Saturday, December 27, 2008

Bare Metal Restore of Windows 2008 Server from Remote WBADMIN Backups

As most users of Windows 2008 Server know you can easily use the WBADMIN command as a backup solution. WBADMIN allows to use remote shares as storage locations for backup sets. Below are the steps to perform a bare metal restore using a backup sets located on a remote share. In order for this to work you will need to have a DHCP server running on your network that will give out an IP address to the host being recovered.

  1. Boot from the Windows 2008 CD. Click Next

  2. On the Install Now Window, Click the Repair Your Computer link

  3. Click Next again to move to the next window

  4. Choose Windows Complete PC Restore

  5. When the error message about not finding a valid backup comes up, click Cancel

  6. On the Restore Your Entire Computer for a Backup window, select Restore a Different Backup and click Next

  7. On the Select the Location of the Backup window, click the Advanced button

  8. Click Search for a Backup on the Network

  9. Click Yes when prompted

  10. Type in the network location of the backup and click OK

  11. Enter in your AD Admin account credentials (domain\userid) when connecting to server hosting the backup sets and click

  12. Highlight the backup set location for the computer you want restored and clickNext

  13. Highlight the backup point you want to recover and click Next

  14. Click Next. Depending upon the type of restore you might have to check the "Format and repartition disks" checkbox

  15. On the Summary page, click Finish

  16. Check the I confirm that I want to format the disks and restore the backup checkbox. Then click
    OK to start the recovery process

Monday, December 15, 2008

VBScript: Preventing Logon After Hours

Last week I received a request asking if I could prevent a certain user from logging into a system after normal business hours.

I thought it would be easy using AD and just setting the login hours for her account; however, since the user's email is routed to my Exchange server, it caused her to be locked out of her email after hours. The solution I came up with is a simple VBScript.

The script checks the day and time. If they are out of the acceptable range then using the shutdown command I reboot the box in 60 seconds. Both the system and the script will present a popup window notifying the user of the situation. I configured a group policy to run the script at logon and only for a specific AD group (which the user is a member of).

So that covers logging in but what if the user is already logged onto the system. Another group policy, with a preference setting for a scheduled task running the shutdown /r /t 60 command at 6 PM everyday does the trick.


on error resume next

dim vday, vhour

vday = weekday(now)
vhour = hour(now)

set wshshell = wscript.createobject("")

if vday >= 2 and vday <= 6 then

if vhour < 8 or vhour > 17 then "C:\WINDOWS\system32\shutdown.exe /r /t 60"
wshshell.popup "Your Account is Only Permitted to Login Between 8AM" _
& " and 6PM" & vbCrLf & "Monday through Friday", 20, "Account Logoff"

end if

else "C:\WINDOWS\system32\shutdown.exe /r /t 60"
wshshell.popup "Your Account is Only Permitted to Login Between 8AM" _
& " and 6PM" & vbCrLf & "Monday through Friday", 20, "Account Logoff"

end if



Wednesday, September 24, 2008

Perl Script to Update Recommended IP Block Ranges

Yesterday, I started down the road of learning to develop in Perl. Came up with the idea of updating my OpenBSD firewall badhosts table with the DShields recommended IP block range list.

In order to get it to run I had to install the p5-LWP-UserAgent-Determined-1.03.tgz package on the OpenBSD system.

Configured Cron to run the script:
sudo crontab -e
* 23 * * * /usr/bin/perl /etc/ >/dev/null 2>&1

----Part of pf.conf-------------

table <badhosts> persist file "/etc/badhosts"

block in log quick on $ext_if from <badhosts> \
label "Badhosts in"
block out log quick on $ext_if to <badhosts> \
label "Badhosts out"


Here is the Perl script:

#!/usr/local/bin/perl -w
use LWP::Simple;

#open the badhosts file and load it to an array
@badhosts = ;
close BH;

#create arrays and get recommended block data from site
@badips = ();
@dshield = split("\n",get(''));

foreach $newrange(@dshield)
#check to see if line starts with an ip. if so then
#pull only the first ip

if($newrange =~ m/^\d/i)
@ipinfo = split("\t",$newrange);
$ip = "$ipinfo[0]/24\n";

$counter = 0;

#check to see if ip range is already listed in badhosts file
#if not then load in into badips array

foreach $badrange(@badhosts)
if($badrange eq $ip)

if($counter == 0)



#append badhosts file with newly recommended block ranges
print BH @badips;
close BH;

system("pfctl -f /etc/pf.conf")

Friday, September 12, 2008

Quick Way to Change File Extensions in the Same Folder

I was given the task of searching a few hundred archived Eudora mailbox files today for a certain email address. Didn't want to install Eudora on a system so I just opened the files with Notepad. The problem I ran into was that Windows Search wouldn't search the .mbx files.

So I needed to quickly change all the .mbx files in the folder to .txt extension so that Windows Search could scan them. Thought VBScript would be a good way; however, found that it would take too much code to just do a simple task.

Instead I went back to the command line and used the following command on the folder:

ren *.mbx *.txt

This allowed me to quickly find the requested email data using Windows Search.

Thursday, August 28, 2008

Installing DPM 2007 Agents on a Windows 2008 Server

Over the weekend I migrated over my DCs to Windows 2008 using completely new hardware for the new DCs. I ran into a problem with installing the DPM agents on Windows 2008 DCs. Here are some things I picked up along the way:

  • My migration over to a Windows 2008 Domain blew out the DPMRADCOMTrustedMachines and DPMRADmTrustedMachines AD groups. DPM creates these groups when you install the agent on a DC. In addition, the DPM server’s computer account was removed from the Distributed COM Users builtin AD group. Recreating these groups and placing the DPM server back into the above groups didn’t solve all the remote agent install problems

  • The current release of DPM does support Windows 2008

    However, I’m not the only one having trouble installing the agent

    I tried the QoS PS service fix but it didn’t work

  • Finally was able to install the DPM agent on a Windows 2008 system (my test Windows 2008 box) by adding the Windows Backup Server feature and starting the Remote Procedure Call (RPC) Locator service.

    However, this didn’t allow me to backup the server’s system state. Only could backup regular files. Apparently, DPM is having problems with Windows 2008 System State

  • Found the lovely command call wbadmin. This command allows you to backup the complete server to a remote file location. Stores the data in a .vhd and .xml files.

    Ran the following command from my new DC:
    wbadmin start backup -backuptarget:\\myserver\dcbackup$ -include:c: -quiet
    It completed in around 20 minutes.

  • To recover a system you will need to know the version information of the backup.

    run wbadmin get versions -backuptarget: -machine:

    C:\Windows\system32>wbadmin get versions -backuptarget:\\myserver\dcbackup$ -machine:MYDC
    wbadmin 1.0 - Backup command-line tool
    (C) Copyright 2004 Microsoft Corp.

    Backup time: 8/24/2008 2:09 PM
    Backup target: Network Share labeled \\myserver\dcbackup$
    Version identifier: 08/24/2008-21:09
    Can Recover: Volume(s), File(s), Application(s), Bare Metal Recovery, System State

    Then run wbadmin start recovery -version: backuptarget: -machine:

    wbadmin recovery options

  • I configured a task on my DC to run this command every night at 1 AM. Since the backup location is on a file server DPM will back it up.
    During testing the command seemed to overwrite the backup files each time…I will test some more to verify this statement.
    Either way you could simply create different folders on the file server for each day and then create different tasks that go to different locations

Well now I have at least some kind of backup solution till the DPM team gets their act together on Windows 2008. Considering how DPM is totally reliant on a DC I might stick with this solution. I would hate to lose my DCs (in different buildings) and then not be able to recover my data due to no DC being available. Simply copy the files off the file server (if that is still standing) to an external USB drive and then attach it the new theory it should work but I don’t’ want to test it out or ever have to do it.

Wednesday, August 20, 2008

Moving Windows 2003 DHCP Service

In order to prep for migrating over to a Windows 2008 domain, I had to move the DHCP service from one of my Windows 2003 domain controllers to another. Below are the steps I used to complete this easy task:

  1. Installed DHCP service on the new DHCP server

  2. Ran the following command on the old DHCP server:

    netsh dhcp server export C:\dhcp.txt all

  3. Copied the dhcp.txt file over to the same location on the new DHCP server

  4. Ran the following command on the new DHCP server:

    netsh dhcp server import C:\dhcp.txt all

  5. On the old DHCP server, right-clicked the Scope and selected Deactivate

  6. On the old DHCP server, right-clicked the Server -> All Tasks -> Stop

  7. On the new DHCP server, right-clicked the Server -> All Tasks -> Start

  8. On the new DHCP server, right-clicked the Scope and selected Activate

Monday, July 28, 2008

Dell 5310n: error message is 900.00 service RIP software

A few of my users were having trouble with a Dell 5310n printer. The error message on the display was error message is 900.00 service RIP software. When printing large data files, such as a PowerPoint presentation, the printer would error out.

Per Dell's recommendation I configured the virtual printer to not spool the print jobs and send them directly to the printer. This seems to have corrected the issue so far.

Since I have HP printers on the same print server and none of them have had any kind of issue printing the same large files, I starting to think that the problem is due to either bad printer hardware or print drivers from Dell.

Monday, July 21, 2008

Exchange 2007 Mailbox Size Script

Below is a screen shot of my Exchange 2007 mailbox size script. This allows me to quickly view my users mailbox sizes in a nice color coded report.

PowerShell Script to Grant Full Mailbox Access

While testing out a new personal information scanner I discovered a need to grant one AD account full mailbox access to all mailboxes on my Exchange server. Below is the command I used to get the job done.

get-mailbox | select alias | foreach {

Add-MailboxPermission –Identity $_.alias –User myAdminAccount -Accessright Fullaccess -InheritanceType all


Wednesday, July 2, 2008

ColdFusion 8 on Windows 2003 64bit

Ran into problems when installing ColdFusion 8 on a Windows 2003 64bit server. Basically, the installer said everything was installed correctly but I was missing half of the ColdFusion files. The installer was ran straight from two different disks with the same result.

After the installation no IIS sites would work correctly. Reinstalling the OS with 32bit to see if that changes anything.

Tuesday, July 1, 2008

Ghetto OpenBSD Firewall\Switch

In an attempt to clear even more stuff off my desk, I created a ghetto OpenBSD firewall\switch. Basically, I added four network cards to an old Dell Precision 350. Loaded OpenBSD on it. Went the standard route when creating a firewall. The five network cards on the system are em0 (External), dc0 (Internal), dc1, sk0, sk1.

echo 'inet NONE' > /etc/hostname.em0
echo 'inet NONE' > /etc/hostname.dc0

Then I configured the remaining cards.

echo 'up' > /etc/hostname.dc1
echo 'up' > /etc/hostname.sk0
echo 'up' > /etc/hostname.sk1

Configured a Bridge between the Internal card and the three other cards.

echo 'add dc0 add dc1 add sk0 add sk1 up' > /etc/bridgename.bridge0

Using the same NAT rule set I had before (listed below) and with a few crossover cables (had my student assistant work on that portion) I now have a ghetto OpenBSD firewall\switch. Finally, I have a use for all those extra network cards and old systems laying around the office.



testDomain = "{}"

set skip on lo0
set loginterface $ext_if

nat on $ext_if from $testDomain to any -> $ext_addr

pass in on $int_if all
pass out on $int_if all

block in log on $ext_if all label "Default block in"
block out log on $ext_if all label "Default block out"

pass out on $ext_if proto tcp from $ext_addr to any port { http https } \
flags S/SA modulate state

pass out on $ext_if proto udp from $ext_addr to any port { domain }

Friday, May 30, 2008

Vista VPN Connection Problem

We found the solution to why our Vista 64bit SP1 systems were having trouble establishing a VPN connection. It was due to something in the DNSAPI.dll. We disabled the DNS Client service on the systems and they are able to connect just fine.

Since the Windows Event logs were reporting:

“Faulting application svchost.exe_Dnscache, version 6.0.6001.18000, time stamp 0x47919291, faulting module DNSAPI.dll, version 6.0.6001.18000, time stamp 0x4791ace0, exception code 0xc0000005, fault offset 0x000000000000d64a, process id 0xac8, application start time”

I’m thinking the problem lies with a bad .dll in SP1

Tuesday, May 27, 2008

Vista and VPN Connection

I haven't posted in a while due to having to work on a VPN connection issue with Vista clients. Basically, when the user attempts to connect to our VPN server the connection is dropped with error code 800.

It looks to be a problem with Netbios over TCP in the network connections themselves. I'm still researching the issue. So far I have reloaded my test laptops well over half a dozen times trying to rule out network card drivers, user permissions, and OS service packs.

Monday, May 19, 2008

XP SP3 Installed

WSUS pushed out XP SP3 to user systems just fine. Today I'm having trouble with a MacBook that is setup with XP and OS X. When attempting to install SP3 on the XP side I'm getting an error message about not enough room on the C drive.

Thursday, May 15, 2008

Postponed Updates

Came in this morning and found that the hub to the test systems was unplugged. My assistant needed the cable for another system. Plugged the systems back in and will check tomorrow morning.

Wednesday, May 14, 2008


XP SP3 was dropped to WSUS last week. Pushed it out to a few test systems yesterday via WSUS. Waiting to see what happens tonight when the updates from May get pushed out to the systems. If they install without errors I will push it out to the rest of my XP systems later this weekend.

Wednesday, May 7, 2008

Updates Fail After XP SP3 Installation

While bringing up a XP system to image, I ran into a weird issue with SP3.

Like a good admin, after bringing up the system I went to the Windows Update site. Low and behold SP3 was there waiting for me. I installed it and everything seemed fine till I tried installing additional updates, which all failed.

I tried the solutions in this link but none of them worked so I reinstalled the system. Hopefully, Microsoft will correct this issue before it gets pushed out to WSUS.