Site Redesign

Undergoing some major redesigns, please bear with me

Auto remove old accounts from AD

From Scott Lowe:

http://blog.scottlowe.org/2006/05/19/semi-automatic-account-maintenance/

Continuing in my “semi-automatic” theme, here’s some information on using command-line utilities to help automate account maintenance.  By combining dsquery and a third-party replacement for Dsmove (since Dsmove has some problems), we can streamline account maintenance policies for Active Directory.

First, the problem with Dsmove.  The Dsmove.exe utility is supposed to be able to take DNs on standard input (stdin) and move them (with or without a rename operation at the same time) to a new location in Active Directory.  Unfortunately, it doesn’t work; for some reason, Dsmove won’t accept the output of Dsquery, even though that output works with Dsmod and Dsrm.  I found numerous references to this same problem (here’s one) via a Google search, so I know I’m not alone.

Fortunately, there’s a free third-party replacement that steps up to the plate to fill in for dsmove, and it’s call AdMod.  AdMod does more than just move objects; it can also modify objects as well.  For our purposes, however, we’re just going to use it to move objects.

We’ll start out with the Dsquery command again, this time to find inactive accounts:

dsquery user -inactive 4

This will find all the user accounts have have been inactive (not logged into) for more than 4 weeks.  Pipe this into the Dsmod command to automatically disable them:

dsquery user -inactive 4 | dsmod user -disabled yes

This ensures that any account that has not been used in more than 4 weeks will be automatically disabled.  Now, we can bring in AdMod to help us keep those disabled accounts manageable:

dsquery user -disabled | admod -move “ou=Disabled
Accounts,dc=example,dc=net” -safety 100

This will automatically gather all the disabled accounts and move them into the Disabled Accounts OU automatically.  Note the “-safety 100” parameter; this means that if more than 100 objects will be affected, the command won’t proceed.  This can be replaced with the “-unsafe” parameter if this fail-safe isn’t necessary.

So, put this into a batch file, schedule it to run once a week, and it will take care of those inactive accounts that are no longer being used.  (This will make those security guys pretty happy.)

Remotely enable RDP

via
Brian Desmond’s Blog

Here’s a simple trick that I’ve used countless times for enabling remote desktop on an XP or 2003 machine remotely.
Just connect to the remote machine with regedit (or use reg.exe from the command line if you want), browse to HKLM\System\CurrentControlSet\Control\Terminal Server, and set or create fDenyTSConnections (a DWORD) to 0.

MS Scriptomatic

Must remember to check this out at some point in the future:

Microsoft TechNet: Scriptomatic Tool

2k3 Admin Pack in Vista

In case you hadn’t noticed (Or like me aren’t using Vista and don’t really care yet) the windows 2k3 admin pack doesn’t work with Vista.  That’s because MS fails at registering DLL’s.

Thankfully, one poor soul at MS helpfully solved the issue, and MS has given us a fairly simple fix:

http://support.microsoft.com/default.aspx/kb/930056

Relevant portion below as MS likes to move their KB articles around over time:

To resolve this issue, register the Windows Server 2003 management tools on a domain user account. To do this, follow these steps:

1.	Log on to Windows Vista as a user who has local administrator permissions.
2.	Create the RegisterAdminPak.cmd script. To do this, follow these steps: a. Start Notepad, and then open a blank document. b. Paste the following code to the document in Notepad: @echo off REM RegisterAdminPak.cmd REM (c) 2006 Microsoft Corporation. All rights reserved. set filelist=adprop.dll azroles.dll azroleui.dll ccfg95.dll set filelist=%filelist% certadm.dll certmmc.dll certpdef.dll certtmpl.dll set filelist=%filelist% certxds.dll cladmwiz.dll clcfgsrv.dll clnetrex.dll set filelist=%filelist% cluadmex.dll cluadmmc.dll cmproxy.dll cmroute.dll set filelist=%filelist% cmutoa.dll cnet16.dll debugex.dll dfscore.dll set filelist=%filelist% dfsgui.dll dhcpsnap.dll dnsmgr.dll domadmin.dll set filelist=%filelist% dsadmin.dll dsuiwiz.dll imadmui.dll lrwizdll.dll set filelist=%filelist% mprsnap.dll msclus.dll mstsmhst.dll mstsmmc.dll set filelist=%filelist% nntpadm.dll nntpapi.dll nntpsnap.dll ntdsbsrv.dll set filelist=%filelist% ntfrsapi.dll rasuser.dll rigpsnap.dll rsadmin.dll set filelist=%filelist% rscommon.dll rsconn.dll rsengps.dll rsjob.dll set filelist=%filelist% rsservps.dll rsshell.dll rssubps.dll rtrfiltr.dll set filelist=%filelist% schmmgmt.dll tapisnap.dll tsuserex.dll vsstskex.dll set filelist=%filelist% w95inf16.dll w95inf32.dll winsevnt.dll winsmon.dll set filelist=%filelist% winsrpc.dll winssnap.dll ws03res.dll for %%i in (%filelist%) do ( echo Registering %%i ... regsvr32 /s %%i ) echo. Echo Command Completed c. On the File menu, click Save. d. In the Save as type box, click All Files, type C:\Users\UserAccountName\RegisterAdminPak.cmd in the File name box, and then click Save. Notes UserAccountName represents the folder name of the user who is currently logged in. You must run this script in Windows Vista only.
3.	Run RegisterAdminPak.cmd from an elevated command prompt. To do this, follow these steps: a. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for confirmation, type your password, or click Continue. b. At the command prompt, type the following command, and then press ENTER. Note If you are running a 64-bit version of Windows Vista, type cd %systemroot%\syswow64 before you run the following command. C:\Users\UserAccountName\RegisterAdminPak.cmd

adhoc network drive mapping

As I’m working to consolidate the neat tips I find for a future wiki at work, here’s another neat one:

There is a feature in Windows XP and Vista that not many people know which can save you endless hours and it’s called pushd.

From the command-line if you type:

pushd \\someserver\someshare\somedirectory

Then Windows will automatically map a temporary drive to \\someserver\someshare, change to that drive, then change directory to somedirectory.

When you’re finished you can then type:

popd

Then Windows will change back to your original working directory and remove the mapped drive.

Here is an example:

C:\Temp\> pushd \\someserver\someshare\somedirectory
X:\somedirectory\> del somefile.txt
X:\somedirectory\> popd
C:\Temp\ >

Found at:

http://blog.bartholomew.id.au/2007/12/19/adhoc-mapping-of-network-drives

Shadow Copy Problems

So I just logged on to one of our severs to do windows updates, and I found an issue.  Turns out Shadow Copies hadn’t run since the end of January when we first set it up.  Massive Fail.

Thankfully, Google saved me many hours and much vodka.

TIP:

If Shadow Copies should “Could Not Start” for it’s status in scheduled tasks, delete the following file:

C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_xxx

Then delete the task for shadow copies in scheduled tasks.  Once done, go back to your drive and re-enable shadow copies and you should be good to go.

Visitor counter

I finally did something I should’ve done a long time ago, and added a little visitor counter Jennifer Government style.  So come visit me now!

Rhyme Torrents

WTF?  What happened? Why are you down?  Do you not love me anymore? In the meantime, check out this educational video:http://www.youtube.com/watch?v=5uZr3JWYdy8 

Scientology Exposed

Please watch, and learn