Awinish's Technical Blog

Lets continue the journey of learning & Share.!!

Archive for November, 2010

Script to remove Inactive systems from domain

Posted by Awinish on November 11, 2010


Below is the very good script by Richard L. Mueller to find stale computer records in your domain, i used many times for different client & it worked like charm. It can be run on member server too.

You have to modify the script for your requirement like no of days & Domain name where you want to run the script.

The script will disable all the stale computer & move to the OU named as Inactive & later on you check the log file which is created in C drive named as MyFolder.

Test the script on your lab & then use it on your own risk.

Please save the attached script as MoveOldComputers.vbs from Inactive Computers.doc

Before running the script in your domain, create a OU named as Inactive & also create a folder names MyFolder in c drive in the member system you are trying to run the script.

C:\MyFolder

Inactive Computers

Advertisements

Posted in Scripts/Powershell | Tagged: | Leave a Comment »

Advanced Group Policy Management

Posted by Awinish on November 11, 2010


Many of you know about Advanced Group policy Management which offers some really cool additions in previously GPMC tool.

http://www.grouppolicy.biz/tag/agpm/

The various guide for AGPM can be downloaded from below link.

http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=ba69e774-f0d1-4b6d-be81-a8c5f27d1b8a

Posted in Directory Services | Tagged: | Leave a Comment »

Automating Windows Event log

Posted by Awinish on November 11, 2010


I had the situation once, where i was asked to backup the event log on few server & clear it from server to save the space as well as retain log for audit. While, beating my head on the wall, i stumbled to few sites & i found scripts which actually worked for me to achieve my requirements. I have not written below listed VB script, neither confers any rights on it, use it on your own risk.

http://www.scriptinganswers.com/vault/Event%20Logs%20and%20Logging/

http://www.tek-tips.com/viewthread.cfm?qid=1225274&page=1

http://www.enterpriseitplanet.com/resources/scripts_win/article.php/3776106/Backup-and-Clear-Event-Logs.htm

You can use ADM file to configure setting using group policy.

http://mx02.wellbury.com/misc/EventLogPolicy.adm

 

Posted in Scripts/Powershell | Tagged: , | 2 Comments »

Loopback Group Policy Explained

Posted by Awinish on November 11, 2010


Loopback group policy are used to apply user configuration settings on the computer. The loopback policy comes to rescue when you want to apply users configuration settings to the computer irrespective of what what users are login to the particular system.There is two mode basically one is Replace and other Merge mode.  When you select replace mode in the loopback GPO, computer and user configuration configured in that OU will be applied irrespective of the which OU user belongs to and what user configuration GPO has defined in that OU. When you select Merge mode, user and computer configuration configured in the loopback GPO as well as user configuration GPO for the user belongs to the different OU will be applied. In case of conflict user configuration from the loopback GPO will win.

http://social.technet.microsoft.com/wiki/contents/articles/windows-server-understand-user-group-policy-loopback-processing-mode.aspx

Loopback policy is very effective GPO setting, but it requires proper understanding & planning,before it can be implemented in the live environment. I always believe without proper understand or something new to be tried has to go via lab testing else your production environment will become testing environment and can cause serious business loss to the clients. For testing,create a independent lab which can be either using virtual PC or VMware software. Always, test the GPO before applying to the production because reverting the changes requires time and may not be as simple as applying.

Additional references to help you better understand.

http://technet.microsoft.com/en-us/library/cc782810%28WS.10%29.aspx

http://cbfive.com/blog/post/Demystifying-Loopback-Policy-Processing.aspx

http://kudratsapaev.blogspot.in/2009/07/loopback-processing-of-group-policy.html

 

Posted in Directory Services, DNS/DHCP, Group Policy | Tagged: , | Leave a Comment »

Group Policy Best Practices

Posted by Awinish on November 10, 2010


As i was searching on net for some best practices on GPO, i hit the site & i found its worth for sharing with other folks who want to learn & its been written very well..Kudos to writer.

http://www.grouppolicy.biz/2010/07/best-practice-active-directory-structure-guidelines-part-1/

http://www.grouppolicy.biz/2010/07/best-practice-group-policy-design-guidelines-part-2/

Posted in Directory Services | Tagged: | 3 Comments »

Fine Grained Password Policy In The Win 2008/R2

Posted by Awinish on November 9, 2010


Windows 2003 and below supports only single password policy in the domain and it wasn’t possible to configure multiple or different password or account lockout policy for the different set of users or groups within the same domain. The different password policy sometimes force to create different domain if you are hosting AD for the multiple clients due to their requirements. Windows 2008/R2 supports multiple password policy in the domain, which was most requested features in the newest OS. Microsoft heard it & introduced the different password policy in windows 2008 & above called as Fine Grained Password Policy(FGPP).

The requirement for implementing the Fine Grained Password Policy(FGPP) is domain functional level required to be windows at 2008 & above. This means your all the DC in the particular domain where you want to implement FGPP should be running DC’s in windows 2008 & above.

Windows Server 2008 – Fine Grained Password Policy Walkthrough

http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx

Here is the step by step link to configure Windows 2008 Fine Grained Policy.

http://capitalhead.com/articles/step-by-step-guide-to-fine-grained-passwords-in-windows-server-2008.aspx

Tool to manage fined grained password policy using GUI.

http://www.specopssoft.com/documentation/specops-password-policy-basic-documentation

AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

http://technet.microsoft.com/en-us/library/cc770842.aspx

AD DS: Fine-Grained Password Policies

http://technet.microsoft.com/en-us/library/cc770394%28v=ws.10%29.aspx

 

Posted in Directory Services, Group Policy | Tagged: , , | Leave a Comment »