Windows Tips & Tricks UPDATE, April 4, 2005, —brought to you by the Windows IT Pro Network and the Windows 2000 FAQ site
Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.
This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Tips & Tricks UPDATE.
Download a Tool that will Benefit any Sys Admin
Symantec ON iPatch - Automated Patch Management
Sponsor: Download a Tool that will Benefit any Sys Admin
Are you searching for an affordable real-time monitoring toolset that will support your proactive system management objectives? Start NOW and download ELM Enterprise Manger from TNT Software. Within an hour, you will experience for yourself why ELM is recognized as the tool that will benefit any System Administrator. Before the 30 Day
full feature trial is completed, the Monitoring, Alerting and Reporting will have saved you time and provided you the data for prompt corrective action. Be Proactive; and download ELM Enterprise Manager from the link below:
- Q. How can I use a command line to set IP address information on a client's NIC?
- Q. How can I move users between forests?
- Q. How can I use a script to determine the number of processors in a machine?
- Q. How do I run the DHCP service on a domain controller (DC) by using an account other than the DC's account?
- Q. How can I determine why the Microsoft Systems Management Server (SMS) client wasn't deployed to a particular workstation?
by John Savill, FAQ Editor, [email protected]
In this issue, I show you how to use a command line to set IP address information on a client's NIC. You'll learn how to move users between forests and how to use a script to determine the number of processors in a machine. I also explain how to run the DHCP service on a DC by using an account other than the DC's account, and finally, I tell you how to troubleshoot why the SMS client wasn't deployed to a particular workstation.
Sponsor: Symantec ON iPatch - Automated Patch Management
On its first "patch Tuesday" of 2005, Microsoft released three software updates to fix security holes in its popular Windows operating system. The software giant said that two of the patches carried a "critical" rating, its highest severity rating. The other was rated "important," one notch lower on the company's scale. Symantec ON iPatch is an easy-to-use patch management and remediation solution that reduces the time and complexity of protecting your business-critical systems. To learn more or download a trial visit us at:
Q. How can I use a command line to set IP address information on a client's NIC?
A. Windows Server 2003 and Windows XP provide the Netsh utility, which, among its many capabilities, can configure the IP properties of NICs. To set a static IP address, use this format:
netsh interface ip set address local static <IP address> <subnet mask> <gateway> <metric of gateway>as in the following example:
netsh interface ip set address local static 192.168.1.15 255.255.255.0 192.168.1.1 1(Some command lines wrap to two lines here because of space constraints.) To set a client's NIC DNS settings, run this command:
netsh interface ip set dns local static 192.168.1.150 primaryTo set a client back to DHCP, run these commands:
netsh interface ip set address local source=dhcp netsh interface ip set dns local source=dhcp
Q. How can I move users between forests?
A. Typically, the Windows 2000 Active Directory Migration Tool (ADMT) is the best option for moving users between forests because it can also migrate passwords. If you require more flexibility than ADMT offers, you can use a Microsoft tool called ClonePrincipal (Clonepr), which is designed for interforest user and group copying. (You might already be aware of MoveTree, which is a tool used for intraforest moves only, although it does maintain passwords.) You can download ClonePrincipal at http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/clonepr.asp . The tool consists of several script files that you can modify and a DLL that contains much of the tool's logic. ClonePrincipal copies user objects to the target forest instead of moving them, so the user object in the original forest is unaffected. ClonePrincipal can copy users from Windows NT 4.0 and Active Directory (AD) sources. It also populates the SIDHistory attribute, which helps maintain access to resources that the original account had, for example to files on a file server.
Q. How can I use a script to determine the number of processors in a machine?
A. You can use a Windows Management Instrumentation (WMI) script to easily ascertain the number of processors on a machine. To do so, use these VBScript commands in a script file:
Set oShell = WScript.CreateObject("WScript.Shell") Set oEnv = oShell.Environment("SYSTEM") WScript.Echo oEnv("NUMBER_OF_PROCESSORS")
Q. How do I run the DHCP service on a domain controller (DC) by using an account other than the DC's account?
A. After you install DHCP on a DC, for security purposes you might want to configure the DHCP service to run under a specific set of credentials other than the DC's computer account. When running on the DC account, the DHCP service could overwrite dynamic records that shouldn't be modified (e.g., the DC's service records), thereby posing a potential security risk. You can reduce this risk by running the DHCP service under alternate credentials, which you configure by running this command:
netsh dhcp server set dnscredentials <username> <domain> <password>You can use any account with this command; just make sure to set its password to not expire.
Q. How can I determine why the Microsoft Systems Management Server (SMS) client wasn't deployed to a particular workstation?
A. If the SMS client doesn't install on certain machines, you can determine the cause by performing these steps:
- Open the ccrretry.box folder under the inboxes folder of your SMS hierarchy (e.g., d:\sms\inboxes\ccrretry.box).
- Within the folder, you'll see a .ccr file for each machine on which the client has failed to install. Use Notepad to open the .ccr file for the machine you're troubleshooting.
- The .ccr file contains a "\[Request Processing\]" section. Within that section, you'll see a line that says "Last Error Code=". Note the error code number (e.g., 5).
- Open a command line (Start, Run, cmd.exe).
- Type net helpmsg <error number>
- The system returns the actual error (e.g., "Access Denied").
- You should now research the error to determine the problem. For example, if the error is "Access Denied," the SMS installation account might not have rights on the target PC.
- New NetOp Remote Control v 8.0
- Meet the Risks of Instant Messaging Head On in This Free Web Seminar
- Get Ready for SQL Server 2005 Roadshow in a City Near You
- Windows Connections 2005 Conference
- Overcoming "The Fiefdom Syndrome": How to Conquer the Turf Battles that Undermine Companies
- Keeping Critical Applications Running in a Distributed Environment
- Check Out the New Windows IT Security Newsletter!
- Group Policy Chat
- Quest Software
- NetOp – Control PCs from a USB Drive
Hot Release (advertisement)
Try it Free – New NetOp Remote Control v8.0 – Faster, more secure, remote access & support, PC inventory, file transfers and scripting. New Remote Management Console and security options to help you meet today's auditing and compliancy requirements. NetOp - Nothing comes remotely close. Try it today.
Events and Resources
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )
Don't overlook IM in your compliance planning. Attend this free Web seminar and learn how to minimize IM's authentication and auditability risks and prevent security dangers. You'll also receive a list of the top requirements to consider when choosing a secure IM solution. Sign up now!
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!
April 17-20, 2005, Hyatt Regency, San Francisco. Microsoft and Windows experts present over 40 in-depth sessions with real-world solutions you can take back and apply today. Don't miss Mark Minasi's entertaining and insightful keynote presentation on "The State of Windows" and your chance to win a 7-night Caribbean cruise! 800-505-1201.
Can your organization benefit by overcoming turf battles? Don't miss this opportunity to hear Robert J. Herbold, former COO of Microsoft and author of "The Fiefdom Syndrome," and Jim Davis, Senior VP, SAS. Join Business Finance in welcoming these thought leaders on Tuesday, April 19th at 11:00 a.m. EST. Register here:
Get up to speed fast with solid tactics you can use to fix problems you're likely to encounter as your network grows in geographic distribution and complexity, learn how to keep your network's critical applications running, and discover the best approaches for planning for future needs. Don't miss this exclusive opportunity--register now!
(from Windows IT Pro and its partners)
Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database! Click here to try a sample issue today:
It's easy to be overwhelmed by the large number of Group Policy settings and the variety of ways to apply them. In this chat, Ed Roth explains how his IT group uses Group Policy Objects (GPOs) for desktop management. Ed and Group Policy guru Darren Mar-Elia share their experience and answer your questions about deployment settings, folder redirection, standardization, security, updates, and much more. Ask them about the gotchas and the benefits and get answers you won't find anywhere else. The chat happens on April 14 at 12:00 PM EST. Visit the Microsoft Technical Chats page to join the chat or put it on your calendar.
Heading to Exchange from Notes or GroupWise? Get Expert Help!
Securely access PCs from your desktop, web, CE, or thumb drive
Here's how to reach us with your comments and questions:
- About the newsletter — [email protected]
- About technical questions — http://www.windowsitpro.com/forums
- About product news — [email protected]
- About your subscription — [email protected]
- About sponsoring UPDATE — [email protected]
This email newsletter is brought to you by Windows IT Pro,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.