September 2007 - Posts

Windows Default User and All Users folders are missing.

The following knowledgebase article explains the situation in which new users can not log on to local computer or domain.

Scenario:

The following may be the scenario:

1. Newly created users can not log on to the system

2. All Users and Default User profile is corrupted.

3. All Users and Default User profile is pointing to a different location in the registry.

Cause:

By default, when Windows 2000 is installed it creates the two default folders. These two folders are: All Users and Default User. The logon process of user creates the user profile of the newly created user in the \Documents and Settings folder. The logon process uses these two folders to copy the contents to new profile. Windows identifies these two folders by looking at the following registry location:

HKLM\Software\Microsoft\Windows NT\ProfileList

In the right pane, Windows will have the following entries:

ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings

DefaultUserProfile REG_SZ Default User

AllUsersProfile REG_SZ All Users

Resolution:

You may need to take the following action to correct the abovementioned issues with the user profile:

1. Copy the All Users and Default User from a working computer to problematic computer.

2. Change the location of All Users and Default User profile in registry so that it points to the correct location.

Posted by Nirmal | with no comments
Filed under:

How to refresh the Group Policy Settings on remote computers

The following knowledgebase explains the scenario in which you need to refresh the Group Policy Settings on a remote computer.

The Group Policy Settings are refreshed as per the interval configured in the Group Policy for client computers, member servers and domain controllers. You can use the following command line tools to refresh the Group Policy Settings on remote computer. You need to log on to the computer manually and then perform the action suggested below:

For Windows XP computers:

  • Gpupdate.exe /Target:User /force
  • Gpupdate.exe /Target:Computer /force

For Windows 2000 computers:

  • Secedit.exe /refreshpolicy user_policy
  • Secedit.exe /refreshpolicy machine_policy

To refresh the policy on remote computer or computers you can use the following script to do so:

  1. Create a ComputerList.txt
  2. Put all the remote computers in the Text file.
  3. Use the Psexec.exe tool to execute the command remotely.

For Windows XP Computers:

Psexec.exe -@ComputerList.txt Gpupdate.exe /Target:User /force

Psexec.exe -@ComputerList.txt Gpupdate.exe /Target:Computer /force

For Windows 2000 Computers:

Psexec.exe -@ComputerList.txt secedit.exe /refreshpolicy user_policy

Psexec.exe -@ComputerList.txt secedit.exe /refreshpolicy machine_policy

The above Psexec.exe command will run on all the computers specified in the ComputerList.txt.

You can also use the following script to check the version of Operating System and then issue the command:

@echo off

XPGPORef1=gpupdate.exe /Target:User /force

XPGPORef2=gpupdate.exe /Target:Computer /force

Win2kGPORef1=secedit.exe /refreshpolicy user_policy

Win2kGPORef2=secedit.exe /refreshpolicy machine_policy

For /f “Tokens=*” %%a in (ComputerList.txt) Do (

SET Comp_name=%%a

Ver.exe \\%comp_name% > Hostver.txt

Find /I “XP” < Hostver.txt > CheckCC.txt

IF %errorlevel% == 0 (

Psexec.exe \\%comp_name% Gpupdate.exe /Target:User /force

Psexec.exe \\%comp_name% Gpupdate.exe /Target:Computer /force

) ELSE (

Psexec.exe \\%comp_name% secedit.exe /refreshpolicy user_policy

Psexec.exe \\%comp_name% secedit.exe /refreshpolicy machine_policy

)

)

The above script will check the Operating System version by executing Ver.exe on remote computer and then run the appropriate commands to refresh the Group Policy Objects.

Posted by Nirmal | with no comments
Filed under:

How to check and set Default Home Page URL using a script

The following knowledgebase will explain the methods you can use to check the Default Home Page URL on local and remote computer.

To check on a local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\Software\Microsoft\Internet Explorer\Main

The above registry includes the following values in right pane:

Default_Page_URL REG_SZ http://portal.csc.com/\

To check on a Remote Computer:

You can use the below script to check the Default Home Page URL on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Default Home Page >> Result.csv

SET Default_URL=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\Software\Microsoft\Internet Explorer\Main” /v Default_Page_URL

REG.exe Query %RegQry% > CheckCC.txt

Find /i "Default_Page_URL" < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET Default_URL=%%b

Echo %Comp_name, %Default_URL% >> Result.csv

)

The above script will check remote computer for one registry entry for checking Default Home Page URL and the results will be saved in a CSV format file.

Posted by Nirmal | with no comments

How to verify the Page File location through a script:

The following knowledgebase will explain the methods you can use to check the Location of Page File on local and remote computer.

To check on local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management

The above registry key includes the following values in right pane:

pagingfiles REG_MULTI_SZ c:\pagefile.sys 3131 3131\0\0

To check on a Remote Computer:

You can use the below script to check the Paging File location on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Paging File Location >> Result.csv

SET PF_Loc=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\system\currentcontrolset\control\session manager\Memory management /v pagingfiles

REG.exe Query %RegQry% > CheckCC.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) Do SET PF_Loc=%%b

Echo %Comp_name, %PF_Loc% >> Result.csv

)

The above script will check remote computer for one registry entry for Paging File location and the results will be saved in a CSV format file.

Posted by Nirmal | 3 comment(s)
Filed under:

How to check the Internet Explorer version on Remote Computer:

The following knowledgebase will explain the methods you can use to check the Internet Explorer version on local and remote computer.

To check settings on local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\Software\Microsoft\Internet Explorer

The above registry includes the following values in right pane:

Version REG_SZ 6.0.2900.2180

To check on a Remote Computer:

You can use the below script to check the Internet Explorer version on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Internet Explorer Version >> Result.csv

SET IE_Ver=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\Software\Microsoft\Internet Explorer” /v Version

REG.exe Query %RegQry% > CheckCC.txt

Find /i "Version" < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET IE_Ver=%%b

Echo %Comp_name, %IE_Ver% >> Result.csv

)

The above script will check remote computer for one registry entries for checking Internet Explorer version and the results will be saved in a CSV format file.

Posted by Nirmal | 4 comment(s)
Filed under:

How to check the Processor Vendor and MHZ speed on Remote Computer

The following knowledgebase will explain the methods you can use to check the Processor Manufacturer and MHz speed of the processor on local and remote computer.

To check on local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0

The above registry key includes the following values in right pane:

ProcessorNameString REG_SZ Intel(R) Core(TM) Duo CPU T2400 @ 1.83GHz

VendorIdentifier REG_SZ GenuineIntel

To check on a Remote Computer:

You can use the below script to check the Processor Vendor and MHz speed on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Processor Vendor Name, Processor Speed >> Result.csv

SET Proc_Vend=

SET Proc_speed=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\HARDWRE\Description\system\CentralProcessor\0”

REG.exe Query %RegQry% > CheckCC.txt

Find /i "VendorIdentifier" < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET Prov_Vend=%%b

Find /i “ProcessorNameString” < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET Proc_speed=%%b

Echo %Comp_name, %Proc_Vend%, %Proc_Speed% >> Result.csv

)

The above script will check remote computer for two registry entries for Processor Vendor Name and Processor Speed and the results will be saved in a CSV format file.

Posted by Nirmal | 1 comment(s)
Filed under:

How to make sure AutoCheck is enabled on Remote Computer

The following knowledgebase will explain the methods you can use to check the AutoCheck registry entry on local and remote computer.

To check on local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\System\CurrentControlSet\Control\Session Manager

The above registry key includes the following values in right pane:

bootexecute REG_MULTI_SZ autocheck autochk *\0\0

To check on a Remote Computer:

You can use the below script to check the Processor Vendor and MHz speed on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Boot Check Enabled? >> Result.csv

SET Boot_Chk=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\system\currentcontrolset\control\session manager” /v bootexecute

REG.exe Query %RegQry% > CheckCC.txt

Find /i "autocheck autochk" < CheckCC.txt > StringCheck.txt

If %errorlevel% == 0 (

SET Boot_Chk=Enabled

) ELSE (

SET Boot_Chk=Disabled

)

Echo %Comp_name, %Boot_Chk% >> Result.csv

)

The above script will check remote computer for one registry entry for Boot Check and the results will be saved in a CSV format file.

Posted by Nirmal | 1 comment(s)
Filed under:

How to retrieve a list of shared folders shared using a script

The following knowledgebase will explain the methods you can use to check the shared folders shared on local and remote computer.

To check on local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\System\CurrentcontrolSet\Services\Lanmanserver\Shares

The above registry key includes the list of shared folders in right pane.

To check on a Remote Computer:

You can use the below script to check the list of shared folders on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Shared Folders Lists >> Result.csv

SET Share_name=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\System\CurrentcontrolSet\Services\Lanmanserver\Shares”

REG.exe Query %RegQry% > CheckCC.txt

FOR /f “Skip=4 Tokens=1” %%b in (CheckCC.txt) DO (

SET Share_name=%%b

Echo %Share_name% >> Result.csv

)

)

The above script will check remote computer for each registry entry in the right pane fto check the share name and the results will be saved in a CSV format file.

Posted by Nirmal | 2 comment(s)
Filed under:

How to check and set Task Scheduler Log options and path using a script

The following knowledgebase will explain the methods you can use to check the Task Scheduler Log options and path on local and remote computer.

To check on local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\Software\Microsoft\SchedulingAgent

The above registry key includes the following values in right pane:

LogPath REG_EXPAND_SZ %SystemRoot%\SchedLgU.Txt

TasksFolder REG_EXPAND_SZ %SystemRoot%\Tasks

To check on a Remote Computer:

You can use the below script to check the LogPath and Tasks Folder on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Log Path, Tasks Folder >> Result.csv

SET Log_Path=

SET Task_Fold=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\Software\Microsoft\ShcedulingAgent”

REG.exe Query %RegQry% > CheckCC.txt

Find /i "LogPath" < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET Log_Path=%%b

Find /i “TasksFolder” < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET Task_Fold=%%b

Echo %Comp_name, %Log_Path%, %Task_Fold% >> Result.csv

)

The above script will check remote computer for two registry entries for Log Path and Tasks Folder and the results will be saved in a CSV format file.

Posted by Nirmal | 2 comment(s)
Filed under:

How to check System BIOS Date and System BIOS Version on Remote computer

The following knowledgebase will explain the methods you can use to check the System BIOS date and BIOS Version on local and remote computer.

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\HARDWARE\DESCRIPTION\System

The above registry includes the following values in right pane:

SystemBiosDate REG_SZ 04/30/07

SystemBiosVersion REG_MULTI_SZ LENOVO - 2130\0Phoenix FirstBIOS(tm) Notebook Pro

Version 2.0 for ThinkPad\0Ver 1.00PARTTBL\0\0

To check on a Remote Computer:

You can use the below script to check the BIOS System date and BIOS Version on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, BIOS Date, BIOS Version >> Result.csv

SET BIOS_Date=

SET BIOS_Ver=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\HARDWRE\Description\system”

REG.exe Query %RegQry% > CheckCC.txt

Find /i "SystemBIOSDate" < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET BIOS_Date=%%b

Find /i “SystemBIOSVersion” < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET BIOS_Ver=%%b

Echo %Comp_name, %BIOS_Date%, %BIOS_Ver% >> Result.csv

)

The above script will check remote computer for two registry entries for BIOS System Date and BIOS Version and the results will be saved in a CSV format file.

Posted by Nirmal | 4 comment(s)
Filed under:

How to check System Boot partition and Boot.ini option using a script

The following knowledgebase will explain the methods you can use to check System Boot Partition of the Operating System and BOOT.ini option on local and remote computer.

To check on local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\System\CurrentcontrolSet\Control

The above registry key includes the following values in right pane:

systembootdevice REG_SZ multi(0)disk(0)rdisk(0)partition(1)

systemstartoptions REG_SZ NOEXECUTE=ALWAYSOFF FASTDETECT

To check on a Remote Computer:

You can use the below script to check the LogPath and Tasks Folder on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, System Boot Partition, BOOT.INI Options >> Result.csv

SET Sys_Part=

SET Boot_Option=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\System\CurrentControlSet\Control” /v SystemBootDevice

Set RegQry1=”\\%%a\HKLM\System\CurrentControlSet\Control” /v SystemStartOptions

REG.exe Query %RegQry% > CheckCC.txt

REG.exe Query %RegQry1% > CheckCC1.txt

Find /i "SystemBootDevice" < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET Sys_Part=%%b

Find /i "SystemStartOptions" < CheckCC1.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC1.txt) DO SET Boot_Option=%%b

Echo %Comp_name, %Sys_Part%, %Boot_Option% >> Result.csv

)

The above script will check remote computer for two registry entries for System Boot Partition and System Start Options and the results will be saved in a CSV format file.

Posted by Nirmal | 3 comment(s)
Filed under:

How To Check Crash Control Settings On Remote Computer

The following knowledgebase will explain the methods you can use to set the Crash Control (Memory dump) on remote computers.

You can use the following methods to check and set the Crash Control settings on remote computer:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\SYSTEM\CurrentControlSet\Control\CrashControl

The above registry includes the following values in right pane:

AutoReboot DWORD 00000001

CrashDumpEnabled DWORD 00000003

DumpFile STRING The dump file name

LogEvent DWORD 00000001

MinidumpDir DWORD The dump file location

Overwrite DWORD 00000001

SendAlert DWORD 00000001

You can use the below script to check the Crash Control settings on a remote computer is enabled or not.

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Crash Control Settings Enabled?, Auto Reboot? >> Result.csv

SET Crash_Ctrl=

SET Auto_Rbt=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\SYSTEM\CurrentControlSet\Control\CrashControl”

REG.exe Query %RegQry% > CheckCC.txt

Find /i "CrashDumpEnabled REG_DWORD 0x3" < CheckCC.txt > StringCheck.txt

If %errorlelvel% == 0 (

SET Crash_Ctrl=Enabled

) ELSE (

SET Crash_Ctrl=Disabled

)

Find /i “AutoReboot REG_DWORD 0x1” < CheckCC.txt > StringCheck.txt

If %errorlelvel% == 0 (

SET Auto_Rbt=Enabled

) ELSE (

SET Auto_Rbt=Disabled

)

Echo %Comp_name, %Crash_Ctrl%, %Auto_Rbt% >> Result.csv

)

*** End ***

The above script will check remote computer for two registry entries to check whether Crash Control is enabled or not and the results will be saved in a CSV format file.

Posted by Nirmal | 3 comment(s)
Filed under:

How To Check What All Programs Will Run When User Logged On To Computer.

The following knowledgebase will tell you how you can check what all programs will run when user has logged on to the computer.

When user logs on to the computer the Winlogon service will use the following registry entry to run any programs (if specified):

HKLM\Software\Micrsofot\Windows\CurrentVersion\Run

HKLM\Software\Micrsofot\Windows\CurrentVersion\RunOnce

The above two registry entries are used by Winlogon service after user has logged on to the system successfully. The Winlogon service will create a list of programs to run.

Please note that domain policy may override this setting if specified. You can also use Group Policy settings to block any program to run.

You can use the following script to check the programs in Run or RunOnce registry key on remote computer.

*** Start ***

@echo off

Set RegQry=HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Set RegQry1=HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

REG.exe Query \\remote_computer\%RegQry% > CheckRun.txt

REG.exe Query \\remote_computer\%RegQry1% > CheckRunOnce.txt

Echo Programs on Computer : Remote_Computer >> Programs.txt

For /F “Skip=5 Tokens=*” %%a In (CheckRun.txt) Do (

Echo %%a >> Programs.txt

)

For /F “Skip=5 Tokens=*” %%a In (CheckRunOnce.txt) Do (

Echo %%a >> Programs.txt

)

*** End ***

You can use PSEXEC (a tool from Sysinternals) to run this script remotely and then redirect the output in a Text file.

Posted by Nirmal | with no comments
Filed under:

How To Check If All The Computers Running On Network Are Using Default Windows Shell.

The following knowledgebase explains the method you can use to check if the user or computer is using the Windows default Explorer Shell. The Windows Default Shell is Explorer.exe for computer (it will apply to all the users who have logged on to the computer successfully). The user shell is Userinit.exe (This shell will apply to users who have logged on to the computer successfully).

Windows default Shell and Users Shell reside in the following registry entry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.

In the right pane you can see the following entries:

Shell REG_SZ Explorer.exe

Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,

You can use the following script to check whether all the computers in your network are using default shell or not:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Windows Default Shell?, User Shell? >> Result.csv

SET Win_Def=

SET Usr_Def=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon”

REG.exe Query %RegQry% > CheckShell.txt

Find /i "Explorer.exe" < CheckShell.txt > StringCheck.txt

If %errorlelvel% == 0 (

SET Win_Def=Yes

) ELSE (

SET Win_Def=No

)

Find /i “userinit.exe” < CheckShell.txt > StringCheck.txt

If %errorlelvel% == 0 (

SET Usr_Def=Yes

) ELSE (

SET Usr_Def=No

)

Echo %Comp_name, %Win_Def%, %Usr_Def% >> Result.csv

)

*** End ***

The above script will run the Reg.exe command on all the computers specified in ComputerList.txt and will save the result in Result.csv for computers who have Windows Default Shell and user default shell specified in registry.

Posted by Nirmal | with no comments
Filed under:

How to find the DNS Name of a domain

The following knowledgebase will tell you the procedure you can use to retrieve the DNS name of a domain from registry.

The following registry location is the best place to find the DNS name of a domain controller.

HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\History.

In the right pane, you will see an entry by name DCName=

The above entry will contain the DNS name of the domain. This DNS name of domain is stored in registry key after Winlogon retrieves the Domain controller by using the DcGetDCName API call.

Posted by Nirmal | with no comments
Filed under:

How to Create A Service Dependable on Another Service.

The following knowledgeable article will explains the procedure you can use to make a service dependable on another service.

You need to know the following things before you can proceed with this:

  1. Short name of the service you are making dependent of.
  2. The registry location of the service.

For example, we have two services: Alerter and ThirdPartyService. Both the Services must exist in registry in order to make this work.

We need to find out the short name of ThirdPartyService. Now, navigate to the following location in registry to locate the short name of ThirdPartyService:

HKLM\System\CurrentControlSet\Services\thirdpartysvc --- this would be the short name of ThirdPartyService.

Next, navigate to the following location in registry:

HKLM\System\CurrentControlSet\Services\Alerter

In the right pane, create a Multi SZ entry as explained below:

Right Click > select Multi-String Value

Then create a entry DependOnService entry and put the short service name of ThirdPartyService as a value of this entry.

Exit the registry editor and restart the Alerter service.

Posted by Nirmal | with no comments
Filed under:

Net Commands

Net Commands

The following Net Commands can be used to perform operations on Groups, users, account policies, shares etc.

NET    ACCOUNTS

COMPUTER CONFIG CONTINUE FILE GROUP HELP HELPMSG LOCALGROUP NAME PAUSE PRINT SEND SESSION SHARE START STATISTICS STOP TIME USE USER VIEW

The “Net Accounts” command is used to set the policy settings on local computer such as Account policies and password policies. This command can not be used on domain controller. This command is only used on local computer.

When you type Net Accounts you will see the default settings in local computer for the Account Lockout policy and Password Policy as shown below:

clip_image002

The above settings displayed as per the role of the computer. If computer is joined to a domain, the domain settings will take effect and only the settings coming from domain will be displayed. The rest settings will be the local settings if its not coming from the Domain GPO.

You can change the following use the following options in Net Accounts option:

NET ACCOUNTS

[/FORCELOGOFF:{minutes | NO}]

[/MINPWLEN:length]

[/MAXPWAGE:{days | UNLIMITED}]

[/MINPWAGE:days]

[/UNIQUEPW:number] [/DOMAIN]

Two conditions are required in order for options used with

NET ACCOUNTS to take effect:

/FORCELOGOFF:{minutes | NO} Sets the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire. NO, the default, prevents forced logoff.

/MINPWLEN:length Sets the minimum number of characters for a password. The range is 0-14 characters; the default is 6 characters.

/MAXPWAGE:{days | UNLIMITED} Sets the maximum number of days that a

password is valid. No limit is specified by using UNLIMITED. /MAXPWAGE can't be less than /MINPWAGE. The range is 1-999; the default is 90 days.

/MINPWAGE:days Sets the minimum number of days that must pass before a user can change a password. A value of 0 sets no minimum time. The range is 0-999; the default is 0 days. /MINPWAGE can't be more than /MAXPWAGE.\

/UNIQUEPW:number Requires that a user's passwords be unique through the specified number of password changes. The maximum value is 24.

/DOMAIN Performs the operation on a domain controller of the current domain. Otherwise, the operation is performed on the local computer.

Posted by Nirmal | with no comments

How To Reregister SRV records of a Domain Controller In DNS Zone

The following knowledgebase article explains how you can use the tools described below to re-register SRV records of a domain controller in the DNS domain Zone.

You can use the following tools or methods:

  1. Restart the Netlogon service on Domain Controller.
  1. Use DcDiag /Fix or NetDiag /fix
  1. Manually enter the SRV records from Netlogon.dns file in \Windows or \Winnt\System32\Config directory.
Posted by Nirmal | with no comments

How To Delete All The Active Connections From Local Computer.

The following knowledgebase explains how you can delete all the active connections on a local computer using Net Use command:

You can use the following command to delete Active Connections on a local computer:

Net Use * /delete.

The above command deletes all the active connections in local computer.

Please note this command can also be used on remote computer. Please see the Net help use for more options.

Posted by Nirmal | with no comments

Client Machines Are Taking Too Long To Log On To Domain

The following knowledgebase explains the issue when client machines take too long to log on to domain:

Client computers use DNS to find the domain controller. If DNS is not running or SRV records of domain controllers are not registered then client computers will not be able to log on to the domain.

You can use the following tools to verify the SRV registration in the domain:

NetDiag /v

The above command will display if there is any problem with the SRV records of the domain controller.

If all the client computes in your network are taking too long to log on to the network then please verify if the SRV records of the domain controllers are registered in the domain.

You can use the following options to re-register the SRV records of a domain controller in the DNS:

  1. Restart the Netlogon Serivce.
  1. Use DcDiag /fix or NetDiag /fix
  1. Local the Netlogon.dns file in \Windows\System32\Config directory and manually add them into the DNS Zone of that domain.
Posted by Nirmal | with no comments
More Posts Next page »