Citrix/RDP Shortcut Keys... The Cheat Sheet
How to Enable or Disable Hotkeys within an ICA file (including Template.ica)
The procedure below allows for the default ICA Client hotkeys to be mapped within Web Interface. If any keys affect your application, alter them to reflect a key that does not conflict with your application. This process alleviates the need to alter each appsrv.ini file on the individual client workstation.
The Citrix Web Client, 6.x versions (985, 986, and 1050), do not have the code to read from the client installed Appsrv.ini or an .ICA file. Download and use the latest ICA client.
1. Using a text editor such as Notepad, locate the Template.ica file, or if using Web Interface 4.x or later, the default.ica file being used for the Web Interface site.
2. Copy the ICA parameters below into the Template.ica or default.ica file. Place this code after the [WFCLIENT] tag:
The procedure below allows for the default ICA Client hotkeys to be mapped within Web Interface. If any keys affect your application, alter them to reflect a key that does not conflict with your application. This process alleviates the need to alter each appsrv.ini file on the individual client workstation.
The Citrix Web Client, 6.x versions (985, 986, and 1050), do not have the code to read from the client installed Appsrv.ini or an .ICA file. Download and use the latest ICA client.
1. Using a text editor such as Notepad, locate the Template.ica file, or if using Web Interface 4.x or later, the default.ica file being used for the Web Interface site.
2. Copy the ICA parameters below into the Template.ica or default.ica file. Place this code after the [WFCLIENT] tag:
Mount ISO files in Linux
mount -o loop <ISO_FILE_NAME.ISO> <MOUNT_POINT>
For Example:
Now you can goto /mnt/linux-dvd and check.. now you can see the ISO image contentsmount -o loop linux-dvd.iso /mnt/linux-dvd/
Securing Access to Printers over the Internet
If you use Internet Printing Protocol (IPP) to share or access your printers over the Internet, keep in mind, print jobs aren’t secure. However you can enable encryption by setting up IIS with a security certificate, so you can access the printer via the https address using SSL.
First you need to create a self-signed cert using IIS:
1. Open the IIS Manager from the Control Panel.
2. Double-click the Server Certificates icon.
3. Click the Create Self-Signed Certificate link on the right.
4. On the dialog box, enter a name, and click OK.
Next you need to create bindings for HTTPS using IIS:
First you need to create a self-signed cert using IIS:
1. Open the IIS Manager from the Control Panel.
2. Double-click the Server Certificates icon.
3. Click the Create Self-Signed Certificate link on the right.
4. On the dialog box, enter a name, and click OK.
Next you need to create bindings for HTTPS using IIS:
Cron Task
Configuring a Cron Task
The main configuration file for cron, /etc/crontab, contains the following lines:SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/
# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly |
The first four lines are variables used to configure the environment in which the cron tasks are run. The value of the SHELL variable tells the system which shell environment to use (in this example the bash shell), and the PATH variable defines the path used to execute commands. The output of the cron tasks are emailed to the username defined with the MAILTO variable. If the MAILTO variable is defined as an empty string (MAILTO=""), email will not be sent (sendmail on ESX is not installed by default). The HOME variable can be used to set the home directory to use when executing commands or scripts.
Each line in the /etc/crontab file has the format:
Enable Remote Desktop Through a Script
To use copy the code below and paste into a file with a text file with a .vbs extension. This will work for the local machine. Just replace the perion part that is mentioned in this string to another computer name if you
want have it work on one machine - strComputer - "."
want have it work on one machine - strComputer - "."
Const ENABLE_CONNECTIONS = 1
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery _
("Select * from Win32_TerminalServiceSetting")
For Each objItem in colItems
errResult = objItem.SetAllowTSConnections(ENABLE_CONNECTIONS)
NextBy the way if you want to turn off Remote Desktop just change the 1 in this line of codeConst ENABLE_CONNECTIONS = 1 to a 0 (Zero).
Viewing Hidden Mailboxes from ADUC
I didn’t have access to an Exchange server to view them nor did I have access to an admin box that had it installed. All I had was Active Directory Users and Computers. With that I knew that I could queries within AD to see this info. The only hard part was finding out what I need to query for to find hidden mailboxes. After seconds of thinking…okay so more like hours but seemed like days I figured it out. Below are the steps that will find that data for you.
1. Bring up Active Directory Users & Computers.
2. Right-click your domain name at the top, and choose Find.
3. In the Find combo box at the top, select Custom Search.
4. Click the Advanced tab.
5. Paste in the following LDAP query:
(&(objectclass=user)(msExchHideFromAddressLists=TRUE))
Shortcuts for Administrative Tools
Console | Command |
|
|
|
| AD Domains and Trusts | domain.msc |
| Active Directory Management | admgmt.msc |
| AD Sites and Services | dssite.msc |
| AD Users and Computers | dsa.msc |
| ADSI Edit | adsiedit.msc |
| Authorization manager | azman.msc |
| Certification Authority Management | certsrv.msc |
| Certificate Templates | certtmpl.msc |
| Cluster Administrator | cluadmin.exe |
| Computer Management | compmgmt.msc |
| Component Services | comexp.msc |
| Configure Your Server | cys.exe |
| Device Manager | devmgmt.msc |
| DHCP Management | dhcpmgmt.msc |
| Disk Defragmenter | dfrg.msc |
| Disk Manager | diskmgmt.msc |
| Distributed File System | dfsgui.msc |
| DNS Management | dnsmgmt.msc |
| Event Viewer | eventvwr.msc |
| Indexing Service Management | ciadv.msc |
| IP Address Manage | ipaddrmgmt.msc |
| Licensing Manager | llsmgr.exe |
| Local Certificates Management | certmgr.msc |
| Local Group Policy Editor | gpedit.msc |
| Local Security Settings Manager | secpol.msc |
| Local Users and Groups Manager | lusrmgr.msc |
| Network Load balancing | nlbmgr.exe |
| Performance Monitor | perfmon.msc |
| PKI Viewer | pkiview.msc |
| Public Key Management | pkmgmt.msc |
| QoS Control Management | acssnap.msc |
| Remote Desktops | tsmmc.msc |
| Remote Storage Administration | rsadmin.msc |
| Removable Storage | ntmsmgr.msc |
| Removable Storage Operator Requests | ntmsoprq.msc |
| Routing and Remote Access Manager | rrasmgmt.msc |
| Resultant Set of Policy | rsop.msc |
| Schema management | schmmgmt.msc |
| Services Management | services.msc |
| Shared Folders | fsmgmt.msc |
| SID Security Migration | sidwalk.msc |
| Telephony Management | tapimgmt.msc |
| Terminal Server Configuration | tscc.msc |
| Terminal Server Licensing | licmgr.exe |
| Terminal Server Manager | tsadmin.exe |
| UDDI Services Management | uddi.msc |
| Windows Management Instrumentation | wmimgmt.msc |
| WINS Server manager | winsmgmt.msc |
Script to Determine Members of a Group
I needed to find a way to list the members of a group. Thankfully I blogged about the first issue in February because that led me to the solution. I'm actually using the same DSGET command but instead of using the user command I'm using the group command.
DSGET GROUP CN=West_Coast_Sales,OU=Sales,OU=GROUPS,DC=adminprep,DC=com -MEMBERS –EXPAND
Output Like this,
"CN=bmiller,OU=Sales,DC=adminprep,DC=com "
"CN=jsmith,OU=Sales,DC=adminprep,DC=com "
"CN=dregan,OU=Sales,DC=adminprep,DC=com "
"CN=lramero,OU=Sales,DC=adminprep,DC=com "
"CN=cpeters,OU=Sales,DC=adminprep,DC=com "
"CN=jhorton,OU=Sales,DC=adminprep,DC=com "
Hopefully this solution works for you too.
How to Display the Groups a User is a Member of
I've been trying to work more and more with scripts and today I'm sharing a simple but useful one. How to display the groups a user account is a member of. To display a user's groups via the command prompt you need to use the dsget command with the -memberof and -expand switches. The -expand command will list all of the groups that you belong to that are nested in other groups.
Below is an example of how this would look:
dsget user "CN=Brian W. McCann,OU=Users,OU=Sales,DC=Adminprep,DC=com" -memberof -expand
The output would look similar to this:
"CN=GG Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com"
"CN=Domain Admins,CN=Users,DC=Adminprep,DC=com"
"CN=Domain Users,CN=Users,DC=Adminprep,DC=com"
"CN=GG Inside Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com"
"CN=GG Outside Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com"
"CN=Administrators,CN=Builtin,DC=Adminprep,DC=com"
"CN=Users,CN=Builtin,DC=Adminprep,DC=com"
Installing Active Directory on Server Core with an Answer File
Active Directory still gets installed by using DCPromo on Server Core, however you will have to use the /unattend:
This is the Replica Domain Controller Answer File:
[DCINSTALL]
UserName=administrator
UserDomain=AdminPrep.local
Password=$up3rT0p$3cr3t
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=replica
DatabasePath="%systemroot%\NTDS"
LogPath="%systemroot%\NTDS"
SYSVOLPath="%systemroot%\SYSVOL"
InstallDNS=yes
ReplicaDomainDNSName=AdminPrep.local
ConfirmGC=yes
SafeModeAdminPassword=$up3rT0p$3cr3t
RebootOnCompletion=yes
As I've written this blog I noticed on Microsoft's site that they have a KB that can be of further assistance with doing unattended installs or removals of Active Directory. take a look at KB947034.
DNS Command Reference
Function | DNSCMD option | Example | Comments |
| Do any dnscmd command on a remote system | dnscmd servername command | dnscmd main.bigfirm.com /zoneprint bigfirm.com |
|
| Create a primary zone | dnscmd /zoneadd zonename /primary | dnscmd /zoneadd bigfirm.com /primary |
|
| Create a secondary zone | dnscmd /zoneadd zonename /secondary master IP address | dnscmd /zoneadd bigfirm.com /secondary 192.168.1.1 |
|
| Host a zone on a server based on an existing (perhaps restored) zone file | dnscmd /zoneadd zonename /primary /file filename /load | dnscmd /zoneadd bigfirm.com /primary /file bigfirm.com.dns /load |
|
| Delete a zone from a server | dnscmd /zonedelete zonename [/f] | dnscmd /zonedelete bigfirm.com /f | (without the /f, dnscmd asks you if you really want to delete the zone) |
| Show all of the zones on a DNS server | dnscmd /enumzones | dnscmd /enumzones |
|
| Dump (almost) all of the records in a zone | dnscmd /zoneprint zonename | dnscmd /zoneprint bigfirm.com | Doesn't show glue records. |
| Add an A record to a zone | dnscmd /recordadd zonename hostname A ipaddress | dnscmd /recordadd bigfirm.com mypc A 192.168.1.33 |
|
| Add an NS record to a zone | dnscmd /recordadd zonename @ NS servername | dnscmd /recordadd bigfirm.com @ dns3.bigfirm.com |
|
| Delegate a new child domain, naming its first DNS server | dnscmd /recordadd zonename childname NS dnsservername | dnscmd /recordadd bigfirm.com test NS main.bigfirm.com | This would create the "test.bigfirm.com" DNS child domain unter the bigfirm.com DNS domain |
| Add an MX record to a zone | dnscmd /recordadd zonename @ MX priority servername | dnscmd /recordadd bigfirm.com @ MX 10 mail.bigfirm.com |
|
| Add a PTR record to a reverse lookup zone | dnscmd /recordadd zonename lowIP PTR FQDN | dnscmd /recordadd 1.168.192.in-addr.arpa 3 PTR pc1.bigfirm.com | This is the PTR record for a system with IP address 192.168.1.3 |
| Modify a zone's SOA record | dnscmd /recordadd zonename @ SOA primaryDNSservername responsibleemailipaddress serialnumber refreshinterval retryinterval expireinterval defaultTTL | dnscmd /recordadd bigfirm.com @ SOA winserver.bigfirm.com mark.bigfirm.com 41 1800 60 2592000 7200 | Ignores the serial number if it's not greater than the current serial number |
| Delete a resource record | dnscmd /recorddelete zonename recordinfo [/f] | dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f | Again, "/f" means "don't annoy me with a confirmation request, just do it." |
| Create a resource record and incorporate a nonstandard TTL | dnscmd /recordadd zonename leftmostpartofrecord TTL restofrecord | dnscmd /recordadd bigfirm.com pc34 3200 A 192.168.1.4 |
|
| Reload a zone from its zone file in \windows\system32\dns | dnscmd /zonereload zonename | dnscmd /zonereload bigfirm.com | Really only useful on primary DNS servers |
| Force DNS server to flush DNS data to zone file | dnscmd /zonewriteback zonename | dnscmd /zonewriteback bigfirm.com |
|
| Tell a primary whom to allow zone transfers to | dnscmd /zoneresetsecondaries zonename /nonsecure|securens | dnscmd /zoneresetsecondaries bigfirm.com /nonsecure | That example says to allow anyone who asks to get a zone transfer |
| Enable/disable DNS NOTIFY | dnscmd /zoneresetsecondaries zonename /notify|/nonotify | dnscmd /zoneresetsecondaries bigfirm.com /nonotify | Example disables DNS notification, which is contrary to the default settings. |
| Tell a secondary DNS server to request any updates from the primary | dnscmd /zonerefresh zonename | dnscmd /zonerefresh bigfirm.com |
|
| Enable or disable dynamic DNS on a zone | dnscmd /config zonename /allowupdate 1|0 | 1 enables, 0 disables, 0 is default |
|
| Stop the DNS service | Either net stop dns or sc stop dns |
| (No dnscmd command for this) |
| Start the DNS service | Either net start dns or sc start dns |
| (No dnscmd command for this) |
| Install the DNS service on a 2008 full install system | servermanagercmd -install dns |
|
|
| Install the DNS service on a 2008 Server Core system | ocsetup DNS-Server-Core-Role |
| Case matters -- ocsetup dns-server-core-role would fail |
| Uninstall the DNS service on a 2008 Server full install system | servermanagercmd -remove dns |
|
|
| Uninstall the DNS service on a 2008 Server Core system | ocsetup /uninstall DNS-Server-Core-Role |
|
|
Server Core Commands
Server Core Common Networking Commands
To configure the IP address we will have to remember (or learn) Netsh.
Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary
Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp
Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”
Server Core Common Windows Firewall Commands:
The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.
Disable firewall:
netsh firewall set opmode disable
Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely. The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.
MMC Snap-in - Event Viewer
Windows Firewall Rule Group - Remote Event Log Management
MMC Snap-in - Services
Windows Firewall Rule Group - Remote Services ManagementMMC Snap-in - Shared Folders
Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Task Scheduler
Windows Firewall Rule Group - Remote Scheduled Tasks Management
MMC Snap-in - Reliability and Performance
Windows Firewall Rule Group - Performance Logs and Alerts
Windows Firewall Rule Group - File and Printer Sharing
MMC Snap-in - Disk Management
Windows Firewall Rule Group - Remote Volume Management
MMC Snap-in - Windows Firewall with Advanced Security
Windows Firewall Rule Group - Windows Firewall Remote Management
To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes
To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes
Server Core Common Domain Management Commands
Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*
needs to have that second d at the end of it.
Remove from domain:
netdom remove
Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*
Rename Administrator:
wmic UserAccount where Name="Administrator" call Rename Name="new-name"
Add User to a Local Group
net localgroup GroupName /add \
Remove User from a Local Group
net localgroup GroupName /delete \
Confirm Domain and/ New Computer name
Set
Update User Passwords:
Net user [/domain] *
Server Core Common Server Management Commands
Toggle Remote Desktop on and off:
Cscript \windows\system32\scregedit.wsf /ar 0
Enable reduced security for RDP connections:
Cscript \windows\system32\scregedit.wsf /cs 0
Active Server Core:
Local method - Slmgr.vbs –ato
Remote method - Cscript windows\system32\slmgr.vbsServerName UserName password:-ato
Rename a Stand-Alone Member:
netdom renamecomputer /NewName:
List of installed patches:
wmic qfe list
Install Updates:
wusa .msu /quiet
Configure for AutoUpdates:
cscript scregedit.wsf /AU /4
Disable AutoUpdates:
cscript scregedit.wsf /AU /1
View AutoUpdate Setting:
cscript scregedit.wsf /AU /v
Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=
Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :
All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat
List Running Services:
sc query
Start and/or Stop a Service:
sc start
sc stop
Task Manager: (Ctrl+Shift+Esc)
taskmgr
Manage Disk Volumes:
Diskpart /?
Defrag a Volume:
defrag /?
Change Time and Time Zone:
control timedate.cpl
Change the Desktop Resolution: (requires you to log off and back on)
Regedit - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video
\0000\DefaultSettings.XResolution
\0000\DefaultSettings.YResolution
Display the Time in the Command Prompt:
prompt [$t]$s$p$g
Log off:
shutdown /l
Restart Now:
shutdown /r /t 0
To get the Roles and Features installed you are going to need to use the ocsetup.exe command. The OC is short for Optional Components. The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete. Below you will find a list of the commands that are required to install Roles and Features on Server Core.
DNS
start /w ocsetup DNS-Server-Core-Role
DHCP
start /w ocsetup DHCPServerCore
File Services (Server service is installed by default) but there are other role features
File Replication Service
start /w ocsetup FRS-Infrastructure
Distributed File System
start /w ocsetup DFSN-Server
Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition
Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base
Hyper V
start /w ocsetup Microsoft-Hyper-V
Print Server feature
start /w ocsetup Printing-ServerCore-Role
Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService
Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore
Active Directory Domain Services
dcpromo /unattend:
Streaming Media Services
Follow directions found in Article ID 934518
IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Now let's take a look at how we install Features on Server Core:
Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core
Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer
Subsystem for UNIX-based applications
start /w ocsetup SUACore
Multipath IO
start /w ocsetup MultipathIo
Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore
Bitlocker Drive Encryption
start /w ocsetup BitLocker
Backup
start /w ocsetup WindowsServerBackup
Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC
Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC
Telnet client
start /w ocsetup TelnetClient
NOTE: If you need to install a Feature that you installed with ocsetup all you need to do is to append the commands above with /uninstall.
Having the Role or Feature installed doesn't do much without going in and configuring the service. The quick and easy way to manage these Roles and Features is to have either a dedicated Terminal Server have the AdminPak or Remote Server Administrative Tools (RSAT) installed or just install those same tools on XP or Vista.
How to Remove a Failed or Offline DC
I’ve seen this issue come up time and time again. Some administrator decided to remove an old DC from the network but forgot to remove it from Active Directory or the DC has entered a failed state and cannot be recovered from. In a perfect world DCPROMO is all you have to do to remove a DC from the environment. However, if that DC was already shutdown or DCPROMO is giving you problems you will have to remove it the manual way. That method involves using a command called NTDSUTIL. NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.
Below are the steps needed to remove a failed or offline Domain Controller from your environment.
TIP: NTDSUTIL does not require the full command to be entered…you only have to enter enough of the command that is unique. For Example, instead of typing metadata cleanup you could just type met cle…or better yet m c
- Open the Command Prompt
- Type ntdsutil (all the commands will be entered via this command prompt)
- Type metadata cleanup
- Type connections
- Type connect to server
with the name of a functional DC in your environment…even if you are logged in locally. This step is not needed post W2K3 SP1. - Type quit
- Type select operations target
- Type lists sites
- Type select site <#> where <#> is the site where the failed or offline DC resided
- Type list servers in site
- Type select server <#> where <#> is the DC that is failed or offline
- Type list domains
- Type select domain <#> where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)
- Type quit (this should set you back to the metadata cleanup menu)
- Type remove selected server ( a warning message will pop up…verify that this is the correct DC…in fact get a peer to verify it for you too)
- Click Yes
- Open Active Directory Sites and Services
- Expand out the site that the failed or offline DC resided in
- Verify the DC cannot be expanded out (no connection objects and such)
- Right Click the DC and select Delete
- Close Active Directory Sites and Services
- Open Active Directory Users and Computers
- Expand the Domain Controllers OU
- Delete the failed or offline DC from the OU (if it even exists)
- Close Active Directory Users and Computers
- Open DNS Manager
- Expand the zones where this DC was also a DNS server and perform the following steps
- Right click the zone and select Properties
- Click the Name Servers tab
- Remove the failed or offline DC from the Name Servers tab
- Click OK to also remove the HOST (A) or Pointer (PTR) record if asked
- Verify the zone no longer has a DNS record for the failed or offline DC
You can also find more info located on Microsoft site here and here for removing orphaned domains.
Subscribe to:
Posts (Atom)