think tank forum

technology » Windows system administration

asemisldkfj's avatar
13 years ago
r1, link
asemisldkfj
the law is no protection
since this is what I will be dealing with at work for the next couple of years I thought I would make a thread about it so people could share their tips and such, ask questions, or whatever. you know, if anyone actually knows anything about this, because I sure don't.

right now I'm trying to set up a new domain controller with Windows Server 2003. I've got Active Directory all set up, Group Policy looks nice, but I think I'm having some trouble with DNS. my GP settings are not getting applied to the client machine. the client and the domain controller are connected via a crossover cable right now, for simplicity's sake. the DC is 10.0.0.1 and the client is 10.0.0.2.

the client is using the DC for a DNS server (so says ipconfig), but something is not working right. I can ping the netbios name of the DC (rocko), but can't ping the FQDN (rocko.cpl). roaming profiles are working OK, and I'm getting a different error message than I was before, but when I run gpresult on the client I still get

INFO: The user "CPL\brain" does not have RSOP data.


:( any ideas? I am new to DNS.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
this thread is also for me ranting about how much Windows documentation sucks and Windows system administrators (at least the ones who say anything on the web) are morons. everything I find on the web from Windows users seems to be people copying and pasting vbscript without knowing what it's doing; or reinstalling some random Windows component, having everything start working again, and declaring, "problem solved!" without actually having any clue as to what was going wrong in the first place or why it got fixed.

I feel very out of place in this Windows world. granted, Linux and BSD admins have their own share of idiocy, but at least the documentation is there and you kind of have to know what you're doing to at least some extent.

Microsoft's documentation is actually not that terrible, it's just impossible to find what you're looking for most of the time.

and one last thing: experts-exchange.com is the worst website ever.
DaGr8Gatzby's avatar
13 years ago
r1, link
DaGr8Gatzby
Drunk by Myself
Sorry .. Your day is going to suck.
DaGr8Gatzby's avatar
13 years ago
r1, link
DaGr8Gatzby
Drunk by Myself
Every windows admin I've met is an idiot. Pinging 192.168 to try to get a website. What a dumb fuck(oh externally!)
DaGr8Gatzby's avatar
13 years ago
link
DaGr8Gatzby
Drunk by Myself
Windows admin with no Unix experience :)
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
:) good save.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
got it working! the DNS server wasn't listening on the new IP address (10.0.0.1) and instead was listening on the IP address it had on the network it used to be connected to.

now I get to play with Group Policy. fun. not really.
nestor's avatar
13 years ago
link
nestor
nestor
dude windows admin sounds brutal
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
hahaha I hope you all can get some sadistic pleasure out of reading this.

this isn't very much related to system administration, but I was just reading about some new features in Windows 7 and saw this sentence:

Since the ‘90s, the taskbar has always provided some type of visualization to alert the customer to this state such as by flashing the button. A careful balance must be struck between providing information and not irritating the customer.



immediately after this, the Windows Update "do you want to restart now or later?" thing that pops up every so often after you've installed updates flew up from the system tray and I laughed out loud. luckily today I didn't hastily try to get rid of it and click "restart now" by accident. surprising, since I've had to tell it to restart later about twenty times today.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
also, my general impression of Windows in a corporate-ish environment like this is that it is extremely powerful via Group Policy and all that stuff, but it's very painful to set up consistently and smartly. the OS just seems like it has become so complex that even administering things via Group Policy can be cumbersome in the sense that there is no obvious way to remove something like "Printers & Faxes" from the Start menu, or completely disabling a user's access to explorer.exe so they can't even browse the filesystem. I can't imagine what's going on behind the scenes of this shit.
maple's avatar
13 years ago
link
maple
i like large datasets
i did windows admin for years. actually have like 7 or 8 year old MCSE/MCSA/MCP certs laying around somehwere (worthless classes, just took it back then for job opportunities, as I don't have a degree).

group policies can actually do some cool things but you have to understand machine vs user application obviously or things get wierd. plus there are a million little settings that i feel make it brittle. i can definitely see some power trippiun admins turning on all kinds of shit for no reason other than... they can.

also, the main reason i dont like it is the main reason i use bsd's. there is too much going on in the back ground and everything is too complex. everything is easy to click-through and seutp (thats why there are 71757829 windows admins) but most setups i've seen are just 'working' but not 'working properly'. it takes more knowledge to secure and maintain. most plain windows admins that i've met lack that.

sys admins that have used windows/mac/unix and whatever else you want to tack on there i feel are a better admin on all systems just because using different OS's lets you abstract information and understand how things work in general, not just how it works on a single system. same with anything else. using different db engines, webservers, programming languages, etc. use more than one so you get a foundation, then learning the next one is a domain specific thing.

i literally quit windows admining a few months after vista came out. promisisng to never ever use it. maybe 7 will at least make it useable.

that being said: have fun on windows!
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
Group policy can do some great things but troubleshooting some problems can be a pain in the butt. You will use gpresult -v a couple times.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
100% agree with everything you said, maple. those are pretty much all of the impressions I've gotten over the first couple of months. not somewhere I want to stay for very long!

I've used gpresult quite extensively already :).

next on my list of things to do is create a custom ADM to do some power settings in the registry that aren't available through GP. annoying. seems like the most random shit isn't doable with GP.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
today I am playing around with deploying software via Group Policy. like everything else, it seems very powerful in that if you ever got it set up all nice it would be a breeze to configure new machines with fresh Windows installations, but also seems like it could get very very messy with upgrades and such. I'm trying to deploy Adobe Reader to a client machine right now. we'll see how it goes.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
I found an ADM to do power settings once but it wasn't very successful but that was a long time ago. Let me know how the software deployment goes I felt it was easier to just create vb startup scripts to do what I needed.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
it should be pretty simple to make, since there is only one key or string or whatever that needs its value changed.

I've been avoiding vbscript at all costs for some reason, just because it looks horrible to me. the software deployment is actually going pretty well so far. I just set up Adobe Reader all nice with a transform file and stuff so it doesn't create desktop and start menu shortcuts.
 
13 years ago
link
Trent
Since we are on the subject of Group Policy questions, I have a riddle. I think this is a group policy issue, but here is the problem. Students for a school district can't right click in Internet explorer to save images for projects. However, it works in firefox and if you log in as administrator it works in both IE and FF. Anyone have a clue where this setting is, or a possible solution?
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I can take a looksie through Group Policy tomorrow at work and see if I can find anything.
Chiken's avatar
13 years ago
link
Chiken
Don't Let Your Walls Down
here you go trent

http://www.servernewsgroups.net/group/microso … pic78.aspx
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
there it is! :)
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
and this is precisely why Windows documentation sucks.
Chiken's avatar
13 years ago
link
Chiken
Don't Let Your Walls Down
shit, it's even worse trying to figure 2k8 out

2k->2k3 isn't bad, but they fuckin changed everything around in 2k8
 
13 years ago
link
thrawn
Trent if you think it's a GPO causing it, log in as a student & do a gpresult to see what policies are being applied...then log in as admin & do the same to compare & contrast.

go look up the resultant GPOs in your GPMC & see what settings they have configured
Chiken's avatar
13 years ago
link
Chiken
Don't Let Your Walls Down
thrawn, the group policy master!
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
today is a good day! I'm setting up our lone FreeBSD box to authenticate users against Active Directory. it's proven interesting so far. I've gotten FreeBSD to join the domain, and winbind is working, but it's not tying into the system through nsswitch.conf or anything. so wbinfo -u will give me a list of all the Active Directory users, but getent passwd will only list local users instead of local + domain.

after a few hours of wrestling with this I think that I have to recompile samba with ADS support, since our domain controller is set to use Windows 2k3 mode and not mixed mode (for NT client support). I'm not positive though, this is kind of a shot in the dark. the problem seems to be more low-level than this, with nsswitch.conf not seeing the winbind library files or something. will post updates.

I am enjoying my day in the land of Unix documentation and mailing lists, though.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
off-topic question: what compels people to haphazardly move my carefully positioned Firefox window into the middle of the screen? I have it lined up with the top, right, and bottom edges of the screen, and covering about 2/3 of the horizontal screen space. whenever someone uses my computer, they compulsively grab the titlebar and drag it to the middle of the screen, inevitably vertically off-centering it by just enough to obscure either the titlebar off the top of the screen or the status bar behind the taskbar. DON'T MOVE MY WINDOWS!
 
13 years ago
link
Trent
chiken and thrawn thanks for the response. Solved it yet another way, by changing a few things in the registry then pushing it out through GP.
lucas's avatar
13 years ago
link
lucas
i ❤ demo
where do you work, trent?
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
samba recompiled with ADS support, successfully net ads joined, back to winbind!
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I got it working! not sure how. some combination of winbind settings in smb.conf. will post tomorrow.
Chiken's avatar
13 years ago
link
Chiken
Don't Let Your Walls Down
i love that, i dont know what the fuck i did, but its working!
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I might test it out a little bit tomorrow to see which setting it was exactly, haha.

I'm not even sure why I'm doing this; it doesn't really have any direct use for work other than acting as a file server or something. I doubt my boss would be cool with us using it as a production-level server either since she wouldn't know how to administer it.

but hey, my job must be pretty cool if I can do this all day and my boss is OK with it. I needed it after messing with WSUS and IIS all day Tuesday. most frustrating shit ever.

oh, and today I was trying to diagnose a spontaneous reboot on a remote computer and found an event in the system logs about a something or other bugcheck that had created a dump file in c:\windows\minidumps. lo and behold, the dump file is in some format that I have to install some set of tools to read. so I end up having like six windows open on this computer just trying to figure out what this crash was from. so after I installed the dump file reader it gives me a mostly useless log telling me that some ntkernel file or something was the culprit. what a joke.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
also, I still don't understand Kerberos authorization in the least. but it's working. haha.
maple's avatar
13 years ago
link
maple
i like large datasets
For more information on how Kerberos works, and other general Kerberos questions see the Kerberos FAQ at http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html

thats actually a link from the OpenBSD kerberos(8) man page. If they link to it, you know its good.

asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
awesome, thanks for the link.
 
13 years ago
link
Trent
I work for a company in Billings called Pine Cove Consulting
lucas's avatar
13 years ago
link
lucas
i ❤ demo
oh ok cool :)
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
more fun from Windows land:

so I set up folder redirection in Group Policy so that people's desktops would be redirected to \\pdc\Users\username\Desktop. then for some reason I was getting this weird error about Windows not being able to "access the specified device, path, or file" when trying to open shortcuts from the Desktop. I naturally thought that the permissions on the share or the filesystem might not be what they should be. after double-checking these for about an hour, I realized the error only started appearing after logging in on the server box. weird.

I thought it was because I had forgotten to delete the local copy of my profile from the server. nope. I looked at permissions again. nothing. at last, I tried Google. turns out, the fix was in INTERNET EXPLORER OPTIONS. wtf? I mean, I realize that the Desktop was a network share, but that does not mean it should fall under the domain of IE. granted the IE Options are the same as Internet Options from the control panel, but a network shared desktop is not quite what I would call the internet or think to fall under something called internet options.

so I added the name of the server to the trusted sites in IE, and all is well. sigh.
maple's avatar
13 years ago
link
maple
i like large datasets
f'ing windows....
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
Group Policy sucks shit. I'm doing more software deployment. the stuff that I've set up to deploy via batch jobs is better than dealing the the built-in capability. use reg query and reg add a little bit, a couple of if statements, and you're golden. but with the built-into GP software deployment you run into all this weird shit.

so as an example I have Adobe Reader deployed via Group Policy. I wanted it to reinstall so I did Add/Remove Programs on the client machine and uninstalled it. it wouldn't reinstall. it would show up in Add/Remove Programs after a reboot but would not actually be installed. then I read in this Group Policy book that you're never supposed to manually uninstall something that has been deployed with Group Policy (gee, thanks for putting it on the last page of the chapter). so it says to make GP realize that the software is actually uninstalled you have to delete a registry key. so I do that. still won't reinstall. still shows up in Add/Remove Programs but is not actually installed. great. you think they would mark software deployed via Group Policy in Add/Remove programs so you knew not to uninstall it manually or something. or at least document it a little more prominently.

this is like everything in Windows. it's documented somewhere, you just never have any idea where.
maple's avatar
13 years ago
link
maple
i like large datasets
side note: use foxit instead of Adobe Reader. comes in an msi too if you want
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I will look into that.
lucas's avatar
13 years ago
link
lucas
i ❤ demo
foxit isn't great at integrating with other applications in my experience.

je prefere acrobat pro.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
yeah, browser integration is nice.
DaGr8Gatzby's avatar
13 years ago
link
DaGr8Gatzby
Drunk by Myself
I hate Browser integration. I like to move around different PDF's for different purposes.
maple's avatar
13 years ago
link
maple
i like large datasets
Are you using PDFs in some wierd way? You click a PDF link and it opens in the application instead of in that window. Thats worth the difference in 3MB vs 41MB Download. Actually I prefer it.

I hate shit software like that. If you go to sites like oldversion.com you can just see.

Example: http://www.oldversion.com/Nero.html -- Watch how insane the sizes go.

Nero Burning ROM 3.0.2.0 (1.8 MB)
Nero Burning ROM 5.5.10.56 (18.7 MB
Nero Ultra Edition 7.2.3.2 (267 MB)

Srsly?
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
we're using it on public internet access computers.
maple's avatar
13 years ago
link
maple
i like large datasets
oh i meant that for lucas. i just didnt know what the benefit of browser integration was for a pdf reader.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
in my environment, less confusion for users who don't realize that all browsers can not open pdf files in them.
lucas's avatar
13 years ago
link
lucas
i ❤ demo
not having it integrated adds a couple clicks.

i use acrobat pro anyway. i create and edit pdfs constantly.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I'm getting lazy and installing stuff with batch job startup scripts.

if not exist "C:\Program Files\Mozilla Firefox" (goto Install) else (goto :Skip)

:Install
"\\server\Software\Firefox\Firefox Setup 3.0.7.exe" /INI="\\server\Software\Firefox\Default.ini"

:Skip


:/
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I am beginning to not care about my job.
lucas's avatar
13 years ago
link
lucas
i ❤ demo
quit and become a bike messenger.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I told them I would work here for at least two years :[. thinking about still being here a year from now is making me bummed though, so we'll see. if it gets really bad I will quit and go back to school or go on a long bike tour. working in an environment where my responsibilities do not intellectually challenge me makes me very dismissive and cynical, and I don't like being that way.
lucas's avatar
13 years ago
link
lucas
i ❤ demo
you paused your studies?
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
nah, I finished them :). well, my bachelor's at least. paused my ambitions for graduate school in the interest of money and definitively deciding what I want to pursue.
lucas's avatar
13 years ago
link
lucas
i ❤ demo
oh ok. sounds like a good plan. :)
asemisldkfj's avatar
13 years ago
r1, link
asemisldkfj
the law is no protection
we want to deploy network printers by computer, rather than user. this will help us cut down on the number of usernames, so we don't have to create a specific one for a specific location just to get the printers right. we could do this by adding local printer connections and pointing them at an IP port, but we want the convenience of browsing the network for printers and referring to them by their UNC names (\\server\printer) rather than IP addresses.

Small Business Server 2003 R2 is kind of lacking when it comes to printer management via Group Policy. regular Server 2003 R2 comes with the Printer Management Console, which looks nice, but will not run on SBS. :[

this is the solution I've come up with. I have been unable to find any definitive documentation on this elsewhere. I'll post this to my website at some point, but want to document it now since I just figured it out.

the behavior of printui.dll is interesting to say the least. rundll32.exe printui.dll,PrintUIEntry /ga /in /n\\server\printer should add a per-machine (/ga) network printer (/in) connection, but it actually creates the registry key in HKEY_CURRENT_USER. if you swap around the /ga and /in flags and do this: rundll32.exe printui.dll,PrintUIEntry /in /ga /n\\server\printer it will add the printer to HKEY_LOCAL_MACHINE. weird.

it also takes two reboots to have the printer show up for a user. if I add the printer with the latter command via a Group Policy computer startup script, it creates the registry key in HKLM but the printer does not show up in Printers & Faxes for the user, yet. rebooting for a second time will cause the printer to show up for users.

here is the script I am using:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Connections\,,server,printer /v Server
if %errorlevel%==1 (goto AddPrinter) else (goto SkipAddPrinter)

:AddPrinter
echo "Printer added." >> C:\printer.txt
rundll32.exe printui.dll,PrintUIEntry /in /ga /n\\server\printer

:SkipAddPrinter
echo "Skipped adding printer." >> C:\printer.txt
maple's avatar
13 years ago
r1, link
maple
i like large datasets
why not just add the to them print server and set permissions there via AD?
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
adding printers to the print server isn't an issue, it's adding them to the client computers for all users who log in to the client computers. usually a network printer connection gets added per-user, unless you do the wizard like you're adding a local printer and put the IP of the printer as the port the printer is on. we need automation, because a good deal of users are not savvy enough to add the right printer to their computers, realize when it's not the default, etc. etc.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
ozntz

I found an ADM to do power settings once but it wasn't very successful but that was a long time ago. Let me know how the software deployment goes I felt it was easier to just create vb startup scripts to do what I needed.



mind posting some example software install scripts you wrote? I'm trying to learn VBScript right now because I'm tired of batch programming with DOS commands. did you ever do any software upgrades with VBScript?

I'm foreseeing some problems with my batch jobs in the future. right now I'm installing Firefox by just testing if the Program Files\Mozilla Firefox directory exists and installing if it doesn't. for an upgrade I am imagining I might need to test the contents of some file with the version number and install or not based on that. I don't know if VBScript is powerful enough to do this yet, but I'm hoping it is.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
PS - any pointers to good documentation would be appreciated too. everything I'm finding is more geared toward web developers than system admins.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
how does MS get away with the quality of the VBScript documentation they offer? it seriously sucks so much shit. at least for a beginner. what, do I need a book or something to learn this crap? it's just a scripting language. ughhh.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
making progress!

Set WshShell = WScript.CreateObject("WScript.Shell")
on error resume next

WshShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default\")
if Err.Number then
	WScript.Echo "Key does not exist."
else
	WScript.Echo "Key exists."
end if
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
hurrah!

Set WshShell = WScript.CreateObject("WScript.Shell")
on error resume next

' Install TightVNC and run it if registry key does not exist

WshShell.RegRead("HKLM\SOFTWARE\ORL\WinVNC3\Default\")
if Err.Number <> 0 then
	WshShell.Run "xcopy /E /I ""\\rocko\Software\TightVNC\tightvnc-1.3.10_x86 (Server Only)"" ""C:\Program Files\tightvnc-1.3.10_x86""", "0", "1"
end if
Err.Clear

' Ensure existence and accuracy of relevant registry values

RunCommand = WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TightVNC")
if Err.Number <> 0 or RunCommand <> "C:\Program Files\tightvnc-1.3.10_x86\WinVNC.exe" then
	WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TightVNC", "C:\Program Files\tightvnc-1.3.10_x86\WinVNC.exe", "REG_SZ"
end if
Err.Clear

AllowProperties = WshShell.RegRead("HKLM\SOFTWARE\ORL\WinVNC3\Default\AllowProperties")
if Err.Number <> 0 or AllowProperties <> 0 then
	WshShell.RegWrite "HKLM\SOFTWARE\ORL\WinVNC3\Default\AllowProperties", "0", "REG_DWORD"
end if
Err.Clear

AllowEditClients = WinShell.RegRead("HKLM\SOFTWARE\ORL\WinVNC3\Default\AllowEditClients")
if Err.Number <> 0 or AllowEditClients <> 0 then
	WshShell.RegWrite "HKLM\SOFTWARE\ORL\WinVNC3\Default\AllowEditClients", "0", "REG_DWORD"
end if
Err.Clear

AllowShutdown = WinShell.RegRead("HKLM\SOFTWARE\ORL\WinVNC3\Default\AllowShutdown")
if Err.Number <> 0 or AllowShutdown <> 0 then
	WshShell.RegWrite "HKLM\SOFTWARE\ORL\WinVNC3\Default\AllowShutdown", "0", "REG_DWORD"
end if
Err.Clear

' This one is important!
Password = WinShell.RegRead("HKLM\SOFTWARE\ORL\WinVNC3\Default\Password")
if Err.Number <> 0 or Password <> "VALUE" then
	WshShell.Run "reg add HKLM\SOFTWARE\ORL\WinVNC3\Default /v Password /t REG_BINARY /d VALUE", "0", "1"
end if
Err.Clear


the only reason I didn't use RegWrite for the last one is that it doesn't support writing anything more than one integer value to a REG_BINARY value. kind of silly. I'm glad I got this working though. way more flexible than batch jobs.
maple's avatar
13 years ago
link
maple
i like large datasets
success! now that i have succeeded i realized how much i hate windows! :)

just joshin
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
woops, this line

WshShell.Run "reg add HKLM\SOFTWARE\ORL\WinVNC3\Default /v Password /t REG_BINARY /d VALUE", "0", "1"


should be

WshShell.Run "reg add HKLM\SOFTWARE\ORL\WinVNC3\Default /v Password /t REG_BINARY /d VALUE", "0", "0"


otherwise it hangs.
asemisldkfj's avatar
13 years ago
r3, link
asemisldkfj
the law is no protection
I am learning way too much about Windows. I was updating my resume for no good reason yesterday and realized I could add about a million Windows system administration skills that I had no clue about before.

I'm trying to create a domain-level trust between our old 2k server and a new 2008 server, so I have to upgrade the Active Directory schema on the 2k box first. for some reason the schema master role was assigned to a computer that no longer exists, so it wouldn't allow the upgrade and I couldn't change the role to the new server via the Active Directory Schema MMC snap-in. so I had to use ntdsutil on the command line to do it.

ntdsutil
:roles
:connections
:connect to server currentdc.fqdn
:quit
:seize schema master
:quit
:quit


scary stuff!
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
argh, I am stuck between SBS 2003 and Server 2008. SBS 2003 sucks and can not do domain trusts and does not have the handy printer management console for deploying printers. Server 2008 does not have remote administration tools that work in Windows XP, and I am not going to install Vista just for this. we need to order Server 2003 but my boss is out all week! ugh.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
and setting up a server is the only moderately fun thing I could be doing right now.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
why not server 2003 standard?
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
because we need to order it.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
We order 2008 licenses and use 2003

http://www.microsoft.com/windowsserver2008/en … ights.aspx
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
ooh interesting.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
had to remove a domain trust from a Windows 2000 server today. problem was, the trust was with a domain that no longer existed (the domain controller for it had been re-installed). had to use ntdsutil again:

http://support.microsoft.com/kb/230306/EN-US/

however, I was getting an error about a domain controller for the dead domain still existing. I had to delete the non-existant DC from the Active Directory Sites and Services snap-in first.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
now, onto Server 2008!
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
features that should be in Group Policy Management Console:

- compare settings between two or more GPOs
- export selected sections of an existing GPO to a new GPO
- navigate automatically to a setting from the Security settings/Settings tab/page of a GPO

it is totally ridiculous how much of a pain GPMC is to navigate, and it's even more ridiculous that it's pretty much identical in Server 2008.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
Roger that, also loopback mode sucks
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I remember reading about loopback mode a while ago and I vaguely remember what it is. what do you (personally) use it for?
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
one more feature that should exist:

- while editing a GPO, determine if a setting is configured in a higher-up GPO already

this would prevent a lot of redundant crap!!

man I hate Group Policy.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
MS documentation is making me depressed.
asemisldkfj's avatar
13 years ago
r6, link
asemisldkfj
the law is no protection
after way too much effort, I successfully made a custom admx file!

helpful sites:
http://technet.microsoft.com/en-us/library/cc771659(WS.10).aspx
 http://support.microsoft.com/kb/918238/
 
asemisldkfj's avatar
13 years ago
r1, link
asemisldkfj
the law is no protection
what is going on with my pre tags there?
lucas's avatar
13 years ago
link
lucas
i ❤ demo
what do you mean?
asemisldkfj's avatar
13 years ago
r1, link
asemisldkfj
the law is no protection
I'll revert it back to a messed up revision…

there. if I have the closing pre tag on the same line as the hyperlink it acts all wonky.

also, should hyperlinks be autolinked when inside pre tags? the latter link gets autolinked.
lucas's avatar
13 years ago
r1, link
lucas
i ❤ demo
well that's crazy.

it should (attempt to) hyperlink them both if there is whitespace between the pre tag and the url.

 http://technet.microsoft.com/en-us/library/cc771659(WS .10).aspx
 http://support.microsoft.com/kb/918238/  
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
isn't the whole point of preformatted text that it isn't parsed by anything and left untouched? or is it more about preserving the spacing of a monospaced font? I always thought it did the former here because I had never posted multiple URLs inside the tags.
lucas's avatar
13 years ago
link
lucas
i ❤ demo
good question
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
one more example of shitty MS docs: there is a way in Group Policy to assign specific sites to specific security zones. the explanation of the setting in GP and the article about it on Technet both fail to mention whether or not the site entry can be a UNC path. it just says, "a host for an intranet site," so I guess I'll try the hostname of the box instead of the UNC path now. this type of stuff is so fucking annoying.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
yep, still not working. what a piece of shit.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
oh there's also a table on Technet that goes over what the default behavior for each zone is. there is a setting in GP called "Launching programs and unsafe files" that I can enable for the intranet zone (which I'm about to try). for some reason, this isn't listed in the table on Technet so I have no idea what the default behavior for the intranet zone is. arghhhh.

oh, there is the default documented in GP. it says it's enabled by default. sigh.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I want to copy the contents of a directory on my desktop into the Firefox default profile folder:

C:\Documents and Settings\bcurran\Desktop>xcopy "test\*" "C:\Documents and Setti
ngs\%username%\Application Data\Mozilla\Firefox\Profiles\*.default"
test\test.txt
1 File(s) copied


look what happens:

C:\Documents and Settings\bcurran\Desktop>dir "..\Application Data\Mozilla\Firef
ox\Profiles"
 Volume in drive C has no label.
 Volume Serial Number is 404D-57E3

 Directory of C:\Documents and Settings\bcurran\Application Data\Mozilla\Firefox
\Profiles

05/20/2009  02:19 PM    <DIR>          .
05/20/2009  02:19 PM    <DIR>          ..
05/20/2009  10:08 AM    <DIR>          azdfqd9c.default
05/20/2009  10:38 AM                 0 test.default
               1 File(s)              0 bytes
               3 Dir(s)   3,390,636,032 bytes free


it creates a file, test.default in the Profiles directory. is this wildcard behavior weird to anyone else? not exactly what I expected, and I'm not sure how to work with wildcards as I normally would.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
try without the *.default
dannyp's avatar
13 years ago
r1, link
dannyp
dʎuuɐp
Wildcards are really simplified in DOS. I don't think the destination accepts wildcards that will match within that directory like you want. Instead it replaces the wildcarded word in this case, that you used in the source portion of the command at the point that the destination wildcard was placed.

I have two suggestions for making things a bit more abbreviated:

1.
"%APPDATA%\Mozilla\Firefox\Profiles\"

instead of:

"C:\Documents and Setti
ngs\%username%\Application Data\Mozilla\Firefox\Profiles\"

You can check your DOS environment variables similarly to *nix with SET.

2.
Use tab-complete to get the profile directory name instead. This is assuming you don't want to eventually make a script. In the case of the script I think you might want to parse the *.default directory name in a variable and pass it to the XCOPY destination.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
i'm sorry i thought .default was an extension but really its the directory(s) name ex. ea7kumzx.default. I think you will have to make a script to find the directory name and then pass it to a copy command.

Looks like firefox finds the name from the profiles.ini
Application Data\Mozilla\Firefox\profiles.ini
ozntz's avatar
13 years ago
r1, link
ozntz
toooooooooooooooooooooooooooooooooo
cd %appdata%\Mozilla\Firefox\Profiles
FOR /F "usebackq" %i IN (`dir /B`) DO xcopy "\test3" %i

My test3 directory is in the root of the drive. It will write the files to all profile folders in the directory \Profiles
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
I want to make a script, dp :). this is to automate the deployment of a Firefox profile throughout my workplace.

ozntz: that works great! thanks.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
just for fun, here's the custom ADMX and ADML I mentioned:

Cleartype.admx
<?xml version="1.0" encoding="utf-8"?>
<!--  (c) 2009  -->
<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
	<policyNamespaces>
		<target prefix="cleartype" namespace="Microsoft.Policies.WindowsClearType" />
		<using prefix="windows" namespace="Microsoft.Policies.Windows" />
	</policyNamespaces>
	<resources minRequiredRevision="1.0" />
	<policies>
  		<policy name="ClearType" class="User" displayName="$(string.ClearType)" explainText="$(string.Explain_ClearType)" key="Control Panel\Desktop">
			<parentCategory ref="windows:Desktop" />
			<supportedOn ref="windows:SUPPORTED_WindowsXP" />	
			<enabledList>
				<item key="Control Panel\Desktop" valueName="FontSmoothingType">
					<value>
						<decimal value="2" />
					</value>
				</item>
				<item key="Control Panel\Desktop" valueName="FontSmoothing">
					<value>
						<string>2</string>
					</value>
				</item>
			</enabledList>
			<disabledList>
				<item key="Control Panel\Desktop" valueName="FontSmoothingType">
					<value>
						<decimal value="0" />
					</value>
				</item>
				<item key="Control Panel\Desktop" valueName="FontSmoothing">
					<value>
						<decimal value="0" />
					</value>
				</item>
			</disabledList>
    	</policy>
	</policies>
</policyDefinitions>


Cleartype.adml
<?xml version="1.0" encoding="utf-8"?>
<!--  (c) 2009  -->
<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
	<displayName>ClearType</displayName>
	<description>ClearType</description>
	<resources>
		<stringTable>
			<string id="ClearType">Enable ClearType.</string>
			<string id="Explain_ClearType">This setting will enable ClearType.</string>
		</stringTable>
	</resources>
</policyDefinitionResources>
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
yay, script done:

c:

if not exist "C:\Documents and Settings\%username%\Application Data\Staff Firefox Profile Install Log.txt" (goto Copy) else (goto SkipCopy)

:Copy
cd %APPDATA%\Mozilla\Firefox\Profiles
cmd /c for /F "usebackq" %%i in (`dir /B *.default`) do xcopy /E /Y "\\rocko\Software\Firefox\Staff profile" %%i
date /t >> "C:\Documents and Settings\%username%\Application Data\Staff Firefox Profile Install Log.txt"
echo Staff Firefox profile installed via Group Policy >> "C:\Documents and Settings\%username%\Application Data\Staff Firefox Profile Install Log.txt"

:SkipCopy


thanks for the help, ozntz!
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
I like that you write the date to a file. I always write a couple registry keys for my scripts to use run once and version but now I think I should add date.

How many computers do you cover asemisldkjf? You may still want to use appdata in you exist check in case someone installed to a non default drive letter. I found we have a couple computers on D how I don't know lol
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
oh yeah, good point re: appdata for the other paths.

registry keys aren't a bad idea now that I think of it.

on this domain there will be something like 70 computers. we have two other domains which pushes the total up over 300, but probably under 500.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
Anyone ever make a script/program to sync data into an Outlook source?

I need to have an outlook calendar with person appointments and sync an outside data source into the same calendar.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
Well it looks like I'm going to have to visit this sooner then later. The source location for the scheduling information is going to change for our current solution.

Current we have an access script that connects to an odbc pulls the data formats and then uses DataLink for Outlook(http://www.teamscope.com/otherpro/datalink.asp).

New source will not have odbc access but system interface that I will prob get a formatted file output. I Looked for php mapi functions and found one built for Zarafa which is an exchange replacement http://developer.zarafa.com/php-ext/php-ext.html . Build on M$ mapi spec but the one reference I can find for exchange says it is pretty Zarafa specific.

Ideas?
ozntz's avatar
13 years ago
r1, link
ozntz
toooooooooooooooooooooooooooooooooo
this post has been archived.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
WHY IS IE SO SLOW

the text I'm typing in gmail is like unbearably lagging behind my keystrokes. I'm not even doing anything on the computer and I have like four tabs open. the text in the form box on ttf is fine, IE just sucks at ajax or whatever the hell gmail uses I guess. how does MS get away with this bullshit? do they really have programmers that suck this bad or is it all the beuracracy (there's no spell-check in IE either!)?

also, the windows 7 sdk is continually failing to install and I want to kill someone. all I want is Orca, the MSI editor, so I can edit this Java MSI and deploy it.

to top it all off, windows now thinks my USB stick is a "RAW" filesystem rather than fat32 and will not mount it. also will not run chkdsk since it's RAW. and the freebsd boot-only ISO has no useful shell tools. you can get to a shell, but it's totally useless: no filesystem, no binaries, nothing. all I want to do is run an fsck!!

today is annoying.
maple's avatar
13 years ago
link
maple
i like large datasets
this thread always reminds me how happy i am to not be a windows admin anymore. :)
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
so envious. one more year or so.
maple's avatar
13 years ago
link
maple
i like large datasets
till what. whats next for you?
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
in short, applying to grad school for summer 2010, working part-time during grad school, and getting a job teaching afterward. for more detail see my latest post in the plans v thread.
maple's avatar
13 years ago
link
maple
i like large datasets
ha. just happened to read that right after i wrote that.
bluet's avatar
13 years ago
link
bluet
This is the only thread I don't read. I can't take the horrors!
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
Wow i'm searching for a problem and google brought me back here lol

I have a device that DNS works completely. GP are not being applied and gpresult returns no rsop data. UNC \\dc works but \\dc.fqdn.com does not.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
it's always dns :/.

can you ping dc.fqdn.com? or more importantly, it resolves to an IP? I assume that's what you meant by dns working completely.

poke around the dns configuration crap I guess :/. this stuff is such a pain to diagnose because a lot of it is just poking around in configuration dialogs and tabs and stuff.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
yes it does
lucas's avatar
13 years ago
r1, link
lucas
i ❤ demo
> This is the only thread I don't read.

i don't read this thread and the "Gay gene." thread.
nny's avatar
13 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
sysinternals ftw.

wish 2k8 had strace though.
asemisldkfj's avatar
13 years ago
link
asemisldkfj
the law is no protection
ever figure out that problem, ozntz? was there anything in event viewer that you could put into eventid.net ?

I'm doing some serious deployment today of a lot of the stuff I talked about in this thread. as I was developing a lot of it, it was just in a test environment on a new domain we are planning on moving people over to. today and for the rest of the week I think I'll be duplicating a lot of this stuff on an existing domain that we have. pretty exciting, I guess.
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
Nope I haven't figured it out. I think I'm going to try a windows repair and if that doesn't do it reinstall. Problem that sucks is we will have to get the vender to reinstall it because they only will put the software on a "certified install"

Last night I lost 2 of 3 domain controllers and couldn't locate the cause. dcdiag and gpo events showed out of memory errors but no other signs this was an issue. It showed 1GB free physical and good paging memory free. Reboot fixed it for now
ozntz's avatar
13 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
What do you guys do for file services? We currently use a Novell server with a login script that maps drives with 1.4TB in use. I have two weeks to get a test group on windows servers and 50% in four weeks. I'm just planing on using a vb script to map drives to keep shortcuts working. One problem I haven't worked out is what happens if the user signs in off site and then vpn in. Better ideas that I might be able to pull off in my time frame?
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I can not think straight right now so I will not answer your question, ozntz.

I just came in her to say that I can't decide if being bored at work or being frustrated as all hell with MS documentation is better.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
btw windows 2008 is a steaming pile of shit.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
meh, it's working OK for me. no more steaming than 2000. possibly more steaming than 2003.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
changing the source paths of GP software deployment policies by completely redeploying all of the apps. GP makes me want to die. I think I might install the new SMS replacement. SCM or whatever it's called.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I love the way MS labels their CDs. I have three CDs here.

1. Microsoft System Center Ops Manager Server 2007 with SP1 and SQL Server 2005 SP2 Technology (Ops Manager Server 2007 w/SP1)
2.Microsoft System Center Ops Manager Server 2007 with SP1
3.Microsoft System Center Ops Manager Server 2007 with SP1 and SQL Server 2005 SP2 Technology (SQL Server 2005 Standard Edition Service Pack 2)

uhh...what?
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I just found another set of like five or six that is even more ridiculous but I don't want to type them out.
bluet's avatar
12 years ago
link
bluet
Take pictures!
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
good idea!
asemisldkfj's avatar
12 years ago
r1, link
asemisldkfj
the law is no protection
seven SCOM CDs
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I wouldn't have an issue with this if there was a clear place to look for documentation of the differences between these things.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I think the only difference between some of these is that they are CDs vs. DVDs.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
is anyone sensing a theme here?

documentation!

I'm installing SCCM. I got the server installed just fine (but not after using Google pretty extensively, and having it point me to some Technet pages). now I'm trying to install the administrator console on a client computer and got some weird error about needing to be a member of some group or something. why haven't I seen this yet? I looked at the documentation on the SCCM CD, but it was mostly just useless bs.

being an MS server admin is supposed to be like this elite club or something, but it's actually just people who have taken the time to figure out all this stupid shit that isn't documented anywhere obvious or central. if there was a place to look (anyone heard of those things called man pages?) for all this stuff and it wasn't written so terribly, it wouldn't really be that difficult!
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
picture me here talking to the computers about how much they suck
Carpetsmoker's avatar
12 years ago
link
Carpetsmoker
Martin
Yeah, quite a few of the ``Windows people'' at work (i,e, almost everyone) talk about how Free/Open Source software has no support and stuff.
My experience is very different, true, there are badly documented FOSS software packages (*cough* GNU *cough*) and there are also well documented Windows packages, but in general, the FOSS stuff is better documented and with better ``official support'' on mailinstlist, forums, etc. Especially Microsoft does a terrible job, even as a retailer I get next to no support from MS.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
today, this is my quandry:

if I want to support my own computer (Windows 7) with SCCM, I have to install the beta of SP2. I am the only one running Windows 7. if I want to support my computer without installing the SCCM SP2 beta, I should install XP on my computer. if I install XP, I will not be able to remotely administer the 2008 servers.

I really, really, really do not want to install Vista.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
management mscs won't install? i mean xp can ... KINDA work. also remote desktop to the servers themselves... maybe agument with vpn...
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
yeah, there are no remote admin tools for server 2008 that will run on xp. I just installed vista. it's not so bad.

I finally got sccm working perfectly!! I am really pumped. I was having all these issues with deploying the client software. client machines couldn't see the management point and stuff. but after a lot of reading technet and stuff I got it working. yay!
asemisldkfj's avatar
12 years ago
r1, link
asemisldkfj
the law is no protection
this is not supposed to look like a little world-guy but it does and seeing it makes me immensely more happy than a terrible red x
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
now let's see if I can deploy some software with this shit.
lucas's avatar
12 years ago
link
lucas
i ❤ demo
i thought that the thumbnail view had the filename displayed below each thumbnail!

how can i get it to display the filename again?! thanks!

http://cdn.wingedleopard.net/lucas/img/misc/t … bnails.png

i absolutely hate it when technology sucks.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
that's weird. look in the View tab of View Options or whatever it's called.
lucas's avatar
12 years ago
link
lucas
i ❤ demo
i don't see anything there. please assist!
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
hold down shift while opening the folder
lucas's avatar
12 years ago
link
lucas
i ❤ demo
thanks

i happened to reboot since then, which fixed it

p.s. that's a stupid "feature"
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
yeah seriously
ozntz's avatar
12 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
Any one have a simple scriptable ftps(SSL) client?
bluet's avatar
12 years ago
link
bluet
lftp is pretty awesome. Don't know if it works on Windows.
lucas's avatar
12 years ago
r1, link
lucas
i ❤ demo
i took my office desktop computer off of the university's domain! :D

i did it for three reasons:
(1) the windows admin in the itc has an expired self-signed certificate on the domain controller. i asked him to renew it (i mean, it's only self-signed, so it should take him $0 and one minute), but he hadn't last time i checked. i want to use efs. windows won't let me use efs when there is an expired cert in the rsop.
(2) signing on and off is much quicker when not on the domain.
(3) i'm sick of changing my password in accordance with the domain's policy.

/o/
ozntz's avatar
12 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
i found one but it looks like it might be discontinued moveit freely ftp. One of the software download sites still had a valid download and it works great.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
I can't fucking handle this today. I am just staring empty-headedly at a million different shitty Windows tech support forums with like the worst-formatted code ever on them. comments like

' BEGIN COMMENT
' blah blah blah blah blah blah useless information
' END COMMENT

a hundred times in a script that should be ten lines of code.
asemisldkfj's avatar
12 years ago
link
asemisldkfj
the law is no protection
in keeping with the microsoft tradition, iis is the hugest pain in the ass to debug.
nny's avatar
12 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
but but but event monitor...
asemisldkfj's avatar
10 years ago
r1, link
asemisldkfj
the law is no protection
holy shit I forgot how frustrating this is. it's especially so in a relatively fast-paced workplace.
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
hello again, Microsoft.

so has anyone used SharePoint or SharePoint Designer? I'm learning them right now annnnd it kinda sucks.
lucas's avatar
9 years ago
link
lucas
i ❤ demo
Ctrl+A does not select all in many Windows Dialogs with text fields which have a "Select All" menu option. Any idea why?
lucas's avatar
9 years ago
link
lucas
i ❤ demo
asemi: when i worked for RNOW (since acquired by ORCL), we used sharepoint for many things. all i knew is that it was awful software, and i was always complaining to our executive assistants about permissions (they managed their departments' sharepoint). i believe that it wasn't their fault that it was always a mess--my impression was that sharepoint is a mess.

another garbage microsoft business product offering. surprise!
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
that's my impression as well. unfortunately, I have to work with it and advocate for its use :[.

all I've done so far is the equivalent of a sql join between two sharepoint lists. it wasn't fun. I also think there is something wrong with the views selection dropdown on our sharepoint site, because it won't show any views that comprise data view web parts. views that have xlst list view web parts show up fine. arghhhh.
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
pushing out security zone settings for IE and sending an email to the entire staff was a lot of fun. sophos also started quarantining itself (yes, itself) a half hour before I left. then we found a quickly growing thread on their forum re: this exact thing. another all staff email later, I got out by 5:08.

oh and we're doing group policy deployment of java and flash now, thanks to me :))). and oracle for writing so many wonderful exploits into java.
asemisldkfj's avatar
9 years ago
r1, link
asemisldkfj
the law is no protection
oh and our domain ends in .local so every 10.6 mac is beachballing (i.e. eating shit) on login.
ozntz's avatar
9 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
for the ie 0day or just in general?
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
for the zero-day.
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
I looove filtering GPOs by security groups. gotta keep the few remaining systems with unpatched IE restricted! I kind of wish I could spend all day in active directory and group policy.
ozntz's avatar
9 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
I wish anytime to spend on it our needs a lot of updates
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
here we go again:

on error resume next
'!!!CHANGE VERSION IN REGISTRY PATH BELOW TOO!!!
esr_version = "10.0.10"
software_path = "\\asdf\Software\"
set wShell = wscript.createobject("wscript.shell")
set wEnvironment = wShell.Environment("PROCESS")

' Get the hostname for logging purposes
hostname = wShell.regread("HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Hostname")
if err.number <> 0 then
  wscript.echo "Firefox ESR install script failed to read hostname from registry. Please inform IT of this error message."
  err.clear
  wscript.quit
end if

set fileSystem = wscript.createobject("scripting.filesystemobject")
set logFile = fileSystem.opentextfile("\\elrond\special\vblogs\" & hostname & ".txt", 8, true)

'!!!HERE!!!
' This reads the (Default) value under the key
installed_version = wShell.regread("HKLM\SOFTWARE\Mozilla\Mozilla Firefox\10.0.10 (en-US)\")
' If the registry key doesn't exist, i.e., Firefox isn't installed, or the version isn't esr_version, silently run the installer
if err.number <> 0 or installed_version <> esr_version & " (en-US)" then
  exe_path = software_path & "Firefox ESR\Firefox Setup " & esr_version & "esr.exe"
  ' Suppress open file security warnings until after wShell.run command
  wEnvironment("SEE_MASK_NOZONECHECKS") = 1
  return_value = wShell.run("""" & exe_path & """ -ms", 1, true)
  wEnvironment.Remove("SEE_MASK_NOZONECHECKS")
  if return_value <> 0 then
    err.raise(return_value)
  end if
  if err.number <> 0 then
    logFile.writeline(date() & " " & time & " ERROR: Firefox " & esr_version & " install failed on " & hostname & " with error " & err.number)
    logFile.close
    err.clear
    wscript.quit
  else
    logFile.writeline(date() & " " & time & " SUCCESS: Firefox " & esr_version & " install succeeded on " & hostname)
    logFile.close
    err.clear
    wscript.quit
  end if
else
  logFile.writeline(date() & " " & time & " INFO: Firefox " & esr_version & " already installed on " & hostname)
  logFile.close
  wscript.quit
end if
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
apparently in server 2003 there's no such thing as protecting an OU from accidental deletion, so I just deleted an OU with like ten computers in it by accident. it was also ~15 minutes before a two-hour meeting (which luckily was canceled a few minutes later).

ldp.exe to the rescue! typing out distinguished names for all these machine accounts wasn't fun, but they're all restored now. I'm really really lucky I didn't delete an OU with hundreds of users in it.
nny's avatar
9 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
i still to this day will not stand up an active directory server without first tying it to an MIT kerberos cluster.
ozntz's avatar
9 years ago
r1, link
ozntz
toooooooooooooooooooooooooooooooooo
asemisldkfj all 2008 does is add a deny acl for everyone on the OU. Check the advanced options and you can manually add the same acl in 2003. Speaking of I should do this.
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
yeah I was planning on doing that this morning but was way too busy with annoying things. I think I left a security window open on a dc though so I'll remember tomorrow.

nny, doesn't AD do kerberos? why add the mit cluster?
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
oh, and the ldp restore didn't work because some other ldap attribute didn't exist or wasn't set correctly so the machine accounts' passwords weren't restored (I think). so everyone had to unjoin and rejoin the domain anyway.
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
open source software on windows is the worst
nny's avatar
9 years ago
link
nny
M̮͈̣̙̰̝̃̿̎̍ͬa͉̭̥͓ț̘ͯ̈́t̬̻͖̰̞͎ͤ̇ ̈̚J̹͎̿̾ȏ̞̫͈y̭̺ͭc̦̹̟̦̭̫͊̿ͩeͥ̌̾̓ͨ
AD does do kerberos. But if you try to auth against the AD KDC you'll have issues because large numbers of groups will expand the kerb tickets until they are too big to be understood by any real kerberos implementation. Something MIT and heimdal have criticized MS for for years.

But because AD does do kerberos... and passes tickets to all domain joined users and systems... you can do some very useful things with GSSAPI and SPNEGO. Also it can tie into secondary auth systems that rely on kerberos.
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
anyone ever have the pleasure of writing CAML queries? a blog post I'm reading says "essentially it is like SQL in an XML syntax" and it is making me want to cry.
Carpetsmoker's avatar
9 years ago
r2, link
Carpetsmoker
Martin
SQL in XML. rofl.
You sure it isn't xbob? http://thedailywtf.com/Articles/Classic-WTF-We-Use-BobX.aspx
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
is this real? I can't believe the name bobx.
Carpetsmoker's avatar
9 years ago
link
Carpetsmoker
Martin
How should I know? Either way, it's an entertaining story :-)
asemisldkfj's avatar
9 years ago
r1, link
asemisldkfj
the law is no protection
"<Where>
<Eq>
<FieldRef Name=""Account_x0020_name""></FieldRef>
<Value Type=""Text"">" + $p["AccountName"] + "</Value>
</Eq>
</Where>"


:|
asemisldkfj's avatar
9 years ago
r1, link
asemisldkfj
the law is no protection
seen in a powershell script (on some blog, luckily) a couple of days ago:
$semicolon = ";"
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
sharepoint online training this week! this is the most convoluted piece of garbage I have ever used and I am absolutely dreading designing any sort of infrastructure with it or training users on office integration and version control!! at least half of the steps in any process are for the sole purpose of changing stupid defaults or tweaking something trivial that is buried in like five ribbons/menus/links. fuck!
ozntz's avatar
9 years ago
link
ozntz
toooooooooooooooooooooooooooooooooo
I hear every week. Do we have sharepoint? If we had sharepoint we would have project management! We could post content in sharepoint! If we had sharepoint our contractors would be able to access this! Our portal is a pos if we had sharepoint this wouldnt be the case! Isn't sharepoint free? Then why can't we use the free version. Why don't we use sharepoint? I used sharepoint at my last job it was great we put our excel files on it. I bet we could find what we need if we had sharepoint. Who do i ask for license for sharepoint? Can I buy one license for sharepoint? What do you mean sharepoint is expensive? Can't you just budget for sharepoint? If only we had a document management like sharepoint! Then we would find what we need. If we had sharepoint everything would be in one spot. Can't we just deploy sharepoint and the users can set up how they want it? Can we give sharepoint to 5 users that need to share news with everyone in the company? Where do you get these numbers there is no way it costs half a million?

Most of the time now all i say is no and give them a weird look and hope they walk away
asemisldkfj's avatar
9 years ago
link
asemisldkfj
the law is no protection
I wish I could say no. I did this to myself in a way.