Thursday, March 3, 2011

Managing User rights in SCCM 2007

When you want to give some users permission to manage you SCCM 2007 environment, you don’t want to give them full admin rights. With the ConfigMgr User Wizard, you can add users and specify the permissions for this users based on classes and instances.

In this example i’ve added a new user with only permissions to read all the Packages.

1.) Open the System Center Management Console
2.) Navigate to the Site Database, Security Rights, Users, Manage ConfigMgr Users
3.) Add a new user, browse and select the new user
4.) Select “Add another right or modify an existing one”
5.) In this example the user has only the permission to read the packages
6.) Select in the Class box “Package”
7.) Select in the Instance box “(All Instances)”
8.) Finish the wizard

For remote connecting to the SCCM Site Server, you’ve to edit the DCOM security, otherwise you’ll receive an error when you try to open the System Center Management Console.

1.) Go to your SCCM Site Server
2.) From the Start menu, click Run and type Dcomcnfg.exe
3.) In Component Services, click Console root, expand Component Services, expand Computers, and then click My Computer. On the Action menu, click Properties
4.) In the My Computer Properties dialog box, on the COM Security tab, in the Launch and Activation Permissions section, click Edit Limits
5.) In the Launch Permissions dialog box, click Add
6.) In the Select User, Computers, or Groups dialog box, in the Enter the object names to select, in this example: markswinkels
7.) In the Permissions for markswinkels, select the check box to allow Remote Activation
8.) Click OK twice, and then close Computer Management

SCCM_USERS_01 SCCM_USERS_02 SCCM_USERS_03

SCCM_USERS_04 SCCM_USERS_05 SCCM_USERS_06

SCCM_USERS_07 SCCM_USERS_08 SCCM_USERS_09

SCCM_USERS_10 SCCM_USERS_11 SCCM_USERS_12

SCCM_USERS_13 SCCM_USERS_14 SCCM_USERS_15

Continue Reading »
Posted by Admin at 1:46 AM 1 comments

How to: Installing a Windows 2008 Read Only Domain Controller (RODC)

In this article I’m going to set up a Read Only Domain Controller in a Windows 2008 environment. There’s already a writable Domain Controller available in the domain GPO.LOCAL. The first step is to Install a new Windows 2008 Server, in my example it’s a Core Edition. After the installation, you can begin configuring your new server.

– Enter the productkey:
slmgr.vbs -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

– Activate Windows:
slmgr.vbs -ato

– Rename the computer:
Netdom renamecomputer “%computername%” /newname:SRV-RODC01 /reboot:15

– Show all network interfaces:
Netsh interface ipv4 show interface

– Set a static IP address:
Netsh interface ipv4 set address name=2 source=static address=172.16.1.11 mask=255.255.0.0 gateway=172.16.1.1
(make sure that you’re choosing the right network interface. In this example it’s 2, so name=2 it means interface 2)

– Set a static DNS server:
Netsh interface ipv4 add dnsserver name=2 address=172.16.1.10 index=1

– Turn Remote Desktop (RDP) on:
Cscript %windir%\system32\SCRegEdit.wsf /ar 0

– Enable Remote Desktop (RDP) in the Windows Firewall:
netsh advfirewall firewall set rule group=”remote desktop” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)

– Enable Remote Management (RemoteCMD) in the Windows Firewall:
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)Making the unattended.txt:
Copy and past the following test into the new textfile and save this file on the C: drive of the Core Server.
==================================================
[DCInstall]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=********
RebootOnCompletion=No
ReplicaDomainDNSName=GPO.local
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=srv-w2k8dc01.gpo.local
SafeModeAdminPassword=********
SiteName=Default-First-Site-Name
UserDomain=GPO.local
UserName=Administrator
==================================================

Run the DCPROMO
dcpromo /unattend:c:\unattend.txt15)

– Reboot the Domain Controller
shutdown -r -t 0

cs_01 cs_03 cs_04

cs_05 cs_06 cs_07

cs_08 cs_09 cs_10

cs_11 cs_12 cs_13

As you can see, when you make a connection to the RODC, you’re not be able to make any changes to existing users or groups and the option “New” is hidden when you right-click in your environment.

In the next post i’m going to delete a RODC from the environment. (for example if your server is stolen or something like that).

Continue Reading »
Posted by Admin at 1:44 AM 1 comments

How to: Recovering Deleted AD Objects in Windows Server 2008 R2

A new nice feature in Windows Server 2008 R2 is the Active Directory Recycle Bin. Deleted items can be restored without rebooting the Domain Controller(s), restarting the Active Directory Services and even without any backuptapes!! Let’s have a look on that.

The first step is to enable the Recycle Bin feature. Make sure your functional level is Windows Server 2008 R2 and keep in mind that when you enable this feature, you can’t disable this feature anymore!!

1.) Start the  Active Directory Module for Windows PowerShell
Import-Module ActiveDirectory

2.) View the actual settings of the Recycle Bin feature
Get-ADOptionalFeature -Filter { name -like “Recycle*” }

3.) Enable the feature for your Active Directory environment
Enable-ADOptionalFeature “Recycle Bin Feature” -Scope ForestOrConfigurationSet -Target E2K7SP2.LOCAL

4.) View all the deleted Active Directory objects
Get-ADObject -SearchScope subtree -SearchBase “cn=Deleted Objects,dc=E2K7SP2,dc=LOCAL” -includeDeletedObjects -filter { name -notlike “Deleted*” }

5.) Restore the user objects you want
Restore-ADObject -Identity “CN=User01\0ADEL:cc40dfd4-f671-4e90-90cc-3c8a33b18391,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User02\0ADEL:394ec482-5bb2-4131-bdb4-7c92d7193987,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User03\0ADEL:19f1bf8b-0227-486a-bc8d-ca72a342e116,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User04\0ADEL:1b00b1c9-1f1f-4b74-b027-fa88feb4069d,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User05\0ADEL:970b2597-4cf3-4971-87ea-9ada827e376d,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”

6.) With this command you restore all the deleted items (Not Recommended!!)
Get-ADObject -SearchScope subtree -SearchBase “cn=Deleted Objects,dc=E2K7SP2,dc=LOCAL” -IncludeDeletedObjects -filter { name -notlike “Deleted*” } | Restore-ADObject

7.) All deleted Active Directory objects are restored now. Even the group membership of the users are restored!! Cool :D

AD_RCB_01

AD_RCB_02 AD_RCB_03 AD_RCB_04

AD_RCB_05 AD_RCB_06 AD_RCB_07

AD_RCB_08 AD_RCB_09 AD_RCB_10

AD_RCB_11 AD_RCB_12 AD_RCB_13

AD_RCB_14 AD_RCB_15

Continue Reading »
Posted by Admin at 1:44 AM 0 comments

How to: Remove the “Network” from Windows Explorer in Windows 2008 R2

With the following registry key, you can remove the Network from Windows Explorer. Users cannot browse the network anymore.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}]=dword:00000001

Continue Reading »
Posted by Admin at 1:32 AM 0 comments

Exchange 2007 mailbox size script V5

Maybe some of you now, Glen Scales has made a PowerShell script to view the mailbox sizes in an Exchange 2007 environment. You can download this script at his blog Script.

It’s a great script, to overview the current mailboxsizes, items, growth history, quota used. Watch the screenshot below, to see the great script of scripting guru Glen ;)

Continue Reading »
Posted by Admin at 1:31 AM 1 comments

Exchange 2007 Send Mailbox sizes with PowerShell

It could be verry usefull to receive a overview of all the mailbox sizes in your environments every day, week or month. You can see verry quickly when a users mailbox is growing to fast….The easiest way is to automate this, so i’ve made a PowerShell script to do this for me :)

—————————————————–
$body = Get-MailboxStatistics | sort-object -descending totalItemSize | ft DisplayName, @{expression={$_.totalitemsize.value.ToMB()};label=”Mailbox Size(MB)”}, itemcount, lastlogontime | out-string

$From = “administrator@e2k7.local”
$to = “m.swinkels@e2k7.local”
$server = “srv-ex01.e2k7.local”
$subject = “Mailbox overview – srv-ex01.e2k7.local”
$msg = new-object System.Net.Mail.MailMessage $From, $to, $subject, $body
$client = new-object System.Net.Mail.SmtpClient $Server
$Client.Send($msg)
—————————————————–

Copy this script into Notepad and save it as MailboxSizes.ps1. You can schedule this script to run every day, or every week using the following command:

C:\WINDOWS\system32\Windowspowershell\v1.0\powershell.exe -PSConsoleFile “D:\ExchSvr\Bin\exshell.psc1″ C:\Scripts\MailboxSizes.ps1

C:\WINDOWS\system32\Windowspowershell\v1.0\powershell.exe
The path to Powershell.exe needed to run the script

-PSConsoleFile “D:\ExchSvr\Bin\exshell.psc1″
Loads the specified Windows PowerShell console file. To create a console file
(Change the path to the installation path of Exchange 2007 in your environment)

C:\Scripts\MailboxSizes.ps1
The path to the script.
(Change the path where you save the script)

When you try to run the script, you may receive an error “Client was not authenticated”.  You have to add the Exchange 2007 Server to an Relay Connector, so that this server can send e-mail without authentication. If you’ve done this and run the script, you’ll receive the following e-mail.

Continue Reading »
Posted by Admin at 1:30 AM 0 comments

ExInsight, free monitoring and statistics tool

ExInsight is a free monitoring and statistics tool for Exchange 2000/2003/2007 that provides a real-time view of the internals of Exchange Server transactions and allows you to evaluate individual user’s usage of Exchange Server.

This tool is especially useful for Exchange administrators and developers. By using this tool, you can gather real-time data about the users in an Exchange environment and learn more about the inner workings of MAPI, OWA, POP3, IMAP4, NNTP and other protocols.

ExInsight helps you to understand how individual users affect the performance of an Exchange Server, analyze application usage of Microsoft Exchange, and guide troubleshooting of applications that depend on Microsoft Exchange.

ExInsight consists of two tools: Activity Statistics and Transaction Monitor . These tools allow you to monitor users’ activity on multiple Exchange servers from any computer in the network.

Activity Statistics

This tool enables administrators to view statistics about individual users’ consumptions of Exchange Server resources and the users’ actual experiences. Shown on a user-by-user basis, this tool allows you to see the following information:

- Protocols used by the clients (MAPI, OWA, POP3, IMAP or NNTP)
- CPU usage (CPU time, CPU percentage)
- Number of messages sent, received or created
- IP addresses used by the clients (only for MAPI clients)
- Microsoft Office Outlook versions and mode, such as Cached Exchange Mode and the classic online mode

Transaction Monitor

This tool displays a continuous communication between any computer and Exchange Server, helping to guide troubleshooting of applications that depend on Exchange. You can view and log every Exchange Server transaction, applying filters and highlighting to pinpoint trouble areas.

Transaction Monitor shows accounts requesting the data, the names and locations of the objects queried in Exchange, timings and transaction results. This tool also provides simplified summaries and links with detailed diagnostic information for each transaction.

Continue Reading »
Posted by Admin at 1:29 AM 0 comments
IT Howto © Design by Blogger Templates Gallery - Inspired by Daily Blog Tips