Ncrancher

Ncrancher

This user hasn't shared any profile information

Posts by Ncrancher

The PIPE State is Invaild – Windows 2008

Today’s challenge is to investigate the cause of the User Profile Service failing.  My users recieve the message “Windows could not connect to the User Profile Service” in Citrix or “Failed to connect to a Windows Service” When using RDP.

When trying to restart the “User Profile Service” I recieve the message “The PIPE state is invaild”.

Most websites have sugguested rolling back in the case of Vista, I have not such an Options.

Trouble shooting steps:

  1. Check all event logs for the cause and Google for more background information.
  2. Restart the Server (Does this resolve the issue?) I’ll soon find out.

Looks like a reboot worked!

ISO Recorder – Recommended Windows Tool

This useful tool creates an ISO imagine in moments, nicely integrated in the menu bar. Just select the files or directory you want an ISO image of and right click “Create ISO image” Absolute simple, fast and FREE!
http://isorecorder.alexfeinman.com/isorecorder.htm
Available on: Windows XP/Vista/7 x86 or x64.

Thanks Alex

Windows 7 – NT backup

I’m in the very slow process of migrating over to Windows 7 from Windows XP. Although I don’t think I will ever completely stop using XP, because things just work!
Part of the process of migrating to 7 is to install the Windows Support Tools for Active Directory and Exchange 2003 system manager. These are challenges alone and I mite just have to deploy these tools over Citrix. Let see!
So I’ve backed up my old XP PC using NTBACKUP which millions of people would be doing over a number of years and I want to restore documents to my Windows 7 PC.
Where the hell is ntbackup? …………
Oh right its not included in Windows 7 so are we meant to keep using Windows XP for files restores?? Only if you have your backup on tapes, but not if you have your backup images on USB storage.
If your in the same boat as me you will find the following link useful, as Microsoft have offered ntbackup available as a download. http://support.microsoft.com/?kbid=974674

Please note this tool is only available for restores and not new backups.

This also applied to Windows 2008 R2

Read only access to scheduled tasks?

Does anyone know if its possible to allow a user to view only the status of scheduled tasks in a Windows 2008 environment?

I’ve also had a look at schtasks.exe from the command prompt, but it produced report with “No information is available at you access level”

If you have any idea then please leave a comment, If I find out the answer I will post it here.

Thanks

Auditing Group Membership Changes in Active Directory

We had a request today to monitor actual changes to group membership in real time. Real time? is that possible? Hmmm.

There are many commercial tools that monitor and manage event logs, but we had to work with the current monitoring system and Windows.

Task: Report changes made to group memberships in Active Directory.

Now I’ve got access to Enterprise Security Reporter which would be ideal for monitoring the changes between 2 dates but this doesn’t work in real time. I’ve looked at Powershell, but again the script would run on a scheduled task.

Solution: Enable auditing on domain controller and watch the event logs.

Yes, it is as simple as that and to make it even easier your can enable a Group Policy on all the domain controllers to ensure this option is set.

Steps:

  1. On your domain controller open Start > Administration Tools > Domain Controller Security Policy
  2. Expand Local polices and click on Audit Policy
  3. Edit Audit account management and select Success
  4. Do this to all your Domain Controllers or Apply a GPO (See below)
  5. Watch the event log for the following Event IDs

Event IDs:

631 = Global Group Created

632 = Global Group Member Added

633 = Global Group Member Removed

634 = Global Group Deleted

641 = Global Group Changed

Now I guess your wondering how do we make use of this information? Well in this case our monitoring system will look for the the above event and push them to an SQL database, we can then query them later or create reports.

Group Policy

You can add this rule to your existing GPO, but I prefer to create a new GPO for each rule and then apply to a security group.

Steps:

  1. Open the GPO editor
  2. Create a new policy and give it a name
  3. Expand Computer Configuration > Windows Settings > Local policies > Audit Policy
  4. Select Audit account management
  5. Check the boxes Define these policy settings and  Success
  6. Apply this GPO all the Domain Controllers or use a security group

It is assumed you have some kind of monitoring system that will read the event logs and that will alert or record changes.

Ncrancher's RSS Feed
Go to Top