Archive for the ‘Windows Server’ Category

Hi Folks,

today you’re often faced with IE compatibility issues – and of course with the technical solution of these problems.

Via GPO you’ve an easy way to roll-out compatiblity-view Settings in your Domain. You can set these values for machine and user context. Take a look at the users and computers settings.

Browse to:
User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer -> Compatibility View

Policy: “Use Policy List of Internet Explorer 7 sites / Richtlinienliste von Internet Explorer 7 Sites verwenden”

policyie
When using the policy take care of following points:

  • For IE8 there must be specified domain name and not server or subdomain name, ie “dargel.at” instead of “blog.dargel.at”
  • For IE9 there must be specified domain name or subdomain name, ie “dargel.at” or “blog.dargel.at”
  • There must be no final slash “/” , ie “dargel.at” instead of “dargel.at/”
  • These settings are used, but are not visible in the user GUI

    FYI: The list ends up in the following registry key configured:
    HKCU\Software\Policies\Microsoft\Internet Explorer\Browser Emulation\Policy List
    and contains for each configured domain a REG_SZ value.

Cheers,

Chris

Hey Folks,
here is an example to easy set ACLs on a Windows fileserver by importing path an permissions from a CSV file:

$Permissions = Import-Csv e:\permissions.csv -delimiter '|'
ForEach ($line in $Permissions)
{
 $acl = Get-Acl $line.Path
 $acl.SetAccessRuleProtection($True, $False)
 $rule = New-Object System.Security.AccessControl.
FileSystemAccessRule($line.Group,"Modify","ContainerInherit, ObjectInherit",
 "None", "Allow")
#-------------------------------------------------------------
# The above line can be edited like the reference at the end.
#-------------------------------------------------------------
 $acl.AddAccessRule($rule)
 Set-Acl $line.Path $acl
 }

The CSV has to look like this:

Path|Group
e:\folder1\subfolder1|domain\group1
e:\folder1|subfolder2|domain\group2
e:\folder2|subfolder1|domain\group3
e:\folder2|subfolder2|domain\group4

Reference Table:

Subfolders and Files only InheritanceFlags.ContainerInherit, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly
This Folder, Subfolders and Files    InheritanceFlags.ContainerInherit, InheritanceFlags.ObjectInherit, PropagationFlags.None
This Folder, Subfolders and Files InheritanceFlags.ContainerInherit, InheritanceFlags.ObjectInherit, PropagationFlags.NoPropagateInherit
This folder and subfolders InheritanceFlags.ContainerInherit, PropagationFlags.None
Subfolders only InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly
This folder and files InheritanceFlags.ObjectInherit, PropagationFlags.None
This folder and files InheritanceFlags.ObjectInherit, PropagationFlags.NoPropagateInherit

Source: http://powershell.nicoh.me/powershell-1/files-and-folders/set-folders-acl-owner-and-ntfs-rights

Cheers, Chris

Hi folks,

I wrote less in the past month because I focused on work and Microsoft certification.The certification path was very straight – upgrading skills from MCITP to MCAS Server 2012 followed by the two Server Infrastructure exams 70-413 and 70-414.

MCSA    MCSE

In the next monts I’ll go forward to MCSE Messaging and Communications with Exchange 2013 and Lync 2013 and I’ll keep blogging about infrastructure and messaging topics.

Next week I’ll post some experiences I made with my new Nokia Lumia 920 with Windows Phone 8.

Cheers,

Chris

Hi folks,

for several reasons you have to do an export of users with some attributes. To do this easily you can use CSVDE (Comma Separated Value Data Exchange) to export users from specified OUs to an CSV file:

csvde.exe -m -n -u -f c:\temp\userexport_ou01.csv -d “ou=01,dc=yourdomain,dc=com” -l “samaccountname,sn,mail,msexchhomeservername”

Thanks to Yusuf for his great export article -> Yusufs Directory Blog

Cheers,

Chris

Yesterday I got a problem while migrating a fileserver cluster from Windows 2003 to Windows 2008 R2.

We wanted to migrate a big fileserver cluster with several volumes by mirroring the SAN LUNs, break the mirrors and mount them to the new Windows 2008 R2 fileserver.

After mounting the partitions to the new cluster we set up a new virtual fileserver and created some shares. With one partition/share we run in the following error:

The shared ressource is not available.

After some investigation we figured out that the SYSTEM group doesn’t had permissions on the partition at root level so the cluster service running with local system account can’t initialize the share.

After adding SYSTEM at root level with full access sharing of this partition was possible:

Cheers,

Chris

A couple of days ago I had a problem with an Exchange Server running out of space. I controlled database and logfile partitions and could not detect anything suspicious.

After some researches I figured out Volume Shadow Copies require much space because a backup job didn’t finish succesful and leave the VSS data on disk.

In my case vssadmin deleteshadows didn’t work, too. After some investigation I found a way to delete the Shadow Copies with the command line for WMI – WMIC

http://technet.microsoft.com/en-us/library/cc787035%28v=ws.10%29.aspx

In summary you have to do the following

  • Start an elevated commandline window
  • Type in wmic and press enter
  • wmic:root\cli is shown
  • Type in shadowcopy which will list the current shadow copies
  • Type in shadowcopy delete and confirm to delete the copies one after the other
  • To leave the WMI commandline type exit

Cheers,

Chris

Hi,

to locate the server responsible for a FSMO role open ADSI-Edit. The responsible attribute is in every case:

fSMORoleOwner

PDC-Emulator role
Naming context: DefaultNamingContext
Path: DC=DOMAIN,DC=LOCAL
(Right-click – properties -> fSMORoleOwner)

RID Master role
Naming context: DefaultNamingContext
DC=DOMAIN,DC=LOCAL,CN=System,CN=Rid Manager$
(Right-click – properties)

Schema Master role
Naming context: Schema
DC=DOMAIN,DC=LOCAL
(Right-click – properties -> fSMORoleOwner)

Infrastructure Master role
Naming context: DefaultNamingContext
DC=DOMAIN,DC=LOCAL,CN=Infrastructure
(Right-click – properties -> fSMORoleOwner)

Domain Naming Master role
Naming context: Configuration
CN=Configuration,DC=DOMAIN,DC=LOCAL,CN=Partitions
(Right-click – properties -> fSMORoleOwner)

Cheers,

Chris

Today I got faced with a problem concerning a Windows Printserver. After a new printer was installed, the spooler services crashed again and again and generating registry events with ID 4097 and the source HpTcpMon (hptcpmon.dll).

After looking for changes made by the new printer, i figured out, that a new local port (HpTcpMon) was installed. To resolve this issue, I deleted the value in the registry.
1.Start Registry Editor

2. Locate  following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\

3. Check the following registry key for third-party port monitors, and remove the monitor mentioned in the event ID.

The Windows default port monitors should not be deleted. The default ports are:

AppleTalk Printing Devices (if services for Macintosh is installed)
BJ Language Monitor
Local Port
PJL Language Monitor
Standard TCP/IP Port
USB Monitor
Windows NT Fax Monitor

5. Expand Computer Management, expand Services and Applications, and then click services.

6. Right-Click Print Spooler, and then click Restart.
Cheers,
Chris

Today I had to extend the partition of a Windows 2003 Server.

In the past I did this several times with diskpart:

diskpart.exe -> list volumes
select volume [number of the partition to extend]
extend volume size=[SIZE TO EXTEND in MB]

After doing this, diskpart and the Windows Disk Management show the extended size but Windows Explorer didn’t so. A colleague pointed a KB article to me which described this behaviour.

You have type in another diskpart command (brought with SP2 – otherwise there is a hotfix):

diskpart.exe
select volume [number of the partition to extend]
extend filesystem

Now the whole space could be seen in the Explorer, too.

Read more:
KB325590
KB832316

Cheers,

Chris