First script will interrogate the event log on all servers listed in "servers.txt", and create a report of logon times for the administrator account. It uses Microsoft Log Parser which is a free download.

@echo off
set LOG=C:\scripts\log_parser.log
set servers=C:\scripts\servers.txt
set logparser="C:\Program Files\Log Parser 2.2\LogParser.exe"

FOR /F %%i IN (%servers%) DO call :PROC %%i
goto END

:PROC
ping -n 1 -w 10 %1 | find /C "Reply" > ping.txt
set /p time=<ping.txt
if /I %time% GTR 0 (echo Got ping from %1 >> %LOG%) ELSE echo Skipping %1 && goto END
echo Processing %1 ...
%logparser% "SELECT TimeGenerated, SourceName, EventCategoryName, Message INTO C:\scripts\%1.txt FROM \\%1\Security WHERE EventID = 528 AND SID LIKE '%%dministrator%%'" -resolveSIDs:ON
echo.

:END
del /Q /F ping.txt

The 2nd script is to query the services database on all servers in "servers.txt", and identify any services that are logging on as administrator (or matching string "admin*"). Just modify line 13 in the first script and run it again.

echo Processing %1 ...
for /F "usebackq tokens=2 delims=:" %%a in (`sc "\\%1" query ^| find "SERVICE_NAME"`) do @sc \\%1 qc%%a | find /I "admin" && @echo %%a
echo.

After that you just have to identify applications where the password may be typed in, in our instance the remaining place was a backup job for our Sharepoint server. Job done!

Edit the SMTP server and strSender values to something appropriate. Also edit line 37 with the name of your domain. You will need to create the folder C:\scripts for this to work, or edit line 8 with a new location for the csv file.

The outputted file is a bit messy, but gets the job done.

SMTPServer = "mail.yourdomain.corp"
strSender = "name@yourdomain.corp"
strRecipient = InputBox("Enter the email address for report or" & vbcrlf & "press cancel to just generate a local file.", "Input required")
Const ForAppending = 8
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
strFileName = "C:\scripts\LocalAdminsReport.csv"

If objFSO.FileExists(strFileName) Then
	objFSO.DeleteFile(strFileName)
End If		

Set objFile = objFSO.OpenTextFile(strFileName, ForAppending, True)
objFile.WriteLine "ComputerName,Administrators"

GetLocalAdmins 

msgbox Counter & " computers were counted." & vbcrlf & "See " & strFileName & " for details."
If strRecipient = False then
	'user didn't enter an email address
	wscript.quit
Else
	SendEmail
End If

Private Function GetLocalAdmins
	Const ADS_SCOPE_SUBTREE = 2

	Set objConnection = CreateObject("ADODB.Connection")
	Set objCommand =   CreateObject("ADODB.Command")
	objConnection.Provider = "ADsDSOObject"
	objConnection.Open "Active Directory Provider"

	Set objCOmmand.ActiveConnection = objConnection
	objCommand.CommandText = "Select Name from 'LDAP://DC=yourdomain,DC=corp' " & "Where objectClass='computer'"
	objCommand.Properties("Page Size") = 1000
	objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
	Set objRecordSet = objCommand.Execute
	objRecordSet.MoveFirst

	Do Until objRecordSet.EOF
		name = objRecordSet.Fields("Name").Value
		PINGFlag = Not CBool(WshShell.run("ping -w 500 -n 1 " & name,0,True))
		If PINGFlag = False Then
			objFile.WriteLine name & ",Did Not Ping"
			Else
				'Get the local administrators
				Set objGroup = GetObject("WinNT://" & name & "/Administrators,group")
				For Each objMember In objGroup.Members
					If objMember.Name <> "Administrator" and objMember.Name <> "Domain Admins" Then
						objFile.WriteLine name & "," & (objMember.Name)
					End If
				Next
		End If
		objRecordSet.MoveNext
	Loop
End Function

Private Function SendEmail
	Set objEmail = CreateObject("CDO.Message")
	objEmail.From = strSender
	objEmail.To = strRecipient
	objEmail.Subject = "Local Admins Account"
	objEmail.Textbody = Counter & " computers were counted. See attached log file for details."
	objEmail.AddAttachment(strFileName)
	objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
	objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = SMTPServer
	objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
	objEmail.Configuration.Fields.Update
	objEmail.Send
End Function

1. Firewall config: Open tcp/80 (or tcp/443 if you have configured SSL) on the firewall between your DMZ server and your WSUS server.

2. On your DMZ server open gpedit.msc. Go into Computer Configuration - Administrative Templates - Windows Components - Windows Update.

Configure Windows Update using gpedit.msc

3. Enable "Configure automatic updates" and configure the schedule of your choice.

4. Enable "Intranet Microsoft Update Service Location". Specify your WSUS server in both fields using the http://server format.

5. Enable "Client side targetting" and enter the name of your Target Group into the box.

That's it - the updates will now flow in.

Here's the scenario: You have a single OCS 2007 standard edition server on your network. Your Active Directory uses a DNS suffix that is not available externally, for example ocs.internal.ad. You are using a certificate issued by your domain CA on your OCS server (this is recommended) and automatic logon works fine while your clients are on the internal network.

You have also deployed an OCS 2007 Edge Access Server. The server's name in external DNS is sip.yourdomain.com.

The goal is to enable clients to log in automatically. This is a nice to have - and I think even nicer when they can log in automatically from both within the corporate LAN and the outside of your network.

The problem
If you change your users OCS sign-in names to their email addresses (i.e. user@yourdomain.com), the automatic logon works fine on the outside but not from the inside (providing your Edge Access server and supporting DNS records are set up correctly). Meanwhile from outside of your network if your users have sign-in names using your internal AD namespace (i.e. user@internal.ad), automatic logon fails - this is because the internal.ad DNS suffix does not exist on the outside and your OCS client cannot find an SRV record in DNS to locate the OCS server.

The solution!
There are several components that need to be in place for this to work.

1. DNS Configuration
For this to work you are required to set up a copy of your external DNS as a primary zone in your Active Directory DNS. Then in your internal DNS configure an A Record for sip.yourdomain.com pointing to the IP address of your internal OCS server. In addition, set up some SRV records:

_tcp._sipinternal.yourdomain.com -- sip.yourdomain.com (0 0 5061)
_tcp._sipinternaltls .yourdomain.com -- sip.yourdomain.com (0 0 5061)

2. Certificate configuration
For authenticating external clients, you will need an SSL certificate on your Edge Access server. Choosing the right sort of certificate is vital for the Edge Access role. You have to select one from this list for federation and public IM connectivity to work properly.  Other certificates may work, but have not been approved for use with OCS 2007 by Microsoft.

For authenticating internal clients, Microsoft recommend you use a certificate from the CA on your domain. From your standard edition server, run setup on the OCS CD and go through the certificate wizard. When configuring the certificate, specify ocs.internal.ad (insert your internal server name here) as the primary name of your server and sip.yourdomain.com (your external namespace) as the alternative name on the certificate.

3. Sign-In names
Last thing is to configure sign in names, these will need to be changed to use your external DNS suffix, i.e. user@yourdomain.com. One word of warning on this - if you change sign-in names while the users are logged on, they will be kicked off the system and receive an error about invalid credentials. Instead, make the changes while the users are logged off and they will then be picked up automatically the next time the computers are booted up on the network.

After making this change users should then be able to log in automatically from both the corporate network and the Internet.

This is one area IMHO where the OCS 2007 documentation does not go into enough detail.

Some of the text has wrapped to the next line due to the formatting of this blog but when copied and pasted the unnecessary line breaks are removed.

if exist o:\MetabaseBackup goto backup
net use o: /delete /Y
net use o: \\servername\sharename\London\Metabase

:backup
for /F %%i in (iisservers.txt) do cscript c:\windows\system32\iisback.vbs /backup /s %%i /b %%i_metabase /b %%i_metabase /overwrite
for /F %%i in (iisservers.txt) do xcopy \\%%i\C$\windows\system32\inetsrv\metaback\*.* o: /y

:cleanup
o:
forfiles /m *.MD* /D -7 /C "cmd /c del @file"
forfiles /m *.SC* /D -7 /C "cmd /c del @file"
c:
net use o: /delete /Y

The script can then be configured to run as a scheduled task, using an account with the appropriate permissions to your IIS Servers.

For backing up SSL certificates there is a vbscript on Technet that can do all certs in a batch job, as appose to one site at a time as with IISCertDeploy.vbs in the IIS 6 Resource Kit.

Technorati Tags: IIS, Metabase, Scripts, Backups, Windows 2003

What failed?

The winsock stack can be reset from a command prompt using:

netsh int ip reset resetlog.txt

However in my case it was throwing up this error:

Initialization Function InitHelperDll in IPMONTR.DLL failed to start with error code 10107
The following helper DLL cannot be loaded: DHCPMON.DLL.
The following helper DLL cannot be loaded: WINSMON.DLL.

Thinking back to my NT4 days it used to be possible to reinstall the IP stack by simply removing and adding the TCP/IP protocol, but in Windows 2003 (and XP) it's a core component of Windows and the 'Uninstall' button is disabled. So, if you need to do this then this technet article can be followed. If you're not doing this work on a DC, then booting up into Safe Mode is fine - that's what I did and it worked like a charm.

Technorati Tags: Winsock, TCP/IP, Windows 2003, Administration

http://searchexchange.techtarget.com/origi...
http://www.msexchange.org/tutorials/Imp...

However when I tried this way I kept getting IP address conflicts. This is how I did it instead:

• Configure OWA on both front end servers with the same certificate
• Make sure Exchange patches are consistent on both cluster nodes
• Create DNS A record for cluster IP address
• If either server is created from an image (or vmware template), remove and reinstall network cards as per KB828258

I then configured the cluster (including IP configuration on each node) using Network Load Balancing Manager from my workstation. If you use this tool to create clusters, you have to do it remotely as the cluster IP will have the same MAC Address across all nodes, and as this is configured it breaks the connectivity between the nodes.

• Open Network Load Balancing Manager (Start - Administrative Tools - NLB Manager)
• Cluster - New
• Enter cluster IP address, subnet mask, and the DNS name you created earlier
• Select Unicast mode, leave 'Enable remote control' unticked
• Do not enter additional IP addresses or Port rules
• On final step, add the server that will become the first node in the cluster

When you click on Finish, NLB Manager will configure the NLB protocol and add the cluster IP address to the node. If this is successful you can then add further nodes by right-clicking the cluster name and selecting "Add node to cluster". You will notice that the NLB Manager automatically changes the priority of the new node as it is being added.

Windows 2003 NLB Manager

Final step is to then open IIS Manager on each cluster node and bind the cluster IP address to the OWA website.

Technorati Tags: Exchange 2003, Network Load Balancing, NLB, Clustering

On this weeks occasion after setting up my restore exactly as specified in this technote on the CA website, my restore kept failing with the following error:

E3022
No valid destination.

Totals For................... Job
Total Session(s)............. 0
Total Databases(s)............ 0
Total Skip(s)................ 0
Total Size (Disk)............ 0 KB
Total Size (DB).............. 0 KB
Total Size (Media)........... 0 KB
Elapsed Time................. 0s
Average Throughput........... 0 KB/min
Total Error(s)/Warning(s).... 1/0

After a lot of wasted time Google searching and trying various configurations, I eventually found the solution to this problem. This is a known issue with ARCserve 11.5 SP2 and the solution is to upgrade to SP3. The upgrade files can be found here.

Technorati Tags: ARCserve, Exchange 2003, Restores, BrightStor

Instead of a long drawn out review, I just want to give a quick summary of this book and my opinion on whether it is worth buying.

The first chapter concentrates on giving you an overview of the components of MOM. Specifically, what MOM is capable of and used for, different ways of accessing MOM (web interface, admin console, etc), how the SQL database is configured, and generally how MOM achieves it's aims. Everything is well explained and the fictional company 'Leaky Faucet' is introduced to the reader; This is your typical multi-site business with a few hundred managed servers and 2 MOM2005 management servers. This section is worth reading as they go on to use Leaky Faucet as an example of how MOM might be deployed throughout the book.

The next few chapters explain how to plan and deploy MOM. One of the books strengths is the section on planning the deployment, as it goes into a lot of detail and gives you a good idea of what overheads you should expect on your management servers, depending on how many agent managed and agentless servers you are managing. Moving on to installing MOM, my thoughts are that actual act of installing MOM is pretty non-eventful, so you might not need to spend so much time reading this section. I skipped forward because the stuff they were explaining was obvious and done already.

The book goes on to explain management packs and how to use the consoles in a good level of detail. However, as I reached the end I started skimming back through the pages to look for the chapter on how to configure rules, and then realised there is no such chapter. The book does give snippets here and there, but in my opinion configuring and creating rules is such a massive and important topic that it should have had a lot more time and space devoted to it. Also, topics such as creating your own events for MOM to monitor are mentioned in brief but not enough for you to use in your deployment.

The last quarter of the book is set aside for MOM reporting, but again I felt let down as I feel they went in at the wrong angle with this. The book discusses how to configure the reporting server, which mostly is a pretty straightforward process. It does not tell you the really useful stuff like how to pull custom reports out of MOM. The default reports installed with the management packs are OK, but this week when my manager asked me for MOM reports showing typical CPU usage, free disk space, number of CPUs and OS service pack level on a subset of servers, this book was no use and I had to turn to the Internet for answers.

So to summarise, the bottom line is this: There is a lot of good content in this book, and it may be useful to you if you are an absolute beginner to MOM and are looking to deploy a vanilla installation of MOM2005 across your network. However, for serious system administrators, I would not recommend reading Essential Microsoft Operations Manager, as some information I would consider to be essential is missing. The book offers a good introduction to MOM, but you will need to do further reading to supplement the book in order to support MOM2005 on a day to day basis.

Technorati Tags: MOM, MOM2005, Book review

Setup is unable to proceed due to the following error(s):
This product requires Windows Workflow Foundation beta 2 (build 3.0.3807.7 or later).

If you do have the correct version of WWF installed and you are getting this error, this is because you do not have the correct version of .NET Framework installed. SharePoint 2007 beta requires the WinFX Runtime Components beta 2, available here.

If you already installed a previous beta version of .NET Framework 3.0, you will need the .NET Framework 3.0 Uninstall Tool to remove it, before you can go ahead with the WinFX Runtime Components beta 2 install.

Technorati Tags: SharePoint 2007, SharePoint