How to Delete Inactive Profiles on Windows 7

by Zubair Alexander @ 9:38 am. Filed under Tools/Utils, Windows 2000, Windows 2003, Windows 2008, Windows 7, Windows Vista, Windows XP

A few years ago I wrote this article Deleting Old User Profiles in Windows 2000/XP/2003 about a User Profile Deletion utility called DelProf.exe. This tool is part of the Windows Server 2003 Resource Kit. Because it was written for older operating systems it won’t work on Windows Vista or later operating systems.

Lucky for us, Microsoft MVP Helge Klein has written a successor utility called DelProf2 that works with newer operating systems, such as Windows 7. DelProf2 works with Windows XP/2003/Vista/Windows 7/Windows 2008/Windows 2008R2.

DelProf2 will even handle profiles that use long paths (i.e. MAX_PATH values of longer than 260). This tool is great if you want to get rid of old profiles that are taking disk space. It will delete all profiles except the current profile. It will leave the necessary system profiles (e.g. Default profile) alone. Default profile is used by the operating system to create a profile for a new user by making a copy of the Default profile. You also have the option to delete locally cached copies of roaming profiles or delete older profiles that have not been used for a certain period of time, such as older than 90 days.

Here is the syntax used by DelProf2.

Usage: delprof2 [/u] [/q] [/i] [/p] [/r] [/c:[\\]<computername>] [/d:<days>]

       /u   Unattended (no confirmation)
       /q   Quiet (no output and no confirmation)
       /i   Ignore errors, continue deleting
       /p   Prompt for confirmation before deleting each profile
       /r   Delete local caches of roaming profiles only, not local profiles
       /c   Delete on remote computer instead of local machine
       /d   Delete only profiles not used in x days
       /l   List only, do not delete (what-if mode)

Helge has some nice examples on his site. You can use DelProf2 to delete inactive profiles remotely (including Windows 7 computers) using their IP addresses.

DelProf2 is a free utility that can be downloaded from Helge’s Web site here. While you are at it, you might want to check out some additional tools that he has written.

[Comments (0)] [link]

February 12, 2011

Free Wake-On-LAN GUI Tool

by Zubair Alexander @ 1:31 pm. Filed under Tools/Utils, Win2K Pro, Windows 2000, Windows 2003, Windows 2008, Windows 7, Windows Home Server, Windows Vista, Windows XP

There is a free Wake-On-LAN GUI tool available that you can use to wake a remote computer up by either using it’s IP address or it’s Fully Qualified Domain Name (FQDN). You can use the Wake-On-LAN feature to start a computer either on the LAN or through the Internet.

You can download the tool here.

[Comments (0)] [link]

September 8, 2010

How to Remotely Restart a Windows Computer

by Zubair Alexander @ 8:36 am. Filed under Articles, Remote Connectivity, Tips & Tricks, Win2K Pro, Windows 2000, Windows 2003, Windows 2008, Windows 7, Windows Vista, Windows XP

The Shutdown command can be used to remotely restart or shutdown a Windows 2000 or later computer.

For example, you can remotely reboot a Windows 7 computer from a Windows XP computer as long as you have administrative privileges. On the destination computer, you may need to ensure that your account has the user right “Force shutdown from a remote system.” You can run gpedit.msc at the Start, Run and then add your account to that user right, as shown in the screenshot below.

The shutdown is especially handy for Network Administrators and PC Support professionals in a domain environment. Here’s the syntax used by the shutdown utility.

C:\> shutdown /?

Usage: shutdown [-i | -l | -s | -r | -a] [-f] [-m \\computername] [-t xx] [-c "comment"] [-d up:xx:yy]

No args                 Display this message (same as -?)
-i                      Display GUI interface, must be the first option
-l                      Log off (cannot be used with -m option)
-s                      Shutdown the computer
-r                      Shutdown and restart the computer
-a                      Abort a system shutdown
-m \\computername       Remote computer to shutdown/restart/abort
-t xx                   Set timeout for shutdown to xx seconds
-c “comment”            Shutdown comment (maximum of 127 characters)
-f                      Forces running applications to close without warning
-d [u][p]:xx:yy         The reason code for the shutdown
u is the user code
p is a planned shutdown code
xx is the major reason code (positive integer less than 256)
yy is the minor reason code (positive integer less than 65536)

To restart a computer make sure you use -r, to shutdown the computer use -s. As mentioned earlier, the shutdown command can be used on a local or a remote computer. To restart a remote computer use -m \\computername. For example, if you have a computer that’s hung on a certain process and you can’t even remote desktop into it, you can try to restart the computer remotely and force running applications to close without warning by using the following command.

shutdown -m \\computername -r -f

If you want to use the GUI version, simply type shutdown -i to bring up the graphical interface. Here you can add, one or more computers, configure the option to Restart, Shutdown, or Loggoff, display a warning notice on the computer, configure the computer to reboot after a specific interval, and configure the option for Shutdown Event Tracker that will record the reason for the action in the Event Viewer.

I mentioned at the beginning of the article that you can use Shutdown utility on Windows 2000 and later computers. Microsoft’s KB article 317371 explains how to use Shutdown tool in Windows 2000. However, notice that the older utility used a forward slash (/) instead of a hyphen (-) for the switches.

[Comments (2)] [link]

September 5, 2010

DNS Glossary

by Zubair Alexander @ 7:56 am. Filed under Active Directory, Win2K Pro, Windows 2000, Windows 2003, Windows 2008, Windows 7, Windows Home Server, Windows NT, Windows Vista, Windows XP

Microsoft’s Active Directory relies on Domain Name System (DNS) so it’s important to have a good understanding of DNS concepts and terms. Here’s a glossary of DNS terminology in alphabetical order.

You can also download a PDF version of this glossary here.

Alias (CNAME)

An Alias resource record is also sometimes called CNAME (canonical name) resource record. With these records, you can use more than one name to point to a single host, which makes it easy to do such things as host both a File Transfer Protocol (FTP) server and a Web server on the same computer. The most common or popular use of an alias (CNAME) resource record is to provide a permanent DNS aliased domain name for generic name resolution of a service-based name, such as www.tailspintoys.com, to more than one computer or one IP address on a Web server.

Authoritative DNS Server

A DNS server is considered authoritative for a name if it loads the zone authoritative for that name.

Authoritative DNS Zone

A DNS zone is considered authoritative for a name if the name belongs to the DNS sub-tree, delegated to that zone.

AXFR

Type of zone file replication. AXFR replicates the entire zone. (See also IXFR.)

DNS Dynamic Update
An update to the DNS standard that permits DNS clients to dynamically register and update their resource records in the zones of the primary server.

DNS server
A server that maintains a database of mappings of FQDNs to various types of data, such as IP addresses.

Domain
Any branch of the DNS namespace.

Domain Name System (DNS)
A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names and the discovery of other information stored in the database.

Forward Lookup
A DNS query that maps an FQDN to an IP address.

Forwarder
A DNS server designated by other internal DNS servers to be used to forward queries for resolving external or offsite DNS domain names, such as those used on the Internet.

FQDN (fully qualified domain name)
A DNS name that has been stated to indicate its absolute location in the domain namespace tree. An FQDN has a trailing period (.) to qualify its position relative to the root of the namespace. An example is host.example.microsoft.com.

Host (A) Record

A host (also known as “A”) resource record in a zone is used to associate DNS domain names of computers (or hosts) to their IP addresses.

Host Name
The DNS name of a host or interface on a network. For one computer to find another, the name of the computer to locate must either appear in the Hosts file on the computer that is looking, or the name must be known by a DNS server. For most Windows-based computers, the host name and the computer name are the same.

Host Name Resolution
The process of resolving a host name to a destination IP address.

Hosts File
A local text file in the same format as the 4.3 BSD release of UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the systemroot\System32\Drivers\Etc folder.

Iterative Query
A query made to a DNS server for the best answer the server can provide.

IXFR
Type of zone file replication. IXFR, incremental zone transfer, replicates only the changed records of the zone file.

MX (Mail Exchanger) Record

E-mail applications use the mail exchanger (MX) resource record to locate a mail server based on a DNS domain name in the destination address for the e-mail recipient of a message. The mail exchanger (MX) resource record shows the DNS domain name for the computer or computers that process mail for a domain.

Master and Slave DNS Servers
Two DNS servers are called Master and Slave if they contain the copies of the same zone, one of which is directly replicated from another. The source of replication is called Master server, the destination of replication is called Slave server. Every Master may have one or more Slaves and vice versa, every Slave may have one or more Masters. The same DNS server may be the Master and Slave at the same time.

Master Server
A DNS server that is authoritative for a zone and that is also a source of zone information for other secondary servers. A master server can be either a primary or secondary master server, depending on how the server obtains its zone data.

Pointer (PTR) Record
A pointer (PTR) resource record supports the reverse lookup process, based on zones that are created and rooted in the in-addr.arpa domain. These records locate a computer by its IP address and resolve this information to the DNS domain name for that computer.

Primary and Secondary Zones
The same zone may be represented by primary and secondary copies. The primary is the zone/copy that allows direct updates of its resource records. The secondary is the one that receives all the updates from primaries or secondary zones through the zone transfer mechanism only. Only the DS integrated zones may have multiple primaries. Multiple secondaries are allowed in either scenario.

Primary Server
A DNS server that is authoritative for a zone and that can be used as a point of update for the zone. Only primary servers can be updated directly to process zone updates, which include adding, removing, or modifying resource records that are stored as zone data.

Recursive Query
A query made to a DNS server in which the requester asks the server to assume the full workload and responsibility for providing a complete answer to the query. The DNS server will then use separate iterative queries to other DNS servers on behalf of the requester to assist in completing an answer for the recursive query.

Resource Record
Atomic unit of the DNS database. All resource records have the same format that includes NAME, TYPE, CLASS, TTL, RDLENGTH and RDATA that depends on TYPE and CLASS of the resource record. A set of resource records builds up a DNS zone.

Reverse Lookup
A DNS query that maps an IP address to an FQDN.

Root Domain
The beginning of the DNS namespace.

Root Server
DNS server that contains a root zone is called a root server.

Root Zone
A zone that contains the DNS root domain is called the root zone.

Secondary Server
A DNS server that is authoritative for a zone and that obtains its zone information from a master server.

Second-level Domain
A DNS domain name that is rooted hierarchically at the second tier of the domain namespace, directly beneath the top-level domain names. Top-level domain names include .com and .org. When DNS is used on the Internet, second-level domains are names that are registered and delegated to individual organizations and businesses.

Service location (SRV) Record
Service location (SRV) resource records are required for location of Active Directory domain controllers. Typically, you can avoid manual administration of service location (SRV) resource records when you install Active Directory Domain Services (AD DS). In the future, the service location (SRV) resource record may also be used to register and look up other well-known TCP/IP services on your network if applications implement and support DNS name queries that specify this record type.

Start of Authority (SOA) Record
A start of authority (SOA) record specifies the following values for a zone: a primary server, zone administrator’s e-mail address, secondary zone expiration values, and minimum default TTL values for zone resource records.

Subdomain
A DNS domain located directly beneath another domain (the parent domain) in the namespace tree. For example, example.microsoft.com would be a subdomain of the domain microsoft.com.

Top-Level Domains
Domain names that are rooted hierarchically at the first tier of the domain namespace directly beneath the root (.) of the DNS namespace. On the Internet, top-level domain names such as .com and .org are used to classify and assign second-level domain names (such as microsoft.com) to individual organizations and businesses according to their organizational purpose.

TTL (Time-To-Live)
TTL is duration of time when a specific resource record could be cached.

UCS-2

Also known as Unicode is a character encoding protocol.

UTF-8
A character encoding protocol specified in RFC 2044.

WINS (Windows Internet Name System)

WINS is the pre-DNS name system. It is still supported in the Windows 2000 and later servers in order to maintain interoperability between the different generations of Windows computers.

Zone
A manageable unit of the DNS database that is administered by a DNS server. A zone stores the domain names and data of the domain with a corresponding name, except for domain names stored in delegated subdomains.

Zone Transfer
The synchronization of authoritative DNS data between DNS servers. A DNS server configured with a secondary zone periodically queries its master server to synchronize its zone data.

[Comments (0)] [link]

July 2, 2010

Difference Between Immediate and Urgent Replication

by Zubair Alexander @ 7:58 am. Filed under Active Directory, Security/Firewalls, Tips & Tricks, Windows 2000, Windows 2003

In Windows Server 2003 Active Directory domains, there is a concept of immediate and urgent replication. Certain types of information gets replicated immediately, rather than waiting for the standard Active Directory replication. One such example is user account lockout. If an administrator locks a user account, the information is replicated to the PDC emulator immediately. Microsoft recommends that you define account lockout and password policies in only one Group Policy object (GPO) for every domain (in the Default Domain policy settings).

Microsoft explains the concepts of immediate and urgent replications in this TechNet article:

Account lockout relies on the replication of lockout information between domain controllers to ensure that all domain controllers are notified of an accounts status. In addition, password changes must be communicated to all domain controllers to ensure that a user’s new password is not considered incorrect. This data replication is accomplished by the various replication features of Active Directory and is also discussed in this section.

Immediate Replication
When you change a password, it is sent over Netlogon’s secure channel to the PDC operations master. Specifically, the domain controller makes a remote procedure call (RPC) to the PDC operations master that includes the user name and new password information. The PDC operations master then locally stores this value.

Immediate replication between Windows 2000 domain controllers is caused by the following events:
- Lockout of an account
- Modification of a Local Security Authority (LSA) secret
- State changes of the Relative ID (RID) Manager

Urgent Replication
Active Directory replication occurs between domain controllers when directory data is updated on one domain controller and that update is replicated to all other domain controllers. When a change in directory data occurs, the source domain controller sends out a notice that its directory store now contains updated data. The domain controller’s replication partners then send a request to the source domain controller to receive those updates. Typically, the source domain controller sends out a change notification after a delay. This delay is governed by a notification delay. (The Windows 2000 default notification delay is 5 minutes; the Windows Server 2003 default notification delay is 15 minutes.) However, any delay in replication can result in a security risk for certain types of changes. Urgent replication ensures that critical directory changes are immediately replicated, including account lockouts, changes in the account lockout policy, changes in the domain password policy, and changes to the password on a domain controller account. With urgent replication, an update notification is sent out immediately, regardless of the notification delay. This design allows other domain controllers to immediately request and receive the critical updates. Note, however, that the only difference between urgent replication and typical replication is the lack of a delay before the transmission of the change notification. If this does not occur, urgent replication is identical to standard replication. When replication partners request and subsequently receive the urgent changes, they receive, in addition, all pending directory updates from the source domain controller, and not only the urgent updates.

When either an administrator or a delegated user unlocks an account, manually sets password expiration on a user account by clicking User Must Change Password At Next Logon, or resets the password on an account, the modified attributes are immediately replicated to the PDC emulator operations master, and then they are urgently replicated to other domain controllers that are in the same site as the PDC emulator. By default, urgent replication does not occur across site boundaries. Because of this, administrators should make manual password changes and account resets on a domain controller that is in that user’s site.

The following events are not urgent replications in Windows 2000 domains:
- Changing the account lockout policy
- Changing the domain password policy
- Changing the password on a computer account
- Domain trust passwords

Note: There is an error in TechNet’s article quoted above. The default notification delay for Windows Server 2003 listed under Urgent Replication should be 15 seconds, not 15 minutes, as pointed out by Rickard Nobel. The KB article 214678 confirms that the default notification period is 15 seconds in Windows Server 2003.

[Comments (1)] [link]