Archives for November 2013

Remote Desktop IP Virtualization networking adapter

So I was setting up Remote Desktop IP Virtualization for a customer. Since Microsoft removed the TS configuration console (TSConfig.msc) with Windows 2012. How do I do the configuration now. Well one way that you could have used before to is a GPO, this also gives the benefit of that all servers will be configured the same.

So when I was configuring the GPO setting I noticed this small gotcha:

This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example, 192.0.2.96/24.

So what is strange with this. Well not really strange, but could I really be forced to enter the IP of the server? No, as long as the network ID / subnet match it will work. So for the example that Microsoft provided I would have used 192.0.2.0/24 instead.

Select the network adapter to be used for Remote Desktop IP Virtualization

The insensitive hash table

So we needed analyze a case-sensitive text. We decided to store hold each word in a hashtable. That is simple enough.

Name Value
The 2
ice 1
over 1
flew 1
little 1
fox 1

But what the.. We needed it case-sensitive but the hashtable thought The and the was the same.. So what now. By using changing @{} to the full form New-Object System.Collections.Hashtable we switch it to the case-sensitive form. Lets try again.

Name Value
the 1
fox 1
ice 1
The 1
flew 1
little 1
over 1

How to demote a Domain Controller

So you might have a system hardcoded to talk with that domain controller. Now you need to find which servers are talking to the domain controller.

  1. Disable dynamic DNS
  2. So now clean up the DNS of that domain controller so no more clients will talk to the server by DNS queries.
  3. Wait a couple of days.
  4. Then use Network monitor to check if any and which clients are still talking to the server.
  5. For DNS you can use my script from the blog post about DNS logging.
  6. Continue to remove systems that are still using the Domain Controller.
  7. When you give up or is done. You can now remove the domain controller.
  8. Depending on which Windows version you have you have the option of dcpromo or the Server Manager.

How to Prevent Domain Controllers from Dynamically Registering DNS Names

Update: Since I wrote this Pierre Audonnet has written about this too given the following suggestions.

Playing with NTFS permissions

So if you need to see what the different parts mean look at my earlier post about icacls rights.

What is needed for

Allow users to create folders but not see all if Access Based Enumeration is enabled. Good for home folders.

Remove all rights for the SID for Authenticated users below and on all files / Folders below.

Grant the Creator fullcontrol of new folders

Icacls rights

These are the simple rights

Short form Long Name Explorer Checkboxes
Short form Long Name Explorer Checkboxes
N No Access None
F Full access Full Control
M Modify access Modify/ Read & Execute/ List folder contents/ Read
RX Read and execute access Read & Execute/ List folder contents/ Read
R Read-only access Read
W Write-only access Write
D Delete access Hidden under Special permissions

These are the specific rights

Short form Long Name Explorer Checkboxes
Short form Long Name Explorer Checkboxes
DE Delete Delete
RC Read control Read permissions
WDAC Write DAC Change permissions
WO Write owner Take ownership
S Synchronize ?
AS Access system security ?
MA Maximum allowed ?
GR Generic read List folder / Read data / List folder / Read data / Read extended attributs / Read permissions
GW Generic write Create files / Write data / Create folders / Append data / Write Attributes / Write extended attributes / Read Permissions
GE Generic execute Traverse folder / Execute file / Read Permissions
GA Generic all All Checked (Full control)
RD Read data/ List directory List Folder / Read data
WD Write data / Add file Create files / Write data
AD Append data / Add subdirectory Create folders / Append data
REA Read extended attributes Read extended attributes
WEA Write extended attributes Write extended attributes
X Execute / Traverse Traverse folder / Execute file
DC Delete child Delete subfolders and files
RA Read attributes Read attributes
WA Write attributes Write attributes

Inheritance

Short form Long Name
Short form Long Name
OI Object inherit
CI Container inherit
IO Inherit only
NP Dont propagate inherit
I permission inherited from parent container

So when you do simple rights in explorer it will select both OI and CI. Which means all files and folders and the current folder.

 

Remove unwilling B2D device in Backup Exec

So you are using Backup Exec 2012 and are having problems with a ghost B2D folder.. You can’t seem to be able to remove it. You get an error like:

Remove-BEDiskStorageDevice : Unable to delete the disk storage. The device (or Backup Exec server) cannot be deleted because existing jobs or selection lists remain.  You must select another target for these jobs or selection lists before you can delete the device or Backup Exec server.

[Read more…]

Using %USERNAME% in a DFS link path

So I was reading on technet social a question about using environment variables in DFS paths. In this case he wanted to use the %username% variable. I have also thought about how nice that could be, a little magic. And all users could have the same URN for there homedirectory. Just think how nice \\domain.local\dfs\MyHome feels. Well on with the blog, you cant. It doesn’t work. [Read more…]

Clean users email addresses from old domains

So you have lots of domains in your exchange environment that you don’t use anymore. Well you remove them from the accepted domains and what do you know. They still exist on all the users. So how do we clean this up. Well I wrote a small Powershell script that does just that.

Lets start with getting all accepted domains:

And now just list all addresses that are wrong:

And now just rerun the script altered so it removes the addresses instead:

[Read more…]

Moving a fileshare on the same server

So I saw a question on Social Technet and decided to answer it. So how do I move a server share from one drive to another in the same computer.

First we need to have the data on the new location. I prefer to use robocopy with a minimum of /E /COPYALL.

To make sure nobody changes the data during the final copy I suggest stopping the server service. So now the data is migrated, what about the share then. Since we know that to migrate shares between servers by dumping the registry, just changing the path is simple.

[Read more…]

Dumping shares from the registry

Most people know that dump all shares on a server to a .reg file to be able to add them to another server.

Where do Windows store all the shares?

Windows stores the share information in the registry.

Registry LanmanServer Shares

So how can I easily export the shares to a file

Im a powersheller, isnt there a cmdlet?

If you are fortunate enough to run Windows 2012 or later you have Get-SMBShare and Get-SmbShareAccess.

Get the shares back now then

If you have exported the share to a registry file. Well just reimport the regfile. And restart the Server service.

Well if you are running 2012 or later on both the origin and destination server you could build a simple script with New-CIMSession, Get-SMBShare, Get-SMBShareAccess and New-SMBShare.