Jump to content

InTheWayBoy

Member
  • Posts

    710
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    United States

Everything posted by InTheWayBoy

  1. Okay, long story short we consolodated several domains into one with a recent merger. For the most part we just dumped everything and reloaded the new domain from the ground up. However, there is this one server from a previous domain that is not a member of this new domain. It used to be the DC for a small company, and also was setup to run two EMR applications on it. When we did the merge we just left it on it's own, but disabled all the unnecessary services (DHCP, WINS, etc). Luckily both of the EMR applications are fairly web-based, but we are running into file permission issues now since the server is part of a different domain than the clients. Now the problem is both of these EMR's charge out the a** for support, and something like reloading them onto a fresh server is going to cost about $2000! So I'm starting to think about how I can fix this without having to reload. My thought is to demote it from being a DC, then join it to the new domain as a regular member server. Only problem is I'm really concerned about how reliable it will be going through a demotion and joining a new domain. I can handle all the simple things, reconfiguring the shares and network info and blah blah blah, but it's the deeper stuff I'm worried about. For instance, what will happen to the registry after a demotion and joining a new domain? Will it create new HLKM and HKCU trees, will permissions be carried over or reset, things like that. Just a quick thought, would setting up trusts between the domain be easy? I really don't want to have to configure the new domain to know anything about the old one, but can't I do like a one-way trust so that the server in question allows users from the new So mostly I'm just looking for any comments and I would love to hear some suggestions. But please, no reloading comments...I know that's the best way to go but I'm trying to avoid shelling out all that money for such a simple task. Of course if these EMR's would actually provide documentation and installation sources then I could do it all, but that's a different gripe. Thanx in advance!
  2. Yeah, use 127.0.0.1 on the server for DNS1, and configure the DNS service to use 192.168.5.10 as a forwarder.
  3. Either that or split things up and use something like WPI. On one CD just have the OS and OS-specific updates/installs. Once that is done installing and you are at the desktop you can just drop in the other CD to start installing everything else. WPI gives you a nice GUI to handle all that, but those scripts above look to accomplish much of the same. But yeah, jump up to DVD's, things aren't getting any smaller these days...
  4. Sorry, been kinda hectic. I'm getting some new AP's next week (NetGear WG102) and once I get them deployed I'm gonna try this out. Thanx for the suggestions, I'll hit this back in a week or so with any updates.
  5. Hell, if you wanna do it even further, get something like AutoIt. Simple script to make the password change: RunWait(net user administrator password) That's probably not 100% correct mind you. Then you could run it through this: http://www.autoitscript.com/forum/index.php?showtopic=32171 Which should scramble a some of the code...since this is so simple it might not do much. But after that is run compile the script to an .exe (A standard feature of AutoIt) and run that through a GPO. I would imagine you could enlist NTFS permissions to lock down the file on the server. Of course it's still got problems, but its not a bad idea when you think about it. Good luck!
  6. Ok, so currently we have about 15 laptops on our domain. They all are either Intel 2200 or 3945 chipsets, which luckily use the same installation package. The Intel drivers have a pretty decent client configuration application, but its not without its gripes. The application includes a feature that seems to help the laptops sign-on to the domain over the wireless. From what I can tell without this feature the wireless link isn't ready when the user logs in, resulting in the "Domain not available" error message. The feature seems to get around that by connecting to a preconfigured wireless profile as the user logs on, and waits until a domain controller is found to pass the auth info through. Works well enough in most cases. My question is are there any other ways around that which wouldn't require me to use the Intel application. I see some things in the GPO that might be what I want, but I can't tell if I will perform as we are used to. I need these laptops to be able to sign-on 'live' over the wireless, without any cached logins. The Intel drivers include bare .inf files so I can install the adapters for use with just the built-in XP SP2 Wireless Zero Config application. If I create the GPO's for the wireless profiles will the be active before or during the logon? Or is there an even better way to do this? We use a mixture of roaming profiles and folder redirection, along with several mapped drives. If the process doesn't work correctly we get issues with the folder redirection not working or mapped drives not working unless you manually open them once. And of course there is the main issue of the "Domain not available" error message preventing logon.
  7. I can't say for sure, but you probably just need to move the CMPNENTS folder to be in the same folder as the R2 I386 folder: \ \I386 (from BartPE's) \programs (from BartPE) \w2k3R2\I386 (copy i386 from R2 disc 1) \w2k3R2\CMPNENTS (from R2 disc 2) \w2k3R2\$OEM$ \w2k3R2\$OEM$\$1 \w2k3R2\$OEM$\$$
  8. I've used this one before: http://manageengine.adventnet.com/products...ager/index.html It's not opensource, but their free version is pretty nice. They also have a paid version that offers more, but you might not need that depending on what you want to monitor.
  9. Yeah, that's a pretty tricky scenario, one that would benefit from a domain controller hosting the user profiles. but since it sounds like that isn't an option we have to figure out how to get past it. One thought that comes to mind is to install the operating system manually, configure all the profiles as you would like them, and then take the customized user profiles and backup them up. Then you can create an install CD and put those profiles in the $OEM$\$Docs folder. Of course this isn't with out it's own issues, but it sounds like a valid option.
  10. Yeah, it definantly has something to do with that update. I don't know why it's hidden though, since it doesn't show up on Windows Update. I've never gotten around to it but I figure you could slipstream/unattended install it and then the bare .inf driver might work.
  11. I've got a few of those and seem to recall that you had to install the sound drivers first. The D620's have that HD Audio I believe, and unless you run the installer for the sound drivers (And not just install by the INF's) then it won't allow you to install the modem. I hope I'm wrong, because it's a real show stopper in regards to unattended installs, but I think that might be your problem.
  12. Here is a M$ KB on replicating RIS using DFS: http://support.microsoft.com/?kbid=273594 It doesn't seem to point out SIS anywhere, so it looks like it might not be an issue? Of course it's also based on 2000 and not 2003, so maybe SIS is new to 2003 or something. I've never played with 2000 so I don't know.
  13. Okay, so we all knot that the only built-in way to deploy applications in an Active Directory is by using MSI's. This is great in most cases, since it's kinda popular now, but there are still far too many that aren't. The obvious solution is to convert/repackage things into MSI's, but I know I'm not as skilled as RogueSpear is However, I can do a lot. But then I started thinking, what to do about those custom registry settings, like always disabling the Java systray or pre-configuring VNC. Even though I've known about it for a while I only just recently tried out the DesktopStandard Policy Maker Registry Extension. BTW, DesktopStandard just got bought by M$, which I'm not shocked by. These guys did GPO better than the creators, and this free application is proof. It's a way to deploy regedits to clients via GPO. You need to have a client installed, but since it's MSI you just deploy like the rest of them. After that you can apply computer (HKLM, HKCR) and user (HKCU) settings via GPO, which means you can target the hell outta things! Back to the idea. So I'm thinking install via MSI, tweak via REG, but that still doesn't handle the file issues. That's where good old scripting comes in, pick your flavor. And all three can reside in a single GPO, giving you a single policy software installation and configuration solution. Which brings me to my first question, does anyone know the order of execution with a GPO? If one GPO has a software install, a script, and a regedit (Which shows up in GPMC as a whole extra category) which would go first? And is there a way to redirect that? For instance, you wouldn't want a filecopy from your script to go before the install, since the install would most likely copy over that custom file. Next question, for things like single file exe applications (Putty, Notepad2, etc) is there a good and simple way to make a dummy MSI installer? Let's use putty as an example. The software install part of the GPO would run the MSI which would just put the file in the right place and do all it's other magic. Next the regedits would go in place and setup custom sessions, and finally the script would copy over the privatekey and set permissions on it. I just can't figure out an easy way to create the dummy MSI file. I was kinda looking for something like WiX, where it's script based until you compile it. That would make it easy to add changes and standardize things. I guess I haven't given it enough time, but any suggestions would be great! In the end I would love to be able to install all my apps like this, even repackage provided MSI into this GPO MSI thing. What ya think?
  14. See, that's the one thing that worries me. I know it's possible, I believe I've seen whitepapers/tutorials on the net about it. But if anything would complicate it. SIS would be it. As I mentioned I have never done it myself, so I can't pesonally comment on it. I'll try and dig up some info on it later.
  15. Nope, I use it...but only on linux. Update - Misunderstood the problem, now should be what you want. I think you'll need to create a script to handle all this. Using your administrative install, your script would be something like this: RunWait(msiexec /i "apache2.msi") RunWait(httpd -k install "servicename") RunWait(httpd -k start) That is using the AutoIt syntax, but almost all scripting languages have the RunWait function. You wouldn't want to install the service until after it's installed, so that's why it's important. "servicename" should become the simple name that the service is called in windows. You can leave that option out to accept the defaults. I pulled most of this info from the apache documentation: http://httpd.apache.org/docs/2.2/platform/...ows.html#winsvc
  16. It sounds like you need to impliment a mix of RIS and DFS. RIS will handle the installs and deployment of the OS, and DFS will ensure that all of your servers have the same images. I've actually never done this so I can't give any pointers. I know with DFS you can regulate when it sync's files, so you could configure it to only do that after-hours like you want. And your zombie clients would just need to know how to hit the F12 key. They will need to login, but you could make a generic account that only has permissions to run RIS. The ZTI is a myth in my opinion...unless you are willing to shell out tons of money for a proprietary system. I think you'll have better long term success with what I am suggesting. And don't forget, RIS can handle the servers too!
  17. I don't know, I agree with Nois3. Disk Imaging to deploy on multiple platforms is not the best path. True there are ways around it, some scripting or possibly another third-party application/extension, but unattended is free and much more universal in the end. I use PXE to boot RIS which handles the XP setup routine which connects to the domain which runs GPO's to deploy and configure applications. The users have roaming profiles and folder redirection, so no data is saved on a client. With RIS\Unattended you can sit down at a client and reload the sucker in about 20-30 minutes with nothing more than booting from PXE. And this is with custom naming too, since RIS handles that, and much better than any other auto-naming solution I've used. And with RIS and Unattended you don't have to invest anything other than time if you already have a 2000 or 2003 server. As you mention the HAL issue can either be fixed or you can make various versions for each group of computers that is slightly different. That will eventually result in chaos with all the different versions. With Unattended you can bypass most of that and only have to deal with one image. Of course this depends on how crafty you are. Sysprep is a direct branch of Unattened too, and as you note it's necessary to run to deal with the SID issue of images. I do agree that applications need to be handled via some central point, like GPO or SMS. I typically deploy a very baseline system and use GPO's to handle the rest. I'm in the works of converting all my regtweaks into GPO's so I can eliminate most custom material from the install source.
  18. I can't comment on the other things, but I can explain what that line of code does. FOR %%D IN (d: e: f: g: h: i: j: k: l: m: n: o: p: q: r: s: t: u: v: w: x:) DO IF EXIST %%D\WIN51IP SET CDROM=%%D Essentially is scans everyone of those listed drive letters for the WIN51IP file. That file must be in the root of your UA CD, so the concept is that whatever drive has that in the root is most likely your CDROM. It then uses SET to create a system variable %CDROM% that you can use in your scripts and such.
  19. My whole network runs on Dell's, so I've been down this path already. In regards to the WPA, you can just pull four files of the Dell CD and use the corresponding CDKEY and make a new unattended install. This comes in handy when you want to do RIS or other installs that work better coming from a standard OEM copy. Dell modifies several files to add in RAID support, so certain tools and instructions may not work right from a Dell installation CD. The four files are: OEMBIOS.BI_ OEMBIOS.CA_ OEMBIOS.DA_ OEMBIOS.SI_ Copy those from the Dell CD's I386 folder and into the other install source's I386, overwriting any all files. I think the files somehow check the BIOS to make sure it's a Dell unit, and if it passes there is no Activation and the Genuine thing works fine. You need to use the CDKEY that they use on the Dell CD though, so don't forget to nab that from the slim winnt.sif file. This nice thing about this setup is if you use it on a non-Dell it will still install, and I think you can activate an OEM CDKEY by manually typing it in. These files will only work on an OEM copy, no Retail or Corp. I could be wrong on that, but I don't think so. You might be able to make a retail copy work if you mess with the SETUPP.INI, but that's a different topic.
  20. Should, because even after installation and WindowsUpdate and GenuineAdvantage it's still the same generic CDKEY for me. As long as the CDKEY mathces up with the correct OEMBIOS files, which check the unit to make sure it's a Dell then everything should work. If those all line up then it looks like activation is just done, haven't had an issue with it yet. And if those things don't add up then you still get an install but you have to activate.
  21. I fight with this all the time, and sadly I don't think there is any magic fix. Here are two tips though: 1. The PST file only contains your data, it doesn't do anything for your other settings like email servers and such. So you'll need to figure out how to handle this as well. There are these PRF files that you can create with the Office Resource Toolkit, but I never had much success with those. They are essentially text files that tell Outlook how to configure things, but it really only seems to work best when used in an Exchange environment. 2. There is a hidden registry setting that tells Outlook where to look for a PST file. So instead of %USERPROFILE&\Local Settings\Microsoft\Outlook you can change it to anywhere. Initially I thought this would save the day, and I could just put the Outlook.PST file in a this place and it will automatically hook into it. However, from what I've seen in real life it doesn't do this, but instead will create a new file, Outlook2.pst or something to that effect. The reg key is: HKCU\SOFTWARE\Microsoft\Office\11.0\Outlook\ForcePSTPath
  22. Don't hold me to it, but all you should need to do is replace the four OEMBIOS files in the I386 with the ones from the Dell OEM CD. What I would suggest doing is get a fresh, clean OEM install of XP Pro and create the RIS image from that. Then, after it's created it, use the files I mentioned above and copy them over. You'll also need to use the CDKEY that Dell uses in their WINNT.SIF for this to work. I haven't played with RIS in a while, but I think Dell does a few too many tweaks in their installations to use it as a source.
  23. I do the same as mazin does, I drop the exe (which I rename to foxit.exe) into a directory and then run an AutoIt script to handle all the dirty work. The bulk of it is registry changes, here is the script: RegWrite("HKCR\.pdf","","REG_SZ","FoxitReader.Document") RegWrite("HKCR\.pdf","Content Type","REG_SZ","application/pdf") RegWrite("HKCR\CLSID\{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}","","REG_SZ","PDF Document") RegWrite("HKCR\CLSID\{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}\AuxUserType\2") RegWrite("HKCR\CLSID\{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}\AuxUserType\3","","REG_SZ","Foxit Reader") RegWrite("HKCR\CLSID\{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}\DefaultExtension","","REG_SZ",".pdf, PDF Files(*.pdf)") RegWrite("HKCR\CLSID\{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}\DefaultIcon","","REG_SZ",$AFI_BASE&"\usr\"&$AFI_XXX&"\Foxit.exe,1") RegWrite("HKCR\CLSID\{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}\InprocHandler32","","REG_SZ","ole32.dll") RegWrite("HKCR\CLSID\{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}\LocalServer32") RegWrite("HKCR\CLSID\{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}\ProgID","","REG_SZ","FoxitReader.Document") RegWrite("HKCR\FoxitReader.Document","","REG_SZ","PDF Document") RegWrite("HKCR\FoxitReader.Document","BrowseInPlace","REG_SZ",1) RegWrite("HKCR\FoxitReader.Document\CLSID") RegWrite("HKCR\FoxitReader.Document\DefaultIcon","","REG_SZ",$AFI_BASE&"\usr\"&$AFI_XXX&"\Foxit.exe,1") RegWrite("HKCR\FoxitReader.Document\protocol\StdFileEditing\server") RegWrite("HKCR\FoxitReader.Document\protocol\StdFileEditing\server") RegWrite("HKCR\FoxitReader.Document\shell\open\command","","REG_SZ",'"'&$AFI_BASE&'\usr\'&$AFI_XXX&'\Foxit.exe" "%1"') RegWrite("HKCR\MIME\Database\Content Type\application/pdf","CLSID","REG_SZ","{14E8BBD8-1D1C-4D56-A4DA-D20B75EB814E}") RegWrite("HKCR\MIME\Database\Content Type\application/pdf","Extension","REG_SZ",".pdf") RegWrite("HKU\.Default\Software\Foxit Software\Foxit Reader\MainFrame","ShowEditorAd_908","REG_SZ",0) RegWrite("HKU\.Default\Software\Foxit Software\Foxit Reader\MainFrame","ShowReaderAd_908","REG_SZ",0) RegWrite("HKU\.Default\Software\Foxit Software\Foxit Reader\MainFrame","ShowTypewriterAd_908","REG_SZ",0) RegWrite("HKU\.Default\Software\Foxit Software\Foxit Reader\MainFrame","ShowPOAd_908","REG_SZ",0) RegWrite("HKU\.Default\Software\Foxit Software\Foxit Reader\MainFrame","ShowSDKAd_908","REG_SZ",0) RegWrite("HKCU\Software\Foxit Software\Foxit Reader\MainFrame","ShowEditorAd_908","REG_SZ",0) RegWrite("HKCU\Software\Foxit Software\Foxit Reader\MainFrame","ShowReaderAd_908","REG_SZ",0) RegWrite("HKCU\Software\Foxit Software\Foxit Reader\MainFrame","ShowTypewriterAd_908","REG_SZ",0) RegWrite("HKCU\Software\Foxit Software\Foxit Reader\MainFrame","ShowPOAd_908","REG_SZ",0) RegWrite("HKCU\Software\Foxit Software\Foxit Reader\MainFrame","ShowSDKAd_908","REG_SZ",0) You can't just use this one since I have my custom network paths, but you should be able to hack it. Oh, and there are some extra settings in there that disable the little pink ad bar. Since it's not changing anything I think it would be okay, but if a mod doesn't think it's cool I'll change it if they want me to. And yes, there are duplicates in there...some apply to the current user, and others to the default user profile. I do this because I don't run these installs during the unattended, but under a 'special' user I make for these tasks. Because of that the 'special' users profile is already created so it won't pull the reg settings from the default profile. Good luck!
  24. Or couldn't you make a .reg file that looks like this: Windows Registry Editor Version 5.00 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall] "applicationname"=- Check out the syntax here: http://support.microsoft.com/kb/310516/ Then all you would have to do is call the .reg from your script. Also, if you are targeting NT4 you'll need to change the header to the older style (Can't recall off hand what it is). Personally, I use a scripting language called AutoIt, and it has reg editing functions built into it. But that's too much work to learn that when you can use any of the solutions posted here. Good luck!
×
×
  • Create New...