Citrix/RDP Shortcut Keys... The Cheat Sheet

How to Enable or Disable Hotkeys within an ICA file (including Template.ica)


The procedure below allows for the default ICA Client hotkeys to be mapped within Web Interface. If any keys affect your application, alter them to reflect a key that does not conflict with your application. This process alleviates the need to alter each appsrv.ini file on the individual client workstation.


The Citrix Web Client, 6.x versions (985, 986, and 1050), do not have the code to read from the client installed Appsrv.ini or an .ICA file. Download and use the latest ICA client.


1. Using a text editor such as Notepad, locate the Template.ica file, or if using Web Interface 4.x or later, the default.ica file being used for the Web Interface site.


2. Copy the ICA parameters below into the Template.ica or default.ica file. Place this code after the [WFCLIENT] tag:

Mount ISO files in Linux


Use the following command to mount the ISO files in Linux

mount -o loop <ISO_FILE_NAME.ISO>  <MOUNT_POINT>

For Example:

mount -o loop linux-dvd.iso /mnt/linux-dvd/

Now you can goto /mnt/linux-dvd and check.. now you can see the ISO image contents


Securing Access to Printers over the Internet

If you use Internet Printing Protocol (IPP) to share or access your printers over the Internet, keep in mind, print jobs aren’t secure. However you can enable encryption by setting up IIS with a security certificate, so you can access the printer via the https address using SSL.

First you need to create a self-signed cert using IIS:

1. Open the IIS Manager from the Control Panel.
2. Double-click the Server Certificates icon.
3. Click the Create Self-Signed Certificate link on the right.
4. On the dialog box, enter a name, and click OK.

Next you need to create bindings for HTTPS using IIS:

Cron Task


Configuring a Cron Task

The main configuration file for cron, /etc/crontab, contains the following lines:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly


The first four lines are variables used to configure the environment in which the cron tasks are run. The value of the SHELL variable tells the system which shell environment to use (in this example the bash shell), and the PATH variable defines the path used to execute commands. The output of the cron tasks are emailed to the username defined with the MAILTO variable. If the MAILTO variable is defined as an empty string (MAILTO=""), email will not be sent (sendmail on ESX is not installed by default). The HOME variable can be used to set the home directory to use when executing commands or scripts.
Each line in the /etc/crontab file has the format:

Enable Remote Desktop Through a Script

To use copy the code below and paste into a file with a text file with a .vbs extension. This will work for the local machine. Just replace the perion part that is mentioned in this string to another computer name if you

want have it work on one machine - strComputer - "."


Const ENABLE_CONNECTIONS = 1 strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery _ ("Select * from Win32_TerminalServiceSetting") For Each objItem in colItems errResult = objItem.SetAllowTSConnections(ENABLE_CONNECTIONS) Next
By the way if you want to turn off Remote Desktop just change the 1 in this line of code

Const ENABLE_CONNECTIONS = 1 to a 0 (Zero).

Viewing Hidden Mailboxes from ADUC

I didn’t have access to an Exchange server to view them nor did I have access to an admin box that had it installed. All I had was Active Directory Users and Computers. With that I knew that I could queries within AD to see this info. The only hard part was finding out what I need to query for to find hidden mailboxes. After seconds of thinking…okay so more like hours but seemed like days I figured it out. Below are the steps that will find that data for you.

1. Bring up Active Directory Users & Computers.
2. Right-click your domain name at the top, and choose Find.
3. In the Find combo box at the top, select Custom Search.
4. Click the Advanced tab.
5. Paste in the following LDAP query:
(&(objectclass=user)(msExchHideFromAddressLists=TRUE))

Shortcuts for Administrative Tools

Console

Command

AD Domains and Trusts

domain.msc

Active Directory Management

admgmt.msc

AD Sites and Services

dssite.msc

AD Users and Computers

dsa.msc

ADSI Edit

adsiedit.msc

Authorization manager

azman.msc

Certification Authority Management

certsrv.msc

Certificate Templates

certtmpl.msc

Cluster Administrator

cluadmin.exe

Computer Management

compmgmt.msc

Component Services

comexp.msc

Configure Your Server

cys.exe

Device Manager

devmgmt.msc

DHCP Management

dhcpmgmt.msc

Disk Defragmenter

dfrg.msc

Disk Manager

diskmgmt.msc

Distributed File System

dfsgui.msc

DNS Management

dnsmgmt.msc

Event Viewer

eventvwr.msc

Indexing Service Management

ciadv.msc

IP Address Manage

ipaddrmgmt.msc

Licensing Manager

llsmgr.exe

Local Certificates Management

certmgr.msc

Local Group Policy Editor

gpedit.msc

Local Security Settings Manager

secpol.msc

Local Users and Groups Manager

lusrmgr.msc

Network Load balancing

nlbmgr.exe

Performance Monitor

perfmon.msc

PKI Viewer

pkiview.msc

Public Key Management

pkmgmt.msc

QoS Control Management

acssnap.msc

Remote Desktops

tsmmc.msc

Remote Storage Administration

rsadmin.msc

Removable Storage

ntmsmgr.msc

Removable Storage Operator Requests

ntmsoprq.msc

Routing and Remote Access Manager

rrasmgmt.msc

Resultant Set of Policy

rsop.msc

Schema management

schmmgmt.msc

Services Management

services.msc

Shared Folders

fsmgmt.msc

SID Security Migration

sidwalk.msc

Telephony Management

tapimgmt.msc

Terminal Server Configuration

tscc.msc

Terminal Server Licensing

licmgr.exe

Terminal Server Manager

tsadmin.exe

UDDI Services Management

uddi.msc

Windows Management Instrumentation

wmimgmt.msc

WINS Server manager

winsmgmt.msc

Script to Determine Members of a Group

I needed to find a way to list the members of a group. Thankfully I blogged about the first issue in February because that led me to the solution. I'm actually using the same DSGET command but instead of using the user command I'm using the group command.

DSGET GROUP CN=West_Coast_Sales,OU=Sales,OU=GROUPS,DC=adminprep,DC=com -MEMBERS –EXPAND


Output Like this,

"CN=bmiller,OU=Sales,DC=adminprep,DC=com "
"CN=jsmith,OU=Sales,DC=adminprep,DC=com "
"CN=dregan,OU=Sales,DC=adminprep,DC=com "
"CN=lramero,OU=Sales,DC=adminprep,DC=com "
"CN=cpeters,OU=Sales,DC=adminprep,DC=com "
"CN=jhorton,OU=Sales,DC=adminprep,DC=com "

Hopefully this solution works for you too.

How to Display the Groups a User is a Member of

I've been trying to work more and more with scripts and today I'm sharing a simple but useful one. How to display the groups a user account is a member of. To display a user's groups via the command prompt you need to use the dsget command with the -memberof and -expand switches. The -expand command will list all of the groups that you belong to that are nested in other groups.

Below is an example of how this would look:

dsget user "CN=Brian W. McCann,OU=Users,OU=Sales,DC=Adminprep,DC=com" -memberof -expand

The output would look similar to this:
"CN=GG Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com"
"CN=Domain Admins,CN=Users,DC=Adminprep,DC=com"
"CN=Domain Users,CN=Users,DC=Adminprep,DC=com"
"CN=GG Inside Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com"
"CN=GG Outside Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com"
"CN=Administrators,CN=Builtin,DC=Adminprep,DC=com"
"CN=Users,CN=Builtin,DC=Adminprep,DC=com"

Installing Active Directory on Server Core with an Answer File

Active Directory still gets installed by using DCPromo on Server Core, however you will have to use the /unattend: switch. In my case I copied the following sample answer file to the C:\temp directory and then ran the following command to install Active Directory using an answer file - dcpromo /unattend:c:\temp\answer.txt Here is a look at the answer file (don't worry I just made that password up for this demo).

This is the Replica Domain Controller Answer File:
[DCINSTALL]
UserName=administrator
UserDomain=AdminPrep.local
Password=$up3rT0p$3cr3t
SiteName=Default-First-Site-Name
ReplicaOrNewDomain=replica
DatabasePath="%systemroot%\NTDS"
LogPath="%systemroot%\NTDS"
SYSVOLPath="%systemroot%\SYSVOL"
InstallDNS=yes
ReplicaDomainDNSName=AdminPrep.local
ConfirmGC=yes
SafeModeAdminPassword=$up3rT0p$3cr3t
RebootOnCompletion=yes

As I've written this blog I noticed on Microsoft's site that they have a KB that can be of further assistance with doing unattended installs or removals of Active Directory. take a look at KB947034.

DNS Command Reference

Function

DNSCMD option

Example

Comments

Do any dnscmd command on a remote system

dnscmd servername command

dnscmd main.bigfirm.com /zoneprint bigfirm.com

Create a primary zone

dnscmd /zoneadd zonename /primary

dnscmd /zoneadd bigfirm.com /primary

Create a secondary zone

dnscmd /zoneadd zonename /secondary master IP address

dnscmd /zoneadd bigfirm.com /secondary 192.168.1.1

Host a zone on a server based on an existing (perhaps restored) zone file

dnscmd /zoneadd zonename /primary /file filename /load

dnscmd /zoneadd bigfirm.com /primary /file bigfirm.com.dns /load

Delete a zone from a server

dnscmd /zonedelete zonename [/f]

dnscmd /zonedelete bigfirm.com /f

(without the /f, dnscmd asks you if you really want to delete the zone)

Show all of the zones on a DNS server

dnscmd /enumzones

dnscmd /enumzones

Dump (almost) all of the records in a zone

dnscmd /zoneprint zonename

dnscmd /zoneprint bigfirm.com

Doesn't show glue records.

Add an A record to a zone

dnscmd /recordadd zonename hostname A ipaddress

dnscmd /recordadd bigfirm.com mypc A 192.168.1.33

Add an NS record to a zone

dnscmd /recordadd zonename @ NS servername

dnscmd /recordadd bigfirm.com @ dns3.bigfirm.com

Delegate a new child domain, naming its first DNS server

dnscmd /recordadd zonename childname NS dnsservername

dnscmd /recordadd bigfirm.com test NS main.bigfirm.com

This would create the "test.bigfirm.com" DNS child domain unter the bigfirm.com DNS domain

Add an MX record to a zone

dnscmd /recordadd zonename @ MX priority servername

dnscmd /recordadd bigfirm.com @ MX 10 mail.bigfirm.com

Add a PTR record to a reverse lookup zone

dnscmd /recordadd zonename lowIP PTR FQDN

dnscmd /recordadd 1.168.192.in-addr.arpa 3 PTR pc1.bigfirm.com

This is the PTR record for a system with IP address 192.168.1.3

Modify a zone's SOA record

dnscmd /recordadd zonename @ SOA primaryDNSservername responsibleemailipaddress serialnumber refreshinterval retryinterval expireinterval defaultTTL

dnscmd /recordadd bigfirm.com @ SOA winserver.bigfirm.com mark.bigfirm.com 41 1800 60 2592000 7200

Ignores the serial number if it's not greater than the current serial number

Delete a resource record

dnscmd /recorddelete zonename recordinfo [/f]

dnscmd /recorddelete bigfirm.com @ NS main.bigfirm.com /f

Again, "/f" means "don't annoy me with a confirmation request, just do it."

Create a resource record and incorporate a nonstandard TTL

dnscmd /recordadd zonename leftmostpartofrecord TTL restofrecord

dnscmd /recordadd bigfirm.com pc34 3200 A 192.168.1.4

Reload a zone from its zone file in \windows\system32\dns

dnscmd /zonereload zonename

dnscmd /zonereload bigfirm.com

Really only useful on primary DNS servers

Force DNS server to flush DNS data to zone file

dnscmd /zonewriteback zonename

dnscmd /zonewriteback bigfirm.com

Tell a primary whom to allow zone transfers to

dnscmd /zoneresetsecondaries zonename /nonsecure|securens

dnscmd /zoneresetsecondaries bigfirm.com /nonsecure

That example says to allow anyone who asks to get a zone transfer

Enable/disable DNS NOTIFY

dnscmd /zoneresetsecondaries zonename /notify|/nonotify

dnscmd /zoneresetsecondaries bigfirm.com /nonotify

Example disables DNS notification, which is contrary to the default settings.

Tell a secondary DNS server to request any updates from the primary

dnscmd /zonerefresh zonename

dnscmd /zonerefresh bigfirm.com

Enable or disable dynamic DNS on a zone

dnscmd /config zonename /allowupdate 1|0

1 enables, 0 disables, 0 is default

Stop the DNS service

Either net stop dns or sc stop dns

(No dnscmd command for this)

Start the DNS service

Either net start dns or sc start dns

(No dnscmd command for this)

Install the DNS service on a 2008 full install system

servermanagercmd -install dns

Install the DNS service on a 2008 Server Core system

ocsetup DNS-Server-Core-Role

Case matters -- ocsetup dns-server-core-role would fail

Uninstall the DNS service on a 2008 Server full install system

servermanagercmd -remove dns

Uninstall the DNS service on a 2008 Server Core system

ocsetup /uninstall DNS-Server-Core-Role

Server Core Commands

Server Core Common Networking Commands

To configure the IP address we will have to remember (or learn) Netsh.

Configure a Static IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” static 10.1.1.10 255.255.255.0 10.1.1.1
Netsh int ipv4 set dnsserver “Local Area Connection” static 10.1.1.5 primary
Netsh int ipv4 set winsserver “Local Area Connection” static 10.1.1.6 primary

Configure a Dynamic (DHCP) IP Address on Server Core:
Netsh int ipv4 set address “Local Area Connection” source=dhcp

Change the name of the network interface on Server Core:
Netsh int set interface name = “Local Area Connection” newname = “Primary Network”

Server Core Common Windows Firewall Commands:

The Windows Firewall is a blessing to some and a curse to others. Either way it is installed by default and you have to understand the commands that are needed to configure the basics and in some cases some advanced commands.

Disable firewall:
netsh firewall set opmode disable

Server Core can be managed by using MMCs from a remote server. However with the firewall being on by default you will have to allow these tools to work remotely. The first thing to note here is how to translate the MMC Snap-in to Windows Firewall Rule Group.

MMC Snap-in - Event Viewer
Windows Firewall Rule Group - Remote Event Log Management

MMC Snap-in - Services
Windows Firewall Rule Group - Remote Services ManagementMMC Snap-in - Shared Folders
Windows Firewall Rule Group - File and Printer Sharing

MMC Snap-in - Task Scheduler
Windows Firewall Rule Group -
Remote Scheduled Tasks Management

MMC Snap-in - Reliability and Performance
Windows Firewall Rule Group - Performance Logs and Alerts
Windows Firewall Rule Group - File and Printer Sharing

MMC Snap-in - Disk Management
Windows Firewall Rule Group - Remote Volume Management

MMC Snap-in - Windows Firewall with Advanced Security
Windows Firewall Rule Group - Windows Firewall Remote Management

To enable all of these rules follow use this command:
Netsh advfirewall firewall set rule group=“remote administration” new enable=yes

To enable specific commands follow this format:
Netsh advfirewall firewall set rule group=“” new enable=yes

Server Core Common Domain Management Commands

Join a domain:
netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*
Yes, /passwordd:*

needs to have that second d at the end of it.

Remove from domain:
netdom remove

Rename a Domain Member:
netdom renamecomputer %computername% /NewName: /userd: /passwordd:*

Rename Administrator:
wmic UserAccount where Name="Administrator" call Rename Name="new-name"

Add User to a Local Group
net localgroup GroupName /add \

Remove User from a Local Group
net localgroup GroupName /delete \

Confirm Domain and/ New Computer name
Set

Update User Passwords:
Net user [/domain] *

Server Core Common Server Management Commands

Toggle Remote Desktop on and off:
Cscript \windows\system32\scregedit.wsf /ar 0

Enable reduced security for RDP connections:
Cscript \windows\system32\scregedit.wsf /cs 0

Active Server Core:
Local method - Slmgr.vbs –ato
Remote method - Cscript windows\system32\slmgr.vbsServerName UserName password:-ato

Rename a Stand-Alone Member:
netdom renamecomputer /NewName:

List of installed patches:
wmic qfe list

Install Updates:
wusa .msu /quiet

Configure for AutoUpdates:
cscript scregedit.wsf /AU /4

Disable AutoUpdates:
cscript scregedit.wsf /AU /1

View AutoUpdate Setting:
cscript scregedit.wsf /AU /v

Configure the Page File:
wmic pagefileset where name=”” set InitialSize=,MaximumSize=

Configure a Proxy Server: (Server Core cannot use a proxy that requires a proxy)
netsh Winhttp set proxy :

All your favorite TCP/IP commands work including the following:
IPConfig
ARP
Ping
PathPing
TraceRT
Route
NSLookup
NetStat
NBTStat

List Running Services:
sc query

Start and/or Stop a Service:
sc start
sc stop

Task Manager: (Ctrl+Shift+Esc)
taskmgr

Manage Disk Volumes:
Diskpart /?

Defrag a Volume:
defrag /?

Change Time and Time Zone:
control timedate.cpl

Change the Desktop Resolution: (requires you to log off and back on)
Regedit - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video
\0000\DefaultSettings.XResolution
\0000\DefaultSettings.YResolution

Display the Time in the Command Prompt:
prompt [$t]$s$p$g

Log off:
shutdown /l

Restart Now:
shutdown /r /t 0

To get the Roles and Features installed you are going to need to use the ocsetup.exe command. The OC is short for Optional Components. The most important thing to remember about this command is that IT IS CASE SENSITIVE!!! As a best practice you should always use the /w switch with ocsetup.exe as this will hold the Command Prompt from being active (when you can type again) until the setup is complete. Below you will find a list of the commands that are required to install Roles and Features on Server Core.

DNS
start /w ocsetup DNS-Server-Core-Role

DHCP
start /w ocsetup DHCPServerCore

File Services (Server service is installed by default) but there are other role features

File Replication Service
start /w ocsetup FRS-Infrastructure

Distributed File System
start /w ocsetup DFSN-Server

Distributed File System Replication
start /w ocsetup DFSR-Infrastructure-ServerEdition

Services for Network File System (NFS)
start /w ocsetup ServerForNFS-Base
start /w ocsetup ClientForNFS-Base

Hyper V
start /w ocsetup Microsoft-Hyper-V

Print Server feature
start /w ocsetup Printing-ServerCore-Role

Line Printer Daemon (LPD) service
start /w ocsetup Printing-LPDPrintService

Active Directory Lightweight Directory Services
start /w ocsetup DirectoryServices-ADAM-ServerCore

Active Directory Domain Services
dcpromo /unattend:

Streaming Media Services
Follow directions found in Article ID 934518

IIS
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
To uninstall IIS use the following command
start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel

NOTE: If you need to install a Role that you installed with ocsetup all you need to do is to append the commands above with /uninstall.

Now let's take a look at how we install Features on Server Core:

Microsoft Failover Clustering
start /w ocsetup FailoverCluster-Core

Network Load Balancing
start /w ocsetup NetworkLoadBalancingHeadlessServer

Subsystem for UNIX-based applications
start /w ocsetup SUACore

Multipath IO
start /w ocsetup MultipathIo

Removable Storage
start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore

Bitlocker Drive Encryption
start /w ocsetup BitLocker

Backup
start /w ocsetup WindowsServerBackup

Simple Network Management Protocol (SNMP)
start /w ocsetup SNMP-SC

Windows Internet Name Service (WINS)
start /w ocsetup WINS-SC

Telnet client
start /w ocsetup TelnetClient

NOTE: If you need to install a Feature that you installed with ocsetup all you need to do is to append the commands above with /uninstall.

Having the Role or Feature installed doesn't do much without going in and configuring the service. The quick and easy way to manage these Roles and Features is to have either a dedicated Terminal Server have the AdminPak or Remote Server Administrative Tools (RSAT) installed or just install those same tools on XP or Vista.

How to Remove a Failed or Offline DC

I’ve seen this issue come up time and time again. Some administrator decided to remove an old DC from the network but forgot to remove it from Active Directory or the DC has entered a failed state and cannot be recovered from. In a perfect world DCPROMO is all you have to do to remove a DC from the environment. However, if that DC was already shutdown or DCPROMO is giving you problems you will have to remove it the manual way. That method involves using a command called NTDSUTIL. NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.

Below are the steps needed to remove a failed or offline Domain Controller from your environment.
TIP: NTDSUTIL does not require the full command to be entered…you only have to enter enough of the command that is unique. For Example, instead of typing metadata cleanup you could just type met cle…or better yet m c

  1. Open the Command Prompt
  2. Type ntdsutil (all the commands will be entered via this command prompt)
  3. Type metadata cleanup
  4. Type connections
  5. Type connect to server and replace with the name of a functional DC in your environment…even if you are logged in locally. This step is not needed post W2K3 SP1.
  6. Type quit
  7. Type select operations target
  8. Type lists sites
  9. Type select site <#> where <#> is the site where the failed or offline DC resided
  10. Type list servers in site
  11. Type select server <#> where <#> is the DC that is failed or offline
  12. Type list domains
  13. Type select domain <#> where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)
  14. Type quit (this should set you back to the metadata cleanup menu)
  15. Type remove selected server ( a warning message will pop up…verify that this is the correct DC…in fact get a peer to verify it for you too)
  16. Click Yes
  17. Open Active Directory Sites and Services
  18. Expand out the site that the failed or offline DC resided in
  19. Verify the DC cannot be expanded out (no connection objects and such)
  20. Right Click the DC and select Delete
  21. Close Active Directory Sites and Services
  22. Open Active Directory Users and Computers
  23. Expand the Domain Controllers OU
  24. Delete the failed or offline DC from the OU (if it even exists)
  25. Close Active Directory Users and Computers
  26. Open DNS Manager
  27. Expand the zones where this DC was also a DNS server and perform the following steps
  28. Right click the zone and select Properties
  29. Click the Name Servers tab
  30. Remove the failed or offline DC from the Name Servers tab
  31. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked
  32. Verify the zone no longer has a DNS record for the failed or offline DC

You can also find more info located on Microsoft site here and here for removing orphaned domains.