Deploying software through GPO in Win 2008 server R2

This feature allows administrators to remotely deploy/install an application which is required by all computers/users on a domain or in an organizational unit. The installation is done without user interaction, usually during startup.

Before performing the steps below, make sure that the application is a .MSI file

Here are the steps;

1. Logon to the SERVER/domain controller with administrative credentials.

2. Open the Group Policy Management console by going to the Administrative Tools on Start menu.

3. Right click on the organizational unit/domain (LGA.local) on which the group policy containing the software installation process will apply.

4. From the appeared menu, click on create a GPO on this domain, and Link it here and from the opened box, specify the name for the new Group Policy object.

5. Right click on the newly created GPO and from the menu click Edit.

6. On the opened snap-in expand Policies -> Software settings under Computer configurations category.

7. Right click on Software Installation and from the appeared menu click New.

8. From the appeared submenu click Package and on the opened box in File name text box, specify the path where the software package (.MSI file) to be deployed via group policy.

9. Click on Open button.

10. On deploy software box make sure that Assigned radio button is selected or ticked and click on Ok button to save the changes.

11. Open the command prompt and type gpupdate /force to update the settings and make them persistent.

Cisco wireless LAN access point( AIR-LAP1142N-A-K9) setup

Connect WLAN controller (Cisco WLAN controller 2106) to PC
using blue console cable and RS232 to USB adapter.

On PC, start HyperTerminal (in Start / Programs / Accessories / Communication).
If not done already, create a connection named Cisco, using the Com port of the adapter (Info available in Device manager) at 9600 bps, 8 bits, no parity, 1 stop bit, no flow control.

Power the WLAN controller on.
The hyper terminal window provides access to the CLI (command line interface).
It will first display the boot sequence.

If the device has been configured before but the configuration needs to completely redone,
type “Recover-Config” when prompted for a user name. System will reboot and …

When prompted for…	Type in…
System name	WLAN_TEST
User Name	Admin
Password	******
Management interface IP	192.168.0.10
Net mask IP	255.255.255.0
Router IP	192.168.0.11
VLAN	[leave blank]
Port	1
DHCP IP	192.168.0.100
AP manager IP	192.168.0.11
Virtual gateway IP	1.1.1.1
Group name	Group
Network name	AP_TEST
Allow static IP	Yes
Config RADIUS server	No
Country code	US
802.11b network	Yes
802.11a network	Yes
802.11g network	Yes
Auto RF	Yes
Save settings	Yes

System will save the configuration and reboot.

Connect port 1 of the controller to the office wired network.

On the PC (also connected to the office network), open the web browser (FireFox) and
type “https:\\192.168.0.10” in the address bar. If prompted, accept the security exception.
The web browser window provides access to the GUI (graphic user interface).
It will first prompt for user name and password.

In the GUI header, click on “WLANs” to get to the WLANs page..
In the WLANs page click on the WLAN ID “1” in front of the “Dignitas” WLAN to edit its configuration..
In he WLAN edit page, click on the “Security” tab.
Under the security tab click on the “Layer2” tab.
Under the security layer2 tab, select “WEP” option-
Under WEP parameters, set “Key size” to 104 and “Encryption key” to the value given.
Click “save configuration” in the top right corner of the GUI header.
Click “logout” in the top right corner of the GUI header.

Optionally, disconnect the (blue) console cable from the WLAN controller and connect it to the AP (Access Point) (Cisco Aironet 1140) to display the AP boot sequence in the terminal window.

Connect the AP to the WLAN controller port 7 or 8 (only those two can power up the AP through PoE).
AP will boot up and connect to the controller. When ready the indicator should be steady green and turn blue when clients are connected. If required use AP CLI and controller GUI for diagnose and remediation.

DHCP Reservations

Dlink Wireless Routers have an option that lets one reserve IP addresses, and assign the same IP address to the network device with the specified MAC address any time it requests an IP address.

This is almost the same as when a device has a static IP address except that the device must still request an IP address from the D-Link router. The D-Link router will provide the device the same IP address every time. DHCP Reservations are helpful for server computers on the local network that are hosting applications such as Web and FTP. Servers on your network should either use a static IP address or use this option.

In my case, i have assigned a range of IP addresses to a number of computers such that i am able to restrict on the time they can access the internet. e.g. all computers having the IP addresses ranging from 192.168.0.130 to 192.168.0.150 can not access internet from 08:00 -12:00 and then from 13:30 - 16:30 from Monday to Friday.

This sounds simple but fantastic to me.

Computer Name

You can assign a name for each computer that is given a reserved IP address. This may help you keep track of which computers are assigned this way. Example: mfile_Server .

IP Address :

The LAN address that you want to reserve.

MAC Address

To input the MAC address of your system, enter it in manually or connect to the D-Link router's Web-Management interface from the system and click the Copy Your PC's MAC Address button.

A MAC address is usually located on a sticker on the bottom of a network device. The MAC address is comprised of twelve digits. Each pair of hexadecimal digits are usually separated by dashes or colons such as 00-0D-88-11-22-33 or 00:0D:88:11:22:33. If your network device is a computer and the network card is already located inside the computer, you can connect to the D-Link router from the computer and click the Copy Your PC's MAC Address button to enter the MAC address.

As an alternative, you can locate a MAC address in a specific operating system by following the steps below:

Windows 98 Windows Me	Go to the Start menu, select Run, type in winipcfg, and hit Enter. A popup window will be displayed. Select the appropriate adapter from the pull-down menu and you will see the Adapter Address. This is the MAC address of the device.
Windows 2000 Windows XP	Go to your Start menu, select Programs, select Accessories, and select Command Prompt. At the command prompt type ipconfig /all and hit Enter. The physical address displayed for the adapter connecting to the router is the MAC address.
Mac OS X	Go to the Apple Menu, select System Preferences, select Network, and select the Ethernet Adapter connecting to the D-Link router. Select the Ethernet button and the Ethernet ID will be listed. This is the same as the MAC address.

Install and Enable SNMP Service in Windows XP, Vista and 2003

SNMP (Simple Network Management Protocol) is an internet protocol used in network
management systems to monitor network-attached devices such as computers, servers,
routers, switches, gateways, wireless access points, VoIP phones, and etc. for conditions
that warrant administrative attention. SNMP provides management data in the form of
variables on the managed systems, which describe the system configuration parameter or
current status value. These variables can then be read and queried (or sometimes set or
write) by managing applications. Windows system running XP, Vista or 2003 does not
turn on SNMP service by default, thus users need to manually install and enable SNMP
service.
Note that you must be logged on as an administrator or a member of the Administrators
group in order to complete this procedure. If your computer is connected to a network,
network policy settings may also prevent you from completing this procedure.
How to Install and Enable the SNMP Service
1. In Windows XP and Windows 2003, click Start button, then go to Control Panel
and run Add or Remove Programs applet. On Add or Remove Programs dialog,
click Add/Remove Windows Components to open Windows Components
wizard.
In Windows Vista, click Start button, then go to Control Panel. Click on
Programs link and then click on Turn Windows features on or off. If you’re
prompted with User Account Control dialog, click “Continue”.
2. In Components of Windows XP and 2003, click on the Management and
Monitoring Tools (make sure that you do not select or clear, tick or untick its
check box to change the existing selection), and then click Details.
In Windows Features of Vista, locate SNMP feature.
3. Select and tick the check box of Simple Network Management Protocol or
SNMP feature.
4. Click OK. Also click Next if you’re in Windows XP or 2003. SNMP service will
be installed on the system. You may require to insert the Windows setup
CD/DVD disc into optical drive.
5. SNMP will start automatically after installation. But it’s recommended to verify
the service status from Services in Control Panel, and if it’s stopped, you can start
the SNMP service from there.
Two new services will be created:
1. SNMP Service which is the main engine with agents that monitor the
activity in the network devices and report the information to the
monitoring console workstation.
2. SNMP Trap Service which receives trap messages generated by local or
remote SNMP agents and forwards the messages to SNMP management
programs running on this computer.
Windows doesn’t assign any community string to the SNMP service by default, and also
only allow access from localhost or local devices. Further configuration is needed to add
in desired community string, which act as the password to grant reply to any SNMP
request from remote system.
How to Configure SNMP Service (Add “public” community string)
1. Click on Start button, then go to Control Panel.
2. In Windows Vista, click on System and Maintenance link.
3. Open Adminstrative Tools.
4. Run Services applet.
5. Locate and right click on SNMP Service, then select Properties.
6. In SNMP Service Properties window, click on Traps tab.
7. In the “Community name” text box, enter public or any other case-sensitive
SNMP community name to which this computer will send trap messages.
8. Click on Add to list button.
How to Configure Security for SNMP Service for a Community
1. Continue from above steps, click on Security tab. If you already close SNMP
Service Properties window, re-open it.
2. Under “Accepted community names” section, click Add button.
3. Select the appropriate permission level for the community string in the
“Community Rights” drop down list to specify how the host processes SNMP
requests from the selected community. Normally READ ONLY is recommended.
4. In the “Community Name” box, type public or any case-sensitive community
name that you want.
5. Click on Add button.
6. In order for the SNMP service to accept and receive SNMP request packets from
any host on the network, including external remote host regardless of identity,
click Accept SNMP packets from any host.
To limit the acceptance of SNMP packets, click Accept SNMP packets from
these hosts, and then click Add, and then type the appropriate host name, IP or
IPX address in the Host name, IP or IPX address box. You can restrict the access
to local host or limited servers only by using this setting. Finish off by clicking
Add button again.
7. Click OK when done. Note that you may need to reboot for the settings to take
effect.

Why Command Line Scripts

Having experience with both commercial and free backup programs, I always find command line scripts to be, by far, the most effective tool for the job. Here are a few reasons why:

• Native Commands: What better way to backup data than by using the functions made available through the program which creates the data. Whether this is the operating system itself via a simple file copy command or a database command to produce a restorable binary file, the source program knows how best to back itself up.
• Ultimate Control: Since a command line script follows a simple step-by-step procedure, you know exactly what is happening and can easily modify the behavior.
• Fast: Since everything is a native command, nothing is subject to interpretation. Again, you are using commands provided by the program itself, so overhead is kept to a minimum.
• Powerful: I have yet to see a backup task which cannot be accomplished through a command line script… and I have done some funky stuff. Albeit, some research and “trial and error” may be required, unless you need something incredibly unique, typically the built in functions and features of the scripting language you are using is more than sufficient.
• Free and Flexible: Obviously, a command line script does not cost anything (outside the time to develop it), so the emphasis I want to make is command line scripts can be copied to and implemented on other systems and quickly adapted with little to no time or cost. Compare this to the cost of purchasing licenses for backup software on several servers and/or desktop machines.

WSUS and SEPM conflict

Guys, i came across this issue today. You will likely see this if you install WSUS and SEPM on the same server using their default settings.

The problem is both WSUS and SEPM create a virtual directory in IIS called content. So if you install them both on the same server whichever one you installed first will stop working correctly. In the issue i saw WSUS clients could no longer download updates.

Easiest thing for me to do was create a new WSUS site on the server running on port 8530 and recreate the WSUS virutal directory structure, then update the WSUS GPO to reflect the new port settings.

How to determine if your computer is 32-Bit or 64-Bit

When downloading a software program, you may be asked whether it's for an operating system that's 32-bit or 64-bit. Most PCs currently are 32-bit machines; their processors can handle 32 bits of data at a time.

Following these steps on a Windows operating system, you can determine whether your computer is 32-bit or 64-bit.

Difficulty: Easy

Time Required: 5 minutes

Here's How:

1. Open the System Information

   Open the Start menu, and click on Programs -> Accessories -> System Tools -> System Information

2. Look in the System Summary

   The System Information tool will display detailed information about your Windows operating system. Once opened it will show the "System Summary" – it’s an overview of your computer and operating system.

3. Look for the System Type Item

   On the right hand side of the window you will see a list of items. Look for the item called "System Type".

   The value of this item will tell you whether your computer is 32-bit or 64-bit:

   • x86-based PC: It’s a 32-bit computer.
   • x64-based PC: It’s a 64-bit computer.