Windows Tips & Tricks UPDATE, April 18, 2005, —brought to you by the Windows IT Pro Network and the Windows 2000 FAQ site
Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add Windows_TipsandTricks_UPDATE@list.windowsitpro.com to your list of allowed senders and contacts.
This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Tips & Tricks UPDATE.
Download a Tool that will Benefit any Sys Admin
FREE 86-page Intel Server Spec Book - Dell, Compaq, IBM
Sponsor: Download a Tool that will Benefit any Sys Admin
Are you searching for an affordable real-time monitoring toolset that will support your proactive system management objectives? Start NOW and download ELM Enterprise Manger from TNT Software. Within an hour, you will experience for yourself why ELM is recognized as the tool that will benefit any System Administrator. Before the 30 Day full feature trial is completed, the Monitoring, Alerting and Reporting will have saved you time and provided you the data for prompt corrective action. Be Proactive; and download ELM Enterprise Manager from the link below:
- Q. What's new in Windows Server 2003 Service Pack 1 (SP1)?
- Q. Where can I get the updated support tools and deployment tools for Windows Server 2003 Service Pack 1 (SP1)?
- Q. How can I configure Microsoft Virtual Server 2005 to cleanly shut down any running guest OSs when the server shuts down?
- Q. How can I use a script to create a list of domains that an Active Directory (AD) domain trusts?
- Q. I'm receiving errors from domain controllers (DCs) in my domain, which state that the target Principal Name is incorrect or that access is denied when I attempt to replicate Active Directory (AD) data or to perform some domain-modification functions. What's causing the errors?
by John Savill, FAQ Editor, firstname.lastname@example.org
In this issue, you'll find out what's new in Windows Server 2003 Service Pack 1 (SP1) and where to get the updated support tools and deployment tools for the service pack. You'll also learn how to configure Microsoft Virtual Server 2005 to cleanly shut down any running guest OSs when the server shuts down and how to use a script to create a list of domains that an Active Directory (AD) domain trusts. Finally, you'll learn why you might be receiving errors from domain controllers (DCs), which state that the target Principal Name is incorrect or that access is denied when you try to replicate Active Directory (AD) data or to perform some domain-modification functions.
Sponsor: FREE 86-page Intel Server Spec Book - Dell, Compaq, IBM
This new 86-page guide from World Data Products is the definitive resource on processor, memory and storage specifications for Dell PowerEdge, HP/Compaq ProLiant, and IBM xSeries servers. A must for everyone involved in the design, installation and maintenance of servers. From World Data Products, the world-class provider of server, storage and networking solutions. To order go to
Q. What's new in Windows Server 2003 Service Pack 1 (SP1)?
A. Like Windows XP SP2, Windows 2003 SP1 is effectively a security release; most of the core OS files have been built with better memory protection to help minimize exposure to exploits, which is why the service pack download is so large (340MB; 406MB after it's extracted). In addition to the rebuilt core OS files, the service pack contains several other new security-related features:
- Windows Firewall is now included and is enabled by default for new installations. It's not enabled by default when you apply SP1 to an existing Windows 2003 installation or when you upgrade a Windows 2000 system to Windows 2003 with SP1 slipstreamed into it. During the slipstreamed installation of Windows 2003 with SP1, a stateful filtering process protects the system during the actual OS installation. SP1 provides command-line support for the firewall.
- With new installations or upgrades from Windows NT 4.0 (but not from Windows 2003 without SP1 or Windows 2000), the first time an Administrator logs on, the Post-Setup Security Updates (PSSU) dialog box appears, prompting the administrator to apply the most recent security updates from Windows Update, as the figure at http://www.windowsitpro.com/articles/images/pssu.gif shows. Until the administrator applies the security updates, the firewall remains enabled. The intent of PSSU is to secure the server as soon as possible after the upgrade to SP1.
- Microsoft Internet Explorer (IE) enhancements include a centralized information bar to alert users of conditions they might want to act on and a pop-up blocker.
- Security Configuration Wizard (SCW), which isn't installed by default (because it's a new component), although its help file is installed by default. SCW helps you lock down your server through a combination of policy, IP Security (IPSec), firewall, auditing, Microsoft IIS, and registry permissions.
- Network Access Quarantine Control components (rqs.exe and rqc.exe) are now included as part of the core OS.
- SP1 includes Windows Media Player (WMP) 10.
Q. Where can I get the updated support tools and deployment tools for Windows Server 2003 Service Pack 1 (SP1)?
A. Each time Microsoft releases a new service pack, the company updates the support and deployment tools that you should apply to upgraded OSs. Here's the latest list of support and deployment tools for Windows 2003 SP1:
- Windows 2003 SP1 32-bit deployment tools: http://www.microsoft.com/downloads/details.aspx?familyid=a34edcf2-ebfd-4f99-bbc4-e93154c332d6&displaylang=en
- Windows 2003 SP1 32-bit support tools: http://www.microsoft.com/downloads/details.aspx?familyid=6ec50b78-8be1-4e81-b3be-4e7ac4f0912d&displaylang=en
Q. How can I configure Microsoft Virtual Server 2005 to cleanly shut down any running guest OSs when the server shuts down?
A. Each guest OS environment runs under the Virtual Server service (vssrvc.exe), which stops when the host OS shuts down. You can configure each guest OS with a default action in the event that the Virtual Server service is closed as follows:
- Connect to the Virtual Server Web interface (e.g., http: //virtserver.savilltech.com:1024/VirtualServer/VSWebApp.exe?view=1)
- Select the Virtual Server name you want to configure and select Edit Configuration, as the figure at http://www.windowsitpro.com/articles/images/virtserverpropedit1.gif shows.
- Under Guest OS configuration, click "General properties."
- You can now modify the "Action when Virtual Server stops" drop-down list, which the figure at http://www.windowsitpro.com/articles/images/virtservshutdown2.gif shows, by selecting from the list of options (e.g., to shut down the OS, select the "Shut down guest OS" option). Click OK. Now when the host server shuts down, the guest OS will be cleanly closed first. If, however, the host OS simply crashes or is powered off, the guest OSs can't close cleanly. Event ID 1074 will be written in the guest OS System log, notifying the user that the system was powered off by the vmsrvc.exe service. If you require more control over this functionality, you can shut down the guest OS via the shutdown.exe command-line tool before performing a shutdown of the active host OS, typically as part of a script.
- Log on to the DC that's having the problems.
- Ensure that the Windows Support Tools are installed (We'll be using the Netdom tool, which is part of the support tools.)
- Start the Microsoft Management Console (MMC) Computer Management snap-in (Start, Programs, Administrative Tools, Computer Management).
- Scroll down to the "Services and Applications" section and select the Services subleaf.
- Double-click the Kerberos Key Distribution Center (KDC) service.
- Set its startup type to Disabled and click OK.
- Reboot the DC.
- When the DC restarts, open a command prompt and run this command:
netdom resetpwd /server:
- You should see a confirmation message stating that the machine account has been reset.
- Restart the Computer Management snap-in.
- Scroll down to the "Services and Applications" section and select the Services subleaf.
- Double-click the KDC service.
- Set its startup type to Automatic and click OK.
- Reboot the DC.
- Integrated Help Desk Services Lead to Greater IT Productivity
- Are You Experiencing Increased Frustration with Your Current Antispam Solution?
- Get The Valuable Resources You Need To Secure Your IT Environment.
- Developing, Deploying and Managing SQL Server Integration Services (SSIS)
- Improve Fax Messaging and Application Integration
- Get Ready for SQL Server 2005 Roadshow in a City Near You
- Converting a Microsoft Access Application to Oracle HTML DB
- Check Out the New Windows IT Security Newsletter!
- Windows IT Pro Monthly Pass = Quick Answers!
- Quest Software
- Argent versus MOM 2005
- High Availability for Windows Services
Q. How can I use a script to create a list of domains that an Active Directory (AD) domain trusts?
A. Using the Active Directory Services Interface (ADSI) you can use a script like the following sample to query objects from AD--such as trustedDomain objects from a domain's system container--and thereby obtain a list of all the trusted domains.
Option Explicit Dim objConnection, objChild Set objConnection = GetObject("LDAP://vs2003dstdc1.dest.test/cn=system,dc=dest,dc=test") objConnection.Filter = Array("trustedDomain") For Each objChild In objConnection WScript.Echo objChild.Name Next Wscript.Echo "Operation Completed"Ensure that you replace the "Set objConnection" Lightweight Directory Access Protocol (LDAP) connection string with one for your domain. For example, if a domain controller (DC) is DC1 in domain savilltech.com, the line would read:
Set objConnection = GetObject("LDAP://dc1.savilltech.com/cn=system,dc=savilltech,dc=com")
Q. I'm receiving errors from domain controllers (DCs) in my domain, which state that the target Principal Name is incorrect or that access is denied when I attempt to replicate Active Directory (AD) data or to perform some domain-modification functions. What's causing the errors?
A. I recently experienced this problem when I started a DC that I hadn't used for a while and wanted to demote, but the demotion kept failing. The problem was that the DC's computer account with the domain had expired and its services could no longer communicate with other DCs in the domain. I solved the problem by resetting the DC's account. To do so, perform these steps:
Hot Release (advertisement)
This free white paper explores how to meet IT infrastructure’s needs and manage crucial support and service processes by implementing Help Desk, problem, change, configuration, and service-level agreement (SLA) management into a single workflow. Improve productivity and service delivery quality while reducing costs, resources, and downtime in your organization. Download now!
Events and Resources
(A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )
With new and more dangerous email threats, in-house software, appliances, and even some services may no longer work effectively. They require too much IT staff time to update and maintain or to satisfy the needs of different users. In this free Web seminar, learn firsthand from your colleagues and peers about their search for a better solution. Register today!
Stay on top of new security threats, address those security threats, ensure trustworthy computing in your environment, and more! Download an eBook or white paper before June 30th and you’ll be entered for a chance to win an Xbox!
In this free Web seminar, find out the role SSIS plays in Microsoft’s BI strategy and learn about the important new SSIS features. You’ll get a guided tour illustrating how to develop SSIS packages using the new SSIS Designer and learn how to customize those packages to run on different systems. Sign up today!
View this on-demand Web seminar and receive a complimentary 30-day software evaluation and industry white paper! Join industry expert David Chernicoff and learn how leading organizations are incorporating fax technologies to empower users and enhance existing investments in infrastructure and applications while providing substantial ROI. Register now!
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!
Featured White Paper
(from Windows IT Pro and its partners)
Get the most efficient, scaleable, and secure approach to managing information using an Oracle Database with a Web application as the user interface. In this free white paper learn how you can use an Oracle HTML Database to convert a Microsoft Access application into a Web application that can be used by multiple users concurrently. Download this free white paper now!
(from Windows IT Pro and its partners)
Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database! Click here to try a sample issue today:
Sign up today for your Windows IT Pro Monthly Pass and get 24/7 online access to every article on the Windows IT Pro Web site, including exclusive subscriber-only content. That's a database of more than 9000 Windows articles to help you get all the answers you need, when you need them! Sign up now:
Heading to Exchange from Notes or GroupWise? Get Expert Help!
Experts Pick the Best Windows Monitoring Solution
Learn of core issues surrounding Windows high availability - Download this white paper now!
Here's how to reach us with your comments and questions:
- About the newsletter — email@example.com
- About technical questions — http://www.windowsitpro.com/forums
- About product news — firstname.lastname@example.org
- About your subscription — email@example.com
- About sponsoring UPDATE — firstname.lastname@example.org
This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.