Wsus – Update server 3.0 SP1

Oct 30
2009
Leave a
Comment

Here I want to talk about updates at your environment, as you know to keep our computers and server’s up to date Microsoft relist updates Avery few weeks, its Hailey recommended to use them because it’s save us a lot from our admin work, the wsus server help us to create centralized environments for those updates an give us the option to select which updates we want to deploy and which we not.
We can choose which updates we want to download and for that we have the following criteria:
• By operating system (Example: Office\Server2003\Xp).
• We can choose the update importance (Drivers\Critical updates).
• By language (Frances\English).
What are the Installation requirements?
- we need to install it on Windows Server2003SP1
- IIS (6.0) – because all computers connected to the server with http address we need to use iis to enable this connection.
- Microsoft .NET framework Version 2.0.
- The minimum and recommended disk space :
1. 1 GB for Boot Drive (C).
2. 3 GB for database. (D).
3. Because the server downloads and save updates on the server we need to have minimum 0f 25 GB to store those updates (E).
- NTFS partition.
- Database SQL.

When to synchronize….?

One of the good things that I love about this product is the time we want him to work. We can choose when the Wsus server will connect to the Microsoft servers and download all updates that we choose and keep them until you (The big admin…) chose what to install on your clients machines.

What I need to download….?

In this version (3.0 Sp1) the server can scan your enviornmant and determine which commuter and the update that he needs. We have 2 ways to see that information:

1. We can see it on the server Manu.
2. And the preferred way is to generate an automatically report, yes with the morning coffee you also have all the update that you missing and all you need to do is to approve it.
What if you have many departments…?
Here the answer is very easy, because you can create groups so you can choose how to deploy your updates to entire group or maybe to specific computers. We can create that group in active directory (With GPO) or on the wsus server.
How I create groups for entire bunch of computers….?
As you already know tasks like this we have the administrative console and it’s easy to manage, so let’s follow the process step by step:
1. Expend computers and select all computers.
2. Right click on all computers or go to Actions and press Add Computer Group.
3. Now when we created the group we can assign computers in it:
• In administration console go to computers.
• Choose the computer group you want to move.
• Choose from the list you open the computers you want to move.
• Right –Click on Change Membership.
• Now you will see a dialog box says “Set Computer Group Membership” with all your groups.
• Simply check the new group you want to assigns the computers in it.

How we install it…?

1. Go to your WSUS directory and press WSUSSetup.exe.
2. Click next.
3. Now you need to choose the “installation mode selection” here my recommended is to choose the full server installation + administration console.
4. Accept License agreement and click next.
5. Now you need to choose the “update Source” – here you chose where to place the downloaded updates so your clients can sync and download them. Click “store update locally” and chose the 30GB partition that we arranged before we started the installation process.
6. On the database options stay with the default options and click next.
7. Now we need to see the “Web Site Selection” accept default options (The first option IIS) to use port 80, Next.
8. In the next screen click again next.
9. Finish.
Note!
If you have firewall between the wsus and the internet you need to open ports 80 and 443 because that’s the ports the server needs to get updates.

How to choose the way the server will download updates…?
1. Go to the configuration wizard (after you get Microsoft improvement program) and click next.
2. Now you need to select if you want to sync and get updates from Microsoft server or from another Wsus server that you have in your environment. So for now we will choose the first option (Microsoft Server) and click next.

How I manage the server …?

We manage the server with the administrator console for wsus to open it follow this:
Start->All programs ->Administrative tools ->Windows server updates services 3.0.

How I can configure my updates and the server sync…?
1. Open management console.
2. Go to “Set Sync Schedule.
3. Now we need to chose what type we want to work with:

- Manual – if you chose this option you need to initiate the sync from the wsus console.
- - Automatic – if we chose this option the server will create the sync process at specific intervals, all we need to do is to choose when the server creates the intervals (Send and Forget).
How I define the update to a specific product…?
1. Open console.
2. Options and select “update files and languages”.
3. Now you need to see 2 tabs :

- Update Files – here we can chose if we want to store all our updates locally on the server or the client commuters will download from Microsoft update.
- Update languages – here we can configure the updates Lang’
4. Now press OK and save all settings.

How I sync manually…?

1. Open Administrative console.
2. Select Synchronizations.
3. Press right click on “Actions”
4. Sync Now.

How to configure automatic updates…?

1. Go to group policy and configure a new policy.
Computer Configuration -> Administrative Templates -> Windows Component ->Windows Update.
2. Click “Configure Automatic Updates”.
3. Click Enabled and configure the following options :

- Notify for download and notify for install – notify the admin when before the server download update and before the installation of the update.
- Auto download and notify for install – updates will download automatically and notify before install it.
- Auto download and schedule the install – if we configure automatics updates we can schedule installation, so we need to choose the time for the installation.
- Allow local admin to chose setting – local admins can use automatic updates in the control panel (the can chose scheduled time for updates installation).
4. After you finish all configuration press OK.

How I create the connection between the clients to the new server….?
Because we work with 3000 computers… we can apply the update configuration with GPO, it’s very simple to do and I will explain it so you can manage all clients easy as possible:
1. Open GPMC.
2. Create new GPO.
Computer Configuration -> Administrative Templates -> Windows Component ->Windows Update.
3. Now choose “Specify Internet Microsoft Update Service Location “.
4. Press “Enabled” and configure the following :
You need to give your Wsus HTTPURL (IIS Remember…) for example:
Http://Wsus90 (You need to put it in both boxes!!!!!).
5. Click OK.

Note!
After you configure the policy and deploy it on client’s computers you will start to see clients computers add to your server at the administrative console at estametly 30 minutes.
If you cannot wait 30 minutes you can speed the process by pressing the following command on client computers:
Goupdate /force – this command will apply the Wsus policy immediately.

Note!
You have another option to make the clients computers connect to the wsus by pressing the following on client’s computers:
“Wuauclt.exe /detectnow “.

O.k. I have the update but how I approve them…?

To approve the updates you want to deploy follow the following process:
1. Open Admin Console.
2. Go to Updates and a dialog will open and show you all the updates that you have on your server with criteria :
• All Updates.
• Critical Updates.
• Wsus Updates.
• Security Updates.
3. Now choose the type of updates you want to deploy.
4. Select the updates from the criteria that you choose (If you want to choose multiple contiguous Update press and hold Shift button, If you want to choose multiple updates that noncontiguous press Ctrl while choose your Updates).
5. Press approves and a dialog box will appear.
6. Select the group you want to deploy the updates you just choose (for examples “Sales”) and choose one of the following:
• Approve for install – choose this option!!!
• Approve for Removal.
• Not approve.
• Deadline.
• Same as parent
• Apply to children.
7. Now you will see a progress bar start to show you the tasks that you ask from the server.
8. Close.

Note!
If you want to see the status of the updates follow the easy few steps:
1. Admin console.
2. Reports -> Update Status Summery -> Update Report Window.
3. Here you can create filters if you like.
4. Press on “Run Report”.
So now after you finish to read my document I’m shore you can go to your bosses and offer the your great solution and the ones that already have this wonderful server I hope I can help in something, so if you have any questions please contact me or live your comment and I try to come back and help you as soon as possible.

Written by admin in: Infrastructure Servers |

Ports you need to know when you working with exchange server

Oct 28
2009
Leave a
Comment

Port: Protocol:

110\995 POP3\POP3 over SSL

143\993 IMAP4\IMAP4 over SSL

25 SMTP

80/443 HTTP\HTTPS

389\636 LDAP\LDAP over SSL

3268 Global Catalog LDAP

88 Kerberos

53 DNS

6001\2\4 RPC over HTTP

A port is an endpoint that clients use to create connections between applications and services. Each service or application use port that enables the communication.

Since ports numbers well known it’s also can use for attacking that application, so we need to understand which role we open in the firewall before enabling inbounds or outgoes connections .

Written by admin in: Exchange2003 |

Exchange 2003 Install Preparations

Oct 28
2009
Leave a
Comment

Before you deploy exchange 2003 you need to understand two things….

• First you need to understand what you already have in your environment.
• Second you need to understand the journey that you going to take darning the exchange installation.

So let’s start to understand what you have at your environment:

1. The first thing you need to do is to understand what you have in your environment, the best way for my understand is to put things on paper, create a document on what you already have at your environment.
The document should contain the following:

• The infrastructure of your environment – in this tab you will create documentation of you physical environment ,put on paper the offices physical place and which servers they include ,also describe which services those servers contain(Dhcp \ Dns \ Printer Server and more…), your ip segments and your type of connection between your branches and to the internet .

• Which model do you want …?
You are the “GOD” (The Admin that Control!!!!), so you need to chose how you going to take control on your exchange, ask yourself…… I’m the only one that controls all the exchange servers in the org…? Or I want to delegate few features to my “Lower” admin in other branches so I reduce my work on the mail servers. It’s very important to understand it because when you install the exchange it’s the only time that you can chose your administrative group configuration.

• AD structure – understand your domain controllers deployment , because exchange server goes hand to hand with your AD you must know how much DC you have ,how much sites…? And do you have more than one forest…?

• How you handle the mail flow till now…? Are you going to update existing mail servers or you wanted to install new exchange and create migration between them?

After you understand what you have and what you want to do we can go to our journey to choose the right way to do it?

• As you know here you also need to choose the exchange version to buy and install.
In exchange 2003 we have 2 versions:

Standard Edition – here we have to understand the main difference, the standard version can do almost all the things that her big brother (Enterprise Edition) but with capacity limits.

Standard:
Supports only one mailbox store and Public store of 16 GB.
(We can increase it to75GB after installing SP2).

Enterprise:
Support up to 20 stores with no capacity limits.

But what is important to understand is that exchange 2003 standard doesn’t support
High-Availability because you cannot create clustering!!!!

System Requirements:

About the hardware just checks at Microsoft site because it’s simple to find it out.

The other requirements that you need to apply before installing the exchange (It’s important to understand it because it’s really different at Exchange 2007 but this will be on other post):

1. Verify that you have full Microsoft update include Net framework 2.0 or above.
2. Install ASP.NET.
3. WWW – world wide web publishing
4. SMTP and NNTP.

After you complete to install and configured all of the above we need to update and tell our lovely “SCHEMA” that we have a new kid with different attributes, for doing that we need to run Forest Prep and Domain Prep:

ForesPrep –
Here we extends the active directory schema and create new objects and classes, because the schema replicated to all domain controllers we need to run forest prep only one time.

Demands:
To be enabling to run forestprep you need to be a “Schema Admin” and “Enterprise Admin”.

To install forestprep follow the next steps:
1. Open run-> Cmd
2. Type : cd:\setup.exe /forestprep
3. Just click next until the update finish.

DominPrep –
When we run this command we will create 2 new groups in the Active Directory:
• Exchange Domain Servers.
• Exchange Enterprise Servers.
To run this command we need to be in the domain admins group and also run it at our root domain.

To install domianprep follow the next steps:
4. Open run-> Cmd
5. Type : cd:\setup.exe /domainprep
6. Just click next until the update finish.

Written by admin in: Exchange2003 |

System “RUN” Shortcuts

Oct 26
2009
Leave a
Comment

Taskmgr = Task Manager.
Firewall.cpl = Open the firewall guide.
Msconfig = System Configuration Utility.
Shutdown = Good Bye System!
Mstsc = Will open the Rdp Screen.
Powercfg.cpl = Power Configuration.
Osk = And the system keyboard will appear.
Logoff = log off existent user.
lusrmgr.msc = Will show us local User & Groups.
Secpol.msc = Here we can find the computer local security configuration.
Eventvwr.msc = Almighty Event Viewer.
Cmd = Good old command prompt.
Dfrg.msc = Remember to run it …
Compmgmt.msc = Here we have the computer management.

Written by admin in: Microsoft Tools |

System “RUN” Shortcuts

Oct 26
2009
Leave a
Comment

Taskmgr = Task Manager.
Firewall.cpl = Open the firewall guide.
Msconfig = System Configuration Utility.
Shutdown = Good Bye System!
Mstsc = Will open the Rdp Screen.
Powercfg.cpl = Power Configuration.
Osk = And the system keyboard will appear.
Logoff = log off existent user.
lusrmgr.msc = Will show us local User & Groups.
Secpol.msc = Here we can find the computer local security configuration.
Eventvwr.msc = Almighty Event Viewer.
Cmd = Good old command prompt.
Dfrg.msc = Remember to run it …
Compmgmt.msc = Here we have the computer management.

Written by admin in: Microsoft Tools |

Reg Tweaks for Windows XP

Oct 26
2009
Leave a
Comment

How to Disable Status Messages During Boot, Logon, Logoff and Shutdown …?
Start -> Run -> Regedit ->
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\Policies\System
After we’re inside we need to create a new DWORD or modify the existing DWORD “DisableStatusMessages”, now set the value to be “1”.
Note!
If we want to restore the process all we need to do is reconfigure the value to be “0”.

How to disable the annoying Error Reporting in case we have problem:
Start -> Run -> Regedit ->
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\PCHealth\ErrorReporting
Now the reg value that we need called “DoReport”, by default this value set on 1(Send Repot) so all we need to do is to change it to “0”.
Note!
If we want to restore the process all we need to do is reconfigure the value to be “0”.

How to disable Media Player Update Massage ….?
Start -> Run -> Regedit ->
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MediaPlayer\PlayerUpgrade
The important value will be: AskMeAgain
The type of the value is: REG_SZ (String Value) with the option to choose YES or NO.
Note!
We probably need to restart the computer or logoff to “enjoy” the changes.
How to disabled Low Disk Space Message…?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Now all we need is to locate the DWORD called “NoLowDiskSpaceChecks” and change the default value to be “1”.
Note!
We probably need to restart the computer or logoff to “enjoy” the changes.

How to Disable the Desktop Cleanup Wizard
Start -> Run -> Regedit ->
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz
The value that we looking for is “NoRun” (Default value is 0=Enabled) and change the value to “1”.

How to disabled the Auto-Run of Windows Messenger
Start -> Run -> Regedit ->
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Now we need to remove the value called “MSMSGS” .

How to Change Name and Company Information After we already install our Operating System…?
Start -> Run -> Regedit ->
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion
We will notice that in the right pane we have value called “RegistardOrganiztion” , now double click this value and under the “Value Data” we can provide the correct name that we want to give during the installation .

How to Owner Information After we already install our Operating System…?
Start -> Run -> Regedit ->
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion
Chose the value called “RegisteredOwner” and under “valueData” change the new owner.

Enabling the NUM lock key when the windows logon appear
At default this key is disabled when the system go live ,so if you want to use this key before user press the CTRL+ALT+DEL just follow the next easy steps:
Start -> Run -> HKEY_USERS\.Default\Control Panel\Keyboard
Now all we need to do is to change the value for “lnitialKeyboardIndicators from 0 to 2.

Written by admin in: Microsoft Tools |

Ports You Need

Oct 26
2009
Leave a
Comment

Here I want to give you the most important ports you need for easy administration:
Port Number Service Information :
80 HTTP Hyper Text Transfer Protocol
443 HTTPS,SSL Secure HTTP
20 FTP File Transfer Protocol – Default Data
21 FTP File Transfer Protocol – Control

22 SSH Secure Socket Shell
23 TELNET Remote Login Protocol
25 SMTP Mail Transfer Protocol (Exchange)
110 POP3 Post Office Protocol
995 POP3- SSL Secure POP3
119 NNTP Network News Transfer Protocol
3389 RDP Remote Desktop Protocol
53 DNS Domain Name Service
1512 WINS Windows Internet Name Service
389 LDAP Directory Access Protocol
636 LDAPS Secure LDAP
67 DHCP-SERVER Dynamic Host Configuration Protocol
68 DHCP-CLIENT Dynamic Host Configuration Protocol
123 NTP Network Time Protocol

Written by admin in: Active Directory |

Password Reset Disk in windows 7

Oct 26
2009
Leave a
Comment

How to create a Password Reset Disk in windows 7\Vista
Imagine this scenario ….
You created logging password to your account and you simply forget it…what you do!?
Maybe start the system from the command line and change the SAM file..?
Maybe go up with third party recovery solution …?!
No! No! No!
All you have to do is simply use the wonderful tool that Microsoft provides on their system that resolves this scenario in few easy steps.
Few words about this tool:
Originally we have this option already in winXP so we can use this option already then but with huge difference because buck then we must have “Floppy Disk Drive” to create the file and in the “modern Days” you already know that this option is not so actual, so if you already understand in windos7\vista we can use any available media such as USB stick that we have in our packet.
So what we create on the media…?
When we use this option the system creates a small file that will be use in case we have the scenario above and the cool thing about it that no matter how much times we change our password the reset disk still work for us ! .
Note!
Because it’s so easy to use I recommend that you keep the media in safe place to insure no one gain access to your system.
First you need to go to control panel – Start – > Run -> and type “control”
Now after the control panel is up search for “User Accounts”,
On the top left corner you will see the option “Create a Password Rest Disk”, click it
Now the great “wizard” will open so simply follow the next instructions:
Next -> chose one of the available media and click Next -> now insert your current account password and click Next – > now the wizard will start to create your file on the specific media that you gave .
Note!
Always check this action, so go to your media that you specify and search for a file called Userkey.PSW
To verify that the process finish as it suppose to be. -
When and how we use it…?
When the system ask you to insert the password you will see benit it the option to “Reset Password “simply click on it, and Pup-up will tell you that you need removable media so just click the”OK” button and the wizard will come to front :So follow this:
Next -> chose the media – > Type the new password and finish the process.
THE END!

Written by admin in: Microsoft Tools |

Microsoft Tools

Oct 20
2009
Leave a
Comment

PSTOOLS
Pstools is a utility originally come from winndow NT & Server2000 box tools and include 12 different
Tools inside it that we can use each one of them to accomplish our admin tasks more easily and much faster and that include examples like:
• Run process on remote computers.
• Terminate process on client’s computers.
• Get information on machines.
• Shutdown\restart machines.

To work with those tools we need to use the “Command line” so that’s give us the “administrators” the option to create “.BAT” files that we can use in each time that we need and save us the time to wroth the command all over again .
We can download this kit from the following

http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

In this article I will explain what we can do with those tools and how we can use them to control complex environments.
Note!
If we want to work with this tools kit we need to provide the correct credentials (Need to be local administrator on the machine that we work on).
The tools list :
• PsExec – This tool provide us the ability to runs programs in local\remote computers.
We can use this tool with the following “important” switches:
\\computer – Here we can chose the computer that we want to use, in case that we have 100 computers in our organization we can create a list of computers in notepad and give the path to the file and not for a single computer
Example:
Psexec \\Path to notepad file.
In this case the command will work on all the computers that we specify in the notepad.
-U – if we need to provide appropriate credentials on a remote computer we can use “-U” switch for the user name account.
-P – if we need to provide appropriate credentials on a remote computer we can use “-p” switch for user password .
Example :
Psexec \\computer -u David –p qaz123
-C – with this switch we can copy a program to a remote computer and execute the file on the specific machine .
Example :
Psexec \\D001 -c program.exe
Because we copy program from local computer to a remote computer we can use 2 more switches connected to the “C” switch .
-F – copy the file to the remote computer even if the file already exists .
-V – copy the file only if the file we want to use is newer then the same file on the remote computer.
So we can use it as follow :
Psexec \\dev01 –c –f \ -v programe.exe
Note !
If the program that we need to execute a program that already exists in the remote computer we need to specify the program path as follow :
Psexec \\D001 “c:\Program Files\program.exe”
“The program path”
• PsInfo – These tools simply do what he means “help us getting info on client computer”.

The important switches that we need to use :
PsInfo \\dev01 – we going to get system information on the computers list that we specify .

-H – will show us all the hot fixes installed on the computer.

PsInfo \\dev01 -H

-S – here we can get all the applications installed on the remote computer.
PsInfo \\dev01 –S
-D – will show us disks information(Volumetype,Format,Name,Size,Free space)
PsInfo \\dev01 –D

• PsShutdown – with this tool we can simply shutdown local\remote computer with a simple syntax , here is the important switches :

-F – this is nice switch that force the destination computer to close all applications without the options to save them like upends in regular shutdown.

-l – just lock the user computer like we do with “cntrl+D”.

-R – Reboot destination computer.

-A – Disabled the “R” switch (only if we have time until the restart the default is 20 seconds).

-M “Text” – with this switch we create massage to a user when he sees the countdown until the restart.

-D – only suspend the destination computer.

-H – send destination computer to “Hibernate state”.

-K – simply power off destination computer.

-S – the destination computer will shut down without any other progress.
-C – the user that connected to the destination computer will have the ability to cancel the shutdown.

-T – change the shutdown countdown (20 seconds in default).

• PsFile – offer us the options to see all files that open remotely opened on destination computer and also close them

-c – close the opened file (Off course we need to give the file location with “ID”).

-ID – identity of the file that we want the information.

-Path – we can give the path of the files that we want.

• PsKill – This app help us to close local\remote process.

-T – kill the process that we specify.

-Process id or Name – here we need to give the process that we want to kill.

Example:
If we want to close user mspaint:

Pskill \\Dev01 mspaint

• PsList – show all process that the destination computer have.

-Name – give information on a specific process.
-M – Memory details of the process.
-D – show all information as thread .
-T – show process tree.
• PsService – with this tool we can see and manage the servers on the destination computer .

- Start – force specific service to go up.
- Restart – – force specific service to stop and then start.
- Stop – stoop the specific service that we ham for .
- Pause – make the service to pause.
- Cont – this is the opposite from pause option.

Example :
If we want to stop the dns service all we need to do :

PsService \\ Dev01 Stop dns

• PsPasswd – let’s say that we need to change 50 users password, in the regular term we will do it with the users & computers snap-in and it will take us a lot of time, but with this tool we can simply create a .BAT file that do all the work for us.

• -Username – here we put the account that we want to change the pass for.

• -NewPassword – here we put the new account password.

Example :
PsPasswd \\dev01 David 123QWEasd

• PsSuspend –with this tools we can suspend system process that running and consuming resources on the machine .

-process id – we can suspend the process with the ID of the process .

-process name – we can suspend the process with the NAME of the process .

-R – Start the suspend process.

Example :
PsSuspand \\dev01 mspaint

• PsGetsid – here we can get user or a machine SID number.

Examples :

Psgetsid \\ Dev01 (Here we will get the machine SID)

Psgetsid %username% (Here we will get the user SID)

Written by admin in: Microsoft Tools |

Exchange 2003 Recovery

Oct 17
2009
Leave a
Comment

Test

Written by admin in: Exchange2003 |

Visit Our Friends!

A few highly recommended friends...

Archives

All entries, chronologically...

Pages List

General info about this blog...