Skip navigation

Windows Tips & Tricks UPDATE--October 31, 2005

Windows Tips &amp Tricks UPDATE, October 31, 2005, —brought to you by the Windows IT Pro Network and the Windows 2000 FAQ site

Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Tips & Tricks UPDATE.

Replication for Windows & Cross-Platform Networks

Download a Tool that will Benefit any Sys Admin

Sponsor: Software Pursuits

Looking for a reliable replication solution to power your data protection, distribution, and sharing? Software Pursuits has been delivering our SureSync replication software to companies worldwide for nearly 10 years and has been providing innovative software solutions since 1975. SureSync allows users to replicate data between servers and PC’s across LAN, WAN, FTP, and TCP/IP connections. Additionally, you can replicate data to Unix, Linux, or Netware operating systems when you can connect to those machines from a Windows PC or Server running SureSync. Advanced features such as real-time replication and synchronization, delta copying, file compression, QoS, and multicasting; ensure replication will be fast and unobtrusive. Protect, recover, share, and distribute files with ease and greater efficiency. Download a free, fully-functional 30-day evaluation.


  • Q. I'm having trouble installing a Microsoft Systems Management Server (SMS) 2003 Management Point on a server. Can you help?
  • Q. How can I collect Group Policy and other Windows Management Instrumentation (WMI)-type information from multiple machines on a network?
  • Q. How can I check the health of my Group Policy Objects (GPOs) in Windows Server 2003?
  • Q. How can I determine which users
  • Q. How can I check whether a user account has certain user properties flags set?

Sponsor: TNT Software

Download a Tool that will Benefit any Sys Admin Are you searching for an affordable real-time monitoring toolset that will support your proactive system management objectives? Start NOW and download ELM Enterprise Manager from TNT Software. Within an hour, you will experience for yourself why ELM is recognized as the tool that will benefit any System Administrator. Before the 30 Day full feature trial is completed, the Monitoring, Alerting and Reporting will have saved you time and provided you the data for prompt corrective action. Be Proactive; and download ELM Enterprise Manager from the link below:


Q. I'm having trouble installing a Microsoft Systems Management Server (SMS) 2003 Management Point on a server.

A. SMS Management Points and Microsoft IIS are closely connected. Often, Management Point installation problems are caused by IIS misconfigurations or problems. When installing a Management Point, you need to ensure the following components are installed or enabled on the server:

  • Background Intelligent Transfer Service (BITS)
  • WWW Distributed Authoring and Versioning (WebDAV)
  • Distributed transaction coordinator (DTC)
  • Task Scheduler
  • Windows Management Instrumentation (WMI)
  • World Wide Web (WWW) Publishing Service

I find an easy way to check whether these components are enabled is to download and install the SMS 2003 Toolkit 2. After you install the toolkit, run the MPTroubleshooter utility. On the utility's Pre-installation tab you can check the correct configuration of the components as the figure shows

Even if MPTroubleshooter finds no errors, Management Points installation problems can still occur. To further investigate, look at the MPSetup.log file in the SMS\Logs folder. (The folder might also contain a MPMSI.log that gives additional information.) You can view the log file in Notepad, or you can use the SMS Trace utility, which is included with SMS Toolkit 2 and makes the log easier to read, as the figure shows.

Sometimes to fix problems installing a Management Point, I've had to uninstall IIS, reboot the server, reinstall IIS, then reenable all the IIS-based services (e.g., Service Locator Point, Reporting Point, Management Point) so that they republish in IIS. Then I perform a SMS reset (Start - Programs - Systems Management Server - SMS Setup - "Modify or reset the current installation."). This reset forces a reinstallation of the SMS Site Component Manager, the SMS SQL Monitor, and the thread components of the SMS Executive and fixes the Management Point problem.

Q. How can I collect Group Policy and other Windows Management Instrumentation (WMI)-type information from multiple machines on a network?

A. Microsoft has a tool named GPInventory that you can use to collect Resultant Set of Policy (RSOP) and WMI information and save it to an XML or text file. You can download the tool at . Double-click the file to install it to the C:\program files\windows resource kits\tools folder (the default).

The tool will display query results in a GUI window. To run a query against machines from Active Directory (AD), choose "Select Computers to target using Active Directory" from the Query menu. This option lets you select an organizational unit (OU) and all member machines are loaded, or read from a text file (one machine name per text file line), to allow more granular selection. After you select the machines, you select the information you want to gather via the "Select Information to gather" Query menu option as the figure shows. Next, select Run Query from the Query menu to begin the collection process and display the results, as the figure shows. You can then export the data to an XML or .txt file via the Results menu. You can also save queries for future execution.

Q. How can I check the health of my Group Policy Objects (GPOs) in Windows Server 2003?

A. You can use Gpotool, which is included in the Windows 2003 Resource Kit tools ( ), to perform a check of the local user's home domain policies. To use the tool, open a command line and type


which, on my machine displays the following sample output:

Validating DCs... Available DCs: Searching for policies... Found 2 policies Policy \{31B2F340-016D-11D2-945F-00C04FB984F9\} Friendly name: Default Domain Policy Policy OK Policy \{6AC1786C-016F-11D2-945F-00C04FB984F9\} Friendly name: Default Domain Controllers Policy Policy OK You can use Gpotool with the /verbose switch to get more detailed information, and you can select a specific domain, domain controller (DC), and GPO by using the /domain, /dc, and /gpo switches, respectively. By default, the tool checks all GPOs on all DCs for consistency between the information stored in AD and the information in the template within SYSVOL. This is a great tool to use to check the general health of your Group Policy environment.

Q. How can I determine which users have the "Password never expires" flag set on their account?

A. You can use the following script, which you can download at to query the userAccountControl attribute of each user to check whether the account is flagged with "Password never expires" setting. Note that some lines wrap because of space limitations:

'listnopwdexpiry.vbs ' John Savill 20 October 2005

Option Explicit

Dim strLdapPath, objConnection, objChild, userFlag Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

' Check whether all required arguments have been passed. If Wscript.Arguments.Count required. For example:" & vbCrLf _ & "cscript listnopwdexpiry.vbs ou=test,dc=demo,dc=test" Wscript.Quit(0) End If

strLdapPath = Wscript.Arguments(0)

Set objConnection = GetObject("LDAP://" & strLdapPath) objConnection.Filter = Array("user")

For Each objChild In objConnection userFlag = objChild.Get("userAccountControl")

if userFlag AND ADS_UF_DONT_EXPIRE_PASSWD then WScript.Echo objChild.Name end if Next

' Close file connection

Wscript.Echo "Operation Completed" Pass the script to the path to the user's container that you want to check by using the following command: D:\Temp>cscript listnopwdexpiry.vbs cn=users,dc=savilltech,dc=com

which displays the following output:

Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

CN=Administrator CN=Clark Kent CN=Emmaline Savill CN=Guest CN=IUSR_SAVDALDC01 CN=IWAM_SAVDALDC01 CN=John Savill CN=SUPPORT_388945a0 Operation Completed

Q. How can I check whether a user account has certain user properties flags set?

A. In the FAQ "How can I check which users have the "Password never expires" flag set on their account?" at, I explained how to look at the userAccountControl attribute to check whether the "Password never expires" flag is set. This attribute also holds flags for other user property settings, which are detailed at You can therefore change the script that I used in that FAQ (and which you can download at by using ADS_UF values that correspond to other user properties. For example, to check whether users have an account setting that prohibits them from changing their password, you would change the line Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000 to Const ADS_UF_PASSWD_CANT_CHANGE = &H0040 and line if userFlag AND ADS_UF_DONT_EXPIRE_PASSWD then to if userFlag AND ADS_UF_PASSWD_CANT_CHANGE then

Events and Resources
(A complete Web and live events directory brought to you by Windows IT Pro: )

  • What Does It Mean to Be Compliant?

  • We've all heard about legal and regulatory requirements, but there are other types of compliance that might also affect you--specifically email compliance. In this free Web seminar, you'll get insights into compliance and policy issues that you need to know about, as well as suggestions on what to look for when implementing

  • Get Ready for the SQL Server 2005 Roadshow in Europe - Get the facts about migrating to SQL Server 2005!

  • SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database-computing environment. Receive a one-year membership to PASS and one-year subscription to SQL Server Magazine. Register now.

  • Get the Maximum Return on Software Investments by Optimizing Every Dollar Spent on Software

  • Inaccurate information about software usage causes many organizations to either overspend and buy licenses they don't use, or underspend and deny some end users access to the software they need. Attend this free Web seminar and get a 5-step plan for quickly implementing a license management program today!

  • Accelerate Time to Recovery with Minimal Data Loss

  • Learn how to meet RPO (Recovery Point Objectives) and RTO (Recovery Time Objectives) with a continuous, or real-time backup system. In this free, on-demand Web seminar, you'll discover how to roll back data to any point in time – not just to the last snapshot or backup!

    Featured White Paper
    (from Windows IT Pro and its partners)

  • Software Packaging Workflow Best Practices

  • Managing desktop software configurations doesn't have to be a manual process resulting in unplanned costs, deployment delays, and client confusion. In this free whitepaper, you'll learn how to manage the software package preparation process and increase your desktop reliability, user satisfaction, and IT cost effectiveness. Download your copy now and discover the value of standardizing the software packaging process.

    (from Windows IT Pro and its partners)

  • Become a VIP Subscriber!

  • Get inside access to ALL the articles, tools, and helpful resources published in Windows IT Pro, SQL Server Magazine, Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security--that's more than 26,000 articles at your fingertips. Your VIP subscription also includes a valuable one-year print subscription to Windows IT Pro and two VIP CDs (includes the entire article database on CD). Sign up now:

  • The Windows IT Security Newsletter

  • We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue features in-depth product coverage of the best security tools available, including expert advice on the best way to implement various security components. Plus, paid subscribers now get online access to our entire online security article database (more than 1900 articles). Order now:

    Contact Us
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

    TAGS: Security
    Hide comments


    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.