Archive from July, 2004

How can I let users log on to the domain when they can’t contact the Global Catalog (GC)?

When a native-mode user logs on to the domain, a GC checks Universal group memberships. If the user can’t contact a GC, the logon will fail. To let users log on even though they can’t contact the GC, perform the following steps on the servers that service the client logons:

1. Start a registry editor (e.g., regedit.exe) on each domain controller (DC).
2. Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa registry subkey.
3. From the Edit menu, select New, DWORD Value.
4. Enter the name IgnoreGCFailures, set the value to 1, then press Enter.
5. Close the registry editor.
6. Restart the DC.

Be aware that performing these steps can cause security problems. For example, imagine that you’re a member of the Universal group that’s denied access to a particular network resource. If your system can’t contact the GC when you log on, your user token won’t have the SID of the Universal group. In that case, you might be able to access the denied resource just as if you weren’t a member of the Universal group.

Jul 4, 2004 - General    No Comments

How can I clear the Google Toolbar search history in the registry?

The Google Toolbar is an add-on search tool for Microsoft Internet Explorer (IE). To clear the toolbar’s search history, perform the following steps:

1. Start a registry editor (e.g., regedit.exe).
2. Navigate to the HKEY_CURRENT_USERSoftwareGoogleNavClient1.1 registry subkey (yes, the registry subkey is 1.1, even though you might have installed version 2.0 of the toolbar).
3. Select the History subkey, click the Del key on your keyboard, then click Yes to the confirmation.
4. Close the registry editor.

You will need to log off and log on to clear the cache of previous searches within IE.

Jul 3, 2004 - General    No Comments

How can I disable the Microsoft Internet Explorer (IE) script debugger?

If you run a script in IE that results in an error, IE gives you the option to debug the script. To disable this option, perform the following steps:

Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain registry subkey.
Double-click the Disable Script Debugger value.
Set the value data to “yes” to disable the script debugger, then click OK (setting the value to “no” enables the script debugger).
Restart IE for the change to take effect.

Jul 2, 2004 - General    No Comments

How can I use the command line to move a user account in Windows Server 2003?

You can use the Dsmove command with the -newparent switch to assign new containers to Active Directory (AD) objects. For example, to move user johnsavill from the Users container to an organizational unit (OU) called Sales, type

C:>dsmove “CN=johnsavill,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com”
-newparent OU=Sales,DC=it,DC=uk,DC=savilltech,DC=com
The machine will return the following result:

dsmove succeeded:CN=johnsavill,CN=Users,DC=it,DC=uk,DC=savilltech,DC=com

Jul 2, 2004 - General    No Comments

How can I create a file of a certain size in Windows XP and later?

If you need to create a file of a certain size and the file contents don’t matter, you can use the Fsutil command as follows:

fsutil file createnew
For example,

fsutil file createnew d:temp1mbfile.txt 1000000
creates a 1MB file named 1mbfile.txt in the d:temp folder. I’ve successfully used this command to create a very large file to reduce the amount of free space when I was using a buggy installation program that couldn’t address too much free space.

Jul 2, 2004 - Windows 2003    No Comments

Where is the M drive in Microsoft Exchange Server 2003?

Microsoft has removed the M drive by default in Exchange 2003 because of problems related to backup and antivirus software running against the M drive. However, you can still use the .BackOfficeStorage namespace to access the Exchange information through file APIs.

If you require the M drive (e.g., you have programs that use the M drive to map the Installable File System, you use Microsoft FrontPage Extensions and the Microsoft Web Storage System–WSS), you can enable the drive by performing the following steps (but do so at your own risk):

Log on to the Exchange server as an administrator.
Start a registry editor (e.g., regedit.exe).
Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEXIFSParameters registry subkey.
From the Edit menu, select New, String Value.
Enter the name DriveLetter, then press Enter.
Double-click the new value, set it to M, then click OK.
Close the registry editor.
Restart the Exchange server (or restart the Information Store service) for the changes to take effect.

What’s the Account Lockout Status tool?

The Account Lockout Status tool (lockoutstatus.exe) displays lockout information for a specified user by querying every contactable domain controller (DC) in the user’s domain. You can download the Account Lockout Status tool at Link
You can also check a user’s lockout information at the command line. To do so, enter the command


where –u is the username.

Related Posts Plugin for WordPress, Blogger...