Wednesday, December 20, 2006

VMWARE: How to setup ESX 3.0 to automatically start Virtual Machines

How to setup VMware ESX 3.0 to automatically start Virtual Machines when the ESX host server reboots:

Highlight the host server.
Go to Configuration.
Go to Virtual Machine Startup/Shutdown.
Click in Properties.
Check Allow virtual machines to start and stop automatically with the system.

Tuesday, December 19, 2006

CTX: Clear Persistent Orphaned Printers in Roaming Profiles

How to Clear Persistent Orphaned Printers in Roaming Profiles in Citrix Servers

To remove orphan printer from roamming profiles you must edit usrlogon.cmd on the Citrix servers and add these entries.

echo Yreg DELETE HKCU\Printers\DevModes2 /va /f
echo Yreg DELETE HKCU\Printers\DevModePerUser /va /f
echo Yreg DELETE HKCU\Printers\ /va /f
echo Yreg DELETE HKCU\Printers\connections
echo Yreg DELETE HKCU\Printers\citrix
echo Yreg DELETE "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Devices" /va /f
echo Yreg DELETE "HKCU\Software\Microsoft\Windows NT\CurrentVersion\printerports" /va /f
echo Yreg DELETE HKCU\Software\Citrix\PrinterProperties
echo Yreg DELETE HKCU\Printers\settings

MS: How to Install a Windows 2000 or Windows XP Printer Driver in Windows NT 4.0

How to Install a Windows 2000 Printer Driver or a Windows XP Printer Driver in Windows NT 4.O for Point and Print Functionality (This note will apply to Windows Server 2003 Printer Driver too)
http://support.microsoft.com/kb/263090/en-us

Thursday, December 14, 2006

CTX: How To Use DSCHECK

How To Use DSCHECK

Usage: dscheck [Options]
• [ /Clean /Full]
• [ Servers Apps Printers Groups MSLicense Folders Licenses InstallationJobs]
• [/Silent]

To Check the Data Store

From the command prompt, type dscheck.

To Repair the Data Store

From the command line change to the temp directory where the dscheck.exe utility resides. Run the following switch commands:

• dscheck /full Servers [Options]
o – Verify/Clean or Delete the server. May be left blank. Defaults to all servers.
o /Clean – Modify the data store to correct the errors.
o /DeleteAll – Delete the server entries from the data store.
o /DeleteMF – Delete the MetaFrame Server entry from the data store.
o /DeleteComSrv – Delete the Common Server entry from the data store. If specified without a server name, will attempt to remove all the duplicate Common Server entries.
Note: In general, use /Delete*** with caution.

• dscheck /full Apps [Options]
o – Verify/Clean or Delete the application. May be left blank. Defaults to all applications.
o /Clean – Modify the data store to correct the errors.
o /ServerCheck – Verify that all applications are hosted by valid servers.
o /DeleteMF – Delete the MetaFrame Application entry from the data store.
o /DeleteComApp – Delete the Common Application entry from the data store.

• dscheck /full Printers [Options]
o /purge_replications – Removes all printer replications from the data store.
o /purge_client_printers – Removes all Client Auto-Create printers pending deletion from the data store.
o /purge_drivers – Removes all drivers which are not associated with any servers or session printer policies from the data store.

• dscheck /full Groups [Options]
o /Clean – Removes the group object. GroupName is the relative DN from the Context.
o /Clean – Removes the group from the parent group. Use the output of DSCHECK.exe GROUPS /verify" for both ParentGroupName and GroupName.

• dscheck /full MSLicense [Options]
o /purge_licenses – Removes all Microsoft Licenses from the data store.
o /list – Lists all Microsoft Licenses in the data store.
• dscheck /full Folders /clean – Collapse orphaned folders in the data store.
• dscheck /full Licenses /clean – Removes all corrupt licenses from the data store.

• dscheck /full
CAUTION: If this is run with the /clean switch the database will be modified if inconsistencies are found. It is recommended that the data store database is backed up prior to running dscheck with the /clean switch.

http://support.citrix.com/article/CTX107800

Monday, December 11, 2006

CTX: Auto Client Reconnect Event 9007

You found this error in your Citrix server:

Event Type: Warning
Event Source: MetaFrame
Event Category: None
Event ID: 9007
User: N/A
Computer: SERVER
Description: Auto Client Reconnect occurred for user: DOMAIN\user

To fix the problem add these registry keys:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Citrix]
"IcaEnableKeepAlive"=dword:00000001
"IcaKeepAliveInterval"=dword:0000003c

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"TcpMaxDataRetransmissions"=dword:0000000a
"KeepAliveTime"=dword:0000ea60
"KeepAliveInterval"=dword:000003e8

MS: Enable/Disable "Use HTTP 1.1 through proxy connections" settings in Internet Explorer

Change (or create) these registry keys or create ADM Template to apply using a GPO.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1= "0x00000001"

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1= "0x00000001"

1 is Enable and 0 is Disable.

MS: How to Install Office 2000 on Windows 2000 Terminal Server

http://support.microsoft.com/kb/224313

Monday, December 04, 2006

VMWARE: How To Change Date And Time To ESX Server

1) Set the system clock to the local date and time: date MMDDhhmmYYYY

Example: Dec 4, 2006 10:35 is DATE 120410352006

2) Update the hardware clock with current time of the system clock: /sbin/hwclock --systohc

Monday, November 20, 2006

CERTIFICATION: Microsoft Test 70-431 passed!


Today I passed with 1000 points (my first test with 1000 points score!) the Microsoft Test 70-431: TS: Microsoft SQL Server 2005 - Implementation and Maintenance and I got the Microsoft Certified Technology Specialist (MCTS): SQL Server 2005 certification.

The
MCTS Self–Paced Training Kit (Exam 70–431): Implementing and Maintaining Microsoft SQL Server 2005 and lab practice, is enough to pass this test.

Exam Statistics:


10 Citrix Exams
04 Citrix Certifications
21 Microsoft Exams
10 Microsoft Certifications

More Info:
http://www.musumeci.com.ar/Web_English/certificaciones_eng.htm

Friday, November 17, 2006

MS: Limit messages size in Exchange Server 2003

How to Set Size Limits for Messages
http://www.msexchange.org/tutorials/Set-Size-Limits-Messages.html

How to set size limits for messages in Exchange Server
http://support.microsoft.com/kb/322679

An e-mail message that is larger than the sending message size limit or the receiving message size limit is not delivered
http://support.microsoft.com/kb/298572

Security Setting Changes and Updates That Are Introduced in Exchange Server 2003
http://support.microsoft.com/kb/824111

Exchange 2000 Server and Exchange Server 2003 Message Restrictions
http://www.microsoft.com/technet/prodtechnol/exchange/2003/insider/Message_Restrictions.mspx

HOW TO: Use System Policies to Configure Mailbox Storage Limits in Exchange Server 2003
http://support.microsoft.com/kb/822938

Friday, November 10, 2006

Wednesday, November 08, 2006

MS: Windows Vista is RTM

Today November 8th, 2006 Microsoft announced the completion of the Windows Vista operating system and confirmed its release to manufacturing (RTM).
Windows Vista will be broadly available as a stand-alone product or pre-installed on new PCs on January 30, 2007 and available to Volume License customers later in the month of November 2006.
More info at http://www.microsoft.com/windowsvista
As beta tester from the early code (Alpha Stage) of Windows Vista (Codename Longhorn), I'm waiting to install the RTM version.

CTX: Citrix release a beta of the Project Tarpon

Citrix Project Tarpon - Beta Release - Release Date: 10/20/2006
Tarpon is a breakthrough in application streaming technology that enables IT organizations to rapidly deliver desktop applications and updates, while allowing IT organizations to centrally manage a single instance of a desktop application and deliver it to users as they need it. Project Tarpon eliminates application compatibility issues and dramatically reduces the cost and complexity of delivering applications. Applications are delivered as an on-demand service that detects problems, heals itself, and updates automatically.

You can found more info (including download information) in the Project Tarpon User Forum at http://support.citrix.com/forums/forum.jspa?forumID=114

CTX: Citrix release a beta of the Presentation Server v4.5

Presentation Server 4.5 - Technology Preview - Release Date: 10/24/2006
Some of the key features available in this upcoming release are:

  • Health Monitoring & Recovery – Monitors the health of many Presentation Server components and reports any failures instantly. If a component fails, it can be configured to trigger an action to the server.
  • Configuration logging – Logs any changes made to the farm to a database and provides reporting capabilities.
  • Non-administrator client installation – Allows end users without administrative rights to install a client.
  • SpeedScreen Progressive Display – Provides an aggressive compression algorithm for graphic-intensive applications, through a connection policy, to improve the performance and responsiveness of these applications.
  • Active Directory Federation Services (ADFS) support – Extends the value of Microsoft’s Active Directory and Identity Federation technology by allowing Presentation Server-hosted applications to participate in federation trusts. Without Citrix, ADFS can only be used with Web Applications.
  • Application streaming – Provides applications to be packaged and delivered to Presentation Server without having to install them in every server.

This release is available is x86 and x64 versions through MyCitrix.

MS: SQL Server 2005 SP2 CTP

SQL Server 2005 Service Pack 2 CTP (November 2006)
Yesterday Microsoft released a public Community Technology Preview of SQL Server 2005 Service Pack 2 (SP2).

The Service Pack 2 CTP 2 download is available here: http://www.microsoft.com/sql/ctp.mspx.

Monday, November 06, 2006

MS: Office 2007 is Golden! (RTM)

Today November 6th, 2006 Microsoft announced the completion of the 2007 Microsoft® Office system code and confirmed its release to manufacturing (RTM). This gold code milestone concludes the largest Microsoft Office beta program to date, with more than 3.5 million people downloading Beta 2.

More information about the 2007 Microsoft Office system can be found by visiting the new Office Online at http://office.microsoft.com.

As beta tester from the early code of Office 2007 (I write this blog in Word 2007 Beta2TR) , I'm waiting to install the RTM version.

Wednesday, October 25, 2006

October 2006: Month of the Database.

Currently I’m working for Avanade Spain in EADS-CASA in Spain, optimizing a .NET application (ASP and C#/PL-SQL) using large databases in Oracle 9i/10g R2.
At the same time I’m studying for the 70-431 exam (TS: Microsoft SQL Server 2005 - Implementation and Maintenance) for the MCTS - Microsoft Certified Technology Specialist: SQL Server 2005 certification.
In the last month I read five books of Oracle and two of SQL Server 2005 and spent several hours of lab work.
Working with both leaders of the Database market at the same time provide me a better understand of database concepts and the difference between products.
As MCDBA in SQL Server 2000 since 2004, I spent the last two years without extensive work with databases, just the setup of several Windows 2003/SQL 2000 cluster servers and the migration from SQL Server 7.0/2000 and Oracle 8/9 to SQL Server or optimizing .NET applications.
The “intensive” last month help me to improve my knowledge of database modeling, how to use XML in both databases, optimization of the code, migration from ANSI SQL to Transact-SQL or PL-SQL, etc.

Favorite SQL Server 2005 Book: TS: Microsoft SQL Server 2005 - Implementation and Maintenance Training Kit from MS Press (2006)

Favorite Oracle Book: Mastering Oracle SQL from O'Reilly (2004)

Wednesday, October 11, 2006

ORACLE: Install Oracle 10g with DHCP network configuration

To install Oracle 10g with dynamic network configuration you will to install a loopback adapter on Windows 2003 or Windows XP:
  1. From the Start menu, select Control Panel.
  2. Double-click Add Hardware to start the Add Hardware wizard.
  3. On the Welcome screen, click Next.
  4. On the Is the hardware connected? screen, select Yes, I have already connected the hardware, and click Next.
  5. On the The following hardware is already installed on your computer screen, select Add a new hardware device, and click Next.
  6. On the The wizard can help you install other hardware screen, select Install the hardware that I manually select from a list, and click Next.
  7. From the list, select the type of hardware you are installing screen, select Network adapters, and click Next.
  8. On the Select Network Adapter screen, make the following selections:
    Manufacturer: select Microsoft.
  9. Network Adapter: select Microsoft Loopback Adapter.
    Click Next.
  10. On the The wizard is ready to install your hardware screen, click Next.
  11. On the Completing the Add Hardware Wizard screen, click Finish.
  12. If you are using Windows 2003, restart your computer.
  13. Right-click My Network Places on the desktop and choose Properties. This displays the Network Connections control panel.
  14. Right-click the connection that was just created. This is usually named "Local Area Connection 2". Choose Properties.
  15. On the General tab, select Internet Protocol (TCP/IP), and click Properties.
  16. In the Properties dialog, do the following:
    IP Address: Enter a non-routable IP for the loopback adapter. Oracle recommends the following non-routable addresses:
    192.168.x.x (x is any value between 1 and 255)
    10.10.10.10
    Subnet mask: Enter 255.255.255.0.
    Leave all other fields empty.
    Click OK. Click OK. Click OK in the Local Area Connection 2 Properties dialog.
  17. Restart the computer.
  18. Add a line to the C:\windows\system32\drivers\etc\hosts file with the following format, after the localhost line: IP_address hostname.domainname hostname where:
    IP_address is the non-routable IP address you entered in step
    16.
    hostname is the name of the computer.
    domainname is the name of the domain.
    For example: 10.10.10.10 mycomputer.mydomain.com mycomputer
  19. Check the network configuration:
    Open System Properties, and select the Computer Name tab. In Full computer name, make sure you see the hostname and the domain name.
  20. Click Change. In Computer name, you should see the hostname, and in Full computer name, you should see the hostname and domain name.
  21. Click More. In Primary DNS suffix of this computer, you should see the domain name.

Monday, October 09, 2006

CERTIFICATION: Microsoft Test 70-296 passed!

Today I passed the Microsoft Test 70-296: Planning, Implementing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSE Certified on Windows 2000.

I got the Microsoft Certified Systems Engineer (MCSE) en Microsoft Windows Server 2003 certification.

Exam Statistics:

10 Citrix Exams
04 Citrix Certifications
20 Microsoft Exams
09 Microsoft Certifications

More Info:
http://www.musumeci.com.ar/Web_English/certificaciones_eng.htm

Friday, October 06, 2006

BETA: Windows Vista RC2 Build 5744 Released today!

Microsoft releases today (October 6th, 2006) the RC2 (Release Candidate 2) build of Windows Vista. This will be the last build made available prior to RTM (Release To Manufacturing) build. The build is available in both x86 and x64 versions.

Friday, September 29, 2006

MS: You Can't Access The User List In A Trust with error 'The Server Is Not Operational'

When you create a external trust between Windows 2000 and/or Windows 2003, you can't access the user list with error "The Server Is Not Operational"
This condition will happen if there are no SRV records in DNS on the the trusting domain for the DCs in the trusted domain. To fix this condition:

1. Open the DNS snap-in in the trusting domain.
2. Expand the server.
3. Right-click Forward Lookup Zones and press New Zone.
4. Press Next.
5. Press Standard secondary and then press Next.
6. Type the trusted domain name and press Next.
7. Create a new file named Domain.dns and press Next.
8. Press Finish.
9. Open the DNS snap-in in the trusted domain.
10. Expand the server.
11. Select the Properties of the trusted domain's forward lookup zone. Select the Zone Transfers tab.
12. Check the Allow zone transfers box.
13. Select Only to the following servers and type the IP address of the trusting domains DNS server.
14. Press OK.
15. On the DNS server in the trusting domain, open the DNS snap-in.
16. Expand the server.
17. Expand the Forward Lookup Zones.
18. Right-click the secondary zone and press Transfer from master.

Wednesday, September 27, 2006

BETA: Microsoft releases another build of Windows Vista RC1 (Build 5728)

Microsoft releases the second (public) build (5728) of the Release Candidate 1 of Windows Vista in september 23th. This build work much better than then previous RC1 build (5600).
This build is available in x64 and x86 versions.

Tuesday, September 19, 2006

BETA: Microsoft Windows 2003 SP2 Beta Refresh 1 Build 2786

Microsoft announce the release of Beta Refresh 1 (build 2786) of Windows Server 2003 Service Pack 2 for Windows Server 2003 and Windows XP Professional x64 Edition customers.

Here is the list of releases:

* 32-bit x86 standalone update: English, German and Japanese
* x64 standalone update: English and Japanese
* Itanium standalone update: English, German and Japanese

Sunday, September 17, 2006

BETA: Microsoft releases another build of Windows Longhorn Server (Build 5600)

Microsoft releases this week another build (Build 5600) of Windows Longhorn Server for both platforms (x86 and x64), so I give a try and found this build very estable, faster and small than Vista RC1 (around 6 GB of hard disk space in x86 build).

BETA: Microsoft releases Windows Vista RC1 (Build 5600)

Microsoft releases the Release Candidate 1 (build 5600) of Windows Vista the first week of september, finally I got same free time from my projects in Avanade and install the x86 and x64 in 3 machines (one is my everyday Dell notebook).
Well, this build work much better than previous builds (Beta2, and Pre-RC1) and Office 2007 works amazing, but I still have some problems with Wireless networks, VPN connectivity and serveral applications and devices, so I need to keep my Windows XP partition to run same applications.

Wednesday, August 16, 2006

MS: Unattended Install

Unattended install .NET Framework v1.1/v2.0 (this appy to .NET Framework Language Pack too)

dotnetfx.exe /q:a /c:"install.exe /qb /l"

Unattended install .NET Framework v1.1 SP1

NDP1.1sp1-KB867460-X86.exe /q

Unattended install Windows Media v9.0

MPSetup.exe /q

Unattended install Windows Media v10.0

MP10Setup.exe /q


Unattended install DirectX 9.0c

Download DirectX 9.0c Redistributable, extract the file (using WinRAR for example) and then

DXSETUP.EXE /silent

Thursday, August 10, 2006

MS: Disable Windows XP SP2 Firewall using GPO

To disable Windows XP SP2 Firewall using GPO you will need to modify these settings:

Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\

Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile\

Windows Firewall: Protect all network connections = Disabled

Wednesday, August 09, 2006

MS: Print Migrator

Print Migrator is a utility, which automates the backup and restore of print configuration data on print servers running Microsoft Windows NT 4, Microsoft Window 2000 and Microsoft Windows Server 2003. Print Migrator 3.1 continues full support for print servers running Microsoft Cluster Services; support for migration between different version of Windows (for example, Windows NT 4 to Windows Server 2003); and support for conversion of line printer remote (LPR) ports to the Standard TCP/IP Port Monitor on Windows 2000, Windows XP, and Windows Server 2003. This paper is designed for systems integrators, administrators, and architects who are planning, deploying, or managing Windows Print Servers.

You can download from here

Sometimes you will get this error:

"WARNING: Kernel Mode drivers (version 2) are blocked on the target machine. Disable Kernel Mode driver blocking and re-run Printer Migrator"

To fix that error:


1) Open Run and type gpedit.msc
2) Open Computer Configuration, Administrative Templates, Printer.
3) On the Right click on the policy labeled "Disallow installation of printers using kernel mode drivers"
4) Set it to disabled.

You may have to reboot, but you should now be able to install Kernel Mode Drivers.

MS: Move DHCP Database

How to move a DHCP database from a computer that is running Windows NT Server 4.0, Windows 2000, or Windows Server 2003 to a computer that is running Windows Server 2003
http://support.microsoft.com/kb/325473

How to move a DHCP database from one server to another in Windows NT 4.0 and in Windows 2000
http://support.microsoft.com/kb/130642

Tuesday, August 08, 2006

MS: How to use netsh to configure TCP/IP settings from the Command Prompt

In order to configure TCP/IP settings such as the IP address, Subnet Mask, Default Gateway, DNS and WINS addresses and many other options you can use Netsh.exe.

Netsh.exe is available on Windows 2000, Windows XP and Windows Server 2003.

With Netsh.exe, you can configure the IP address and other TCP/IP related settings. For example:

The following command configures the interface named Local Area Connection with the static IP address 192.168.0.100, the subnet mask of 255.255.255.0, and a default gateway of 192.168.0.1:

netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0 192.168.0.1 1

Netsh.exe can also be used to configure your NIC to automatically obtain an IP address from a DHCP server:

netsh interface ip set address "Local Area Connection" dhcp

You can configure your NIC to dynamically obtain it's DNS settings:

netsh interface ip set dns "Local Area Connection" dhcp

You can configure DNS addresses from the Command Prompt:

netsh interface ip set dns "Local Area Connection" static 192.168.0.200

You can add extra DNS servers using:

netsh interface ip add dns "Local Area Connection" 192.168.0.210

You can configure your NIC to dynamically obtain it's WINS settings:

netsh interface ip set wins "Local Area Connection" dhcp

You can configure WINS addresses from the Command Prompt :

netsh interface ip set wins "Local Area Connection" static 192.168.0.200

If you want you can add extra WINS servers using:

netsh interface ip add wins "Local Area Connection" 192.168.0.210

Example Script to setup a computer:

netsh interface ip set address name="Local Area Connection" static 10.150.0.125 255.255.0.0 10.150.0.254 1
netsh interface ip set dns "Local Area Connection" static 10.150.0.10
netsh interface ip add dns "Local Area Connection" 10.150.0.11
netsh interface ip add dns "Local Area Connection" 10.150.0.12
netsh interface ip set wins "Local Area Connection" static 10.150.0.10
netsh interface ip add wins "Local Area Connection" 10.150.0.11
netsh interface ip add wins "Local Area Connection" 10.150.0.12

MS: Troubleshooting an Exchange Server 2000 / 2003 computer with antivirus software installed

http://support.microsoft.com/kb/245822

Wednesday, August 02, 2006

MS: The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer

Error message when you run the Active Directory Installation Wizard: "The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer" in Windows 2003 R2
http://support.microsoft.com/?kbid=917385

Tuesday, August 01, 2006

MS: Windows 2003 Migration

Actually I'm working in Avanade in a large migration from Windows NT, Novell and Unix systems to Windows 2003/Exchange 2003.

Windows NT to Windows 2003

How to configure the Active Directory Migration Tool to migrate user passwords from a Windows NT 4.0 domain to a Windows Server 2003 domain
http://support.microsoft.com/kb/832221/en-us

How to use Active Directory Migration Tool version 2 to migrate from Windows 2000 to Windows Server 2003
http://support.microsoft.com/kb/326480

Windows NT Server 4.0 Upgrade Guide Windows NT Server 4.0 Upgrade Guide
http://www.microsoft.com/windowsserver2003/partners/isvs/ntmigrate.mspx

Migrating from Windows NT Server 4.0 to Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyID=e92cf6a0-76f0-4e25-8de0-19544062a6e6&DisplayLang=en

Tools and Documentation for Upgrading to Windows Server 2003
http://www.microsoft.com/windowsserver2003/upgrading/nt4/tooldocs



MS: Transfer roles to a Windows Domain Controller

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/kb/255504/en-us

How to view and transfer FSMO roles in Windows Server 2003 / 2008
http://support.microsoft.com/kb/324801

Monday, July 31, 2006

CERTIFICATION: Microsoft Test 70-292 passed!

Today I passed the Microsoft Test 70-292: Managing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSA Certified on Windows 2000. I got today the Microsoft Certified Systems Administrator (MCSA) en Microsoft Windows 2003 certification.

Exam Statistics:

10 Citrix Exams
04 Citrix Certifications
18 Microsoft Exams
08 Microsoft Certifications

http://www.musumeci.com.ar/Web_English/certificaciones_eng.htm

Wednesday, June 21, 2006

New Job!

I am very excited to announce that I accepted an offer to work for Avanade (www.avanade.com) as System Engineer in Madrid. Avanade is the leading technology integrator specializing in the Microsoft enterprise platform. I think the job is going to be very exciting.

Tuesday, June 20, 2006

BETA: Microsoft Windows 2003 SP2 Build 2721

Microsoft releases today the pre-beta version of the SP2 for Windows 2003 (x86, x64 and Itanium) and Windows XP 64 bits.

Monday, June 12, 2006

MS: Exchange Server '12' requires Microsoft Management Console 3.0

One issue that seems to come up frequently for those of you that have tried installing Exchange 12 CTP build (Exchange 2007 Beta 1) is the following error at Setup:

"Exchange Server '12' requires Microsoft Management Console 3.0."

This happens even though the final (RTM), released version of MMC is installed on the system.

The problem here is that the CTP build of Exchange 12 setup actually needs a "RC1 refresh" build of MMC 3.0, and as this build is not found - the setup fails with the above error. E12 is looking for a registry key that is not there on the machine that has RTM version of MMC 3.0 installed. This issue is going to be fixed in later builds of Exchange 12 and will definitely not be there in final release version.

You can resolve this problem in 2 different ways:

1. Download and install the RC1 refresh MMC release, see
Microsoft Management Console 3.0 Pre-Release (RC1 Refresh).

2. If you would like to run the RTM version instead (as you already installed it) create the following empty registry key:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MMC30Core

Thanks to Nino Bilic @ Microsoft Exchange Team Blog (
http://msexchangeteam.com)

Thursday, June 08, 2006

MS: Microsoft Solution Accelerator for Business Desktop Deployment

The Microsoft Solution Accelerator for Business Desktop Deployment (BDD) delivers end-to-end guidance for efficient planning, building, testing, and deploying Microsoft Windows XP Professional x64 edition, Windows XP Tablet PC Edition, and Office Professional 2003 Editions. It helps IT professionals realize a quick return on investment while also setting new standards for reliability, performance, security, and ease of use.

http://www.microsoft.com/technet/desktopdeployment/bddoverview.mspx

CTX: Configuring and Securing Citrix Shadowing

Shadowing is a valuable tool released with Citrix Presentation Server, however, taking time to implement and delegate this ability to support personnel often falls to the bottom of the priority list. Enabling your first responders with the shadowing ability, and a basic understanding of Citrix, will help them to identify the source of a problem and thus decrease the amount of escalated calls. This article will go over the different methods of configuring shadowing (including order of precedence), shadowing utilities, shadow logging, and to conclude, a summary of best practices.

http://www.brianmadden.com/content/content.asp?id=583

CTX: A Listing of Free Tools for Citrix and Terminal Server Environments

There are a lot of great FREE tools and utilities out there that can really help in Citrix and Terminal Server deployments.
http://www.brianmadden.com/content/content.asp?ID=466

CTX: Unlicensed server error

http://support.citrix.com/article/CTX104959

CTX: Troubleshooting and Explaining Citrix ICA Shadowing

http://support.citrix.com/article/CTX040083

Reliability Survey: Windows Servers Beat Linux Boxes

Windows 2003 Server is a more reliable server operating system than Linux, a research firm said Monday.

According to the Yankee Group's annual server reliability survey, only Unix-based operating systems such as HP-UX and Sun Solaris 10 beat Windows on uptime. Windows 2003 Server, in fact, led the popular Red Hat Enterprise Linux with nearly 20 percent more annual uptime.

On a broader note, said Yankee analyst Laura DiDio, the major server operating systems all have a "high degree of reliability," and have showed marked improvement in the last 3 to 5 years.

On average, individual enterprise Windows, Linux, and Unix servers experienced 3 to 5 failures per server per year in 2005, generating 10 to 19.5 hours of annual downtime for each server.

But standard Red Hat Enterprise Linux, and Linux distributions from "niche" open source vendors, are offline more and longer than either Windows or Unix competitors, the survey said. The reason: the scarcity of Linux and open source documentation.

The Yankee Group made a point of stressing that the survey was not sponsored or supported by any server OS maker.

Tuesday, May 16, 2006

MS: GPO Loopback Processing

Loopback processing is a feature that allows a more precise level of control over user policy settings for a targeted machine. Usually, user policy settings are derived entirely from the GPOs associated with the user account (based on it's location in the Active Directory). With loopback processing, however, the user policy settings in the GPOs associated with the machine are applied.

http://grouppolicy.editme.com/Loopback

MS: How to lock down a Windows Server 2003 or Windows 2000 Terminal Server session

You can use Group Policies to lock down a Terminal Server session on a Microsoft Windows Server 2003-based or Microsoft Windows 2000-based computer. With the following settings, even the administrator account will have restricted access. It is highly recommended that you create a new organizational unit instead of modifying the policies on an existing one.

http://support.microsoft.com/kb/278295

Friday, May 12, 2006

CERTIFICATION: Citrix Test 1Y0-251 passed!

Today I passed the Citrix Test 1Y0-251: Citrix MetaFrame Presentation Server 3.0: Management and Maintenance for the Enterprise. I got today the Citrix Certified Enterprise Administrator for MetaFrame Access Suite 3.0 (CCEA) certification.

Exam Statistics:

10 Citrix Exams
04 Citrix Certifications
17 Microsoft Exams
07 Microsoft Certifications

http://www.musumeci.com.ar/Web_English/certificaciones_eng.htm

CTX: Tools for Printing Optimization

triCerat ScrewDrivers
http://www.tricerat.com/screwdrivers.php

ThinPrint
http://www.thinprint.com/

MS: UNIX/Linux Authentication with Windows Active Directory

http://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=103

CTX: Citrix Change Management Process

Identifying the Change Management Process:

* Identify and Define
* Assess the Risk
* Validate and Test in Lab
* Document Procedures
* Seek Approval
* Schedule and Communicate
* Implement Change
* Evaluate Effectiveness: Proceed or Rollback
* Close Out

Scope of the change:

* Emergency (Break/fix) - Production is down or security is compromised.
* Urgent - Full review is deferred. The change is scheduled ASAP with affected parties notified prior the change taking place.
* Time Sensitive (Standard/Routine) - Review is requiered but change may be scheduled outside of the normal maintenance window.
* Normal (Standard/Routine) - Change is implemented during the normal maintenance window.

CTX: Services for the Citrix License Server

* Citrix Licensing Service
* Citrix Licensing WMI
* ASP.NET State Service
* IIS Admin
* W3SVC (World Wide Web Publishing Service)

Monday, April 24, 2006

CTX: MetaframeEvents - Printer Management - Event ID 1106

Error:

Event Type: Error
Event Source: MetaframeEvents
Event Category: Printer Management
Event ID: 1106
Date: 2/6/2006
Time: 11:48:37 AM
User: N/A
Computer: COMPUTER1
Description: Client printer auto-creation failed. The driver could not be installed. Possible reasons for the failure: The driver is not in the list of drivers on the server. The driver cannot be located. The driver has not been mapped. Client name: (COMPUTER1) Printer: (Client\COMPUTER1#\HP LaserJet 2300L PCL 6) Printer driver: (HP LaserJet 2300L PCL 6)

Solution #1:

What you can do is, Under the Printer Management Section of the CMC you can specify what drivers you wish the Citrix Servers will use. But the Citrix Universal Driver would be fine to use in your environment, as the LaserJet 4 Driver is only PCL4 Compliant. So you can do this a number of ways but simply you can do this

1. Open your CMC Console
2. Right Click -> Printer Management
3. Click on Drivers Tab
4. Select Universal Driver Only
(This will map all client printers to the Universal Driver, which is PCL4 / LaserJet 4 Compliant)

Note - A pre-requisite for this to function correctly you must have already replicated the driver to all Citrix servers within your Farm, either by using the Driver Replication options of Metaframe or by installing the driver locally on the servers themselves.

Solution #2:

1. Open you CMC Console
2. Expand Printer Management
3. Right Click on Drivers -> Compatibility
4. Compatibility list options -> (Allow only drivers in the list.)
5. Click on Add -> Select the driver you wish to enable on the Farm
6. Click on OK
7. Click on OK Again to save the Changes
8. Right Click on Drivers -> Mapping
9. Click on Add -> Enter the Client Driver Name Eg. HP LaserJet 2300L PCL 6
10. Select the Pre-Installed Server Driver (HP LaserJet 4) or install the correct driver (then replicate to all Citrix servers) and choose the HP LaserJet 2300 Series PCL 6
11. Continue to do this for the remainder of the client printers.

P.S. You can get the client driver name from the Application log when the Metaframe server cannot find a compatible driver to assign.

Source: MetaframeEvents
Category: Printer Management
Event ID: 1106
Type: Error
Description: Client Printer auto-creation failed. The driver could not be installed.
-- In this section look for the following line...> Printer driver: (HP LaserJet 2300L PCL 6)
Remove the Brackets and you have your client driver name..>

The solution #2 is useful if have any errors related with PDF printers (Adobe PDF Converter, AdobePS Acrobat Distiller, Jaws PDF Creator, PrimoPDF, SolidPDF XChange, etc). You can follow the instructions from the solution #2 and map the PDF printer to Citrix Universal Printer.

Saturday, April 22, 2006

BETA: Microsoft Vista Build 5365 released today.

Microsoft Vista Build 5365 has been released to testers.According to Microsoft, this is another "refresher" build, with bug fixes rather than new features.
This build is quite a bit larger than its predecessor, with the x64 build being over 4 gigabytes.

Build details:

x86 Edition: vista_5365.8.060419-1800_winmain_idx05_x86fre_client-staged-dvd-LB2CFRE_EN_DVD.iso, 3,097.83 MB

x64 Edition: vista_5365.8.060419-1800_winmain_idx05_x64fre_client-staged-dvd-LB2CxFRE_EN_DVD.iso, 4,039.84 MB

Build 5365 is only available in English and only the x86 and x64 Ultimate editions are being released (not longhorn server included).

I tested this build and the speed of the OS is faster then previous builds. The installation changed and now is easy to install in VMware and Virtual Server.

Friday, April 21, 2006

MS: Printer was deleted warning. Event 3 Print.


If you get this error:

Event Type: Warning
Event Source: Print
Event Category: None
Event ID: 3
Date: 20/04/2006
Time: 23:01:45
User: NT AUTHORITY\SYSTEM
Computer: SERVER1
Description:
Printer PRINTER1 on SERVER1 (from COMPUTER1) in session 1 was deleted.

To stop logging this warning event

In Control Panel, open Printers and Faxes.
On the File menu, click Server Properties.
On the Advanced tab, clear the Log spooler warning events check box.

Thursday, April 20, 2006

MS: Configuration options for WLBS hosts connected to layer 2 switches (Cluster)

http://support.microsoft.com/?kbid=193602

MS: Network Load Balancing (NLB): Configuration Best Practices for Windows 2000 and Windows Server 2003

General Considerations

• Some routers require a static ARP entry because they do not support the resolution of unicast IP addresses to multicast media access control addresses. For example, Cisco routers require an ARP (address resolution protocol) entry for every virtual IP address. While Network Load Balancing uses Level 2 Multicast for the delivery of packets, Cisco's interpretation of the RFCs is that Multicast is for IP Multicast. So, when the router doesn't see a Multicast IP address, it does not automatically create an ARP entry, and one has to manually have to add it on the router.

• Network Load Balancing can operate in two modes: unicast and multicast. Unicast support is enabled by default, which ensures that it operates properly with all routers. You might elect to enable multicast mode so that a second network adapter is not required for communications within the cluster. If Network Load Balancing clients access a cluster (configured for multicast mode) through a router, be sure that the router accepts an Address Resolution Protocol (ARP) reply for the cluster's (unicast) IP addresses with a multicast media access control address in the payload of the ARP structure. ARP is a TCP/IP protocol that uses limited broadcast to the local network to resolve a logically assigned IP address. Verify that all cluster hosts are operating in unicast or multicast mode, one or the other, but not both.

• If the cluster is operating in unicast mode (default setting), Network Load Balancing cannot distinguish between single adapters on each host. Therefore, any communication among cluster hosts is not possible unless each cluster host has at least two network adapters.

• You can configure Network Load Balancing on more than one network adapter. However, if you do bind NLB to a second network adapter ensure that you are configuring them correctly.

• Use only the TCP/IP network protocol on the adapter NLB is enabled for. Do not add any other protocols (for example, IPX) to this adapter.

• Enable Network Load Balancing Manager logging. You can configure Network Load Balancing manager to log each Network Load Balancing Manager event. This log can be very useful in troubleshooting problems or errors when using Network Load Balancing Manager. Enable Network Load Balancing Manager logging by clicking Log Settings in the Network Load Balancing Manager Options menu. Check the Enable logging box and specify a name and location for the log file.

• Verify that the following is true for cluster parameters, port rules, and host parameters:

• Cluster parameters and port rules are set identically on all cluster hosts.

• Port rules are set for all ports used by the load-balanced application. For example, FTP uses port 20, port 21, and ports 102465535).

• Always click Add after setting a port rule. Otherwise, the port rule will not appear in the list of rules, and the rule will not take effect.

• Ensure that the dedicated IP address is unique and the cluster IP address is added to each cluster host.

• Verify that any given load-balanced application is started on all cluster hosts on which the application is installed. Network Load Balancing is not aware higher level applications and does not start or stop applications.

• Verify that the following is true for the dedicated IP address and the cluster IP address:

• Except in the case of a virtual private network (VPN), both the dedicated IP address and the cluster IP address must be entered during setup in the Network Load Balancing Properties dialog box and also in the Internet Protocol (TCP/IP) Properties dialog box. Make sure that the addresses are the same in both places.

• When configuring a VPN load balancing cluster, you should not configure the dedicated IP address. On a VPN, only the cluster IP address should be present on each of the cluster hosts because clients running Windows 95, Windows 98, or Windows NT 4.0 may be unable to connect to the cluster if the dedicated IP address is configured on the Network Load Balancing cluster hosts. If you omit this step, the cluster will converge and appear to be working properly, but the cluster host will not accept and handle cluster traffic.

• Ensure that the dedicated IP address is always listed first (before the cluster IP address) in the Internet Protocol (TCP/IP) Properties dialog box. This will ensure that responses to connections originating from a host will return to the same host.

• Both the dedicated IP address and the cluster IP address must be static IP addresses. They cannot be DHCP addresses.

• Ensure that all hosts in a cluster belong to the same subnet and that the cluster's clients are able to access this subnet.

• No special cluster interconnect is used by Network Load Balancing. NLB uses the same network interface to maintain cluster state awareness.

• Do not enable Network Load Balancing on a computer that is part of a server-cluster cluster. Microsoft does not support this configuration.

Security and Manageability

• Use Network Load Balancing Manager to configure NLB clusters. You can configure many Network Load Balancing options through either Network Load Balancing Manager or the Network Load Balancing Properties dialog box accessed through Network Connections. However, Network Load Balancing Manager is the preferred method. Using both Network Load Balancing Manager and Network Connections together to change Network Load Balancing properties can lead to unpredictable results. Only Windows Server 2003 NLB clusters can be configured by NLB manager. You can however manage clusters that contain both Windows Server 2003 and Windows 2000 or NT 4.0 servers.

• Ensure that applications that are load balanced are properly secured. The NLB security domain does not extend to applications. As such NLB will be totally unaware if security at the applications level is compromised.

• Use two or more network adapters in each cluster host if you would like to separate management functions from regular operations. Two network adapters, is not however a default requirement.

• Command line tool for managing NLB is "nlb.exe". NLB.exe exposes a mechanism for setting up NLB configuration parameters thru the command line. There are 2 additional configuration points not exposed but can be useful for monitoring NLB state. They are queryport and params Nlb.exe queryport retrieves the state of a given port rule using the same syntax as the enable/disable/drain command line options... the information returned includes the state of the port rule, enabled, disabled or draining if the port rule is found or an indication that the port rule was not found... if found, it also returns a count of packets accepted and dropped on that port rule. Nlb.exe - params retrieves the NLB configuration just the same as "nlb display", but rather than retrieving it from the registry, it queries it directly from the kernel-mode driver - this is the CURRENT state of NLB (the registry shows what the NEXT state of NLB would be if a reload or some other operation causing the driver to read the registry was performed - the registry MAY or MAY NOT be the current state of NLB)

• Enabling remote control has security implications and the user must ensure that the NLB cluster is secure (behind a firewall) if remote control is enables. The remote control mechanism uses the UDP protocol and is assigned port 2504. Remote control datagrams are sent to the clusters primary IP address. Since the Network Load Balancing driver on each cluster host handles them, these datagrams must be routed to the cluster subnet (instead of to a back-end subnet to which the cluster is attached). When remote control commands are issued from within the cluster, they are broadcast on the local subnet. This ensures that all cluster hosts receive them even if the cluster runs in unicast mode. As such the subnet the NLB clusters are hosted on should be secure. If remote control is enabled users can use nlb.exe to remotely manage their clusters.

High Availability

• Network Adapters and NIC teaming: Most vendors today offer redundant or fault tolerant adapters i.e. adapter teaming or adapter fault tolerance (AFT). These are supported with NLB, however refer to KB article 278431 for more information.

• Fault Tolerant/Load balancing Switches: Redundancy at the switch layer can easily be provided by striping the NLB cluster hosts across multiple switches and inter-connecting all the switches that contain a single NLB cluster. Additionally, to prevent switch flooding, only the ports connected to the Primary IP address (where all inbound traffic is sent) can be made hosts of a single VLAN.

• Fault tolerant Routers: Redundant routers are the most easily overcome using a VRP (virtual router protocol) or HSRP (hot router standby protocol). This allows the router to map the cluster's primary IP address and other multi-homed addresses to the corresponding media access control address. If your router does not meet this requirement, you can create a static ARP entry in the router or you can use Network Load balancing in its default unicast mode.

• Multiple NICs in cluster nodes

Windows 2000

• If you have 2 NICs on different subnets then the NIC to which NLB is bound should have default gateway and the routing tables need to be reconfigured to make all traffic go thru the NLB NIC. Default gateway setting on the other NIC should be blank.

• If you have 2 NICs on the same subnet you will need to configure the NIC to which NLB is bound with the default gateway. The other NIC should not have a default gateway configured. No need to hack routing tables.

• Recommendation is to use one NIC in each node unless there is a business need for 2 NICs

Windows Server 2003

• If you have 2 NICs different subnets you can choose to bind NLB to either or both NICs without any issues. All traffic will go thru the correct NIC (subnet)

• If you have 2 NICs on the same subnet traffic will be routed accordingly.

Troubleshooting

• The following tools can be used to troubleshoot NLB clusters:

• Event Viewer.

• NLB.exe Display & Query Commands.

• Ping.exe.

• Network Monitor.

• Network Monitor parser for NLB (part of Windows 2000 Server Resource Kit)

Refer to KB article 280503 for more information.

• Performance Monitor

• CPU Load

• Network Interface: packets/sec

• Web Service: connection attempts/sec.

MS: Network Load Balancing cluster node does not successfully converge

http://support.microsoft.com/?kbid=812870

MS: How to Troubleshoot the Cluster Service Account When It Modifies Computer Objects

http://support.microsoft.com/?kbid=307532

MS: How to manually re-create the Cluster service account

http://support.microsoft.com/?kbid=269229

TOOLS: Unlocker

Unlocker is an explorer extension that allows you with a simple right-click of the mouse on a file or folder to get rid of error message such as error deleting file or folder, cannot delete folder: it is used by another person or program.

Ever had such an annoying message given by Windows?

Cannot delete file: Access is denied
There has been a sharing violation.
The source or destination file may be in use.
The file is in use by another program or user.
Make sure the disk is not full or write-protected and that the file is not currently in use.

Unlocker is the solution.

http://ccollomb.free.fr/unlocker/

Terminal Server Web Resources (Links)

Microsoft

Microsoft Windows Server 2003 Terminal Services site

http://www.microsoft.com/windowsserver2003/technologies/terminalservices

Microsoft Support
http://support.microsoft.com/

Automated Deployment Service
http://www.microsoft.com/windowsserver2003/techinfo/overview/ads.mspx

TechNet
http://www.microsoft.com/technet/

Windows System Resource Management
http://www.microsoft.com/windowsserver2003/downloads/wsrm.mspx

Microsoft Press
http://www.microsoft.com/mspress

Citrix

Citrix Knowledge Base
http://knowledgebase.citrix.com/

Portal/License Activation
http://www.citrix.com/mycitrix

Rick Dehlinger’s TweakCitrix
http://www.tweakcitrix.com

Client Solutions

Tarantella
http://www.tarantella.com

New Moon
http://www.newmoon.com

Hob Soft
http://www.hobsoft.com/www_us/home.htm

UNIX RDP Client Rdesktop
http://www.rdesktop.org

WinConnect
http://www.thinsoftinc.com

Installation

InstallShield
http://www.installshield.com

NetSupport
http://www.netsupport.com

OnDemand WinInstall
http://www.wininstall.com

Wise Solutions
http://www.wise.com

Desktop Management

AppSense
http://www.appsense.com

AppLauncher
http://www.applauncher.com

TriCerat
http://www.tricerat.com

Softricity
http://www.softricity.com

Real Enterprise Solutions
http://www.respowerfuse.com

Emergent OnLine
http://www.go-eol.com

Load Tests

Mercury Interactive
http://www.mercuryinteractive.com

Tevron
http://www.tevron.com

Scapa Technologies
http://www.scapatech.com

Macro and Script Tools

KiXtart
http://www.kixtart.org

Insight Software Solution
http://www.macroexpress.com

Pitrinec Software
http://www.pitrinec.com

Wilson WindoWare
http://www.winbatch.com

TaskWare
http://www.wintask.com

Hiddensoft
http://www.hiddensoft.com/autoit

Script Horizon
http://www.scripthorizon.com

Universal Printer Drivers

ThinPrint
http://www.thinprint.com

UniPrint
http://www.uniprint.net

TriCerat
http://www.tricerat.com

Emergent OnLine
http://www.go-eol.com

Application Access Portals

visionapp
http://www.visionapp.com

Panther
http://www.pantherpowered.com

Information

Brian Madden
http://www.brianmadden.com/

WTS Technologies
http://www.wtstek.com

Technical Remote Computing
http://dev.remotenetworktechnology.com

SBC Hardcore User Page
http://www.xs4all.nl/~soundtcr

SysInternals
http://www.sysinternals.com

TheThin
http://www.thethin.net

Thin-world.com
http://thin-world.com/

Daves Thinplace
http://www.thinplace.de/

Thin Planet
http://www.thinplanet.com/

SBC-Technet
http://www.sbc-technet.com/

Terminal Server Product Guide
http://www.winntmag.com/Techware/InteractiveProduct/TerminalServer/

Labmice.net
http://www.labmice.net/terminalsrvcs/default.htm

MS: Terminal Server Client Connections and Logon Limited by MaxWorkItem and MaxMpxCt Values

http://support.microsoft.com/?kbid=232476

TOOLS: Filemon

FileMon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations.
http://www.sysinternals.com/Utilities/Filemon.html

MS: Terminal Services Commands

Change logon
Uses the following parameters to enable or disable client session logons and displays the current logon status. This utility is useful for system administration. The abbreviation for this command is Chlogon.
/enable: Enables user logon from clients, but not from the console (default setting).
/disable: Disables subsequent logons from clients. Does not affect users who are already logged on.
/query: Displays the current logon status.

Change port
Changes the mapping logic for serial ports to be compatible with MS- DOS applications. The abbreviation for this command is Chgport.

Change user
Uses the following parameters to change the mapping of .ini files and the registry for the current user during application installation. The abbreviation for this command is Chguser.
/execute: Enables the mapping of .ini files to the home directory (default setting).
/install: Disables the mapping of .ini files to the home directory during application installation.
/query: Displays the current setting.

Flattemp
Enables or disables a common (flat) temporary folder (temp mapping).
/enable: Enables common temporary folders.
/disable: Disables common temporary folders.
/query: Displays the current setting.

Logoff
Terminates a user session.

Msg
Sends a message to one or more users.

Query process
Displays information about the processes of all user sessions on a terminal server. This command includes parameters for further specification of the desired information, such as process ID, user name, session name, session ID, program, or server name.

Query session
Displays information about the sessions running on a terminal server. This command includes parameters for further specification of the desired information, such as user name, session name, session ID, program, or server name.

Query termserver
Lists all terminal servers running on the network. This command includes parameters for further specification of the desired information, such as server name or domain.

Query user
Displays information about the users logged on to a terminal server. This command includes parameters for further specification of the desired information, such as user name, session name, session ID, program, or server name.

Query winsta
Same as the Query session command.

Reset session
Resets a user session to initial values. This command includes parameters for further specification of the desired information, such as session name, session ID, or server name.

Rwinsta
Same as the Reset session command.

Shadow
Allows the monitoring of the terminal server session of another user. This command includes parameters for further specification of the desired information, such as session name, session ID, or server name. All information displayed on the shadowed computer session is also displayed on the target computer.

Tscon
Attaches the client or user to an existing terminal server session.

Tsdiscon
Disconnects the client or user session from the terminal server.

Tskill
Terminates a selected process using its process ID or its name in combination with the server name and the session ID. Administrators can use this command for all processes; users can use it only for their own processes.

Tsprof
Copies the configuration information of a Terminal Services user to the configuration data of another user. You can also use the Tsprof command to update a user's profile path.

Tsshutdn
Allows an administrator to shut down the terminal server in a controlled manner. After starting Tsshutdn, no programs can be executed anymore. The session of the user who started Tsshutdn is still active, but all session information will have read-only permissions.

In particular, commands starting with Query are able to transfer many functions of the Terminal Services Administration graphical tool to the command line. (See Chapter 4.)

MS: Locking Down Windows Server 2003 Terminal Server Sessions

In certain deployments, it might be necessary to restrict user activity to a predefined set of applications or Windows operating system functionality.
This White Paper explains how you can use the features of Active Directory to restrict user sessions on the Terminal Server to only the applications and desktop functionality that the administrator deems necessary. Certain group policies are highlighted here with brief explanations of their benefits. Not all of the settings are necessary because they can create a highly restricted user interface. Use this paper as a guide to configure Terminal Server for your environment.

MS: Using Windows Terminal Services to Run a Single Application

Using Windows Terminal Services to Run a Single Application

MS: How to transfer Terminal Services CAL from one computer to another

http://support.microsoft.com/?kbid=248430

MS: How do I reset the Temporary 90 Day Windows 2000 Terminal Services License

Caution remember to back up your registry before messing with it!
This is a user tip. Thethin.net and Worldofasp suggests that this procedure only be used for testing purposes in a test environment.

When an ICA client logs onto a Windows 2000 server before it is activated, or if they do not have a Windows NT/2000 machine, they will receive a 90-day temporary license. Once this license runs out they will no longer be able to connect to the Windows 2000 server. Below is a workaround that will work for the 90 days, but then you will have to repeat these steps.

Step 1: Apply Microsoft`s fix Q287687
This fix needs to be applied to the Windows 2000 server. For more information you can reference TechNet Article, Q287687 - Terminal Services Licensing Enhancements.

Step 2
The next step is to use Regedt32 or Regedit to remove the following registry entries on the CLIENT'S machine:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSLicensingStore.

Remove both the license000 and license001 keys. Removing these keys will force the Windows 2000 server to re-assign a license for the client's machine.

Step 3
The final step is to rename the icaapi.dll located on the server under winntsystem32 to icaapi.old. Once a client logs onto the server the icaapi.dll will automatically be recreated.

SCRIPT: Check if a user is a member of a specified group

IfMember is a command-line tool that checks whether the current user is a member of a specified group. It is typically used in Windows logon scripts and other batch files. IfMember uses its own process token to discover group membership, rather than querying the relevant domain controller each time it runs. While this has a significant performance benefit, it does mean that IfMember will only be aware of groups on the local computer, on the computer's domain, and on trusted domains. Remember to copy the file in the NETLOGON directory if you planning to use as login script.
Donwload IFMEMBER

Example:

IFMEMBER SITE1
IF ERRORLEVEL 1 GOTO SITE1

IFMEMBER SITE2
IF ERRORLEVEL 1 GOTO SITE2

GOTO END

:SITE1
net use J: \\SERVER1\User$\%username% /PERSISTENT:YES
rundll32 printui.dll,PrintUIEntry /in /n \\SERVER1\HP4050
rundll32 printui.dll,PrintUIEntry /y /n \\SERVER1\HP4050
GOTO END

:SITE2
net use J: \\SERVER2\User$\%username% /PERSISTENT:YES
rundll32 printui.dll,PrintUIEntry /in /n \\SERVER2\HP9000
rundll32 printui.dll,PrintUIEntry /y /n \\SERVER2\HP9000
GOTO END

:END
EXIT

MS: HOW TO: Configure Windows SharePoint Services to Use Kerberos Authentication

http://support.microsoft.com/?kbid=832769

MS: Microsoft Windows Server Update Services (WSUS) Documentation

Microsoft Windows Server Update Services Operations Guide

Deploying Microsoft Windows Server Update Services

Microsoft Windows Server Update Services Operations Guide

Step-by-Step Guide to Getting Started with Microsoft Windows Server Update Services