Windows Tips & Tricks UPDATE, November 29, 2004, —brought to you by the Windows IT Pro Network and the Windows 2000 FAQ site
http://www.windows2000faq.com
Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.
This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Tips & Tricks UPDATE.
Download a Tool that will Benefit any Sys Admin
http://www.tntsoftware.com/wintipsprinov2904
Free White Paper: Measuring the ROI of Systems Management Software
http://www.argent.com/w/whitepapers_ema.html?Source=WNT
Sponsor: Download a Tool that will Benefit any Sys Admin
Are you searching for an affordable real time monitoring toolset that will support your proactive system management objectives? Start NOW and download ELM Enterprise Manger from TNT Software. Within an hour, you will experience for yourself why ELM is recognized as the tool that will benefit any System Administrator. Before the 30 Day full feature trial is completed, the Monitoring, Alerting and Reporting will have saved you time and provided you the data for prompt corrective action. Be Proactive; and download ELM Enterprise Manager from the link below:
http://www.tntsoftware.com/wintipsprinov2904
FAQs
- Q. How can I check the mode of a server that's running Windows Server 2003 Terminal Services or Windows 2000 Server Terminal Services?
- Q. How can I quickly obtain a list of the domain controllers (DCs) in my Active Directory (AD) domain?
- Q. How can I use a script to uninstall a service pack?
- Q. My client machines have the default administrative shares disabled, but now Microsoft Operations Manager (MOM) and Microsoft Systems Management Server (SMS) aren't working correctly. Can you explain why?
- Q. How can I use Group Policy to control whether the default administrative shares are created?
Commentary
by John Savill, FAQ Editor, [email protected]
This week, I tell you how to check the mode of a server that's running Windows Server 2003 Terminal Services or Windows 2000 Server Terminal Services, how to quickly obtain a list of the domain controllers (DCs) in an Active Directory (AD) domain, and how to use a script to uninstall a service pack. I also explain why Microsoft Operations Manager (MOM) and Microsoft Systems Management Server (SMS) don't work correctly when the default administrative shares are disabled on client systems and how you can use Group Policy to control whether the default administrative shares are created.
Sponsor: Free White Paper: Measuring the ROI of Systems Management Software
Argent delivers what a growing number of enterprises need today: flawless management of Windows, UNIX, and application servers; low total cost of ownership; flexible configuration; scalable architecture; modular products; positive ROI; and outstanding customer support. Every enterprise IT department wants value without sacrificing performance, and that describes Argent's value proposition. To read the entire paper, click here:
http://www.argent.com/w/whitepapers_ema.html?Source=WNT
FAQs
Q. How can I check the mode of a server that's running Windows Server 2003 Terminal Services or Windows 2000 Server Terminal Services?
A. Terminal Services in Windows 2003 and Win2K Server has two modes: Remote Administration mode (known as Remote Desktop for Administration in Windows 2003) and Application mode (known as Terminal Server mode in Windows 2003). Although you can toggle between these modes, doing so will affect the installed applications and will probably cause currently installed programs to be reinstalled.
To determine the mode in which a server is currently running, perform these steps:
- Start the Microsoft Management Console (MMC) Terminal Services Configuration snap-in (Start, Programs, Administrative Tools, Terminal Services Configuration).
- Select the Server Options branch in the snap-in's left pane.
- The configuration options are displayed in the right pane. Take note of the values: Licensing (for a Windows 2003 system) or Terminal Server Mode (for a Win2K Server system).
- Close the snap-in.
If the Licensing or Terminal Server Mode value is Remote Desktop for Administration or Remote Administration, you're limited to two connections (plus a local console in Windows 2003) when you're in Remote Administration mode. If the Licensing or Terminal Server Mode value is Application or Terminal Server, you're in Application mode and in that mode can have multiple concurrent connections, depending on the number of existing licenses.
Q. How can I quickly obtain a list of the domain controllers (DCs) in my Active Directory (AD) domain?
A. You can output a list of all DCs in a domain by running the Nltest command (which is included in the Support Tools) and specifying the /dclist parameter. The following sample command generates a list of all DCs in the savilltech.com domain:
nltest /dclist:savilltech.com
Q. How can I use a script to uninstall a service pack?
A. One of my clients recently had to remove Windows XP Service Pack 2 (SP2) from a system on which it had been accidentally deployed. You can use the following script, Removesp.vbs (which a friend gave me and I modified a bit), to silently remove the service pack (in this case, XP SP2) and reboot the computer. (You can download the script at http://www.windowsitpro.com/content/content/44632/removesp_vbs.zip. After you extract the script, save it as removesp.vbs.)
strComputer = "."
Set WshShell = WScript.CreateObject("WScript.Shell")
Set objWMIService =
GetObject("winmgmts:\{impersonationLevel=impersonate\}!\\" & strComputer
& "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from
Win32_OperatingSystem")
For Each objOperatingSystem in colOperatingSystems
If objOperatingSystem.ServicePackMajorVersion = "2" Then
WshShell.Run
"%windir%\$NtServicePackUninstall$\spuninst\spuninst.exe -u -f", 1,
True
WshShell.Run "%windir%\system32\shutdown.exe -r -f -t 5 -c " &
chr(34) & "Service Pack 2 has been uninstalled from your computer. The
computer will now be restarted." & chr(34)
End If
Next
You can call Removesp.vbs from a standard logon script by using a line of code similar to this:
wscript \\domain\netlogon\script.vbs
You might want to customize the script so that it also checks for the current OS version. As is, Removesp.vbs uninstalls SP2 on any OS for which an SP2 exists. You can use the objOperatingSystem.Version attribute to return a value that identifies the OS. Some common values include
- 5.0.2195: Windows 2000 Server
- 5.1.2600: XP
- 5.2.3790: Windows 2003
For example, to check for the existence of SP2 on only XP systems, you'd change the conditional statement
If objOperatingSystem.ServicePackMajorVersion = "2" Then
to this:
If objOperatingSystem.ServicePackMajorVersion = "2" and objOperatingSystem.Version = "5.1.2600" Then
Q. My client machines have the default administrative shares disabled, but now Microsoft Operations Manager (MOM) and Microsoft Systems Management Server (SMS) aren't working correctly. Can you explain why?
A. The default administrative shares (e.g., C$, D$) must be enabled so that MOM and SMS can function; the applications won't work correctly if these default shares are disabled on clients. To solve your problem, you must enable the default shares on your client systems. For more information about how to configure the creation of the default administrative shares, see the FAQ "How do I stop the default admin shares from being created?"--which provides the registry values you can set to either enable or disable the default administrative shares--at http://www.windowsitpro.com/articles/index.cfm?articleid=14437.
Q. How can I use Group Policy to control whether the default administrative shares are created?
A. In Windows NT system policies, you could control creation of the default administrative shares (e.g., C$, D$) by using a policy setting. However, because Microsoft changed how Windows 2000 and later apply policies, you can't use Group Policy to control default administrative share creation. One method for enabling the default administrative shares for all Win2K and later machines is to create a registry file that contains the settings to enable the default administrative shares to run from a logon script.
Another way to use Group Policy settings to control creation of default administrative shares is to create a custom Administrative Template (.adm) file, which you can copy into your Group Policy Objects (GPOs) and which enables the setting of the registry values. The following sample .adm file, which my colleague Tim Goodrich created, creates a GPO that modifies certain registry settings, which control the creation of default administrative shares.
CLASS MACHINE
CATEGORY !!DefaultShares
POLICY !!DefaultSharesWKS
EXPLAIN !!EnableDefaultShares_Explain
VALUENAME "AutoShareWks"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
KEYNAME "SYSTEM\CurrentControlSet\Services\lanmanserver\parameters"
END POLICY
POLICY !!DefaultSharesSRV
EXPLAIN !!EnableDefaultShares_Explain
VALUENAME "AutoShareServer"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
KEYNAME "SYSTEM\CurrentControlSet\Services\lanmanserver\parameters"
END POLICY
END CATEGORY
\[strings\]
DefaultSharesWKS="Default Workstation Admin Shares"
DefaultSharesSRV="Default Server Admin Shares"
EnableDefaultShares_Explain="Enables default Admin shares"
DefaultShares="Default Shares"
Be aware that this .adm file modifies registry keys that are outside of regular policy areas. Thus, even when you delete this GPO by using the Microsoft Management Console (MMC) Users and Computers snap-in, the registry change will remain in effect permanently.
Hot Release (advertisement)
This free white paper provides an overview of the issues surrounding Windows updates and service packs. Find out how to manage changes to critical system files and settings introduced by patches and service packs, and how to rapidly restore single and multiple machines in the event that they are rendered unbootable, unstable, or incompatible with installed applications. Download now!
http://www.windowsitpro.com/whitepapers/winternals/index.cfm?code=1129TIPS_HR
Announcements
(from Windows IT Pro and its partners)
While the cost of noncompliance can be staggering--including jail time and fines--the number of government regulations and audits continues to mount. Don't miss this free on-demand Web seminar and discover how to address these new government regulations. Discover common tactics to achieve compliance, including how to leverage AD and Group Policy. Register now!
http://www.windowsitpro.com/seminars/securitycompliance/index.cfm?code=1129emailannc
The IT Prolympics competition may be over, but that doesn't mean you have to stop testing your knowledge. Download the free IT Prolympics Active Directory and Group Policy study guide and get those brain cells in shape. Practice your skills by taking the exam and virtual lab tests. Get the free study guide now!
http://www.windowsitpro.com/itprolympics/index.cfm?code=1129emailannc
Download our final chapter, "Security, Auditing, and Logging," and learn 5 key strategies to help you secure your environment before vulnerabilities become a problem, including how to reduce the number of protocols used and how to partition your environment. Plus, start protecting authentication credentials, data transmission, and more. Get the entire eBook now!
http://www.windowsitlibrary.com/ebooks/exchangeserver2003/index.cfm?code=1129emailannc
In this free on-demand Web seminar, we'll expose you to the variety of risks associated with IM-like malware and the disclosure of confidential information and how addressing these risks can be mitigated. You'll learn which risks can be addressed without special IM security solutions and which can't. And you'll receive a list of top requirements to consider when evaluating an IM security solution. Register now!
http://www.windowsitpro.com/seminars/instantmessaging/index.cfm?code=1129emailannc
Events Central
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )
Take control of your workday! If you are supporting 24 x 7 operations by working around the clock instead of 9 to 5, learn how you can benefit from a sound service-management strategy. In this free on-demand Web seminar, you'll learn practical steps for implementing service management for your key Windows systems and applications. Register now!
http://www.windowsitpro.com/seminars/servicemanagement/index.cfm?code=1129emailannc
Contact Us
Here's how to reach us with your comments and questions:
- About the newsletter — [email protected]
- About technical questions — http://www.windowsitpro.com/forums
- About product news — [email protected]
- About your subscription — [email protected]
- About sponsoring UPDATE — [email protected]
This weekly email newsletter is brought to you by Windows IT Pro, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
http://www.windowsitpro.com/sub.cfm?code=wswi201x1z
