The Blog Wrap-Up for March 2011

%System%\System32 secrets: change Change money, change your life? No, just change the way your terminal server behaves Some new cool betas MS issued several absolutely awesome betas – join the programs and influence the products on their early stages Delegate permissions for creating GPO objects in other domain You cannot delegate this permission easily, let’s do it “hard way” which is not particularly hard, actually Too many smart-cards inserted. Good thing: no need to throw them away Do you see the message? Problem solved! %SystemRoot%\System32 Secrets: certreq Systemroot continues to reveal its secrets %SystemRoot%\System32 secrets: BITSAdmin Download files even after … Continue reading The Blog Wrap-Up for March 2011

%System%\System32 secrets: change

Another old-timer here. I cannot remember when I last used it, but I guess it still can be useful in a number of situations. For example I used to use it to install new software on a terminal server or to cease users logins to it. Now I usually don’t touch terminal servers and as far as I know they have other means to complete these tasks. Anyway, Windows 2003 is still in place and we still have the command around. It can the following:   Change logon setting: we can turn new logons to the TS. Just change logon … Continue reading %System%\System32 secrets: change

Some new cool betas

During the past week or so there were several messages spread about availability of betas for some products of MS and some new tools. Some of them are definitely of interest to me and, probably, for you. The first is VMM SSPv2 SP1 Such a nice an abbreviation, isn’t it? =) It stands for Virtual Machine Manager Self-Service Portal v2 with SP1. Being a bit buggy, it is still a very cool application. I’m going to use it as soon as it is released, and now we are using it in a test environment. New features: You can import machines … Continue reading Some new cool betas

Delegate permissions for creating GPO objects in other domain

The task is obviously necessary to complete on your way to implementing Role-Based Administration concept. And, to be honest, being in euphoria after quick acquaintance with AGPM I thought that it was no deal at all: give an account or a group a membership in some special groups including “Group Policy Creator Owners” and voila – you’ve got it. Aha. Like hell it can succeed! =) This darn group is global and thus cannot be populated with objects from other domains. And moreover, you are unable to change the fact: everything is dimmed. At least I don’t know a way … Continue reading Delegate permissions for creating GPO objects in other domain

Too many smart-cards inserted. Good thing: no need to throw them away

Some time ago I used to issue certificates on Aladdin (now SafeNet) eToken  smart-cards through a CA web-nterface. Occasionally it was hard to accomplish, because when I tried to do that I received the following error: "Too many smart-cards inserted. please insert only one smart-card" Wow! But I need two: one – eToken with a certificate for enrollment the second – for a new certificate May be CA thinks that I have too much of them generally and I need throw away them? No, fortunately (they cost much when in bulk, you know) it is not the case. Moreover, there … Continue reading Too many smart-cards inserted. Good thing: no need to throw them away

%SystemRoot%\System32 Secrets: certreq

The next two candidates for the series from System32 folder were bootcfg and cacls (I’m going through them alphabetically). But they are deprecated and, what’s important too, I’ve managed to learn theirs new variants. Moreover, I’ve already described BCDEdit, which is a successor to bootcfg (and I’ve managed to learn how to use the new one ;)). Therefore I’m skipping these two commands and go straight to certreq command. So, certreq. It is more for advanced admin use, then for general user. But still it is good to remember of it… Just in case you need to: create new request … Continue reading %SystemRoot%\System32 Secrets: certreq

%SystemRoot%\System32 secrets: BITSAdmin

Another deprecated friend of mine. But I still like it, really. First of all because I haven’t still found enough time to get acquainted with all that *-BITSTransfer PowerShell comandlets. Second… Well, there is nothing for the “second”, naturally =) But still – it is a great command and I’d like to make a tribute to it with this article, because it is AWESOME! It is soooo powerful! Even though I used it usually just to be sure I would download the file regardless of network loss or whatever, it can do much more. Download or upload, retry these tasks, … Continue reading %SystemRoot%\System32 secrets: BITSAdmin

Wildcard certificates drawbacks

That’s one of the referrers from search systems which leads users to my blog. Ok, there certainly are drawbacks, so why not? But first things first: what are those wildcard certificates? In order to protect communications with some web-services or web sites (not only them, actually) we use SSL certificates. I have to say, that it doesn’t, actually, mean that every site with https prefix and valid certificate is valid itself or communications with it are protected, but that’s not for today’s discussion. Anyway, SSL certificates are somewhat brilliant and somewhat ugly, but they are our reality for now and … Continue reading Wildcard certificates drawbacks

%SystemRoot%\System32 secrets: BCDEdit

Ok, next item in our list is not to be actually very much used. Troubleshooting OS boot, creating some boot options, that’s it. But actually it is worth knowing about it. Nevertheless, what you can do with it can be quite awesome… If you need it =) For example, you can enable and configure EMS (Emergency Management Services) for any boot entry in your list. Or you can enable kernel debugging. Some wicked tongues tell that you can even arrange a dual boot with some other OS if you want. I’m going to check it one of these days… Someday … Continue reading %SystemRoot%\System32 secrets: BCDEdit