Managing Local Admins using GPP

Published at 13 November, 2009 in SysAdmin and Windows. Comments

This is a brain dump of something Alan Burchill and Lilia Gutnik presented at TechEd Australia 2009. It covers managing local administrators on your workstations using the power of Group Policy Preferences.

  1. Create a new GPO if necessary, link it to the OU where it needs to be applied
  2. Edit the new GPO, and go to Computer Configuration, Preferences, Control Panel Settings, Local Users and Groups
    gpp_1
  3. Right-click in the pane on the right, and select New, Local Group
  4. Set up the “New Local Group” as per below. I’ve got it removing all existing users and groups so that we can define everything we need using Group Policy. You add variables like %computername% by pressing F3 whilst the cursor is in a text entry field.
     gpp_2
    I also included the Description text that is shown on the default local Administrators group; "Administrators have complete and unrestricted access to the computer/domain”
     
  5. You also need to add a member called “domainname\%ComputerName%-Admins”. This will allow you to define a group in AD that can be used to assign local admin rights to a particular machine.

    The good thing about this is that you only need to define groups for PCs that you wish to add local admins to, but all PCs that have the GPO applied are ready for this type of setup.
    gpp-3

  6. You can also go into the Common tab and select “Remove this item when it is no longer applied”
    gpp_4
  7. The last step is to create a Security Group in AD with the name {computername}-Admins. For example, if you have a computer named syd-60128, you create a group in AD called syd-60128-Admins. Adding users into that group will then make those users a local administrator for that particular PC.
  8. Do a “gpupdate” on the machine in question, and you should see the group’s membership change:
    gpp-5
  • Share/Bookmark

Displaying Google Calendar events in Umbraco

Published at 7 July, 2009 in Umbraco. Comments

[12th October 2009 - I've just updated this post with a new version of the macro. It now groups events properly. Sorry to the guys/girls with multilingual sites, I haven't put any effort into using Dictionary Items as I don't currently require that functionality]

I’ve yet to see a good event calendar in any of the CMSes I’ve tried that properly handles recurring events and makes it easy for the layman to update calendar events. I’ve therefore recently implemented a small macro for Umbraco that displays Google Calendar events from a cached XML calendar feed. I did this using the excellent FeedCache plugin and some XSLT.

My one gripe with FeedCache is that you can’t edit the feeds.config file using ConfigTree, but rather need file-level access to it. This is a major bummer, as I wanted to test it on Umbraco Trials.

I won’t post any CSS, but the XSLT caters for styling as it uses bulleted lists and spans around key areas.

The feed will then be displayed similar to below:

Today

* Test Event (19:30-21:30)

Friday 16th October

* Meeting (19:30-21:30)

Sunday 18th October

* Seminar (10:30-12:30)
* Lunch (13:00-14:00)
* Games/Activities (14:30-15:30)

Here’s a screenshot of it working on an Umbraco Trials site. I found a random Google Calendar feed and used that for the demo. Note that I didn’t put any effort into styling the results:

image

Basically, what you need to do is:

  1. Install FeedCache
  2. Install the GCal Events List package
  3. Set up the calendar feed in FeedCache’s feeds.config. The feeds.config entry should look like this: 
    <feed>
 <url><![CDATA[http://www.google.com/calendar/feeds/calendar@example.org/public/composite?orderby=starttime&sortorder=ascending&futureevents=true&singleevents=true]]> </url>
 <localFile>GoogleCalendarFeed.xml</localFile>
</feed>
  4. Insert a macro wherever you need it, and fill out the parameters;
    1. numberOfDays – (integer) how many days worth of events you would like to display
    2. xmlFileName (string) the exact file name of the cached XML file in the umbraco\plugins\FergusonMoriyama\feedcache\ folder. eg. googleEvents.xml
  5. Call FeedCache from your browser to trigger a pull of the feed(s): http://example.org/umbraco/plugins/FergusonMoriyama/FeedCache/FeedCache.aspx
  6. View the page that contains the macro inserted in step 4.
  • Share/Bookmark

Enabling Remote Desktop (RDP) on Windows Vista Home Premium

Published at 28 April, 2009 in Windows. Comments

Thanks to the guys at The Green Button forums, Vista Home Premium users can now also enjoy an oft-missed feature; RDP. This currently works with SP1, but SP2 isn’t far off so expect Microsoft to close this loophole again.

Below are some instructions found on the forum, and the rest of the process that I followed:

  1. Download patched DLL
  2. Run a Command Prompt as an Administrator, and run the following commands:
    1. takeown /a /f %SystemRoot%\System32\termsrv.dll
    2. icacls %SystemRoot%\System32\termsrv.dll /Grant Administrators:F
  3. Stop the Terminal Services service (Windows Key + R, services.msc)
  4. Rename the original termsrv.dll (in %systemroot%\system32) to termsrv.dll.bak
  5. Copy the patched dll into place
  6. Run Registry Editor (Windows Key + R, regedit)
  7. Find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
  8. Change the following 2 items:
    1. fDenyTSConnections – New value: 0
    2. fSingleSessionPerUser – New value: 0
  9. Start the Terminal Services service

Below is a screen shot of it working on my home PC.

Don’t contact me for help in getting this running, or if this procedure breaks your PC.

If you’re not keen on doing this, an excellent alternative is LogMeIn’s free remote desktop solution.

Vista_Home_RDP

  • Share/Bookmark

How to install a Windows-CA-Signed Certificate on VMWare Server 2.0x

Published at 16 April, 2009 in Linux/Unix and SysAdmin. Comments
  1. Make a backup of /etc/vmware/ssl/rui.crt and rui.key
  2. Generate a new server key: openssl genrsa -out rui.key 2048
  3. Generate a CSR: openssl req -new -key rui.key -out server.csr
  4. Go to the Certificate Services web interface on one of your DCs, and select “Request a Certificate”
    1. Select “advanced certificate request”
    2. Select “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.”
    3. Paste the CSR text into the “Saved Request” field, and select “Web Server”, and Submit the request
    4. Select “Base 64 encoded”, and “Download certificate”
  5. Transfer the certificate to the Linux box running VMWare Server
  6. Copy/rename the new certificate (certnew.cer) over rui.crt
  7. Do a “service vmware restart”
  8. Voila! A trusted certificate. No more web browser/VMWare Client messages about invalid certificates
  • Share/Bookmark

Mini Brain Dump: IP Subnet Change Considerations

Published at 16 October, 2008 in SysAdmin and Windows. Comments

I’ve been sitting on this post for a long time, and intended to write a more detailed description.

Here are some things you may need to consider (outside of the obvious like DHCP scopes, DNS server settings, Firewall settings & rules, etc) when changing the IP range your Windows network operates on:

  • TCP/IP Printer ports on print server
  • Printer/Copier IP/DNS/SMTP settings
  • Exchange allowed relay ranges
  • Any copy/print accounting devices attached to copiers
  • Monitoring host settings. Eg. Big Brother/Hobbit – Both client and server side, if not configured to use DNS in config files
  • Server iLO IP addresses

Some steps for changing domain controller IP addresses. Do these first before any other important servers:

  1. Change IP
  2. ipconfig /flushdns
  3. ipconfig /registerdns
  4. Either restart the Netlogon service, or run ‘nltest /dsregdns’
  5. Reboot

Disclaimer: This is by no means a complete list. Use these directions at your own risk.

  • Share/Bookmark
« Previous Entries