I stumbled on a utility which can bulk modify objects in AD. Big deal you say… I can do that in ADUC.
This utility can change the attributes that cannot be changed from ADUC.
Links:
I stumbled on a utility which can bulk modify objects in AD. Big deal you say… I can do that in ADUC.
This utility can change the attributes that cannot be changed from ADUC.
Links:
Setting up a Stand-Alone Root CA
1. Install and patch a Windows Server 2003 and put it in a Workgroup
2. Prepare a CAPolicy.inf file and put it in %SystemRoot%
3. Install Certificate Services from the Install CD according to following
– Stand-Alone Root CA
– Use custom settings to generate the key pair and CA certificate
– Microsoft Strong Cryptographic Provider
– Hash Algorithm: SHA-1
– Key length: 4096
– Clear Allow this CSP to interact with the desktop and Use an existing key
– Create Common Name and Distinguished name suffix
– Validation Period: 10 years
– Set Certificate database and Certificate database log
– Store configuration information in a shared folder and enter a local Path
4. Verify the Root CA Certificate
– certutil –ca.cert CommonName.cer
– certutil.exe CommonName.cer
5. Verify the CommonName Configuration Information
– certutil –cainfo
– certutil –getreg | find /I Directory
Configuring the Root CA
1. Map the Namespace of Active Directory to an Offline CA’s Registry Configuration
– certutil.exe –setreg caDSConfigDN CN=Configuration,DC=concorp,DC=contoso,DC=com
2. Configure CorporateRootCA Distribution Points for CRL and AIA (Look in the Source Document)
3. Finalize the CA Configuration
Source: Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure
Here is some information about running as non local admin
Tools
RunAsAdmin Explorer Shim
PrivBar
Links
One of my collegues told me he used System Summary under Computer Management to find out memory, CPU etc on computers he was working on. He had noticed that in Windows Server 2003 it was gone… If you are like him and you are missing it try starting MSINFO32.EXE.
More info: here
Here are som nice info on moving DHCP from a Server to another
Sources:
How to move a DHCP database from one server to another in Windows NT 4.0 and in Windows 2000
Dhcpexim.exe – Tool for exporting database from NT4 or 2000 DHCP
Creating diskettes on Windows
Complete the following steps to create a diskette:
1. Insert the IBM ServeRAID Support CD into the CD-ROM drive.
2. Insert a blank diskette into the diskette drive.
3. Open a DOS window.
4. At the command prompt, type the following and press Enter:
e:diskettetoolsdsk4w32 e:diskettediskettetypedisketteimage a:
where
• e is the drive letter for the CD-ROM drive.
• diskettetype is scsi or sata, depending on the driver type.
• disketteimage is the name of the diskette image.
• a is the drive letter for the diskette drive.
5. Remove the CD from the CD-ROM drive.
6. Remove the diskette from the diskette drive and label the diskette appropriately.
If the Print Spooler service is operational:
Open the Printers (Printers and Faxes on Windows XP) folder
delete all of the printers
click File, Server Properties
select the Drivers tab
for each entry:
select the entry
click Remove
Usually, this will do a pretty good job of cleaning out drivers with Windows 2000 and later (not so with Windows NT 4).
If the Print Spooler service is not operational, or you want to make certain there are no printer driver remnants, either follow the instructions below or use cleanspl.exe from the Windows 2000, XP or 2003 Resource Kit (http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en). cleanspl.exe from the Windows 2003 Resource Kit tools will work on Windows XP.
Some information about cleanspl.exe:
cleanspl.exe does a very thorough job of cleaning up the print spooler stuff, but it does not remove the spooler service dependency on the Lexmark service (see special information about Lexmark printer drivers).
You can use it to clean up the spooler stuff on another computer (i.e. remotely).
When you run it, it asks you if you want to remove some things that are actually delivered (and installed by default) with Windows. In most cases, you should answer No to the corresponding prompts (you don’t want to remove the Standard TCP/IP Port or the BJ Language Monitor).
Here’s how to clean up the print spooler stuff if cleanspl.exe is not available or you prefer to do things manually.
Warning! be very careful using regedit – if you delete the wrong things, you may render your computer inoperative!
open regedit (e.g. click Start, key regedit and press Enter)
navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintEnvironmentsWindows NT x86Drivers
under this key, there will be the keys Version-2 and Version-3 (one or the other of these may be absent – not a problem)
the sub-keys under these contain the printer driver configuration information
delete all the sub-keys inside Version-2 and Version-3, but not these keys themselves
The Microsoft Knowledgebase article at http://support.microsoft.com/default.aspx?scid=kb;en-us;312052 lists some other registry entries to delete, but this is not usually necessary.
open a Command Prompt window
key the commands
net stop spooler
net start spooler
open Windows Explorer
navigate to %systemroot%system32spoolprinters and delete any files there. By default, this is where the print spooler stores print files.
navigate to %systemroot%system32spooldriversw32x86 (%systemroot% is usually Windows, but it might be winnt or something else; this is set when the OS is installed).
inside w32x86, there will be folders with the names 2 and 3 (one or more of these may be absent – not a problem)
delete all of the files and sub-folders in each of the 2 and 3 folders, but not the folders themselves
inside w32x86, there may be other folders with names starting with “hewlett_packard”, “hphp” or something else; delete these folders also
restart the print spooler (see steps 8 and 9 above)
From query analyzer run select serverproperty(‘productlevel’)
Thanks Henk
@echo off
cacls %1 /T /P “DOMAIN%1”:F “DOMAINDomain Admins”:F < y
chown -r -v -d DOMAIN %1 [Userfolder Path]%1*