Microsoft Virtualization for Dummies

Learn about Microsoft Virtualization stack in 15 mins and in the simplest form-

 

-Server Virtualization

-Application Virtualization

-Presentation Virtualization

-Desktop Virtualization

-Hyper-V

-System Center Virtual Machine Manager (SCVMM)

 

here:

http://www.microsoft.com/learning/_silverlight/learningsnacks/virtualization/snack01/Default.html 

 

Active Directory Unattended Installation using an Answer File

Active Directory Unattended Installation using an Answer File

 

Answer File for creating a New Forest

1. Open Notepad or any text editor.
2. Type the following entries, one entry in each line:

    

   [DCINSTALL]

   InstallDNS=yes

   NewDomain=forest

   NewDomainDNSName=<fully qualified DNS Name>

   DomainNetBiosName=<first label of the FQDN, by default>

   ReplicaOrNewDomain=domain

   ForestLevel=<forest functional level number>

   DomainLevel=<domain functional level number>

   DatabasePath=<path to a folder on local volume, surrounded by double quotation marks>

   LogPath=<path to a folder on a local volume, surrounded by double quotation marks>

   RebootOnCompletion=yes

   SYSVOLPath=<path to a folder on local volume, surrounded by double quotation marks>

   SafeModeAdminPassword=<password>

    

3. Save the answer file to the location on the installation server from which it is to be called by Dcpromo.
4. To install a new domain controller by using the answer file created above, at the command prompt, type the following and then press ENTER:

    

   dcpromo /unattend:"path to the answer file"

Installing a new forest by entering the unattended installation parameters at the command line

Suppose you have an answer file that lists a blank Directory Services Restore Mode password like:

SafeModeAdminPassword=

Then you can supply the value for this password at the command prompt like:

dcpromo /unattend:"path to answer file"SafeModeAdminPassword=C^n3478#9k

Every time you supply the value of a parameter from the command line, the value of the corresponding entry in the answer file gets overwritten by the value given at the command prompt.

You can therefore install a new domain controller for a new forest by entering all required unattended parameters at the command line:

dcpromo /autoConfigDNS:yes /dnsOnNetwork:yes /replicaOrNewDomain:domain /newDomain:forest /newDomainDNSName:contoso.com /DomainNetbiosName:contoso /databasePath:"e:ntds" /logPath:"e:ntdslogs" /sysvolPath:"g:sysvol" /safeModeAdminPassword:GH^&898# /forestLevel:2 /domainLevel:2 /rebootOnCompletion:yes

Forest Functional Levels

Level Number	Forest Functional Level	Supported Domain Controllers
1	Windows 2000	Windows Server 2008 Windows Server 2003 Windows Server 2000
2	Windows 2003	Windows Server 2008 Windows Server 2003
3	Windows 2008	Windows Server 2008

 

Domain Functional Levels

Level Number	Domain Functional Level	Supported Domain Controllers
1	Windows 2000 native	Windows 2000 Windows 2003 Windows 2008
2	Windows Server 2003	Windows Server 2003 Windows Server 2008
3	Windows Server 2008	Windows Server 2008

 

Answer File for creating a new Windows Server 2008 Child Domain

1. Open Notepad or any text editor.
2. Type the following entries, one entry in each line:

    

   [DCINSTALL]

   ParentDomainDNSName=<FQDN of the parent domain>

   UserName=<administrative account in the parent domain>

   Password=<specify * to have the user be prompted for credentials during

   installation>

   NewDomain=child

   ChildName=<Single-label DNS name for the new domain>

   DomainNetBiosName=<first label of the FQDN, by default>

   ReplicaOrNewDomain=domain

   DomainLevel=<domain functional level number; value cannot be lower than the current

            functional level value of the forest >

   DatabasePath=<path to a folder on local volume, surrounded by double quotation marks>

   LogPath=<path to a folder on a local volume, surrounded by double quotation marks>

   RebootOnCompletion=yes

   SYSVOLPath=<path to a folder on local volume, surrounded by double quotation marks>

   InstallDNS=yes

   DNSDelegation=yes

   DNSDelegationUserName=<DNS administrator account in the parent domain;specify *

   to have the user be prompted for credentials at the run time>

   DNSDelegationPassword=<password of the account specified above or *>

   SafeModeAdminPassword=<password>

   RebootOnCompletion=yes

    

3. Save the answer file to the location on the installation server from which it is to be called by Dcpromo.
4. To install a new domain controller by using the answer file created above, at the command prompt, type the following and then press ENTER:

    

   dcpromo /unattend:"path to the answer file"

 

References: http://technet2.microsoft.com/windowsserver2008

Setting up Windows Server 2008 Domain controller in your Network

1. New Server Operating System Installation Options
   

1. Full Installation of Windows Server 2008
2. Server Core installation of Windows Server 2008

    

   1. Creating a new Windows Server 2008 Forest
      

Upgrades to Windows Server 2008

From	To Windows Server 2008
Windows Server 2003	ü
Windows Server 2000	ü
Windows NT Server 4.0 Domain Controller	×
Windows NT Server 4.0	×

 

Points to Remember:

1. First Windows Server 2008 Domain Controller in the forest must be a Global Catalog Server
2. First Windows Server 2008 Domain Controller in the forest cannot be an RODC.

   1. Installing a Windows Server 2008 Domain Controller as an additional DC in an existing Windows Server 2003/2000 domain
      

 

First Win 2008 DC in	Run	On
Windows 2003/2000 Forest	adprep /forestprep	Operations Master
Windows 2003 Domain	adprep /domainprep	Infrastructure Master
Windows 2000 Domain	adprep /domainprep /gpprep	Infrastructure Master
Win 2008 RODC in 2003/ 2000 Domain	adprep /rodcprep	Any computer in the forest
Win 2008 RODC that will be GC	adprep /domainprep	Infrastructure Master In all domains in the forest

 

Note: while running adprep /rodcprep command on a computer, you receive an error message informing that not all application partitions have been updated, the rerun adprep /rodcprep command.

1. Active Directory Services on Windows Server 2008 can be installed using:
   

1. Initial Configuration Tasks
2. Server Manager
3. From command line by running – dcpromo

   1. New Active Directory Installation Options in Windows Server 2008
      

 

Option	In Windows Server 2000/2003	In Windows Server 2008
DNS Server	Installation offered if needed	Installation and Configuration is automatic if needed
Global Catalog Server	Not an option during AD installation	Can select this option during AD installation in the wizard
RODC (Read-Only Domain Controller)	–	- First DC in forest cannot be RODC - RODC must replicate from a writable Windows Server 2008 DC

 

How to create MSI packages for Software Distribution

Using  WINSTALL LE to create MSI Packages

 

Steps:

 

1. Install Winstall LE from Windows 2000 Server CD >> Support > ValueAdd > Third Party > WINSTLE > SWIADMLE.msi 
2. The install process installs Veritas Software folder in the Start Menu which provide 2 options:-
1.  Veritas Discover
2. Veritas Software Console.
3. Make sure you have all the files including the .exe file for the software you need to create MSI package for. For example :  c:softwaresrpsetup.exe
4. For the first time run the Veritas Discover from the start menu options above. This starts the Discover Wizard.
5. Enter the name of the software whose MSI you wish to create and provide the path of the .exe file for it on the first page after the welcome screen.
6. Choose which drives you wish to be scanned for changes after the software has been installed. (Choose the drive where you will install your software or if not sure, select all.)
7. Choose the name of the .msi file and the location where you wish it to be saved. Click Next.
8. The discover wizard takes a Before snapshot of the selected drives and the registry.
9. After the before snapshot completes, the wizard prompts you to run the setup.exe for the software to install it on the system. Run and install the software.
10. After the installation is complete, close all the running application windows, and run Veritas Discover again. This time the wizard prompts you to run the After snapshot of the system to create MSI package for the selected software. Run the after snapshot. The system takes a anapshot of the changes made to the system registry and any changes made to the selected drive(s).
11. After successful completion of the snapshot it places the MSI file for the package in the selected path. The MSI package is ready for distribution through SMS or Group Policy in your network.
12. In order to modify the way the package is deployed, open  the MSI package in the Veritas Software Console, and add features and components as desired.

Enjoy….

Group Policy Loopback Settings

User Group Policy Looback Processing

 

As the name suggests, the policy named “User group policy loopback processing mode” if enabled, allows an administrator to decide what a user would be able to do on an important computer.

Important computers in the corporate network may be computers placed in the server room, or laboratory or in the administration department.

Normally a domain user is allowed to logon to any computer which is part of the domain to which the user belongs.

Consider a scenario:

                                           

+ABCMarketing.com

                  +Sales OU

                            Shankar

                            Raman

                            ComputerS1

                            ComputerS2

                  +Marketing OU

                            Shyam

                            ComputerM1

                  +Administration OU

                            Ahmad

                            SQLServer

 

 

Group Policies at Marketing OU:

            Computer Configuration

            User Configuration:  Hide all icons on the desktop                 Enabled

                                              Allow only following Windows Applications       

                                                                        Winword.exe

                                                                         Excel.exe

                                                                         cmd.exe

                                                                         freecell.exe

                                                                                   

Group Policies at Administration OU:

Scenario 1:

            Computer Configuration

User Policy Loopback processing    Enabled

mode:Replace

            User Configuration:   Hide My Computer icon from desktop Disabled

                                                Do not allow following Windows Applications  

                                                                        Freecell.exe

                                                                        Sol.exe

                                                                        Iexplore.exe

 

Result for Scenario 1: When Shyam (from Marketing OU) logs on to SQL Server (in Administration OU):

 

Resultant User Policies for Shyam:

                        Icons visible on the desktop                  All

                        Applications usable               All on the computer except freecell,

solitare and internet explorer.

 

 

Scenario 2:

            Computer Configuration

User Policy Loopback processing          Enabled

                                                             mode: Merge

            User Configuration:   Hide My Computer icon from desktop Disabled

                                                Do not allow following Windows Applications  

                                                                        Freecell.exe

                                                                        Sol.exe

                                                                        Iexplore.exe

 

 

Result for Scenario 2: When Shyam (from Marketing OU) logs on to SQL Server (in Administration OU):

 

Resultant User Policies for Shyam:

                        Icons visible on the desktop                  My Computer

                        Applications usable                               Winword.exe

                                                                               Excel.exe

                                                                               Cmd.exe

 

 

How?

The loopback policy enabled in the Replace mode replaces the Shyam’s User policies from his own OU (Marketing) with the User Configuration Policies of the SQL Server’s OU (Administration).Hence Shaym’s own user policies are not applied at all.

The loopback policy enabled in the Merge mode, appends the User Configuration policies of the Administration OU (Server’s OU) at the end of the User Configuration Policies of the Marketing OU (Shyam’s OU). Hence Shyam gets all his user policies but in case where there is a conflict, the user policies  from the Administration OU take precedence as they are applied at the end.