All about Systems Management / ConfigMgr

Friday, October 2, 2009

Howto: Edit network card bindings in Windows Server 2008

"Figuring out how to edit the order of NIC bindings on a Windows 2008 Server took quite a bit of Googling. It seems that you need to know a secret key combination to be able to view the Advanced tab, where the option to edit the NIC bindings is located.
To edit the network card binding order in Windows Server 2008:
Login to the server with administrative credentials
Click Start > Control Panel > Network and Sharing Center
On the left hand side select Manage network connections
Press Alt+N to display the Advanced menu
Select Advanced Settings. On the Adapters and Bindings tab, highlight your NIC and use the arrows on the right hand side to adjust it’s binding order.
You can also access the Network Connections screen directly by clicking Start > Run , typing ncpa.cpl and pressing Enter"

Using Winsat.exe in Windows Server 2008 as a performance benchmarking tool

"Microsoft has the Windows System Assessment Tool (Winsat) available for download that can assess a computer’s ability to run Windows Vista. This tool provides a wealth of information on you hardware’s horsepower, plus it’s scriptable. It’s designed to run under Windows Vista, but can be run under Windows Server 2008 as well. Here’s how to do it.
1. Dowload the Windows Vista Upgrade Advisor utility

2. Use Universal Extractor’s (uniextract) MSI method to extract the files from the .msi package

3. Copy winsat.exe to the c:\windows\system32 directory on the Windows 2008 server

4. Open an elevated command prompt and change to the c:\windows\system32 directory. There’s many different hardware components you can benchmark, but the following example benchmarks sequential reads on drive C:

winsat disk -seq -read -drive c

See the Technet command reference for Winsat for details on all tests winsat can perform, such as:

AssessmentDescription
winsat dwmAssesses the ability of a system to display the Aero desktop effects.
winsat d3dAssesses the ability of a system to run Direct 3D applications, such as games.
winsat memAssesses system memory bandwidth by simulating large memory to memory buffer copies.
winsat diskAssesses the performance of disk drives.
winsat cpuAssesses the performance of the CPU(s).
winsat mediaAssesses the performance of video encoding and decoding (playback) using the Direct Show framework.
winsat mfmediaAssesses the performance of video decoding (playback) using the Media Foundation framework.
winsat featuresEnumerates relevant system information.
winsat formalRuns a set of pre-defined assessments and saves the data in an XML fil"

Windows 2008 don;t show locked user Name

"Normally when a Windows workstation or server is locked, you’ll see something similar to the following Windows Security message:
This computer is in use and has been locked.

Only DOMAIN\USER (user name) or an administrator can unlock this computer.

To not show the name of the user who has locked a computer, the following can be defined in a workstation level GPO

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Display user information when the session is locked.

There are three choices if you enable this policy:

User display name, domain and user names (default setting)
User display name only
Do not display user information

Besides being able to apply this to Active Directory GPOs, this setting appears in the local security policy on my Windows XP SP3 VM. The setting is not available on my XP SP2 laptop, but I see from KB837022 there is a hotfix that corrects this problem in XP SP2.

Alternatively, the following DWORD can be created in the registry of XP SP2, Windows Vista, and Windows Server 2008 machine to accomplish the same thing:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DontDisplayLockedUserId

User display name, domain and user names = 1
User display name only = 2
Do not display user information =3

You need to restart the machine for the change to take effect.

You may also be interested in the related Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name setting. This security setting determines whether the name of the last user to log on"

Check windows uptime stats w/ Uptime.exe

"There is a very useful Windows command that Microsoft didn’t include in any version of windows but should have. This is the uptime command. There is a knowledge base article here. It was released back in the Windows NT days, but still works on all current versions of windows. I have found this to be an easy way to find out the uptime of the windows servers I maintain without have to log on to the box.

To install just download uptime.exe and place it in the windows directory. Then run it from the command line.

uptime /? will give a listing of all the options and uptime /help will give detailed instructions.
UPTIME, Version 1.01
(C) Copyright 1999, Microsoft CorporationUptime [server] [/s ] [/a] [/d:mm/dd/yyyy /p:n] [/heartbeat] [/? /help]
server Name or IP address of remote server to process.
/s Display key system events and statistics.
/a Display application failure events (assumes /s).
/d: Only calculate for events after mm/dd/yyyy.
/p: Only calculate for events in the previous n days.
/heartbeat Turn on/off the system's heartbeat
/? Basic usage.
/help Additional usage information.Uptime works by checking the windows event logs for startup and shutdown times. Running uptime with the /s switch will provide more detailed statistics as shown below. If the event log has been cleared or is corrupted uptime will not show correct stats.
I have found it helpful to set up .bat files with the servers I want to check. This then gives me a quick list of the uptime of various servers. It is quite a useful command. I’m not sure why Microsoft didn’t just stick it in the directory with all their other comma"

Thursday, October 1, 2009

WSH Scripting Tools

"WSH Scripting Tools
WSH Scripting Tools
ProductDescriptionProgrammer / ManufacturerDownloadPurchase
Admin Script EditorEditoriTripoli
ADSI ScriptomaticADSI query generatorScripting GuysFree
AxScripterIDEIEInspector Software LLC
BrineSoft Script EditorEditorBrineSoft
CodeLobsterEditorCodeLobster Software
EditPad LiteEditorJGSoftFree for non-commercial use
EditPad ProEditorJGSoft
HtaEditHTA editor/IDEAdersoft
HTA GeneratorHTA template generatorJ. LibensonFree
HTA HelpomaticHTA code generatorScripting GuysFree
(validation required)
JsEditJScript editor/IDEAdersoft
KS-Soft WMI ExplorerWMI browserKS-SoftFree
Log Parser 2.2Universal query tool to text-based data, Event Logs, Registry and Active DirectoryMicrosoftFree
Notepad++EditorNotepad++ teamFree
(donations welcome)
OLE/COM Object ViewerObject browser & testerMicrosoftFree
(validation required)
OnScriptIDEXLnow
PrimalScript Scripting IDE (Standard, Professional & Enterprise Editions)IDESapien
PSPadEditorJan FialaFree
(donations welcome)
Sapien WMI ExplorerWMI browserSapien TechnologiesFree
Script Debugger (NT 4 & later)WSH debugging environmentMicrosoftFree
(validation required)
Script Debugger (Win98/Me)WSH debugging environmentMicrosoftFree
(validation required)
Script Debugger IDEIDEStas Semenov
Script EncoderEncode your scriptsMicrosoftFree
(validation required)
ScriptomaticWMI query generator & testerScripting GuysFree
(validation required)
String-O-MaticConvert, escape, unescape, encode & decode stringsAlex K. AngelopoulosFree
System Scripting RuntimeRun scripts as servicesFranz Krainer
SystemScripterEditorScriptInternals.com
Term-O-MaticModified version of the Scriptom"

How to Configure Windows Server 2008 for Site Systems

How to Configure Windows Server 2008 for Site Systems: "How to Configure Windows Server 2008 for Site SystemsUpdated: April 1, 2009
Applies To: System Center Configuration Manager 2007
When Configuration Manager 2007 SP1 site systems will be installed on Windows Server 2008 computers, additional configuration changes might be required to ensure successful installation and operation.
The procedures in this topic can be used to configure Windows Server 2008 to support Configuration Manager 2007 SP1 site system installation.
To Install Internet Information Services (IIS) to support Configuration Manager 2007 SP1 site systems on Windows Server 2008 Computers
This procedure describes how to install Internet Information Services (IIS) 7.0 Windows Server 2008 to support the following site system roles:
Management point.

Background Intelligent Transfer Service (BITS)-enabled distribution point.

Reporting point.

Software Update Point.

Server locator point.

Fallback status point.

To install and configure WebDAV for IIS 7.0 to support management point and BITS-enabled distribution point site system computers
Because WebDAV IIS extensions required for the management point and BITS-enabled distribution point site system roles are not installed by default with IIS 7.0, WebDAV extensions must be manually installed and configured after installing IIS 7.0.
To add Remote Differential Compression for site server and branch distribution point computers
If a site system will be used only to host the site server or branch distribution point site system roles, IIS is not required. However, site servers and branch distribution point site systems require Remote Differential Compression (RDC) to generate package signatures and perform signat"

ERROR: Cannot find path for destination inbox SMS_AMT_PROXY_COMPONENT on server REGISTRY

**ERROR: Cannot find path for destination inbox SMS_AMT_PROXY_COMPONENT on server REGISTRY
This error is found on secondary servers running Microsoft System Center Configuration Manager (SCCM or ConfigMgr) 2007 SP1.

Solution is similar to John Marcum's post here

Error from mpfdm.log:
Verifying local MP outbox directory E:\Program Files\Microsoft Configuration Manager\MP\OUTBOXES\AIKbMgr.box for Asset Intelligence KB Manager exists... SMS_MP_FILE_DISPATCH_MANAGER 7/16/2009 11:25:19 AM 240 (0x00F0)
**ERROR: Cannot find path for destination inbox Asset Intelligence KB Manager on server REGISTRY SMS_MP_FILE_DISPATCH_MANAGER 7/16/2009 11:25:19 AM 240 (0x00F0)
Worker thread [Asset Intelligence KB Manager] cannot update environment so skiping outbox processing. SMS_MP_FILE_DISPATCH_MANAGER 7/16/2009 11:25:19 AM 240 (0x00F0)
Updating environment... SMS_MP_FILE_DISPATCH_MANAGER 7/16/2009 11:25:19 AM 2272 (0x08E0)
Verifying local MP outbox directory E:\Program Files\Microsoft Configuration Manager\MP\OUTBOXES\amtproxy.box for SMS_AMT_PROXY_COMPONENT exists... SMS_MP_FILE_DISPATCH_MANAGER 7/16/2009 11:25:19 AM 2272 (0x08E0)
**ERROR: Cannot find path for destination inbox SMS_AMT_PROXY_COMPONENT on server REGISTRY SMS_MP_FILE_DISPATCH_MANAGER 7/16/2009 11:25:19 AM 2272 (0x08E0)
Worker thread [SMS_AMT_PROXY_COMPONENT] cannot update environment so skiping outbox processing. SMS_MP_FILE_DISPATCH_MANAGER 7/16/2009 11:25:19 AM 2272 (0x08E0)
Updating environment... SMS_MP_FILE_DISPATCH_MANAGE"

Wednesday, September 30, 2009

Difference between bat and cmd

"I've occasionally thought on the difference between cmd and bat, and from an execution point of view I didn’t think there was any. But it turns out a few commands can modify the execution path of batch files, because they modify the errorlevel differently based on whether they were executed as a .bat or .cmd.

The comment that I did find from Microsoft (the source was MZ according to the signature block!)

The differences between .CMD and .BAT as far as CMD.EXE is concerned are: With extensions enabled, PATH/APPEND/PROMPT/SET/ASSOC in .CMD files will set
ERRORLEVEL regardless of error. .BAT sets ERRORLEVEL only on errors.

If you save the text below as test.bat and test.cmd, and then run each from a command prompt, you see two different results. Note that command extensions are enabled by default on XP, a requirement for this behavioural difference.

I saw several references to bat running under 16-bit VDM and cmd running under 32-bit when executed from a shortcut, however I couldn’t reproduce this on XP SP2.

In addition, apparently 9x days and before there was only bat? And then with NT CMD was introduced, and running the same .bat file on 9x and NT definitely had different results, so having two different extensions made it less likely to accidently run a cmd written for NT on a 9x box if you were interoperating between the two. This sounds plausible, but I can't remember those sorts of details that far back.

I hope this doesn’t excite anyone.

::
:: When called from a cmd, 'set' resets errorlevel, whereas when called from a bat the errorlevel from the previous command is returned.
:: The four examples below show this in different ways, two calling a subrou"

Monday, September 28, 2009

Testing management points the Configuration Manager 2007 way - Jeff Gilbert's Web blog at myITforum.com

Testing management points the Configuration Manager 2007 way - Jeff Gilbert's Web blog at myITforum.com: "Testing management point connectivity is just one of those things that SMS/ConfigMgr admins need to do on a regular basis. You can always peruse the mpcontrol.log to check management point health, but to make it easier, the product team has provided some handy test urls that can be used instead of reviewing the mpcontrol.log all the time.
Using the management point test urls is a pretty old tip. It's documented in a ton of places including the SMS 2003 FAQ, the Configuration Manager 2007 documentation, and a myriad of other Web locations. However, there is a catch when using these test urls in Configuration Manager sites that may not seem obvious at first and is a change from SMS 2003 behavior. I noticed this while working on something in my lab so I figured it would be a good tip to pass along.
When testing management point connectivity in SMS 2003 sites, you just open up a Web browser instance and go to: http:///sms_mp/.sms_aut?mplist. If all is well with the management point you will see:

(Yes, I know there's nothing there...that's a good thing for SMS 2003 sites and what you should see if the management point is responding to http requests )
In Configuration Manager sites, you actually do see something when you browse to the test urls and Don Hite has done a nice job documenting some of that behavior in his blog already.
So, in SMS 2003 sites, seeing nothing is good and something (IIS errors) is bad. In Configuration Manager sites, seeing something is good and nothing (IIS errors) is bad...that sounded a lot clearer in my head.
Anyway, moving on. If you browse to that"

SCCM 2007 R3

"Announcing System Center Configuration Manager 2007 R3
Today, the System Center team is excited to share with you our plan to release System Center Configuration Manager 2007 R3. This new release of the ConfigMgr is packed with some extremely cool features, which over the coming months we plan to share with you in different ways.
Recent shifts in the world economy have brought new focus on IT departments, and also to technology investment. Organizations are being pressured to do more with less, while at the same time manage an increasing range of working scenarios, mobility requirements, and business demands. Through all of this, they need to maintain security levels, answer compliance challenges and address the growing Green IT landscape.
As organizations look to reduce financial costs and environmental impacts, power management is proving to be a successful approach. The payback for power management is clear – when a PC is using less power it translates directly into reduced operational costs – either directly through reduced energy consumption or from a growing number of electrical companies that offer rebates to companies that can prove enforcement of centralized power management policies. In addition, continuous PC power management pays environmental dividends measured in terms like Kwh, or CO2 emissions savings.
Forrester estimates that more than 90% of firms are implementing or considering PC power management. Despite the advanced capabilities provided in Windows Vista and Windows 7, The U.S. Environmental Protection Agency estimates that no more than 10% of all enterprise PCs in use have their power management capabilities turned on today. Without centra"

System Center Configuration Manager 2007 | “Announcing System Center Configuration Manager 2007 R3” - Blog de Aurélien BONNIN [EXAKIS]

System Center Configuration Manager 2007 R3

There are a few areas of focus for ConfigMgr R3, with the main engineering effort concentrating on Power Management. Here are the goals for this feature:
Power Management
The goal of this capability is to enable Configuration Manager to further reduce the operational costs of IT by providing basic power management features native to the product. Our approach is based on 3 primary areas:
A. Help the organization plan a power strategy by monitoring current power state and consumptions and reporting on machine utilization trends, current power settings and current energy consumption
B. Enable the Administrator to easily create, deploy and enforce specific power settings using the existing ConfigMgr infrastructure
−Ability to set peak and non-peak schedules
−Ability to remediate settings if changed
−Ability to opt out machines from power policy
C. Provide the business meaningful report formats that are relevant to Power Management
An effective approach to power management needs to maximize power policy deployment while minimizing the impact to the end-user. System Center Configuration Manager helps customers further reduce their operational costs by adding new in box capability to their ConfigMgr infrastructure, and by seamlessly enabling power management client agent services to their existing Collection landscape.
In addition to power management, ConfigMgr R3 will provide customers with enhanced scale and performance support above current numbers.

Friday, August 14, 2009

JAI HIND JAI HIND

JAI H
JAI HIN JA
JAI HIND JAI HI
JAI HIND JAI H
JAI HIND JAI HI
JAI HIND JAI
JAI HIND JAI
JAI HIND JAI
JAI HIND
JAI HIND J
JAI HIND JAI H
JAI HIND JAI HIN
JAI HIND JAI HIN JAI H
JAI HIND JAI HIND J JAI HIND J
JAI HIND JAI HIND JAI H J JAI HIND J
JAI HIND JAI HIND JAI HIND JAI JA JAI HIND JAI
JAI HIND JAI HIND JAI HIND JAI HIND J JA JAI HIND
JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND JAI HIN
JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND J JAI HIND JAI
JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND JAI
JAI HI JAI HIND JAI HIND JAI HIND JAI HIND JAI HIN JAI HI
JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND JAI H
JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND JAI JAI
JAI HIND JAI HIND JAI HIND JAI HIND JAI HIND JAI HIN J
JAI HI JAI HIND JAI HIND JAI HIND JAI HIND JAI
JAI H JAI HIND JAI HIND JAI HIND JAI HIND J
JAI HIND JAI HIND JAI HIND JAI HIND
JAI HIND JAI HIND JAI HIND JAI HIND
JAI HIND JAI HIND JAI HIND JAI
JAI HIND JAI HIND JAI HIND JAI
JAI HIND JAI HIND JAI HIND J
JAI HIND JAI HIND JAI HIND
JAI HIND JAI HIND JAI HIN
JAI HIND JAI HIND JAI HI
JAI HIND JAI HIND JA
JAI HIND JAI HIND J
JAI HIND JAI HIN
JAI HIND JAI HIN
JAI HIND JAI HI
JAI HIND JAI H
JAI HIND JAI
JAI HIND JAI
JAI HIND JAI
JAI HIND
JAI HIN
JAI HI
JAI H
JAI

'VBS Script To Send A Remote Machines Hot Fix Information To Excel

'VBS Script To Send A Remote Machines Hot Fix Information To Excel
strComputer = InputBox ("Enter Machine Name")

Set objExcel = CreateObject("Excel.Application")

objExcel.Visible = True

objExcel.Workbooks.Add

intRow = 2

objExcel.Cells(1, 1).Value = "Machine Name"

objExcel.Cells(1, 2).Value = "Hot Fix ID"

objExcel.Cells(1, 3).Value = "Description"

objExcel.Cells(1, 4).Value = "Install Date"

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colItems = objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering Where HotFixID <> 'File 1'")

For Each objItem In colItems

objExcel.Cells(intRow, 1).Value = UCase(strComputer)

objExcel.Cells(intRow, 2).Value = objItem.HotFixId

objExcel.Cells(intRow, 3).Value = objItem.Description

objExcel.Cells(intRow, 4).Value = objItem.InstalledOn

intRow = intRow + 1

objExcel.Range("A1:D1").Select

objExcel.Selection.Interior.ColorIndex = 19

objExcel.Selection.Font.ColorIndex = 11

objExcel.Selection.Font.Bold = True

objExcel.Cells.EntireColumn.AutoFit

MsgBox "Done"

Tuesday, August 11, 2009

Collection of Computers based on Users

SMS has a nice feature that allows you to create a collection based on users. That way when a users logs into a computer SMS will then run an advertisement for whatever computer they are on. The problem is maybe you want to have a collection of computers not the users. The worst flaw this the collection query I have created below and using collections based on users is that if a person logs in to another machine, for whatever reason, SMS will find them and push software to them.
That in mind, here is a collection that will take any OU group of users and create a collection of computers.

---------------------------------------
select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.UserName in (select UniqueUserName from SMS_R_User where UserOUName = "xxxx /SECURITY USERS & GROUPS" )
--------------------------------------
Windows User account and group discovery must be enabled and run on your server to use this.

How does this work. It first grabs the list of users. Then matches them to the comptuers that SMS currently sees them logged into. To change this to Last Logged in user you need to change the SMS_G_System_Computer_System to SMS_R_System.LastLogonUserName for computers. This will give you last logged in user.

"Limit to Collection" for all your computer Workstations or further limit it to based on departments

If you don't know what group then you can create a query of just (select UniqueUserName from SMS_R_User where UserOUName = "") click values until you have the value you need and paste it into the larger query.
-------------------
Thanks,
http://sccm07.blogspot.com/

Tuesday, August 4, 2009

ALL MY recommendations to become a expert on 2k3 Server

Task 1	Links and comments
AD Basics	http://technet.microsoft.com/en-us/library/bb727169.aspx
AD basicthings to be know --Troubleshooting Active Directory	http://technet.microsoft.com/en-us/library/cc737561(WS.10).aspx
Common Windows Administrative Tasks	http://technet.microsoft.com/en-us/library/cc784837(WS.10).aspx
	Backing up and restoring data
	Changing group memberships
	Checking event logs
	Creating administrative scripts
	Creating logon scripts
	Creating user and group accounts
	Deploying and upgrading software
	Installing a DHCP server
	Installing a domain controller
	Managing applications on a local computer
	Managing applications remotely
	Managing directory replication
	Management tasks for disks and volumes
	File and folder management
	Managing network printers
	Managing servers remotely
	Managing services
	Monitoring network traffic
	Monitoring security-related events
	Monitoring server performance
	Resetting user passwords
	Safeguarding your system
	Scheduling tasks
	Setting up DNS
	Setting up TCP/IP
	Setting user and group security
AD FRS Basic and Troubleshooting	http://technet.microsoft.com/en-us/library/bb727056.aspx
Troubleshooting Active Directory Replication Problems	http://technet.microsoft.com/en-us/library/bb727057.aspx
	http://technet.microsoft.com/en-us/library/cc755349(WS.10).aspx
High-level Methodology for Troubleshooting Active Directory Problems	http://technet.microsoft.com/en-us/library/bb727053.aspx
Troubleshooting High CPU Usage on a Domain Controller	http://technet.microsoft.com/en-us/library/bb727054.aspx
Troubleshooting Active Directory—Related DNS Problems	http://technet.microsoft.com/en-us/library/bb727055.aspx
Performance and Reliability Monitoring	http://technet.microsoft.com/en-us/library/bb742467.aspx
System Recovery and Troubleshooting	http://technet.microsoft.com/en-us/library/bb742524.aspx
Manage Operations Master Roles	http://technet.microsoft.com/en-us/library/cc776474(WS.10).aspx
Securing Active Directory	http://technet.microsoft.com/en-us/library/cc728372(WS.10).aspx
How do you say AD and DNS integrated...What do you mean by this?	http://technet.microsoft.com/en-us/library/cc785656(WS.10).aspx
Understanding the Global Catalog	http://technet.microsoft.com/en-us/library/cc776756(WS.10).aspx
Understanding Sites and Replication and when to implement a site	http://technet.microsoft.com/en-us/library/cc757232(WS.10).aspx
Manage Forest Trusts & Creating	http://technet.microsoft.com/en-us/library/cc776217(WS.10).aspx
Manually publish a printer in Active Directory	http://technet.microsoft.com/en-us/library/cc736565(WS.10).aspx
Checklist: Creating a new Forest / New Domain / Child Domain Tree	http://technet.microsoft.com/en-us/library/cc787858(WS.10).aspx

Enjoy,

-Paddy

The Microsoft(R) Windows(R) Server 2003 Resource Tools

The Microsoft® Windows® Server 2003 Resource Tools

Acctinfo.dll (documented in Readme.htm)

Adlb.exe: Active Directory Load Balancing Tool

Admx.msi: ADM File Parser

Atmarp.exe: Windows ATM ARP Server Information Tool

Atmlane.exe: Windows ATM LAN Emulation Client Information

Autoexnt.exe: AutoExNT Service

Cdburn.exe: ISO CD-ROM Burner Tool

Checkrepl.vbs: Check Replication

Chklnks.exe: Link Check Wizard

Chknic.exe: Network Interface Card Compliance Tool for Network Load Balancing

Cleanspl.exe: Spooler Cleaner

Clearmem.exe: Clear Memory

Clusdiag.msi: Cluster Diagnostics and Verification Tool

Clusfileport.dll: Cluster Print File Port

Clusterrecovery.exe: Server Cluster Recovery Utility

Cmdhere.inf: Command Here

Cmgetcer.dll: Connection Manager Certificate Deployment Tool

Compress.exe: Compress Files

Confdisk.exe: Disk Configuration Tool

Consume.exe: Memory Consumers Tool

Creatfil.exe: Create File

Csccmd.exe: Client-Side Caching Command-Line Options

Custreasonedit.exe: Custom Reason Editor (documented in Readme.htm)

Delprof.exe: User Profile Deletion Utility

Dh.exe: Display Heap

Diskraid.exe: RAID Configuration Tool

Diskuse.exe: User Disk Usage Tool

Dnsdiag.exe: SMTP DNS Diagnostic Tool (documented in Readme.htm)

Dumpfsmos.cmd: Dump FSMO Roles

Dvdburn.exe: ISO DVD Burner Tool

Empty.exe: Free Working Set Tool

Eventcombmt.exe: Check Replication

Fcopy.exe: File Copy Utility for Message Queuing

Frsflags.vbs

Getcm.exe: Connection Manager Profile Update

Gpmonitor.exe: Group Policy Monitor

Gpotool.exe: Group Policy Objects

Hlscan.exe: Hard Link Display Tool

Ifilttst.exe: IFilter Test Suite

Ifmember.exe: User Membership Tool

Inetesc.adm: Internet Explorer Enhanced Security Configuration

Iniman.exe: Initialization Files Manipulation Tool

Instcm.exe: Install Connection Manager Profile

Instsrv.exe: Service Installer

Intfiltr.exe: Interrupt Affinity Tool

Kerbtray.exe: Kerberos Tray

Kernrate.exe: Kernel Profiling Tool

Klist.exe: Kerberos List

Krt.exe: Certification Authority Key Recovery

Lbridge.cmd: L-Bridge

Linkd.exe

Linkspeed.exe: Link Speed

List.exe: List Text File Tool

Lockoutstatus.exe: Account Lockout Status (documented in Readme.htm)

Logtime.exe

Lsreport.exe: Terminal Services Licensing Reporter

Lsview.exe: Terminal Services License Server Viewer

Mcast.exe: Multicast Packet Tool

Memmonitor.exe: Memory Monitor

Memtriage.exe: Resource Leak Triage Tool

Mibcc.exe: SNMP MIB Compiler

Moveuser.exe: Move Users

Mscep.dll: Certificate Services Add-on for Simple Certificate Enrollment Protocol

Nlsinfo.exe: Locale Information Tool

Now.exe: STDOUT Current Date and Time

Ntimer.exe: Windows Program Timer

Ntrights.exe

Oh.exe: Open Handles

Oleview.exe: OLE/COM Object Viewer

Pathman.exe: Path Manager

Permcopy.exe: Share Permissions Copy

Perms.exe: User File Permissions Tool

Pfmon.exe: Page Fault Monitor

Pkiview.msc: PKI Health Tool

Pmon.exe: Process Resource Monitor

Printdriverinfo.exe: Drivers Source

Prnadmin.dll: Printer Administration Objects

Qgrep.exe

Qtcp.exe: QoS Time Stamp

Queryad.vbs: Query Active Directory

Rassrvmon.exe: RAS Server Monitor

Rcontrolad.exe: Active Directory Remote Control Add-On

Regini.exe: Registry Change by Script

Regview.exe (documented in Readme.htm)

Remapkey.exe: Remap Windows Keyboard Layout

Robocopy.exe: Robust File Copy Utility

Rpccfg.exe: RPC Configuration Tool

Rpcdump.exe

Rpcping.exe

RPing: RPC Connectivity Verification Tool

Rqc.exe: Remote Access Quarantine Client

Rqs.exe: Remote Access Quarantine Agent

Setprinter.exe: Spooler Configuration Tool

Showacls.exe

Showperf.exe: Performance Data Block Dump Utility

Showpriv.exe: Show Privilege

Sleep.exe: Batch File Wait

Sonar.exe: FRS Status Viewer

Splinfo.exe: Print Spooler Information

Srvany.exe: Applications as Services Utility

Srvcheck.exe: Server Share Check

Srvinfo.exe: Remote Server Information

Srvmgr.exe: Server Manager

Ssdformat.exe: System State Data Formatter

Subinacl.exe

Tail.exe

Tcmon.exe: Traffic Control Monitor

Timeit.exe (documented in Readme.htm)

Timezone.exe: Daylight Saving Time Update Utility

Tsctst.exe: Terminal Server Client License Dump Tool

Tsscalling.exe: Terminal Services Scalability Planning Tools

Uddicatschemeeditor.exe: UDDI Services Categorization Scheme Editor

Uddiconfig.exe: UDDI Services Command-line Configuration Utility

Uddidataexport.exe: UDDI Data Export Wizard

Usrmgr.exe: User Manager for Domains

Vadump.exe: Virtual Address Dump

Vfi.exe: Visual File Information

Volperf.exe: Shadow Copy Performance Counters

Volrest.exe: Shadow Copies for Shared Folders Restore Tool

Vrfydsk.exe: Verify Disk

Winexit.scr: Windows Exit Screen Saver

Winhttpcertcfg.exe: WinHTTP Certificate Configuration Tool

Winhttptracecfg.exe: WinHTTP Tracing Facility Configuration Tool

Winpolicies.exe: Policy Spy

Wins.dll: WINS Replication Network Monitor Parser

Wlbs_hb.dll & Wlbs_rc.dll: Windows Load Balancing Server Network Monitor Parsers -------------------

Thanks,
http://sccm07.blogspot.com/

AD Basic checkout here

http://technet.microsoft.com/en-us/library/bb727169.aspx

Step-by-Step Guide to Managing the Active Directory

Introduction

This guide introduces you to administration of the Microsoft® Windows® 2000 Active Directory™ service and the Active Directory Users and Computers snap-in. This snap-in allows you to add, move, delete, and alter the properties for objects such as users, contacts, groups, servers, printers, and shared folders.

Prerequisites

This Software Installation and Maintenance document is based on Step-by-Step Guide to the Common Infrastructure for Windows 2000 Server Deployment, http://www.microsoft.com/windows2000/techinfo/planning/server/serversteps.asp.

Before beginning this guide, please build the common infrastructure, which specifies a particular hardware and software configuration. If you are not using the common infrastructure, you need to make the appropriate changes to this instruction set.

You can run the Administrative Tools from the server, or you can run the tools from a computer running Windows 2000 Professional. The Administrative Tools are installed by default on all Windows 2000 domain controllers.

You must be logged on as a user with administrative privileges to run through the procedures in this document.

If you are working on a domain controller, the Active Directory Schema snap-in might not be installed. To install it:

1. Click Start, point to Settings, click Control Panel, and then click Change or Remove Programs.

2. When prompted, reinstall all the Administrative Tools.

On Windows 2000-based stand-alone servers or workstations, Active Directory Administrative Tools are optional. You can install them from Add/Remove Programs in Control Panel, using the Windows Components wizard, or from the ADMINPAK on the Windows 2000 Server or Professional CD.

In this Step-by-Step Guide:


Common Administrative Tasks	· Creating Organizational Units · Creating Users and Contacts · Creating Groups and adding members to Groups
Advanced Administrative Tasks	· Publishing shared network resources, such as shared folders and printers. · Moving Users, Groups, and Organizational Units · Using Filters and Searches to retrieve objects

Using Active Directory Domains and Trusts Snap-in

The Active Directory Domains and Trusts snap-in provides a graphical view of all domain trees in the forest. Using this tool, an administrator can manage each of the domains in the forest, manage trust relationships between domains, configure the mode of operation for each domain (native or mixed mode), and configure the alternative User Principal Name (UPN) suffixes for the forest.

Starting the Active Directory Domains and Trusts Snap-in

1. Click Start , point to Programs, point to Administrative Tools, and then click Active Directory Domains and Trusts. The Active Directory Domains and Trusts snap-in appears as in Figure 1 below.

Figure 1: Active Directory Domains and Trust snap-in

2. The User Principal Name (UPN) provides an easy-to-use naming style for users to log on to Active Directory. The style of the UPN is based on Internet standard RFC 822, which is sometimes referred to as a mailaddress. The default UPN suffix is the forest DNS name, which is the DNS name of the first domain in the first tree of the forest. In this and the other step-by-step guides on this site, the default UPN suffix is reskit.com.

3. You can add alternate User Principal Name suffixes, which increase logon security. And you can simplify user logon names by providing a single UPN suffix for all users. The UPN suffix is only used within the Windows 2000 domain and is not required to be a valid DNS domain name.

4. Select Active Directory Domains and Trusts in the upper left pane, right-click it, and then click Properties.

5. Enter any preferred alternate UPN suffixes in the Alternate UPN Suffixes box and click Add.

6. Click OK to close the window.

Changing the Domain Mode

Windows 2000 domains operate in one of two modes:

Mixed Mode. Allows domain controllers running both Windows 2000 and earlier versions of Windows NT® Server to co-exist in the domain. In mixed mode, the domain features from previous versions of Windows NT Server are still enabled, while some Windows 2000 features are disabled.
Native Mode. Requires all the domain controllers in a domain to run Windows 2000 Server. In native mode, you can take advantages of new features such as Universal groups, nested group membership, and inter-domain user move. (A Universal group is a collection of user accounts that can contain members from any Active Directory domain in the forest, and permissions can be assigned to a universal group to resources on any member computer in the forest. Universal groups are available only in native mode.)

When a domain is first installed, it is in mixed mode. The mode of operation can be changed from mixed mode to native, but this is not reversible. In native mode, Windows NT 4.0 Domain Controllers cannot participate in the domain.

You can change to native mode after making sure all domain controllers in your domain are running Windows 2000 Server.

To switch to native mode

1. Right-click the domain object (in our example, reskit.com), and then click Properties.

2. Click Change Mode.

3. You receive a message requiring confirmation. Click Yes to continue. Click OK to proceed, or No to stop this action. If you plan to add Windows NT 4.0 domain controllers to your configuration, do not proceed.

Using the Active Directory Users and Computers Snap-in

1. To start the Active Directory Users and Computers snap-in, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

2. Expand Reskit.com by clicking +.

Figure 2 below displays the key components of the Active Directory Users and Computers snap-in.

Figure 2: The Active Directory Users and Computers Snap-In

Recognizing Active Directory Objects

The objects described in the following table are created during the installation of Active Directory.

Icon	Folder	Description
	Domain	The root node of the snap-in represents the domain being administered.
	Computers	Contains all Windows NT® and Windows 2000-based computers that join a domain. This includes computers running Windows NT versions 3.51 and 4.0, as well as those running Windows 2000. If you upgrade from a previous version, Active Directory migrates the machine account to this folder. You can move these objects.
	System	Contains Active Directory systems and services information.
	Users	Contains all the users in the domain. In an upgrade, all users from the previous domain will be migrated. Like computers, the user objects can be moved.

You can use Active Directory to create the following objects.

Icon	Object	Description
	User	A user object is an object that is a security principal in the directory. A user can log on to the network with these credentials and access permissions can be granted to users.
	Contact	A contact object is an account that does not have any security permissions. You cannot log on to the network as a contact. Contacts are typically used to represent external users for the purpose of e-mail.
	Computer	An object that represents a computer on the network. For Windows NT-based workstations and servers, this is the machine account.
	Organizational Unit	Organizational units are used as containers to logically organize directory objects such as users, groups, and computers in much the same way that folders are used to organize files on your hard disk.
	Group	Groups can have users, computers, and other groups. Groups simplify the management of large numbers of objects.
	Shared Folder	A shared Folder is a network share that has been published in the directory.
	Shared printer	A shared printer is a network printer that has been published in the directory

Adding an Organizational Unit

This procedure creates an organizational unit (OU) in the Reskit domain. Note that you can create nested organizational units and there is no limit to the nesting levels.

These steps follow the Active Directory structure begun in the the "Step-by-Step Guide to a Common Infrastructure for Windows 2000 Server Deployment" http://www.microsoft.com/windows2000/techinfo/planning/server/serversteps.asp. If you did not create that structure, add the OUs and users directly under Reskit.com; that is, where Accounts is referred to below, substitute Reskit.com.

1. Click the + next to Accounts to expand it.

2. Right-click Accounts.

3. Point to New and click Organizational Unit. Type Construction as the name of your new organizational unit. Click OK.

For the rest of the exercises in this guide, repeat steps 1 and 2 above to create additional organizational units, as follows:

Organizational unit Engineering under Reskit.com.
Organizational unit Manufacturing under Reskit.com.
Organizational unit Consumer under the Manufacturing organizational unit. (To do this, right-click Manufacturing, point to New, and then click Organizational Unit.)
Organizational units Corporate and Government under the Manufacturing organizational unit. Click Manufacturing so that its contents will display in the right pane.

When you are finished, you should have the following hierarchy as in Figure 3 below:

Figure 3: New OUs

Creating a User Account

The following procedure creates the user account James Smith in the Construction OU.

To create a new user account

1. Right-click the Construction organizational unit, point to New, and then click User, or click New User on the snap-in toolbar.

2. Type user information as in Figure 4 below:

Figure 4: New User dialog

Note that the Full name is automatically filled in after you enter the First and Last names. Click Next to proceed.

3. Type a password in both the Password and Confirm password boxes and click Next.

4. Accept the confirmation in the next dialog box by clicking Finish.

You have now created an account for James Smith in the Construction OU To add additional information about this user:

5. Select Construction in the left pane, right-click James Smith in the right pane, and then click Properties.

6. Add more information about the user in the Properties dialog box on the General tab as shown in Figure 5 below, and click OK. You are provided with this selection of optional entries. Click each tab you want to go to.

Figure 5: Additional User Information

Moving a User Account

Users can be moved from one organizational unit to another in the same domain or a different domain. For example, in this procedure, James Smith moves from the Construction division to the Engineering division.

1. Click the James Smith user account in the right pane, right-click it, and click Move.

2. Click the + next to Accounts to expand it as in Figure 6 below.

Figure 6: List of available OUs

3. Click the Engineering OU, and click OK.

If you upgrade from an earlier version of Windows NT Server, you might want to move existing users from the Users folder to some of the OUs that you create.

Creating a Group

1. Right-click the Engineering OU, click New, and then click Group.

2. In the Name of New Group text box, type: Tools

Select the appropriate Group type and Group scope and then click OK.

· The Group type indicates whether the group can be used to assign permissions to other network resources, such as files and printers. Both security and distribution groups can be used for e-mail distribution lists.

· The Group scope determines the visibility of the group and what type of objects can be contained within the group.

Scope	Visibility	May contain
Domain Local	Domain	Users, Domain Local, Global, or Universal Groups
Global	Forest	Users or Global groups
Universal	Forest	Users, Global, or Universal Groups

Adding a User to a Group

1. Click Engineering in the left pane.

2. Right-click the Tools group in the right pane, and click Properties.

3. Click the Members Tab and click Add.

4. Scroll to James Smith, select his name, click Add, then click OK as in Figure 7 below.

Figure 7: Add James Smith to the Tools Group

Note: You can select multiple users or groups in this dialog by pressing the CTRL key as you click them. You can also type the name directly. If the name is ambiguous, a further list is displayed to confirm your selection.

Alternatively, you can select the users from the results pane, right click then click Add members to a Group. Or you can click Add the selected objects to a group you specify on the snap-in toolbar. This may be more efficient for adding large numbers of members to a group.

Publishing a Shared Folder

Any shared network folder, including a Distributed File System (Dfs) folder, can be published in Active Directory. Creating a Shared folder object in the directory does not automatically share the folder. This is a two-step process: you must first share the folder, and then publish it in Active Directory.

1. Use Windows Explorer to create a new folder called Engineering Specs on one of your disk volumes.

2. In Windows Explorer, right-click the folder name, and then click Properties. Click Sharing, and then click Share this folder.

3. In the New Object–Shared Folder dialog box, type ES in the Share name box and click OK. By default, Everyone has permissions to this shared folder. If you want, you can change the default by clicking the Permissions button.

4. Populate the folder with files, such as documents, spreadsheets, or presentations.

To publish the shared folder in the directory

1. In the Active Directory Users and Computers snap-in, right-click the Engineering OU, point to New, and click Shared Folder.

2. In the Name box, type Engineering Specs.

3. In the Network Path name box, type \\hq-res-dc-01.reskit.com\ES and click OK.

The Engineering organizational unit appears as shown in Figure 8 below:

Figure 8: Engineering OU contents

Users can now see this volume while browsing in the directory.

To browse the directory

1. Double-click My Network Places on the desktop.

2. Double-click Entire Network, and then click Entire contents of the network.

3. Double-click the Directory.

4. Double-click the domain name, Reskit, and then double-click Engineering.

5. To view the files in the volume, either right-click the Engineering Specs volume, and click Open, or double-click Engineering Specs.

Publishing a Printer

This section describes the processes for publishing printers in a Windows 2000 Active Directory-based network.

Windows 2000 Printers

You can publish a printer shared by a computer running Windows 2000 by using the Sharing tab of the printer Properties dialog box. By default, Listed in the directory is enabled. The directory is the Active Directory data store. (This means that Windows 2000 Server publishes the shared printer by default.) The print subsystem will automatically propagate changes made to the printer attributes (location, description, loaded paper, and so forth) to the directory.

Note: For this section of this guide, you must have a printer available and know its IP address. If you do not have an IP printer, you can still run through these procedures, substituting the correct port for Standard TCP/IP Port.

To add a new printer

1. Click Start, point to Settings, click Printers, and then double-click Add Printer. The Add Printer Wizard appears. Click Next.

2. Click Local Printer, clear the Automatically detect and install my Plug and Play printer checkbox, and click Next.

3. Click the Create a new port option, then scroll to Standard TCP/IP Port, and click Next.

4. The Add Standard TCP/IP Printer Port Wizard appears. Click Next.

5. On the Add Port page, type the IP address of the printer in the Printer Name or IP Address box, type the port name in the Port name box, and click Next. Click Finish.

6. Select your printer's manufacturer and model in the Printers list box, and then click Next.

7. In the Printer name text box, type the name of your printer.

8. On the Printer Sharing page, type a name for the shared printer. Choose a name no more than eight characters long so computers running earlier versions of the operating system display it correctly.

9. Type in the Location and Comment in those text boxes.

10. Print a test page. Click Finish.

After you create the printer, the printer is automatically published in Active Directory and the Listed in the Directory check box is selected.

You might also need to find the server from which a printer is shared out before adding it to the machine you're working on.

To locate a printer

1. Click Start, point to Settings, and then click on Printers.

2. Double-click the Add Printer icon.

3. In the Add Printer Wizard dialog box, click the Next button.

4. Select the Network printer button, and then click Next.

5. Select the Find a printer in the Directory button, and then click Next.

6. The Find Printers dialog box displays. If you know which domain your printer resides in, click the Browse button and choose that domain to narrow your search. Then, on the Printer tab, add the printer Name, Location, or Model to those text boxes, and click the Find Now button.

Note: If you don't know the name, location, or model of the printer, you can simply click the Find Now button, and all the printers in the domain you selected will be listed in the list box.

Adding Non-Windows 2000 Printers

You can publish printers shared by operating systems other than Windows 2000 in the directory. The simplest way to do this is to use the pubprn script. This script will publish all the shared printers on a given server. It is located in the \winnt\system32 directory.

To publish a printer shared from a non-Windows 2000 server using the pubprn.vbs script

1. Click Start, click Run, and type cmd in the text box. Click OK.

2. Type cd\ winnt/system32 and press Enter.

3. Type cscript pubprn.vbs printer server name where in this example "LDAP://ou=marketing,dc=reskit,dc=com" and press Enter. This publishes the printer to the specified OU.

This script copies only the following subset of the printer attributes:

Location
Model
Comment
UNCPath

You can add other attributes by using the Active Directory Users and Computers snap-in. Note that you can rerun pubprn and it will update rather than overwrite existing printers.

Alternatively, you can use the Active Directory Users and Computers snap-in to publish printers on non-Windows 2000 servers.

To use the Active Directory Users and Computers snap-in to publish printers

1. Right-click the Marketing organizational unit, click New, and click Printer.

2. The New Object-Printer dialog box pops up. In the text box, type the path to the printer, such as \\ server \ share name . Click OK.

End users can realize the benefit of printers being published in the directory because they can browse for printers, submit jobs to those printers, and install the printer drivers directly from the server.

To browse and use printers in the directory

1. On the Desktop, click Start, click Search, and click For Printers.

2. In the Find Printers dialog, select the subdirectory in which you'd like to search for printers. Then type information into the Name, Location, or Model text boxes. Click the Find Now button to get a list of published printers.

Creating a Computer Object

A computer object is can be created automatically when a computer joins a domain. You can also create the computer object before the computer joins a domain.

1. Right-click the Engineering organizational unit, point to New, and then click Computer.

2. For the computer name, type Vancouver.

3. You can manage this computer In the Active Directory Users and Computers snap-in, by right-clicking the computer object, and then clicking Manage.

Optionally, you can select which users are permitted to join a computer to the domain. This allows the administrator to create the computer account and someone with lesser permissions to install the computer and join it to the domain.

Renaming, Moving, and Deleting Objects

1. Every object in the directory can be renamed and deleted, and most objects can be moved to different containers.

2. To move an object, right-click the object, and then click Move.

3. Click Browse. The Directory Browser will appear, enabling you to select the destination container for the object that you are moving.

Creating Nested Groups

You can use nested groups providing that you are running the Active Directory in Native Mode. Nested groups are easier to manage, and thus reduce administrative overhead.

1. Create a new group by right-clicking Engineering, pointing to New, and then clicking Group. Type All Engineering and then click OK.

2. Right-click the All Engineering Group, and click Properties.

3. Click the Members tab and click Add.

4. In the list box, select Tools, click Add, and then click OK.

5. Click Apply, and then click OK. You've now created a nested group.

To check the nested groups

1. Right-click All Engineering, click Properties, and then click Membership. You will see Press Liaison as a member of All Engineering.

2. Double-click Tools, and then click Membership. You will see Tools listed as a member of the group All Engineering.

Finding Specific Objects

Rather than browsing the list of objects in the results pane, it is often more efficient to find specific objects that meet a certain criteria. In this example you will find all users who have a surname of "Smith" and are in the Marketing organizational unit.

1. Select the Engineering OU. Right-click Engineering, and then click Find.

2. In the Name box, type Smith.

3. Click Find Now.

Filtering a List of Objects

Filtering the list of returned objects from the directory can allow you to manage the directory more efficiently. The filtering option allows you to restrict the types of objects returned to the snap-in—for example, you can choose to view only users and groups, or you may want to create a more complex filter.

If an OU has more than a specified number of objects, the filter function allows you to restrict the number of objects displayed in the results pane. You can use the Filter function to configure this option.

In this example, you create a filter designed to retrieve users only.

1. In the Active Directory Users and Computers snap-in, click the View menu, click Filter Options.

2. Click the radio button for Show only the following types of objects, and then select Users and Groups.

3. Click OK.

After you click OK, whenever you view a container, it retrieves user and group objects only. For example, if you now view the Engineering OU, the shared folder Engineering Specs will no longer be displayed. The description bar above the contents of the right pane will show that the list is filtered.

Pages