Thursday, April 24, 2008
RunAs
Add user account (or yourself) to the local machine - Computer Management - Local Users and Groups - Groups
C:\>runas /profile /user:whoopie\my.serviceAccount "c:\winnt\notepad.exe"
Notes:
a.) Better to use full path to actual executable
b.) In Local Security Settings \ User Rights Management, a 'deny' property overrides an 'allow' property. So, if whoopie\my.serviceAccount is in 'Administrators' & 'Administrators' have "Allow to log on ..." but whoopie\my.serviceAccount is also in group 'Foobar' and 'Foobar' has "Deny log on ..." then whoopie\my.serviceAccount will not be able to log on even though the 'Administrators' group is higher than the 'Foobar' group.
C:\>runas /profile /user:whoopie\my.serviceAccount "c:\winnt\notepad.exe"
Notes:
a.) Better to use full path to actual executable
b.) In Local Security Settings \ User Rights Management, a 'deny' property overrides an 'allow' property. So, if whoopie\my.serviceAccount is in 'Administrators' & 'Administrators' have "Allow to log on ..." but whoopie\my.serviceAccount is also in group 'Foobar' and 'Foobar' has "Deny log on ..." then whoopie\my.serviceAccount will not be able to log on even though the 'Administrators' group is higher than the 'Foobar' group.
RDC3 See other people connected to a box (via RDC
Use "Terminal Services Manager" - if all connections are taken up see:
https://sp2007.wgexchange.com/sites/wikitest/Wiki%20Pages/RDC1.aspx
https://sp2007.wgexchange.com/sites/wikitest/Wiki%20Pages/RDC1.aspx
RDC2 Shortcut - How to create icon to launch RDC to specific computer
Launch RDC to specific computer
C:\WINDOWS\system32>mstsc /v:10.102.169.24
C:\WINDOWS\system32>mstsc /v:10.102.169.24
RDC1 How to get in to RDC when all the connections are used
RDC1 How to get in to RDC when all the connections are used up. Remote Desktop max connection exceeded. Cannot login anymore to servers.
How to get in to RDC when all the connections are used up...
"... Go to Run and issue "mstsc /console" command. This will launch the same old Remote Desktop client you use every day. But when you will connect to remote desktops, it will connect you in Console Mode. Console Mode means connecting to the server as if you are right in front of the server and using the server's keyboard and mouse. Only one person can be connected in console mode at a time. Once you get into the console mode, it shows you the regular Windows GUI. There's nothing different about it. You can launch "Terminal Service Manager" and see the disconnected sessions and boot them out...”
http://www.codeproject.com/install/13disasters.asp
How to get in to RDC when all the connections are used up...
"... Go to Run and issue "mstsc /console" command. This will launch the same old Remote Desktop client you use every day. But when you will connect to remote desktops, it will connect you in Console Mode. Console Mode means connecting to the server as if you are right in front of the server and using the server's keyboard and mouse. Only one person can be connected in console mode at a time. Once you get into the console mode, it shows you the regular Windows GUI. There's nothing different about it. You can launch "Terminal Service Manager" and see the disconnected sessions and boot them out...”
http://www.codeproject.com/install/13disasters.asp
M$ Office 2007 Shortcut Keys
The new equivalent of [F3] == [CTRL] [ALT] [Y] == [CTRL] [Page (Down/Up)] (aka find next w/o a dialogue box)
http://office.microsoft.com/en-us/word/HP101476261033.aspx?mode=print
http://office.microsoft.com/en-us/word/HP101476261033.aspx?mode=print
NetMon2 Location - How to install
1. Open the Control Panel.
2. Click Add or Remove Programs.
3. Click Add/Remove Windows Components to open the Windows Components Wizard.
4. Select Management and Monitoring Tools. Click Details.
5. Check Network Monitor Tools, then click OK.
6. Click Next. If prompted for additional files, insert the installation CD.
7. At the end of the installation, click Finish.
http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1248316,00.html
2. Click Add or Remove Programs.
3. Click Add/Remove Windows Components to open the Windows Components Wizard.
4. Select Management and Monitoring Tools. Click Details.
5. Check Network Monitor Tools, then click OK.
6. Click Next. If prompted for additional files, insert the installation CD.
7. At the end of the installation, click Finish.
http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1248316,00.html
Network Monitor - Net Mon - Network Monitor tool - no data captured
Network Monitor
(aka netmon, Microsoft Network Monitor)
If you start NetMon and it does not gather any data make sure that you choose the correct network. [Tools] [Networks] [Local Computer] [Local Area Connection] If you just select [Local Computer] you may not record anything. Good article: http://www.windowsnetworking.com/articles_tutorials/Working-With-Network-Monitor-Part2.html
(aka netmon, Microsoft Network Monitor)
If you start NetMon and it does not gather any data make sure that you choose the correct network. [Tools] [Networks] [Local Computer] [Local Area Connection] If you just select [Local Computer] you may not record anything. Good article: http://www.windowsnetworking.com/articles_tutorials/Working-With-Network-Monitor-Part2.html
MOSS1 Sharepoint 2007 Training Videos
MOSS1 Sharepoint 2007 Training Videos
http://www.sharepointhosting.com/video_tutorials.html
http://www.sharepointhosting.com/video_tutorials.html
MMC1 Launch mmc console for AD w/ specific domain
Launch mmc console for AD w/ specific domain
c:>dsa.msc /domain=mccann.tech.int.digex.com
c:>dsa.msc /domain=mccann.tech.int.digex.com
JavaScript1 Debug Debugging JavaScript
Debugging client JavaScript in VS 2005
http://www.developerfusion.co.uk/show/5918/
http://www.developerfusion.co.uk/show/5918/
Internationalization Globalization HTML ASP Special Characters Non-US ASCII codes for characters
Special characters
http://www.bnl.gov/itd/web/ForeignLanguageCharacters.asp#Spanish
http://www.bnl.gov/itd/web/ForeignLanguageCharacters.asp#Spanish
IIS2 Reregister .Net versions 1.1, 2.0
To re-register ASP.NET for IIS:
.Net 1.1: C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i -enable
.Net 2.0: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i -enable
.Net 3.0: C:\Windows\Microsoft.NET\Framework\v3.0\aspnet_regiis.exe -i -enable
.Net 1.1: C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i -enable
.Net 2.0: C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i -enable
.Net 3.0: C:\Windows\Microsoft.NET\Framework\v3.0\aspnet_regiis.exe -i -enable
IIS Log File Location
IIS - website - properties - "web site" tab - "Active Log Format" Properties button - get log file name.
C:\WINDOWS\system32\LogFiles - match log file name to folder, find most recent
C:\WINDOWS\system32\LogFiles - match log file name to folder, find most recent
Changing the Hosts file to enable NetBIOS name resolution (vs ip)
Copy new Hosts files (LMHost and Host) to %System Root%\system32\drivers\etc\
Cmd exec nbtstat -R
Cmd exec ipconfig /flushdns
Works for SQL, RDC and the file system (i.e. \\net-biosname\c$ vs. \\ip\c$ )
Cmd exec nbtstat -R
Cmd exec ipconfig /flushdns
Works for SQL, RDC and the file system (i.e. \\net-biosname\c$ vs. \\ip\c$ )
Find in Files not working (VS 2003)
Find in Files not working
"No files were found to look in.Find was stopped in progress." in Visual Studio 2003
It also deserves a nomination in the problem solving category Spin around on your chair 3 times, clap your hands twice and then press... because the solution is to press Control + Scroll Lock and all is fixed. press... because the solution is to press Control + Scroll Lock and all is fixed.
http://blogs.ugidotnet.org/franny/archive/2005/12/08/31303.aspx
"No files were found to look in.Find was stopped in progress." in Visual Studio 2003
It also deserves a nomination in the problem solving category Spin around on your chair 3 times, clap your hands twice and then press... because the solution is to press Control + Scroll Lock and all is fixed. press... because the solution is to press Control + Scroll Lock and all is fixed.
http://blogs.ugidotnet.org/franny/archive/2005/12/08/31303.aspx
AD Abbreviations Active Directory Attribute WinNT property LDAP property
http://www.rlmueller.net/Name_Attributes.htm
Names for Objects in Active Directory
One of the biggest confusions with Active Directory is the many “names” that can be used to refer to or describe an object. Most of these “names” are attributes (or properties) of the object. There is even a property method called “Name”. A Property Method is actually a method (a function) that calculates a value from other properties.
Note that the terms “attribute” and “property” are interchangeable. The name of a property or attribute is like the name of a variable. The actual value of the property can be assigned by the network administrator, or sometimes by the system.
Some of the confusion arises because the same attribute can have a different name depending on the provider used. Even worse is that sometimes the same attribute name can refer to a different attribute, depending on the provider. The following table attempts to clarify the situation.
The “Name” property of the WinNT provider is sometimes called the “NT Name”, because it is the name used in NT networks. The WinNT “Name” property of a user object is the pre-Windows 2000 logon name. The LDAP provider calls this attribute “sAMAccountName”. The value can be the same as the value assigned to the LDAP “cn” attribute, but it does not have to be. This can be a major source of confusion. You cannot retrieve the “cn” attribute with the WinNT provider.
The “Name” property method of the LDAP provider is the same as the “cn” property, but with the string “cn=” appended in front. For example, if cn = “TestUser”, then Name = “cn=TestUser”. The "Name" property method returns the Relative Distinguished Name (RDN) of the object.
The same attribute called “FullName” using the WinNT provider is called “displayName” using LDAP. Many of the other attributes used to identify users are only exposed by the LDAP provider.
Both providers expose an “AdsPath” attribute, but this is actually a “Property Method”. It is the binding string used to bind to the object with the provider. The LDAP provider also exposes a “distinguishedName” attribute. It is the same as “AdsPath”, but without the provider moniker (“LDAP://”) in the string. The “distinguishedName” property of an object might be something like “cn=TestUser,ou=Sales,dc=MyDomain,dc=com”. It uniquely specifies the object in Active Directory. It includes the Relative Distinguished Name of the object, plus the full path to the container holding the object in Active Directory.
The “userPrincipalName” is an alternative name for the user to logon with. It is in the form “LogonName@DNSDomain”. For example, it could be “Joe User@MyDomain.MyCompany.com”. This attribute is not always assigned a value in Active Directory.
The only attributes in the table above that are mandatory are “SAM-Account-Name” and “Common-Name”. If a user object is created with the LDAP provider, values must be specified for both “cn” and “sAMAccountName”. If a user object is created with the WinNT provider, only the “Name” attribute is specified (“SAM-Account-Name”), but “Common Name” is automatically assigned to the same value. If a user object is created in the “Active Directory Users and Computers” MMC, the names default as follows. You specify the “First Name”, “Initials”, and “Last Name” of the user (the “givenName”, “initials”, and “sn” attributes). The field labeled “Full Name” defaults to be . . This string is assigned to the “cn” attribute (Common Name). You are allowed to overwrite the default. The fact that the cn attribute is referred to as “Full Name” is another source of confusion. In the “New Object – user” dialog you are also required to specify a “User logon name”. This, in combination with the DNS domain name, becomes the “userPrincipalName”. Finally, As you key in “User logon name”, the field “pre-Windows 2000 logon name” is filled in for you with the first 20 characters of “User logon name”. This becomes the “sAMAccountName” attribute.
The full NT name of an Active Directory object is in the form “NetBIOSDomain\sAMAccountName”. An example could be:
MyDomain\TestUser
The full LDAP name of the same object could be specified by:
cn=Test1,ou=Sales,ou=East,dc=Domain1,dc=com
As you can see, the “sAMAccountName” attribute does not have to be the same as the “cn” attribute. In addition, the DNS domain name (Domain1.com above) does not have to match the NetBIOS domain name (MyDomain above). This can make “finding” objects in Active Directory difficult. Fortunately, the NameTranslate object is generally available to convert names between these two forms.
It should be noted that the sAMAccountName attribute of any object must be unique in the domain. The userPrincipalName must be unique in the forest. However, the cn attribute (common name) must only be unique in the container or organizational unit. There can be several objects with the same cn, as long as they are in different containers. Note, however, that the distinguishedName will always be unique in the forest.
A final concept to discuss is the relative distinguished name, abbreviated RDN. For a user object, this is the common name (cn) attribute. The Name property method returns the RDN. The RDN of any object is the first part of the distinguishedName, abbreviated DN, of the object. For example, if the DN of a computer object is:
cn=Minnesota,cn=computers,dc=MyDomain,dc=com
Then, the RDN is “cn=Minnesota”.
A few naming abbreviations:
cn Common Name
ou Organizational Unit
dc Domain Component
dn Distinguished Name
rdn Relative Distinguished Name
upn User Principal Name
Names for Objects in Active Directory
One of the biggest confusions with Active Directory is the many “names” that can be used to refer to or describe an object. Most of these “names” are attributes (or properties) of the object. There is even a property method called “Name”. A Property Method is actually a method (a function) that calculates a value from other properties.
Note that the terms “attribute” and “property” are interchangeable. The name of a property or attribute is like the name of a variable. The actual value of the property can be assigned by the network administrator, or sometimes by the system.
Some of the confusion arises because the same attribute can have a different name depending on the provider used. Even worse is that sometimes the same attribute name can refer to a different attribute, depending on the provider. The following table attempts to clarify the situation.
The “Name” property of the WinNT provider is sometimes called the “NT Name”, because it is the name used in NT networks. The WinNT “Name” property of a user object is the pre-Windows 2000 logon name. The LDAP provider calls this attribute “sAMAccountName”. The value can be the same as the value assigned to the LDAP “cn” attribute, but it does not have to be. This can be a major source of confusion. You cannot retrieve the “cn” attribute with the WinNT provider.
The “Name” property method of the LDAP provider is the same as the “cn” property, but with the string “cn=” appended in front. For example, if cn = “TestUser”, then Name = “cn=TestUser”. The "Name" property method returns the Relative Distinguished Name (RDN) of the object.
The same attribute called “FullName” using the WinNT provider is called “displayName” using LDAP. Many of the other attributes used to identify users are only exposed by the LDAP provider.
Both providers expose an “AdsPath” attribute, but this is actually a “Property Method”. It is the binding string used to bind to the object with the provider. The LDAP provider also exposes a “distinguishedName” attribute. It is the same as “AdsPath”, but without the provider moniker (“LDAP://”) in the string. The “distinguishedName” property of an object might be something like “cn=TestUser,ou=Sales,dc=MyDomain,dc=com”. It uniquely specifies the object in Active Directory. It includes the Relative Distinguished Name of the object, plus the full path to the container holding the object in Active Directory.
The “userPrincipalName” is an alternative name for the user to logon with. It is in the form “LogonName@DNSDomain”. For example, it could be “Joe User@MyDomain.MyCompany.com”. This attribute is not always assigned a value in Active Directory.
The only attributes in the table above that are mandatory are “SAM-Account-Name” and “Common-Name”. If a user object is created with the LDAP provider, values must be specified for both “cn” and “sAMAccountName”. If a user object is created with the WinNT provider, only the “Name” attribute is specified (“SAM-Account-Name”), but “Common Name” is automatically assigned to the same value. If a user object is created in the “Active Directory Users and Computers” MMC, the names default as follows. You specify the “First Name”, “Initials”, and “Last Name” of the user (the “givenName”, “initials”, and “sn” attributes). The field labeled “Full Name” defaults to be
The full NT name of an Active Directory object is in the form “NetBIOSDomain\sAMAccountName”. An example could be:
MyDomain\TestUser
The full LDAP name of the same object could be specified by:
cn=Test1,ou=Sales,ou=East,dc=Domain1,dc=com
As you can see, the “sAMAccountName” attribute does not have to be the same as the “cn” attribute. In addition, the DNS domain name (Domain1.com above) does not have to match the NetBIOS domain name (MyDomain above). This can make “finding” objects in Active Directory difficult. Fortunately, the NameTranslate object is generally available to convert names between these two forms.
It should be noted that the sAMAccountName attribute of any object must be unique in the domain. The userPrincipalName must be unique in the forest. However, the cn attribute (common name) must only be unique in the container or organizational unit. There can be several objects with the same cn, as long as they are in different containers. Note, however, that the distinguishedName will always be unique in the forest.
A final concept to discuss is the relative distinguished name, abbreviated RDN. For a user object, this is the common name (cn) attribute. The Name property method returns the RDN. The RDN of any object is the first part of the distinguishedName, abbreviated DN, of the object. For example, if the DN of a computer object is:
cn=Minnesota,cn=computers,dc=MyDomain,dc=com
Then, the RDN is “cn=Minnesota”.
A few naming abbreviations:
cn Common Name
ou Organizational Unit
dc Domain Component
dn Distinguished Name
rdn Relative Distinguished Name
upn User Principal Name
ADSI
ADSI linked server needed to run/connect as a network service account
http://forums.asp.net/p/588030/1456487.aspx
" ... This was quite an old post. But I'll just confirm that the issue is probably due to the service account that MSSQLSERVER service runs under needs to have domain access to query ADSI. Use a domain account to run the service and you should be fine, see info here: http://www.codeproject.com/aspnet/LikeDataStores.asp ..."
Other ...
Check that you have (sql) rights ...
Check entries in the hosts and lmhosts files
Currently working ADSI query
SELECT TOP 30 *
FROM OPENQUERY ( ADSI,
'SELECT givenName, SN, displayName, mail, sAMAccountName,Department, Division, EmployeeId
FROM ''LDAP://serverwithfulldomain/baseDN''
WHERE objectCategory = ''Person'' AND
objectClass = ''user''')
Fully Qualified Name
http://forums.asp.net/p/588030/1456487.aspx
" ... This was quite an old post. But I'll just confirm that the issue is probably due to the service account that MSSQLSERVER service runs under needs to have domain access to query ADSI. Use a domain account to run the service and you should be fine, see info here: http://www.codeproject.com/aspnet/LikeDataStores.asp ..."
Other ...
Check that you have (sql) rights ...
Check entries in the hosts and lmhosts files
Currently working ADSI query
SELECT TOP 30 *
FROM OPENQUERY ( ADSI,
'SELECT givenName, SN, displayName, mail, sAMAccountName,Department, Division, EmployeeId
FROM ''LDAP://serverwithfulldomain/baseDN''
WHERE objectCategory = ''Person'' AND
objectClass = ''user''')
Fully Qualified Name
Datalanbiguity
Datalanbiguity
(noun, intransitive) : The act or state of being held responsible for performing activities of which you are not aware and for which the instructions are not forthcoming from those aware of the activities which are to take place
(noun, intransitive) : The act or state of being held responsible for performing activities of which you are not aware and for which the instructions are not forthcoming from those aware of the activities which are to take place
Subscribe to:
Posts (Atom)