When you have shares for multiple users, each of whom have permissions to different subfolders in that share, you might want to filter the view that the users would only see those contents which they can access.
To achieve this on Windows Server 2003 you'll need to install Access-based Enumeration.
When installed right click on the shared folder, go to the Access-based Enumeration tab and check the Enable access-based enumeration on this shared folder checkbox (screenshot).
Click Ok.
Downloads:
Windows Server 2003 Access-based Enumeration
Documentation
2008-10-28
Shares and subfolders permissions
Task:
Share a folder and make some of its subfolders available to one user group and not available to another user group which also has share permissions on the root folder.
The difficulty in this was that if I share "Folder 1" for "user group 1" with full permissions, then this "user group 1" is able to access all of "Folder 1" subfolders. It is because "Folder 1" inherits the "Security" permissions from it's root (in my case it was "Users (DOMAIN\Users)" with Read & Execute, List Folder Contents and Read permissions on "D:").
You need to remove these inheritable permissions.
To do this:
Right click the shared folder "Folder 1" and click on Properties.
Go to Security tab and click on Advanced button.
Clear the Allow inheritable permissions from the parent to propagate to this object... checkbox (screenshot).
At the prompt click Remove to remove inherited permissions (screenshot) and then specify your own.
Share a folder and make some of its subfolders available to one user group and not available to another user group which also has share permissions on the root folder.
The difficulty in this was that if I share "Folder 1" for "user group 1" with full permissions, then this "user group 1" is able to access all of "Folder 1" subfolders. It is because "Folder 1" inherits the "Security" permissions from it's root (in my case it was "Users (DOMAIN\Users)" with Read & Execute, List Folder Contents and Read permissions on "D:").
You need to remove these inheritable permissions.
To do this:
Right click the shared folder "Folder 1" and click on Properties.
Go to Security tab and click on Advanced button.
Clear the Allow inheritable permissions from the parent to propagate to this object... checkbox (screenshot).
At the prompt click Remove to remove inherited permissions (screenshot) and then specify your own.
2008-10-25
Remote Desktop saved Credentials does not work
If you are using Remote Desktop you should be aware that you can save your credentials to be able to connect without entering user name and password each time. But for some reason sometimes it does not work.
You try to connect with you saved credentials and a logon screen pops up with the message at the bottom that "The logon attempt failed". (screenshot)
This is because you entered wrong credentials first time and they were saved, so you need to delete your credentials, enter them again and choose to remember them.
However I was not able to do that, as many times as I tried to delete my credentials and then enter correct ones and save them, when reloging I always got "The logon attempt failed".
So I had to use hostname instead of IP address, when connecting, to be able to save my correct credentials and then successfully relogon without having to enter my password.
Links:
http://blogs.msdn.com/ts/archive/2007/01/22/vista-remote-desktop-connection-authentication-faq.aspx#_Saved_credentials_do
You might want to try this if above information does not solve your problem:
http://alinconstantin.blogspot.com/2007/08/terminal-service-client-not-using-saved.html
You try to connect with you saved credentials and a logon screen pops up with the message at the bottom that "The logon attempt failed". (screenshot)
This is because you entered wrong credentials first time and they were saved, so you need to delete your credentials, enter them again and choose to remember them.
However I was not able to do that, as many times as I tried to delete my credentials and then enter correct ones and save them, when reloging I always got "The logon attempt failed".
So I had to use hostname instead of IP address, when connecting, to be able to save my correct credentials and then successfully relogon without having to enter my password.
Links:
http://blogs.msdn.com/ts/archive/2007/01/22/vista-remote-desktop-connection-authentication-faq.aspx#_Saved_credentials_do
You might want to try this if above information does not solve your problem:
http://alinconstantin.blogspot.com/2007/08/terminal-service-client-not-using-saved.html
Disk check running everytime Windows starts
Sometimes you might face a situation when disk check is running at computer boot up and it hangs (probably due to HDD problems) and can not complete successfully, so after you restart your computer the disk check is being run again, so you need to manually cancel it every time to be able to boot into Windows.
In this situation you might want to disable auto disk checking at booting.
To disable disk checking every time you turn on your PC:
Open command promt (win+R, type cmd and hit Enter)
enter command
More detailed explanation and causes for this behavior might be found here:
http://www.pcadvisor.co.uk/forums/index.cfm?action=showthread&threadid=231103&forumid=1
In this situation you might want to disable auto disk checking at booting.
To disable disk checking every time you turn on your PC:
Open command promt (win+R, type cmd and hit Enter)
enter command
chkntfs /X C:
(screenshot) where C: is the letter of the disk you're having problem with.
More detailed explanation and causes for this behavior might be found here:
http://www.pcadvisor.co.uk/forums/index.cfm?action=showthread&threadid=231103&forumid=1
OWA login requires "domain\username". How to login wit "username" only?
When logging on to my exchange 2007 server OWA, I need to enter "domain\username", I want to be able to log in by using "username" alone.
So here is how I did that:
Open Exchange Management Console, expand Server Configuration and find Outlook Web Access tab in Client Access. Double click "OWA (Default Web Site)" and go to Authentication tab. Uncheck "Integrated Windows authentication" box (screenshot) and click OK.
Open your webmail and try to log in without specifying a "domain\" in your User Name.
So here is how I did that:
Open Exchange Management Console, expand Server Configuration and find Outlook Web Access tab in Client Access. Double click "OWA (Default Web Site)" and go to Authentication tab. Uncheck "Integrated Windows authentication" box (screenshot) and click OK.
Open your webmail and try to log in without specifying a "domain\" in your User Name.
2008-10-24
Activesync error 0x85010001
User was getting this error code on his mobile device when trying to synchronize.
Temporary solution achieved by disabling Windows Authentication (screenshot) for Microsoft-Server-ActiveSync in IIS Manager.
Temporary solution achieved by disabling Windows Authentication (screenshot) for Microsoft-Server-ActiveSync in IIS Manager.
2008-10-21
No "Wireless Networks" tab in "Wireless Network Connections Properties"?
When you open your "Wireless Network Connection Properties" you can not find "Wireless Networks" tab. When Viewing Available Wireless Networks Windows tells you that you need to start "Wireless Zero Configuration" (WZC) service .
But when you try to do that you get an error:
Could not start the Wireless Zero Configuration service on Local Computer. Error 1068: The dependency service or group failed to start.
To solve this problem you need to modify registry.
Start->Run->type "Regedit" and hit Enter.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio
then right click on "Start" DWORD in the right window and choose Modify. Change "Data Value" to 1, 2 or 3.
Restart your computer and check if you can start WZC service and configure your wireless connection.
Links:
http://predicatet.blogspot.com/2008/03/could-not-start-wireless-zero.html
But when you try to do that you get an error:
Could not start the Wireless Zero Configuration service on Local Computer. Error 1068: The dependency service or group failed to start.
To solve this problem you need to modify registry.
Start->Run->type "Regedit" and hit Enter.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio
then right click on "Start" DWORD in the right window and choose Modify. Change "Data Value" to 1, 2 or 3.
Restart your computer and check if you can start WZC service and configure your wireless connection.
Links:
http://predicatet.blogspot.com/2008/03/could-not-start-wireless-zero.html
2008-10-18
Schedule shutdown or restart for Windows XP via cmd
Sometimes you may wish to schedule your PC to turn off automatically after certain amount of time. For example when you're watching a movie in the late evening and don't know if you won't fall asleep before the movie ends :)
You can schedule your PC to turn off in the following way:
Start->Run
type: "shutdown -s -t xxxx" (for shutdown)and hit Enter
type: "shutdown -r -t xxxx" (for reboot)and hit Enter
where xxxx is amount of time in seconds.
If for some reason you changed your mind and want to cancel the scheduled shut down just run command "shutdown -a" to abort.
Example:
if you would like to shut down your computer in one hour, you would use this command:
shutdown -s -t 3600
You can schedule your PC to turn off in the following way:
Start->Run
type: "shutdown -s -t xxxx" (for shutdown)and hit Enter
type: "shutdown -r -t xxxx" (for reboot)and hit Enter
where xxxx is amount of time in seconds.
If for some reason you changed your mind and want to cancel the scheduled shut down just run command "shutdown -a" to abort.
Example:
if you would like to shut down your computer in one hour, you would use this command:
shutdown -s -t 3600
DIsable User Account Control (UAC) in Windows Vista
UAC prompts are probably the most annoying thing for those who just upgraded their OS to Windows Vista.
Here is one method of disabling it.
Start->Run (or win+R).
Type msconfig and hit Enter.
Open Tools tab, scroll down and select Disable User Account Control (requires reboot).
Hit Launch and restart computer when finished.
More methods:
http://www.petri.co.il/disable_uac_in_windows_vista.htm
Here is one method of disabling it.
Start->Run (or win+R).
Type msconfig and hit Enter.
Open Tools tab, scroll down and select Disable User Account Control (requires reboot).
Hit Launch and restart computer when finished.
More methods:
http://www.petri.co.il/disable_uac_in_windows_vista.htm
2008-10-15
Login into Windows Vista Home as Administrator by default
Getting frustrated by prompts to run certain programs as Administrator even when his user account is an Administrator level, my roommate today asked me if he could login to his Vista Home laptop as Administrator by default.
I could not find Local Users and Groups in Computer Management. It appears Home edition of Windows Vista does not allow you to manage users in this way.
So if you want to login as Administrator by default without having to choose user at welcome screen, you need to enable Administrator account which is disabled by default and disable any other accounts currently on the computer.
This can be done via CMD.
1. Press win+r (or alternatively go Start->Run...).
2. Type cmd and press enter.
3. In the command window enter command:
net user administrator /active:yes
You have enabled Administrator account. Log off and login with the Administrator account. Now you need to disable or delete other users.
To disable user:
Repeat steps 1 and 2 above.
enter command:
net user username /active:no
To delete user:
Go to Control Panel->User Accounts.
Choose Manage Other Accounts.
Choose the account you want to delete and then click on Delete The Account.
Restart the computer, you should get logged in as an Administrator without any prompts.
Links:
http://en.kioskea.net/faq/sujet-300-access-the-hidden-administrator-account-in-windows-vista
I could not find Local Users and Groups in Computer Management. It appears Home edition of Windows Vista does not allow you to manage users in this way.
So if you want to login as Administrator by default without having to choose user at welcome screen, you need to enable Administrator account which is disabled by default and disable any other accounts currently on the computer.
This can be done via CMD.
1. Press win+r (or alternatively go Start->Run...).
2. Type cmd and press enter.
3. In the command window enter command:
net user administrator /active:yes
You have enabled Administrator account. Log off and login with the Administrator account. Now you need to disable or delete other users.
To disable user:
Repeat steps 1 and 2 above.
enter command:
net user username /active:no
To delete user:
Go to Control Panel->User Accounts.
Choose Manage Other Accounts.
Choose the account you want to delete and then click on Delete The Account.
Restart the computer, you should get logged in as an Administrator without any prompts.
Links:
http://en.kioskea.net/faq/sujet-300-access-the-hidden-administrator-account-in-windows-vista
Problem installing Windows Server 2003 / Windows XP
Encountered a problem during install of windows server 2003. I mentioned in the title Windows XP also because when I googled for solution (which was rather simple) to this problem I've found that people had exact same problem installing windows XP.
After I've chosen partition to install to and setup begun copying files to hard disk I've got an error "setup cannot copy the file: msdart.dll" (I guess it could be any file)
pressed enter to Retry, temporary skipped/copied this file, but then I got the same error for file driver.cab.
The cause of this turns out to be as simple as unclean CD.
Opened my cd-rom, cleaned the CD, put it back in and pressed Enter to Retry and continue installation.
From this point everything went smooth.
Links:
http://www.geekstogo.com/forum/Problem-installing-Windows-XP-Pro-t36332.html
After I've chosen partition to install to and setup begun copying files to hard disk I've got an error "setup cannot copy the file: msdart.dll" (I guess it could be any file)
pressed enter to Retry, temporary skipped/copied this file, but then I got the same error for file driver.cab.
The cause of this turns out to be as simple as unclean CD.
Opened my cd-rom, cleaned the CD, put it back in and pressed Enter to Retry and continue installation.
From this point everything went smooth.
Links:
http://www.geekstogo.com/forum/Problem-installing-Windows-XP-Pro-t36332.html
Access your website without www in front
Today I had an assignment to make a site accessible without www in front of it.
As I am IT noob it was new for me so it took me some time.
So what you need to do is create a new Host (A) type DNS record which will point to your web server.
In Windows Server 2003 DNS role it is done like this:
1. Go to Administrative Tools and open DNS.
2. Navigate to Forward Lookup Zones and find the domain you want to make accessible without www.
3. Right click this domain folder and choose New Host (A).
4. Leave the Name field blank (will be the same as parent folder).
5. Enter IP address of your web server in the IP Address field and click Add Host.
If you host multiple sites on your web server you will probably need to do the following (if you host on IIS 6.0):
1. Open IIS manager on your web server.
2. Navigate to Web Sites and find your site.
3. Right click and open Properties.
4. On the Web Site tab next to IP Address click Advanced... button.
5. There you should already see "www.yourdomain.com" record, click Add and enter yourdomain.com in the Host Header value field. Click OK, close all dialogs and check if it works.
Links:
http://www.boutell.com/newfaq/creating/withoutwww.html
As I am IT noob it was new for me so it took me some time.
So what you need to do is create a new Host (A) type DNS record which will point to your web server.
In Windows Server 2003 DNS role it is done like this:
1. Go to Administrative Tools and open DNS.
2. Navigate to Forward Lookup Zones and find the domain you want to make accessible without www.
3. Right click this domain folder and choose New Host (A).
4. Leave the Name field blank (will be the same as parent folder).
5. Enter IP address of your web server in the IP Address field and click Add Host.
If you host multiple sites on your web server you will probably need to do the following (if you host on IIS 6.0):
1. Open IIS manager on your web server.
2. Navigate to Web Sites and find your site.
3. Right click and open Properties.
4. On the Web Site tab next to IP Address click Advanced... button.
5. There you should already see "www.yourdomain.com" record, click Add and enter yourdomain.com in the Host Header value field. Click OK, close all dialogs and check if it works.
Links:
http://www.boutell.com/newfaq/creating/withoutwww.html
Users unable to send mail via outlook (550 5.7.1 Client does not have permissions to send as this sender)
Had this problem on my exchange 2007 server (hub transport role) for a long time.
Some users could receive mail, but when trying to send using POP3 or IMAP outlook account they got '550 5.7.1 Client does not have permissions to send as this sender' error. They could send and receive emails fine when logged into OWA.
This problem seems to have something with SMTP authentication, the workaround I was using was letting those users to open relay on my server, but recently my server started sending spam so I was forced to look for solution to this problem once again (I've tried to resolve this problem before, but unsuccessfully).
I had configured send connector, also receive connector, but nothing seemed to work. Today browsing the web for answer I think I finally got it to work.
Following information found on the web I've opened Exchange Management Shell and ran this cmdlet:
get-receiveconnector "receive_connector_name" | add-adpermission -user AU -extendedrights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
Tried to send email again and it disappeared from the outbox.
Links:
http://www.exchangeninjas.com/TUPMServerResponses
http://forums.msexchange.org/m_1800412481/printable.htm
Some users could receive mail, but when trying to send using POP3 or IMAP outlook account they got '550 5.7.1 Client does not have permissions to send as this sender' error. They could send and receive emails fine when logged into OWA.
This problem seems to have something with SMTP authentication, the workaround I was using was letting those users to open relay on my server, but recently my server started sending spam so I was forced to look for solution to this problem once again (I've tried to resolve this problem before, but unsuccessfully).
I had configured send connector, also receive connector, but nothing seemed to work. Today browsing the web for answer I think I finally got it to work.
Following information found on the web I've opened Exchange Management Shell and ran this cmdlet:
get-receiveconnector "receive_connector_name" | add-adpermission -user AU -extendedrights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
Tried to send email again and it disappeared from the outbox.
Links:
http://www.exchangeninjas.com/TUPMServerResponses
http://forums.msexchange.org/m_1800412481/printable.htm
The purpose and idea behind the ITowns blog
Hi,
my name is Aurimas and I work in small IT company in Lithuania.
I am conditionally new to IT so I encounter bigger or smaller challenges in my work everyday. To overcome them I use different methods and sources of information, but mostly of course I search the web.
Sometimes when the task I need to accomplish is really new and unknown to me I follow some (sometimes not easy to find) step by step guide on the web, but after some time I may need to repeat the same task and of course I do not always remember how I did it last time :)
So I need to spend a lot of time searching the web again (I'm lucky if I have added it to my favorites, but if not...).
So the purpose of this blog is to gather this information about my everyday challenges to a single place for further use, so I don't need to search the web again.
Also to help find solution or to give the right direction to anyone else facing similar problems.
I hope someone will find this blog useful :)
p.s. English is not my native language so feel free to correct me where needed :)
my name is Aurimas and I work in small IT company in Lithuania.
I am conditionally new to IT so I encounter bigger or smaller challenges in my work everyday. To overcome them I use different methods and sources of information, but mostly of course I search the web.
Sometimes when the task I need to accomplish is really new and unknown to me I follow some (sometimes not easy to find) step by step guide on the web, but after some time I may need to repeat the same task and of course I do not always remember how I did it last time :)
So I need to spend a lot of time searching the web again (I'm lucky if I have added it to my favorites, but if not...).
So the purpose of this blog is to gather this information about my everyday challenges to a single place for further use, so I don't need to search the web again.
Also to help find solution or to give the right direction to anyone else facing similar problems.
I hope someone will find this blog useful :)
p.s. English is not my native language so feel free to correct me where needed :)
Subscribe to:
Posts (Atom)