Sunday, November 7, 2010

Windows VISA and 7 on a 2003 domain.

Just added a windows 7 or Vista system to your 2003 domain? Well if you use scripts to map your network drives you will find that none of these network drives are available to the user after login. This is because the new security settings in windows make the user run as a normal user and not as an administrator.

To show how this works. Log onto a system that is experiencing this problem with this misery mapped drive. Now click on the start button and type in notepad. Before running it right click the notepad program that appears in the search results and right click on it. Run as administrator and notepad will open. Now click on File and open and browse to Computer and you will notice your hidden mapped drive is now available. This mapped drive mapped correctly but only works under the administrators' portion of the account not under the user.

Strange!

Well, personally I recommend getting 2008 server and using the new map drive options and stuff. But if you can't do that then simply modify the settings on your vista, win7 box so the user account can see the mapped drives. The following is the changes that you will need to make.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001

Let me know if this helped someone out or not.

2003 and 2008 server fails to restart.

Some of you may have experienced an issue where Windows Server 2003 and 2008 will install updates automatically and attempt to restart. When the system attempts to restart it hangs.

Now here is the strange part...

You RDP into the server with Console access, and you get the message windows is shutting down and then you get kicked off. (and system restarts correctly)

This only happens when you have a KVM switch connected to the server, and it's currently switched to another system, when you switch it to the server in question then the screen flashes very quickly and then restarts correctly.

The reason this is happening is on the login screen the system is showing a screen saver. For some unknown reason, the screen saver will not close down for the restart unless an active mouse/keyboard is connected.

The fix: After much research, simply disable the logon screen's screen saver. But this is harder to do then you may think. This screensaver is not always easy to disable. But is easy once you know how.

Modify the following registry key to disable the screen saver on the server in question. This should fix your problems and allow windows updates to automatically restart as needed without a mouse/keyboard actively needing to be connected.


[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"ScreenSaveActive"="0"

Hope someone finds this helpful.

Sunday, March 1, 2009

Move User's account into domain

After many years in the IT field, I have searched for a way to move a local account into a new domain. This is impotent for a company that has decided to move into the domain environment. And you know how each user is. First, off they don’t see why they need the change. And secondly why in the world would they have all their settings reset back to defaults. Desktop, icons, and the works. With this following registry trick, it will allow you to move a users profile from a local account to a domain or a domain account to another domain account without losing anything.
What you are your thoughts?
————————————
First off you need to make sure you know the new and old user’s profile path. Also, you must have logged in as the new user at least once.
If you already have the above information and have logged in as the new user, so it’s profile is setup then you can skip ahead to change the profile information around. If you still need the user paths then read below.
Get Profile Paths
—————–
Local -> Domain: You can join the new domain then log in as the new user then log off and log in as the old user to find out both old and new users profile paths.
Domain -> Domain: Before you join the new domain you need to find the users path then join the new domain and find the path for the new one. If you have already joined the new domain, then I recommend going to your Documents and settings folder and figure out on your own what the old profile path is.
To find the profile path of an account login to that account and do the following.
Click Start
Click Run
Type in “CMD”
Click OK
In the black box type in “SET”
Press [Enter]
Note: The next to last line that starts with “USERPROFILE” this is the profile path of the new user.
Make the move
=============
1. Restart the Computer
2. Log in with the Administrator account (local or domain).
NOTE: If you are trying to move the administrator account you will first need to create a temp admin account to log in and perform the following steps. You can NOT be logged in as the old or new user to do the following.
5.Start regedit (start -> run -> Type in “regedit” -> OK)
6.Open up the following key
\\Hkey_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList
7.You will see a key (folder) for every user that has logged onto the system. Keep clicking on each one until you find the “ProfileImagePath” that is for the old user's account. Once you find it rename it! Example below is Bobby -> OldBobby
8.Now look for the “ProfileImagePath” of the new user's account. Change the path to the OLD user's path. Bobby.Domain -> Bobby
We have now moved the account over. Everything will work OK, as long as the new user always has admin rights. The reason this happens is that the Files and Registry will have permissions of the old user.
Change Registry permissions
===========================
1.Start Regedit again if not already running from above.
2.Click on “hkey_local_machine”
3.Select “Load Hive” from the file menu.
4.Select the file: “c:\documents and settings\(user profile path of old user)\ntuser.dat
Note: This file is hidden. If you can’t find the above file, you will need to enable showing of hidden files. To do this (do not need to exit regedit) click on “My Computer” in your start menu. Select “Folder Options” from the tools menu. Then select “View” tab. Select “Show hidden files and folders." Click OK and close out of “My Computer” Repeat step 3 and on.
5.Name the Hive TEMP
6.Open the Local Machine key
7.See TEMP at the end of the list.
8.Right-click TEMP and select permissions
9.You should see an item with a “?-(numbers)” or the old username delete this user.
(DO NOT REMOVE Administrator)
10.Click Add. Select the new user name (make sure the user is on the domain)
11.Enter in this users credentials
12.Once added give the user full control.
13.Click OK
NOTE: If you received a message just after clicking OK above. This could be because the new username did not get passed all the way through the registry. Try again.
15. Click on “hkey_local_machine”
16. Select “Unload hive” from the “File” menu.
17. Exit Regedit
Folder Permissions
==================
Because the new user and old user are different people, we need to make sure that the new user has permission to the old user's folder.
1. Right-click on the Start menu.
2. Select “Open All Users”
3. Press the [Backspace] key to back to the previous folder.
4. Select the OLD user's folder and right click on it.
5. Select Properties
6. Select Security tab
7. Click Add
8. Type in or select the new user. Click OK
9. Select the new user and give them “Full Control”
10. Click “Advanced”
11. Place a check in the box “Replace permission entries on….”
12. Click OK
13. Click OK on the pop-up message.
This will take up to several minuets
14. Select the old user
15. Click Remove
16. Click OK
Finished and Test
=================
If everything went OK, then we now need to restart the computer and log in as the new user.
Note: On the restart, you may receive messages that the system is looking for domains. If this message does not go away then just press Ctrl-Alt-Delete and attempt to log in. You should be able to get around it. Once you get logged in it won’t happen again.
Everything should look and feel exactly the same as before. All program and their settings should stay the same.
If for some reason you feel like you can log in as the old user it will now have a new profile.