Squiggle dot org

Ever get tired of having seperate windows for Active Directory, DHCP, Group Policy etc etc???

Sick of trawling through Administrative Tools & browsing to your Company website/intranet???

This post details how to create your own custom Admin Toolbar complete with snap-ins that will manage a wide array of your day to day IT administrative duties. You can even embed frequently visitied URL’s such as your Spam filter.

Step 1:

Go to Start>Run>mmc.exe

This opens a blank Windows management console that is ready to be customized

Step 2:

Click File>Add/Remove Snap-in

You can now add items to view on your toolbar I tend to add my frequently accessed stuff rather that everything from Admin Tools as this defeats the point.

Step 3:

Click File>Save As MyAdminPack.msc

I tend to add the file into my Startup folder so it launches first thing in the morning and leave it open throughout the day then there is no need to go trawling through menus each time you want to use Active Directory or check your Spam filter

You will find that this tool saves a lot of time through the day – why not email your Admin Pack to the rest of your IT department so you can all use it?!

Enjoy

If you’re having a problem where collections on your Altiris server are not updating, despite them being set to Membership update: automatic, and the options in ‘Configuration > Server Settings > Notification Server Settings > Automatic Collection updating’ are correctly set…. Take a look at the scheduled tasks on the server… Ours weren’t updating, turned out it was due to the scheduled tasks trying to run with invalid credentials.

After bringing a Windows 2003 cluster back online after an unexpected outage today, we had a problem where the file cluster service group wasn’t coming back online, in particular the disk resource (A separate volume on a SAN) was just stuck in the ‘Online Pending’ state, as were all of its dependant resources, and as it was in the pending state you couldn’t take it offline or move it to another cluster node (Not that it would have helped!).

The event log wasn’t too helpful about what the issue might have been, until I came across an entry advising that the volume on the SAN should have ‘chkdsk /f’ run against it. Wondering how you can perform a chkdsk on a volume that the system is having problems mounting it, I turned to google and found the following KB article: How to run the “chkdsk /f” command on a shared cluster disk. The article starts to explain how the chkdsk can be performed, but mentions the following interesting point:

” If the dirty bit was previously set, Chkdsk may automatically run and the Physical Disk resource may take awhile to come online. In Windows NT 4.0, you will see a Command Prompt window with Chkdsk running. In Windows 2000, if you open Task Manager you will see Chkdsk running as a process.”

A quick look in task manager did indeed reveal the chkdsk process running! And the output was being dumped into a file in c:\windows\cluster\chkdsk……. – although not brilliant to read ‘type c:\windows\cluster\chkdsk…’ at the command line made it a bit better to look at! Once the chkdisk had completed (After around 3hrs on our 1.7TB volume!) it came straight online again!

I believe that the chkdsk process could have been killed to quickly bring the volume back online again, but as the dirty but was set, it’s most probable that the same thing will happen next time the disk resource moves nodes.

Sometimes when trying to uninstall a foobar’d installation of the Symantec antivirus client, the uninstall password isn’t accepted, despite entering the correct one… The default is usually ‘symantec’.

A little work around is to disable the uninstall password by altering a registry key:
HKLM \ SOFTWARE \ INTEL \ LANDesk \ VirusProtect6 \ CurrentVersion \ AdministratorOnly \ Security
Then set ‘UseVPUninstallPassword’ to 0.

On alot of systems (especially mobile ones!) it’s often useful to use the ‘Automatically detect settings’ in the Internet Explorer configuration, so that if a proxy is available on the network it will get detected via WPAD, and if there isn’t one, the system connects directly.

I configure this setting on alot of clients using group policy, and it works as you’d expect with IE6. However, after rolling out an upgrade to IE7 to a handful of test systems I noticed that this setting was being ignored, despite it showing on a RSOP for the user/system – although other IE settings such has homepage etc do still continue to be applied to IE7.

Apparently the proxy settings are not being applied because standard users cannot change them after installation. A workaround for this is to set the following GPO:

Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Make proxy settings per-machine (rather than per-user) = DISABLED

 This needs to be set to disabled – not configured won’t cut it! After setting this ‘gpupdate /force’ might be your friend too!

Failing that, run RSOP.msc on a computer with the issue, and navigate to the ‘Automatic browser configuration’ section in IE maintainance under the user policies, then look under the ‘Auto-cfg detect precedence’ tab, ensure that none of the policies set here are set to disabled.

In previous versions of Windows, we could install the Windows Server 2003 administration/management tools in order to perform administration tasks on remote servers from your workstation. With Vista these tools kind of install, but don’t fully work. Luckily with Vista SP1 Remote server administration tools (RSAT) is now available as a MS download.

RSAT – 32-Bit version (KB941314)
RSAT – 64-Bit version (KB941314)

Once installed, you won’t see anything new on your system… All the installer does is add some new entries in the windows features list. To fully enable them goto ‘Control panel’ > ‘Programs and features’ > ‘Turn windows features on or off’… You should hopefully see an entry in here that you can tick to install them.

I don’t understand why the isntaller doesn’t just automatically turn the feature on if you’re installing it anyway, but it doesn’t bother me that much – it’s not like i’m rolling this out to hundreds of users!

If you’re rolling out Vista to client systems using MS WDS (Windows deployment services) it’s quite useful to ‘inject’ drivers into the image, so that Windows recognises extra devices from the start.

You’ll need the Windows AIK (Automated Installation Kit) installed in order to get the tools required – It’s a free download from Microsoft.

The first thing to do is mount the .wim image. From the start menu, open a Windows PE tools command prompt, then use the following command:

imagex /mountrw "d:\path\to\install.wim" 1 C:\mountDir

This will mount the image into c:\mountDir (You’ll need to have this dir created beforehand remember!). Now that the image is mounted we can inject drivers into it, you’ll need to have the drivers in a directory, and they must contain .inf/.cat files etc. A standalone .exe or .zip won’t work here! Inject them like this:

peimg /inf="d:\path\to\drivers\*.inf" C:\mountDir

This should go through all the inf files in your drivers directory and inject them into the image, now we need to unmount and save the changes to the wim image:

imagex /unmount /commit C:\mountDir

At this point the .wim image is updated with the drivers, and it’s ready to be stuck on a WDS server for deployment to clients!

To keep active directory clean of old computer accounts, I run a script on a monthly schedule that finds computers that haven’t sync’d passwords for their machine accounts in 120 days or so. It also does some other clever stuff like working out which user the system belonged to, and if they have a new system, then emails the output and action is taken appropriatly (I doubt many people want auto-deletions of system accounts!).

Someone pointed out to me that a very old system wasn’t getting picked up by the script, so I had to do some debugging…

Running Microsofts AD LDAP browser (adsiedit.msc) let me find the system in question, and looking at the properties of it there was a value for ‘pwdLastSet’, but it wasn’t in a standard date format. After a bit of research, it turns out that this is in the Integer8 format,  this is a 64-bit / 8 byte number that stores the date/time in 100nanosecond intervals. Great. But when the hell was ’128509137717192405′ ?!

Easy… You can convert a Integer8 date format by using the ‘w32tm’ command….

Z:\>w32tm /ntte 128509137717192405
148737 10:16:11.7192405 - 25/03/2008 11:16:11 (local time)

So that explains why the system wasn’t appearing in my old systems list, it had sync’d passwords only a couple of months ago.

If you’ve got a directory on a system that you don’t want the Altirs inventory solution to process when the software inventory runs, it’s quite easy to get it to exclude it. For example, A SAN volume that is mounted as a local disk on a server with userfiles on might cause the fileserver to incorrectly appear in custom inventory collections because of this.

You need to locate the the ‘auditpls.ini’ file in the inventory package on the Altiris server, and add an additional EXCLUDEDIR line under the [LOCALMACHINE] heading, then update the distribution points for the package. Hopefully your clients running the inventory agent should download the updated ini file when they next check in, and next time they run the scheduled inventory the exclusion will be taken into consideration!

I had a problem today with one of our FTP servers… We have a client that has an automated process set up that uploads data to our server, which is then processed by us.

I had to recreate the account used for this, but then realised I didn’t know the original password, and getting the client to find it wouldn’t be an easy option!

After a bit of digging for a packet sniffer, I came accross Smartsniff and was instantly impressed!

It’s one of those tools that you can pick up and start using right away, without having to spend ages installing dependancies or figuring it out, and it’s just a single exe, so very portable. I also really like the fact that it assembles certain TCP communications into a readable conversation (See above) – very easy to recover a saved FTP password that you don’t know!

Get it from nirsoft.net, along with a whole stack of other neat tools!