Build an Offline Root CA with a Subordinate CA

Install Root CA Build new stand-alone root CA, not attached to domain and give unique name. Log on to the server as the administrator and install Certificate Services to create a stand-alone root certification authority. Install Certificate Authority service only, IIS is not needed. Create a new private key Ensure the common name for the CA is unique. Change the validity period for the CA’s certificate to 20 years Install Sub CA Build new enterprise subordinate CA and add to domain. Add the following role services Certification Authority Certification Authority Web Enrollment Online Responder Certificate Enrollment Policy Web Service (Might…

Windows Server 2008 R2 Server Core unattended setup from command line

build, to a dc running a brand new domain. I figured out a set of commands that achieve this, so thought I would share them with the world. Rename the Host Netdom renamecomputer <OldName> /NewName:<NewName>Netdom computername [origcomputername] /add Core.contoso.comNetdom computername [origcomputername] /makeprimary core.contoso.com See all the network adaptors Make a note of the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter, make a note of the number corresponding to the network adapter for which you wish to set a static IP address. netsh interface ipv4 show…

Group Policy WMI filtering

This is from hhttp://technet.microsoft.com/en-us/library/cc947846.aspx and http://technet.microsoft.com/en-us/library/cc758471.aspx but I have added more information with examples or WMI filters and a table of Windows version numbers and Product Types. WMI filters can take significant time to evaluate, so they can slow down logon and startup time. The amount of time depends on the construction of the query. To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 7 or Windows Vista, use only ProductType="1". For server operating systems that are not domain controllers, use…

Auto Reply in Exchange 2007 for single mailbox

This is split into two parts, Server & Client. Server: On the Exchange server itself, open the Exchange 207 management console. Right click on the default remote domain, and choose properties   Click on the second tab, and confirm ‘Allow automatic replies’ is checked.   Client: Using Outlook, log into the mailbox where you want to set the auto reply, and create a new rule.   Select Apply rule on messages I receive, and click next.   Under the conditions, leave this blank and click next, this will apply to all email.   Click Yes. On the next step, select…

Setting up Proxy .pac files in IIS7 for proxy use

If you want the clients to connect using an automatic configuration script to connect to your proxy server, which will work if it is accessible, and won’t work from else where, e.g. laptop users at home. If the location (http://pac/proxy.pac) can’t be reached, IE will skip over the script and go direct out to the internet. To setup your proxy .pac file on a Windows Server 2008 server. Create your proxy.pac file (follow the examples below) Copy your .pac file to (C:\inetpub\pac) of your IIS server which will host the .pac file In IIS, right click on sites, choose Add…

SCCM 2007 R2 – SQL Queries

To get an accurate list of computers to usernames vice versa, change the part in RED to suit SELECT     v_R_System.Netbios_Name0, v_R_System.User_Name0, v_RA_System_IPAddresses.IP_Addresses0, v_RA_System_IPSubnets.IP_Subnets0,                       v_GS_COMPUTER_SYSTEM.UserName0FROM         v_R_System INNER JOIN                      v_RA_System_IPAddresses ON v_R_System.ResourceID = v_RA_System_IPAddresses.ResourceID INNER JOIN                      v_RA_System_IPSubnets ON v_R_System.ResourceID = v_RA_System_IPSubnets.ResourceID INNER JOIN                      v_GS_COMPUTER_SYSTEM ON v_R_System.ResourceID = v_GS_COMPUTER_SYSTEM.ResourceIDWHERE     (v_RA_System_IPSubnets.IP_Subnets0 = ‘10.10.35.0‘) Or………. From two subnets SELECT     v_R_System.Netbios_Name0, v_R_System.User_Name0, v_RA_System_IPAddresses.IP_Addresses0, v_RA_System_IPSubnets.IP_Subnets0,                       v_GS_COMPUTER_SYSTEM.UserName0FROM         v_R_System INNER JOIN                      v_RA_System_IPAddresses ON v_R_System.ResourceID = v_RA_System_IPAddresses.ResourceID INNER JOIN                      v_RA_System_IPSubnets ON v_R_System.ResourceID = v_RA_System_IPSubnets.ResourceID INNER JOIN                      v_GS_COMPUTER_SYSTEM ON v_R_System.ResourceID = v_GS_COMPUTER_SYSTEM.ResourceIDWHERE     (v_RA_System_IPSubnets.IP_Subnets0 = ‘10.10.35.0‘)OR     (v_RA_System_IPSubnets.IP_Subnets0 = ‘10.10.65.0‘)

Users & Computers Inventory

This is to create an accurate inventory of user names to computer names and vice versa On a server, create a shared folder. Grant the share permission and NTFS permission for the folder to allow Full Control for the group Everyone. On your domain controller, create a new GPO at domain level. Edit the policy. Locate the entry: User Configuration –> Windows Settings –> Scripts (Logon/Logoff). Create the logon script which contain the following command: @echo off date /t >> "%userprofile%\logonlog.txt"time /t >> "%userprofile%\logonlog.txt"echo ————— Network Drives >> "%userprofile%\logonlog.txt"echo. >> "%userprofile%\logonlog.txt"net use | find /i "\\" >> "%userprofile%\logonlog.txt"echo ————— Username…

Install Self Signed Exchange 2010 SSL certificate

For my example, my domains are… Local domain: vcp.local Outside domain: vcpdomain.com.au #NETBIOS name of Client Access exchange server:        vcpsydex01 #Internal FQDN (AD name):        vcpsydex01.vcp.local #External FQDN (Public name):        smtp.vcdomain.com.au #Autodiscover name:            autodiscover.vcdomain.com.au #SubjectName:                cn=smtp.vcdomain.com.au Run the following command on the Client Access Server for generating the new Self-Signed SSL cert using the names listed above: New-ExchangeCertificate -FriendlyName "SelfSigned Cert" -SubjectName "cn=smtp.vcdomain.com.au" -DomainName vcpsydex01,vcpsydex01.vcp.local,smtp.vcdomain.com.au,autodiscover.vcdomain.com.au -PrivateKeyExportable $True Prior to Windows Vista SP1, the Windows RPC/HTTP client-side component required that the Subject Name (aka Common Name) on the certificate match the "Certificate Principal Name" configured for the Outlook Anywhere connection in the…

Picking up Computer Group Membership Changes without a Reboot

Firstly, this is a great article I got from – http://sdmsoftware.com/blog/2008/08/picking_up_computer_group_memb.html One of the irritating side effects of using Group Policy security group filtering on computers is that, if you change a computer’s group membership, you either had to reboot the computer or wait the default 7 days for the computer’s Kerberos ticket to expire before it picked up its new group membership. Recently however, there was a thread on the ActiveDir.org mailing list about this. Steve Linehan–resident AD smart guy at Microsoft–posted that in Server 2008, Microsoft added some switches to the klist.exe utility that you could use to…

Install Windows 7 or Vista From USB Drive

This guide works 100% for Vista & Windows 7. Need to give credit to someone else where I got this from. This comes direct from this link http://www.intowindows.com/how-to-install-windows-7vista-from-usb-drive-detailed-100-working-guide/ The main advantage is that by using USB drive you will be able to install Windows 7/Vista in just 15 minutes. The method is very simple and you can use without any hassles. Needless to say that your motherboard should support USB Boot feature to make use of the bootable USB drive. Requirements: *USB Flash Drive (Minimum 4GB) *Windows 7 or Vista installation files. Follow the below steps to create bootable Windows…