Building a VMWare Server

Posted on by
Reply

As I can never find them here are some videos showing how to build/manage a virtual server as hosted by ISS

Virtual machine access ILO/KVM type interface:
http://wit.ncl.ac.uk/vmware/videos/vSphere_Client_on_Innermind.htm

Installing VMware tools:
http://wit.ncl.ac.uk/vmware/videos/VMWare_Tools_Install.htm

WDS building a virtual machine:
http://wit.ncl.ac.uk/vmware/videos/RIS_Build_ESX_Virtual_Server.htm

Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)

Posted on by
Reply

Since the release of Windows 7 SP1, people who installed the Service Pack before installing the RSAT package weren’t able to do so (although if you installed RSAT before SP1 you were fine).

Microsoft have resolved this with the release of Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1): http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d

The dangers of using the bin to store things you want to keep

Posted on by
Reply

When you build IT systems and you put limitations on how they are intended to be used, it goes without saying that people will try to find ways of getting round those limitations. We’ve always been fairly liberal about what users can do with our systems, but there are some times that we have to put limits in place. For example, we don’t have an unlimited amount of disk space, so we have to put quotas on storage capacity for each user’s email and files.

It turns out that some people try to work around these quotas by deleting email messages or files that they want to keep and take advantage of Exchange’s Recover Deleted Items feature and the shadow copies of home folders on file servers (seen as Previous Versions in Windows Explorer). Some people may get away with working like that for some time, simply recovering the content during the retention period and then deleting it again so that it doesn’t impact their quota.

As a way of working that’s about as safe as storing your important paperwork in the bin and hoping that you’re always there to take it out before the cleaner comes along to empty it. From time to time, routine maintenance on the file servers will result in shadow copies being lost – it’s not that we’re being careless with them; that’s just the way it works. If your mailbox has to be moved from one Exchange mailbox store to another, you’ll lose the ability to recover your deleted items. We try to keep these instances to a minimum because those features are useful for quickly recovering when accidents do happen, but sometimes they are necessary in the course of keeping the systems running as reliably as possible.

Throwing things away and then hoping that the bin doesn’t get emptied is not a solution. If there are legitimate reasons why your quota isn’t big enough, then there are better ways to work. We have a system for requesting increases to home folder quotas and a Home Archive Service for infrequently accessed data (and other solutions for even bigger data requirements, such as large sets of research data), and we have an Exchange Archiving System to store larger amounts of old mail. If none of those meet the specific need, then we’re happy to help to find a solution that works.

How To: Restrict Machine Logon & Network Access to a members of an Active Directory Group

Posted on by
Reply

If you want to Restrict machine Logon & Network Access to a members of an Active Directory Group you can do so using the following procedure:

  1. Create a group which contains the ids for the users who will be allowed access to the PCs in question
  2. If nessecary, create an organisational unit which contains the PCs that are to be restricted.
  3. Create a new group policy on the OU
  4. Expand Computer configuration…Windows Settings…Security Settings…Local Policies…User Rights Assignment
  5. Double click Access This Computer From the Network and click on Add – add the newly created user group
  6. Double click Logon Locally and click on Add – add the user group created at Step 1. Make sure you include the builtin Administrators group with this setting or you could lock yourself out of the machine!

.

HAPPY NEW YEAR!

Posted on by
Reply

Happy New Year everyone. A New Year and a new team for us! The Information Systems and Services (ISS) function of Newcastle University has recently been restructured and The Windows Infrastructure Team (who, amongst many, many other things, have written this blog for the past couple of years) have now merged with the Unix Infrastructure Team to become the Infrastructure Systems Group…. Not sure what will become of our blog over coming months but whilst it’s still here, I thought I’d go ahead and make the first posting of 2011 anyway.

Back in July last year I wrote a post about Dynamic Driver Provisioning via WDS: https://blogs.ncl.ac.uk/blogs/index.php/wit/2010/07/16/title_405

We’ve now been running with DDP for supplying drivers to Windows 7 builds for quite a while and this has, so far, been working extremely well without any issues or conflicts. Whilst doing a little New Year’s cleanup, I realised that the setup notes I posted with the above had a couple of syntax errors in them, so I thought I’d post them again with corrections. I see a lot of questions about WDS driver provisioning in various forums and hope that my notes can be of use to others who are setting up WDS servers. My amended notes are linked from the original post and are also linked here:WDS How To – deploy drivers

Workaround for the: “The network folder specified is currently mapped using a different user name and password” error

Posted on by
3

Some people make use of the “Connect using different credentials feature” when working with different permissions is required:

It seems that this can sometimes result in the error message “The network folder specified is currently mapped using a different user name and password” error message.” The message can occur even when this is not the case!

Microsoft state that this behaviour is by design and provide a workaround.

“Use the IP address of the remote server when you try to connect to the network share”

This does seem to work but requires that you know the name of the IP of the server you are connecting to. This can easily be found out using the command:

Ping servername

Fix the Windows Explorer Navigation pane in Windows 7

Posted on by
Reply

This may not be news to many but I’ve only just found this out so thought I would share on the Blog. For some reason I cannot fathom Microsoft decided to change the behaviour of Windows Explorer in Windows 7 to not expand folders in the Navigation pane.

The way I work means this is massive pain for me so I was happy when I found out how to fix this:

In folder options you can check “Show all folders” and “Automatically expand to current folder”

Problem Solved!

The Magic of CTRL-K

Posted on by
Reply

We often get grumbles about how Outlook seems to make a poor fist of finding names in the Global Address List (GAL) when using the Address Book feature of Exchange. Unless you click the Advanced Find link from within the Address Book, the pattern matching for names is from left to right, based on the Display Name of the Active Directory Account. Also note the More Columns option. This allows the search to take place across all Active Directory fields.

Address Book GAL Search:

Advanced Find based on Last Name:

Results based on Advance Find:

To speed up this process you can use the handy keyboard shortcut of CTRL + K. It is a shortcut for the Check Names icon that can be found on the Outlook toolbar. You can type a variety of search terms based on the user’s personal information recorded in their Active Directory Account

For example, you can type: First Name, Last Name, Display Name, Email Address, Department amongst many other fields.

Results:

The name resolution really comes into it’s own when combining search terms. You can type a first name + a department and the system will try to marry those two terms and provide a best guess. In the example below, I asked Outlook to search for “John” and “ISS”. Outlook provided me with results that contain those two terms in any of the available fields.

It is important to note that you still have to verify that the results are correct and not to take for granted that the recipient that you have selected is accurate. As we have so many staff and students, there are quite a few people with the same name. If you use the scroll bar in the results window, you can see which department that the persons returned belong to.