Quickie: New features in new RDP

February 25th, 2013 No comments

Today I connected to Windows 2012 server an notices weird little arrow in the left upper corner (full screen):

New RDP

Maybe this will be usefull for some people. I can use only “Start” 🙂

You can access same Remote commands even not in Full Screen RDP:

New RDP

Enjoy,

Quickie: SCSI sniffer/tracer

February 22nd, 2013 No comments

I was debugging problem with SCSI tape library and I wanted to inspect data on SCSI connection. I found great utility on Symantec website. It’s kinda SCSI command sniffer.

Here you can read how to install it.

Here is manual how to use it.

I hope this works with all SCSI devices and not only those supported by Symantec 😉

Quickie: How to re-create tape library in Symantec Backup Exec

February 22nd, 2013 5 comments

Here is my best practice to re-create tape library under Symantec Backup Exec (I used version 12.5):

  • Delete all tape devices from Symantec
    • You must disable Robotic Library first by unchecking “Enable”

 

Disable Robotic Library

 

    • When it’s disabled you can “Delete” tape Drives and then Robotic Libraries

 

Delete Library

 

  • Uninstall all Symantec drivers using tapeinst.exe
    • In Symantec installation directory look for file tapeinst.exe file and run it.
    • Choose to “Uninstall and remove all Symantec devices…” and run it.

 

Remove Symantec drivers

 

    • There shouldn’t be any tape drives and media changers in Device Manager at this time

 

  • Reboot server

 

  • Install Symantec drivers using tapeinst.exe
    • In Symantec installation directory look for file tapeinst.exe file and run it.
    • Choose to “Use Symantec tape drivers for all supported tape devices” and run it

 

Install Symantec drivers

 

    • Now you should see new devices in Device Manager

 

  • Create new tape devices using hotswap.exe
    • This is really straightforward process without need of any explanation.

 

And you are all done 🙂

Remarks:

Thanks to Róbert Švec for refreshing my memories 🙂

 

Quickie: I really don’t like Antiviruses especially ESET

February 22nd, 2013 No comments

Here is one reason why I don’t like ESET Antivirus:

Fuck the ESET

I don’t think it needs any comments 😀

Here is official website I saw it at.

TrendMicro Worry-Free Business Security debug logs

February 22nd, 2013 2 comments

Problem

Today I was at one customer which recently installed TrendMicro Worry-Free Business Security solution. It’s firewall and anti-* product. Today I noticed there is no free space on C:\ disk. Trend Micro ate 19 GB! The biggest portion of space was located at C:\Program Files\Trend Micro\Security Server\PCCSRV\Log. There were files called ofcdebug-*.log which were about 150 MB of size and there was lots of them. And there new comming and comming 🙂

Solution

Those file are debugging log files. There is really weird way to disable them. In management website you need to click on little small letter “M” in the logo:

TrendMicro Worry-Free

New window appears where you can enable/disable debug logs:

TrendMicro Debuging Log

This is really weird way to set logging by looking for some small letter “M” 🙂

More about it on official site.

Prezentácia BranchCache

February 19th, 2013 No comments

ShowIT-BrachCache_Zilinec

Ak by ste mali nejaké otázky, sem s nimi.

 

Categories: Windows Tags: , ,

Maximum Validity For Certificates

February 19th, 2013 No comments

You can configure expiration period for Certification Template. By default there are default maximum validation periods set to:

  • One year for Stand-alone Certification Authority
  • Two years for Enterprise Certification Authority

This means you have Certification Template set its validity for example for 10 years, but you can enroll certificates with validity 1 or 2 years (Stand-alone / Enterprise Certification Authority).

This can be changed via registry keys described in KB254632.

Thank you for my colleague Róbert Švec.

Quickie: Remove Domain Controller role from Exchange 2007 server

January 29th, 2013 No comments

Last night I removed Domain Controller Role from Exchange 2007 server and we had problem in the morning with Exchange Outlook Web Access (OWA). We couldn’t log in at all. Symptomps:

  • Form based authentification was enabled, but Basic was proposed to clients instead
  • When users logged in they received 440 Login Timeout error

After couple minutes of googling I found this article which solved problem.

IMHO when computer was demoted from domain controller role it created local SAM database and didn’t use domain created accounts IUSR_ComputerName and IWAM_ComputerName.

 

Disable Exclusive Rights for roaming profiles

January 25th, 2013 No comments

When administrators implement Roaming Profiles they define folder where roaming profile should be stored on fileserver. By default file permissions for the newly generated profile are full control for the user, full control to SYSTEM and no file access for the administrators group. You can not access this profiles with administrator account and clean it up. First you had to take ownership and then you can change ACL, but this is not what you want, because owner should be user.

You can fix this in two steps:

New roaming profile folders

You can change default behaviour on new profile folder creation. It can be changed by applying GPO to domain controllers with following setting Enabled:

Change new roaming profile security

Change ACLs for existing profile folders

This will be in couple steps:

  • Download SubInACL.exe
  • Download PsExec
  • Log into fileserver where profiles are stored
  • Run cmd.exe under SYSTEM account by running command

psexec -sid cmd.exe

  •  In new cmd.exe window go into directory where roaming profiles are stored. For example: cd G:\Profiles\
  • Add BUILTIN\Administrators into ACLs of roaming profiles by running following command:

subinacl /subdirectories=directoriesonly G:\Profiles\*.* /GRANT=Administrators=F

Enjoy accessible roaming profile  folders 🙂

 

Quickie: GPO Preferences variables

January 21st, 2013 1 comment

When you want to use system variables in GPO Preferences you can do so. For example: if you want to create folder on user’s desktop called as computer name, you can use variable in New Folder Properties:

 

GPO Preferences for New Folder

If you don’t know what variables you are able to use in Preferences input fields you can press F3 and it will display you a list of variables you can use:

 

List of variables in GPO Preferences

 

I just found info at Microsoft.

Categories: GPO, Microsoft, Quickie Tags: , , ,