"Obscurum per Obscurius"

As a Microsoft employee I have been using Windows 7 since the early internal betas.  I have been impressed with the operating system (OS) since day one and it has improved with each iteration leading up to release.  There are some nice, obvious user interface changes that have been made.  Many of them are obvious, while others, not so much.  The problem is, it is easy to load up a new OS and just keep using it like you did the old one.  Same menu clicks and shortcut keys.  In my role as a Windows Platform Engineer I sometimes get caught up in all the technical benefits/improvements in a new OS without really digging into all the new features.  I used Windows Vista for years and did not become aware of several new features (e.g. calendar publishing/subscriptions, Windows Meeting Space) until I was studying for a certification exam.

To get the most out of Windows 7 head over to Tim Sneath's blog and review "The Bumper List of Windows 7 Secrets".  Bookmark it.  I have been back to this site 4-5 times.  Block out 30 minutes and try each of new features.  I guarantee you will find some you did not know about that you will end up using everyday (e.g. Windows Key +P).  Here is a list of my favorites by number (you will need to visit Tim's post for the details).  Leave me a comment and let me know if you found Tim's blog as useful as I did and the number of your favorite. 

• #5 - I have been installing CmdPromptHere.inf on my computers since NT4
• #11 - I can have it my way.  Love the WIN+ shortcut ability.
• #12 - Worked like a champ!  BTW - My Windows 7 Netbook (2G ram, 250G HD) is my "goto" computer for email and browsing. 
• #18/19 - These two inspired this post.
• #28 - Best feature for me?  1400+ synchronized Favorites on three computers and also synced/stored in the "cloud" in my free 25G of space on Live.com.  Welcome to Windows Live
• #30 - Look for a future post with more details on this one after I have a chance to test it out.

More information can be found at this link - http://windowslivewire.spaces.live.com/Blog/cns!2F7EB29B42641D59!42814.entry 

Synchronized Favorites are a great feature and I have over 1400 synced between three computers.  Like the article listed above say "Sync has been disabled temporarily to prevent any further issues".  The unfortunate side-effect for most people (including me!) was the removal of some or all of your existing shortcuts from the local computer.  I have to admit I panicked when I noticed they were missing.  The good news is your Favorites are still available on your SkyDrive share in your Favorites folder.  Here are some steps you can use to "reload" the shortcuts on your computer manually until the sync is fixed.

1. Visit http://skydrive.live.com and click On the Favorites folder.
2. Click the "Download as a .zip file " link on the SkyDrive menu and save the file (Favorites.zip) in a local folder.
3. Open Windows Explorer and navigate to C:\Users\your-name-here\Favorites.
4. If there is anything left in the folder move it to another location for safe-keeping.  The Favorites folder should be empty now.
5. Open/Extract the Favorites.zip file from step 2 and place the contents into the Favorites folder in step 3 above.  

The procedure above should restore all you Favorites to the Favorites menu in IE.  Now we need to solve one more problem.  If you had shortcuts stored on your Links bar in the browser they may still be missing.  For whatever reason the "Links" folder (which corresponds to the Links menu bar inside the browser has been renamed to "Favorites Bar"  Look inside your Favorites folder from step 3 above.  If you have two "Favorites Bar" folders look inside each one.  If one is empty and the other has content rename the one with content "Favorites Bar - old".  Copy the contents of "Favorites Bar -old" to the "Favorites Bar" folder, restart the browser and your shortcuts on the menu bar within IE should be there.

Hope this helps.

Microsoft Security Essentials released yesterday.  Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology.  Those of you who have been paying to use OneCare can now get a free subscription to Security Essentials

I have been using the beta on my daughters laptop for a while and it has stopped several malware attacks. 

Download a free copy here:
http://www.microsoft.com/SECURITY_ESSENTIALS/

Windows 7 officially goes on sale October 22, 2009.  Many people installed the beta and RC versions of the operating system and have been very pleased.  I too installed the early betas and eventually the RC code.  I have been pleasantly surprised with all the builds.  The OS is fast and responsive and the new user interface features really improve my productivity.  I am running the RTM code on my laptop and a Gateway Netbook (http://www.gateway.com/systems/product/529668268.php ) and they both run great. 

If you haven't dome so already checkout these videos of the new features:

What's New in Windows 7 - Videos
http://www.microsoft.com/windows/windows-7/features/videos.aspx

For those of you who work in IT check out this article from TechNet Magazine written by Bill Boswell.

The 10 Things to Do First for Windows 7
http://technet.microsoft.com/en-us/magazine/ee518862.aspx

A few months back one of my customers was trying use RDP to connect to a large number of desktop computers to manually install some security updates.  If the computer was being  used the admin had to wait until the person using the computer logged out and find another computer.  Unfortunately there was no easy way to tell if a person is logged in until you start a remote desktop session, enter your credentials and try to connect.  If someone is logged on locally you will be prompted to log them off or disconnect.  It was taking quite a while to find unused computers to work on.  

I created the script below to check a computer and see if anyone is logged into it before trying to connect via RDP.  The script uses WMI to connect to the remote computer and is much faster than trying to connect each time.

Copy the code below and paste into Notepad.  Save as LOGON_STATUS.VBS.  The script must be run with Administrator credentials to connect to the remote computers.  The script runs a loop and will stay running until you click the CANCEL button to exit the script.

'<<<<<<<BEGIN SCRIPT>>>>>>>>>  

'**********************************************
'  SCRIPT: LOGON_STATUS.VBS
'  AUTHOR:
'  DATE: 07/22/08
'  VERSION: 1.2
' PURPOSE: Used to determine if a user is logged into a remote computer
'                    Run script as an administrator
'   USAGE:
'         
' REVISION: 00/00/00 - change
'    08/12/08 - added loop logic and QUIT logic
'    11/23/09 - Improved error handling
'**********************************************
ON ERROR RESUME NEXT

DO WHILE UCASE(strComputer) <> "QUIT"

strCOmputer= InputBox("Enter Remote Computer Name.  Click CANCEL to exit script","Computer Name")

   Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

 'wscript.echo err.number 'DEBUG

 IF ERR.NUMBER = -2147217375 THEN
   'wscript.echo "quit"'DEBUG
   WSCRIPT.QUIT

 END IF

 IF err.number = 462 THEN
     Wscript.echo "Could Not Contact Computer"
 END IF

 IF err.number = 70 THEN
     Wscript.echo "There was a problem accessing WMI on remote computer"
 END IF
 
 IF ERR.NUMBER = 0 THEN
     Set colComputer = objWMIService.ExecQuery _
    ("Select * from Win32_ComputerSystem")
 
       For Each objComputer in colComputer
          Wscript.Echo "Logged-on user: " & objComputer.UserName
       Next
   ELSE
    Wscript.echo "Error Code Returned from remote computer is: " & err.number
 END IF

err.clear

LOOP

'<<<<<<< END SCRIPT>>>>>>>>>

I was traveling last week and found myself without Internet connectivity in my hotel room.  If there is one thing a field engineer needs why traveling is Internet connectivity.  This is the second time I have stayed at a Courtyard Marriott and had no internet.  Both hotels use iBahn boxes that plug into a telephone jack and have an ethernet port on the front.  Try as  I might I was unable to get an IP address issued to my wired adapter.  After jumping through all the hoops (restart computer, check adapter config etc.) the technical support representative put me through I finally asked for my case to be escalated.  When a senior person got on the phone he asked if if I had a Broadcom network adapter in my laptop.  When I answered yes he explained that Broadcom adapters are not compatible with the iBahn adapter and that was the reason I could not be issued an IP address. Great!  One of the most widespread network adapters in the industry would not work at one of the largest hotel chains in the world.  A frustration "perfect storm".   I now had two choices;  switch hotels (did that last time) or find another solution.

 I tethered the cell phone, connected to the Internet and searched for information on USB Ethernet adapters.  I ran down to the local Office Depot and picked up a Cisco(aka Linksys) USB Ethernet adapter.  I plugged the device in, loaded drivers and I was back in business.  If you travel you might want to pick up one of these just in case...

 http://www.linksysbycisco.com/US/en/products/USB300M

The Windows 7 Release Candidate is available for download "free" (see previous post).  In Microsoft terms, Release Candidate (RC) code is code that we think is ready for release to our customers but we are still doing some final test and evaluation before the official release.  Installing RC code is a good way to become familiar with a product before it is released (RTM or Release to Manufacturing).  RC code is usually very stable and feature complete.

I recommend you give it a try.  I have been running Vista since the earliest internal betas and had no issues with the product.  My coworkers kept ranting and raving about the new build so I took the plunge last week and performed an in-place upgrade.  WOW!  There is a noticeable difference in the day to day performance of my laptop plus a number of cool new features. 

More information can be found here.

I saw this post on the Genuine Windows Blog site today Pirated Windows 7 RC builds a botnet.  So let me understand this.  Instead of getting the software for free from Microsoft, people prefer to get it from some stranger(s) over the Internet for free. 

<SOAPBOX>It always amazes me how many people troll the Internet looking for "free" stuff.  Free music, free movies, free pirated software.  No one ever stops to wonder why it's free.  I know people that spend an inordinate amount of time downloading movies from the Internet.  Then they jump through a bunch of hoops burning or converting the movies so they can use them.  Maybe I'm getting lazy but most DVDs cost less than $20 so it seems like a lot or work (and risk) to me for a movie.  Search for "malware bit torrent" in your favorite search engine and you can see what I am talking about.  In my experience there is no such thing as free.  You will end up paying with your time and time is not free... </SOAPBOX> 

Sites that distribute software like MSDN and TechNet make it possible to download ISO images of CDROMs and DVDs.  An ISO image allows you to burn an exact duplicate of a piece of media.  One of the challenges we all face from time to time is corrupt media.  There is nothing worse than burning an image to media, starting an install, and getting the "cannot read file" message half way through an install. ARRGH!  

I was trying to burn an image of Visio 2007 to CDROM recently and experienced this same problem on four disks in a row.  Each one would burn successfully but the application install would fail.  I downloaded the latest version of my burning software and tried again- FAIL.  I tried burning at a slower speed - FAIL.  I tried burning at an even slower speed (hello 1999) - FAIL.  There has got to be a better way... 

You can test the integrity of burned media by checking the CRC value of the media after it has been burned (and before you start installing).  A CRC is cyclic redundancy check and is simply a hash of the file and can help you determine if the file has changed during download or burning.  There are utilities available that can check the CRC value of a file or media.  I used CRC305.exe available on the MSDN Subscriber Downloads site.  The tool could not be easier to use.  The syntax looks like this:

    CRC305.exe { filename | x: } [options]

    CRC305 image name.iso to check a file.

    CRC305.EXE E: to check the media in a drive.

After it runs it will display the computer CRC value (e.g. E8A1C394) of the file or media.

The Windows resource kit contains two tools for burning ISO images to media; CDBURN and DVDBURN.  These are utilities are gems.  Easy to use and fast.   They burn faster than the commercial software I have been using and they have worked flawlessly every single time.  No more "coasters".  The syntax is pretty straight forward:

    DVDBURN - Usage: dvdburn <drive> <image> [/Erase]

    CDBURN - Usage: cdburn <drive> image [options]

My new burning process works like this:

1. Download the ISO file and check the CRC with CRC305 and compare to download documentation.
2. Burn ISO to media and check CRC with CRC305 and compare to values above.  Should match exactly.

The whole process takes less time than using GUI based burning software and works every time. I will probably wrap these two steps into a batch file in a few days to automate the whole process so stay tuned...

This error appeared on one of my Hyper-V servers this morning.  A search of TechNet revealed that KB967902 has an update that can be downloaded to correct the issue.  The issue occurs because the because the Hyper-V Virtual Machine Management service (VMMS) certificate has expired. There is a blog entry here that explains how to correct the issue by renewing the certificate manually. 

In the last couple of weeks I have been working with customers on GPO implementations.  One of the first things I show them are the Excel spreadsheets that contain all the settings in a search able format.  These spreadsheets are useful when you don't know the name of the setting but know the item you are trying to control.  The files contain the name of the policy setting name, scope, policy path, Registry information, requirements and explanatory text for every GPO setting.  Anyone who is working on GPO administration should have a copy of thee files.

Let's say you are trying to control the recycle bin behavior on your Vista computers but you don't know what policies are available.  Open the "GPO_WindowsServer2008andWindowsVistaSP1GroupPolicySettings.xls" file (see below), select the "Administrative Templates" tab, hit CTRL+HOME to go to cell A1 then hit CTRL+F to open the find dialog and enter the word recycle and press enter.  Each new line contains a different setting.  You can also use this method if you have a registry key that needs to be set and you are trying find out which policy setting you can use.

For additional information on managing configuration using Group Policy spend some times with the links below.  If you are new to Group Policy, start with the Group Policy Documentation Survival Guide.

RESOURCES

The Basics 

Group Policy Settings Reference for Windows Server
http://www.microsoft.com/downloads/details.aspx?FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fb&displaylang=en

Group Policy Settings Reference (2003 & XP)
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7821c32f-da15-438d-8e48-45915cd2bc14

Group Policy Management Console with Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Group Policy ADM Files
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b

Group Policy Documentation Survival Guide
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=66643d52-bd3d-4b10-972c-316eca5dbedf

Vista/Server 2008

Group Policy ADM Files
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=92759d4b-7112-4b6c-ad4a-bbf3802a5c9b

Group Policy ADMX Syntax Reference Guide
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b0628355-baa2-4565-80a4-467245db9e28

Group Policy ADMX Schema files
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b4cb0039-e091-4ee8-9ec0-2bbce56c539e

Starter Group Policy Objects (GPOs)
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ae3ddba7-af7a-4274-9d34-1ad96576e823

Administrative Templates (ADMX) for Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=927fc7e3-853c-410a-acb5-9062c76142fa

Applications

2007 Office system Administrative Template files (ADM, ADMX, ADML) and Office Customization Tool version 2.0
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=92d8519a-e143-4aee-8f7a-e4bbaeba13e7

Group Policy Settings Reference for Windows Internet Explorer 8
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ab4655f2-0a3c-42eb-974d-24b2790bf592

Miscellaneous 

ADMX Migrator
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=0f1eec3d-10c4-4b5f-9625-97c2f731090c

Group Policy Inventory (GPInventory.exe)
http://www.microsoft.com/downloads/details.aspx?familyid=1D24563D-CAC9-4017-AF14-8DD686A96540&displaylang=en

One common problem I see with Active Directory implementations is an Active Directory topology that is not fully routable.  In a fully routable environment every domain controller (DC) can communicate with every other DC.  While most customers "think" they have a fully routable environment in reality they do not.  In some cases there are multiple firewalls between the DCs that are blocking ports or DCs connected across VPN links that do not have the proper ports open.  For more information on how Active Directory replication works read the articles in the RESOURCES section below.

Here are the ports required by Active Directory as described in the "Service Overview" link below.  The basic ports are TCP:

88 (Kerberos)
135 (RPC)
389 (LDAP)
445 (CIFS)
3268 (Global Catalog)

There are additional ports and protocols but these are enough to get started testint the basics.

The PORTQRY utility can be found in the Windows Server 2003 Support Tools and the newest version can be found in the links that follow.  PORTQRY can be used to test connectivity on a port or range of ports from one server to another.  For example to test TCP port 389 from the current computer to a server named VDC02 you would type the following command:

PORTQRY - n VDC02 -e 389 -p TCP

The query will return a great deal of information when you query 389 but you should see a line similar to the following if port 389 is reachable and able to respond:

TCP port 389 (ldap service): LISTENING

In order to speed up the process of testing you can use a batch file with a FOR loop in it to read server names from a text file and perform several ports test against a server.  The sample script shown below will perform some basic testing but you might need to perform more detailed analysis if you are having problems (note somelines may be wrapped due to blog formatting).

:::::::::::::::::::::::::::: BEGIN SCRIPT :::::::::::::::::::::::::

 @ECHO OFF
:: NAME: DCPortTest.CMD v1.0
:: DATE: 03/29/2009
:: PURPOSE:  Test connectivity from one DC to one or more remote DCs
:: using PORTQRY utility.
:: The SERVERS.TXT contains a list of servers (one server per line)
:: to check connectivity to.

ECHO     DATE: %DATE% > DC_PORTQRY.TXT
ECHO     TIME: %TIME% >> DC_PORTQRY.TXT
ECHO     USER: %USERNAME% >> DC_PORTQRY.TXT
ECHO COMPUTER: %COMPUTERNAME% >> DC_PORTQRY.TXT
ECHO. >> DC_PORTQRY.TXT
ECHO. >> DC_PORTQRY.TXT
ECHO. >> DC_PORTQRY.TXT
FOR /F "tokens=1" %%i in (servers.txt) DO (
 ECHO ::::::::::::::::::::::  %%i  :::::::::::::::::::::::::: >> DC_PORTQRY.TXT
 ECHO Testing %%i
 ECHO. >> DC_PORTQRY.TXT
 PORTQRY -n %%i -e 88 -p TCP | findstr /i "88"  >> DC_PORTQRY.TXT
 PORTQRY -n %%i -e 445 -p TCP | findstr /i "445" >> DC_PORTQRY.TXT
 PORTQRY -n %%i -e 389 -p TCP | findstr /i "389" >> DC_PORTQRY.TXT
 PORTQRY -n %%i -e 3268 -p TCP | findstr /i "3268"  >> DC_PORTQRY.TXT
 PORTQRY -n %%i -e 135 -p TCP | findstr /i "135" >> DC_PORTQRY.TXT
 ECHO. >> DC_PORTQRY.TXT  
 ECHO. >> DC_PORTQRY.TXT  
)

:::::::::::::::::::::::: END SCRIPT :::::::::::::::::::::::::

RESOURCES

How Active Directory Replication Topology Works
http://technet2.microsoft.com/WindowsServer/en/Library/c238f32b-4400-4a0c-b4fb-7b0febecfc731033.mspx

Service overview and network port requirements for the Windows Server system
http://support.microsoft.com/kb/832017

New features and functionality in PortQry version 2.0
http://support.microsoft.com/kb/832919

Download PortQry Command Line Port Scanner Version 2.0
http://www.microsoft.com/downloads/details.aspx?FamilyID=89811747-C74B-4638-A2D5-AC828BDC6983&displaylang=en

One of my customers has undergone a great deal of turnover in the past few weeks on the System Administration team.  We discovered that a number of Scheduled Tasks configured on the servers were configured with the accounts of admnistrators (instead of service accounts!).  The accounts were disabled when the admins left the organization and the Scheduled Tasks stopped working.  We needed to find all the Scheduled Tasks configured with admin accounts instead of service accounts on the servers.

The simpe batch file below uses the SCHTASKS utility to dump the configuration information from each server listed in a SERVERS.TXT file and dump the output to a file named SCHED_TASKS_CONFIG.TXT.

<<<------------------------------BEGIN BATCH FILE------------------------- >>>

:: NAME: SCHED_TASK_ACCT.CMD v1.0
:: DATE: 1/13/2009
:: PURPOSE:  TO dump the configuration of scheduled tasks on a server to a text file
::           so tasks configured with disabled accounts can be located.

ECHO %DATE% > SCHED_TASKS_CONFIG.TXT
ECHO %TIME% >> SCHED_TASKS_CONFIG.TXT
ECHO %USERNAME% >> SCHED_TASKS_CONFIG.TXT
ECHO. >> SCHED_TASKS_CONFIG.TXT
FOR /F "tokens=1" %%i in (servers.txt) DO schtasks /query /s %%i /v /fo list >> SCHED_TASKS_CONFIG.TXT 

<<<------------------------------END BATCH FILE------------------------- >>>

One of my customers has an extensive lab environment with multiple forests, domains and workgroup computers.  SMS 2003 was deployed to help manage the configuration of all these different systems.  Between the locked down security settings (no C$, ADMIN$ shares!) and the number separate forest/domains/workgroups involved the ability to "push" the advanced client to desktops is no longer an option.  After meeting with the client last week we decided to configure a logon script to install the SMS client.  The script and associated files (CCMSETUP.EXE, CLIENT.MSI, SMSCLIENT.VBS) were placed in a folder named SMS in the NETLOGON share of the Domain Controllers.  We then configured the LOGON SCRIPT properties of the Domain Administrator account to run the SMSSTARTUP.VBS script shown below to install the client.

Now for a quick run through of the code. 

• Declare our variables and create the objects we will be working with. 
• Determine the path to the NETLOGON \SMS folder we are using.
• Check to see if the SMS client is installed (Set oSMSClient ... If Err.Number....)
• Display a timed popup message with a Cancel button
• Copy install files to local computer.
• Run installation script (SMSCLIENT.VBS)
• Set commands in the RunOnce registry key to delete the SMSCLIENTINSTALL folder the next time someone logs in.

SMSSTARTUP.VBS

'**********************************************
'  SCRIPT: SMSStartup.VBS
'  AUTHOR:
'  DATE:   10/16/2008
' VERSION: 2.0
' PURPOSE: Check for thr presence of the SMS client,
'                   if not installed, copy files from the
'                   network to c:\smsclientinstall and install
' USAGE:     SMSStartup.vbs
'                             
'REVISION: 10/17/2008 added check
'                  to make sure files and folders exist
'                  before moving to next step in script
'         
'**********************************************
OPTION EXPLICIT
On Error Resume Next

Dim oSMSClient, intButton,objWshShell,sFolder, objFSO, sCurrentPath
Dim oExec

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objWshShell = WScript.CreateObject("WScript.Shell")
Set oSMSClient = CreateObject ("Microsoft.SMS.Client")

'Folder to copy SMS install files to
sFolder = "C:\SMSCLIENTINSTALL"

WScript.Sleep 15000

'Build path to SMS files
sCurrentPath = objWshShell.ExpandEnvironmentStrings("%LOGONSERVER%")
sCurrentPath = sCurrentPath & "\NETLOGON\SMS"

If Err.Number <> 0 Then 'change to zero when testing complete
     'Clear error buffer
     err.clear
    objWshShell.LogEvent 2, "SMS Client is not installed, installing now."
    intButton=objWshShell.Popup("Installaing SMS Client software on this computer in the background",5,"SMS Client Software Installation",1)
    'wscript.echo intbutton
    If intButton = 2 Then
        objWshShell.LogEvent 1, "SMS Client installation was cancelled by the user"
        wscript.quit
    End If

 'copy files to local computer and begin client installation
 Do While objFSO.FolderExists(sFolder) <> TRUE
  CreateFolder sFolder
  WScript.Sleep 10000
 Loop

 'copy files
 'Check for files before continuing to next file
 Do While objFSO.FileExists(sFolder & "\SMSCLIENT.VBS") <> TRUE
  objFSO.CopyFile sCurrentPath & "\SMSCLIENT.VBS", sFolder & "\", TRUE
  wscript.sleep 2000
 Loop
 
 Do While objFSO.FileExists(sFolder & "\Client.msi") <> TRUE
  objFSO.CopyFile sCurrentPath & "\client.msi", sFolder & "\", TRUE
  wscript.sleep 2000
 Loop
 
 Do While objFSO.FileExists(sFolder & "\ccmsetup.exe") <> TRUE
  objFSO.CopyFile sCurrentPath & "\ccmsetup.exe", sFolder & "\", TRUE
  wscript.sleep 2000
 Loop
 
    'now run sms client install
    Set oExec = objWshShell.Exec("wscript.exe " & sFolder & "\SMSCLIENT.VBS")

    Do While oExec.Status = 0
      WScript.Sleep 1000
    Loop

 'delete the folder by adding command to the Runonce key
 'CMD.exe /c "RD /s /q c:\SMSCLIENTINSTALL"
 objWshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SMS", "CMD.EXE /c " & CHR(34) & "RD /s /q C:\SMSCLIENTINSTALL" & CHR(34), "REG_SZ"

Else
    'Computer has client, quit
 wscript.quit
End If

Function CreateFolder(folder)
   Dim ofso, f
   Set ofso = CreateObject("Scripting.FileSystemObject")
   Set f = ofso.CreateFolder(folder)
   CreateFolder = f.Path
End Function

Sub DeleteAFolder(filespec)
   Dim ofso
   Set ofso = CreateObject("Scripting.FileSystemObject")
   ofso.DeleteFolder filespec,TRUE
End Sub

As described in the previous post the lab environment includes multiple forests, domains and workgroup computers.  One of the nice things about SMS 2003 is the fact that once the SMS Client has been installed on a system, you "own" that system and can manage it from that day forward.  In the previous post, we discussed how to use a logon script to install the SMS Advanced Client.  In this post we will discuss how to configure computers that are not located within the same domain as the SMS server to be able to find the SMS Management Point (MP) and Server Locator Point (SLP).

All Windows operating systems since Windows 2000 rely on DNS for name resolution.  A clients still have WINS installed to support some legacy applications but most do not.  An LMHOSTS file is similar to a HOSTS file.  A HOST files is used to map DNS hosts names to IP addresses.  An LMHOSTS file is used to map NetBIOS names to IP addresses.   NetBIOS names differ from DNS names because you can have different types of NetBIOS names (e,g, domain, workstation service etc.).  The LMHOSTS files is placed in the same folder as the HOSTS file (%WINDIR%\System32\Drivers\Etc).

An example of the LMHOSTS file is shown below.  Copy the code below into Notepad and save the file as LMHOSTS (no extension) to the "%WINDIR%\System32\Drivers\Etc" folder.  Customize the entries to match your environment.  When you see the pound (#) sign in an LMHOSTS file it is usually followed by a comment unless it is followed by one of the special directives such as PRE< DOM, INCLUDE etc.  The PRE directive loads the entires into the NetBIOS name cache on startup.  The DOM directive is used to indicated a domain name.  The INCLUDE directive is used to include another LMHOSTS file.

In the sample file below the first three lines are comments.  The fourth line pre-loads the domain name where the SMS servers is located and provides the IP address of a DC in that domain.  The next line provides the name and IP address of the SMS server (SMSSERVER1).  The next line provides the name of the SMS Server Locator Point (SMS_SLP) and the line that follows defines the Management Point (MP_C01).  Notice the entries for the SLP/MP look very different from the others.  The "\01xa" is a NetBIOS suffix and there must be exactly 15 characters between the the first quote and the backslash.  For the SMS_SLP line on change the IP address to the IP of the computer hosting the SMS SLP role.  For the MP, change the IP and change the SMS site code in the file from C01 to the site code of your SMS site.

<------------------------------ BEGIN LMHOSTS ----------------------------------->

# LAB LMHOSTS File
#REVISION: 2
#DATE: 10/17/2008
192.168.101.143     DC01         #PRE #DOM:LABDOMAIN1  # Lab Domain DC
192.168.101.141    SMSSVR1 #PRE
192.168.101.141   "SMS_SLP        \0x1A" #PRE
192.168.101.141   "MP_C01         \0x1A" #PRE  

<------------------------------    END LMHOSTS ----------------------------------->

 When you start using LMHOST files you quickly realize that trying to manage the content of these files on multiple computers because a big pain real fast.  If you need to make a change, you need to update every file with the change.  Fortunately the #INCLUDE directive discussed earlier enables you to use a centralized LMHOSTS file.  In our lab environment we created a share on the SMS server named "SMSLMHOST" and placed the first LMHOSTS file shown above there.  The LMHOSTS file shown below was placed on the computers that needed a LMHOSTS.  There are two entries shown.  The first one provides the name/IP of the SMS server and the second directs the client to read the master LMHOSTS file stored on the server.

 <------------------------------   BEGIN LMHOSTS ----------------------------------->

192.168.101.141 SMS1 #PRE
#INCLUDE \\SMSSVR1\SMSLMHOSTS\lmhosts

<------------------------------    END LMHOSTS ----------------------------------->

REFERENCE

NetBIOS Suffixes (16th Character of the NetBIOS Name)
http://support.microsoft.com/default.aspx/kb/163409/

HOWTO: Assign SMS Advanced Client to the Isolated Secondary Site
http://support.microsoft.com/kb/555853

LMHOSTS File Information and Predefined Keywords
http://support.microsoft.com/kb/102725

Domain Browsing with TCP/IP and LMHOSTS Files
http://support.microsoft.com/kb/150800

Chapter 10 - Using LMHOSTS Files
http://www.microsoft.com/resources/documentation/windowsnt/4/server/reskit/en-us/net/sur_lmh.mspx?mfr=true