Windows server 2000 and 2003: Time configuration for MaxPosPhaseCorrection and MaxNegPhaseCorrection
The Windows Time service by default in Windows 2000 and 2003 allows for a positive or negative time correction of any amount for domain controllers. This can cause serious problems in a forest should a dramatic time shift occur. This can even occur when synchronizing with other authoritative sources as hardware problems, software problems or human error can cause them to provide the wrong time. Some of the problems that can occur from a dramatic time change are Windows Server 2003 based domain controllers may be quarantined, deleted objects may be prematurely purged before end-to-end replication of the deletion is fully replicated (causing lingering objects), user and computer passwords may expire unexpectedly, and trust passwords becoming out of sync. The amount of effort to recover from a dramatic time change can be significant. The registry key(s) are different depending upon the operating system version.
< !-smartads->
GPO – Change Event Viewer Log size and retention period
The default of the event viewer log size is 512kb. As well to make this dangerous the logs will overwrite events older then 7 days only. So what happens when you logs fill up in two days from a critical error? You start loosing critical information to help trouble shoot the problem. With today’s availability of disk here is a better way to set these settings using a GPO to automate the process on all of your servers/desktops…
< !-smartads->
Read more
Force a user GPO on a computer OU in Microsoft Active Directory
I needed to apply a blank screen saver to all of our servers. Of course I wanted this to be done based on Server and not the logged in user/administrator. The location in the GPO for setting a screen saver is located in… (Click below to read the rest)
< !-smartads->
Modify NTFS permissions without replacing ACLs with Xcalcs.exe
Xcacls is used to modify NTFS permissions without replacing existing ACLs. This allows you to hit individual files, folders, or entire directories. The tool is very easy and can do all this with a single line of code.
While I was at a clients I came across some user folders that never had the proper NTFS rights assigned at setup. Subsequently they all had the default local users group assigned to them with read and execute. This effectively gave all users access to all folder. To make this even harder to resolve, someone had also removed the inheritance check mark and copied all the permissions. This now means that the only way to remove the ACL from the GUI is by removing it individually on each folder and file. Not a good solution considering there are over 4000 users. So time to use a script.
First you will need to download Xcacls.
Search Google for Xcacls, or for KB825751, or click on the link below
< !-smartads->
Permissions tab is missing on Microsoft Windows share connected to Netapp filer
If the permissions tab is missing on a Nettap filer share when connecting through Microsoft Windows management this probably due to the fact that the share was created using the filer default security Unix instead of NTFS. To confirm and fix this do the following…
< !-smartads->
Manage multiple DHCP scopes with netsh script
Use a script to change the DNS lookups and Wins lookups options in DHCP on muliple scripts. Using the netsh command this can be done eaisly.
Tools needed…
< !-smartads->
