Windows Server Administration

First of all HAPPY NEW YEAR to everyone.

Well the new year is upon us all and for me I got back to the daily grind 5 days ago, Grrr. What awaited me on my return was 96 Desktop Computers to unpack and pack up the old ones ready to return !!! I hate this time of year. We are now heading for a number of 40 degree day here in Melbourne so I will be sweating it out this week. I hope you all had a good break (if you got one!!), I sure enjoyed my couple of weeks that I spent camping in Merimbula. My kids and wife had a great time, it was great to get away from the computer screen for a couple of weeks that is for sure.

I have a couple of new servers arriving in a week or so, so I will be stepping up my migration of Physical Servers to Virtual ones using Hyper-V. I will be letting you know how that goes and how I think the best way of going about this is. I would be interested to know how others have gone about this and their thoughts on Hyper-V.

There will be quite a few posts coming on Virtualization and the like as this is an area that I am moving toward and stacks of people in our industry are certainly looking at. MAKE SURE you pop your Name and Email Address into the ORANGE box on the right so you don’t miss the Windows Server 2008 Administrator Tips Newsletter.

A while ago I wrote about How To Add A Custom Script to a Vista Sysprepped Image, and how you can use that as a work around to prompt a sysprepped Vista Image for a Computer Name. Well a reader here pointed out that there is another way that this can be acheived and let me tell that this is VERY VERY GOOD !!!

It is called MySysprep2 and if you go to this website, you can have a read and download it. Basically you add the mysysprep.exe file to the normal sysprep location C:\Windows\System32\Sysprep, then in your unattend.xml file replace the value that you want the user to enter in with %Insert Computer Name Here%. The text can be anything you would like, that was just an example.

For example I substituted * in the ComputerName Tags with %Please Enter A Name For Your Computer%. I also added the UserAccounts Component into the oobeSystem Pass and added a domain account to the Administrators Local Group. In the Name Section of the DomainAccount I whacked this in as the value %Please Input Your User Name%.

Sysprep now prompts me twice, once for the Computer Name and once for a User Name to add to the Local Administrators Group.

This issue has caused alot of headaches for system admins for a while now, check out this TechNet Forum. It is GREAT to finally have a way to do this.

If you have not done so already, make sure you REGISTER your name and email address in the Orange Box on the right so you don’s MISS OUT on the information that the others are getting as part of the Windows 2008 Server Administration Newsletter.

As part of this Newsletter you will receive information, tips, tools, how to’s on a range of topics associated with Windows Server 2008. I am currently testing out and having my first look at TS RemoteApps (very cool!) so there will be a good run down of my experiences with using this and lot’s more.

So make your System Administrator job alot easier by keeping “In the Know” SIGN UP Today

Cheers

Daniel Anderson
PS. 100% Guaranteed NO SPAM

I have been working through an issue we have at the moment with the Exchange 2007 Offline Address Book (OAB) and it’s generation, replication and distribution. In my Exchange 2007 setup the server that houses the Mailstore Role is the server that generates the OAB and then should replicate to the Server that hosts the Client Access Server Role.

The first issue I was having was that the Generating Server was not generating the OAB correctly. Probably not a good thing if people need to the Global Address List. So I hunted through the Event Viewer and found errors pertaining to the System Attendant “Microsoft Exchange System Attendant failed to read the membership of the Universal Security Group”. Now what I did here was to RESTART the System Attendant Service and that fixed those errors. From my research I gathered that the System Attendant caches some information regarding Globsal Catalogue Server and other information. We had been moving the FSMO and GC Roles around so that would have been the issue there.
Read the rest of this entry »

I was scrolling through my RSS Feeds this morning and saw a great article from the Technet Magazine. It is a “Utility Spotlight” article on SyncToy. Working in an education environment where students and staff for that matter are always coming to out office to get their computers re imaged or fixed for some other reason and when you ask them have they got a backup of their documents the standard response is “NO, Can’t you do that for me?”.

After having a play around with SyncToy I have found that this could be a cool little utility for alot of my users. It is a simple, easy to setup and install peice of software that will work on either XP or Vista. It works by having “Folder Pairs”, a Left Folder and a Right Folder. You can setup different Folder Pairs as well. For example I might want to create a folder pair for just my Photo’s and copy them to a specific network location, then I might have another folder pair for my documents and so on.
Read the rest of this entry »

As I continue on my way throught the Microsoft Exams, yesterday I sat the 70-642 “Windows Server 2008 Network Infrastructure, Configuring” Exam and it was actually alot easier than I expected.

I was expecting alot of IP Address related questions, butr there was only a couple. I hate IP Address questions! trying to memorize the address table and converting slash notation to decimal notations to binary etc etc etc. Painful ! Anyway I spent quite a bit of time studying this and while it did get me through those questions very well, I probablt spent a little to much time on it considering there was only a couple of questions relating to this.

The BIG KEY to this exam if you are planning to sit this at some stage is to MAKE SURE you know your DNS and Network Access Protection (IPSec, PEAP etc etc) !!!! Spend time going over and over this stuff. A majority of the questions that I got were DNS and NAP related, there were a couple of questions about Securing VPN and Wireless Connections but hardly anything on NTFS and Share Permissions.
Read the rest of this entry »

Have you ever been in charge of creating and syspreping a Vista Image and needed to have the abiltiy to manually enter a computer name rather than have sysprep randomly generate one?

Well this is the situation I am in at the moment, getting a new Notebook Image, Toshiba M750 Tablet, ready for deployment to about 150 students next year.

In the old days of an XP sysprep you could just leave the computer name blank in the sysprep file and as part of sysprep it would prompt you for the name of the computer. But in Vista there is a bug that if you leave the computer name out sysprep will NOT prompt you for one, and what is worse is that when you try and log in you get this error “The trust relationship between this workstation and the primary domain failed”. The work around for this is to use an asterix for the computer name. It will still generate a random name but at least you can login (this may have been fixed in SP1 though, I have not tested it yet). This is still no good for me.
Read the rest of this entry »

I have been reading a bit about wireless security over the past week, as it is part of the 70-642 MCTS Exam “Configuring Windows 2008 Network Infrastructure” that I am currently studying (I will be sitting the exam in the next week or two, so subscribe to my RSS Feed so you don’t miss out on some inside tips !!!). We are curently running a wireless infrastructure with Cisco 1200 Access Points, a Windows 2003 Radius Server and using WEP 128bit (keys auto rotated every hour) encryption and Auto Enrolled Certificates from our Windows 2003 CA for authentication. This has been working pretty well, but with WPA2, an updated version of WPA and comes in two flavours WPA2-PSK and WPA2-EAP, it offers improved security and better protection from attacks. Now if all clients can support WPA2-EAP then this should be your first choice.

To kick things off you first of all need a PKI Infrustructure and enable autoenrollment so that all your wireless clients obtain the correct certificates for the authentication process.

1. Install the Active Directory Certificate Services (ADCS) Role to the server and just use the default settings here.

2. Next Open up the Group Policy Management Console and either edit a policy or create a new one to apply the wireless settings to your clients. The section we want is Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies. In the details pane now you need to right click the Certificate Services Client – Autoenrollment and then select properties. In the Properties dialog box select enabled from the rop down box and then place a tick in the other boxes, which is optional.
Read the rest of this entry »

Continuing on with my Hyper-V Virtual Machine installations, I moved onto a Windows 2008 Print Server after yesterday I spoke about How To Migrate a Windows 2003 DHCP Server to a Windows 2008 Server. These virtuals are x64 based VM’s and as I found out after adding the Print Services Role to the server and then installing a printer to share and connecting to that printer from a 32bit XP Client the server didn’t have appropriate drivers installed and asked me to locate the driver files.

90% of my printers are HP ones so I went to the HP website and downloaded the most recent driver, it turns out they have a “HP Universal PCL 6″ driver. Now this driver appears to do, as the name suggests, provide the correct drivers to all HP Printers!.

To get the x86 drivers onto the x64 Windows 2008 Server you need to connect to the server from the x86 client and open up the printer and faxes share. THen from the File Menu select Server Properties, then from the Driver Tab add the x86 drivers that you downloaded, and they will then be uploaded to the server.

Another catch here is that both x86 and x64 drivers MUST have the same name. If they have the same name, they will appear automatically in additional drivers for both architectures in your printer’s sharing properties.

Well I got another Hyper-V host up and running today which will house a couple of VM on it, a Domain Controller which will also have DNS and DHCP installed and also a Print Server. I have set it up with 3 Logical Drives consisting of a Mirrored OS, Hardware Raid-10 for the VHD and Hyper-V data and another single drive that will have the Shadow Copies of the Raid-10 Volume on it.

The Install of the Active Directory Domain Services went great and obviously DNS was installed along the way. I also made this one a Global Catalog Server.

How To Migrate Windows 2003 DHCP to Windows 2008 DHCP Server

Next up was migrating the DHCP from the old Windows 2003 Server to this new box, below is how I did this:

First export the DHCP Database from the 2003 Server with the following command:

netsh dhcp server export C:\dhcp.txt all

Then copy that file to the new 2008 Server. Add the DHCP Server Role on the new box via Server Manager. Then with the following command import the dhcp database:

netsh dhcp server import C:\dhcp.txt all

Now when I did this I got this error “Error while importing option “6.” “This option conflicts with the existing option “” An Internal Error Occurred.”.

This was to do with the fact that while adding the DHCP Server Role to the new machine there were entries in the Server Options that were done automatically, once I went in and removed these options “006 DNS Servers” and “015 DNS Domain Name” and then re did the import with the string above everything went fine.

Next up Print Server. Subscribe to my RSS Feed so you can see how I managed this.

By the way there is a great article and script from John Howard that enables you to Configure Hyper-V Remote Management in Seconds.