Welcome to the NizMoTek Blog

Uncategorized

How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003

In Microsoft Windows 2000 and in Microsoft Windows Server 2003, as an administrator, you can customize desktops by using Folder Redirection. You can redirect the following folders by using Active Directory and Group Policy:

  • Application Data
  • Desktop
  • My Documents
  • My Documents/My Pictures
  • Start Menu

You can find more information about Folder Redirection by searching Windows Help for Folder Redirection.

When you redirect folders to a shared location on a network, users need both read and write access to this location so that the users can read the contents these folders. However, in some scenarios, you may not want to grant read access.

Create security-enhanced redirected folders

To make sure that only the user and the domain administrators have permissions to open a particular redirected folder, do the following:

  1. Select a central location in your environment where you would like to store Folder Redirection, and then share this folder. In this example, FLDREDIR is used.
  2. Set Share Permissions for the Everyone group to Full Control.
  3. Use the following settings for NTFS Permissions:
    • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
    • System – Full Control (Apply onto: This Folder, Subfolders and Files)
    • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
    • Everyone – Create Folder/Append Data (Apply onto: This Folder Only)
    • Everyone – List Folder/Read Data (Apply onto: This Folder Only)
    • Everyone – Read Attributes (Apply onto: This Folder Only)
    • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only)
  4. Configure Folder Redirection Policy as outlined in Windows Help. Use a path similar to\serverFLDREDIRusername to create a folder under the shared folder, FLDREDIR.

Because the Everyone group has the Create Folder/Append Data right, the group members have the proper permissions to create the folder; however, the members are not able to read the data afterwards. The Username group is the name of the user that was logged on when you created the folder. Because the folder is a child of the parent folder, it inherits the permissions that you assigned to FLDREDIR. Also, because the user is creating the folder, the user gains full control of the folder because of the Creator Owner Permission setting.
How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003.

Uncategorized

Microsoft: Windows Server 2008 – recommended dns settings for domain controllers running 2008 server

 
Taken from tek-tips.com to clear up DNS server misconception.
Quote:
 

Primary is local first then any other DNS server second

 
That is actually a very common misconfiguration in DNS servers. The first DNS server listed (aka, primary) should NOT be the server itself. The correct method is to list one or more DNS servers as the primary, secondary, and on the advanced tab, and then add the loopback IP address (127.0.0.1) as the last DNS server in the list. If you run the DNS Best Practice Analyzer it will confirm this.
 
The reason is pretty simple. If you set the DNS server to use itself for DNS lookups then it will never query another DNS server unless its own DNS service isn’t running. That means that it is entirely possible for it to become isolated from the other DNS servers in your environment if it doesn’t have the appropriate records to locate the replication partners, and you’ll never know that anything is wrong until you run into name resolution issues.
Microsoft: Windows Server 2008 – recommended dns settings for domain controllers running 2008 server.

Uncategorized

Making a WinPE CD

Here’s 8 steps to create a bootable WinPE CD:

  1. start “Deployment Tools Command Prompt” as administrator
  2. copype.cmd x86 c:winpe_x86
  3. Dism /Mount-WIM /WimFile:c:winpe_x86winpe.wim /index:1 /MountDir:c:winpe_x86mount
  4. Dism /image:<path_to_image> /Add-Driver /Driver:(Here I put the folder path to the folder with the .inf and .sys files) /recurse (the /recurse causes all the drivers in that folder to be added)
  5. dism /unmount-wim /Mountdir:c:winpe_x86mount /commit
  6. copy c:winpe_x86winpe.wim c:winpe_x86ISOsourcesboot.wim
  7. oscdimg -n -bC:winpe_x86etfsboot.com C:winpe_x86ISO C:winpe_x86winpe_x86.iso (this creates a burnable .iso)
  8. Burn the .iso to CD/DVD.

via Making a WinPE CD with HP SmartArray Raid Drivers « BasementJack.

Uncategorized

Checking disk offset with WMIC and DiskPart (aligning partitions)

It has been well discussed that aligning disk partitions is very critical to achieving maximum performance. It seems that the newer operating systems automatically create aligned disk partitions but I was curious to find out how to determine whether the current partition is aligned. After some googling, I found the following:

wmic partition get BlockSize, StartingOffset, Name, Index

Running this will show the starting offset of each disk and partition.
Running DiskPart and listing the partitions will also show a rounded up value of the offset.
It seems that starting offsets of 1048576 (WMIC) or 1024kb (DISKPART) indicate correctly aligned partitions. The solution for incorrectly aligned partitions seems to be extensive disk tools or basically formatting and realigning the disk.

Uncategorized

Use the Windows Management Instrumentation Command-line to list all installed programs

Windows comes with a command line version of the Management Instrumentation (WMIC).To get the list of all installed programs in a text file, simply enter the following command in a prompt:
wmic product > c:product.txt
To get a list of installed apps on a remote PC you can do the command:
wmic /node:”PC NAME” product list
The results are easily imported into Excel.

Courtesy of Q&A: Dos command to list all installed programs | TechRepublic.

Uncategorized

Dealing with Windows Terminal Services licensing issues

Brian gives a nice overview of Microsoft Server 2008 licensing. I’ll post it here for quick reference because God knows I need it.
Thanks Brian.
Dealing with Windows Terminal Services licensing issues.

There are multiple license requirements for Windows Terminal Services (TS). These requirements vary depending on how TS is used and what version of Windows it is being used on (This article deals with Windows Server 2008).
Available license types
Five types of licenses are available for Terminal Services in Windows Server 2008:

License Function
Windows Server License Every Windows 2008 server requires a Windows Server License. This license allows TS to be used.
Windows Server Client Access License Any computer connecting to a Windows server requires a Client Access License (CAL). Although the basic CAL does not cover TS use, it is still required for general connectivity to the Terminal Server.
TS Device CAL In addition to the CAL, computers connecting to TS require an incremental CAL that is specific to Terminal Services. One option is to use a TS Device CAL. This CAL licenses any device to connect to Terminal Services, regardless of how many users actually use that device.
TS User CAL An alternative to the TS Device CAL is the TS User CAL. This CAL allows one user to connect to Terminal Services from any device.
TS External Connector The TS External Connector license allows external users to connect to Terminal Services. This is a server-level license, and you will have to license each Terminal Server if you provide external connectivity.
Service Provider License The Service Provider License is intended for service providers that offer hosted services to their customers.

Typically, the most cost-effective way to license TS is either TS User CALs or TS Device CALs. Alternatively, you can use a combination of TS User and TS Device CALs should the need arise.

 

Uncategorized

Disconnecting hard drive on Fresco Logic USB 3.0 (Win7x64) on ASUS U36JC

On my ASUS U36Jc-B2B laptop, I’ve been trying to copy large files (>3GB) to my (work’s) Western Digital Passport 3.0 750GB USB drive. However, this always resulted in the drive disconnecting and the copy operation failing. I’ve tried numerous driver uninstall and reinstall with the same result, until I found a post linking to this driver.
This is the 3.5.24.0 version. The latest posted version of this driver on ASUS’s website was 3.0.116.3.
Nonetheless, I can now copy files without the drive disconnecting.
I’m not sure the throughput is 100% as I’ve seen the same drive hit upto 92MB/s on my Intel desktop machine.
Hope this helps anyone out there with similar issues.