When viewing shared folder contents users should be able to see only those subfolders they have access to

When you have shares for multiple users, each of whom have permissions to different subfolders in that share, you might want to filter the view that the users would only see those contents which they can access.

To achieve this on Windows Server 2003 you'll need to install Access-based Enumeration.

When installed right click on the shared folder, go to the Access-based Enumeration tab and check the Enable access-based enumeration on this shared folder checkbox (screenshot).
Click Ok.

Windows Server 2003 Access-based Enumeration

Shares and subfolders permissions

Share a folder and make some of its subfolders available to one user group and not available to another user group which also has share permissions on the root folder.

The difficulty in this was that if I share "Folder 1" for "user group 1" with full permissions, then this "user group 1" is able to access all of "Folder 1" subfolders. It is because "Folder 1" inherits the "Security" permissions from it's root (in my case it was "Users (DOMAIN\Users)" with Read & Execute, List Folder Contents and Read permissions on "D:").
You need to remove these inheritable permissions.

To do this:
Right click the shared folder "Folder 1" and click on Properties.
Go to Security tab and click on Advanced button.
Clear the Allow inheritable permissions from the parent to propagate to this object... checkbox (screenshot).
At the prompt click Remove to remove inherited permissions (screenshot) and then specify your own.


Remote Desktop saved Credentials does not work

If you are using Remote Desktop you should be aware that you can save your credentials to be able to connect without entering user name and password each time. But for some reason sometimes it does not work.
You try to connect with you saved credentials and a logon screen pops up with the message at the bottom that "The logon attempt failed". (screenshot)
This is because you entered wrong credentials first time and they were saved, so you need to delete your credentials, enter them again and choose to remember them.
However I was not able to do that, as many times as I tried to delete my credentials and then enter correct ones and save them, when reloging I always got "The logon attempt failed".
So I had to use hostname instead of IP address, when connecting, to be able to save my correct credentials and then successfully relogon without having to enter my password.


You might want to try this if above information does not solve your problem:

Disk check running everytime Windows starts

Sometimes you might face a situation when disk check is running at computer boot up and it hangs (probably due to HDD problems) and can not complete successfully, so after you restart your computer the disk check is being run again, so you need to manually cancel it every time to be able to boot into Windows.
In this situation you might want to disable auto disk checking at booting.

To disable disk checking every time you turn on your PC:
Open command promt (win+R, type cmd and hit Enter)
enter command
chkntfs /X C:
(screenshot) where C: is the letter of the disk you're having problem with.

More detailed explanation and causes for this behavior might be found here:

OWA login requires "domain\username". How to login wit "username" only?

When logging on to my exchange 2007 server OWA, I need to enter "domain\username", I want to be able to log in by using "username" alone.
So here is how I did that:
Open Exchange Management Console, expand Server Configuration and find Outlook Web Access tab in Client Access. Double click "OWA (Default Web Site)" and go to Authentication tab. Uncheck "Integrated Windows authentication" box (screenshot) and click OK.
Open your webmail and try to log in without specifying a "domain\" in your User Name.


Activesync error 0x85010001

User was getting this error code on his mobile device when trying to synchronize.
Temporary solution achieved by disabling Windows Authentication (screenshot) for Microsoft-Server-ActiveSync in IIS Manager.


No "Wireless Networks" tab in "Wireless Network Connections Properties"?

When you open your "Wireless Network Connection Properties" you can not find "Wireless Networks" tab. When Viewing Available Wireless Networks Windows tells you that you need to start "Wireless Zero Configuration" (WZC) service .
But when you try to do that you get an error:
Could not start the Wireless Zero Configuration service on Local Computer. Error 1068: The dependency service or group failed to start.

To solve this problem you need to modify registry.
Start->Run->type "Regedit" and hit Enter.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio
then right click on "Start" DWORD in the right window and choose Modify. Change "Data Value" to 1, 2 or 3.
Restart your computer and check if you can start WZC service and configure your wireless connection.



Schedule shutdown or restart for Windows XP via cmd

Sometimes you may wish to schedule your PC to turn off automatically after certain amount of time. For example when you're watching a movie in the late evening and don't know if you won't fall asleep before the movie ends :)

You can schedule your PC to turn off in the following way:

type: "shutdown -s -t xxxx" (for shutdown)and hit Enter
type: "shutdown -r -t xxxx" (for reboot)and hit Enter
where xxxx is amount of time in seconds.

If for some reason you changed your mind and want to cancel the scheduled shut down just run command "shutdown -a" to abort.

if you would like to shut down your computer in one hour, you would use this command:
shutdown -s -t 3600

DIsable User Account Control (UAC) in Windows Vista

UAC prompts are probably the most annoying thing for those who just upgraded their OS to Windows Vista.
Here is one method of disabling it.

Start->Run (or win+R).
Type msconfig and hit Enter.
Open Tools tab, scroll down and select Disable User Account Control (requires reboot).
Hit Launch and restart computer when finished.

More methods:


Login into Windows Vista Home as Administrator by default

Getting frustrated by prompts to run certain programs as Administrator even when his user account is an Administrator level, my roommate today asked me if he could login to his Vista Home laptop as Administrator by default.

I could not find Local Users and Groups in Computer Management. It appears Home edition of Windows Vista does not allow you to manage users in this way.

So if you want to login as Administrator by default without having to choose user at welcome screen, you need to enable Administrator account which is disabled by default and disable any other accounts currently on the computer.

This can be done via CMD.
1. Press win+r (or alternatively go Start->Run...).
2. Type cmd and press enter.
3. In the command window enter command:
net user administrator /active:yes

You have enabled Administrator account. Log off and login with the Administrator account. Now you need to disable or delete other users.

To disable user:
Repeat steps 1 and 2 above.
enter command:
net user username /active:no

To delete user:
Go to Control Panel->User Accounts.
Choose Manage Other Accounts.
Choose the account you want to delete and then click on Delete The Account.

Restart the computer, you should get logged in as an Administrator without any prompts.


Problem installing Windows Server 2003 / Windows XP

Encountered a problem during install of windows server 2003. I mentioned in the title Windows XP also because when I googled for solution (which was rather simple) to this problem I've found that people had exact same problem installing windows XP.
After I've chosen partition to install to and setup begun copying files to hard disk I've got an error "setup cannot copy the file: msdart.dll" (I guess it could be any file)
pressed enter to Retry, temporary skipped/copied this file, but then I got the same error for file driver.cab.
The cause of this turns out to be as simple as unclean CD.
Opened my cd-rom, cleaned the CD, put it back in and pressed Enter to Retry and continue installation.
From this point everything went smooth.


Access your website without www in front

Today I had an assignment to make a site accessible without www in front of it.
As I am IT noob it was new for me so it took me some time.
So what you need to do is create a new Host (A) type DNS record which will point to your web server.

In Windows Server 2003 DNS role it is done like this:

1. Go to Administrative Tools and open DNS.
2. Navigate to Forward Lookup Zones and find the domain you want to make accessible without www.
3. Right click this domain folder and choose New Host (A).
4. Leave the Name field blank (will be the same as parent folder).
5. Enter IP address of your web server in the IP Address field and click Add Host.

If you host multiple sites on your web server you will probably need to do the following (if you host on IIS 6.0):

1. Open IIS manager on your web server.
2. Navigate to Web Sites and find your site.
3. Right click and open Properties.
4. On the Web Site tab next to IP Address click Advanced... button.
5. There you should already see "www.yourdomain.com" record, click Add and enter yourdomain.com in the Host Header value field. Click OK, close all dialogs and check if it works.


Users unable to send mail via outlook (550 5.7.1 Client does not have permissions to send as this sender)

Had this problem on my exchange 2007 server (hub transport role) for a long time.
Some users could receive mail, but when trying to send using POP3 or IMAP outlook account they got '550 5.7.1 Client does not have permissions to send as this sender' error. They could send and receive emails fine when logged into OWA.
This problem seems to have something with SMTP authentication, the workaround I was using was letting those users to open relay on my server, but recently my server started sending spam so I was forced to look for solution to this problem once again (I've tried to resolve this problem before, but unsuccessfully).

I had configured send connector, also receive connector, but nothing seemed to work. Today browsing the web for answer I think I finally got it to work.

Following information found on the web I've opened Exchange Management Shell and ran this cmdlet:
get-receiveconnector "receive_connector_name" | add-adpermission -user AU -extendedrights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

Tried to send email again and it disappeared from the outbox.


The purpose and idea behind the ITowns blog

my name is Aurimas and I work in small IT company in Lithuania.
I am conditionally new to IT so I encounter bigger or smaller challenges in my work everyday. To overcome them I use different methods and sources of information, but mostly of course I search the web.
Sometimes when the task I need to accomplish is really new and unknown to me I follow some (sometimes not easy to find) step by step guide on the web, but after some time I may need to repeat the same task and of course I do not always remember how I did it last time :)
So I need to spend a lot of time searching the web again (I'm lucky if I have added it to my favorites, but if not...).

So the purpose of this blog is to gather this information about my everyday challenges to a single place for further use, so I don't need to search the web again.
Also to help find solution or to give the right direction to anyone else facing similar problems.

I hope someone will find this blog useful :)

p.s. English is not my native language so feel free to correct me where needed :)