Windows Server Administration

Have you ever been in charge of creating and syspreping a Vista Image and needed to have the abiltiy to manually enter a computer name rather than have sysprep randomly generate one?

Well this is the situation I am in at the moment, getting a new Notebook Image, Toshiba M750 Tablet, ready for deployment to about 150 students next year.

In the old days of an XP sysprep you could just leave the computer name blank in the sysprep file and as part of sysprep it would prompt you for the name of the computer. But in Vista there is a bug that if you leave the computer name out sysprep will NOT prompt you for one, and what is worse is that when you try and log in you get this error “The trust relationship between this workstation and the primary domain failed”. The work around for this is to use an asterix for the computer name. It will still generate a random name but at least you can login (this may have been fixed in SP1 though, I have not tested it yet). This is still no good for me.
Read the rest of this entry »

I have been reading a bit about wireless security over the past week, as it is part of the 70-642 MCTS Exam “Configuring Windows 2008 Network Infrastructure” that I am currently studying (I will be sitting the exam in the next week or two, so subscribe to my RSS Feed so you don’t miss out on some inside tips !!!). We are curently running a wireless infrastructure with Cisco 1200 Access Points, a Windows 2003 Radius Server and using WEP 128bit (keys auto rotated every hour) encryption and Auto Enrolled Certificates from our Windows 2003 CA for authentication. This has been working pretty well, but with WPA2, an updated version of WPA and comes in two flavours WPA2-PSK and WPA2-EAP, it offers improved security and better protection from attacks. Now if all clients can support WPA2-EAP then this should be your first choice.

To kick things off you first of all need a PKI Infrustructure and enable autoenrollment so that all your wireless clients obtain the correct certificates for the authentication process.

1. Install the Active Directory Certificate Services (ADCS) Role to the server and just use the default settings here.

2. Next Open up the Group Policy Management Console and either edit a policy or create a new one to apply the wireless settings to your clients. The section we want is Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies. In the details pane now you need to right click the Certificate Services Client – Autoenrollment and then select properties. In the Properties dialog box select enabled from the rop down box and then place a tick in the other boxes, which is optional.
Read the rest of this entry »

Continuing on with my Hyper-V Virtual Machine installations, I moved onto a Windows 2008 Print Server after yesterday I spoke about How To Migrate a Windows 2003 DHCP Server to a Windows 2008 Server. These virtuals are x64 based VM’s and as I found out after adding the Print Services Role to the server and then installing a printer to share and connecting to that printer from a 32bit XP Client the server didn’t have appropriate drivers installed and asked me to locate the driver files.

90% of my printers are HP ones so I went to the HP website and downloaded the most recent driver, it turns out they have a “HP Universal PCL 6″ driver. Now this driver appears to do, as the name suggests, provide the correct drivers to all HP Printers!.

To get the x86 drivers onto the x64 Windows 2008 Server you need to connect to the server from the x86 client and open up the printer and faxes share. THen from the File Menu select Server Properties, then from the Driver Tab add the x86 drivers that you downloaded, and they will then be uploaded to the server.

Another catch here is that both x86 and x64 drivers MUST have the same name. If they have the same name, they will appear automatically in additional drivers for both architectures in your printer’s sharing properties.

Well I got another Hyper-V host up and running today which will house a couple of VM on it, a Domain Controller which will also have DNS and DHCP installed and also a Print Server. I have set it up with 3 Logical Drives consisting of a Mirrored OS, Hardware Raid-10 for the VHD and Hyper-V data and another single drive that will have the Shadow Copies of the Raid-10 Volume on it.

The Install of the Active Directory Domain Services went great and obviously DNS was installed along the way. I also made this one a Global Catalog Server.

How To Migrate Windows 2003 DHCP to Windows 2008 DHCP Server

Next up was migrating the DHCP from the old Windows 2003 Server to this new box, below is how I did this:

First export the DHCP Database from the 2003 Server with the following command:

netsh dhcp server export C:\dhcp.txt all

Then copy that file to the new 2008 Server. Add the DHCP Server Role on the new box via Server Manager. Then with the following command import the dhcp database:

netsh dhcp server import C:\dhcp.txt all

Now when I did this I got this error “Error while importing option “6.” “This option conflicts with the existing option “” An Internal Error Occurred.”.

This was to do with the fact that while adding the DHCP Server Role to the new machine there were entries in the Server Options that were done automatically, once I went in and removed these options “006 DNS Servers” and “015 DNS Domain Name” and then re did the import with the string above everything went fine.

Next up Print Server. Subscribe to my RSS Feed so you can see how I managed this.

By the way there is a great article and script from John Howard that enables you to Configure Hyper-V Remote Management in Seconds.

I had this situation the other day where a client needed to have their email forwarded from their Exchagne 2007 Mailbox to their newly created GMAIL Account. They will be using the GMAIL account as their primary email account for easier collaboration because they work in 2 different enterprises. In the Exchange 2007 environment POP3 or IMAP are not enabled therefore he couldn’t set up GMAIL to fetch his mail that way.

So to make this work I created a New Mail Contact on the Exchange 2007 Mailstore:

Open up the Exchange Management Console > Click on the Recipient Configuration Node. Then from the Actions Pane on the Right click on “New Mail Contact”. Select New Contact and click next, Choose the Organizational Unit for the contact and fill out the appropriate fields. Then in the External Email Address box click Edit and enter in the SMTP Address of the external email address, click Next and then Finish.

Now you have a new mail contact set up we can then forward the mail from the Exchange 2007 Mailbox to that mail contact.

From the Exchange Management Console go to the Recipient Configuration > Malbox Node and find the mail box for which you would like the mail forwarded from, right click and select properties. Under the Mail Flow Settings Tab select Delivery Options and then Properties.

Place a tick in the “Forward To” Box and then click Browse. Find the Mail Contact that you just created and click OK. There is anopther option that you can enable and that is to Deliver message to both forwarding address and mailbox. Put a tick in there if you would like to enable that.

I have been reading quite a lot of posts lately on how effective the performance of Windows 2008 Server is when using it as a Desktop Operating System. Tim has also written and article over at his blog with some interesting points. Now apparently it performs better than Vista SP1 which is something I am going to have to try out on my notebook.

I have a Toshiba M400 Tablet Notebook that currently has Vista SP1 installed and like many other I am not that rapt with the performance so I am going to give Windows Server 2008 a crack and see what the performance difference is like.

Stay Tuned………

A couple of days ago I wrote about some issues I was having with one of my Hyper-V Virtual Machines and the snapshots that were associated with it causing my System Drive (C Drive) to run out of disk space. From what I was reading if you turn off the Virtual Machine in question a merging process will be conducted and the AVHD Files that are associated with the VHD File will merge together and form one file, a VHD one. This is what I was after.

I was reading and article by “The Virtual PC Guy’s” on Snapshotting under Hyper-V, and I determined that if I deleted the snapshots then the AVHD Files should be merged? But for some reason they did not merge?. Anyway the way to get these files merged to their parent VHD file (for me anyway) was to turn the VM off and just let the merge take place. Now I thought this process would take some time so I scheduled it for Friday night, my VM was a Microsoft Exchange Server, sureley no one would be checking their emails on a Friday Night !

I had 3 AVHD files that I wanted to get rid of, so I turned the VM Off and the “Merge in Progress” appeared in the Hyper-V Manager so I let it run it’s course. About 50 mins later the merge process was complete and 2 of the AVHD Files just VANISHED, great! but there was still one left? So I decided to turn the VM off again and what do you know another Merger was taking place, so again I left this happen and after it had completed the final AVHD File dissappeared and I was left with one VHD File, FANTASTIC!

Read the rest of this entry »

Here is a task that most Network Administrators will face at one time or another, moving User Home Directories from one Server to another. We are in the process of organising new Servers for 2009 and these will be Windows Server 2008 and the current Servers are running on Windows 2003 Server Standard Edition. Now currently our Home Folders are individually shared as hidden shares, and I want to move to a convention of a parent shared User Folder with individual folders for each user in there that are not shared.

Now I wanted to explore the PowerShell option to copy from the source server to the destinsation server and keep the NTFS Permissions intact after the copy, as I have previosuly used PowerShell to do a bulk import of users into Active Directory and that woked a treat. I was a bit dissapointed with the PowerShell options using GET-ACL and SET-ACL because I could do individual folders one at a time but that would take forever, and I couldn’t see an easy way to iterate through them….

Read the rest of this entry »

Virtualization, Virtualization, Virtualization, that is the buzz at the moment with the release of Microsoft’s Hyper-V in Windows 2008 Server. I have working with Hyper-V a bit over the past couple of weeks and my impression is both good and bad. Now I must admit that I have not really had a lot to do with Virtual Server 2005 and other virtualization technologies in the past, but I have decided to consolidate alot of my servers, considering I have had to run a lot on souped up desktops!

One thing that I am getting my head around is “Snap Shots”. I was reading a post about another Nightmare Hyper-V Story, and it was pretty close to the mark in terms of what I experienced when I arrived at work on Monday morning this week. I have been working on moving our Exchange Server over to Hyper-V and upgrading to Exchange 2007, we seemed to have things sorted and then over the weekend (Saturday morning to be exact) our mailstore server ground to a halt and was paused due to a lack of disk space on C Drive! In the midst o trying to free up some space and sort things out another network admin cut and pasted a file with an AVHD extension from an obscure location ProgramData\Microsoft\Windows\Hyper-V\GUID Number. Freed up some space, but when trying to start the Virtual Machine it spat out some errors and would not start. Note to Self: Make sure you have plenty of disk space !

Luckily enough I had just taken a copy of the VHD File a couple of day earlier and was able to just point to that VHD File and start the machine up and it seemed to work OK. Now according to HyperVoria these AVHD Files are to do with these “Snap Shots”, now there were snap shots created a while ago but they were deleted? I am not sure why these AVHD Files are still there? Anyway from what I can gather the merging of these AVHD Files to the Parent VHD File need to happen while the VM is powered off. So on Friday Night I am going to test this theory and power off this VM and let the merge take place and see if the AVHD Filed disappear and leave me with one VHD File.

Make sure you subscribe to my RSS Feed and keep updated with this process and the other articles that will be coming your way.

A while ago I wrote about how to easily export Exchange 2007 MailBoxes to PST Files for archiving and backup purposes. Now that is OK if you want to run the process manually but what about scheduling the export for out of hours?

If you have followed the previous post and have successfully completed and export to PST File you will notice that you have to confirm that you want to proceed with the operation. Very annoying if you want to schedule this script and in fact the task will fail. This is how I managed to get around the need to confirm before proceeding prompt in the Exchange 2007 Management Shell.

If you remember from the previous post this command will export Mailboxes from a specific Database to individual PST Files.

get-mailbox -database “SERVER_NAME\DATABSE_NAME” | export-mailbox -PSTFolderPath C:\PSTFiles

With this command you will get a prompt asking you to Press A for All Y for Yes N for No etc etc. Not good if you want to schedule this.

Here is the KEY to avoid the prompts. Add -Confirm:$false to the end of the Export-Mailbox String. Therefore the new String would be:

get-mailbox -database “SERVER_NAME\DATABSE_NAME” | export-mailbox -PSTFolderPath C:\PSTFiles -Confirm:$false


All Done, Now you can Schedule away…….