Skip navigation

Windows Tips & Tricks UPDATE--March 21, 2005

Windows Tips &amp Tricks UPDATE, March 21, 2005, —brought to you by the Windows IT Pro Network and the Windows 2000 FAQ site

Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Tips & Tricks UPDATE.

TNT: Download a Tool that will Benefit any Sys Admin

Quantify the Business Benefits of ITSM

Sponsor: Download a Tool that will Benefit any Sys Admin

Are you searching for an affordable real-time monitoring toolset that will support your proactive system management objectives? Start NOW and download ELM Enterprise Manger from TNT Software. Within an hour, you will experience for yourself why ELM is recognized as the tool that will benefit any System Administrator. Before the 30 Day full feature trial is completed, the Monitoring, Alerting and Reporting will have saved you time and provided you the data for prompt corrective action. Be Proactive; and download ELM Enterprise Manager from the link below:


  • Q. Where are universal groups stored?
  • Q. How can I add static computers to Microsoft Systems Management Server (SMS) collections?
  • Q. Under which user accounts do the various Group Policy scripts run?
  • Q. How can I create a custom Microsoft Windows Preinstallation Environment (WinPE) 2004 installation that includes integrated Windows Management Instrumentation (WMI), Windows Script Host (WSH), and ADO?
  • Q. How can I create a bootable International Organization for Standardization (ISO) image from a temporary Microsoft Windows Preinstallation Environment (WinPE) 2004 installation?

by John Savill, FAQ Editor, [email protected]

In this issue, I tell you where universal groups are stored and how to add static computers to SMS collections. You'll also learn which user accounts the various Group Policy scripts run under. Finally, I discuss creating a custom WinPE installation, then creating a bootable ISO image from that WinPE installation.

Sponsor: Quantify the Business Benefits of ITSM

As organizations focus on aligning IT infrastructures to support business needs, IT managers must have the processes and tools to ensure that the infrastructure keeps pace with business needs and provides guaranteed levels of service at predetermined costs. This free white paper explores how to meet IT infrastructure’s needs and manage crucial support and service processes by implementing Help Desk, problem, change, configuration, and service-level agreement (SLA) management into a single workflow. Improve productivity and service delivery quality while reducing costs, resources, and downtime in your organization. Download now!


Q. Where are universal groups stored?

A. Universal groups are stored in the Global Catalog (GC), but does an additional database exist that stores only universal groups and is replicated among all GCs? Remember, GCs store a full copy of their local domain's partition and a subset of the domain database of every other domain in the forest (the only attributes stored are those defined in the partial attribute set). There is no additional database on top of the partial copies of every domain. Universal groups are created in a container within a specific domain, and their member attributes are replicated as part of the partial database stored on GC servers, whereas the member attributes of regular groups (e.g., global, local) aren't replicated as part of the partial database. Therefore, the partial database copy that's stored on every GC server knows the membership of every universal group from every domain in the forest. This functionality lets GCs store universal groups. The universal group membership is stored in the domain in which the universal group was created, and the partial copy of the domain is stored on every GC throughout the forest. You can use the ADSI Edit tool to view this setup by performing these steps:

  1. Start ADSI Edit (Start, Run, adsiedit.msc).
  2. Right-click the root of ADSI Edit and select "Connect to".
  3. Enter a name for the connection (e.g., Partial Retail Domain), as the figure at shows. In the Connection Point section, select "Select or type a Distinguished Name or Naming Context" and enter the distinguished name (DN) of the partition to view (e.g., dc=retail,dc=savilltech,dc=com). In the Computer section, enter the name of the GC server that isn't a domain controller (DC) for the partition you selected.
  4. Click Advanced.
  5. Under Protocol, select Global Catalog and click OK.
  6. Click OK at the main dialog box.
  7. Expand the new partition under ADSI Edit until you see the container that holds the universal group you want to view.
  8. Right-click the universal group and select Properties.
  9. Notice that the member attribute contains the users from all domains. If you look at a group that isn't a universal group, its member attribute will be empty.

Q. How can I add static computers to Microsoft Systems Management Server (SMS) collections?

A. Typically, SMS collections are based on dynamic rules (i.e., the resources of the collections are based on the results of the queries used to build the collection). For example, a collection might contain all clients running Windows 2000, and the collection's membership is calculated at specific intervals. You can also add static machine entries to the collections by performing these steps:

  1. Start the Microsoft Management Console (MMC) SMS Administrator Console snap-in (Start, Programs, Systems Management Server, SMS Administrator Console).
  2. Right-click the collection for which you want to add static members and select Properties from the context menu.
  3. Select the Membership Rules tab.
  4. Click the computer icon to add a direct membership rule, as the figure at shows.
  5. Click Next to start the Create Direct Membership Rule Wizard.
  6. Enter the search criteria. For example, to list all server NetBIOS names, you'd select System Resource in the "Resource class" field and Netbios Name in the "Attribute name" field, and specify a value of % (which is the wildcard character), as the figure at shows. Click Next.
  7. Click Browse to select the Collection (e.g., All Systems) in which to search for systems that match the search criteria. Click Next.
  8. 8
  9. You'll see a list of resources that match the search criteria. Select the check boxes for the machines you want to be static members of the collection, as the figure at shows. Click Next.
  10. Click Finish.
  11. The new static rule will now be displayed in the membership rules area. Click OK.
  12. Right-click the collection and select "Update collection membership". Right-click again and select Refresh to display the new member machines.

Q. Under which user accounts do the various Group Policy scripts run?

A. Group Policy supports four main types of scripts: computer startup, computer shutdown, user logon, and user logoff. The computer startup and shutdown scripts execute under the local system account; user logon and logoff scripts run as the current user account.

Q. How can I create a custom Microsoft Windows Preinstallation Environment (WinPE) 2004 installation that includes integrated Windows Management Instrumentation (WMI), Windows Script Host (WSH), and ADO?

A. The default WinPE 2004 installation doesn't support WMI, WSH, or ADO. To create a WinPE 2004 instance with these components, perform the following procedure. In this example, the base WinPE 2004 CD-ROM has been copied to a F:\temp\pe2004 folder.

  1. Use a command line to change to the folder that contains the WinPE CD-ROM (e.g., F:\temp\pe2004\winpe).
  2. Run the mkimg.cmd command, specifying the path for a Windows XP Service Pack 2 (SP2) installation (e.g., D: for the CD-ROM), the target folder to create, and the /wmi parameter, as this example shows: mkimg.cmd y: f:\temp\pe2004wmi.tmp /wmi
  3. Run the buildoptionalcomponents.vbs command to create a structure that has the additional files needed for the WMI, WSH, and ADO components. Buildoptionalcomponents.vbs /ado /hta /wsh /s:y: /d:f:\temp\peoptcomp
  4. Copy the content from the new component folder (F:\temp\peoptcomp) to your temporary WinPE build location (F:\temp\pe2004wmi.tmp). You can combine steps 3 and 4 if in step 3 you specify /d as the temporary WinPE build location. Then you don't need to manually copy the files.
  5. If you want to connect to a Microsoft SQL Server database, you need to copy two additional .dll files to the temporary WinPE build location. (You can find these files on any XP installation.) Assuming your temporary WinPE build location is f:\temp\pe2004wmi.tmp, copy the files to the following locations: F:\temp\pe2004wmi.tmp\program files\common files\system\ole db\sqloledb.rll F:\temp\pe2004wmi.tmp\I386\system32\dbnmpntw.dll
  6. Edit startnet.bat in the \system32 folder of the temporary WinPE folder by adding an oc.bat line to the end file, as this sample startnet.bat file shows:
  7. factory -winpe
    @echo off
    echo IMPORTANT-READ CAREFULLY: The Microsoft Windows Pre-Installation Environment
    echo (the "Software") is protected by copyright laws and international copyright 
    echo treaties, as well as other intellectual property laws and treaties. The 
    echo Software is licensed, not sold. In order to install and use the Software, you
    echo must have executed with Microsoft an appropriate license agreement ("License 
    echo Agreement") for the Software. IF YOU HAVE NOT SIGNED A LICENSE AGREEMENT, 
    echo INSTALL, COPY, 
    echo You are permitted to remove this paragraph from the startnet.cmd, provided that
    echo you acknowledge and agree to the foregoing statements. 

    You now have a flat-file WinPE instance that contains integrated WMI, WSH, and ADO components. You can use the WBEMTest utility to view WMI support in an installation (use the "Wnum Classes..." option with the cimv2 namespace) when you boot into this WinPE instance. If you'll use WinPE with Microsoft Systems Management Server (SMS) OS Deployment Feature Pack, you need to copy the winbom.ini file, which by default is at the root of the WinPE temporary folder, to the \i386\system32 folder of your WinPE installation and add the "Quiet=Yes" line to the \[WinPE\] section of the file, as this example shows:


    If you fail to update and copy the winbom.ini file when you boot to the custom WinPE installation, you'll be prompted during the installation for how you want to shut down the WinPE environment.

    If you decide to integrate this WinPE installation into a Microsoft Remote Installation Services (RIS)-based environment, you need to ensure that the account that RIS uses doesn't have write access to the remote installation share because the first machine to boot will build its WMI repository and write it back to the RIS source, potentially rendering it unusable for other machines.

    Q. How can I create a bootable International Organization for Standardization (ISO) image from a temporary Microsoft Windows Preinstallation Environment (WinPE) 2004 installation?

    A. If you've created a custom WinPE 2004 instance and you want to create a bootable ISO file (which you could then burn to CD-ROM), run the following command from the WinPE folder (e.g., f:\temp\pe2004\winpe): oscdimg.exe -h -lVRMWPE_EN -n f:\temp\pe2004wmi.tmp f:\temp\pe2004wmi.iso where F:\temp\pe2004wmi.tmp is the temporary WinPE folder from which you want to create an ISO file, F:\temp\pe2004wmi.iso is the name of the ISO file, is the boot sector to use, and -l followed by a name is the volume name.

    Events and Resources
    (A complete Web and live events directory brought to you by Windows IT Pro: )

  8. Improve Service Levels and Maximize IT Staff Efficiency

  9. Keeping your IT infrastructure on course can be a challenge given the complexity of servers, infrastructure, and application software. In this free Web seminar, learn practical techniques to monitor and manage your infrastructure applications, such as Active Directory and Exchange.

  10. Get Ready for SQL Server 2005 Roadshow in a City Near You

  11. Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

  12. Exchange, Retention, and Regulatory Compliance

  13. The advent of Sarbanes-Oxley, Gramm-Leach-Bliley, and assorted market-specific regulations means that you may be legally required to have an email compliance and retention policy. In this free Web seminar, Exchange MVP Paul Robichaux will teach you to discover, manage, and archive information within your Exchange enterprise to successfully limit your legal exposure and protect your corporate information. Sign up today!

  14. New eBook--Windows Certification and Public Keys

  15. PKI offers strong security services to internal and external users, computers, and applications. In this free eBook, you’ll discover a starting point for understanding the PKI and certificate services available in Windows Server 2003. Download it now and learn about trust relationships, validating digital certificates, and more.

  16. Don't Miss Out--SQL Server Administration for Oracle DBAs On-Demand Web Seminar

  17. Sign up now for this free Web seminar and get a quick start in mapping Oracle database-management skills, knowledge, and experience to SQL Server database management. Learn about the varying similarities and differences between Oracle and SQL Server and get a preview of real-world tips and techniques for managing these associated technologies. Register now!

    (from Windows IT Pro and its partners)

  18. Get Windows IT Pro at 44% Off!

  19. Windows & .NET Magazine is now Windows IT Pro! Act now to get an entire year for just $39.95--that's 44% off the cover price! Our March issue shows you what you need to know about Windows Server 2003 SP1, how to get the best out of your IT staff, and how to fight spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0. This is a limited-time, risk-free offer, so click here now:

  20. Vote for the Next MCP Hall of Famer

  21. Help decide who the most valuable member of the MCP community is. Take the time to reward excellence to those that deserve it and to make yourself a part of the first-ever MCP Hall of Fame. Voting only takes a few seconds, so cast your vote now for Round 2. Click here:

    Sponsored Link

  22. Exclusive Online Event: Email Protection at the Perimeter!

  23. Sign up today for this free online product demonstration and see the ePrism M500 from St. Bernard Software in action.

    Contact Us
    Here's how to reach us with your comments and questions:

This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.