Skip to main content

Posts

Showing posts from November, 2009

How to configure TS Gateway and AD in a DMZ?

Remember from class that there are scenarios when the Remote Desktop Gateway server needs to be a member of the Active Directory environment: · If you configure a TS Gateway authorization policy that requires that users be domain members to connect to the TS Gateway server. · If you configure a TS Gateway authorization policy that requires that client computers be domain members to connect to the TS Gateway server. · If you are deploying a load-balanced TS Gateway server farm. The article below gives detailed information on what DMZ sceneries will work with Active Directory and Remote Desktop Gateway. http://blogs.msdn.com/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx

Shutdown switches for Server Core.

Below is a copy of the help file for the Shutdown Command. Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f] [/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]] No args Display help. This is the same as typing /?. /? Display help. This is the same as not typing any options. /i Display the graphical user interface (GUI). This must be the first option. /l Log off. This cannot be used with /m or /d options. /s Shutdown the computer. /r Shutdown and restart the computer. /g Shutdown and restart the computer. After the system is rebooted, restart any registered applications. /a Abort a system shutdown. This can only be used during the time-out period. /p Turn off the local computer with no time-out or warning. Can be used with /d and /f options. /h...

Is there an ESCAPE key in Powershell?

Yes there is. In other programming languages, you may have encountered the backslash ( \ ) and the start of an escape sequence. It is a little different in PowerShell. We use the backtick character ( ` ). It is usually found on the key to the left of the number ( 1 ) key and shares the key with the tilde ( ~ ). Here are a few examples Character Escape Code Null `0 Alert `a Backspace `b Form Feed `f New Line `n Carriage Return `r Tab `t Vertical quote `v Below is a script the will demonstrate a few of these. # ====================================== # Script Name: EscapeCodeDemo.PS1 # Author: Jason A.Yoder, MCT # Company: MCTExpert, Inc. # Website: www.MCTExpert.com # Blog: www.MCTExpert.blogspot.com # Version: 1.0 # Created: September 14, 2009 # Purpose: To demonstrate the different # escape s...

Can you specify the connection to reconnect to in Terminal Server?

You can utilize the TSCON command to connect to a active or disconnected session. Reference: http://support.microsoft.com/kb/321703 I did find a warning about consoles being unlocked from this command so you may also want to look at this article: http://support.microsoft.com/kb/302801 I did notice that in testing, this transfers the connection to your console and ends the connection with the client that the user in logged in on.

Does MCP Certifications Expire?

Microsoft Certifications do not expire. They simple lose value with time. For example, an MCSE on Windows NT 4 was all the rage in 1998. In 2009, that certification will not go far in a job interview. Microsoft publishes "upgrade" exams to help keep you up to date in your certification. The upgrade exams test you thoroughly on the new features of the OS. If you were starting for scratch or with a very outdated MCSE, you will have to take all the exams. This will not only test your knowledge of the new features, but also the basics that the certification requires. Here is a little Q and A I pulled from a Microsoft site: Q. How long will the certification be valid? A. For our newest credentials, such as Microsoft Certified Technical Specialist (MCTS), Microsoft Certified IT Professional (MCITP), and Microsoft Certified Professional Developer (MCPD), the credential retires along with the product support for the technology being tested. The credential w...

Control user experience through GPO in Terminal Services.

The users experience in Remote Desktop is going to be controlled by one of three ways. 1) You can configure the options on the Remote Desktop Connection on each workstation. That is not ideal in any environment beyond one or two clients. You can control 2) You can open Terminal Services Configuration . Right click RDP and select Properties . Then under the Client Settings tab, you can control the color depth and device redirection for that Terminal Server. 3) You can utilize GPOs at Computer Configuration à Policies à Administrative Templates à Windows Components à Terminal Services à Terminal Server Remember to test your users experience across the slowest network connection that will be used. Latency will drive up cost due to lost productivity, not to mention your users tempers. Easy ways to decrease latency is to limit the maximum color depth. Many application will work well in 8 or 15 bit color. Restricting device redirection may a...

If you name a computer and then prestage it, will it change the name?

For prestaging to work in Windows Server 2008, you need to have WDS (Windows Deployment Services) installed. This is a role and can be installed from the Server Manager . Once WDS is installed, it makes a change to Active Directory Users and Computers. Before this change, when you create a computer name, it would not give you the option to set This is a managed computer . You would simply click OK and be done. After the change, you would enter the computers name and click Next . At this point you can provide the GUID for the new computer. You will find the GUID on the computer or on the shipping material. Now the computer is ready for installation utilizing WDS. The name will then be changed to what you set it to.

How to access remote computers with PowerShell?

Windows PowerShell V2 allows you to access remote computers and execute PowerShell commands on those remote clients. The following steps illustrate how to create a session with a single client. For every client that we will be remotely accessing, we need to run the command: Winrm quickconfig Press Y at all prompts. This will open the ports on the firewall that we need open for remote management. Now, on the copmuter that will be making the remote connection, type: Enter-PSSession –computerName ComputerName In my case, the ComputerName parameter is MCT-1. Once the session is established, your prompt will look like this: [MCT-1]: PS C:\Users\Administrator\Documentss> Go ahead and type Get-Service . You should notice that what is returned is the services from the remote client. Type Exit to return to your local client. Now what about multiple sessions? Once you have run WinRM QuickConfig on multiple clients, you can set up multiple sessions. ...

What does the Delegate default credentials in lab 1 of MOC 6428 do?

In lab 1, Exercise 1, Task 4, we were asked to set a GPO policy to Allow Delegating Default Credentials . We set this delegation to NYC-TS-01 which was our terminal server. The reason that we did this was to support the SSO (Single Sign On) capability in Windows Vista and Windows 7. You may notice that when credentials are required, the client goes into the secure desktop mode. Not even the client software knows what you have typed. This is a security enhancement for you Windows Vista, Win7 and Win2008 environments. Reference: http://technet.microsoft.com/en-us/library/cc749211(WS.10).aspx

When executing MSTSC /Admin, is it really the console you are on?

Testing shows that the Session ID is and RDP Session and not console when launching a remote session with the command MSTSC /admin. The purpose behind this is to allow you to connect to a terminal server without consuming a TS CAL. Reference: http://windowsitpro.com/article/articleid/97716/what-is-the-admin-switch-in-microsoft-terminal-services-client-mstsc-for-windows-2008-and-vista.html

How to parse data in an XML file.

PowerShell gives us many options for working with different types of data. One of the questions from class was how to parse through data in an XML file. Before we explore parsing through an XML file, we need to first create one. Get-Process | Export-Clixml C:\xmlfile.xml If you double click the xmiFile.xml , it will open to show you the contents of the file in XML. Now we need to import this file into a variable so we can work with it. $a = import-Clixml c:\xmlfile.xml We can view the contents of the file by typing $a . Since we exported an object to the XML, the import will have properties. Go ahead and type $a | gm . The data was also entered into the variable $a as an array. Type $a.count to get the number of cells in the array. Since the variable is an array with properties, we can enumerate the values of each item. For example, type $a[0].name . Using this information we can parse the data for what we are looking for. Let's filter the data: $a | where ...

When you remove the Run command from the start menu in a GPO, does it also remove it from the task manager?

Years back during the NT4/Win95 days, you were able to remove the users ability to run programs using the Windows NT4 system policies. The problem was that there were multiple ways to execute a program that the system policies did not address. Flash forward to Windows Sever 2008. By setting the Group Policy setting of User Configuration\Administrative Templates\Start Menu and Taskbar\ Remove Run menu from Start Menu to Enable , you will do the following. · The Run command is removed from the Start menu. · The New Task (Run) comm. · and is removed from Task Manager. · The user will be blocked from entering the following into the Internet · Explorer Address Bar: o A UNC path: \\ \ o Accessing local drives: e.g., C: o Accessing local folders: e.g., \temp> David discovered that you can still get to the CMD window with this procedure: · [Window Key] E will open Windows Explorer. · Bro...