Windows Tips

Using the Remote Desktop Client from the Command Prompt

The Microsoft remote desktop client can be found in %systemroot%/system32/mstsc.exe. Running this program with no extensions will bring up the remote desktop connection program. However, mstsc.exe has a full set of switches that can be used to accomplish things from the command prompt.

mstsc.exe {ConnectionFile | /v:ServerName[:Port]} [/console] [/f] [/w:Width/h:Height]

/v - specifies the remote computer and port (optional) you wish to connect to
/console – connects to the console of a Windows Server 2003 based system
/f – starts the remote desktop connection in full screen mode
/w & /h – specifies the width and height of the remote desktop connection

This can be very useful in creating batch files to use as quick routes to machines with a particular group of settings. For instance, mstsc.exe can be called from a batch file enforced by group policy to run at startup for machines that need to connect directly to a terminal server for use.

Windows Tips

To Prevent Users From Accessing The Computer Tab

You may need to prevent your users from accessing the Computer Tab on My Computer property for security or some other reason. There is no any Group Policy setting available to disable this but you can set the permissions on the NetID.DLL file which implements the necessary functions to show this Tab on My Computer property. You need to use the steps mentioned below to do so:

Steps:

• Search NetID.DLL file on the local computer.
• Remove or set the following permissions to hide the Computer Tab.

Administrators - Full Control
Power Users - Read & Execute, Read
System - Full Control

The default NTFS permissions are:

Administrators - Full Control
Power Users - Read & Execute, Read
System - Full Control
Users - Read & Execute, Read 

Note: You can also create a script to deploy the permissions set on NetID.DLL using the Group Policy.

Troubleshootings

How to restore Windows Server 2003 system files

 

Problem:

How to restore Windows Server 2003 system files
How to replace a missing or corrupted system file or driver

Solution:

There are multiple solutions for this:

SOLUTION 1:

Extract the file using the automated System File Checker

1. Click Start > Run
2. In the Run dialog box, type the following text:
   
   sfc /scannow
3. Click OK.
   
   The Windows File Protection dialog box appears and a system scan begins.
   You may have to insert your Windows installation CD.
4. Follow the prompts.

SOLUTION 2:

Use the System Configuration utility to restore a system file(s)

1. Insert your Windows Server 2003 installation disk into your CD drive or DVD drive.
2. Click Start > Run
3. In the Run dialog box, type the following text:
   
   Msconfig
4. Click OK.
5. On the General tab, click Expand File.
6. In the File to restore box, type the name of the file you want to expand.
• Or, to locate the file you want to replace, click Browse File, and then click Open.
7. In the Restore from box, type the path from which to restore the file.
• Or, to locate the source file you want to expand on your Windows Server 2003 installation disk, click Browse From, and then click Open.
8. If the Save file in box is not already populated from step 4, type the path to which you want the file to be restored.
• Or, to locate the destination folder you want to expand the file into, click Browse To, and then click OK.
9. Click Expand.

SOLUTION 3:

Use Expand.exe at a command prompt to restore a system file(s)

1. Insert your Windows Server 2003 installation disk into your CD drive or DVD drive.
2. Click Start > Run
3. In the Run dialog box, type the following text:
   
   cmd
4. Click OK.
5. In the command prompt type the following:
   
   cd\
6. Press ENTER.
7. At the command prompt, type:
   
   expand -r
   
   Where is the path to the file that you want to expand on the Windows Server 2003 installation disk, and is the path to the location where you want to save the file,

• EXAMPLE:
  expand –r D:\i386\sfc.dl_ %systemroot%\system32
• Press ENTER.

SOLUTION 4:

Use Expand.exe at from the run line to restore a system file(s)

1. Insert your Windows Server 2003 installation disk into your CD drive or DVD drive.
2. Click Start > Run
3. In the Run dialog box, type the following text:
   
   expand -r
   
   Where is the path to the file that you want to expand on the Windows Server 2003 installation disk, and is the path to the location where you want to save the file,
• EXAMPLE:
  expand –r D:\i386\sfc.dl_ %systemroot%\system32
• Press OK.

Windows Tips

How to Unhide My File and Folder Caused by Virus

I. Sometimes this infection can be solved by:

• Going to Windows Explorer
• Tools menu
• Folder Option
• View Tab
• Choose “Show Hidden Files and Folders”.
• If the files will show up, simply change the properties of the files/folders. Uncheck the “hidden” checkbox and the files will show again just like before.

II. If the above doesn’t work, and your files are still hidden, do this one that will surely work.

• Go to the command prompt.
• Go to the drive where your hidden files are located.
• Type the following: attrib -s -h /s /d *.* (this will unhide all your files that have been hidden by the virus) i.e. F:\> attrib -s -h /s /d *.*

Windows Tips

What is lsass.exe:

The process lsass.exe serves as the Local Security Authentication Server by Microsoft, Inc. It is responsible for the enforcement of the security policy within the operating system. This process checks whether a user’s supplied identification is valid or not whenever he or she tries to access the computer system.

With the execution of the file lsass.exe, the system acquires security by preventing the access of unwanted users to any private information. The file lsass.exe also handles the password modifications done by the user.

The process lsass.exe mainly operates in the system through its ability to create access tokens. These tokens encapsulate the file’s security descriptor, which contains the necessary information to process user authentication such as data on which user holds access to the system and whether the access is mandatory or discretionary.

What is ntfrs.exe: 

ntfrs.exe is process belonging to Windows. It is used to maintain file synchronization of file directory contents among multiple servers. This program is important for the stable and secure running of your computer and should not be terminated.     

Note:-lsass.exe & ntfrs.exe is a system process that is needed for your Windows system to work properly. It should not be removed. 
 

Windows Tips

1-) How to rebuild the Windows boot.ini.

Users who have a corrupt or missing boot.ini file, are running Microsoft Windows XP, and have a Microsoft Windows XP CD can rebuild the systems boot.ini file by following the below steps.

1. Insert the Microsoft Windows XP CD into the computer. Note: If you have a system recovery CD or restore CD (not a Microsoft CD) these steps will likely not work for your computer.
2. Reboot the computer with the CD and press any key when prompted to press any key to boot from the CD.
3. Once in the Microsoft Setup menu press R to open the recovery console.
4. Select the operating system you wish to use; if you only have Windows XP on the computer you will only have one prompt.
5. Once prompted for the password enter the Admin password and press enter.
6. Once at the command prompt type bootcfg /rebuild to start the rebuild process.
7. The rebuild process will step you through a number of steps depending upon how many operating systems you have on the computer and how the computer is setup. Below is a listing of the common steps you are likely going to encounter.
   
   * Prompt for the identified versions of Windows installed. When you receive this prompt press Y if the bootcfg command properly identified each of the Windows operating systems installed on the computer. It is important to realize this command will only detect Windows XP, Windows 2000, and Windows NT installations.
   
   * Prompt to enter the load identifier. This is the name of the operating system for the boot.ini. For example, Microsoft Windows XP Home users would enter Microsoft Windows XP Home edition.
   
   * Prompt to Enter OS load options. When this prompt is received type /fastdetect to automatically detect the available options.

Once you have completed all the available options in the rebuild and are back at the prompt type exit to reboot the computer.

2-)To configure the boot.ini file through CMD:

1. Open a command window and navigate to the root of the boot directory.
2. Type the following text at the command line.

3.           C:/>attrib -s -h -r boot.ini

This procedure removes the system, hidden, and read-only attributes of the file.

4.      C:/>boot.ini edit

5.      file will open in notepad and now u can modify boot.ini file.

Firewall on Servers

Windows Firewall: DNS server

Add UDP port 53 and TCP ports 53, 139, and 445 to the Windows Firewall exceptions list.

Windows Firewall: DHCP server

Add UDP ports 67 and 2535 to the Windows Firewall exceptions list on the DHCP server.
Important:
When you create a Windows Firewall exception for the DHCP protocol on a DHCP server, you must set the scope for the exception to Any computer including those on the Internet. If you leave it set to My network (subnet) only, all inbound DHCP Discover packets from client computers are dropped because the IP address of the packet is 0.0.0.0, which is not recognized by the computer as being part of the local subnet. This causes the DHCP process to fail and clients do not receive IP addresses.

Windows Firewall: File server

Enable the File and Printer Sharing exception in Windows Firewall.

Windows Firewall: Print server

Enable the File and Printer Sharing exception in Windows Firewall.

Windows Firewall: Remote access/VPN server

Turn off Windows Firewall. Stop the Windows Firewall/Internet Connection Sharing (ICS) service.

Windows Firewall: Remote installation server

Add TCP ports 139 and 445 to the Windows Firewall exceptions list.
Add UDP ports 67, 69, and 4011 to the Windows Firewall exceptions list.

Windows Firewall: FTP server

Add the port used for incoming FTP traffic to the Windows Firewall exceptions list. This is usually TCP port 21.

Windows Firewall: SMTP server

Add the port used for incoming SMTP traffic to the Windows Firewall exceptions list. This is usually TCP port 25.
For Secure Sockets Layer (SSL) requests, add TCP port 465 to the Windows Firewall exceptions list.

Windows Firewall: Telnet server

Add TCP port 23 to the Windows Firewall exceptions list.

Windows Firewall: Terminal server

Enable the Remote Desktop exception in Windows Firewall.
If Terminal Server and Terminal Server Licensing are running on separate computers, add TCP port 135 to the Windows Firewall exceptions list.

Windows Firewall: SNMP server

Add UDP port 161 to the Windows Firewall exceptions list.

Windows Firewall: Web server

Add the ports used for incoming HTTP and HTTPS traffic to the Windows Firewall exceptions list. These are usually TCP port 80 and TCP port 443, respectively.

Troubleshootings

Dnscmd.exe: (DNS Server Troubleshooting Tool)

Example 1: Display a complete list of zones on a DNS server

To see a complete list of zones on your DNS server, type:
dnscmd reskit.com /enumzones

Example 2: Display the RecursionTimeout setting from a DNS server

To display the RecursionTimeout setting from a DNS server, type:
dnscmd reskit.com /info recursiontimeout

Example 3: Delete a zone from a DNS server

To delete the test.reskit.com zone from a server, type:
dnscmd reskit.com /zonedelete test.reskit.com

Example 4: Export zone resource records list to a file

To export the resource record list from the test.reskit.com zone on the reskit.com DNS server, type:
dnscmd reskit.com /zoneexport test.reskit.com test.reskit.com.dns

Example 5: Display RefreshInterval setting from the registry

To display the values in the RefreshInterval entry in the registry, type:
dnscmd reskit.com /zoneinfo test.reskit.com refreshinterval

Windows 2003 support tools

Replmon

http://www.mcmcse.com/microsoft/guides/replmon.shtml

What is Replmon.exe?
Replmon is the first tool you should use when troubleshooting Active Directory replication issues. As it is a graphical tool, replication issues are easy to see and somewhat easier to diagnose than using its command line counterparts.

Symptoms of Replication Faults

• Failure to extend the schema – The Active Directory schema has to be extended for many reasons. Two of the most common are:
• When installing an Exchange 200x server (by running setup.exe /forestprep and /domainprep)
• When adding a 2003 Domain Controller to a Windows 2000 Active Directory network (by running adprep /forestprep and /domainprep).

If there is a replication issue with any of the domain controllers on the Schema partition, the Schema will not allow any extension.

• Failure to DCPromo a new Domain Controller – When installing a new Domain Controller, the wizard waits until Active Directory is fully synchronised before continuing. Replication issues would cause this to hang at this point. (Although it can be forced to wait until later, this would only put off the problem).
• Installation of Active Directory aware software – Software that creates a new user account per network or writes to the Active Directory could fail or produce ambiguous errors when replication issues exist on the network.
• Any recent warnings or errors in the File Replication Service log in Event Viewer
• Any recent NTDS Replication Errors in the Directory Service log in Event Viewer

How to Use Replmon

To use Replmon logon to a Domain Controller, select Start|Run, type Replmon, and click OK. You will be presented with the following screen:

Right click on the Monitored Servers icon and select Add Monitored Server...

Select the Search the directory for the server to add radio button.

Ensure the correct domain populates in drop down list, and click Next.

Select an appropriate server from the list of Domain Controllers…

• If you know you are experiencing issues with a particular domain controller, choose that server.
• If you are checking general replication, or are not sure where the fault lies, choose the Forest Root.
• On larger networks, you will need to choose more than one server depending on the replication topology.
• (For information on viewing the replication topology, see Appendix A) …and click Finish.

If your Active Directory contains only Windows 2000 domain controllers, you will see three Directory partitions.

If your Active Directory Forest Root is Windows 2003 you will see five Directory partitions.

By expanding the + on each directory partition you will be able to see each of the server’s replication partners. Selecting one on the left shows the last replication attempt in the right hand pane.

If there are any replication issues the partitions on the domain controller the server cannot replicate with will show a red x.

Highlighting one of the problem replication partner servers will then show more verbose error messages in the logs pane explaining why it could not replicate.

Troubleshooting Replication Issues

Step 1: Check validity of replication partners
Perhaps an obvious step, but there can be replication issues when there are servers present in the replication topology that are no longer connected to the network. Look for replication agreements with non-existent servers, servers that have been forcibly removed from the domain or are simply turned off.

Step 2: Force replication
The last scheduled replication attempt could have failed for unaccountable reasons, but the failure cause may no longer be an issue. Get an accurate current understanding of the situation by right clicking on the replication partner server in each of the partitions and selecting “Synchronise with this Replication Partner”.

Then refresh the Tree view by pressing F5. Re-check the replication status in the right hand logs pane.

Step 3: General IP checks
Doesn’t matter if you’ve done them, do them all again now! From a command prompt:

• Can you ping the IP address of the destination server? e.g. Ping 192.168.3.201
  If not: The issue will either be hardware (cable, switch, NIC, check all physical connections) or incorrect configuration of a server’s (either destination or host server) IP details. Check the NIC’s IP address and Subnet Mask.
• Can you ping the netbios name of the destination server? e.g. Ping Replicadc1
  If not: The issue will be a name resolution issue. Check there is an A host entry in the domain’s Forward Lookup zone. Check the NIC IP properties and ensure the Forest Root IP is entered as the Preferred DNS Server.
• Can you ping the FQDN of the destination server? e.g. Ping Replicadc1.RMTDS.Internal
  If not: The issue will be a DNS issue. Check as above, also check the NIC’s IP Advanced Properties and ensure the correct DNS Suffix is being used. Open the DNS admin console and ensure there is a populated Forward Lookup zone for the domain.
• Can you reverse lookup the IP of the destination server? e.g. Ping –a 192.168.3.201
  If not: You have a reverse lookup zone issue. Open the DNS admin console and check for the existence of a Reverse Lookup zone per Class C IP range. e.g.
  
  10.0.0.x Subnet
  10.0.1.x Subnet
  
  Check there is a valid PTR record for each of the Domain Controllers in the relevant Reverse lookup zone.

Appendix A – Other Replmon functions

By right clicking the server you have selected to view Replication agreements from, you will see a range of options. A few of them are detailed below.

Update Status – This will recheck the replication status of the server. The time of the updated status is logged and displayed in the right hand pane.

Check Replication Topology – This will cause the Knowledge Consistency Checker (KCC) to recalculate the replication topology for the server.

Synchronize Each Directory Partition with All Servers – This will start immediate replication for all of the server’s directory partitions with each replication partner.

Generate Status Report - Creates and saves a verbose status report in the form of a log file.

Show Domain Controllers in Domain – will show a list of all known Domain Controllers.

Show Replication Topologies - will show a graphical view of the replication topology. Click View on the menu and select Connection Objects only. Then right click each server, and select Show Intra/Inter-site connections.

Show Group Policy Object Status – shows a list of all the Domain’s Group Policies and their respective AD and Sysvol version numbers.

Appreciating the Scope of Replmon

Unlike other Windows Server 2003 tools where you can practice on just one Domain Controller, with Replmon you need two Domain Controllers to see any action.  In fact the more Domain Controllers you add, the more you appreciate the clever ways in which replication functions.  Best of all, if you have a multi domain forest, then you can trace the differences between domain and forest topologies.  Theory says that all domain controllers in the forest share the same schema, with Replmon you can actually see the one Schema ring containing every domain controller.  Contrast the Schema ring with domain ring which has a separate ring topology for each domain.

My advice is to begin by right clicking the ServerName object, from the resulting drop down menu select, 'Show Replication Topologies'.  As well as viewing how all the domain controllers are linked, this example shows the value of right-clicking on any object that you meet.  At first it seems as thought there is nothing to see, but if you click on the View Menu, Connection Objects only, then all Domain Controller appear.

 

 Hmm.... still no sign of the replication links.  Let us try another right click, and select 'Show Intra-Site Connections'.  At this point I pay attention to detail.  I remember that Intra means within, whereas Inter is like Inter-City and means between.  What you should now see is topology links between all the Domain Controller.  Incidentally, the word 'Site' reminds us that to begin with, we are investigating just the Default-First-Site, in a production network there may be multiple sites.

If you have 5 or more servers in the ring, you may consider right clicking and adding extra links to speed up replication; this is particularly true for Windows 2000 networks where latency is much longer than Windows Server 2003.

You can use ReplMon to do the following:

• See when a replication partner fails.
• View the history of successful and failed replication changes for troubleshooting purposes.
• View the properties of directory replication partners.
• Create your own applications or scripts written in Microsoft Visual Basic Scripting Edition (VBScript) to extract specific data from Active Directory.
• View a snapshot of the performance counters on the computer, and the registry configuration of the server.
• Generate status reports that include direct and transitive replication partners, and detail a record of changes.
• Find all direct and transitive replication partners on the network.
• Display replication topology.
• Poll replication partners and generate individual histories of successful and failed replication events.
• Force replication.
• Trigger the Knowledge Consistency Checker (KCC) to recalculate the replication topology.
• Display changes that have not yet replicated from a given replication partner.
• Display a list of the trust relationships maintained by the domain controller being monitored.
• Display the metadata of an Active Directory object's attributes.
• Monitor replication status of domain controllers from multiple forests.

ReplMon Examples:

Example 1: Generate a status report for a server

In this example, you use ReplMon to create a log file that records replication events for an individual server. This data is used to troubleshoot possible replication errors in the forest or domain.

To create the log file

1. In ReplMon, select the server in the Monitored Servers section of the window.
2. On the Action menu, select Server, and then click Generate Status Report. The Save As dialog box appears.
3. In the Save As dialog box, type a name for the log file to generate, (optionally) select a new path for the file, and then click Save.
   
   The Report Options dialog box appears.
4. In the Report Options dialog box, select the type of information to be logged.
5. To save the log file and return to ReplMon, click OK.

Notes

• If a log file is given the same name as an existing log file, ReplMon replaces the existing log file without a warning. To avoid this, incorporate the current date in your naming scheme.
• To set the default path, on the View menu, select Options, and then use the General tab of the Options dialog box.

Example 2: Display the replication topology for a server

In this example, you use ReplMon to display replication partners of a server, which graphically represents the replication topology.

To display replication partners

1. In ReplMon, select the server in the Monitored Servers section of the window.
2. On the Action menu, select Server, and then click Show Replication Topologies.
   
   The View Replication Topology window appears.
3. In the View Replication Topology window, on the View menu, click Replication Topologies.
4. In ReplMon on the Options menu, click Report.

Example 3: Display pending replication changes

Each domain controller keeps a record of the last changes received from other domain controllers by using the Update Sequence Number (USN) of the replication partner. In this example changes have occurred on the replication partner and the Active Directory replication process has not propagated those changes to the monitored server. You can use ReplMon to show what objects have changed and therefore need to be replicated to the monitored server. This is done on a per-directory partition basis.

To show what objects have changed

1. In ReplMon, expand a server to display the list of directory partitions.
2. Expand and select the replication partner within the directory partition for which you want to view unreplicated changes. Only objects that have changed within the directory partition are displayed.
3. On the Action menu, click Replication Partner, and then select Check Current USN and Unreplicated Objects.
   
   A separate window opens. Detected changes are displayed and can be saved to a text file. If no changes are detected, a message box informs you of the current USN on the replication partner and that all changes have replicated to the monitored server.

Example 4: Synchronize directory partitions

In this example, you use ReplMon to force a replication event between two directory partitions. By default, directory partitions on servers periodically synchronize with each other. Manual synchronization is necessary only if the network or a server is down for an extended period of time.

To manually synchronize two directory partitions

1. In the Monitored Servers pane of ReplMon, select the server that needs to be brought up to date.
2. Expand a directory partition.
   
   A list of replication partners for that directory partition appears.
3. Select the directory partition that needs to be synchronized.
4. On the Action menu, click Synchronize with this Replication Partner.
5. In the dialog box that appears, select any additional parameters for synchronization, then click OK to continue with the synchronization.

Notes

• This method works only with direct replication partners.
• This method synchronizes only one directory partition at a time. To synchronize all directory partitions at once, on the Action menu, click Server, and then click Synchronize Each Directory Partition with All Servers.