Change Windows Drive Map Naming

Have you ever found the default drive map naming convention to be annoying? In the example below, the W: drive mapping description is: “downloads on ‘Domain Controller (dc1)’ (W:)”

People generally don’t care about a server description or server name, they just care about their W: drive. Sometimes an application drop down list isn’t wide enough to display the entire description and truncates what we are all looking for, a drive letter. To modify this behavior, there is a registry key that can change the network drive description.

Now look at the same drive mappings below and notice that the drive letter (important stuff) is now first, it’s easier to read, and we no longer care if text at the end of the long description is truncated.

This is done by applying the following registry key to the end workstation, you can read more in Microsoft KB:330193 (note that I had to use wordwrap at \CurrentVersion in the code below)

ShowDriveLetterFirst.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    \CurrentVersion\Explorer]
“ShowDriveLettersFirst”=dword:00000004

I then use a logon script to deploy this registry key to the workstations, the new settings will take place on the following login. My logon script of choice is KiXtart, and if you have not used it, I highly recommend checking it out.  KiXtart was first included in the Windows NT resource kit, so it has been around for some time. Here is the code that I used (note that I had to use wordwrap at \CurrentVersion the code below):

logon.bat (partial)
 ;#####################################
;##### ADD REGISTRY KEY #############
;#####################################
; Add Registry Key to display drive letter before description
; If the value is 0, default settings
; If the value is 1, the drive letter is displayed first for remote drives
; If the value is 2, drive letters are not displayed
; If the value is 4, the drive letter is displayed first for all drives
$v_showdrv=ReadValue(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    \CurrentVersion\Explorer”,”ShowDriveLettersFirst”)
If $v_ShowDrv <> 4
WriteValue(“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
      \CurrentVersion\Explorer”,”ShowDriveLettersFirst”,”4″,”REG_DWORD”)
Endif
;####################################

Active Directory Delegation of Administration

As a best practice, the SANS Institute recommends securing your network by implementing the principle of least privilege as a measure to protect your network. As a consultant I find it very common for organizations to simply add administrators to the Domain Admins security group in Active Directory. This is an acceptable practice for small organizations, or where a central administration model is used. However, in larger organizations this can lead to chaos, a lack of accountability, and a security risk.

The Active Directory Users and Computers management console includes a Delegation of Control Wizard and has been around since Windows 2000. The delegation wizard assists you in granting an ordinary user (without super powers) to perform administrative tasks such as resetting passwords or managing security group membership. So rather than adding a user to the Domain Admins group, you can grant users the bare minimum security privilege they need to accomplish a specific administrative task.

Delegating administration is quite simple, open Active Directory Users and Computers, right click on an OU and select Delegate Control. A great TechNet article to follow is a Step-by-Step Guide to Using the Delegation of Control Wizard.

The Big Disappoinment

Walking through this wizard the first time, you may be think wow, this is great. Immediately you realize this would be great for my workstation technicians, I could allow them to manage Active Directory computer accounts. So you create your security group “Workstation Techs” and start the wizard a second time only to realize there are only 11 tasks to delegate, none of which include computer accounts. Upgrading from Windows Server 2003 to a Windows Server 2008 domain doesn’t add any additional functionality in this area. The delegation wizard now begins to look like a half baked solution.

Finding a Solution

But wait, there is hope after all. The Delegation of Control Wizard is actually derived from a text file located in C:\Windows\Inf\delegwiz.inf and can be customized. So, if you replace the contents or your delegwiz.inf file with the contents in this article,  Active Directory Delegation Wizard File you will end up with 70 tasks that can be delegated. The Delegation of Control Wizard now becomes a very powerful and useful tool.

TurboCharging SUSE 10.2

OpenSUSE Linux has really evolved over the last several years. The Gnome interface is really clean, intuitive, and easy to use and YaST has simplified software management. OpenSUSE 10.2, being Open Source is unable to include video drivers with 3D acceleration and DVD decoding, but now supports MP3s. However, installing these features is not all that difficult.

YaST Configuration

Yet Another Setup Tool (YaST) is the main control center for Suse, including software management. YaST can be configured to use various software repositories that contain the latest source files, updates and the cool programs your after.

Open YaST and select Installation Source from the Software node. My Suse 10.2 installation has 3 installation sources listed, including the local CD-ROM. During the installation process you had the option of adding the following catalogs:

http://download.opensuse.org/distribution/10.2/repo/oss/
http://download.opensuse.org/distribution/10.2/repo/non-oss/

For the latest updates, add the Packman mirror site (this Novel TID provides additional mirror sites for updates):

Click the Add button and select HTTP, then Next and enter the following:

Server Name: packman.unixheads.com
Directory: /suse/10.2/

When prompted, import the public key used to sign the RPM packages.

Click Finish to save the changes, this will take several minutes. You will then notice that ZENworks displays available updates, I have 29 new updates listed. Double click the Orange circle, click Add Privileged User and enter the root password, then click Update. After several minutes, click Apply to apply the listed changes. During the update I was also prompted to insert my Suse installation media.

NVidia Video Drivers

Linux does not ship with 3D hardware acceleration, and you can prove it to yourself by previewing any of the GL Screen Savers, playing Tux or Chromium. YaST is used to install the video driver, and is a big improvement over recompiling the kernel. Full instructions are available on the NVidia web site.

Add the following repository to YaST:

http://download.nvidia.com/opensuse/10.2

Next, open Software Management in YaST, search for nvidia, select and install the following drivers:

nvidia-gfxG01-kmp-default
x11-video-nvidiaG01

Now reboot and you should see a full screen NVidia logo displayed just before the logon prompt.

EyeCandy

Now for the fun stuff, Suse 10.2 now includes the XGL and Compiz. This was a separate download and configuration in version 10.1. Open Control Center -> Look and Feel -> Desktop Effects. Click the Enable Desktop Effects button and logout when prompted then log back on.

Your desktop now wraps around a 4 sided cube. Hold down <Ctrl><Alt> then press the right or left arrows to rotate your desktop, it’s just tool cool (I’m easily amused with this). Using the <Ctrl><Alt> and pressing the down arrow flattens the screens, allowing you to then scroll right or left.

Now open an application, such as firefox, and reposition it on the screen with the top toolbar and notice that it ripples.

All these settings are configurable in the Look and Feel Settings.

Video Codecs

Suse 10.2 installs with Totem, a Movie Player, but after updates will not play back an encrypted DVD, displaying an error message refering to libdvdcss.

Start by opening Software Management, searching for w32 and installing w32codec-all.

Now you need to install a video decoder from VideoLAN. For a 32bit system, install the following: http://download.videolan.org/pub/libdvdcss/1.2.9/rpm/libdvdcss-1.2.9-1.i386.rpm   

However, for a 64bit system you must download and compile the software:

Download http://download.videolan.org/pub/libdvdcss/1.2.9/libdvdcss-1.2.9.tar.gz

Open Gnome Terminal, enter su and the root password when prompted

Changed directories to the file you downloaded and extract the files: 

tar xvfz libdvdcss-1.2.9.tar.gz

Change directories to the extracted files:

cd libdvdcss-1.2.9

Run the configure program:

./configure

Run the make command to build the files:

make

Install the new library:

make install

Reboot your computer, put a movie in and enjoy!

Wallpaper

If youre needing additional wallpaper to dress up the desktop, check out gnome-look, kde-look, or deviantart.

Disable Internet Explorer Enhanced Security

Windows Server 2008 installs by default with the Internet Explorer Enhanced Security enabled. I usually prefer to turn off the enhanced security on test servers so I can easily download drivers and actually use IE without all the popups. So if you noticed, the Add/Remove programs in Control Panel is no longer used for adding and removing Windows components.

Server Manager is now used for managing Server Components, mainly throught the Roles and Features nodes, but IE Enhanced security is not listed here either. Remove IE Enhanced Security with Server Manager:

1. Start -> Administrative Tools -> Server Manager
2. The root node is highlighted, in the right column, under the Security Information heading, click Configure IE ESC
3. Disable IE ESC for Administrators and/or Users

Symon Boot Manager

So you have a killer PC, and would like the option of running multiple operating systems. My main system is Windows Vista Ultimate, but I can also boot to Suse Linux, Windows Server 2008 and Window Server Core. Many years ago I had multiple PCs with a KVM, then I added removable hard disks and finally VMWare. But say you want to take full advantage of your graphics card, processor and memory.

Well several years ago I droped down $15 for a gem of a utility called Sysmon. It’s basically a boot manager and allows you to install multiple OS’s on a single PC. So say you install RedHat Linux, it installs Grub as the boot manager, then you install Windows Visa or Longhorn, it has it’s own boot manager. Everyone wants to be the king of the hill!

I have two (2) 250GB SATA drives, and on the first disk I have a 100GB partition for Vista and applications, the second disk is entirely for data which leaves me with 150Gb on the primary disk to play with. So say I want to install Longhorn or Suse Linux but don’t want either OS to mess with Vista. I use Sysmon to define a partition, hide other partitions, add a new label to the boot menu and install the new OS. So for about the same price as a 12pack of Corona’s, you can safely install and delete multiple OS’s on your system. Check it out at http://symon.da.ru/

Installing Windows Server 2008

Today I took some time to install Windows Server 2008 Beta 3 and take it for a test drive. The first noticeable difference is the setup includes a new option for the Server Core Installation. Server Core is a stripped down version of Windows without a GUI interface and managed entirely using the command prompt (get used to the PowerShell). 

 

After a few initial screens, the installation starts and completes without any additional nagging questions. The server configuration doesn’t begin until after the OS has been installed. As shown below, the Initial Configuration Task list is then displayed, and simplifies the setup. Additional features are then added by selecting specific Windows Roles and Features.

Most of the configuration can now be done through Server Manager, a single management interface.

 

I am impressed that this Beta 3 runs on VMware server, installation has been simplified, and most management can be performed through a single management console. However, it will be interesting to wait and see how many administrators embrace Windows Server Core. Many years ago when servicing Unix networks, it wasn’t that uncommon to come across a server that had an uptime of 6 months to a year. So the Widows Server Core should help to reduce the OS footprint, increasing stability and enhance security.

DSQUERY Computer

DSQUERY is another simple command line utility for searching Active Directory. If it’s in AD, this tool can find it.

List the DN of all computer accounts:
dsquery computer

List all computers that have been inactive for the last 6 weeks:
dsquery computer -inactive 6

List all domain controllers:
dsquery server

List all computers within a specific OU:
dsquery computer ou=servers,dc=bigdog,dc=com

Refer to the DSQUERY Command Line Reference on Microsoft TechNet.

CSVDE export

CSVDE is a simple command line utility included in Windows Server 2003, and provides a simplified way of importing and exporting information from Active Directory. The following one liner can be used for exporting a list of all computers in a domain into a CSV file. The file can then easily be opened and manipulated with Microsoft Excel. I find it easiest to run these commands from a domain controller.

csvde -f computers.csv -r objectClass=computer -l “DN, dNSHostName, cn, operatingSystem, operatingSystemServicePack, operatingSystemVersion

Refer to the CSVDE Command Line Reference on Microsoft TechNet.