Tuesday, August 23, 2005

Server Administration From XP

I've found a really useful tool from Microsoft that enables you to administer the Active Directory from your XP machines using custom consoles.

To do this, you need to first of all install the Windows Server 2003 Service Pack 1 Administration Tools Pack

Then simply create custom consoles (using MMC) and add in the Active Directory snap ins you require. This tool allows you to:

  • Add/Modify Users and Groups
  • Modify Group Policy
  • Modify Ad Objects
and a whole lot more!

Monday, August 22, 2005

Event Id 1054, Event Id 15 and Gigabit problems...continued!

After thinking I managed to combat these errors

Event Id 1517

Gigabit Network Problems

The error still came up on some machines and I've cracked it!

First thing to do is edit your group policy for all the computers in the domain (hopefully you've created one for this and are NOT using the default policy (NEVER mess with the default policy!))

and change this setting:

Computer Configuration\Administrative Templates\System\Logon

Always wait for the network at computer startup and logon ---- Enable this policy!

  1. Secondly on the problematic machine:
  2. type msconfig at the run prompt
  3. On Services, click hide all microsoft services, then click disable all
  4. On Startup, disable all

Now reboot the machine and fingers crossed there should be no instances of event id 15 or 1054

If this is the case, then relaunch msconfig and selectively re-enable the services and startup programs until you locate the problematic services or prog. If however you have had errors, then try using one of the links shown earlier as they should fix the issues.

Please note this fix ONLY applies to computers in an Active Directory environment

M3ckon

Monday, August 8, 2005

ntrights - one hell of a tool

Just found ntrights from the resourse kit for 2003 and is one hell of a good tool!

I was unable to change log on locally permission on specific machines as their settings were comming from the active directory. Anyway after some digging I found ntrights which allows you to change user permissions on specific machines from remote locations....nice!

To see the full list of permissions, look
here

For a sample command, check this:

ntrights -u ftpuser -m backup +r SeInteractiveLogonRight

Monday, August 1, 2005

2003 member server MSDTC issues

Even after SP1 the following event log can still occur on a 2k3 member server:

53258MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\srvrtm\com\complus\dtc\dtc\adme\uiname.cpp:9280, Pid: 576No Callstack,CmdLine: C:\WINDOWS\system32\msdtc.exe

By all acounts it seems to be a known, yet undocumented bug and has a fairly srtraightforward fix:

  1. Got to component services
  2. Properties on my computer
  3. MSDTC
  4. click security settings
  5. click ok

This seems to restart the MSDTC security settings back to their defaults. Then restart the service:

net stop msdtc
net start msdtc

The error will then go away!!!