So yeah, I’m starting to get into this whole web 2.0 stuff finally. You can now follow me on twitter at twitter.com/Able_X, and I finally got around to buying a decent webcam, and I just uploaded a test video to my youtube.

Enjoy teh suck

Once again, the internet proves that any computer problem you find yourself with, the internet has already had:

http://blogs.technet.com/jhoward/archive/2006/06/22/438094.aspx

Shadow Copy failures: Scheduled task fails with General page initialization failed, error 0x8007000d.

I’ve rippled through quite a few nagging problems since my server failure at home a few weeks ago. One of the more intriguing problem I only noticed a couple of days ago. One server had not been running scheduled Shadow Copies. When you schedule shadow copies in Windows Server 2003 R2, not suprizingly it sets up a normal Windows Scheduled Task with name ShadowCopyVolume{volume} as shown below.

But, as you can see, it’s never run and has status “Could not start”. If you double click the task, you get the error “General page initialization failed. The specific error is 0x8007000d: The data is invalid”. Once you dismiss the dialog, you see the normal task details, but cannot edit the user field (greyed out and blank). You could however create manual shadow copies, so that pretty much narrowed it down to a problem with the scheduled task rather than shadow copies itself.

Some searching on Technet and the MS Knowledgebase drew a blank (or at least nothing appearing to be directly relevant). There’s an article here which gives some information which is close but only allows you to setup the task again with a domain account. I didn’t want to do that as the Shadow Copy scheduled task is supposed to run under the NT AUTHORITY\SYSTEM account.

However, I bow to Anil’s greater knowledge from his blog entry here, specifically the update part at the end. Indeed, deleting C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_xxxx”, deleting the scheduled task, disabling shadow copies and setting it back up again with a schedule creates it correctly.

Thanks Anil!
Cheers,
John.

Ok, so normally i’m not a product whore, but I found a really neat tool for monitoring windows servers at www.poweradmin.com

I’ve loaded it up on our data server and it enables all kinds of monitoring and notification options. I’m gonna keep it monitoring this server for a bit, and if it seems to stay as good as it looks now, I’ll add more servers to my monitoring. The all in one place monitoring is slightly awesomesauce as well.

1) Snag the GRC.DAT file from the Parent Server (this contains all the info on the parent server) and is located:

Via lifehacker.com

I’ve been messing around with a way to mark my thumb drive so it will (maybe) be returned if I lose it. Chances are, I won’t actually “lose” it; I will leave it at the house of a friend or at work. But I want to get it back—ASAP—without having to call all over the universe to find it. Of course, the drive is encrypted so i don’t need to worry about data falling into the wrong hands. I only worry about having to rebuild EVERYTHING because I carry my life on my thumb drive.

After trying out a splash screen and a launch.bat file, Jill decided she wanted something simpler and more obvious. She says:

I decided to just label my drive something other than “Removable Disk” and add an eye-catching custom icon to it.

So I created a next text file in Notepad, typed the word:

[autorun]

And saved it to the root directory—the “main” area of your drive, not in a folder—as autorun.inf.

I chose a big yellow smiley face for my icon but any brightly colored, unusual icon will be easily noticed. I copied the icon to the root directory of my thumb drive and renamed it myicon.ico.

Then I opened my autorun.inf file and added this text:

icon = .\myicon.ico
label=My Name (mobile xxx-xxx-xxxx)

(Of course, you will substitute your name and your mobile number for the above text.) I saved the file and marked it “read only” and hid it (just as an added sense of security—a lot of people have not learned how to tweak their “Show hidden folders” settings and, thus, will not be tempted to delete or
edit the file.)

Once I unplugged and re-inserted my thumb drive, it looked like this:

Undergoing some major redesigns, please bear with me

From Scott Lowe:

http://blog.scottlowe.org/2006/05/19/semi-automatic-account-maintenance/

Continuing in my “semi-automatic” theme, here’s some information on using command-line utilities to help automate account maintenance.  By combining dsquery and a third-party replacement for Dsmove (since Dsmove has some problems), we can streamline account maintenance policies for Active Directory.

First, the problem with Dsmove.  The Dsmove.exe utility is supposed to be able to take DNs on standard input (stdin) and move them (with or without a rename operation at the same time) to a new location in Active Directory.  Unfortunately, it doesn’t work; for some reason, Dsmove won’t accept the output of Dsquery, even though that output works with Dsmod and Dsrm.  I found numerous references to this same problem (here’s one) via a Google search, so I know I’m not alone.

Fortunately, there’s a free third-party replacement that steps up to the plate to fill in for dsmove, and it’s call AdMod.  AdMod does more than just move objects; it can also modify objects as well.  For our purposes, however, we’re just going to use it to move objects.

We’ll start out with the Dsquery command again, this time to find inactive accounts:

dsquery user -inactive 4

This will find all the user accounts have have been inactive (not logged into) for more than 4 weeks.  Pipe this into the Dsmod command to automatically disable them:

dsquery user -inactive 4 | dsmod user -disabled yes

This ensures that any account that has not been used in more than 4 weeks will be automatically disabled.  Now, we can bring in AdMod to help us keep those disabled accounts manageable:

dsquery user -disabled | admod -move “ou=Disabled
Accounts,dc=example,dc=net” -safety 100

This will automatically gather all the disabled accounts and move them into the Disabled Accounts OU automatically.  Note the “-safety 100” parameter; this means that if more than 100 objects will be affected, the command won’t proceed.  This can be replaced with the “-unsafe” parameter if this fail-safe isn’t necessary.

So, put this into a batch file, schedule it to run once a week, and it will take care of those inactive accounts that are no longer being used.  (This will make those security guys pretty happy.)

via
Brian Desmond’s Blog

Here’s a simple trick that I’ve used countless times for enabling remote desktop on an XP or 2003 machine remotely.
Just connect to the remote machine with regedit (or use reg.exe from the command line if you want), browse to HKLM\System\CurrentControlSet\Control\Terminal Server, and set or create fDenyTSConnections (a DWORD) to 0.

Must remember to check this out at some point in the future:

Microsoft TechNet: Scriptomatic Tool