Posts

Showing posts from April, 2012

What is an SNTP?

Image
The Simple Network Time Protocol (SNTP) is a simpler version of the Network Time Protocol (NTP). SNTP synchronizes the time between networked computer systems and is relied on when data is being transferred via the Internet. The NTP protocol is one of the most established protocols still used on the Internet. It uses a GPS or radio clock to tell time and is accurate past the seconds place. Why is the SNTP Necessary?The need for precise time synchronization has continued to increase with the evolution of computer technology over the past several decades. In the networking field, network servers and their client computers require precision to the millisecond and beyond in order to ensure data file transfers occur without errors. Computers also require specific time synchronization in order to ensure data packet and email delivery in the proper sequence to destination networks and email recipients. The importance of the SNTP and NTP protocols exponentially expands with the number of compu…

Prepare your Domain for the Windows Server 2008 R2 Domain Controller

Image
Before installing the first Windows Server 2008 R2 domain controller (DC) into an existing Windows 2000, Windows Server 2003 or Windows Server 2008 domain, you must prepare the AD forest and domain. You do so by running a tool called ADPREP.



ADPREP extends the Active Directory schema and updates permissions as necessary to prepare a forest and domain for a domain controller that runs the Windows Server 2008 R2 operating system. Note: You may remember that ADPREP was used on previous operating systems such as Windows Server 2003, Windows Server 2003 R2 and Windows Server 2008. This article focuses on Windows Server 2008 R2. What does ADPREP do? ADPREP has parameters that perform a variety of operations that help prepare an existing Active Directory environment for a domain controller that runs Windows Server 2008 R2. Not all versions of ADPREP perform the same operations, but generally the different types of operations that ADPREP can perform include the following: Updating the Active Dire…

Find Out Who Is Logged Into A Server And Kick Them Off

If you remote onto a Windows server with any kind of regularity, you will probably have come across a scenario where the number of concurrent connections has reached the limit. This is often followed by shouting across the office or sending an email asking people if they are connected and whether they can log off so you can get on. Well, shout no longer as you can find out who's logged onto a machine by running this simple command in command prompt. In this example, the server name is "YOURSERVERNAME". query session /server:YOURSERVERNAME And if you find out that someone has logged in and then left the country, you can kick them off too - the above command will tell you each user's session id and you can use this to boot them off the box. In this example, the session id is 1.
rwinsta /server:YOURSERVERNAME 1

How to track users logon/logoff

The Auditing
Option 1:

1. Enable Auditing on the domain level by using Group Policy:

      Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy
      There are two types of auditing that address logging on, they are Audit Logon Events and Audit Account Logon Events.

      Audit "logon events" records logons on the PC(s) targeted by the policy and the results appear in the Security Log on that PC(s).

      Audit "Account Logon" Events tracks logons to the domain, and the results appear in the Security Log on domain controllers only


2. Create a logon script on the required domain/OU/user account with the following content:

     echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >>
        \\SERVER\SHARENAME$\LOGON.LOG

3. Create a logoff script on the required domain/OU/user account with the following content:

     echo %date%,%time%,%computername%,%username%,%sessionname%,%logonserver% >>
        \\SERVE…

Migrating Server 2003 to Server 2008 R2

1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
2. Make the new server become a member server of the current Windows Server 2003 domain first.
3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep /forestprep" command on old server.
Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
Drive:\sources\ADPREP\adprep.exe /forestprep

How do I create a MSI wrapper over EXE installation files?

In order to exemplify the procedure, we will assume to wrap three .EXE installers "test1.exe", "test2.exe" and "test3.exe" into a .MSI. Here are the steps:

1. In Product Details Tab (Product Details Page) under "Add or Remove Programs (Control Panel)" group, uncheck the "Register product with Windows Installer" option. We don't want the wrapper to appear in "Control Panel" -> "Add or Remove Programs" as an installed program.

2. Go to Files and Folders Page and add the .EXE installers in the "Application Folder".

3. Create a .BAT file with the following content and add it in the Files and Folders Page:

"|InstallPath|test1.exe"
"|InstallPath|test2.exe"
"|InstallPath|test3.exe"

5.  In the same folder, using the toolbar or context menu, create a text file update for the .BAT file. This file update should include a single replace operation:

Find : |InstallPath|
Replace : [A…

How to deploy a MSI on multiple machines by using Group Policy.

1. Methods of deployment

Group Policy supports two methods of deploying a MSI package:

Assign software - A program can be assigned per-user or per-machine. If its assigned per-user, it will be installed when the user logs on. However, if its assigned per-machine then the program will be installed for all users when the machine starts.
Publish software - A program can be published for one or more users. This program will be added to the Add or Remove Programs list and the user will be able to install it from there.

2. Create a distribution point

The first step in deploying a MSI through GPO is to create a distribution point on the publishing server. This can be done by following these steps:

A.log on to the server as an Administrator user
B. create a shared network folder (this folder will contain the MSI package)
C. set permissions on this folder in order to allow access to the distribution package
D. copy the MSI in the shared folder
E. In the shared folder you can also perform an admin…