Alexander’s Blog

The power management settings in Windows Vista can be centrally managed via Group Policy. However, natively the power management settings (monitor power management, system standby, and hibernate) in Windows XP Professional and Windows 2000 cannot be centrally managed through Group Policies.

Energy Star offers a free tool to network administrators that you might want to check out. It’s called EZ GPO and doesn’t have any licensing fees. EZ GPO will allow you to centrally manage your Windows XP/2000 client workstations through Group Policy.

According to the Energy Star Web site, here’s how EZ GPO works.

• - Uses an automated installer
• - Contains one binary application that runs as a service and one that runs on login under each user’s account
• - Reads the desired power management settings that are set using GPOs in integer and string value format
• - Allows changes to power management settings using Microsoft’s core Application Programming Interface
• - Intelligently selects only capable computers when activating “system standby.” (Computers generally capable of using system standby reliably run Windows 2000 or XP with Pentium 4 chip sets capable of S3 standby mode.)

You can download EZ GPO here.

Also check out EZ GPO Installation Instructions and FAQs.

In case you are wondering about Energy Star. It is a joint program of the U.S. Environmental Protection Agency and the U.S. Department of Energy. It’s purpose is to save money and protect the environment through energy efficient products and practices.

The Windows Security and Directory Services for UNIX Guide focuses on the use of Microsoft Windows Server 2003 or Windows 2000 Server Active Directory directory service to provide centralized authentication and authorization services for users in a network that includes both UNIX-based and Windows-based computers.

The Windows Security and Directory Services for UNIX Guide provides guidance in selecting the best solution to meet the authentication and authorization needs of your organization. The guide also explains the best practices and the major issues that you are likely to face as you implement the solution that is most appropriate for your organization.

Click here to download this complete guide from Microsoft.

Universal Groups in Windows Server can be useful. However, they also have a couple of drawbacks. One downside is that the Universal Group membership is kept in the Global Catalog servers. In a multiple domain environment, when a user try to logon to the domain the Global Catalog server has to be available to enumerate the Universal Group membership. This can be an issue when users are logging on in a remote site with slow or unreliable connection. Without the Global Catalog server they cannot logon. By caching the Universal Group membership on a Domain Controller in a remote site you can allow users to logon even when the network connection to the main office is down.

By default, the cached membership is update every 8 hours. Each refresh cycle can refresh hundreds of accounts at a time (500 accounts to be exact). You can modify the cached Universal Group information in the registry. Here’s the procedure.

1. Go to Start, Run, and type regedit.exe to start the registry editor.
2. Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters.
3. On the menu click Edit, New, DWORD Value and enter one of the values that Microsoft has posted in a table in a TechNet article How the Global Catalog Works. It’s a lengthy article so I have posted the table here for your convenience. Press Enter after typing the entry.
4. Double-click the value you just entered and type a number from the Notes column in the table mentioned above in step 3.
5. Press OK and close the registry editor.

You can get error 1606 under various circumstances. One person I know was encountering the error when installing “Creating Keepsakes - Scrapbook Designer”, a Scrapbook application, but this error can pop up at other times as well. For example, you may encounter this error if you try to install or uninstall Norton AntiVirus 2003. Sometimes the path and location is given in the error message, which may point to one of several different possible paths, such as C:\Documents and Settings\All Users\Desktop, or C:\My Documents\My Pictures.

Microsoft’s KB article 315352 mentions that this error occurs if you upgrade from Windows 98 SE or Windows Me to Windows XP, or Windows XP SP1. However, variations of this error are also known to exist when you upgrade from Windows 98 to Windows 2000. Here’s a step-by-step solution that seems to work.

1. Click on Start, Run and then type REGEDIT.EXE to start the Registry Editor.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.
3. Double-click the Common Administrative Tools Value Name and set the data value to %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools.
4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders. Notice that this path is different than the path in step 2. This is “Shell Folders”, in step 2 you went to “User Shell Folders”.
5. Double-click the Common Administrative Tools Value name and verify that the Value data is set to the %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools.
6. Close the Registry Editor.
7. Restart your computer.

Microsoft has a performance testing tool for Active Directory called ADTest. It is primarily an Active Directory load-generation tool that allows you to simulate client transactions on the host server. According to Microsoft “By varying client load, you can relate the transaction rate to resource utilization on the server and get some idea about the requirements for your environment. Because ADTest can perform generic Active Directory requests, it can also create an organizational unit structure inside Active Directory. You can add many organizational units and user objects in those ADTest-created organizational units. You can also add attributes to the user objects. Once you have created the Active Directory structure you require, you can use ADTest to perform various Active Directory requests, including Modify and Search. Several pre-built tests have been written to reproduce some typical activities you might want to evaluate. Examples of these pre-built tests are: an interactive logon, a batch logon, a search for a random user, and a modification of an attribute of a random user. By varying your hardware environment or other test parameters, you can gain insight into the performance sensitivities of your particular setup.”

Microsoft reminds users that benchmarking and performance exercises only useful for a general understanding of the hardware requirements for various implementations. The tests that you run take place in a limited lab environments so they may not translate directly to real-world scenarios. In other words, use this tool just to get some general ideas and don’t depend on the results too much for a production environment.

You can download the tool here.