General discussion

Locked

The Bit Bucket

By gary ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

32 total posts (Page 2 of 4)   Prev   01 | 02 | 03 | 04   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Integrating patches into Unattended Builds

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">One of the really nice features in Windows is the unattended build.<br />Rather than having to do an install and hit Next, Next, Next, Cancel (damn, wrong one!) you can pass the installation routine all of the settings it needs.<br />
<br />This is useful because you get reliable, consistent builds across hardware types. Sometimes you will need to add in the additional drivers needed but once thats done it's actually a really nice way of performing an install.<br />
<br />Another nice feature is the ability to slipstream service packs into the install media. This gives you the ability to deploy the software with the service pack pre-installed.<br />I always spin off a copy of the install when applying a service pack. This way I can roll back to a previous unattended installation if needed.<br />
<br />Recently, Micrsoft has addd the ability to /integrate patches into the install. In theory you can install a new machine fully patched before it even hits the network.<br />
<br />In Theory.<br />
<br />In Practice someone needs to test this at Microsoft.<br />
<br />Recently I tried this on Windows 2003. The service pack slipstreamed and installed with no problems.<br />
<br />Integrating the patches also generated no errors but when running the installation you'll get the following error:<br />
<br />
<a href="http://www.gdwnet.com/blog/uploaded_images/w2k3sp1-711724.JPG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}">
<img alt="" border="0" src="http://www.gdwnet.com/blog/uploaded_images/w2k3sp1-707746.JPG" style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" />
</a>
<br />
<br />This DLL is used by <a href="http://http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx">MS05-039</a>
<br />
<br />So, Now we have a problem. Do we ignore the file? Well, you can't do that because you will still be unpatched so all you can do is NOT integrate that patch into the unattended files and this means when the machine starts up it will be missing patches.<br />
<br />Annoying and unnecessary.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/01/integrating-patches-into-unattended.html">This post originally appeared on an external website</a></div>

Collapse -

The lunatics ARE running the asylum

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Interesting day today.<br />
<br />I came across the credit card machine that cannot accept any credit card with curved edges (Have you EVER seen a credit card with squard edges?)<br />
<br />The complaints line that cannot accept complaints - Wanadoos' customer complaints line are unable to help unless they can do something about the problem.<br />
<br />And<br />
<br />The helpdesk that gets scheduled downtime confused with a network outage. Neither of which was true. Today I had problems with my Wanadoo broadband so I phoned the tech support line to be told that there was a network wide site downtime scheduled outage. When pressed further he clammed up. A call back 20 minutes later actually showed no issue and the problem was fixed.<br />
<br />At least my internet connection is back again but this is the second time in a week its failed with inconsistent information from wanadoo.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/03/lunatics-are-running-asylum.html">This post originally appeared on an external website</a></div>

Collapse -

Three Months.....

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">When I first started blogging I had this grand plan to blog something ever few weeks and now I notice it's been three months since I blogged. Not good.<br />
<br />Hmmmm.<br />
<br />From now on I will be a good boy and blog more often!</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/06/three-months.html">This post originally appeared on an external website</a></div>

Collapse -

BETA's, BETA's everywhere!!

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Microsoft have really been busy over the past month. We have had BETA's for office 2007 which looks GORGEOUS and I fully admit to being addicted to OneNote.<br />
<br />Vista is now in CTP and anyone can download it. I'm finding the front end a bit clunky and I have yet to find out where to turn off all the nice processor hungry fade effects but overall its, errm, well it's an operating system. I'm not sure what exactly it brings to the table in terms of an O/S. I guess time will tell.<br />
<br />Interesting enough, Vista doesn't use the unattend.txt file anymore. This time it's all pure XML. At some point this week I will be putting together a test autobuild. Will be interesting to see how that all works.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/06/betas-betas-everywhere.html">This post originally appeared on an external website</a></div>

Collapse -

Bootable CD's in Nero

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">One of the really nice things about CD's is that they can be made bootable. Doing this is a slightly fiddly operation but worth the time.<br />Most of the autobuilds I create are written to an ISO file (for use in VMWare) or burnt to CD (for use on physical hardware.<br />
<br />One problem I have tripped over several times is that selecting 'Bootable CD' from the Nero menu will not give you a bootable CD that works for a Microsoft autobuild. The default Nero settings will screw with the filenames and so break the installation.<br />
<br />The fix is quite simple, select the 'ISO' tab before you burn your bootable CD and make sure it's configured as follows:<br />
<br />Data Mode: Mode 1<br />File System: ISO9960 Only<br />File name length: Max of 11= 8 + 3 chars (Level 1)<br />Allow path depth of more than 8 directories - TICKED<br />Allow more than 255 characters in path - UNTICKED<br />Do not add the ';1' ISO file version extension - UNTICKED</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/06/bootable-cds-in-nero.html">This post originally appeared on an external website</a></div>

Collapse -

Windows 2000/XP can't see entire Hard Disk Space

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Several times now I have used big (great than 128GB) IDE hard disks in Windows 2000 and found that Windows cannot address more than 128GB. This is down to a limitation of the service pack (you need to be on service pack) and the simple fact that there is a registry value called EnableBigLBA that needs to be activated.<br />
<br />The required registry key is listed on Microsoft's support site. Click on this <A href="http://support.microsoft.com/?kbid=305098">link </A> to see the article.<br />
<br />
<br />This really is one of those tweaks that's handly to have in an automatic build or in a ghost image.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/06/windows-2000xp-cant-see-entire-hard.html">This post originally appeared on an external website</a></div>

Collapse -

TV Theme Music

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Everyone now and then it's possible to come across a website that's pure nostalgic gold. <a href="http://tv.cream.org/specialassignments/themes/">TV Creams top 50 TV themes of all time</a> is just one such site.<br />This site has things like an extended version of the <span style="font-style: italic;">Terrahawks </span>theme on it. If you remember programmes such as Terrahawks, Tales of the Unexpected and Sapphire & Steel then you just might waste an evening at this site.</div><p><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/06/tv-theme-music.html">This post originally appeared on an external website</a></div>

Collapse -

Tips for Active Directory Restores

by gary In reply to The Bit Bucket

<div xmlns="http://www.w3.org/1999/xhtml">Over the past few weeks I have had the chance to play with Active Directory Restoration and various failure scenarios. During this I have come up with a set of tips that I thought it would be worth sharing. If you have any more then please add them into the comments.<br />
<br />1. You should always have a MINIMUM of two domain controllers doing replication between them and they should be at different sites.<br />
<br />2. Should you ever need to restore the system state you should only restore the system state to the machine it was backed up FROM. This is because the system state contains more than just active directory, it contains all the registry settings and more therefore restoring<br />system state to a different machine will overwrite the settings on that machine.<br />
<br />3. The only exception to rule 2 is when you restore system state to a DIFFERENT location in order to promote a domain controller from another domain controllers system state.<br />
<br />4. DCPROMO /ADV is the command that will allow you to point the DCPROMO process at a restored system state. This is called a non-authoritative restore.<br />
<br />5. An authoritative restore cheats. It just increments the USN (Unique Sequence Number) of all objects that you are restoring by a huge amount (20 to 100 thousand) .<br />
<br />6. The Active Directory Database is called NTDS.DIT<br />
<br />6. It's helpful to understand Active Directories replication model - A domain controller will look in it's NTDS.DIT database and THEN ask the server running the PDC Emulator if it has a recorded with a higher USN.<br />
<br />7. Dependant on how your replication environment is configured it MAY be possible to jump onto another DC and mark the object you want recovered authoritative. This way, when the replication occurs it will be ignored because the USN's have changed.<br />
<br />8. To recover Active Directory the server MUST be in Active Directory services Restore Mode. This mode is a variant on Safe Mode and means the Active Directory database is NOT loaded. You must login using a logon name of Administrator and the Active Directory services restore password you set during DCPROMO. This password is the ONLY password that is stored locally on the domain controller. It can be changed by following tip 16.<br />
<br />9. To recover the ENTIRE Active Directory database you type NTDSUTIL -> Authoritiative Restore -> Restore Database<br />
<br />10. To recover an OU you type NTDSUTIL -> Authoritative Restore > Restore Subtree "OU=X, OU=Y, DC=A, DC=B"<br />
<br />11. To recover a single object you type NTDSUTIL -> Authoritative Restore > Restore Object "OU=X, OU=Y, DC=A, DC=B"<br />
<br />12. When restoring objects you need to use the full Distinghused Name. The Distingusted Name is the CN=X, OU=Y, DC=Z as listed above.<br />
<br />13. Acronyms used in Distingused Names:<br />CN is Common Name<br />OU is Organizational Unit<br />DC is Domain Component<br />
<br />14. It's possible to perform an authoritative restore WITHOUT being in Active Directory Services Restore mode. To do so you need to set a flag with the following command:<br />SET SAFEBOOT_OPTION=DSREPAIR.<br />Attempting this type of restore is NOT recommended. It's much cleaner and safer to be in Active Directory services restore mode.<br />
<br />15. NTBACKUP has a bug. If your NTDS.DIT database is on any drive other than C: you must back up a file on the same drive NTDS.DIT lives on. For example, if NTDS.DIT lives on the G: drive then you must back up ONE OTHER file on G: otherwise it won't work.<br />The bug is documented <a href="http://support.microsoft.com/?kbid=909265&SD=tech">here</a>.<br />
<br />16. You can change the Active Directory Services Restore Mode password by using the following command:<br />NTDSUTIL -> SET DSRM PASSWORD -> RESET PASSWORD ON SERVER <servername>
<br />you will then be prompted for a new Active Directory Services Restore Mode password.</servername>
</div><div class="blogdisclaim"><a href="http://www.gdwnet.com/blog/2006/06/tips-for-active-directory-restores.html">This post originally appeared on an external website</a></div>

Collapse -

Tips for Active Directory Restores

by User94327 In reply to Tips for Active Directory ...

<p>I tried step 16.<br />Entered: NTDSUTIL<br />Prompt: ntdsutil:<br />Entered: SET DSRM PASSWORD<br />Prompt: Reset DSRM Administrator Password:<br />Entered: RESET PASSWORD ON SERVER<br />Prompt: Error 80070057 parsing input - illegal syntax?</p>
<p>Did I do something wrong here?  I am by no means an AD expert.</p>
<p>Thanks!</p>

Collapse -

Tips for Active Directory Restores

by sysadmin In reply to Tips for Active Directory ...

Rather than "RESET PASSWORD ON SERVER", you need to enter "RESET PASSWORD ON SERVER NULL".  The "NULL" instructs the DSRM password to be reset on the local computer.  You can also substitute "NULL" with another server name to reset the local password on that particular server.

Back to After Hours Forum
32 total posts (Page 2 of 4)   Prev   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums