Cover image for Windows Server Hacks

Book description

One of the secrets to the ever-increasing popularity of Windows Server can be found in the simplicity its administration. The easy-to-use GUI, consistent set of tools, and wizards that walk you through complex tasks allow you to install, configure and maintain Windows servers without any knowledge of programming or scripting languages or learning complicated command-line syntax. It's possible, in fact, to accomplish about 90% of all Windows administration without ever opening a command prompt or running a script! But what about the other ten percent of the time? While it's true that most common, day-to-day tasks of Windows administration can be performed from the GUI, it's not always the best way, especially with complex or repetitive tasks Scripts and command-line tools often provide a faster, more flexible approach. Windows Server Hacks reveals techniques that go well beyond basic management tasks found in most handbooks to help busy system administrators master the more powerful features of Windows Server. Windows Server Hacks focuses on scripts and other tools that will make your life as an administrator much easier. These tools, or hacks--quick and dirty solutions to problems, or clever ways of doing things--were created by other professionals who've also had to struggle to find solutions to administering Windows environments. You'll save valuable time using their scripts, tools, tips, and advice. Plus, you can easily learn to customize the scripts to create even more powerful tools for your own, specific needs. The book includes secrets of the masters in such areas as Active Directory, User Management, Group Policy, DNS and DHCP, File and Print, IIS, performance and security. The hundred, industrial strength hacks in the book range from those that deal with general administration to more esoteric hacks in the areas of network deployment, patch management, and backup and recovery. No matter which Windows server you use--NT, IIS, 2000, or 2003--this book will put the knowledge and expertise of veteran system administrators and hackers to work for you. Windows Server Hacks will make your life easier while expanding your understanding of the capabilities of Windows Server.

Table of Contents

  1. Windows Server Hacks
    1. Credits
      1. About the Author
      2. Contributors
      3. Acknowledgments
    2. Foreword: I’m a Sci-Fi freak
    3. Preface
      1. Why Windows Server Hacks?
      2. Getting and Using the Scripts
      3. How to Use This Book
      4. How This Book Is Organized
      5. Conventions Used in This Book
      6. Using Code Examples
      7. How to Contact Us
      8. Got a Hack?
    4. 1. General Administration
      1. Hacks #1-16
      2. Use Run As to Perform Administrative Tasks
        1. How Run As Works
        2. Limitations of Run As
          1. Running programs without an executable
          2. Running programs from network shares
        3. Run As Shortcuts
      3. Drag and Drop to the Run Menu
      4. Find and Replace Registry Keys from a Command Line
        1. The Code
        2. Running the Hack
      5. Automatically Log On After Booting
        1. Manual Configuration
        2. Script Method
        3. Sysinternals Tool
      6. Wait for and Optionally Terminate a Process
        1. The Code
          1. Main routine
          2. Check if process is running
          3. Terminate the process
          4. Wait for process to terminate
        2. Running the Hack
      7. Shut Down a Remote Computer
        1. The Code
        2. Running the Hack
      8. Rename Mapped Drives
        1. The Code
        2. Running the Hack
      9. Execute a Command on Each Computer in a Domain
        1. The Code
        2. Running the Hack
      10. Add, Remove, or Retrieve Environment Variables
        1. The Code
        2. Running the Hack
      11. Extend Group Policy
        1. ADM Files
        2. Hacking ADM Files
      12. Disable EFS
        1. The Problem
        2. The Solution
          1. Disabling EFS for a file
          2. Disabling EFS for a folder
          3. Disabling EFS for a system
      13. Get Event Log Information
        1. The Code
        2. Running the Hack
      14. Shortcut to Remote Assistance
      15. Desktop Checker
        1. The Code
        2. Running the Hack
      16. Top Five Tools
        1. Server Monitor Lite
        2. Lost Password Recovery
        3. Data Replicator
        4. Virtual Network Computing (VNC)
        5. Network View
      17. myITforum.com
        1. History
        2. Scope
    5. 2. Active Directory
      1. Hacks #17-24
      2. Retrieve the List of Old Domain Computer Accounts
        1. The Code
        2. Running the Hack
      3. Automate Creation of OU Structure
        1. The Code
        2. Running the Hack
      4. Modify All Objects in the OU
        1. The Code
        2. Running the Hack
      5. Delegate Control of an OU to a User
        1. The Code
        2. Running the Hack
      6. Send OU Information in Active Directory to an HTML Page
        1. The Code
        2. Running the Hack
      7. Display Active Directory Information
        1. List All Computers in the Domain
        2. Get a List of All Domains
        3. Get AD Site
        4. Find a DC in a Site
        5. List Trust Relationships
      8. Store and Display Contact Information in Active Directory
        1. The Code
        2. Running the Hack
      9. Restore the Active Directory Icon in Windows XP
        1. The Easy Way
        2. The Hard Way
    6. 3. User Management
      1. Hacks #25-35
      2. Search for Domain Users
        1. The Code
        2. Running the Hack
      3. Manage User Accounts in Active Directory
        1. Changing a User’s Domain Password
        2. Changing User Account Names in Active Directory
        3. Unlocking a Windows 2000 Domain Account
        4. Disabling a Domain Account
        5. Setting the Account to Not Expire
      4. Get a List of Disabled Accounts
        1. The Code
        2. Running the Hack
      5. Get User Account Information
        1. The Code
        2. Running the Hack
        3. Hacking the Hack
      6. Check for Passwords that Never Expire
        1. The Code
        2. Running the Hack
      7. Enumerate Group Membership to a CSV File
        1. The Code
        2. Running the Hack
      8. Modify User Properties for All Users in a Particular OU
        1. The Code
        2. Hacking the Hack
      9. Check Group Membership and Map Drives in a Logon Script
        1. The Code
        2. Running the Hack
      10. Script Creation of a User’s Home Directory and Permissions
        1. The Code
        2. Running the Hack
      11. Prevent Ordinary Users from Creating Local Accounts
      12. Put a Logoff Icon on the Desktop
        1. The Code
    7. 4. Networking Services
      1. Hacks #36-47
      2. Manage Services on Remote Machines
        1. Getting Remote Computer Service Information
          1. The code
          2. Running the hack
        2. Changing the Start Mode for a Service
          1. The code
          2. Running the hack
        3. Changing a Service Password
          1. The code
          2. Running the hack
      3. Simplify DNS Aging and Scavenging
        1. Why Scavenge?
          1. DHCP process
          2. DDNS process
        2. How to Use Scavenging
        3. For the Advanced Pack Rat
        4. See Also
      4. Troubleshoot DNS
        1. DNS Troubleshooting Tools
        2. Troubleshooting Common DNS Issues
        3. DNS Newsgroups
        4. DNS Books
      5. Manually Recreate a Damaged WINS Database
        1. Windows NT 4.0
        2. Windows Server 2000/2003
      6. Change WINS for All Enabled Adapters
        1. The Code
        2. Running the Hack
      7. Ensure DHCP Server Availability
        1. Installing Redundant DHCP Servers
        2. Backing Up the DHCP Database
        3. Recovering the Database
      8. Change a Network Adapter’s IP Info
        1. The Code
        2. Running the Hack
      9. Change from Static IP to DHCP
        1. The Code
        2. Running the Hack
      10. Release and Renew IP Addresses
        1. The Code
        2. Running the Hack
      11. Use netsh to Change Configuration Settings
        1. Using netsh
      12. Remove Orphaned Network Cards
      13. Implement Windows 2000 Network Load Balancing
        1. Two NIC Environment
        2. Sample Environment
    8. 5. File and Print
      1. Hacks #48-53
      2. Map Network Drives
        1. The Code
        2. Running the Hack
      3. Determine Who Has A Particular File Open on the Network
      4. Display a Directory Tree
        1. The Code
        2. Running the Hack
      5. Automate Printer Management
        1. CON2PRT
        2. RUNDLL32
      6. Set the Default Printer Based on Location
        1. The Code
        2. Running the Hack
      7. Add Printers Based on Name of Computer
        1. The Code
          1. Perform initial tasks
          2. Determining workstation settings
          3. Adding mappings based on group membership
          4. Setting the IE home page and final message
          5. Connecting to a shared network printer
          6. Mapping a drive to a shared folder
          7. Gathering local group memberships
          8. Gathering global group memberships
          9. Determining if user belongs to a specified group
          10. Gathering basic information about the local system
          11. Determining if the script is running in a terminal server session
          12. Setting up IE for use as a status message window
          13. Using IE as a status message window
        2. Running the Hack
    9. 6. IIS
      1. Hacks #54-61
      2. Back Up the Metabase
        1. Why Back Up the Metabase?
        2. Advanced Backup Settings
        3. Quick Backups
          1. IIS 5
          2. IIS 6
          3. GUI differences between IIS 5 and IIS 6
      3. Restore the Metabase
        1. Manually Restoring a Backup in IIS 5
          1. Restoring without metabase backups
          2. Restoring without a backup on tape
          3. Reinstalling IIS
        2. Manually Restoring a Backup in IIS 6
        3. See Also
      4. Map the Metabase
        1. Logical Structure
          1. Location map for IIS 5
          2. Location map for IIS 6
        2. Physical Structure
          1. XML map for IIS 6
      5. Metabase Hacks
        1. ServerListenBacklog
        2. MaxEndPointConnections
        3. AspThreadGateEnabled
        4. AspProcessorThreadMax
        5. AspAllowSessionState
        6. AspBufferingOn
        7. AspQueueConnectionTestTime
        8. AspScriptFileCacheSize
        9. CacheISAPI
        10. ID 36907
      6. Hide the Metabase
      7. IIS Administration Scripts
        1. IIS 5 Scripts
          1. AdminScripts
        2. IIS 6 Scripts
          1. Creating and managing web sites
          2. Managing the metabase
          3. Managing web applications
          4. Running scripts remotely
        3. Custom Scripts
        4. Where to Find More Scripts
      8. Run Other Web Servers
        1. Disabling Socket Pooling in IIS 5
        2. Disabling Socket Pooling in IIS 6
        3. Other Reasons to Disable Socket Pooling
      9. IISFAQ
        1. My Favorites
    10. 7. Deployment
      1. Hacks #62-68
      2. Get Started with RIS
        1. Requirements for RIS
          1. Hardware requirements
          2. Services associated with RIS
        2. Installing RIS
      3. Customize RIS
        1. Configuring RIS
        2. Predefining computer accounts in RIS
        3. Client Installation Wizard
        4. RIS Custom Installation Wizard
        5. Deploying Windows Images
      4. Tune RIS
      5. Customize SysPrep
        1. Getting Started
        2. Understanding the SysPrep.inf
          1. SysPrepMassStorage
          2. Unattended
          3. GuiUnattended
          4. UserData
          5. Display
          6. Identification
          7. Networking
          8. GuiRunOnce
      6. Remove Windows Components from the Command Line
        1. Running the Hack
      7. Unattended Installation of Windows Components
        1. Running the Hack
      8. Easily Create a Network Boot Disk
    11. 8. Security
      1. Hacks #69-78
      2. Fundamentals of a Virus-Free Network
        1. Awareness
        2. Antivirus Software
        3. Interception
        4. Interception Redux
      3. Antivirus FAQ
        1. Is It Real or a Hoax?
        2. Disabling Antivirus Programs Is Not Enough
        3. Kernel32.exe Has Encountered a Problem
        4. Stinger Tool
      4. Rename the Administrator and Guest Accounts
        1. Some Considerations
      5. Get a List of Local Administrators
        1. The Code
        2. Running the Hack
        3. Hacking the Hack
      6. Find All Computers that Are Running a Service
        1. The Code
        2. Running the Hack
      7. Grant Administrative Access to a Domain Controller
      8. Secure Backups
        1. Using Backup Operators
        2. Restricting Access to Backups
      9. Find Computers with Automatic logon Enabled
        1. Hacking the Hack
      10. Security FAQ
        1. Steps to Computer Security
          1. Consumers
          2. Businesses
        2. Vulnerability Types
        3. Strong Password Policy
        4. How Microsoft Handles Security
        5. Reporting Security Incidents to Microsoft
        6. Reporting Security Incidents to Government Authorities
        7. Getting Government Security Clearance
      11. Microsoft Security Tools
        1. Assessment, Patch Management, and Software Update Services and Tools
        2. Automatic Scan and Update Tools for Windows and Office
        3. Lockdown, Auditing, and Intrusion Detection Tools
        4. Virus Protection and Cleaner Tools
        5. Top Security RFCs
    12. 9. Patch Management
      1. Hacks #79-89
      2. Best Practices for Patch Management
        1. Patch Flavors
          1. Hotfixes
          2. Roll-ups
          3. Service packs
          4. MSRC Ratings System
        2. Strategies for Patch Management
          1. Policy
          2. Process
          3. Persistence
        3. Patch-Management Tools
          1. Windows Update
          2. Automatic Updates
          3. Software Update Services (SUS)
          4. SMS Software Update Services Feature Pack
          5. Third-party tools
      3. Beginners Guide to Enterprise Patch Management
        1. Identifying Vulnerable Systems
        2. Assessing the Business Impact of Patching
        3. Packaging Patches for Distribution
        4. Testing Patches
        5. Evaluating Successes and Failures
        6. Finishing Up
        7. See Also
      4. Patch-Management FAQ
        1. Downloadable Security Updates
        2. Article and Bulletin Search
        3. Email Notification
        4. Old Updates
        5. Updates for Older Operating Systems
        6. MBSA Support
      5. Enumerate Installed Hotfixes
        1. The Code
        2. Running the Hack
      6. Apply Patches in the Correct Order
      7. Windows Update FAQ
        1. Windows Update Information Collection
        2. Personalizing Critical Updates
        3. Clearing the Secure Sockets Layer
        4. Removing Items from Your Windows Update List
        5. Changing Windows Update Schedule
        6. Manually Installing the Windows Update Controls
      8. Obtain Updates via the Windows Update Catalog
        1. Adding the Windows Update Catalog to Windows Update
        2. Downloading Windows Updates from the Windows Update Catalog
        3. Downloading Driver Updates from the Windows Update Catalog
      9. Use Automatic Updates Effectively
        1. Using Automatic Updates
        2. Hacking Automatic Updates
      10. Use Group Policy to Configure Automatic Updates
        1. Some Recommendations
        2. Digging Deeper
      11. Automatic Updates FAQ
        1. Service Still Running After Disabling AutoUpdate
        2. Disabling Critical Update Notification
        3. AU Overrides WU
      12. Software Update Services FAQ
        1. Operating System Support
        2. Active Directory Support
        3. Separating Workstations and Servers
        4. Control Panel Icon
        5. Approving Updates After First Synchronization
        6. Downloading and Testing Updates
        7. Order of Updates
        8. Detecting Connection
        9. Knowing When the Server Is Synching
        10. Cleaning the Updates Directory
        11. Modifying SUS IIS Rights
        12. Analyzing the SUS Log Files
        13. TimeExpire
        14. SUS and Name-Resolution Issues
        15. SUS Feedback
    13. 10. Backup and Recovery
      1. Hacks #90-100
      2. Collect Disaster Recovery Files
        1. The Code
          1. Disaster.bat
          2. ReadList.bat
          3. PassList.bat
          4. ServerList.txt
        2. Running the Hack
          1. Disaster.bat
          2. ReadList.bat
          3. PassList.bat
          4. ServerList.txt
        3. Conclusion
      3. Back Up Individual Files from the Command Line
        1. Creating a .bks file
        2. Hacking the .bks file
      4. Back Up System State on Remote Machines
        1. Configuring Backup on the Remote Machine
        2. Configuring Backup on the Local Machine
        3. Evaluating This Approach
      5. Back Up and Restore a Certificate Authority
        1. Backing Up a CA
        2. Certification Authority Backup Wizard
        3. Restoring a CA to a Working Server
        4. Restoring a CA to a Different Server
        5. Decommissioning the Old CA
      6. Back Up EFS
        1. Backing Up Encrypted Data and EFS Keys
        2. Restoring EFS Keys
        3. Backing Up Recovery Agent Keys
      7. Work with Shadow Copies
        1. Implementing Shadow Copies
        2. Using Shadow Copies
        3. Traps
      8. Back Up and Clear the Event Logs
        1. The Code
        2. Running the Hack
      9. Back Up the DFS Namespace
        1. DFScmd
        2. DFSUtil
      10. Recover with Automated System Recovery
        1. ASR Backup
        2. ASR Restore
          1. Using ASR restore
          2. Hacking the restore
        3. Using ASR
      11. Recovery Roadmap
        1. Windows 2000
          1. Last Known Good Configuration
          2. Safe Mode
          3. Recovery Console
          4. Windows Startup Disk
          5. Emergency Repair Process
        2. Windows Server 2003
        3. Right Tool for the Job
      12. Data Recovery of Last Resort
    14. Index
    15. Colophon