delete all file with a Creation date > 90 days.
The text file contains a list of UNC paths.
GC filecontainingpaths.txt | %{dir $_ -recurse | ?{!$_.psiscontainer -and $_.creationtime -lt ((get-date).adddays(-90))} | del -whatif}
This useful free sysinternals tool allows you to take a snapshost of a live running server and convert it to a VHD file which you can then use with Microsoft Hyper-V. This should be very useful in making test setups etc.
http://4sysops.com/archives/free-disk2vhd-a-simple-p2v-tool-that-creates-vhds-for-hyper-v-and-virtual-pc/
Dave
Exchange 2010 has just been finalised. We’re currently running Exchange 2007 and some legacy Exchange 2003 infrastructure which is hopefully going soon. Time to start upgrading again John 🙂
Exchange 2010 brings a better version of OWA which runs on none MS browsers. See http://www.microsoft.com/exchange/2010/en/us/whats-new.aspx for a list of what’s new.
Unfortunately due to other commitments it will be a while before we can start testing Exchange 2010 here at Newcastle
Assigning the permissions to Filestore resources is easy but managing permissions for an expanding volume of data in an ever evolving department is not. It can however be made easier by only using security groups.
Most people reading this will look after Filestore resources which are accessed by various people within their departments. The data structure may be made up of hundreds or even thousands of folders for which a complex set of permissions are required.
The problem with assigning individual users permissions is that there will come a point eventually where you will not be able remember who a user (let’s call them) n563456 is, why they were assigned permissions and if they should still have access. The situation would be worse still for someone taking over or assisting with management of the resources.
The best way to avoid this is to never assign individual users permissions on a resource but to create a Security group even if only one user will be the only member in it.
This will allow you to do the following:
Give the group a meaningful name.
For example, calling the group HR – Directors Shared Filestore (Read\Write) will help you identify it’s function, level of access and who should be a member at a glance.
TIP: Prefix all of your group names with your departments name e.g. ISS XXXX XXXXX. A group called ‘Research Shared Folder’ will not be as easy to find.
Allow you to add and remove users without having to browse to the resource.
It’s much easier to open the ADUC snap-in and add to or remove from a group than it is to browse to a nested folder and examine the ACLs.
Avoid Ghost s-ids
Ghost sids occur when an account has been deleted but the permission persists on the resource.
Document, audit and manage access from one place.
You can add comments to groups and manage all of your permissions from one central location, perhaps by a regular review of group membership.
Make things easier on team members or your successors.
By using a group based approach new team members and your successors will be able to easily see changes and see how permissions are configured.
SUMMARY: Never assign individual users permissions to a Filestore resource as they will grow too complex. Only ever use groups even if there is only one user on it and always add a description to the group.
Microsoft has released the Remote Server Administration Tools (RSAT) for Windows 7. These tools allow you to “manage roles and features that are installed on computers that are running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003, from a remote computer that is running Windows 7”.
Download from:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en
I thought it would be interesting to see where things stand with Operating System usage in the Active Directory compared with the data I collected in March. These figures are based on Active Computer Objects.
Windows Clients: 10960
Windows Vista: (March) 472 (5%)
Windows Vista: (Today) 1571 (14%)
Windows XP: (March) 9894 (95%)
Windows XP: (Today) 9386 (86%)
Windows Server: 392
Windows Server 2008(March): 65 (17%)
Windows Server 2008(Today): 136 (31%)
Windows Server 2003(March): 323 (83%)
Windows Server 2003(Today): 307 (69%)
If you want to get a Hotfix from Microsoft but they either say you need to ring up for it (boring :)) or even worse pay for it then you can get it for free using this useful web site. Just type in the KB number of the hotfix and away you go.
http://www.hotfixr.com/
Dave