Archives for category: Windows

So What Brought This On?

Well we are in the process of adding a new SAN to our network at one of our locations.  The path to the roaming profile folders will need to change as a result of this.  However, we only need to make this change for a group of users at a specific location and whose roaming profile is currently pointing to the old server.

PowerShell to the Rescue!

Whenever I get the chance to write a PowerShell script, I get sorta excited about it.  Since we are still on Windows XP SP3 over here, I don’t get the chance to do a lot of cool stuff and all of our servers are not yet running Windows Server 2008 (even though we are getting there).

So I decided to write a handy script that will automate this process for me.  There are a few things to be aware of when running this script.
I ran into an issue when I attempted to run the script from a Domain Controller.  I was getting the message Set-ADUser : Insufficient access rights to perform the operation.  There must be some type of security setting or something that disallows this Active Directory editing locally.

So I tried pointing it to a server running Windows Server 2003 by using the -Server parameter but got the following message: Unable to contact the server.  This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.  This would be because it’s a Windows 2003 Server Domain Controller (duh).

So I pointed it to another domain controller running Windows Server 2008 and it worked just fine.

The Script



Changes the roaming profile path of all Downtown user accounts in Active Directory to a new location.


Searches Active Directory for all users whos profiles reside on OLDNAS and changes their profile path to a share on NEWNAS


PS C:\>Change-ProfilePath-for-Downtown-Users


# Import the AD Module

Import-Module ActiveDirectory -ErrorAction SilentlyContinue

# Get credentials

$AdminCredentials = Get-Credential

# Get users from Active Directory

$Users = Get-ADUser -Filter {ProfilePath -like "\\OLDNAS\profiles*"} -Properties ProfilePath | Sort SamAccountName

# Loop through the users and change their profile paths

ForEach ($User in $Users ) {

Write-Host "Changing Profile for User:" $User .Name

$ProfilePath = "\\NEWNAS\PROFILES$\" + $User .SamAccountName

Set-ADUser $User -ProfilePath $ProfilePath -Credential $AdminCredentials -Server "lafayettedc2.citysecurities.local"



Sluggish VMware Console

I have been meaning to post this simple fix for a while now but I’m been ridiculously busy over the past several months.  I hope to get back into the routine of blogging again more frequently.

Anyway, after I installed Windows Server 2008 R2 on a few VMs that I created, I noticed that video performance was sluggish when using the VMware Console.  This is an easy fix but it’s a pain.  Here’s what I did to resolve the issue.

Update the Driver to Fix It!

  1. Login to Windows Server 2008 R2 on the VM.
  2. Click Start and in the search box type either compmgmt.msc or Computer Management–whichever one that you like.
  3. In the Computer Management console select Device Manager.  In the center pane (or right pane if you do not have the Actions pane open), expand Display adapters.
  4. Right-click on the display adapter that appears and select Update Driver Software… from the context menu.
  5. Select Browse my computer for driver software.
  6. In the Search for driver software in this location: box, type or browse to: C:\Program Files\Common Files\VMware\Drivers\wddm_video.  Click the Next button.
  7. The search should find the VMware SVGA 3D (Microsoft Corporation – WDDM) driver.  Click the Close button and Yes to restart the computer.

Perform these steps after you have installed VMware Tools.

Banging My Head

Today and late yesterday I was banging my head on the wall trying to install SharePoint 2010 on a newly imaged server running Windows Server 2008 R2.  I ran the Pre-Requisite Installer (i.e. PreRequisiteInstaller.exe) found on the media for SharePoint 2010.  I was consistently getting the error message from the wizard along the lines of the installation failed due to a pending restart of the computer.

I took a look at the log files and found these entries in the log that gave a hint as to what might be the issue.

Install process returned (0X3E9=1001)
[In HRESULT format] (0X800703E9=-2147023895)
Last return code (0X3E9=1001)
Error: A pending restart blocks the installation

I looked around for answer but could find nothing.  That would directly resolve the issue.  So I went out to Windows Updates and applied all of the latest updates and this somehow resolved it for me.

Just wanted to pass this along just in case anyone else was having an issue with this.

P.S. I am aware that some people have fixed this issue by editing or deleting a few keys in the registry but this did not resolve the issue for me.  I’d encourage you to try those first to see if they work.

The Saga

I’ve definitely been beating my head on the desk with this one for a few days but finally found a solution thanks in part to Google.  I was attempting to install Additional Drivers for a printer that was shared/installed on a print server running Windows Server 2008 R2.  If you are reading this, then you no doubt have experienced the severe shortcoming by Microsoft in this area of O/S functionality.  It’s simply broken and I’m surprised that they have yet to fix it (I guess they want us all to move to Windows 7 ASAP).

When attempting to install the x86 User Mode drivers, I was first prompted for the location of the drivers.  Then soon after I was prompted for the Windows Server x86 installation media.  Huh?  Come to find out, the installer wanted the ntprint.inf file.  Unfortunately, there’s no easy way to get to this file because the installer will not accept it from the C:\Windows\inf folder or from the latest Windows Server 2008 media directly.

The solution is to utilize the Windows AIK‘s imagex tool to mount the install.wim file so that you can grab the ntprint.inf (and all of the other files necessary for installation).  So here’s how I got it resolved.

How to Install the ntprint.inf File on Windows Server 2008 R2

  1. Download and install the Windows AIK.   This particular one is for Windows Vista and Windows Server 2008.  Here’s the one for Windows 7 and Windows Server 2008 R2.  I didn’t perform these steps with the latter but if anyone wants to give it a shot, let me know.
  2. Insert the installation media for Windows Server 2008 32-bit and go to [drive]:\sources\ folder.
  3. Copy the install.wim file to a temporary folder–let’s say C:\TEMP.
  4. Create a folder to act as a mount point–let’s say C:\MOUNT will act as the mount point.
  5. After installing the Windows AIK on a server, go into the installation directory for Windows AIK.  On my machine it’s, C:\Program Files\Windows AIK.
  6. In the Windows AIK folder type the following command to mount the image: imagex /mount C:\TEMP\install.wim 1 C:\MOUNT.  This will mount the image in the C:\MOUNT folder so that you can browse its contents.
  7. Once the image is mounted go to C:\MOUNT\Windows\System32\DriverStore\FileRepository\ntprint.inf_xxxxxxxx, where the string of x’s represent a hexadecimal number.
  8. Within my particular install.wim file, there were 2 folders with the ntprint.inf_ name, so copy both of them to a network location that is accessible by your print server.
  9. Once the files have been copied go back to your print server and attempt to install the drivers again.  But, this time, when it asks for the ntprint.inf files, direct the installer to the network location that you copied the folders to.  I choose just 1 of the 2 folders that I copied (this first one) and the installation completed for me–printer installed just fine.
  10. (Cleanup) Go back to the Windows AIK and run imagex /unmount C:\MOUNT to unmount the image.

This sparred me a few brain cells so I hope to save a few of yours as well.  Good luck.


Just added a new branch office to our organization and in keeping with the new standards that I have imposed for server operating systems, all servers at this location are running Windows Server 2008 R2.  I had read awhile back that there were a few things to be aware of when creating a SCCM Secondary Site in Windows Server 2008 R2. These secondary sites will only be Management Points and Distribution Points.  So here’s how I got it all to work.

Remote Differential Compression (RDC)

According to the TechNet articleon this very same topic, “site servers and branch distribution points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. By default, RDC is not installed on Windows Server 2008 or Windows Server 2008 R2 and must be enabled manually.”

  1. Launch Server Manager.  Select Features then Add New Features.
  2. Select Remote Differential Compression.  Click Next then Install.


There are a few things that need to be done in IIS7.5 to get things to work.  Even in IIS6 there were/are several configuration steps that needed to be performed in order to get this to work.  Some of these steps are similar to what you need to do if running IIS6.

  1. Launch Server Manager.
  2. Select Features then Add Features.
  3. Select Background Intelligent Transfer Service (BITS) which will then require that Web Server (IIS) and Remote Server Administration Tools be installed.
  4. Select Add Required Role Services.
  5. Click  Next.
  6. At the Role Services step select WebDAV Publishing, ASP.NET and Add Required Role Services.
  7. (Optional) I checked ASP just in case I wanted to make this server a Reporting Point in the future.
  8. Select Windows Authentication under Security.
  9. Under IIS Management Compatibility select the following: IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility.
  10. Click Next then Install.

WebDAV Configuration

  1. Once IIS7.5 is installed open the IIS Manager.  To keep things simple and to avoid any future problems, I rename the Default Website to SMSWEB.  There will be no other websites running off of this particular server so it’s not a problem.
  2. Select SMSWEB and in the Features View select WebDAV Authoring Rules.
  3. Once in the screen select Enable WebDAV from the Actions pane then select Add Authoring Rule…
  4. Allow access to: All Content, Allow access to this content to: All Users, Permissions: Read
  5. Select WebDAV Settings.
  6. Set Allow Anonymous Property Queries to True.  Set Allow Custom Properties to False.  Set Allow Property Queries with Infinite Depth to True.  Set Allow Hidden Files to be Listed to True.  In the Action pane click Apply.

Final Configurations

There is one more thing that needs to be done to prepare for installing the Secondary Site now that we have IIS7.5 and WebDAV configured correctly.  You may already be aware that this step needs to be taken, but I’ll list it anyway for those that have no clue or might forget.

  1. Go to Active Directory Users and Computers.
  2. From the View menu item in the MMC console select Advanced Features if it’s not already checked.
  3. Expand the System container and right-click on System Management  and select Properties.
  4. Go to the Security tab and add the Secondary Site server to the list granting it Full Control.

Now you are ready to add this site as a Secondary Site in SCCM. Update (Mar 23, 2012)

  1. Also be sure to add the computer account of the primary site server to the Local Administrators group of the secondary site server.

Update (Apr 10, 2012)

  1. Open up IIS Manager.
  2. Expand the SMSWEB site.
  3. Right-click on the CCM_CLIENT folder and select Edit Permissions.
  4. Click the Security tab and grant the Everyone group Read permissions.

Update (Apr 11, 2012)There are a few additional Secondary Site settings that I found need to be made especially if you are using a custom port number for your Management Point.  Here we use a custom port number and I ran into an issue with clients not updating correctly.  What I discovered was that the Windows Firewall needed to have a custom rule added to it so that clients could communicate properly.

  1. Launch Server Manager on the Secondary Site server.
  2. Expand Configuration > Windows Firewall with Advanced Security
  3. Right-click on Inbound Rules and select New Rule.
  4. The New Inbound Rule Wizard will launch.  Select Port (Rule that controls connections for a TCP or UDP port)
  5. Select TCP for the protocol and in the Specific local ports: box enter the custom port number for the management point(s) in your environment.
  6. Allow the connection.
  7. Set the rule to apply to Domain, Private and Public (or whatever is relevant in your environment).
  8. Set the name to World Wide Web Services (HTTP Traffic-In) – SCCM or whatever you’d like for it to be.

One other thing that I changed was to add the Default Application Pool account and the application pool for the distribution point (if applicable) to the IIS_IUSRS group.  Since these users cannot be found easily using Select Users, Computers, Service Accounts, or Groups dialog box you have to enter them a certain way.

  • For the DefaultAppPool enter IIS APPPOOL\DefaultAppPool.
  • For the SMS Distribution Points Pool enter IIS APPPOOL\SMS Distribution Points Pool.
  • Be sure to change the Location to the local machine.

Thanks to VMware Technical support on this one, thought I’d share the solution with you all.

The Issue

So the issue is/was that I would create a virtual machine from a template which had the Windows 7 O/S installed on it.  VMware uses the built-in sysprep for Windows 7 and Windows Server 2008 so there is no need to edit anything on the vCenter Server.  I used Customization Specifications to configure the cloned machine.

Well, it appears as though at the Workgroup or Domain step of the Customization Specifications Wizard you must used the Fully Qualified Domain Name (FQDN) in the Windows Server Domain box.  You also must use a <username>@fqdn (ex. in the Specify a user account that has permission to add a computer to the domain box.

Go here for the official VMware KB Article:  Windows 2008 guest customization fails to join deployed virtual machine to Active Directory domain


We’re a Windows shop here.  So when the topic came up from our Application Developer to test out WordPress as the platform for our next website we knew that it would be the unconventional approach to doing things.  But, I’m always up for the challenge.  Since I could find no concise guide to getting this done I figured I’d share my approach with you all to ease some of the pain.

The Environment

  • The server is a VM running Windows Server 2008 R2 which is of course 64-bit.  This is now the standard O/S platform for all newly created servers in our environment.
  • The database server will not be SQL Server Express as we have a VM running SQL Server 2008 SP1 in our environment.  This guide is written for those who have this setup as most of the guides that you find around the web assume that installing SQL Server Express locally is acceptable.
  • Keep in mind that this installation is intended for a development environment and not for production.  It’s safe to assume that additional security measures will need to be taken before employing IIS, WordPress or any of the other components in a production environment. Read the rest of this entry »

The Situation

I always love the day after I push Software Updates to servers.  It gives me an opportunity to hone my troubleshooting skills a bit.  This morning when doing the usual putting out fires routine, I discovered that the VMware VirtualCenter Server service was not running.  So I rebooted the machine and still the service would not run.  So I figured that maybe the database is not up and running yet, when the vCenter service is trying to run.

I consider this because I was able to run the service manually after the server had completely come up.  So I figured I should put in a dependency for the VMware VirtualCenter Server service to run after the SQLExpress service is up.  Please note that SQLExpress is on the same virtual machine as the vCenter Server installation. Read the rest of this entry »