Where is DHCP RAS scope option on Windows 2003?

This is not a howto/tip, it is only to remember the location of this hide option :D

Adding DNS entries with command line on Windows

Hello,

If you are lazy (as we are) or you don’t want to waste all your time adding DNS entries manually, you can use dnscmd via command line on Windows. It’s a nice way to put a large entries from a file or something that needs further configuration.

PROMPT> dnscmd help
dnscmd yourdnsserver /RecordAdd yourdomain.com mynewrecord A ip
so
(creates ftp.domain.com that points to 192.168.1.20)
dnscmd localhost /RecordAdd domain.com ftp A 192.168.1.20

(creates www.domain.com that points to 192.168.1.21)
dnscmd localhost /RecordAdd domain.com www A 192.168.1.21

You can use A, CNAME, PTR, TXT etc.

An example of a batch file putting entries in the same IP using loops.

PROMPT> type records.txt
record1
record2
record2
etc …

type dns.bat
@echo off

set dnshost=localhost
set domain=yourdomain.com
set type=A (dns type, PTR, CNAME etc)
set ipserver=192.168.1.20

echo “We are reading line by line records.txt”
for /f %%record in (records.txt) do dnscmd %dnshost% /RecordAdd %domain% %%record %type% %ipserver%

See you!

Windows 2003 DHCP/DNS server and non-Windows clients

Usually, in a 100% Microsoft environment, DHCP that automagically updates the DNS entries for every new DHCP client in the network is not a problem, since every client is part of the Active Directory and every machine as by default the rights to “talk” to the DNS server and tell it which is the client’s new IP address and hostname.

But if you have other clients in your network (for example Linux, FreeBSD, embedded devices like JetPrint etc) that need DHCP and you want automatic DNS update, this will not work because they don’t have the rights to write in the DNS records list.

To solve this problem, the update has top be done by the DHCP server itself, and to do the trick you have

• Go to an AD user management snap-in
• Create a new user called, for example, dhcp2dns and make it member of the DnsUpdateProxy group
• Give a password to the dhcp2dns user
• Go to the DHCP snap-in, and select the server you want to configure
• Right click on the server name /address, and select properties
• Here, select the DNS tab
• Tick the Enable DNS dynamic updates checkbox
• Select Always dynamically update DNS A and PTR records
• Now, select the “Advanced” tab and click the “Credentials” button
• Here, put the credentials of the dhcp2dns user you have created in the first steps

and you are done, it should work or, at least, it did work for me :)

Windows Update Hotfix KB915800 (msn search bottom bar)

Hello,

We use Microsoft server update services (aka wsus) to update our Windows Update repository to save bandwith, since it is installed via LAN.

Today our users tell us that ‘msn search’ appears at bottom of the bar, seeing the updates history this crap is installed by a Hotfix that reinstall msn search if you don’t have one before …

No one want to use this silly search engine but redmon guys insist.

http://support.microsoft.com/kb/915800

More info here:

http://it.slashdot.org/article.pl?sid=07/10/25/1230223

See you!

EDIT:
It seems that finally Microosft recognizes the error on one WSUS developer’s blog, and there is even a couple of methods to remove the mosta unwanted and hated update in WSUS history.

Map a fake drive letter to a folder with subst.exe

We all know that aberration called “Drives letters” in Windows, a present from the old DOS days. So, maybe you are interested in how to map a fake drive unit (let’s say N:) to an existent folder (for example, C:\Windows).

It’s really easy with substr.exe, all you have to do (once you know this program does exist, naturally) is:

subst N: C:\windows


now if you enter in N: you will see the Windows folder’s contents. This is done on a per-user basis (every user can have its N: pointing to a different directory) and it disappears on the first reboot.
If you want to have it permanent, there is a really nasty and hidden trick, creating a new key in the registry.
You have to go to

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices


and there create a key named with the drive letter you want, colon included (N: in our example) and with this value:

\??\c:\\windows


you can obviously change c: and windows for whatever folder you want, but remember to double the backslash after the unit letter, because it won’t work with a single backslash.
Reboot and enjoy your new N: :)

Deploy the Office 2007 compatibility pack via Group Policy

It seems that this blog is going to transform itself into a Windows-related blog, but that’s normal since Windows is so much more complicated to manage than Linux/FreeBSD… :P

Anyway, this is a neat feature if yours users start asking you “someone sent me a new Word 2007 (or Excel 2007) attachment and I cannot open it!”. The first answer should and it has to be: “talk to this person and tell him/her to save again the document in Word 2003 DOC format”, or “start using OpenOffice and true open standards and free use from this PITA!”. Then, you can go to download the Microsoft Office 2007 Compatibilty Pack (for Office 2003) exe file in your local language, save it to a temporary location and from cmd.exe issue

FileFormatConverters.exe /extract:C:\temp_dir

this trick will create in C:\temp_dir the .msi file you can use to deploy the package through a normal GPO software installation.

Change DNS cache expire time in Windows

Windows XP and Vista (and maybe 2000 too) by default have a DNS cache set with a 15 minutes expire time. That is, if you have made changes in your DNS server, a WinXP box will get this changes only after 15 minutes. If you want to change this, you have to add a key to the Windows Registry. Rant: add? ADD?!? why defaults have to be hardcoded and why a key doesn’t already exists with the default value in it? Rationals? Anyway, the path to the registry is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

and you have to create a dword key here called NegativeCacheTime, and set its value to whateveer you want. 0 in case you want to disable this feature. Remember that the values is in second.
If you want to deploy this change, the quickest (and easiest) method I found was to create a registry file delete_dnscache.reg like this:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"NegativeCacheTime"=dword:0

(remember to change the final :0 with the seconds of cache you want.

and then create a simple batch (.bat) file to put in the Group Policy machine’s startup scripts with something like this:

regedit /s \\YOURSERVER\netlogon\delete_dnscache.reg

Then, give a gpupdate /force on your DC, reboot a WinXP machine and check its registry for the new parameter.

Make Win2003 R2 POSIX-compatible without Cygwin

Maybe this is never going to be useful to anyone, but it may be an interesting read if you want to know that it can be done :)

This guide should work with both 32 and 64 bit installations of Windows Server 2003 R2, you simply have to download different versions of the files I link you (by default 32 bits). Interested? Let’s go on… Read the rest of this entry »

Quasi-high-availability for Windows 2003 Active Directory/DNS

If you have a single AD domain controller that it’s going to be SPOF (single point of failure) for your infrastructure, you can easily add another DC to the domain and create a secondary DNS in case of failure.

DISCLAIMER: this little how to is for little/medium organizations with a simple Windows infrastructure and with a low budget (it’s plenty of more expensive tools that do a better job). Follow it at your own risk, you have been warned!!

Assuming you’ve already up&running your first DC, follow this steps to enhance yur configuration:

• Install a second copy of Windows 2003 Server on another machine (a virtual machine could be perfect for this purpose)
• Install the second domain controller following these instructions from TechNet
• Install the secondary DNS in the new machine like Microsoft tells you to do
  
• Create the same DHCP configuration in the second server as the one you have in the first Domain Controller, just let it inactive
• Configure all your clients’ DNS to point to the primary and the secondary ones
• Now, in the primary DNS, create a round robin entry pointing to the two IP’s of the two domain controllers. To do this, simply create to A entries with the same name (in the same domain, obviously), pointing to two different IP’s
• Configure all your thid-party software authenticating against Actide Directory to point to this new entry

So…? What’s happening now?

Ok, your configuration is almost finished. Now, every user validating against the AD will use both domain controllers, in round robin strategy, and both will saty perfectly synchronized all the time (AD forest and DNS as well).

And in case of disaster??

If one of the two DC fails, remember we are in a quasi-HA environment, so we have to act manually to restore a 100% working system. But all we have to do is to delete, in the working DNS, the A entry of the died DC, disabling this way the round robin trick we did, so everything will authenticate against the surviving DC.