If you are a Mac user like me you only have one source for driver updates. All Mac users have to do is click “Software Update” and Steve Jobs takes care of the rest. For PC users it is a different story, there are multiple vendors, different video cards, different sound cards, tracking down all the right drivers can take time.
The folks at File Extension GZIP can help solve that problem. File Extension GZIP offers a product called Driver Cure that can update all your drivers in one application. No more searching for drivers on multiple web sites. You can rest assured that your computer and all it’s hardware is up to date.
It operates on all versions of windows, including Vista. Right now they are offering a bundle package that allows you to get 5 apps for the price of one. Go to File Extension GZIP and download Driver Cure, it is the next best thing to owning a Mac
Thursday, May 28, 2009
File Extension TIF can help you avoid the problems of driver updates
If you are a Mac user like me you only have one source for driver updates. All Mac users have to do is click “Software Update” and Steve Jobs takes care of the rest. For PC users it is a different story, there are multiple vendors, different video cards, different sound cards, tracking down all the right drivers can take time.
The folks at File Extension GZIP can help solve that problem. File Extension GZIP offers a product called Driver Cure that can update all your drivers in one application. No more searching for drivers on multiple web sites. You can rest assured that your computer and all it’s hardware is up to date.
It operates on all versions of windows, including Vista. Right now they are offering a bundle package that allows you to get 5 apps for the price of one. Go to File Extension GZIP and download Driver Cure, it is the next best thing to owning a Mac
The folks at File Extension GZIP can help solve that problem. File Extension GZIP offers a product called Driver Cure that can update all your drivers in one application. No more searching for drivers on multiple web sites. You can rest assured that your computer and all it’s hardware is up to date.
It operates on all versions of windows, including Vista. Right now they are offering a bundle package that allows you to get 5 apps for the price of one. Go to File Extension GZIP and download Driver Cure, it is the next best thing to owning a Mac
Monday, May 25, 2009
Windows Drivers CD For XP Update (25000 Drivers)
Excellent CD filled with drivers for the PC, contains about 25,000 drivers brands like Dell, HP, Compaq, IBM, Sony, Panasonic, Toshiba, Intel, 3Com, VIA, nVidia, ATI, SoundMax and many others, no longer have to get in the tedious task of searching for the drivers and download Internet, simply insert the CD and is already! When the question mark in yellow in device manager windows, just put the CD in yourdrive and windows sought Driver on the CD.
Features:
25000 Windows Drivers For XP 2008
Just pop the Universal Driver CD in and Windows will automatically search the comprehensive drivers.
This CD, (Iso format) contains software drivers for over 25,000 hardware components from brands such as Dell, HP, Compaq, IBM, Sony, Toshiba, Panasonic, as well as hardware component manufacturers Intel, 3Com, VIA, nVidia, ATI, SoundMax, and many more…
Download:
Windows Drivers CD For XP Update (25000 Drivers)
Excellent CD filled with drivers for the PC, contains about 25,000 drivers brands like Dell, HP, Compaq, IBM, Sony, Panasonic, Toshiba, Intel, 3Com, VIA, nVidia, ATI, SoundMax and many others, no longer have to get in the tedious task of searching for the drivers and download Internet, simply insert the CD and is already! When the question mark in yellow in device manager windows, just put the CD in yourdrive and windows sought Driver on the CD.
Features:
25000 Windows Drivers For XP 2008
Just pop the Universal Driver CD in and Windows will automatically search the comprehensive drivers.
This CD, (Iso format) contains software drivers for over 25,000 hardware components from brands such as Dell, HP, Compaq, IBM, Sony, Toshiba, Panasonic, as well as hardware component manufacturers Intel, 3Com, VIA, nVidia, ATI, SoundMax, and many more…
Download:
Upgrade path to Windows 7 RC from the Windows 7 beta release
Microsoft does not officially support upgrading from Windows 7 beta to RC. As a company, they decided that the market who downloads and installs the bate releases are mostly technical and can reinstall an operating system fairly easily. To this end, no effort was made focusing on the upgrade path.
I blogged about this some time ago and there is an official statement from Microsoft to back this up. As with most aspects in this business, not supported does not mean impossible.
There are two ways to handle installing the Windows 7 RC. The first way is a new install. To retain all of your user settings, you would leverage the User State Migration Tool (USMT) from Microsoft. The second way, which I will focus on, is upgrading from the Beta.
You can upgrade to Windows 7 RC straight from Vista; there is no issue there. What I will demonstrate is how to accomplish this from the Windows 7 Beta release which is not supported by Microsoft.
First, you will want to back up your system. There is the Complete PC Backup utility already loaded in Windows 7 which allows creation of an image or “bare metal” based system backup.
Next, you will want to prepare a USB flash device to boot the Windows 7 media for your install. This is practical from a loading speed standpoint but also necessary. It is necessary because the Windows 7 RC is available as an ISO image, which you cannot re-write to. Copying the install media to a re-writable location allows you to modify the MinClient build number in the \sources\cversion.ini file to some value lower than the down level build (for example, change 7100 to 7000). See Figure A.
Figure B shows the message before modifying the cversion.ini file.
Figure C shows the message after modifying the cversion.ini file.
To create a bootable Window 7 USB stick, follow the instructions in the linked blog with one addition: Note: You need to run the Command Prompt as Administrator when you are making the flash drive bootable or you will receive an Access Denied error.
Understandably, the upgrade process takes much longer than a straight install. This is because of all the settings and data to be migrated. Behold, success!
Figure D
Just to be clear: This process is not supported by Microsoft, but as you can see, it works nicely!
What are your plans for Windows 7?
Upgrade path to Windows 7 RC from the Windows 7 beta release
Microsoft does not officially support upgrading from Windows 7 beta to RC. As a company, they decided that the market who downloads and installs the bate releases are mostly technical and can reinstall an operating system fairly easily. To this end, no effort was made focusing on the upgrade path.
I blogged about this some time ago and there is an official statement from Microsoft to back this up. As with most aspects in this business, not supported does not mean impossible.
There are two ways to handle installing the Windows 7 RC. The first way is a new install. To retain all of your user settings, you would leverage the User State Migration Tool (USMT) from Microsoft. The second way, which I will focus on, is upgrading from the Beta.
You can upgrade to Windows 7 RC straight from Vista; there is no issue there. What I will demonstrate is how to accomplish this from the Windows 7 Beta release which is not supported by Microsoft.
First, you will want to back up your system. There is the Complete PC Backup utility already loaded in Windows 7 which allows creation of an image or “bare metal” based system backup.
Next, you will want to prepare a USB flash device to boot the Windows 7 media for your install. This is practical from a loading speed standpoint but also necessary. It is necessary because the Windows 7 RC is available as an ISO image, which you cannot re-write to. Copying the install media to a re-writable location allows you to modify the MinClient build number in the \sources\cversion.ini file to some value lower than the down level build (for example, change 7100 to 7000). See Figure A.
Figure B shows the message before modifying the cversion.ini file.
Figure C shows the message after modifying the cversion.ini file.
To create a bootable Window 7 USB stick, follow the instructions in the linked blog with one addition: Note: You need to run the Command Prompt as Administrator when you are making the flash drive bootable or you will receive an Access Denied error.
Understandably, the upgrade process takes much longer than a straight install. This is because of all the settings and data to be migrated. Behold, success!
Figure D
Just to be clear: This process is not supported by Microsoft, but as you can see, it works nicely!
What are your plans for Windows 7?
Monday, May 4, 2009
Improve Link Popularity And Increase Alexa Rank In No Time
Hello.
After All Your Time and Effort are You Only Getting 10-50 Visitors To Your Site Each Day?
How Would Your Website Perform With 500 Visitors Per Day?
Well follow this simple one step and get the traffic for all your valuable content you have been writing for so long.
Make A List Of Links As Below and Insert Your Link instead of YOUR LINK HERE from below:
01. TutZone
02. The Silent Majority
03. Tech Mania
04. CssReflex
05. Tweaking Windows
06. Jobs Tips And Employment Guide
07. 3arabax
08. EastWebDesign
09. Affilate Marketing
10. Download Free Flash Animation
11. The Things We Talk About
12. Get Computer Softwarez
13. Clicking Daily
14. Sobari Blogz
15. Baixa Filmes de Graca
16. Epigraflar
17. Right or Left
18. Explore Computer World
19. Green By Diamond
20. ButtonBash
21. haditsshahih
22. belajar bareng yuk!
23. Blog Gado Gado
24. Risefa
25. www.olympia.gr
26. System Admin Tools
Or better get the Copy/Paste Code from
and make a new post on you blog and then make a reply with the posted link here:
This will surely Increase Web Site Traffic and page Rank.
Also Don't forget to promote this article via social networking and telling your friends. It only means better results for yourself and everyone on the list.
Improve Link Popularity And Increase Alexa Rank In No Time
Hello.
After All Your Time and Effort are You Only Getting 10-50 Visitors To Your Site Each Day?
How Would Your Website Perform With 500 Visitors Per Day?
Well follow this simple one step and get the traffic for all your valuable content you have been writing for so long.
Make A List Of Links As Below and Insert Your Link instead of YOUR LINK HERE from below:
01. TutZone
02. The Silent Majority
03. Tech Mania
04. CssReflex
05. Tweaking Windows
06. Jobs Tips And Employment Guide
07. 3arabax
08. EastWebDesign
09. Affilate Marketing
10. Download Free Flash Animation
11. The Things We Talk About
12. Get Computer Softwarez
13. Clicking Daily
14. Sobari Blogz
15. Baixa Filmes de Graca
16. Epigraflar
17. Right or Left
18. Explore Computer World
19. Green By Diamond
20. ButtonBash
21. haditsshahih
22. belajar bareng yuk!
23. Blog Gado Gado
24. Risefa
25. www.olympia.gr
26. System Admin Tools
Or better get the Copy/Paste Code from
and make a new post on you blog and then make a reply with the posted link here:
This will surely Increase Web Site Traffic and page Rank.
Also Don't forget to promote this article via social networking and telling your friends. It only means better results for yourself and everyone on the list.
Thursday, April 23, 2009
File Extension PDF
Driver Detective is awarded software that can help you in order to get solution if you find a touble of your compressed files. Sometimes all video clips in .3gp format that we’ve recorded from our phone cell or a digital camera is full filled the memory. Because of that we need to compress it in one archive. Sometimes we use file extension .rar or File Extension PDF.
Then we have to decompress it again if we need to re-open our .3gp files.
One time, we find a trouble. We do not extract our archive File Extension PDF or .rar format. This is caused by one of some reasons, like caused by viruses or file corruptions. The other problem is something errors in windows registry that causing the windows is getting difficult to detection File Extension PDF. And now, you need a Driver Detection Software.This software could detect and find why the windows have a trouble. And when scan and detect over the windows registry, finally, we could take a conclusion what the problem is. May be windows lost their driver or codec to read File Extension PDF .3gp or other reasons. The one step that you must do is, you should download Driver Detection and scan your computer
File Extension PDF
Driver Detective is awarded software that can help you in order to get solution if you find a touble of your compressed files. Sometimes all video clips in .3gp format that we’ve recorded from our phone cell or a digital camera is full filled the memory. Because of that we need to compress it in one archive. Sometimes we use file extension .rar or File Extension PDF.
Then we have to decompress it again if we need to re-open our .3gp files.
One time, we find a trouble. We do not extract our archive File Extension PDF or .rar format. This is caused by one of some reasons, like caused by viruses or file corruptions. The other problem is something errors in windows registry that causing the windows is getting difficult to detection File Extension PDF. And now, you need a Driver Detection Software.This software could detect and find why the windows have a trouble. And when scan and detect over the windows registry, finally, we could take a conclusion what the problem is. May be windows lost their driver or codec to read File Extension PDF .3gp or other reasons. The one step that you must do is, you should download Driver Detection and scan your computer
file extension JAD
People can do anything with their computer. All of the duty that they get can be solve if they have a computer. You can make a report for your boss and count some number of data by using the computer program. You have to know that when you install a new piece of software without remove the old one can cause an error with your file registration. You need something to repair the file registration system
.
You can use the File Extension JAD to repair your fie system. You have to visit http://www.fileextensionjad.com/ and choose the right file extension for your files depend on the files format. If your file format is JAD, you can get the file extension JAD to solve your registry conflicts with JAD files. There are a lot of File Extension JAD that you can use to repair your files extension problems. You can download the files extension easily from the sites.
If you want to repair your files system, you should open the website and get the File Extension JAD. Choose the file extension based on your need and you can get the files are work properly like before. Registry file extension is the best sites that you can meet to get the right file extension for your files.
.
You can use the File Extension JAD to repair your fie system. You have to visit http://www.fileextensionjad.com/ and choose the right file extension for your files depend on the files format. If your file format is JAD, you can get the file extension JAD to solve your registry conflicts with JAD files. There are a lot of File Extension JAD that you can use to repair your files extension problems. You can download the files extension easily from the sites.
If you want to repair your files system, you should open the website and get the File Extension JAD. Choose the file extension based on your need and you can get the files are work properly like before. Registry file extension is the best sites that you can meet to get the right file extension for your files.
file extension JAD
People can do anything with their computer. All of the duty that they get can be solve if they have a computer. You can make a report for your boss and count some number of data by using the computer program. You have to know that when you install a new piece of software without remove the old one can cause an error with your file registration. You need something to repair the file registration system
.
You can use the File Extension JAD to repair your fie system. You have to visit http://www.fileextensionjad.com/ and choose the right file extension for your files depend on the files format. If your file format is JAD, you can get the file extension JAD to solve your registry conflicts with JAD files. There are a lot of File Extension JAD that you can use to repair your files extension problems. You can download the files extension easily from the sites.
If you want to repair your files system, you should open the website and get the File Extension JAD. Choose the file extension based on your need and you can get the files are work properly like before. Registry file extension is the best sites that you can meet to get the right file extension for your files.
.
You can use the File Extension JAD to repair your fie system. You have to visit http://www.fileextensionjad.com/ and choose the right file extension for your files depend on the files format. If your file format is JAD, you can get the file extension JAD to solve your registry conflicts with JAD files. There are a lot of File Extension JAD that you can use to repair your files extension problems. You can download the files extension easily from the sites.
If you want to repair your files system, you should open the website and get the File Extension JAD. Choose the file extension based on your need and you can get the files are work properly like before. Registry file extension is the best sites that you can meet to get the right file extension for your files.
File Extension CDD
File Extension CDD
There are a lot of errors happened in accordance to the file extensions. You can see that the file extensions are the most important things in the works which involve the computer usage since it is by what a computer can recognize a type of a file format and run the software made based on a certain file extension. When the error case is happened in correlation with the .CDD file extensions, you can rely on the www.fileextensioncdd.com website for some helps.
File Extension CDD is the one place in where you can observe the existed software that would definitely help you dealing with the error of .CDD file extensions. This extension is the one that correlates with the Microsoft Outlook and also has important role in an individual email account someone has.
The software is able to be downloaded straightly from the website and this means that people would get the more easiness in utilizing this website’s service besides the fact that it is designed in such a simple layout. Or you can also try to directly scan your computer online as this website allows you to do so. So why wait then? End the error of this File Extension CDD now by logging on to this website right away.
There are a lot of errors happened in accordance to the file extensions. You can see that the file extensions are the most important things in the works which involve the computer usage since it is by what a computer can recognize a type of a file format and run the software made based on a certain file extension. When the error case is happened in correlation with the .CDD file extensions, you can rely on the www.fileextensioncdd.com website for some helps.
File Extension CDD is the one place in where you can observe the existed software that would definitely help you dealing with the error of .CDD file extensions. This extension is the one that correlates with the Microsoft Outlook and also has important role in an individual email account someone has.
The software is able to be downloaded straightly from the website and this means that people would get the more easiness in utilizing this website’s service besides the fact that it is designed in such a simple layout. Or you can also try to directly scan your computer online as this website allows you to do so. So why wait then? End the error of this File Extension CDD now by logging on to this website right away.
File Extension CDD
File Extension CDD
There are a lot of errors happened in accordance to the file extensions. You can see that the file extensions are the most important things in the works which involve the computer usage since it is by what a computer can recognize a type of a file format and run the software made based on a certain file extension. When the error case is happened in correlation with the .CDD file extensions, you can rely on the www.fileextensioncdd.com website for some helps.
File Extension CDD is the one place in where you can observe the existed software that would definitely help you dealing with the error of .CDD file extensions. This extension is the one that correlates with the Microsoft Outlook and also has important role in an individual email account someone has.
The software is able to be downloaded straightly from the website and this means that people would get the more easiness in utilizing this website’s service besides the fact that it is designed in such a simple layout. Or you can also try to directly scan your computer online as this website allows you to do so. So why wait then? End the error of this File Extension CDD now by logging on to this website right away.
There are a lot of errors happened in accordance to the file extensions. You can see that the file extensions are the most important things in the works which involve the computer usage since it is by what a computer can recognize a type of a file format and run the software made based on a certain file extension. When the error case is happened in correlation with the .CDD file extensions, you can rely on the www.fileextensioncdd.com website for some helps.
File Extension CDD is the one place in where you can observe the existed software that would definitely help you dealing with the error of .CDD file extensions. This extension is the one that correlates with the Microsoft Outlook and also has important role in an individual email account someone has.
The software is able to be downloaded straightly from the website and this means that people would get the more easiness in utilizing this website’s service besides the fact that it is designed in such a simple layout. Or you can also try to directly scan your computer online as this website allows you to do so. So why wait then? End the error of this File Extension CDD now by logging on to this website right away.
Wednesday, April 1, 2009
Enabling Remote Desktop on Windows Server 2008 Core Edition
You’ve installed Windows Server 2008 Core Edition, so now what? For most Windows systems, remote desktop protocol (RDP) is the key mechanism to administer the server. While there are not many things that can be done locally on a Core server, it is still beneficial to have access to a session locally on the system.
Determining how to do this is easy enough from Microsoft KB article 555964, but before we do this, we want to focus on the options involved. RDP connections are available in two modes for Windows Core servers: (1) only allowing other Windows Server 2008 and Windows Vista connections or (2) permitting Windows XP, Windows Server 2003, Windows Server 2008, and Windows Vista connections. The difference is network level authentication (NLA), which Windows Vista and Windows Server 2008 support. NLA performs the authentication through various features of the newer products before starting the Remote Desktop session and passing the display to the client. (For more about NLA and the other components, read this blog post by the TechNet Performance Team.)
Once you decide on a mode, it’s quite easy to implement RDP on a Core system. If you want to use NLA for RDP connections to Windows Vista and Windows Server 2008 systems, enter this command on the Core server:
Cscript %windir%\system32\SCRegEdit.wsf /ar 0To not use NLA and allow connections from all RDP clients, perform the step above and add this line:
Cscript %windir%\system32\SCRegEdit.wsf /cs 0The server will accept RDP connections based on the mode selected. You’re done!
Note: The commands in this tip will also work on the full installations if you want to roll them into a build script.
Enabling Remote Desktop on Windows Server 2008 Core Edition
You’ve installed Windows Server 2008 Core Edition, so now what? For most Windows systems, remote desktop protocol (RDP) is the key mechanism to administer the server. While there are not many things that can be done locally on a Core server, it is still beneficial to have access to a session locally on the system.
Determining how to do this is easy enough from Microsoft KB article 555964, but before we do this, we want to focus on the options involved. RDP connections are available in two modes for Windows Core servers: (1) only allowing other Windows Server 2008 and Windows Vista connections or (2) permitting Windows XP, Windows Server 2003, Windows Server 2008, and Windows Vista connections. The difference is network level authentication (NLA), which Windows Vista and Windows Server 2008 support. NLA performs the authentication through various features of the newer products before starting the Remote Desktop session and passing the display to the client. (For more about NLA and the other components, read this blog post by the TechNet Performance Team.)
Once you decide on a mode, it’s quite easy to implement RDP on a Core system. If you want to use NLA for RDP connections to Windows Vista and Windows Server 2008 systems, enter this command on the Core server:
Cscript %windir%\system32\SCRegEdit.wsf /ar 0To not use NLA and allow connections from all RDP clients, perform the step above and add this line:
Cscript %windir%\system32\SCRegEdit.wsf /cs 0The server will accept RDP connections based on the mode selected. You’re done!
Note: The commands in this tip will also work on the full installations if you want to roll them into a build script.
Monday, March 23, 2009
how to force Group Policy processing remotely
Updating Microsoft Windows Group Policy settings on the local machine is not so hard with a tool such as Gpupdate, but updating these policies on remote domain computers is not possible from within any Microsoft Management Console (MMC) by default or with any Microsoft tool available so far. In this article we will show some tricks, scripts and free tools that makes this task possible – and even easy – for the network administrator.
Introduction
Most administrators know the problem of forcing Group Policy (GP) processing on remote computers. After configuring an important policy of some kind, we would sometimes like GP processing to occur immediately on client computers. The problem is that by default, the so called background processing “only” happens every 90 to 120 minutes (randomized) – if we want to force updates to occur right away we are on our own. Of course there is a reason why policies do not just update every 5 minutes or ‘real-time’. The load on Domain Controllers and the network would simply be too much to handle in most environments. But, if a very important security setting at some point needs to be pushed to a large number of clients “right away”, it’s nice to be prepared for such a situation.
What we basically want, is to make it possible for the administrator (Admin), from a central location (Admin workstation), to update policies on Computer1, Computer2 and/or Computer3 – and the user policies for User A, B and C - whenever the admin finds it necessary. See figure 1.
Figure 1: The scenario
We do have the wonderful Gpupdate tool built in to Microsoft Windows XP and newer – and we had Secedit on Windows 2000 systems - but it is unfortunately so, that unlike the Gpresult command, both Gpupdate and Secedit only handle local updates. Of course, if we have a deployment system set up already, like Microsoft Systems Management Server (SMS), we could use this system to distribute a small script that executes the necessary command for a group of users or computers.
If we do not have such a system on the network, we must try to be creative - because the alternative is to log on to all computers using tools like Remote Assistance, or sending an email to all users, to execute the Gpupdate command... So, let’s try to be creative then.
Issues
Before we get into more detail I just have to mention one common issue people have when trying to implement the methods mentioned in this article.
Firewall trouble:
Like with any other communication that is initiated from the network, packets that try to update policy settings on remote computers' will fail if the remote computers local firewall (like the one built in to Windows operating system from Windows XP Service Pack 2 and up) is not configured to allow such incoming traffic (from a given subnet, IP or whatever). The built in Windows firewall must be configured to allow the incoming traffic we want by using a Group Policy Object (GPO), so ironically, such a policy is the only one we definitely cannot force to firewall-enabled remote computers.
Like with any other communication that is initiated from the network, packets that try to update policy settings on remote computers' will fail if the remote computers local firewall (like the one built in to Windows operating system from Windows XP Service Pack 2 and up) is not configured to allow such incoming traffic (from a given subnet, IP or whatever). The built in Windows firewall must be configured to allow the incoming traffic we want by using a Group Policy Object (GPO), so ironically, such a policy is the only one we definitely cannot force to firewall-enabled remote computers.
The policy settings that need to be enabled for all the mentioned methods in this article, is the following:
Computer Settings | Administrative Templates | Network | Network Connections | Windows Firewall | Domain Profile | “Windows Firewall: Allow remote administration exception”.
Other firewall devices between the central computer and the remote computers must be configured to comply with the above setting (see Help text on the mentioned policy in GPEDIT.MSC for port info etc.).
Administrator rights:
The user that initiates the processes on the remote computers must be a local administrator on those machines – or else it’s simply not going to work as expected.
The user that initiates the processes on the remote computers must be a local administrator on those machines – or else it’s simply not going to work as expected.
After this is taken care of, let’s look at the free methods we have available.
Scripting
Scripts are free and shared heavily among IT professionals on the Internet – this is actually “Open Source” at its best. Microsoft has provided us with some built in opportunities to expand the capabilities of our operating systems (OS) and environments - in this article we will cover how these capabilities can be used in regards to updating GPs remotely.
Gpupdate & Secedit
First of all we should mention Gpupdate and Secedit, without those tools none of this would be possible. The scripts and tools mentioned here all assume that one of the tools exists on the remote client, depending on the OS version. As mentioned above, Secedit was delivered with Windows 2000 and Gpupdate took over from Windows XP and above, it has even survived the trip to Longhorn as it looks right now. In the following scripts I will focus on Gpupdate – we could check for OS version before calling either Gpupdate or Secedit, but that stuff can be added later without much work.
Gpupdate.exe resides in the “%windir%\system32” folder by default, so we don't need an absolute path to its location on the remote workstation. The tool can be called with a number of different switches:
Syntax: Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:] [/Logoff] [/Boot] [/Sync]
In the “do it yourself” HTML Application (HTA) and Windows Management Instrumentations (WMI) scripts we will focus on running Gpupdate without any switches – or with either “/Taget:Computer” (to update only computer related policies) or “/Target:User” (to update only user related policies). The other options could be included with some more work - but would we really use “/Logoff” or “/Boot”? This would mean that users could be logged off if required (software installation, folder redirection etc.) or the computer could even be restarted while the user is working. Is that really what we want? Anyway, we could just as well use tools like Shutdown.exe for that purpose – but my guess is that it’s not going to be popular out there (the users you know).
PsExec
The first method I’ll mention is very easy to implement and requires almost no scripting abilities. Why invent something that has already been invented, right? PsExec is developed by Mark Russinovich, the former owner of Sysinternals which was acquired by Microsoft in July 2006. It is currently available in version 1.73 and can be downloaded from Microsoft Technet here.
PsExec is ‘Heaven’ when talking remote execution, first of all because it does not require any agents installed on the remote computers. You need to specify a computer name and the command that should be executed as switches in a command prompt – that’s basically it! Behind the scenes a service is being installed ‘ad hoc’ remotely and removed again when the command has been executed.
A small tip is to place the PsExec.exe file in the “%windir%” directory, because then we don’t have to specify the complete path to this file when executing it from a command line etc.
To update group policies on the remote computer ‘Computername’ all we have to write is the following command: “PsExec \\Computername Gpupdate”. The user logged on to the remote computer will not see anything happening, but in the background Gpupdate will ‘refresh’ both user and computer policies and apply any missing settings. You would think that PsExec should run with the “-i" switch (interactive) to update the remote users specific user policies, but testing shows that this is not the case.
FLEX COMMAND
Well, the above mentioned method updates policies for a single user/computer only – how about updating an entire Organizational Unit (OU) by using PsExec and Gpupdate together? For that purpose I have created a “demo” script to show some of the possibilities we get with some ‘creative’ scripting. The script is called FLEX COMMAND and can be downloaded here. When opening the HTA file with a text editor like Notepad the code is revealed – no hidden magic or anything.
When FLEX COMMAND is started, it contacts the Active Directory (AD) domain of the computer it is executed on. Therefore it must be executed from a domain member – if not, no OU’s can be found of course.
Select an OU, whether computer objects in sub-OU’s should be handled, and if the tool should only handle machines that are “alive” (answering to WMI requests). The last thing to do is to insert the command line we want to execute on the local machine for each computer object found in the OU selected. The text string “{C}” must be included; this will be replaced by the name of the computer when the script is looping through the computer objects.
Figure 2: FLEX COMMAND in action
Let’s say that the OU “MyComputers” contains only 3 computers: Computer1, Computer2 and Computer3. The command we have typed in, “psexec \\{C} gpupdate”, is then translated into the following 3 commands: “psexec \\computer1 gpupdate”, “psexec \\computer2 gpupdate”, “psexec \\computer3 gpupdate” – all commands will be executed consecutively (if the computers are alive) and remote policies should be updated.
The tool could be modified to get the computers from a file (txt, csv, xls etc.), a database, a specific security group in AD, a manual selection from a list or whatever the need would be. The way the script executes the processes/commands could also be modified, but this demo script is mainly to show the possibilities we have.
The script is freely delivered ‘as-is’ for you to test, use and modify as you please - more info here.
Windows Management Instrumentation (WMI)
Ok, PsExec is nice, but do we have a “do it yourself” method so I can customize the solution to fit my environment? Yes, as a matter of fact we do! WMI is extremely powerful and pretty easy to handle after a few hours of studying. With WMI, a tamed firewall scenario and administrative rights in place, almost anything is possible in a Windows environment – even remote shut down, restart or execution of commands.
I have created another script for demo purposes, called OU GPUPDATE. This HTA script carries some different techniques “under the hood” – it’s actually just a small modification of FLEX COMMAND. First of all it looks up the OU structure in AD (the top dropdown list), it gives the user the option to hit computer objects in sub-OU’s too, to run Gpupdate with “/Target:User” or “/Target:Computer” or without any switches. Only computers that are “alive” (responds to WMI requests) will be hit by default.
Figure 3: Select what to update – user settings, computer settings or both
The script is freely delivered ‘as-is’ for you to test, use and modify as you please. The script can be downloaded here.
Remote scripting
Besides WMI, we have the option to use ‘plain’ remote scripting (VBScript). This must be enabled by setting one value in the HKLM part of the involved computers' registry databases, the script engines must be “remote scripting” enabled, and from that point the rest is pretty straight forward. The procedure is to copy a script file to the remote host (this script should perform Gpupdate as required), and afterwards send a VBScript command that executes the script file remotely.
Jeremy Moskowitz, a Microsoft Group Policy MVP, mentions this procedure briefly in his book “Group Policy, Profiles, and IntelliMirror for Windows 2003, Windows 2000, and Windows XP”, see his website.
RGPREFRESH
RGPREFRESH is a tool developed by Darren Mar-Elia. Darren is a Microsoft Group Policy Most Valuable Professional (MVP), see his website. His tool uses WMI behind the scenes and executes either Secedit or Gpupdate as needed on the remote host, with the command line switches selected by the user. These switches give you the same possibilities as if you were using the tool locally.
Darren's tool handles one machine at the time, but combined with a tool like FLEX COMMAND (as “wrapper”) the tool can hit an entire OU of a computer with a few clicks… Both RGPREFRESH and PsExec could also be combined with DSQUERY, FOR and other command line utilities to execute on more than one host at the time.
Figure 4: The RGPREFRESH options
The tool can be downloaded for free from this webpage.
Specops Gpupdate
Special Operations Software, Specops, is an international software vendor, offering management products enhancing Active Directory and Group Policy based technology. The company has released their own remote policy updating solution, and the best part is that it is completely free to use. The current version of Specops Gpupdate is 1.0.2.13 (2006-10-25) and the utility can be downloaded here. This tool not only brings the functionality we have developed in the above scripts, but also adds some more management features. Let’s take a look at this nice utility…
Installing Specops Gpupdate
Installing the MSI application is very easy; all it requires is the Active Directory Users & Computers (ADUC) MMC and the Microsoft .NET Framework version 2.0.
Figure 5: The install process is as simple as most MSI package installations (next, next, next)
After installing the MSI file nothing is changed in the GUI, only “Add/Remove Programs” tell us that Specops is installed. So we have to perform an additional task for the magic to appear…
Active Directory User & Computers extended
The first time Specops Gpupdate is installed in the AD Forest, a special command must be run:
“%CommonProgramFiles%\Specopssoft\Specops ADUC Extension\SpecopsAducMenuExtensionInstaller.exe” /add
This is not a schema update, even though you must be Enterprise Admin to run this. This update is completely reversible, just run it again with the “/remove” switch instead. What it does is to register so called “Display Specifiers” to extend the view from within ADUC.
When right clicking an OU or a computer object, four new options are added: Gpupdate, Restart, Shut down and Start. It’s possible to make a selection of multiple computers and OU’s by holding down [Ctrl] while left clicking the wanted objects.
Figure 6: ADUC MMC extended
If you are wondering, as I did, if the changes also apply to non-DC’s (or management computers ), the answer is: Yes! After installing the Windows Server 2003 Admin Pack Service Pack 1 Administration Tools Pack on a Windows XP Professional client, the .NET Framework 2.0 and Specops Gpupdate, the management console looked just as nice as on the DC and had the same features available.
The Gpupdate option
The first option we have is to perform a Gpupdate command remotely on the selected computers. After choosing Gpupdate we must confirm the selection, see figure 7, and select if we want to use the force option.
Figure 7
After clicking OK a dynamic graph is presented, see figure 8, and a status report on how the update went.
Figure 8
The Restart and Shutdown option
The next two options, ‘Restart’ and ‘Shutdown’ are both “nice to have” management features, right where we need them, in ADUC. We can force the restart or shutdown, specify the number of seconds the user will have to close any open applications and send the user a customized message. Scripting this is not that hard to do using WMI or sending Shutdown.exe with the proper switches – but with Specops Gpupdate we get this functionality for free, no additional work to be done.
Figure 9: The confirm restart dialog
The Start option
The last of the four options, called ‘Start’, is actually Wake on LAN (WOL) functionality built-in to ADUC. When selecting and confirming this, see figure 10, so called Magic packets are sent against the clients MAC address to make them boot. WOL must be supported by the BIOS of computers of course. Specops Gpupdate communicates with Microsoft DHCP servers in the enterprise to find the info needed to perform this process, so it’s only possible to wake DHCP clients and only in network environments with Microsoft DHCP servers deployed.
Figure 10: Confirm starting remote WOL enabled computers
By the way, scripting WOL is actually possible too, but showing how to do this is far beyond the scope of this article.
Thanks:
Jakob H. Heidelberg is an MVP: Enterprise Security, MCSA/MCSE: Security/Messaging, MCDST, MCTS, MCITP, MCT, CCNA, and a Certified Ethical Hacker, that works as a System Consultant for Interprise Consulting A/S, a Microsoft Gold Partner based in Denmark. Jakob is engaged as a writer at the largest Microsoft online community for Danish IT pros, it-experts.dk. He also writes on his own blog, and likes to catch up on as much new stuff as possible within the Microsoft world, but currently specializes in messaging, monitoring and security issues
how to force Group Policy processing remotely
Updating Microsoft Windows Group Policy settings on the local machine is not so hard with a tool such as Gpupdate, but updating these policies on remote domain computers is not possible from within any Microsoft Management Console (MMC) by default or with any Microsoft tool available so far. In this article we will show some tricks, scripts and free tools that makes this task possible – and even easy – for the network administrator.
Introduction
Most administrators know the problem of forcing Group Policy (GP) processing on remote computers. After configuring an important policy of some kind, we would sometimes like GP processing to occur immediately on client computers. The problem is that by default, the so called background processing “only” happens every 90 to 120 minutes (randomized) – if we want to force updates to occur right away we are on our own. Of course there is a reason why policies do not just update every 5 minutes or ‘real-time’. The load on Domain Controllers and the network would simply be too much to handle in most environments. But, if a very important security setting at some point needs to be pushed to a large number of clients “right away”, it’s nice to be prepared for such a situation.
What we basically want, is to make it possible for the administrator (Admin), from a central location (Admin workstation), to update policies on Computer1, Computer2 and/or Computer3 – and the user policies for User A, B and C - whenever the admin finds it necessary. See figure 1.
Figure 1: The scenario
We do have the wonderful Gpupdate tool built in to Microsoft Windows XP and newer – and we had Secedit on Windows 2000 systems - but it is unfortunately so, that unlike the Gpresult command, both Gpupdate and Secedit only handle local updates. Of course, if we have a deployment system set up already, like Microsoft Systems Management Server (SMS), we could use this system to distribute a small script that executes the necessary command for a group of users or computers.
If we do not have such a system on the network, we must try to be creative - because the alternative is to log on to all computers using tools like Remote Assistance, or sending an email to all users, to execute the Gpupdate command... So, let’s try to be creative then.
Issues
Before we get into more detail I just have to mention one common issue people have when trying to implement the methods mentioned in this article.
Firewall trouble:
Like with any other communication that is initiated from the network, packets that try to update policy settings on remote computers' will fail if the remote computers local firewall (like the one built in to Windows operating system from Windows XP Service Pack 2 and up) is not configured to allow such incoming traffic (from a given subnet, IP or whatever). The built in Windows firewall must be configured to allow the incoming traffic we want by using a Group Policy Object (GPO), so ironically, such a policy is the only one we definitely cannot force to firewall-enabled remote computers.
Like with any other communication that is initiated from the network, packets that try to update policy settings on remote computers' will fail if the remote computers local firewall (like the one built in to Windows operating system from Windows XP Service Pack 2 and up) is not configured to allow such incoming traffic (from a given subnet, IP or whatever). The built in Windows firewall must be configured to allow the incoming traffic we want by using a Group Policy Object (GPO), so ironically, such a policy is the only one we definitely cannot force to firewall-enabled remote computers.
The policy settings that need to be enabled for all the mentioned methods in this article, is the following:
Computer Settings | Administrative Templates | Network | Network Connections | Windows Firewall | Domain Profile | “Windows Firewall: Allow remote administration exception”.
Other firewall devices between the central computer and the remote computers must be configured to comply with the above setting (see Help text on the mentioned policy in GPEDIT.MSC for port info etc.).
Administrator rights:
The user that initiates the processes on the remote computers must be a local administrator on those machines – or else it’s simply not going to work as expected.
The user that initiates the processes on the remote computers must be a local administrator on those machines – or else it’s simply not going to work as expected.
After this is taken care of, let’s look at the free methods we have available.
Scripting
Scripts are free and shared heavily among IT professionals on the Internet – this is actually “Open Source” at its best. Microsoft has provided us with some built in opportunities to expand the capabilities of our operating systems (OS) and environments - in this article we will cover how these capabilities can be used in regards to updating GPs remotely.
Gpupdate & Secedit
First of all we should mention Gpupdate and Secedit, without those tools none of this would be possible. The scripts and tools mentioned here all assume that one of the tools exists on the remote client, depending on the OS version. As mentioned above, Secedit was delivered with Windows 2000 and Gpupdate took over from Windows XP and above, it has even survived the trip to Longhorn as it looks right now. In the following scripts I will focus on Gpupdate – we could check for OS version before calling either Gpupdate or Secedit, but that stuff can be added later without much work.
Gpupdate.exe resides in the “%windir%\system32” folder by default, so we don't need an absolute path to its location on the remote workstation. The tool can be called with a number of different switches:
Syntax: Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:] [/Logoff] [/Boot] [/Sync]
In the “do it yourself” HTML Application (HTA) and Windows Management Instrumentations (WMI) scripts we will focus on running Gpupdate without any switches – or with either “/Taget:Computer” (to update only computer related policies) or “/Target:User” (to update only user related policies). The other options could be included with some more work - but would we really use “/Logoff” or “/Boot”? This would mean that users could be logged off if required (software installation, folder redirection etc.) or the computer could even be restarted while the user is working. Is that really what we want? Anyway, we could just as well use tools like Shutdown.exe for that purpose – but my guess is that it’s not going to be popular out there (the users you know).
PsExec
The first method I’ll mention is very easy to implement and requires almost no scripting abilities. Why invent something that has already been invented, right? PsExec is developed by Mark Russinovich, the former owner of Sysinternals which was acquired by Microsoft in July 2006. It is currently available in version 1.73 and can be downloaded from Microsoft Technet here.
PsExec is ‘Heaven’ when talking remote execution, first of all because it does not require any agents installed on the remote computers. You need to specify a computer name and the command that should be executed as switches in a command prompt – that’s basically it! Behind the scenes a service is being installed ‘ad hoc’ remotely and removed again when the command has been executed.
A small tip is to place the PsExec.exe file in the “%windir%” directory, because then we don’t have to specify the complete path to this file when executing it from a command line etc.
To update group policies on the remote computer ‘Computername’ all we have to write is the following command: “PsExec \\Computername Gpupdate”. The user logged on to the remote computer will not see anything happening, but in the background Gpupdate will ‘refresh’ both user and computer policies and apply any missing settings. You would think that PsExec should run with the “-i" switch (interactive) to update the remote users specific user policies, but testing shows that this is not the case.
FLEX COMMAND
Well, the above mentioned method updates policies for a single user/computer only – how about updating an entire Organizational Unit (OU) by using PsExec and Gpupdate together? For that purpose I have created a “demo” script to show some of the possibilities we get with some ‘creative’ scripting. The script is called FLEX COMMAND and can be downloaded here. When opening the HTA file with a text editor like Notepad the code is revealed – no hidden magic or anything.
When FLEX COMMAND is started, it contacts the Active Directory (AD) domain of the computer it is executed on. Therefore it must be executed from a domain member – if not, no OU’s can be found of course.
Select an OU, whether computer objects in sub-OU’s should be handled, and if the tool should only handle machines that are “alive” (answering to WMI requests). The last thing to do is to insert the command line we want to execute on the local machine for each computer object found in the OU selected. The text string “{C}” must be included; this will be replaced by the name of the computer when the script is looping through the computer objects.
Figure 2: FLEX COMMAND in action
Let’s say that the OU “MyComputers” contains only 3 computers: Computer1, Computer2 and Computer3. The command we have typed in, “psexec \\{C} gpupdate”, is then translated into the following 3 commands: “psexec \\computer1 gpupdate”, “psexec \\computer2 gpupdate”, “psexec \\computer3 gpupdate” – all commands will be executed consecutively (if the computers are alive) and remote policies should be updated.
The tool could be modified to get the computers from a file (txt, csv, xls etc.), a database, a specific security group in AD, a manual selection from a list or whatever the need would be. The way the script executes the processes/commands could also be modified, but this demo script is mainly to show the possibilities we have.
The script is freely delivered ‘as-is’ for you to test, use and modify as you please - more info here.
Windows Management Instrumentation (WMI)
Ok, PsExec is nice, but do we have a “do it yourself” method so I can customize the solution to fit my environment? Yes, as a matter of fact we do! WMI is extremely powerful and pretty easy to handle after a few hours of studying. With WMI, a tamed firewall scenario and administrative rights in place, almost anything is possible in a Windows environment – even remote shut down, restart or execution of commands.
I have created another script for demo purposes, called OU GPUPDATE. This HTA script carries some different techniques “under the hood” – it’s actually just a small modification of FLEX COMMAND. First of all it looks up the OU structure in AD (the top dropdown list), it gives the user the option to hit computer objects in sub-OU’s too, to run Gpupdate with “/Target:User” or “/Target:Computer” or without any switches. Only computers that are “alive” (responds to WMI requests) will be hit by default.
Figure 3: Select what to update – user settings, computer settings or both
The script is freely delivered ‘as-is’ for you to test, use and modify as you please. The script can be downloaded here.
Remote scripting
Besides WMI, we have the option to use ‘plain’ remote scripting (VBScript). This must be enabled by setting one value in the HKLM part of the involved computers' registry databases, the script engines must be “remote scripting” enabled, and from that point the rest is pretty straight forward. The procedure is to copy a script file to the remote host (this script should perform Gpupdate as required), and afterwards send a VBScript command that executes the script file remotely.
Jeremy Moskowitz, a Microsoft Group Policy MVP, mentions this procedure briefly in his book “Group Policy, Profiles, and IntelliMirror for Windows 2003, Windows 2000, and Windows XP”, see his website.
RGPREFRESH
RGPREFRESH is a tool developed by Darren Mar-Elia. Darren is a Microsoft Group Policy Most Valuable Professional (MVP), see his website. His tool uses WMI behind the scenes and executes either Secedit or Gpupdate as needed on the remote host, with the command line switches selected by the user. These switches give you the same possibilities as if you were using the tool locally.
Darren's tool handles one machine at the time, but combined with a tool like FLEX COMMAND (as “wrapper”) the tool can hit an entire OU of a computer with a few clicks… Both RGPREFRESH and PsExec could also be combined with DSQUERY, FOR and other command line utilities to execute on more than one host at the time.
Figure 4: The RGPREFRESH options
The tool can be downloaded for free from this webpage.
Specops Gpupdate
Special Operations Software, Specops, is an international software vendor, offering management products enhancing Active Directory and Group Policy based technology. The company has released their own remote policy updating solution, and the best part is that it is completely free to use. The current version of Specops Gpupdate is 1.0.2.13 (2006-10-25) and the utility can be downloaded here. This tool not only brings the functionality we have developed in the above scripts, but also adds some more management features. Let’s take a look at this nice utility…
Installing Specops Gpupdate
Installing the MSI application is very easy; all it requires is the Active Directory Users & Computers (ADUC) MMC and the Microsoft .NET Framework version 2.0.
Figure 5: The install process is as simple as most MSI package installations (next, next, next)
After installing the MSI file nothing is changed in the GUI, only “Add/Remove Programs” tell us that Specops is installed. So we have to perform an additional task for the magic to appear…
Active Directory User & Computers extended
The first time Specops Gpupdate is installed in the AD Forest, a special command must be run:
“%CommonProgramFiles%\Specopssoft\Specops ADUC Extension\SpecopsAducMenuExtensionInstaller.exe” /add
This is not a schema update, even though you must be Enterprise Admin to run this. This update is completely reversible, just run it again with the “/remove” switch instead. What it does is to register so called “Display Specifiers” to extend the view from within ADUC.
When right clicking an OU or a computer object, four new options are added: Gpupdate, Restart, Shut down and Start. It’s possible to make a selection of multiple computers and OU’s by holding down [Ctrl] while left clicking the wanted objects.
Figure 6: ADUC MMC extended
If you are wondering, as I did, if the changes also apply to non-DC’s (or management computers ), the answer is: Yes! After installing the Windows Server 2003 Admin Pack Service Pack 1 Administration Tools Pack on a Windows XP Professional client, the .NET Framework 2.0 and Specops Gpupdate, the management console looked just as nice as on the DC and had the same features available.
The Gpupdate option
The first option we have is to perform a Gpupdate command remotely on the selected computers. After choosing Gpupdate we must confirm the selection, see figure 7, and select if we want to use the force option.
Figure 7
After clicking OK a dynamic graph is presented, see figure 8, and a status report on how the update went.
Figure 8
The Restart and Shutdown option
The next two options, ‘Restart’ and ‘Shutdown’ are both “nice to have” management features, right where we need them, in ADUC. We can force the restart or shutdown, specify the number of seconds the user will have to close any open applications and send the user a customized message. Scripting this is not that hard to do using WMI or sending Shutdown.exe with the proper switches – but with Specops Gpupdate we get this functionality for free, no additional work to be done.
Figure 9: The confirm restart dialog
The Start option
The last of the four options, called ‘Start’, is actually Wake on LAN (WOL) functionality built-in to ADUC. When selecting and confirming this, see figure 10, so called Magic packets are sent against the clients MAC address to make them boot. WOL must be supported by the BIOS of computers of course. Specops Gpupdate communicates with Microsoft DHCP servers in the enterprise to find the info needed to perform this process, so it’s only possible to wake DHCP clients and only in network environments with Microsoft DHCP servers deployed.
Figure 10: Confirm starting remote WOL enabled computers
By the way, scripting WOL is actually possible too, but showing how to do this is far beyond the scope of this article.
Thanks:
Jakob H. Heidelberg is an MVP: Enterprise Security, MCSA/MCSE: Security/Messaging, MCDST, MCTS, MCITP, MCT, CCNA, and a Certified Ethical Hacker, that works as a System Consultant for Interprise Consulting A/S, a Microsoft Gold Partner based in Denmark. Jakob is engaged as a writer at the largest Microsoft online community for Danish IT pros, it-experts.dk. He also writes on his own blog, and likes to catch up on as much new stuff as possible within the Microsoft world, but currently specializes in messaging, monitoring and security issues
Subscribe to:
Posts (Atom)