Skip to main content

Posts

Showing posts from 2009

How to audit changes in AD Objects

Windows Server 2008 offeres the ability to record changes to AD objects. Both what the value of the object was, and what it is now. It also records who did it. Below is the procedure to set it up. - Open Group Policy Manager - Expand you forest until you get to the Default Domain Policy . - Right click the Default Domain Policy and click Edit . - Expand Computer Configuration --> Windows Settings -->Security Settings --> Local Policies and click Audit Policy . - Set Audit directory services access to log both success and failures. - Close Group Policy Manager . - Open a command prompt. - Type auditpol /set /subcategory:"directory service changes" /success:enable You can verify the current settigns by using the following command: auditpol /get /category:"DS Access" In the lab, the next step was to create and modify user account. What the lab did not do is tell us to enable auditing for the account being used. - Open Active Directory Users

Can you mark a variable as global and have it available in multiple shells.

After testing this, I am going to say no. My test was run on Windows Vista with PowerShell V2 CTP 2. I first created a global variable in one shell. $Global:Var123 = “Hello World” I then verified it by typing Get-Variable . I opened a second PowerShell shell and typed $Var123 ....nothing. I then executed Get-Variable and confirmed that the variable was not present in the second shell.

Find the FSMO role holders with DCDiag

DCDiag.exe is the Domain Controller diagnostic tool. It is designed to assist you in troubleshooting . You can utilize this tool to discover the current FSMO role holders by executing the command DCdiag /test:Knowsofroleholders /v . The output of this command is below with the role holders highlighted in red. Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine MCT-1, is a Directory Server. Home Server = MCT-1 * Connecting to directory service on server MCT-1. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=MCTNet,DC=com, LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=MCTNet,DC=com Getting ISTG and options for the site * Identifying all servers. Ca

How to Use Date/Time Information From Custom Logs in PowerShell. Part 2 of 2.

Last Tuesday in part I of this series, we looked at how to use the built in Date/Time methos to find how long ago an event was written in a Windows event log. But what about date/time information that we cannot receive in the correct format because it came from a third party product? No problem. We will work with what data is provided. The Get-Time cmdlet returns an object of System.DateTime fortunatly, using the New-Object cmdlet, we can create a new System.DateTime object with information from our logs. Your first task will be to parse the data so you can extract as much date time information as possible. Once you have done that, you need to create a DateTime object. $MyDate = New-Object System.DateTime . Now take a look at the contents of this object. $MyDate To view the information that we need to plug into this object, type $MyDate | FL . By changing just one property of this object, we will get it to reflect our date. Type $MyDate | GM -MemberType ScriptPro

Does 2008 have ABE turned on by default?

Yes it does. Access Based Enumeration allows Windows Server to hide folders in shares that a user does not have permissions to open. For example, lets say that we have a share named Public. Both Jack and Jill have change permission on the share. There are 2 folders inside of the Public folder. Jack has read permission to both folder 1 and folder 2. Jill only has write permission to folder 2. Without Access Based Enumeration, when Jill accessed the Public share, she would see both folders. With Access Based Enumeration, Jill would see only folder 2, but Jack will see both folder 1 and folder2. This is because Jill does not have any NFTS permissions on folder 1. In Server 2008, Access Based Enumeration is turned on by default on network shares. For it to work, the users must access the data through a share. It will not function for locally logged on users accessing the data directly. To manually enable/disable ABE:  Click Start  Administrative Tools  Share and Storage Management 

Lab Launcher Does not Display

A problem that I've seen with the new lab launcher is sometimes when a students starts it, the lab launcher will appear in the task bar, but not on the screen. Clicking the task bar does not work. Right clicking the lab launchers and selecting Restore does not help either. Try this: - Right click the Lab Launcher in the tesk bar. - Click Move . - Press the left arrow button. - now move the mouse. The lab launcher app should appear on the screen.

How to Use Date/Time Information From Custom Logs in PowerShell. Part 1 of 2.

PowerShell offers us some neat tools to help reduce our coding. In Part I, we are going to look at how to extract date/time information from the Windows event logs and do date/time math. In part II, we will look at how to use date/information from a third party log and utilize the same date/time methods that PowerShell offers us from the Windows logs. Let’s look at the format that time is given to us in PowerShell. Get-Date Now, let’s look at how date/time data is represented from using the Get-EventLog cmdlet. We will be gathering data from the Application log for the demonstration. Notice that we are provided the month in a thee character format. The day is present but not the year. The hour and minutes are in a 24 hour format. Let’s put the output of the event log into a variable. $A = Get-EventLog “Application” Note, this may take a few minutes. Once completed, we are going to determine the last event in the log. Since the objects of the event log are now st

Can you stop Server Core from rebooting with Auto Updates turned on?

Server Core can be configured via group policy to utilize your Windows Server Update Service (WSUS) environment. The problem is this. The server core will reboot. Unlike the GUI versions of Windows, you cannot receive little popup windows asking you to reboot the computer to complete the update installation. Server Core will reboot. To get around this will require you to manually update the server. To do this, you will need to download the .MSU files for the patches and install them using Windows Update Stand-alone Installed (Wusa.exe). In particular, you will want to add the /quite and the / norestart switches to the command line. This will prevent Server Core from reboot until you have installed all your updates and perform the reboot manually. Instructions for this procedure are in the link below. http://Support.microsoft.com/kb/934307

Does BitLocker allow alpha numeric PINs?

With Windows 2008 R2 and Windows 7, you can allow for alpha numeric characters for your operating system drives. The Group Policies in Windows Server 2008 R2 have expanded from the R1 version. In the R2 version, you have the option of configuring BitLocker for fixed drives, operating system drives, and removable data drives. Expand Operating System Drives and open Allow enhanced PINs for startup . Setting this policy will allow your BitLocker PINs to have both upper and lower case letters, symbols, and spaces. Reference: http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx

How to configure TS Gateway and AD in a DMZ?

Remember from class that there are scenarios when the Remote Desktop Gateway server needs to be a member of the Active Directory environment: · If you configure a TS Gateway authorization policy that requires that users be domain members to connect to the TS Gateway server. · If you configure a TS Gateway authorization policy that requires that client computers be domain members to connect to the TS Gateway server. · If you are deploying a load-balanced TS Gateway server farm. The article below gives detailed information on what DMZ sceneries will work with Active Directory and Remote Desktop Gateway. http://blogs.msdn.com/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

Shutdown switches for Server Core.

Below is a copy of the help file for the Shutdown Command. Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f] [/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]] No args Display help. This is the same as typing /?. /? Display help. This is the same as not typing any options. /i Display the graphical user interface (GUI). This must be the first option. /l Log off. This cannot be used with /m or /d options. /s Shutdown the computer. /r Shutdown and restart the computer. /g Shutdown and restart the computer. After the system is rebooted, restart any registered applications. /a Abort a system shutdown. This can only be used during the time-out period. /p Turn off the local computer with no time-out or warning. Can be used with /d and /f options. /h

Is there an ESCAPE key in Powershell?

Yes there is. In other programming languages, you may have encountered the backslash ( \ ) and the start of an escape sequence. It is a little different in PowerShell. We use the backtick character ( ` ). It is usually found on the key to the left of the number ( 1 ) key and shares the key with the tilde ( ~ ). Here are a few examples Character Escape Code Null `0 Alert `a Backspace `b Form Feed `f New Line `n Carriage Return `r Tab `t Vertical quote `v Below is a script the will demonstrate a few of these. # ====================================== # Script Name: EscapeCodeDemo.PS1 # Author: Jason A.Yoder, MCT # Company: MCTExpert, Inc. # Website: www.MCTExpert.com # Blog: www.MCTExpert.blogspot.com # Version: 1.0 # Created: September 14, 2009 # Purpose: To demonstrate the different # escape s

Can you specify the connection to reconnect to in Terminal Server?

You can utilize the TSCON command to connect to a active or disconnected session. Reference: http://support.microsoft.com/kb/321703 I did find a warning about consoles being unlocked from this command so you may also want to look at this article: http://support.microsoft.com/kb/302801 I did notice that in testing, this transfers the connection to your console and ends the connection with the client that the user in logged in on.