What is this collegue's login name?

What is this collegue's login name?

July 20, 2009

My collegues often forget to mention their logon account name when calling the helpdesk, and the helpdesk doesn't always ask either. I suppose they expect me to know all 1500+ accounts by heart.
With (native) Windows Server 2003 commands only:

    DSQUERY USER -name *lastname* | DSGET USER -samid -display
Note: Windows Server 2003's "DSTools" will work fine in Windows 2000 and XP too, when copied.
Keep in mind, however, that some Windows Server 2003 Active Directory functionality is not available in Windows 2000 Active Directories.
Who is logged on to a computer?

Who is logged on to a computer?

July 20, 2009

We often need to know who is currently logged on to a remote computer.
With native Windows commands only:

    NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"

The first name in the list usually is the logged on user (try playing with the NET NAME command to learn more about the names displayed by NBTSTAT).
This is the fastest way to find the logged on user name, and the results that you do get are correct, but NBTSTAT won't always return a user name, even when a user is logged on.

Using WMIC (Windows XP Professional and later):

    WMIC /Node:remotecomputer ComputerSystem Get UserName

This is arguably the most reliable (native) command to find out who is logged on.

With the help of SysInternals' PSTools:

    PSLOGGEDON -L \\remotecomputer

or:

    PSEXEC \\remotecomputer NET CONFIG WORKSTATION | FIND /I " name "

or:

    PSEXEC \\remotecomputer NET NAME

or:

    PSEXEC \\remotecomputer NETSH DIAG SHOW COMPUTER /V | FIND /i "username"

or:

    FOR /F %%A IN ('REG Query \\remotecomputer\HKU ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (
FOR /F "tokens=3 delims=\" %%B IN ('REG Query "\\remotecomputer\%%A\Volatile Environment"') DO (
SET LoggedinUser=%%B
)
)

NETSH and WMIC are for XP or later, and are the most reliable of all commands shown here.
WMIC requires WMI enabled remote computers and Windows XP on the administrator's computer; NETSH requires Windows XP on the remote computers.

PSLOGGEDON is a more accurate solution than NBTSTAT, but it will return the last logged on user if no one is currently logged on.

The NET and NBTSTAT commands show more or less identical results, but the NBTSTAT command is much faster.

The REG command is accurate, but may need to be modified depending on the version used. As displayed here, the code is written for REG.EXE 3.0 (XP).

If you want to search lots of computers for logged on users, I recommend you try NBTSTAT first (fast, but it won't always return the user name!), and only switch to NETSH, REG or WMIC (accurate) if NBTSTAT doesn't return a user name.

Credits: Jiří Janyška (WMIC command) and Matthew W. Helton (NETSH command).

How many users are logged on/connected to a server?

How many users are logged on/connected to a server?

July 20, 2009

Sometimes we may need to know how many users are logged on to a (file) server, like maybe when there is a performance degradation.
At the server's console itself, with native commands only:

    NET SESSION | FIND /C "\\"

Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"

By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Domain implementation and Group policies brief overview

Domain implementation and Group policies brief overview

July 19, 2009
Backing Up Domain Controllers

Backing Up Domain Controllers

July 09, 2009

It is important to back up your domain controllers to ensure their availability. Backing up a domain controller is like backing up a Microsoft® Exchange member server. The primary difference between backing up a domain controller and backing up an Exchange member server is that you do not have Exchange databases to consider when you back up a domain controller. The method that you use to back up your domain controller depends on the disaster recovery strategy you choose.

When you use Backup to back up the System State data of a domain controller, you also back up the Active Directory® directory service database. To back up the System State data of a domain controller that is running Active Directory, you can use the same procedure as you would for a server that is not a domain controller. However, you must also back up additional files, such as the Active Directory database and log files, and all other files for the system components and services on which Active Directory depends.

The following Active Directory files are part of a System State data backup of a domain controller. By default, these files are located in the Active Directory folder in %SystemRoot%\Ntds.

Active Directory files to back up

File type Definition

Ntds.dit

The Active Directory database.

Edb.chk

The checkpoint file.

Edb*.log

The transaction log files; each file is 10 megabytes (MB).

Res1.log and Res2.log

The reserved transaction log files.

In addition to the System State data, you must also back up the Microsoft Windows® boot partition and system partition when you perform either a Windows backup or a full computer backup of a domain controller.

Circular logging for Active Directory is enabled on domain controllers and cannot be turned off. If you lose all your domain controllers to a disaster and must restore a backup of Active Directory, you will lose data that was written to Active Directory after the backup set was made. Therefore, make regular backups of Active Directory. It is recommended that you back up one domain controller nightly.

Consider the following recommendations before you back up a domain controller:

  • Create a Windows backup set of at least one domain controller to preserve the Active Directory information which is vital to your Exchange servers. If you make changes to your Exchange organization such as (but not limited to) adding new servers, moving users, or adding new storage groups and databases, it is highly recommended that you make a new backup of a domain controller to preserve these changes to Active Directory. You can use the backup of a domain controller to restore the domain controller and the version of Active Directory that was on the domain controller at the time that it was backed up. Additionally, you can choose whether this Active Directory information replicates to other domain controllers. By default, the backup utility (Backup) in Windows Server 2003 performs non-authoritative restores of Active Directory information. Active Directory objects that are part of an authoritative restore replicate from the restored domain controller to the other domain controllers on the network. The Active Directory objects from the backup replace the Active Directory objects in the domain, regardless of the update sequence numbers (USNs). For more information about authoritative restores, see Microsoft Knowledge Base article 241594, "HOW TO: Perform an Authoritative Restore to a Domain Controller in Windows 2000."
  • Create Windows backup sets frequently enough to make sure that they are valid backups. If the date of your System State data backup exceeds the maximum age limit set in Active Directory, the backups are not valid, and your Windows Server 2003 operating system prevents you from restoring Active Directory. For more information, see Knowledge Base article 216993, "Useful shelf life of a system-state backup of Active Directory."
  • Re-create the failed domain controller and populate its copy of Active Directory through replication from the unaffected domain controllers in your organization, instead of restoring your data from a backup.
  • Perform a non-authoritative restore of Active Directory from backup, and then allow the other domain controllers on the network to update the restored domain controller. This method is especially useful when you have a slow link over which to replicate data, a large Active Directory database, or both.

network monitoring software WhatsUpGold

June 26, 2009
network monitoring software/
WhatsUp Gold - Network Monitoring Utility

WhatsUp Gold network management software monitors over 100,000 networks worldwide. At Ipswitch we’ve been dedicated to IT managers for over 15 years and listen to our customer’s network needs.

We strive to simplify your complex networks with easy to understand network management products coupled with excellent support from our own network engineers.

Description
===========
WhatsUp Gold monitors vital network elements and system
services and generates an alarm when there is a problem.
It also facilitates remote support and diagnosis by
providing beeper, pager, e-mail, and voice notifications
and allowing users to view the status of a network map
from a Web browser.

Designed for PCs operating with Windows NT 4.0 or later,
Windows 2000, 98, 95, Me, WhatsUp Gold can be installed
wherever needed and does not require expensive,
dedicated hardware. It will run in the background on your
PC. WhatsUp Gold will work with any 32-bit TCP/IP stack,
such as those bundled with Windows NT and Windows. You
can configure WhatsUp Gold and start monitoring your
network without any special training.


New Features (WhatsUp Gold 6.0x)
===============================
- Web Interface now allows web security per map.
- Updated User Interface - toolbars, icons and dialogs made
more user friendly and intuitive.
- Modified menu layout and context menus.
- Map Improvements: Maps are now vector-based graphics that allow
snap-to-grids, zoom in and out, and the ability to resize maps
independently. Map properties now have unlimited color choices.
- Log Improvements: Improved the log file display to allow
filtering, printing, saving and copying. Also improved the
management of the log file size.
- Customizable notification plug-in system
- Added an SNMP Viewer tool that lets you quickly view the status
of interfaces on an SNMP device.
- Performance Reports now allow on-demand reporting, and the ability
to generate an hourly performance report.
- Added a tool to receive syslog messages.

Installation
============
NOTE: To view performance graphs with WhatsUp Gold, you must
have the ODBC32.dll installed. (If you have Office 97/98/00
or Windows 2000 it is already installed.)

To install or upgrade WhatsUp Gold:
- If you purchased a WhatsUp Gold CD-ROM, insert the CD-ROM.
If it does not run automatically, click Start, select Run,
and then enter the CD path followed by Autorun.exe.
For example, d:Autorun.exe
- If you downloaded WhatsUp Gold from our web site, run the
downloaded application, wugoldec.exe.




Upgrading
=========
If you are upgrading from a previous version of WhatsUp
Gold or WhatsUp, you should note the following:
-- Back up any network maps (.db for WhatsUp and .wup for
WhatsUp Gold). (When you open a .db file in WhatsUp Gold,
the file is automatically converted to the .wup format
and saved with a .wup extension.)
-- Back up your SERVICES.INI and HOSTTYPES.INI files.
During installation, WhatsUp Gold will ask if you want
to overwrite your old SERVICES.INI and HOSTTYPES.INI
files; answer No.
-- Be sure that WhatsUp Gold has completely shut down
before doing an upgrade installation. If you exit
WhatsUp Gold during a poll, it may take up to 30 seconds
for WhatsUp Gold to remove itself from memory. If you
press Ctrl+Alt+Del, WhatsUp Gold will remain in the Windows
task list until it is removed from memory.
-- Defined notifications are stored in a file named
IPNOTIFY.INI in your Windows or NT directory.
This file is shared by other Ipswitch products and is
therefore not deleted or replaced when you upgrade.



Download here

Official Ways to Disable or Manually Uninstall the Microsoft Windows Genuine Advantage Notifications from Microsoft

Official Ways to Disable or Manually Uninstall the Microsoft Windows Genuine Advantage Notifications from Microsoft

June 22, 2009

has released step-by-step removal instructions to disable or manually uninstall pilot or pre-release version of Microsoft Windows Genuine Advantage (WGA) Notifications (KB905474) which is versions that range from 1.5.0527.0 to 1.5.0532.2, although the instructions can also be used to uninstall the updated release and general release of the anti-piracy tool, but it will not be supported. Instead, Microsoft recommends to install general release of WGA Notifications (1.5.0540.0) to replace and uninstall the pre-release version during the pilot program.



If you uninstall or WGA Notifications component in your Windows computer which is part of the Windows Genuine Advantage program, Microsoft will offer the general release version of WGA Notifications at a later date (actually is immediately if you check for updates via Windows Update) through the Microsoft Automatic Update service or Windows / Microsoft Update service. So you must unselect the updates or reject the EULA when asked to install again. Microsoft instructions can be found here, or listed below.

Disable WGA Notifications

  1. Log on to the computer by using an account that has administrative permissions.
  2. Make sure that the WGA Notifications version that exists on the computer is a pilot version listed above. The version format for the pilot version is 1.5.0532.x. In this case, you can uninstall versions 527-532 only (Note: the steps should disable other version of WGA Notifications too). To find the WGA Notifications version, follow these steps:
    1. Click Start, and then click Control Panel.
    2. Double-click Add or uninstall Programs, locate and then click Windows Genuine Advantage Notifications, and then click Click here for support information.
    3. In the Support Info dialog box, verify the version number, and then click Close.
  3. Rename the following files by changing the extension to .old:

Rename %Windir%\system32\WgaLogon.dll to %Windir%\system32\WgaLogon.old

Rename %Windir%\system32\WgaTray.exe to %Windir%\system32\WgaTray.old

  1. Restart the computer.

Uninstall WGA Notifications Manually

  1. Log on to the computer by using an account that has administrative permissions.
  2. Make sure that the WGA Notifications version that exists on the computer is a pilot version that range from 1.5.0527.0 to 1.5.0532.2 (Note: other versions should works too). To find the WGA Notifications version, follow these steps:
    1. Click Start, and then click Control Panel.
    2. Double-click Add or uninstall Programs, locate and then click Windows Genuine Advantage Notifications, and then click Click here for support information.
    3. In the Support Info dialog box, verify the version number, and then click Close.
  3. Rename the following files by changing the extension to .old:

Rename %Windir%\system32\WgaLogon.dll to %Windir%\system32\WgaLogon.old

Rename %Windir%\system32\WgaTray.exe to %Windir%\system32\WgaTray.old

  1. Restart the computer.
  2. Unregister LegitCheckControl.dll by using Regsvr32 with these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. At the command prompt, type the following, and then press ENTER:

Regsvr32 %Windir%\system32\LegitCheckControl.dll /u

  1. Restart the computer.
  2. Click Start, click Run, type cmd, and then click OK.
  3. At the command prompt, delete the following files by typing the Del command and follow by pressing ENTER after you type each command.

Del %Windir%\system32\wgalogon.dll

Del %Windir%\system32\WgaTray.exe

Del %Windir%\system32\LegitCheckControl.dll

  1. At the command prompt, type regedit.
  2. Locate and then right-click the following registry subkeys. Click Delete after you locate each subkey.
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\Notify\WgaLogon
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion\Winlogon\Notify\WgaLogon
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\removeremove\WgaNotify
Restart the computer