http://policelli.com/blog/
http://www.networkworld.com/
http://www.datamation.com/
Wednesday, December 28, 2011
Tuesday, December 27, 2011
Change Administrator Account Password on Multiple Computers in server 2000 environment
http://support.microsoft.com/kb/272530
How to Prevent Users from Connecting to a USB Storage Device by Group Policy
To prevent users from connecting to USB storage devices by group policy
If a USB storage device is already installed on the computer:
Click Start – All programs - Administrative Tools – Group Policy Management.
Create or Edit Group Policy Objects
Expand Computer Configuration – Preferences – Windows Settings.
Right click Registry – New – Registry Item.
General Tab.
Action : Update
Hive : HKEY_LOCAL_MACHINE
Key path : SYSTEM\CurrentControlSet\Services\UsbStor
Value name : Start
Value type : REG_DWORD
Value data : 00000004
Notes: You can apply this method on User Configration too.
f a USB storage device is not already installed on the computer:
Click Start - All programs – Administrative Tools – Group Policy Managment.
Create or Edit Group Policy Objects
Expand Computer Configuration – Police - Windows Settings – Security Settings .
Right click File System- Add file or folder.
Browse to this file
%SystemRoot%\Inf\Usbstor.pnf
assign the user or the group and the local SYSTEM account Deny permissions.
6. Browse to this file too.
%SystemRoot%\Inf\Usbstor.inf
assign the user or the group and the local SYSTEM account Deny permissions.
Wednesday, October 12, 2011
Fixing Windows XP Search Companion User Interface
1. Login as Administrator or equivalent.
2. Click Start, Run. Execute the following commands:
regsvr32 /i %windir%\srchasst\srchui.dll
regsvr32 %windir%\system32\jscript.dll
You should see the message DllRegisterServer in succeeded. for each DLL registered.
2. Click Start, Run. Execute the following commands:
regsvr32 /i %windir%\srchasst\srchui.dll
regsvr32 %windir%\system32\jscript.dll
You should see the message DllRegisterServer in succeeded. for each DLL registered.
Wednesday, July 20, 2011
Disable Low Disk Space Alrerts in Windows XP
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type NoLowDiskSpaceChecks, and then press ENTER.
5. On the Edit menu, click Modify.
6. Type 1, and then click OK
2. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type NoLowDiskSpaceChecks, and then press ENTER.
5. On the Edit menu, click Modify.
6. Type 1, and then click OK
Monday, July 18, 2011
Thursday, July 14, 2011
Restore Show Desktop Icon to Quick Launch on Taskbar
Manual Fix
To re-create the Show desktop icon yourself, follow these steps:
Click Start, click Run, type notepad in the Open box, and then click OK.
Carefully copy and then paste the following text into the Notepad window:
[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop
On the File menu, click Save As, and then save the file to your desktop as "Show desktop.scf". The Show desktop icon is created on your desktop.
Click and then drag the Show desktop icon to your Quick Launch toolbar.
To re-create the Show desktop icon yourself, follow these steps:
Click Start, click Run, type notepad in the Open box, and then click OK.
Carefully copy and then paste the following text into the Notepad window:
[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop
On the File menu, click Save As, and then save the file to your desktop as "Show desktop.scf". The Show desktop icon is created on your desktop.
Click and then drag the Show desktop icon to your Quick Launch toolbar.
How to Fix Desktop Wallpaper Issue in Windows 7
Today i had a Problem with my Wallpaper in Windows 7 which was showing me a black screen instead of the Desktop Wallpaper i applied
through Group Policy in Windows Server 2008.I worked Around to solve this issue and came to a conclusion that enables me to solve the issue.
So, I decided to share this on my own Blog for Viewers.
This Error occurs every now and then almost to everyone using Windows 7 as Client and Windows Server 2008 as a Domain Controller.
Microsoft has verified this and released a Fix for both 64 bit and 32 bit Operating Systems.
Download the Fix and Apply to the Affected Systems.
Steps to Follow :
1. Download the Fix.
2. Copy to Affected System.
3. Extract to a Folder.
4. Run the Setup
After the Fix is applied restart your computer and you will have your problem resolved.
Hope this solves your issue.
through Group Policy in Windows Server 2008.I worked Around to solve this issue and came to a conclusion that enables me to solve the issue.
So, I decided to share this on my own Blog for Viewers.
This Error occurs every now and then almost to everyone using Windows 7 as Client and Windows Server 2008 as a Domain Controller.
Microsoft has verified this and released a Fix for both 64 bit and 32 bit Operating Systems.
Download the Fix and Apply to the Affected Systems.
Steps to Follow :
1. Download the Fix.
2. Copy to Affected System.
3. Extract to a Folder.
4. Run the Setup
After the Fix is applied restart your computer and you will have your problem resolved.
Hope this solves your issue.
List all OU's and Sub OU's using VBS
Simple Script to list all OU's and Sub OU's using a VBScript
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT Name FROM 'LDAP://ou=finance,dc=fabrikam,dc=com' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("Name").Value
objRecordSet.MoveNext
Loop
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT Name FROM 'LDAP://ou=finance,dc=fabrikam,dc=com' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("Name").Value
objRecordSet.MoveNext
Loop
HP Server Hardware Diagnostics
You have a HP server you wish to perform hardware diagnostics on to identify any potential problems with the server components. What tool do you use? Where do you get it from?
Well HP provide two tools for this:
- HP Insight Diagnostics Online Edition
- HP Insight Diagnostics Offline Edition
Ideally you wish to run the Offline scan as it is more comprehensive and can detect problems the online scan cannot. Where do you get the offine edition however? This is not downloadable from the HP site anymore without a cost. However when you buy a HP server you get a "Smart Start HP CD" with the server which is bootable. If you boot of this disk it has the Offline diagnostics tool on the disk.
As of this writing its up to version 8.3 of the tool. If you cannot find a smart start disk anywhere I found an old copy of the tool (version 8.0) which can be downloaded from the following FTP link:
ftp://ftp.compaq.com/pub/products/Servers/supportsoftware/ZIP/
Well HP provide two tools for this:
- HP Insight Diagnostics Online Edition
- HP Insight Diagnostics Offline Edition
Ideally you wish to run the Offline scan as it is more comprehensive and can detect problems the online scan cannot. Where do you get the offine edition however? This is not downloadable from the HP site anymore without a cost. However when you buy a HP server you get a "Smart Start HP CD" with the server which is bootable. If you boot of this disk it has the Offline diagnostics tool on the disk.
As of this writing its up to version 8.3 of the tool. If you cannot find a smart start disk anywhere I found an old copy of the tool (version 8.0) which can be downloaded from the following FTP link:
ftp://ftp.compaq.com/pub/products/Servers/supportsoftware/ZIP/
Wednesday, July 6, 2011
Friday, June 17, 2011
Installing XP: ***STOP: 0x0000007B (0xF78D2524,0xC0000034,0x00000000,0x00000000)
had the same problem with a Dell Optiplex 330. I received the
STOP 0x0000007B(0xF78DA63C,0x0000034,0X x0000000,0x0000000 error message if I booted with Windows XP. I resolved the issue by the following actions
1. On start up (Dell logo), press F2 to enter BIOS
2. Expand the "Drives" section
3. Go to "SATA Operation"
4. Change this from "RAID Auto/AHCI" to "RAID Auto/ATA"
STOP 0x0000007B(0xF78DA63C,0x0000034,0X x0000000,0x0000000 error message if I booted with Windows XP. I resolved the issue by the following actions
1. On start up (Dell logo), press F2 to enter BIOS
2. Expand the "Drives" section
3. Go to "SATA Operation"
4. Change this from "RAID Auto/AHCI" to "RAID Auto/ATA"
Wednesday, June 8, 2011
Howto Add Printer at client side via G.P.O !
Filed under: Uncategorized — aacable @ 7:14 PM
This article walks you through the steps for deploying printer connections to workstations using new Group Policy capabilities available in Windows Server 2003 R2. This greatly simplifies the management of printer connections for workstations and can save administrators a lot of time and effort.
http://www.windowsnetworking.com/articles_tutorials/Deploying-Printers-Group-Policy-Windows-R2.html
This article walks you through the steps for deploying printer connections to workstations using new Group Policy capabilities available in Windows Server 2003 R2. This greatly simplifies the management of printer connections for workstations and can save administrators a lot of time and effort.
http://www.windowsnetworking.com/articles_tutorials/Deploying-Printers-Group-Policy-Windows-R2.html
Show Hidden Files and Folders not working !
- Click Start –> Run –>
regsvr32 /i browseui.dll
A confirmation message will appear like given below
2- Click Start –> Run –>
regsvr32 /i shell32.dll
Wait for the confirmation and click OK.
regsvr32 /i browseui.dll
A confirmation message will appear like given below
2- Click Start –> Run –>
regsvr32 /i shell32.dll
Wait for the confirmation and click OK.
How to Fix Double Click Always Opens Search in Windows Explorer
Please read the following multiple solution for your problem regarding DRIVE NOT OPENING.
This is a tested solution, Check at your end and do let me know.
(1st Solution)
How to Fix Double Click Always Opens Search in Windows Explorer
If you are experiencing this problem when you try to click on a drive, OR If you mess around in the registry, or install some different software packages that add things to the right-click menu, you can end up with a problem where the default action on a folder is always “Search…”.
There’s a quick and easy fix for this problem.
regsvr32 /i shell32.dll
This should restore the normal behavior.
========================================
(2nd Solution)
Follow the Steps:
first go to run then write ” regedit” that is registry
then find ” ctrl+f”
in this box write “mountpoints2″ and delete it ……
then again press “ctrl+f” again find mountpoints2 until all these files are not deleted
then u will see your problems is solved…………….
=====================================
(3rd Solution)
If you mess around in the registry, or install some different software packages that add things to the right-click menu, you can end up with a problem where the default action on a folder is always “Search…”.
There’s a quick and easy fix for this problem.
Goto start / run and type REGEDIT
now Browse down to this registry key:
HKEY_CLASSES_ROOT\Directory\shell
Double-click on the default value and set it to “none” without the quotes, as seen here:
This will restore the normal behavior.
This is a tested solution, Check at your end and do let me know.
(1st Solution)
How to Fix Double Click Always Opens Search in Windows Explorer
If you are experiencing this problem when you try to click on a drive, OR If you mess around in the registry, or install some different software packages that add things to the right-click menu, you can end up with a problem where the default action on a folder is always “Search…”.
There’s a quick and easy fix for this problem.
regsvr32 /i shell32.dll
This should restore the normal behavior.
========================================
(2nd Solution)
Follow the Steps:
first go to run then write ” regedit” that is registry
then find ” ctrl+f”
in this box write “mountpoints2″ and delete it ……
then again press “ctrl+f” again find mountpoints2 until all these files are not deleted
then u will see your problems is solved…………….
=====================================
(3rd Solution)
If you mess around in the registry, or install some different software packages that add things to the right-click menu, you can end up with a problem where the default action on a folder is always “Search…”.
There’s a quick and easy fix for this problem.
Goto start / run and type REGEDIT
now Browse down to this registry key:
HKEY_CLASSES_ROOT\Directory\shell
Double-click on the default value and set it to “none” without the quotes, as seen here:
This will restore the normal behavior.
Task ‘Microsoft Exchange Server’ reported error (0x8004010F) : ‘The operation failed. An object could not be found.’
When trying to Send/Receive from Outlook 2003 you may receive the following error:
Task ‘Microsoft Exchange Server’ reported error (0x8004010F) : ‘The operation failed. An object could not be found.’
error
CAUSE:
Outlook 2003 clients operating in cashed mode and earlier Outlook clients working in off-line mode use the Default Ofline Address book to check recipients on sending. Sometimes it can happen that Exchange does not build that address book properly, clients download an inoperable version of the offline address book which can cause the 0x800401F error.
SOLUTION:
Rebuild the default offline address list and download it to the client.
Here are step by step instructions on how to do it:
1) In Exchange System Manager go to Offline Address lists, right click the Default offline Address Book and select Rebuild.
rebuild
Wait for a while for your address book to rebuild. This will not disrupt your clients and usually can be done during normal working hours.
2) Download the new offline address book to your client
Select Tools/Send-Receive/Download Address Book
outlook_offline_address_book_download
In the dialog box that will appear clear the Download changes since last Send/Receive, and select Full Details
download_offline_address_book_dialog
This will force a full download. This might take a while for very large organizations or if you are on a slow link.
If you still experience this problem it might be that you have problems with Active Directory which may prevent Exchange to properly build the address books.
Task ‘Microsoft Exchange Server’ reported error (0x8004010F) : ‘The operation failed. An object could not be found.’
error
CAUSE:
Outlook 2003 clients operating in cashed mode and earlier Outlook clients working in off-line mode use the Default Ofline Address book to check recipients on sending. Sometimes it can happen that Exchange does not build that address book properly, clients download an inoperable version of the offline address book which can cause the 0x800401F error.
SOLUTION:
Rebuild the default offline address list and download it to the client.
Here are step by step instructions on how to do it:
1) In Exchange System Manager go to Offline Address lists, right click the Default offline Address Book and select Rebuild.
rebuild
Wait for a while for your address book to rebuild. This will not disrupt your clients and usually can be done during normal working hours.
2) Download the new offline address book to your client
Select Tools/Send-Receive/Download Address Book
outlook_offline_address_book_download
In the dialog box that will appear clear the Download changes since last Send/Receive, and select Full Details
download_offline_address_book_dialog
This will force a full download. This might take a while for very large organizations or if you are on a slow link.
If you still experience this problem it might be that you have problems with Active Directory which may prevent Exchange to properly build the address books.
Windows: Desktop & taskbar not showing up issue!
After loading windows, if you are unable to see the desktop icons and taskbar, This may help:
Click the Windows Start, type regedit, press Enter and navigate to
registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon. In the right pane, make sure there is a REG_SZ named Shell and it has a value of “explorer.exe” (no quotation marks).
If ita not there, create it by clicking Edit > New > String Value , then name it ‘Shell’ then right-click on it modify it, and name it explorer.exe then restart the computer.
Click the Windows Start, type regedit, press Enter and navigate to
registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon. In the right pane, make sure there is a REG_SZ named Shell and it has a value of “explorer.exe” (no quotation marks).
If ita not there, create it by clicking Edit > New > String Value , then name it ‘Shell’ then right-click on it modify it, and name it explorer.exe then restart the computer.
Saturday, April 30, 2011
Group Policy Interview Questions
Q. What is Group Policy?
A. Group Policy is an infrastructure used to deliver and apply one or more desired configurations or policy settings to a set of targeted users and computers within an Active Directory environment. This infrastructure consists of a Group Policy engine and multiple client-side extensions (CSEs) responsible for writing specific policy settings on target client computers.
Q. What are Group Policy objects (GPOs)?
A. Group Policy objects, other than the local Group Policy object, are virtual objects. The policy setting information of a GPO is actually stored in two locations: the Group Policy container and the Group Policy template. The Group Policy container is an Active Directory container that stores GPO properties, including information on version, GPO status, and a list of components that have settings in the GPO. The Group Policy template is a folder structure within the file system that stores Administrative Template-based policies, security settings, script files, and information regarding applications that are available for Group Policy Software Installation. The Group Policy template is located in the system volume folder (Sysvol) in the \Policies subfolder for its domain.
Q. What are the differences between Group Policy, Registry-based policy, and Security policy?
A. Group Policy is an infrastructure in which IT administrators can implement standard computing environments for groups of users and computers and includes both Registry-based and Security Policy. Registry-based policy is one of the many features of Group Policy that uses Administrative templates to modify the registry settings for policy-enabled components included in Windows. Security Policy, another feature delivered by Group Policy, includes a variety of security-related settings for Microsoft Windows.
Q. Are the new Windows Vista features of GPMC available in an update to the current version of GPMC?
A. You can join a Windows Vista workstation to your existing domains in order to benefit from the new features in GPMC. GPMC is integrated directly into the Windows Vista operating system (Business, Enterprise, and Ultimate versions only) and is the standard tool for managing Group Policy along with Group Policy Object Editor. New Windows Vista features are not included in the current version of GPMC, downloadable from the Microsoft Download Center.
Q. Is there a maximum number of Group Policy objects that I can store in a domain?
A. Creating a Group Policy object will create a Group Policy container object, stored in Active Directory, and a Group Policy template, stored on the Sysvol of the domain controller. Both are limited only to the amount of free disk space.
Q. What is the maximum number of Group Policy objects a user or computer can process?
A. A user or computer cannot process more than 999 Group Policy objects. Windows Vista writes a Windows-GroupPolicy error event with an event ID of 1088 to the system event log when a user or computer attempts to process more than 999 Group Policy objects.
Q. Can I apply a Group Policy object directly to a security group?
A. You cannot apply a Group Policy object directly to a security group. However, you can use security filtering to refine which users or computers will receive and apply Group Policy settings. The Group Policy Management Console (GPMC) is the tool to manage security filtering. For more information about security filtering, see the Core Group Policy Technical Reference.
Q. What tools do I use to manage Group Policy?
A. Microsoft provides two management consoles to administer Group Policy. The Group Policy Management Console (GPMC) consists of a Microsoft Management Console (MMC) snap-in and a set of scriptable interfaces for managing Group Policy objects (but not Group Policy settings). Group Policy Object Editor, also a Microsoft Management Console, is used to edit the individual settings contained within each Group Policy object.
Q. How often is Group Policy applied and how do you change it?
A. Group Policy for computers is triggered at computer startup. For users, Group Policy is triggered when they log on. Versions of Windows before Windows XP as well as Windows Server 2003 use synchronous processing, meaning that computer Group Policy is completed before the logon dialog box is presented. User Group Policy is completed before the shell is active and available for the user to interact with it. Windows XP defaults to asynchronous policy processing. By default, Group Policy is refreshed every 90 minutes with a randomized delay of up to 30 minutes, for a total maximum refresh interval of up to 120 minutes. This interval can be changed using the computer policy setting Group Policy refresh interval for Computer located in the Computer Configuration\Administrative Templates\System\Group Policy namespace. The processing of Group Policy is explained in the Core Group Policy Technical Reference.
Q. How long does it take to process policy settings?
A. Under synchronous processing, there is a time limit of 60 minutes for all of Group Policy to finish processing on the client computer. Any client side extensions (CSE) that are not finished after 60 minutes are signaled to stop, in which case the associated policy settings might not be fully applied.
Q. What is processed under slow link behavior?
A. Administrative Templates and Security Settings are applied over a slow link and the behavior cannot be changed. By default, Software Installation, Scripts, and Folder Redirection will not process over a slow link. You can change the default Policy process behavior for these client side extensions using Group Policy Object Editor. These settings are located at Computer Configuration\Administrative Templates\System\Group Policy.
Q. What is Security Policy?
A. Security policies are rules that administrators configure on a computer or multiple computers for protecting resources on a computer or network. The Security Settings extension of the Group Policy Object Editor snap-in allows you to define security configurations as part of a Group Policy object (GPO). The GPOs are linked to Active Directory containers such as sites, domains, or organizational units, and enable administrators to manage security settings for multiple computers from any computer joined to the domain. Security settings policies are used as part of your overall security implementation to help secure domain controllers, servers, clients, and other resources in your organization.
Q. Where is the local Security Policy stored?
A. The security database in Windows 2000 had a specific table to store local security policy settings. This approach was changed in Windows XP and Windows Server 2003. Local security policy settings are written directly to their respective locations in the registry.
Q. I removed some security settings but they are still in effect. Why?
A. Under some circumstances, Windows Security Settings remain in effect after being set to undefined. In some cases, these security settings need to be explicitly overwritten to be removed. For more information, see Windows Security Settings remain in effect after removal.
Q. What is loop back processing?
A. Group Policy loop back processing can be used to alter the application of GPOs to a user by including GPOs based on the location of the computer object. The typical way to use loop back processing is to apply GPOs that depend on the computer to which the user logs on.
A. Group Policy is an infrastructure used to deliver and apply one or more desired configurations or policy settings to a set of targeted users and computers within an Active Directory environment. This infrastructure consists of a Group Policy engine and multiple client-side extensions (CSEs) responsible for writing specific policy settings on target client computers.
Q. What are Group Policy objects (GPOs)?
A. Group Policy objects, other than the local Group Policy object, are virtual objects. The policy setting information of a GPO is actually stored in two locations: the Group Policy container and the Group Policy template. The Group Policy container is an Active Directory container that stores GPO properties, including information on version, GPO status, and a list of components that have settings in the GPO. The Group Policy template is a folder structure within the file system that stores Administrative Template-based policies, security settings, script files, and information regarding applications that are available for Group Policy Software Installation. The Group Policy template is located in the system volume folder (Sysvol) in the \Policies subfolder for its domain.
Q. What are the differences between Group Policy, Registry-based policy, and Security policy?
A. Group Policy is an infrastructure in which IT administrators can implement standard computing environments for groups of users and computers and includes both Registry-based and Security Policy. Registry-based policy is one of the many features of Group Policy that uses Administrative templates to modify the registry settings for policy-enabled components included in Windows. Security Policy, another feature delivered by Group Policy, includes a variety of security-related settings for Microsoft Windows.
Q. Are the new Windows Vista features of GPMC available in an update to the current version of GPMC?
A. You can join a Windows Vista workstation to your existing domains in order to benefit from the new features in GPMC. GPMC is integrated directly into the Windows Vista operating system (Business, Enterprise, and Ultimate versions only) and is the standard tool for managing Group Policy along with Group Policy Object Editor. New Windows Vista features are not included in the current version of GPMC, downloadable from the Microsoft Download Center.
Q. Is there a maximum number of Group Policy objects that I can store in a domain?
A. Creating a Group Policy object will create a Group Policy container object, stored in Active Directory, and a Group Policy template, stored on the Sysvol of the domain controller. Both are limited only to the amount of free disk space.
Q. What is the maximum number of Group Policy objects a user or computer can process?
A. A user or computer cannot process more than 999 Group Policy objects. Windows Vista writes a Windows-GroupPolicy error event with an event ID of 1088 to the system event log when a user or computer attempts to process more than 999 Group Policy objects.
Q. Can I apply a Group Policy object directly to a security group?
A. You cannot apply a Group Policy object directly to a security group. However, you can use security filtering to refine which users or computers will receive and apply Group Policy settings. The Group Policy Management Console (GPMC) is the tool to manage security filtering. For more information about security filtering, see the Core Group Policy Technical Reference.
Q. What tools do I use to manage Group Policy?
A. Microsoft provides two management consoles to administer Group Policy. The Group Policy Management Console (GPMC) consists of a Microsoft Management Console (MMC) snap-in and a set of scriptable interfaces for managing Group Policy objects (but not Group Policy settings). Group Policy Object Editor, also a Microsoft Management Console, is used to edit the individual settings contained within each Group Policy object.
Q. How often is Group Policy applied and how do you change it?
A. Group Policy for computers is triggered at computer startup. For users, Group Policy is triggered when they log on. Versions of Windows before Windows XP as well as Windows Server 2003 use synchronous processing, meaning that computer Group Policy is completed before the logon dialog box is presented. User Group Policy is completed before the shell is active and available for the user to interact with it. Windows XP defaults to asynchronous policy processing. By default, Group Policy is refreshed every 90 minutes with a randomized delay of up to 30 minutes, for a total maximum refresh interval of up to 120 minutes. This interval can be changed using the computer policy setting Group Policy refresh interval for Computer located in the Computer Configuration\Administrative Templates\System\Group Policy namespace. The processing of Group Policy is explained in the Core Group Policy Technical Reference.
Q. How long does it take to process policy settings?
A. Under synchronous processing, there is a time limit of 60 minutes for all of Group Policy to finish processing on the client computer. Any client side extensions (CSE) that are not finished after 60 minutes are signaled to stop, in which case the associated policy settings might not be fully applied.
Q. What is processed under slow link behavior?
A. Administrative Templates and Security Settings are applied over a slow link and the behavior cannot be changed. By default, Software Installation, Scripts, and Folder Redirection will not process over a slow link. You can change the default Policy process behavior for these client side extensions using Group Policy Object Editor. These settings are located at Computer Configuration\Administrative Templates\System\Group Policy.
Q. What is Security Policy?
A. Security policies are rules that administrators configure on a computer or multiple computers for protecting resources on a computer or network. The Security Settings extension of the Group Policy Object Editor snap-in allows you to define security configurations as part of a Group Policy object (GPO). The GPOs are linked to Active Directory containers such as sites, domains, or organizational units, and enable administrators to manage security settings for multiple computers from any computer joined to the domain. Security settings policies are used as part of your overall security implementation to help secure domain controllers, servers, clients, and other resources in your organization.
Q. Where is the local Security Policy stored?
A. The security database in Windows 2000 had a specific table to store local security policy settings. This approach was changed in Windows XP and Windows Server 2003. Local security policy settings are written directly to their respective locations in the registry.
Q. I removed some security settings but they are still in effect. Why?
A. Under some circumstances, Windows Security Settings remain in effect after being set to undefined. In some cases, these security settings need to be explicitly overwritten to be removed. For more information, see Windows Security Settings remain in effect after removal.
Q. What is loop back processing?
A. Group Policy loop back processing can be used to alter the application of GPOs to a user by including GPOs based on the location of the computer object. The typical way to use loop back processing is to apply GPOs that depend on the computer to which the user logs on.
Thursday, April 21, 2011
How to delete corrupted and hidden rules from a single mailbox in Outlook 2003
Download MFCMapi to a folder on your computer.
The following file is available for download from the Microsoft Download Center:
Download the MfcMapi.EXE package now.
Open the folder to which you downloaded the MfcMapi.exe file, and then double-click MfcMapi.exe.
In the Choose Directory for Extracted Files box, type the path of the folder in which you want to save MFCMapi, and then click OK. For example, save MFCMapi in a folder that is named C:\MFCMapi.
Copy any rules that you created in Outlook. To do this, follow these steps:
On the Tools menu, click Rules and Alerts.
In the Rules and Alerts dialog box, click Options.
In the Options dialog box, click Export Rules. Note the location where you save the rules.
Use MFCMapi to remove all rules that are applied to the mailbox. To do this, follow these steps:
Open the folder to which you extracted MFCMapi, double-click mfcmapi, and then click OK.
On the Session menu, click Logon and Display Store Table.
If you are prompted to select a profile, click the profile name in the Profile Name list, and then click OK.
Double-click the mailbox that contains the inbox rules that you want to delete.
Expand Root Container, and then expand Top of information Store.
Note Outlook should be in Online mode to use MFCMAPI. If you see IPM_SUBTREE instead of Top of information Store, Outlook Cache mode is enabled. Disable Outlook Cache mode before you use MFCMapi.
Right-click Inbox, and then click Open Associated Contents Table.
The Open Associated Contents Table contains the hidden messages of the Inbox.
In the Inbox window, locate and then click the items that have the IPM.Rule.Message message class, and then click Delete.
Select Permanent delete passing DELETE_HARD_DELETE (unrecoverable) in the drop-down list, and then click OK.
Import the backed-up rules into Outlook. To do this, follow these steps:
On the Tools menu, click Rules and Alerts.
In the Rules and Alerts dialog box, click Options.
In the Options dialog box, click Import Rules.
Locate the rules that you copied in step 4, click Open, and then click OK.
The following file is available for download from the Microsoft Download Center:
Download the MfcMapi.EXE package now.
Open the folder to which you downloaded the MfcMapi.exe file, and then double-click MfcMapi.exe.
In the Choose Directory for Extracted Files box, type the path of the folder in which you want to save MFCMapi, and then click OK. For example, save MFCMapi in a folder that is named C:\MFCMapi.
Copy any rules that you created in Outlook. To do this, follow these steps:
On the Tools menu, click Rules and Alerts.
In the Rules and Alerts dialog box, click Options.
In the Options dialog box, click Export Rules. Note the location where you save the rules.
Use MFCMapi to remove all rules that are applied to the mailbox. To do this, follow these steps:
Open the folder to which you extracted MFCMapi, double-click mfcmapi, and then click OK.
On the Session menu, click Logon and Display Store Table.
If you are prompted to select a profile, click the profile name in the Profile Name list, and then click OK.
Double-click the mailbox that contains the inbox rules that you want to delete.
Expand Root Container, and then expand Top of information Store.
Note Outlook should be in Online mode to use MFCMAPI. If you see IPM_SUBTREE instead of Top of information Store, Outlook Cache mode is enabled. Disable Outlook Cache mode before you use MFCMapi.
Right-click Inbox, and then click Open Associated Contents Table.
The Open Associated Contents Table contains the hidden messages of the Inbox.
In the Inbox window, locate and then click the items that have the IPM.Rule.Message message class, and then click Delete.
Select Permanent delete passing DELETE_HARD_DELETE (unrecoverable) in the drop-down list, and then click OK.
Import the backed-up rules into Outlook. To do this, follow these steps:
On the Tools menu, click Rules and Alerts.
In the Rules and Alerts dialog box, click Options.
In the Options dialog box, click Import Rules.
Locate the rules that you copied in step 4, click Open, and then click OK.
Wednesday, April 20, 2011
Outlook 2007 printing problem
When we try to print emails from Outlook 2007 he gets the error message below:
"There is a problem with the selected printer. You might need to reinstall
this printer. Try again, or use a different printer."
Resolution: error is caused by microsoft update KB2509470. Uninstalling this will resolve the issue.
"There is a problem with the selected printer. You might need to reinstall
this printer. Try again, or use a different printer."
Resolution: error is caused by microsoft update KB2509470. Uninstalling this will resolve the issue.
Friday, April 15, 2011
How to enable Remote Desktop remotely
Run REGEDIT from Start>Run
Click on File, then select Connect Network Registry
Type the remote computer IP or host name in the Enter the object name to select and the click OK
If you don't have permission to access the remote computer, the logon screen will show up. Type the username and password for the remote computer. Then click OK.
Now, the remote computer is listed in the Registry Editor.
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server, in the right panel, seelct fDenyTSConnection (REG_DWORD). Change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled).
Close the registry
Click on File, then select Connect Network Registry
Type the remote computer IP or host name in the Enter the object name to select and the click OK
If you don't have permission to access the remote computer, the logon screen will show up. Type the username and password for the remote computer. Then click OK.
Now, the remote computer is listed in the Registry Editor.
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server, in the right panel, seelct fDenyTSConnection (REG_DWORD). Change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled).
Close the registry
Wednesday, February 9, 2011
Get Last logon of user in AD
Simple powershell script to display last logon of all users.
$searcher = New-Object DirectoryServices.DirectorySearcher([adsi]"")
$searcher.filter = "(objectclass=user)"
$users = $searcher.findall()
Foreach($user in $users)
{
if($user.properties.item("lastLogon") -ne 0)
{
$a = [datetime]::FromFileTime([int64]::Parse($user.properties.item("lastLogon")))
"$($user.properties.item(`"name`")) $a"
}
}
$searcher = New-Object DirectoryServices.DirectorySearcher([adsi]"")
$searcher.filter = "(objectclass=user)"
$users = $searcher.findall()
Foreach($user in $users)
{
if($user.properties.item("lastLogon") -ne 0)
{
$a = [datetime]::FromFileTime([int64]::Parse($user.properties.item("lastLogon")))
"$($user.properties.item(`"name`")) $a"
}
}
List all member of a group in AD
Simple VB script to display members of a group.
Copy the below code and edit as ur requirement and save it as extension .vbs
On Error Resume Next
Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo
arrMemberOf = objGroup.GetEx("member")
WScript.Echo "Members:"
For Each strMember in arrMemberOf
WScript.echo strMember
Next
Copy the below code and edit as ur requirement and save it as extension .vbs
On Error Resume Next
Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo
arrMemberOf = objGroup.GetEx("member")
WScript.Echo "Members:"
For Each strMember in arrMemberOf
WScript.echo strMember
Next
How to get last login time for Active Directory users
Copy the below code and save it as .vbs extension on desktop. You should change the second line, need to type your domain name
On Error Resume Next
sEnterDCs = "your domain name"
sObjects = Split(sEnterDCs, ",")
Set oDomain = GetObject("WinNT://" & sObjects(0))
oDomain.Filter = Array("User")
WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine
For Each oDomainItem In oDomain
sUsrLogin = oDomainItem.LastLogin
If UBound(sObjects) >= 1 Then
For ii = 1 To UBound(sObjects)
Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user")
If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin
Next
End If
WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin)
Next
Final Step :-
Now your script file in desktop with the extension of .vbs . Then go to the command prompt
C:\Documents and settings\userprofile\Desktop\>cscript savedscript.vbs > log.xls
On Error Resume Next
sEnterDCs = "your domain name"
sObjects = Split(sEnterDCs, ",")
Set oDomain = GetObject("WinNT://" & sObjects(0))
oDomain.Filter = Array("User")
WScript.Echo "Showing last login times of accounts from: " & oDomain.Name & vbNewLine
For Each oDomainItem In oDomain
sUsrLogin = oDomainItem.LastLogin
If UBound(sObjects) >= 1 Then
For ii = 1 To UBound(sObjects)
Set oUsr = GetObject("WinNT://" & sObjects(ii) & "/" & oDomainItem.Name & ",user")
If oUsr.LastLogin > sUsrLogin Then sUsrLogin = oUsr.LastLogin
Next
End If
WScript.Echo "Username: " & Left(oDomainItem.Name & Space(22),22) & "Last login: " & FormatDateTime(sUsrLogin)
Next
Final Step :-
Now your script file in desktop with the extension of .vbs . Then go to the command prompt
C:\Documents and settings\userprofile\Desktop\>cscript savedscript.vbs > log.xls
Subscribe to:
Posts (Atom)