Alexander's Blog » Windows 2003

How to Delete Inactive Profiles on Windows 7

Zubair Alexander — Sat, 04 Feb 2012 17:38:35 +0000

A few years ago I wrote this article Deleting Old User Profiles in Windows 2000/XP/2003 about a User Profile Deletion utility called DelProf.exe. This tool is part of the Windows Server 2003 Resource Kit. Because it was written for older operating systems it won’t work on Windows Vista or later operating systems.

Lucky for us, Microsoft MVP Helge Klein has written a successor utility called DelProf2 that works with newer operating systems, such as Windows 7. DelProf2 works with Windows XP/2003/Vista/Windows 7/Windows 2008/Windows 2008R2.

DelProf2 will even handle profiles that use long paths (i.e. MAX_PATH values of longer than 260). This tool is great if you want to get rid of old profiles that are taking disk space. It will delete all profiles except the current profile. It will leave the necessary system profiles (e.g. Default profile) alone. Default profile is used by the operating system to create a profile for a new user by making a copy of the Default profile. You also have the option to delete locally cached copies of roaming profiles or delete older profiles that have not been used for a certain period of time, such as older than 90 days.

Here is the syntax used by DelProf2.

Usage: delprof2 [/u] [/q] [/i] [/p] [/r] [/c:[\\]] [/d:]

       /u   Unattended (no confirmation)
       /q   Quiet (no output and no confirmation)
       /i   Ignore errors, continue deleting
       /p   Prompt for confirmation before deleting each profile
       /r   Delete local caches of roaming profiles only, not local profiles
       /c   Delete on remote computer instead of local machine
       /d   Delete only profiles not used in x days
       /l   List only, do not delete (what-if mode)

Helge has some nice examples on his site. You can use DelProf2 to delete inactive profiles remotely (including Windows 7 computers) using their IP addresses.

DelProf2 is a free utility that can be downloaded from Helge’s Web site here. While you are at it, you might want to check out some additional tools that he has written.

Free Wake-On-LAN GUI Tool

Zubair Alexander — Sat, 12 Feb 2011 21:31:42 +0000

There is a free Wake-On-LAN GUI tool available that you can use to wake a remote computer up by either using it’s IP address or it’s Fully Qualified Domain Name (FQDN). You can use the Wake-On-LAN feature to start a computer either on the LAN or through the Internet.

You can download the tool here.

How to Remotely Restart a Windows Computer

Zubair Alexander — Wed, 08 Sep 2010 16:36:51 +0000

The Shutdown command can be used to remotely restart or shutdown a Windows 2000 or later computer.

For example, you can remotely reboot a Windows 7 computer from a Windows XP computer as long as you have administrative privileges. On the destination computer, you may need to ensure that your account has the user right “Force shutdown from a remote system.” You can run gpedit.msc at the Start, Run and then add your account to that user right, as shown in the screenshot below.

The shutdown is especially handy for Network Administrators and PC Support professionals in a domain environment. Here’s the syntax used by the shutdown utility.

C:\> shutdown /?

Usage: shutdown [-i | -l | -s | -r | -a] [-f] [-m \\computername] [-t xx] [-c "comment"] [-d up:xx:yy]

No args                 Display this message (same as -?)
-i                      Display GUI interface, must be the first option
-l                      Log off (cannot be used with -m option)
-s                      Shutdown the computer
-r                      Shutdown and restart the computer
-a                      Abort a system shutdown
-m \\computername       Remote computer to shutdown/restart/abort
-t xx                   Set timeout for shutdown to xx seconds
-c “comment”            Shutdown comment (maximum of 127 characters)
-f                      Forces running applications to close without warning
-d [u][p]:xx:yy         The reason code for the shutdown
u is the user code
p is a planned shutdown code
xx is the major reason code (positive integer less than 256)
yy is the minor reason code (positive integer less than 65536)

To restart a computer make sure you use -r, to shutdown the computer use -s. As mentioned earlier, the shutdown command can be used on a local or a remote computer. To restart a remote computer use -m \\computername. For example, if you have a computer that’s hung on a certain process and you can’t even remote desktop into it, you can try to restart the computer remotely and force running applications to close without warning by using the following command.

shutdown -m \\computername -r -f

If you want to use the GUI version, simply type shutdown -i to bring up the graphical interface. Here you can add, one or more computers, configure the option to Restart, Shutdown, or Loggoff, display a warning notice on the computer, configure the computer to reboot after a specific interval, and configure the option for Shutdown Event Tracker that will record the reason for the action in the Event Viewer.

I mentioned at the beginning of the article that you can use Shutdown utility on Windows 2000 and later computers. Microsoft’s KB article 317371 explains how to use Shutdown tool in Windows 2000. However, notice that the older utility used a forward slash (/) instead of a hyphen (-) for the switches.

DNS Glossary

Zubair Alexander — Sun, 05 Sep 2010 15:56:09 +0000

Microsoft’s Active Directory relies on Domain Name System (DNS) so it’s important to have a good understanding of DNS concepts and terms. Here’s a glossary of DNS terminology in alphabetical order.

You can also download a PDF version of this glossary here.

Alias (CNAME)

An Alias resource record is also sometimes called CNAME (canonical name) resource record. With these records, you can use more than one name to point to a single host, which makes it easy to do such things as host both a File Transfer Protocol (FTP) server and a Web server on the same computer. The most common or popular use of an alias (CNAME) resource record is to provide a permanent DNS aliased domain name for generic name resolution of a service-based name, such as www.tailspintoys.com, to more than one computer or one IP address on a Web server.

Authoritative DNS Server

A DNS server is considered authoritative for a name if it loads the zone authoritative for that name.

Authoritative DNS Zone

A DNS zone is considered authoritative for a name if the name belongs to the DNS sub-tree, delegated to that zone.

AXFR

Type of zone file replication. AXFR replicates the entire zone. (See also IXFR.)

DNS Dynamic Update
An update to the DNS standard that permits DNS clients to dynamically register and update their resource records in the zones of the primary server.

DNS server
A server that maintains a database of mappings of FQDNs to various types of data, such as IP addresses.

Domain
Any branch of the DNS namespace.

Domain Name System (DNS)
A hierarchical, distributed database that contains mappings of DNS domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names and the discovery of other information stored in the database.

Forward Lookup
A DNS query that maps an FQDN to an IP address.

Forwarder
A DNS server designated by other internal DNS servers to be used to forward queries for resolving external or offsite DNS domain names, such as those used on the Internet.

FQDN (fully qualified domain name)
A DNS name that has been stated to indicate its absolute location in the domain namespace tree. An FQDN has a trailing period (.) to qualify its position relative to the root of the namespace. An example is host.example.microsoft.com.

Host (A) Record

A host (also known as “A”) resource record in a zone is used to associate DNS domain names of computers (or hosts) to their IP addresses.

Host Name
The DNS name of a host or interface on a network. For one computer to find another, the name of the computer to locate must either appear in the Hosts file on the computer that is looking, or the name must be known by a DNS server. For most Windows-based computers, the host name and the computer name are the same.

Host Name Resolution
The process of resolving a host name to a destination IP address.

Hosts File
A local text file in the same format as the 4.3 BSD release of UNIX /etc/hosts file. This file maps host names to IP addresses, and it is stored in the systemroot\System32\Drivers\Etc folder.

Iterative Query
A query made to a DNS server for the best answer the server can provide.

IXFR
Type of zone file replication. IXFR, incremental zone transfer, replicates only the changed records of the zone file.

MX (Mail Exchanger) Record

E-mail applications use the mail exchanger (MX) resource record to locate a mail server based on a DNS domain name in the destination address for the e-mail recipient of a message. The mail exchanger (MX) resource record shows the DNS domain name for the computer or computers that process mail for a domain.

Master and Slave DNS Servers
Two DNS servers are called Master and Slave if they contain the copies of the same zone, one of which is directly replicated from another. The source of replication is called Master server, the destination of replication is called Slave server. Every Master may have one or more Slaves and vice versa, every Slave may have one or more Masters. The same DNS server may be the Master and Slave at the same time.

Master Server
A DNS server that is authoritative for a zone and that is also a source of zone information for other secondary servers. A master server can be either a primary or secondary master server, depending on how the server obtains its zone data.

Pointer (PTR) Record
A pointer (PTR) resource record supports the reverse lookup process, based on zones that are created and rooted in the in-addr.arpa domain. These records locate a computer by its IP address and resolve this information to the DNS domain name for that computer.

Primary and Secondary Zones
The same zone may be represented by primary and secondary copies. The primary is the zone/copy that allows direct updates of its resource records. The secondary is the one that receives all the updates from primaries or secondary zones through the zone transfer mechanism only. Only the DS integrated zones may have multiple primaries. Multiple secondaries are allowed in either scenario.

Primary Server
A DNS server that is authoritative for a zone and that can be used as a point of update for the zone. Only primary servers can be updated directly to process zone updates, which include adding, removing, or modifying resource records that are stored as zone data.

Recursive Query
A query made to a DNS server in which the requester asks the server to assume the full workload and responsibility for providing a complete answer to the query. The DNS server will then use separate iterative queries to other DNS servers on behalf of the requester to assist in completing an answer for the recursive query.

Resource Record
Atomic unit of the DNS database. All resource records have the same format that includes NAME, TYPE, CLASS, TTL, RDLENGTH and RDATA that depends on TYPE and CLASS of the resource record. A set of resource records builds up a DNS zone.

Reverse Lookup
A DNS query that maps an IP address to an FQDN.

Root Domain
The beginning of the DNS namespace.

Root Server
DNS server that contains a root zone is called a root server.

Root Zone
A zone that contains the DNS root domain is called the root zone.

Secondary Server
A DNS server that is authoritative for a zone and that obtains its zone information from a master server.

Second-level Domain
A DNS domain name that is rooted hierarchically at the second tier of the domain namespace, directly beneath the top-level domain names. Top-level domain names include .com and .org. When DNS is used on the Internet, second-level domains are names that are registered and delegated to individual organizations and businesses.

Service location (SRV) Record
Service location (SRV) resource records are required for location of Active Directory domain controllers. Typically, you can avoid manual administration of service location (SRV) resource records when you install Active Directory Domain Services (AD DS). In the future, the service location (SRV) resource record may also be used to register and look up other well-known TCP/IP services on your network if applications implement and support DNS name queries that specify this record type.

Start of Authority (SOA) Record
A start of authority (SOA) record specifies the following values for a zone: a primary server, zone administrator’s e-mail address, secondary zone expiration values, and minimum default TTL values for zone resource records.

Subdomain
A DNS domain located directly beneath another domain (the parent domain) in the namespace tree. For example, example.microsoft.com would be a subdomain of the domain microsoft.com.

Top-Level Domains
Domain names that are rooted hierarchically at the first tier of the domain namespace directly beneath the root (.) of the DNS namespace. On the Internet, top-level domain names such as .com and .org are used to classify and assign second-level domain names (such as microsoft.com) to individual organizations and businesses according to their organizational purpose.

TTL (Time-To-Live)
TTL is duration of time when a specific resource record could be cached.

UCS-2

Also known as Unicode is a character encoding protocol.

UTF-8
A character encoding protocol specified in RFC 2044.

WINS (Windows Internet Name System)

WINS is the pre-DNS name system. It is still supported in the Windows 2000 and later servers in order to maintain interoperability between the different generations of Windows computers.

Zone
A manageable unit of the DNS database that is administered by a DNS server. A zone stores the domain names and data of the domain with a corresponding name, except for domain names stored in delegated subdomains.

Zone Transfer
The synchronization of authoritative DNS data between DNS servers. A DNS server configured with a secondary zone periodically queries its master server to synchronize its zone data.

How to Centralize Remote Access Policies Using RADIUS

Zubair Alexander — Thu, 19 Aug 2010 21:51:09 +0000

Remote access policies are local to the Windows Server 2003 where they are created. Therefore, you cannot synchronize remote access policies between servers. In addition, because remote access policies cannot be integrated with Active Directory, they can’t really be replicated as part of Active Directory replication.

If you have more than one remote access server, rather than administer the remote access policies of all the remote access servers separately, you can configure a single server with the Internet Authentication Service (IAS) as a Remote Authentication Dial-In User Service (RADIUS) server and configure the remote access servers as RADIUS clients. The IAS server provides centralized remote access authentication, authorization, accounting, and auditing. This provides a powerful way to centralize remote access policies, especially in large distributed environments.

When you configure the properties of the server running Routing and Remote Access, select RADIUS authentication as the authentication provider. Once the remote access servers are configured to use RADIUS authentication, the remote access policies stored on the remote access servers are no longer used. Instead, the remote access policies stored on the IAS server are used. Therefore, if one of the remote access servers contains the current set of remote access policies that are applied to all of the remote access servers, you can copy the remote access policies to the IAS server. Click here for the step-by-step procedure for copying the remote access policies to another server.