Tuesday, July 31, 2012

Windows Activation SLMGR

slmgr /rearm -to extend activation without a key for 30 more days 3 times up to 120 days
slmgr /ipk -install key
slmgr /ato -activate windows
slmgr /dli -KMS activation count from KMS host
slmgr /dlv -display license info
slmgr /xpr -display expiration date

RSA Basic Administration

ISA RSA Administration:

Using the Following for RSA VPN through ISA2006
· RSA 7.0 Management Console is installed on Server1
· RSA 6.1 Agent is installed on ISA2006 Server (Other Agents will not work on ISA2006)
· RSA 7.1 EAP Client is installed on VPN authorized Guest Systems

For Licensing and Main Administration Select the RSA Operations Console:
Log on using the RSA administrative credentials

For Users and Keyfob Administration Select the RSA Security Console:
Log on using the RSA administrative credentials

To add or manage a user :
From the Home Menu Select “Identity”> “Users” :

By default these queries are blank click “Search” at the bottom to run the query:

You can add a new user using the “Add New” button:

Fill in the user fields below and “Save”: 

Note the Password policy no @ or ~:

The new user will then be listed:

To add a key fob click on the arrow next to the user name and select SecurID Tokens:

Select “Assign Tokens”

Select the check box next to the token you want to assign and click “Assign”

You will then see a green checkmark alert that the token was successfully assigned:

To manage SecurID Tokens:
From the Home Menu Select “Authentication”> “SecurID Tokens”>”Manage Existing”:

You will see an Assigned and Unassigned Tab, on the Assigned tab you can see whom the key fob is assigned to as shown below:

To edit or unassign a token click on the arrow to the right of the token:

Monday, July 23, 2012

2008 DFS Basics

Jose Barreto's Blog Post Covers The Basics:


My Notes:

If you have an environment transitioning from 2003 to 2008. Once your domain controllers are all 2008 and you can use the proper domain and forest levels, rather than trying to convert a smaller 2000 DFS configuration I would consider starting DFS over with the following steps:

-document thoroughly your configuration.
-review what you have and what you don't need. (how many namespace servers are you using?)
-backup the data on both the primary and replica location
-log off users to make sure the data is not in use
-delete your old namespaces, namespace servers, and replications. (not the data!)
-recreate DFS using 2008 only namespace servers to rebuild your DFS paths
-carefully recreate your DFS replicas
-restart servers and desktops as necessary

Note: Just because you are referencing data on a server or system does NOT mean it needs to be a Nameserver. Think of Nameservers as DNS servers pointing you to the data not necessarily hosts of the data.

2008 Server Core Setup and RODC

2008 Server Core Initial Setup notes: Credit "Avi Samocha's Blog"

Set password for local admin –
Choose 'Other User' at the logon screen> type 'Administrator' with no password and press Enter > Follow the instruction to create a new password.

Run Sysprep (For deployment) –
Navigate to 'C:\windows\system32\sysprep' and run - sysprep /OOBE /Generalize /shutdown.

Disable/Enable Screen Saver and Screen Saver Lock –
Regedit: Navigate to HKEY_CURRENT_USER\Control Panel\Desktop and modify the 'ScreenSaverActive' & 'ScreenSaverIsSecure' Keys (0 to Disable, 1 to Enable).

Rename the Server –
netdom renamecomputer <ComputerName> /NewName:<NewComputerName>

Setup IP Configuration –
View Interfaces: netsh interface ipv4 show interfaces
Set IP for Interface: Netsh interface ipv4 set address "InterfaceName" static
Set DNS Server Addresses: netsh interface ipv4 add dnsserver name="InterfaceID" address="DNSIPAddress"
Run again for additional DNS Servers.

Join the computer to Domain –
netdom join "ComputerName" /domain:"DomainName" /userd:"UserName" /passwordd:"password"

Note:If you have trouble reaching the domain try checking your firewall settings or disabling it all together temporarily as listed below

EnableWindows Update –
Cscript c:\windows\system32\scregedit.wsf /au 4
Net stop wuauserv
Net start wuauserv
This will set the default configuration for Windows Update – 3AM update check. If you want to force update check run: Wuauclt /detectnow

Enable Remote Management on Firewall –
netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Disabling and Enabling Windows Firewall-
To disable the windows firewall –
netsh firewall set opmode disable
To enable the windows firewall –
netsh firewall set opmode enable

Enable Windows Remote Management (WinRM) –
winrm qc

Enable Remote Desktop –
cscript C:\Windows\System32\ Scregedit.wsf /ar 0
If Firewall Enabled –
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes

Installation of a Windows Server 2008 Core RODC:

Install DNS –
start /w ocsetup DNS-Server-Core-Role

Prepare DC Schema for RODC – (Skip if 2008 Only Server Environment)
On the Schema Master navigate to the following folder on Windows Server 2008 Media and run the following command:
X:\sources\adprep>adprep /rodcprep

Run Dcpromo with an unattended file for RODC Installation –
(dcpromo /unattend:<unattendfile>)
Sample of Unattended File for RODC Installation:

ReplicaDomainDNSName= DomainDNSName

You Server Core Initial Setup and RODC are Done!

Monday, July 16, 2012

Veeam Backup VSS errors

VSS errors using Veeam backup:

To disable local VSS data

Log onto VM as Administrator

Open Command Prompt as Administrator
Use vssadmin at the command prompt:

c:\Vssadmin list shadows

Which showed me what drive was using VSS

In the GUI though the drive was listed as shadow copies off but it still was using storage for VSS files.
Re-enabled VSS for that drive then immediately disabled it again which deleted the old VSS files and set me back to 0% used.

Alternatively I probably could have used vssadmin to delete the VSS files as well using the 
c:\vssadmin Delete Shadows 
c:\vssadmin Delete Shadow Storage 

I ran a restart of COM+ services from services.mmc which restarted all the other dependencies as well.

I  then reran veeam backup job and no more VSS errors.

However if  the next backup fails with “failed to delete oib….”  you will need to recreate the job, but you should not get the VSS errors anymore.