Read this Microsoft article:
http://support.microsoft.com/?kbid=922850
Friday, November 27, 2009
Tuesday, November 24, 2009
vSphere SSL Certificates generation
How to move SQL Server databases to a new location by using Detach and Attach functions in SQL Server
Read this article from MS knowledge base article
http://support.microsoft.com/kb/224071
http://support.microsoft.com/kb/224071
Saturday, November 21, 2009
Friday, November 20, 2009
How do you prevent users from configuring additional email accounts in Outlook
from http://windowsitpro.com/article/articleid/100237 we read:
In Microsoft Office Outlook 2007 and 2003, there’s no configuration setting in the UI to prevent secondary email accounts from being created. By default, users can add a POP3 account to their existing Outlook Exchange profile for example, assuming a POP3 server is reachable. However, you can add or configure registry keys on the workstation to prevent Outlook account creation by users. The keys differ depending on the account type you want to disable. You can implement them for individual users through HKEY_CURRENT_USER, like so HKEY_CURRENT_USER\Software\Microsoft\Office\\Outlook\Options
Depending on the version of Outlook you’re running, here are the version numbers to use: For Outlook 2007 use 12.0, for Outlook 2003 use 11.0, and for Outlook 2002 use 10.0.
After the HKEY_CURRENT_USER path, you’ll add DWORD values for the protocols you want to disable: for POP3 use DisablePOP3, for IMAP4 use DisableIMAP, for MAPI use DisableExchange, for HTTP use DisableHTTP, and for Other use DisableOtherTypes.
With these keys toggled on with a value of 1, the user will be unable to add new accounts of the type disabled. In Office 2007, if POP3, IMAP, and HTTP are disabled, then the Internet E-mail option for them in the Add New Internet E-mail Account box will be grayed out, when a user tries to create a new account using Tools, Account Settings, E-mail.
If you create or update installations using the Office Customization Tool (OCT) in Office 2007, or the Custom Installation Wizard or Custom Maintenance Wizard in Office 2003, you can configure this setting for new Office deployments or update current ones. In the OCT, the setting is found in Features, Modify user settings, Microsoft Office Outlook 2007, Miscellaneous, Prevent users from adding e-mail account types. Administrators can also distribute a .registry file to control new email account creation in Outlook. Registry files are easily distributed through logon scripts or application deployment products. The following is a sample .registry file that's used to disable POP3, IMAP, and HTTP on an Outlook 2007 workstation:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Outlook\Options]
“DisablePOP3” = dword:00000001
“DisableIMAP” = dword:00000001
“DisableHTTP” = dword:00000001
These configurations can also be implemented through Group Policy and the Outlook Group Policy administrative template, outlk12.adm. To download outlk12.adm, use the search term admintemplates.exe at download.microsoft.com. The configuration applied through Group Policy is identical to the OCT configuration with the exception of the registry key location. For Outlook 2007, the registry values would be placed under HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\12.0\OptionsNote that the policy entries take precedence over the individual custom registry entries applied with the OCT.
In Microsoft Office Outlook 2007 and 2003, there’s no configuration setting in the UI to prevent secondary email accounts from being created. By default, users can add a POP3 account to their existing Outlook Exchange profile for example, assuming a POP3 server is reachable. However, you can add or configure registry keys on the workstation to prevent Outlook account creation by users. The keys differ depending on the account type you want to disable. You can implement them for individual users through HKEY_CURRENT_USER, like so HKEY_CURRENT_USER\Software\Microsoft\Office\\Outlook\Options
Depending on the version of Outlook you’re running, here are the version numbers to use: For Outlook 2007 use 12.0, for Outlook 2003 use 11.0, and for Outlook 2002 use 10.0.
After the HKEY_CURRENT_USER path, you’ll add DWORD values for the protocols you want to disable: for POP3 use DisablePOP3, for IMAP4 use DisableIMAP, for MAPI use DisableExchange, for HTTP use DisableHTTP, and for Other use DisableOtherTypes.
With these keys toggled on with a value of 1, the user will be unable to add new accounts of the type disabled. In Office 2007, if POP3, IMAP, and HTTP are disabled, then the Internet E-mail option for them in the Add New Internet E-mail Account box will be grayed out, when a user tries to create a new account using Tools, Account Settings, E-mail.
If you create or update installations using the Office Customization Tool (OCT) in Office 2007, or the Custom Installation Wizard or Custom Maintenance Wizard in Office 2003, you can configure this setting for new Office deployments or update current ones. In the OCT, the setting is found in Features, Modify user settings, Microsoft Office Outlook 2007, Miscellaneous, Prevent users from adding e-mail account types. Administrators can also distribute a .registry file to control new email account creation in Outlook. Registry files are easily distributed through logon scripts or application deployment products. The following is a sample .registry file that's used to disable POP3, IMAP, and HTTP on an Outlook 2007 workstation:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Outlook\Options]
“DisablePOP3” = dword:00000001
“DisableIMAP” = dword:00000001
“DisableHTTP” = dword:00000001
These configurations can also be implemented through Group Policy and the Outlook Group Policy administrative template, outlk12.adm. To download outlk12.adm, use the search term admintemplates.exe at download.microsoft.com. The configuration applied through Group Policy is identical to the OCT configuration with the exception of the registry key location. For Outlook 2007, the registry values would be placed under HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Office\12.0\OptionsNote that the policy entries take precedence over the individual custom registry entries applied with the OCT.
Thursday, November 19, 2009
How to create a USB multi boot disk with Windows 7 and Windows Server 2008 R2
from http://blogs.technet.com/ferminsa/archive/2009/03/26/how-to-create-the-ultimate-usb-multi-boot-disk.aspx we read:
Step 1: Preparing the USB key
Since the WIM file we are creating (see Step 2) will be larger than 4 GB, the USB stick needs to be formatted with NTFS. In a command prompt with administrative rights, do the following ("clean" will permanently erase the contents of your USB key!!):
diskpart
list disk
select disk 1
clean
create partition primary
select partition 1
active
format fs=ntfs quick
assign
exit
The above assumes that the "list disk" command showed you two disks, "Disk 0" being your internal hard disk and "Disk 1" being the USB stick. Your system might be different. "clean" will permanently erase the contents of your USB key!! Ony my system, the "assign" command put my USB key on drive H:, this could also be different on yours.
Next, copy the contents for example of a Vista Windows 7 CD to your USB key:
xcopy f:\*.* /s /e /f h:\
Your USB key is now ready to go.
Step 2: Creating the "Monster WIM"
The WIM format introduced with Windows Vista is basically a container for one or more OS images. You can have a look into such a container by starting the WAIK command prompt (see your Windows start menu after installing WAIK) and entering the command "imagex.exe /info x:\sources\install.wim" (assuming x: is your DVD drive). The output will look something like this (some output snipped):
C:\Windows\system32>imagex.exe /info f:\sources\install.wim
ImageX Tool for Windows
Copyright (C) Microsoft Corp. All rights reserved.
WIM Information:
----------------
GUID: {a99a2697-00aa-47fb-a514-86e22cc1a7a6}
Image Count: 6
Compression: LZX
Part Number: 1/1
Attributes: 0xc
Integrity info
Relative path junction
Available Image Choices:
------------------------
2643418299
(snip)
Windows 7 SERVERSTANDARD
Windows 7 SERVERSTANDARD
ServerStandard
3637973169
Windows Server 2008 R2 Standard (Full Installation)
(snip)
(snip)
Windows 7 SERVERSTANDARDCORE
Windows 7 SERVERSTANDARDCORE
ServerStandardCore
995178928
Windows Server 2008 R2 Standard (Server Core Installation)
As you can see in the partial output above, the WIM contains 6 images; I've included the more important parts of the first two images. Creating the actual WIM is now straightforward enough:
imagex.exe /compress maximum /export f:\sources\install.wim 1 d:\temp\install.wim "Windows Server 2008 R2 Standard (FULL)"
imagex.exe /compress maximum /export f:\sources\install.wim 2 d:\temp\install.wim "Windows Server 2008 R2 Standard (CORE)"
Now insert the next DVD, say with Windows Server 2008 x64, and repeat the process (run "imagex.exe /info …" to see which images to get):
imagex.exe /compress maximum /export f:\sources\install.wim 1 d:\temp\install.wim "Windows Server 2008 Enterprise x64 (FULL)"
imagex.exe /compress maximum /export f:\sources\install.wim 2 d:\temp\install.wim "Windows Server 2008 Enterprise x64 (CORE)"
You don't have to worry about numbering in your newly created WIM file; imagex.exe will assign them automatically in ascending order. If you want to get rid of an image in your WIM, use:
imagex.exe /delete d:\temp\install.wim 1
Step 3: Copying the new WIM file to the USB key
All that remains to do is replacing the "install.wim" on your USB key with your customized one:
copy d:\temp\install.wim h:\sources
Select "Yes" if prompted to overwrite the existing install.wim.
Also take a look at this link http://g0b3ars.wordpress.com/2009/09/20/create-an-all-in-one-win7vistawindows-server-2008-discusb-stick/
Step 1: Preparing the USB key
Since the WIM file we are creating (see Step 2) will be larger than 4 GB, the USB stick needs to be formatted with NTFS. In a command prompt with administrative rights, do the following ("clean" will permanently erase the contents of your USB key!!):
diskpart
list disk
select disk 1
clean
create partition primary
select partition 1
active
format fs=ntfs quick
assign
exit
The above assumes that the "list disk" command showed you two disks, "Disk 0" being your internal hard disk and "Disk 1" being the USB stick. Your system might be different. "clean" will permanently erase the contents of your USB key!! Ony my system, the "assign" command put my USB key on drive H:, this could also be different on yours.
Next, copy the contents for example of a Vista Windows 7 CD to your USB key:
xcopy f:\*.* /s /e /f h:\
Your USB key is now ready to go.
Step 2: Creating the "Monster WIM"
The WIM format introduced with Windows Vista is basically a container for one or more OS images. You can have a look into such a container by starting the WAIK command prompt (see your Windows start menu after installing WAIK) and entering the command "imagex.exe /info x:\sources\install.wim" (assuming x: is your DVD drive). The output will look something like this (some output snipped):
C:\Windows\system32>imagex.exe /info f:\sources\install.wim
ImageX Tool for Windows
Copyright (C) Microsoft Corp. All rights reserved.
WIM Information:
----------------
GUID: {a99a2697-00aa-47fb-a514-86e22cc1a7a6}
Image Count: 6
Compression: LZX
Part Number: 1/1
Attributes: 0xc
Integrity info
Relative path junction
Available Image Choices:
------------------------
(snip)
(snip)
(snip)
As you can see in the partial output above, the WIM contains 6 images; I've included the more important parts of the first two images. Creating the actual WIM is now straightforward enough:
imagex.exe /compress maximum /export f:\sources\install.wim 1 d:\temp\install.wim "Windows Server 2008 R2 Standard (FULL)"
imagex.exe /compress maximum /export f:\sources\install.wim 2 d:\temp\install.wim "Windows Server 2008 R2 Standard (CORE)"
Now insert the next DVD, say with Windows Server 2008 x64, and repeat the process (run "imagex.exe /info …" to see which images to get):
imagex.exe /compress maximum /export f:\sources\install.wim 1 d:\temp\install.wim "Windows Server 2008 Enterprise x64 (FULL)"
imagex.exe /compress maximum /export f:\sources\install.wim 2 d:\temp\install.wim "Windows Server 2008 Enterprise x64 (CORE)"
You don't have to worry about numbering in your newly created WIM file; imagex.exe will assign them automatically in ascending order. If you want to get rid of an image in your WIM, use:
imagex.exe /delete d:\temp\install.wim 1
Step 3: Copying the new WIM file to the USB key
All that remains to do is replacing the "install.wim" on your USB key with your customized one:
copy d:\temp\install.wim h:\sources
Select "Yes" if prompted to overwrite the existing install.wim.
Also take a look at this link http://g0b3ars.wordpress.com/2009/09/20/create-an-all-in-one-win7vistawindows-server-2008-discusb-stick/
Wednesday, November 18, 2009
Update an ESXi Host Using Offline Bundles with the vihostupdate Utility
You can use the vihostupdate utility in conjunction with offline bundles or with a depot. This topic describes
the procedure using offline bundles.
Prerequisites
Before you can update or patch an ESXi host from the command line, you must have access to a machine on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere Management
Assistant (vMA) virtual appliance onto your ESXi host. For information about importing or installing the
vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
- First of all we must download the offline bundles from here
- Power off any virtual machines that are running on the host and place the host into maintenance mode.
- Find out which bulletins are applicable to the ESXi host.
• Search an offline HTTP server:
vihostupdate.pl --server --scan --bundle http:///rollup.zip
• Search the local machine:
vihostupdate.pl --server --scan --bundle /rollup.zip
The --server argument is the ESXi host name or IP address.
Do not specify more than one bundle ZIP file at the command line each time you run the command. If you
specify --bundle more than once, the command processes only the last file that was specified.
- (Optional) List all the bulletins that are available in the bundle.
• Search an offline HTTP server:
vihostupdate.pl --server --list --bundle http:///rollup.zip
• Search the local machine:
vihostupdate.pl --server --list --bundle /rollup.zip
This command lists all the bulletins contained in the bundle, even those that do not apply to the host.
- Install bulletins from the bundle on the ESXi host.
• Install from an offline HTTP server:
vihostupdate.pl --server --install --bundle http:///rollup.zip --bulletin bulletin1,bulletin2
• Install from the local machine:
vihostupdate.pl --server --install --bundle /rollup.zip –bulletin bulletin1,bulletin2
If you omit the --bulletin argument, this command installs all the bulletins in the bundle.
- Verify that the bulletins are installed on your ESXi host.
vihostupdate.pl --server --query
- (Optional) Remove individual bulletins.
vihostupdate.pl --server --remove --bulletin bulletin1
Use this option only for removing bulletins that are third-party or VMware extensions. Do not remove
bulletins that are VMware patches or updates. vihostupdate can remove only one bulletin at a time.
Uninstall a Bundle from a Host
Use this procedure to uninstall bulletins that are third-party or VMware extensions.
Do not remove bulletins that are VMware patches or updates.
Prerequisites
Before you can uninstall an update or patch from an ESXi host from the command line, you must have
access to a machine on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere
Management Assistant (vMA) virtual appliance onto your ESXi host. For information about deploying or installing the vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
- Determine which bulletins are installed on your ESXi host.
vihostupdate.pl --server --query
Note the bundle ID for the bundle to uninstall.
- Run the vihostupdate command.
vihostupdate --server --remove --bulletin
vihostupdate can remove only one bulletin at a time.
the procedure using offline bundles.
Prerequisites
Before you can update or patch an ESXi host from the command line, you must have access to a machine on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere Management
Assistant (vMA) virtual appliance onto your ESXi host. For information about importing or installing the
vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
- First of all we must download the offline bundles from here
- Power off any virtual machines that are running on the host and place the host into maintenance mode.
- Find out which bulletins are applicable to the ESXi host.
• Search an offline HTTP server:
vihostupdate.pl --server
• Search the local machine:
vihostupdate.pl --server
The --server argument is the ESXi host name or IP address.
Do not specify more than one bundle ZIP file at the command line each time you run the command. If you
specify --bundle more than once, the command processes only the last file that was specified.
- (Optional) List all the bulletins that are available in the bundle.
• Search an offline HTTP server:
vihostupdate.pl --server
• Search the local machine:
vihostupdate.pl --server
This command lists all the bulletins contained in the bundle, even those that do not apply to the host.
- Install bulletins from the bundle on the ESXi host.
• Install from an offline HTTP server:
vihostupdate.pl --server
• Install from the local machine:
vihostupdate.pl --server
If you omit the --bulletin argument, this command installs all the bulletins in the bundle.
- Verify that the bulletins are installed on your ESXi host.
vihostupdate.pl --server
- (Optional) Remove individual bulletins.
vihostupdate.pl --server
Use this option only for removing bulletins that are third-party or VMware extensions. Do not remove
bulletins that are VMware patches or updates. vihostupdate can remove only one bulletin at a time.
Uninstall a Bundle from a Host
Use this procedure to uninstall bulletins that are third-party or VMware extensions.
Do not remove bulletins that are VMware patches or updates.
Prerequisites
Before you can uninstall an update or patch from an ESXi host from the command line, you must have
access to a machine on which you can run the VMware vSphere Command-Line Interface (vSphere CLI). You can install the vSphere CLI on your Microsoft Windows or Linux system or import the VMware vSphere
Management Assistant (vMA) virtual appliance onto your ESXi host. For information about deploying or installing the vSphere CLI, see the VMware vSphere Command-Line Interface Installation and Reference Guide.
Procedure
- Determine which bulletins are installed on your ESXi host.
vihostupdate.pl --server
Note the bundle ID for the bundle to uninstall.
- Run the vihostupdate command.
vihostupdate --server
vihostupdate can remove only one bulletin at a time.
Tuesday, November 17, 2009
Event ID 1009 is logged on a Terminal Server License server in a Windows Server 2003-based domain
from http://support.microsoft.com/kb/885013 we read:
If this event is logged on the Terminal Server, you must make the registry changes on the Terminal Server. If this event is logged on the Terminal Services Licensing Server, you must make changes on the licensing server.
This symptom occurs if the following conditions are true:
* The Windows Server 2003-based domain has Windows Server 2003 Terminal Server License servers with Terminal Services Per User Client Access License (CAL) tokens installed.
* The Windows Server 2003-based domain has Windows Server 2003 Terminal Services servers running in Per User mode.
This issue occurs if the LicensingGracePeriodEnded registry entry is not set. The LicensingGracePeriodEnded registry entry suppresses the event messages that appear in the System log and ends the Terminal Services license count-down process
To resolve this issue, add the LicensingGracePeriodEnded registry entry to the registry. To do this, follow these steps:
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type LicensingGracePeriodEnded, and then press ENTER.
5. Right-click LicensingGracePeriodEnded, and then click Modify.
6. In the Edit DWORD Value box, make sure that the Value data box contains a NULL value (0), and then click OK.
7. Quit Registry Editor.
If this event is logged on the Terminal Server, you must make the registry changes on the Terminal Server. If this event is logged on the Terminal Services Licensing Server, you must make changes on the licensing server.
This symptom occurs if the following conditions are true:
* The Windows Server 2003-based domain has Windows Server 2003 Terminal Server License servers with Terminal Services Per User Client Access License (CAL) tokens installed.
* The Windows Server 2003-based domain has Windows Server 2003 Terminal Services servers running in Per User mode.
This issue occurs if the LicensingGracePeriodEnded registry entry is not set. The LicensingGracePeriodEnded registry entry suppresses the event messages that appear in the System log and ends the Terminal Services license count-down process
To resolve this issue, add the LicensingGracePeriodEnded registry entry to the registry. To do this, follow these steps:
1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type LicensingGracePeriodEnded, and then press ENTER.
5. Right-click LicensingGracePeriodEnded, and then click Modify.
6. In the Edit DWORD Value box, make sure that the Value data box contains a NULL value (0), and then click OK.
7. Quit Registry Editor.
Sunday, November 15, 2009
Script to list installed software on local computer
from http://myitforum.com/cs2/blogs/yli628/archive/2008/01/16/powershell-script-to-list-installed-software-on-local-computer.aspx
$a = New-Object -comobject Excel.Application
$a.visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = "Name"
$c.Cells.Item(1,2) = "Version"
$c.Cells.Item(1,3) = "Publisher"
$c.Cells.Item(1,4) = "InstalledOn"
$c.Cells.Item(1,5) = "HelpLink"
$c.Cells.Item(1,6) = "UninstallString"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True
$intRow = 2
$Keys = Get-ChildItem HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall
$Items = $keys |foreach-object {Get-ItemProperty $_.PsPath}
foreach ($item in $items)
{
$c.Cells.Item($intRow,1) = $item.Displayname
$c.Cells.Item($intRow,2) = $item.DisplayVersion
$c.Cells.Item($intRow,3) = $item.Publisher
$c.Cells.Item($intRow,4) = $item.InstallDate
$c.Cells.Item($intRow,5) = $item.HelpLink
$c.Cells.Item($intRow,6) = $item.UninstallString
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()
or you can try this in one line script
gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |Select DisplayName, DisplayVersion, Publisher, InstallDate, HelpLink, UninstallString |ogv
Wednesday, November 11, 2009
Tuesday, November 10, 2009
Your credentials do not work in Hyper-V manager
When you try to connect to a Hyper-V server in Workgroup mode from a client that belongs in either a workgroup or a domain you receive the message:
Your system administrator does not allow the use of default credentials to log on to the remote computer (computer name) because its identity is not fully verified. Please enter new credentials.
The fix is to allow saved credentials with NTLM-only server authentication on the Hyper-V client machine. You can do this in the Local Group Policy Editor.
* Run gpedit.msc on the client machine (Windows Vista or Windows 7)
* Expand Local Computer Policy > Computer Configuration > Administrative Templates > System > Credentials Delegation
* Double-click Allow Saved Credentials with NTLM-only Server Authentication
* Enable the policy
* Add servers to the list by clicking the Show button and adding your Hyper-V hostname like this: */YourServerName
* Add other servers to the list using the same method
* Click OK twice and close Local Group Policy Editor
* Now run GPUPDATE on the Hyper-V client machine to apply the new settings.
* Use cmdkey to save the credentials you use to connect to the remote server using this command: cmdkey /add:ServerName /user:UserName /pass:password
Your system administrator does not allow the use of default credentials to log on to the remote computer (computer name) because its identity is not fully verified. Please enter new credentials.
The fix is to allow saved credentials with NTLM-only server authentication on the Hyper-V client machine. You can do this in the Local Group Policy Editor.
* Run gpedit.msc on the client machine (Windows Vista or Windows 7)
* Expand Local Computer Policy > Computer Configuration > Administrative Templates > System > Credentials Delegation
* Double-click Allow Saved Credentials with NTLM-only Server Authentication
* Enable the policy
* Add servers to the list by clicking the Show button and adding your Hyper-V hostname like this: */YourServerName
* Add other servers to the list using the same method
* Click OK twice and close Local Group Policy Editor
* Now run GPUPDATE on the Hyper-V client machine to apply the new settings.
* Use cmdkey to save the credentials you use to connect to the remote server using this command: cmdkey /add:ServerName /user:UserName /pass:password
How to backup virtual machines using powershell
from http://prosjekt.mindre.net/post/Powershell-script-for-snapshot-and-exporting%28backup%29-Virtual-Machines.aspx download the CreateVmBackups.ps1 Powershell script. Set Powershell scripts execution policy to RemoteSigned and create a scheduled task for this script. To run a Powershell script in Task Scheduler enter Powershell as program and "& 'C:\Hyper-V\CreateVmSnapshots.ps1'" as argument.
Subscribe to:
Posts (Atom)