INove Theme Menubar

Creating an additional domain controller in an existing domain

Please see Microsoft Site for additional detail expalnation: http://technet.microsoft.com/en-us/library/cc738032(WS.10).aspx

Creating additional domain controllers

If you already have one domain controller in a domain, you can add additional domain controllers to the domain to improve the availability and reliability of network services. Adding additional domain controllers can help provide fault tolerance, balance the load of existing domain controllers, and provide additional infrastructure support to sites.
More than one domain controller in a domain makes it possible for the domain to continue to function if a domain controller fails or must be disconnected. Multiple domain controllers can also improve performance by making it easier for clients to connect to a domain controller when logging on to the network. You can add additional domain controllers over the network or from backup media.
Before adding domain controllers you should thoroughly understand Active Directory and the requirements necessary to set up additional domain controllers in an existing domain. For more information, see Checklist: Creating an additional domain controller in an existing domain and Create an additional domain controller.

Using backup media to create additional domain controllers

With Windows 2000, the only way you can create an additional domain controller in an existing domain is by replicating the entire directory database to the new domain controller. With low network bandwidth or a large directory database, this replication can take hours or days to complete. With servers running Windows Server 2003, you can create an additional domain controller using a restored backup taken from a domain controller running Windows Server 2003. This backup can be stored on any backup media (tape, CD, or DVD) or a shared resource.
Using restored backup files to create an additional domain controller will greatly reduce the network bandwidth used when installing Active Directory over a shared resource; however, network connectivity is still necessary so that all new objects and recent changes to existing objects are replicated to the new domain controller.
It is recommended that you use the most recent backup available. Older backups require more network bandwidth for replication. The backup used cannot be older than the tombstone lifetime of the domain, which is set to a default value of 60 days (180 days in a forest that is created on a server running Windows Server 2003 with Service Pack 1 [SP1]).
If a domain controller that was backed up contained an application directory partition, it will not be restored on the new domain controller. To manually create an application directory partition on a new domain controller, see Create or delete an application directory partition.
When adding an additional domain controller using backup media, a System State backup taken only from a domain controllers running Windows Server 2003 can be used once it has been restored. For more information about how to restore a System State backup, see Restore System State data.
For general information about restoring backups, see Authoritative, primary, and normal restores.


Checklist: Creating an additional domain controller in an existing domain

Checklist: Creating an additional domain controller in an existing domain

Step Reference
(Optional) Review concepts about creating additional domain controllers over the network or by using backup media. Creating an additional domain controller

(Optional) Review concepts about security and other options available when using the Active Directory Installation Wizard. Using the Active Directory Installation Wizard

Verify that the server on which you will be installing Active Directory has an NTFS partition. Reformatting or converting a partition to use NTFS

(Optional) Review the role of a domain controller. Domain controllers

Verify that you are a member of the Domain Admins group in the domain where you will be adding the domain controller. Default groups

Verify that DNS is properly configured before installing Active Directory. Checklist: Verifying DNS before installing Active Directory

Create the domain controller. Create an additional domain controller


Using the Active Directory Installation Wizard
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Using the Active Directory Installation Wizard
The Active Directory Installation Wizard installs and configures domain controllers, which provide network users and computers access to the Active Directory directory service. You can install Active Directory on any member server (except those with restrictive license agreements) using the Active Directory Installation Wizard. Using the wizard, you will define one of the following roles for the new domain controller:
• New forest (also a new domain)

For a checklist about creating a new forest, see Checklist: Creating a new forest.
• New child domain

For a checklist about creating a child domain, see Checklist: Creating a new child domain.
• New domain tree in an existing forest

For a checklist about creating a new domain tree, see Checklist: Creating a new domain tree.
• An additional domain controller in an existing domain.  This One! We will follow these steps if there is a domain ctrl in place – Cesar
For a checklist about creating an additional domain controller, see Checklist: Creating an additional domain controller in an existing domain.
Before using the Active Directory Installation Wizard, consider DNS configuration and support for existing applications.
DNS configuration
By default, the Active Directory Installation Wizard attempts to locate an authoritative DNS server for the new domain from its list of configured DNS servers that will accept a dynamic update of a service (SRV) resource record. If found, all the appropriate records for the domain controller are automatically registered with the DNS server after the domain controller is restarted.
If a DNS server that can accept dynamic updates is not found, either because the DNS server does not support dynamic updates or dynamic updates are not enabled for the domain, then the Active Directory Installation Wizard will take the following steps to ensure that the installation process is completed with the necessary registration of the SRV resource records:
1. The DNS service is installed on the domain controller and is automatically configured with a zone based on the Active Directory domain.

For example, if the domain that you chose for your first domain in the forest is example.microsoft.com, then a zone rooted at the DNS domain name of example.microsoft.com is added and configured to use the DNS Server service on the new domain controller.
2. A text file containing the appropriate DNS resource records for the domain controller is created.

The file called Netlogon.dns is created in the systemroot\System32\Config folder and contains all the records needed to register the resource records of the domain controller. Netlogon.dns is used by the Net Logon service and supports Active Directory on servers running non-Windows Server 2003 DNS.

If you are using a DNS server that supports the SRV resource record but does not support dynamic updates (such as a UNIX-based DNS server or a Windows NT DNS server), you can import the records in Netlogon.dns into the appropriate primary zone file to manually configure the primary zone on that server to support Active Directory.
If no DNS servers are available on the network, you can choose the option to automatically install and configure a local DNS server when you install Active Directory using the Active Directory Installation Wizard. The DNS server will be installed on the server on which you are running the wizard, and the server’s preferred DNS server setting will be configured to use the new local DNS server.
Before running the Active Directory Installation Wizard, ensure that the authoritative DNS zone allows dynamic updates and that the DNS server hosting the zone supports the DNS SRV resource record. For more information, see Checklist: Verifying DNS before installing Active Directory.
For more information, see Configure a DNS server for use with Active Directory. For general information about DNS integration with Active Directory, see DNS integration.
Support for existing applications
On servers running Windows NT 4.0 and earlier, read access for user and group information is assigned to anonymous users so that existing applications and some non-Microsoft applications function correctly.
On servers running Windows 2000 and Windows Server 2003, members of the Anonymous Logon group have read access to this information only when the group is added to the Pre-Windows 2000 Compatible Access group.
Using the Active Directory Installation Wizard, you can choose if you want the Anonymous Logon group and the Everyone security groups to be added to the Pre-Windows 2000 Compatible Access group by selecting the Permissions compatible with pre-Windows 2000 Server operating systems option. To prevent members of the Anonymous Logon group from gaining read access to user and group information, choose the Permissions compatible only with Windows Server 2003 operating systems option.
When upgrading a domain controller from Windows 2000 to a Windows Server 2003 operating system, if the Everyone security group is already a member of the pre-Windows 2000 Compatible Access security group (indicating backward compatibility settings), the Anonymous Logon security group will be added as a member of the pre-Windows 2000 Compatible Access security group during the upgrade.
You can manually switch between the backward compatible and high-security settings on Active Directory objects by adding the Anonymous Logon security group to the pre-Windows 2000 Compatible Access security group using Active Directory Users and Computers. For more information about adding members to a group, see Add a member to a group. For more information about default groups, see Default groups and Special identities.
Note
• If you select the Permissions compatible only with Windows Server 2003 operating systems check box when installing Active Directory and find that your applications are not functioning correctly, try resolving the problem by manually adding the special group Everyone to the Pre-Windows 2000 Compatible Access security group, and then restarting the domain controllers in the domain. Once you have upgraded to applications compatible with the Windows Server 2003 family, you should return to the more secure Windows Server 2003 operating system configuration by removing the Everyone group from the Pre-Windows 2000 Compatible Access security group and restarting the domain controllers in the affected domain.


Create an additional domain controller
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create an additional domain controller

1. Click Start, click Run, and then type dcpromo /adv to open the Active Directory Installation Wizard with the option to create an additional domain controller from restored backup files.
2. On the Operating System Compatibility page, read the information and then click Next.

If this is the first time you have installed Active Directory on a server running Windows Server 2003, click Compatibility Help for more information.
3. On the Domain Controller Type page, click Additional domain controller for an existing domain, and then click Next.
4. On the Copying Domain Information page, do one of the following:
• Click Over the network, and then click Next.
• Click From these restored backup files, and type the location of the restored backup files, or click Browse to locate the restored files, and then click Next.
5. On the Network Credentials page, type the user name, password, and user domain of the user account you want to use for this operation, and then click Next.

The user account must be a member of the Domain Admins group for the target domain.
6. On the Database and Log Folders page, type the location in which you want to install the database and log folders, or click Browse to choose a location, and then click Next.
7. On the Shared System Volume page, type the location in which you want to install the Sysvol folder, or click Browse to choose a location, and then click Next.
8. On the Directory Services Restore Mode Administrator Password page, type and confirm the password that you want to assign to the Administrator account for this server, and then click Next.

Use this password when starting the computer in Directory Services Restore Mode.
9. Review the Summary page, and then click Next to begin the installation.
10. Restart the computer.
Notes
• To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
• The /adv switch is only necessary when you want to create a domain controller from restored backup files. It is not required when creating an additional domain controller over the network.
• In step 3, when choosing the option to copy domain information over the network, all directory data for the domain in which this domain controller will be a member will be copied over your network connection. You will have the option to cancel non-critical replication, if necessary.
• In step 3, when choosing the option to copy domain information from restored backup files, you will need to first back up the System State data of a domain controller running Windows Server 2003 from the domain in which this member server will become an additional domain controller. Then, the System State backup must be restored locally on the server on which you are installing Active Directory. To do this using Backup, choose the option Restore files to: Alternate location. For more information about restoring backups, see Related Topics.
• If a domain controller that was backed up contained an application directory partition, the application directory partition will not be restored on the new domain controller. For information about how to manually create an application directory partition on a new domain controller, see Related Topics.
• If the domain controller from which you restored the System State data was a global catalog, you will have the option to make this new domain controller a global catalog.
• You can also use a smart card to verify administrative credentials. For more information about smart cards, see Related Topics.
• You cannot install Active Directory on a computer running Windows Server 2003, Web Edition, but you can join the computer to an Active Directory domain as a member server. For more information about Windows Server 2003, Web Edition, see Related Topics.
Information about functional differences
• Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

Advertisements

How to fix issue with Symantec Endpoint client not installing due to a required reboot.

Problem computer: Windows Vista computer.
Problem: Symantec Endpoint Protection (SEP) Installation fails with the following error “Symantec Endpoint Protection has detected that there are pending system changes that require a reboot. Please reboot the system and rerun the installation.”

Solution: I rebooted the computer several and got the same result each time.

I found the registry key entry that I used to fix the problem.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations
Delete the registry key

Install the software without restarting the computer

NOTE: If you are running Windows Vista look for this key – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Control\SessionManager\PendingFileRenameOperations

Answer was Posted on January 24th, 2009 under Symantec Endpoint Protection, Windows 2008 • Tags: Symantec Endpoint Protection, windows.

How to Compact a Microsoft Database in Access 2007

February 26, 2010 Leave a comment

I was working in MS Access 2007 and after all my changes, Moving / Adding /Deleting / Updating tables etc, I normally go and do a “Compaq and Repair” on the database. With the new “Ribbon Menu” … I was not able to find it! Finally I found it, but wow… Logically, I expected to be in the “Database Tools” section of the Ribbon but it was not there, I search all over this new Ribbon Menu System… after a while I gave up and tried Microsoft web site’s for help… but nothing there either. How can something so commonly use be lost? … any-way

Solution:

1. Click on the “Round Office Bottom” (upper left side), Manage. Compaq and Repair Database.

2. Another solution is to add the “Compaq and Repair Database” to the “Quick Access Toolbar”: Next to Round Office Bottom” you will find other commands like “Save”, “Undo”… to the right there is a kind of down arrow – press on the arrow and click on more commands, now change the list of commands to show you “All Commands” scroll down to find “Compaq and Repair Database” and click on “Add” to add it to the Quick Access Toolbar.

I had a hard time finding this so I hope my notes will help you!

Cesar Lopez
Best Networks Inc

Completely remove Symantec Antivirus and Symantec Endpoint Protection products

January 20, 2010 21 comments

NOTE: Please visit our new website at http://www.bestnetworksinc.com

 

The cleanwipe utility is used to completely remove Symantec Antivirus and Symantec Endpoint Protection products.

To obtain Cleanwipe please contact Symantec Technical support.
Once the utility has been obtained please follow these instructions:

This utility can be run on Windows 2000, Windows XP (32 and 64 bit), and Windows Server 2003 (32 and 64 bit.)

Warnings:
Do not run this utility on Windows NT, Windows 9x, or Windows Me.
Do not run this utility on systems that have Symantec AntiVirus 8.x or below installed.

You cannot select individual applications to remove.

CleanWipe may remove LiveUpdate.

CleanWipe will remove Virus Definitions if you select Yes to “Do you want to do a detailed MSI Product Code registry search?…”, even when selecting No to “If Virus Defs remain after uninstalling Symantec products do you want to uninstall the Virus Defs?”. If you have other Symantec applications that use the VirusDefs folder, it is recommended that you make backup copy of the VirusDefs folder before running the CleanWipe tool. The VirusDefs folder is located under C:\Program Files\Common Files\Symantec Shared\

When using the CleanWipe utility, please be aware that it removes the following products and components from the computer:

Alert Management Server
Firewall Administrator
Quarantine Console
Quarantine Server
Symantec AntiVirus (Version 9.x and above)
Symantec AntiVirus Corporate Edition
Symantec Client
Symantec Client Firewall
Symantec Client Security
Symantec Endpoint Protection
Symantec Endpoint Protection Manager
Symantec LiveUpdate
Symantec Network Access Control
Symantec Sygate Enterprise Protection
Symantec System Center
Symevent

If you have other Symantec applications on the computer that depend on any of the applications listed above, those applications may not function properly. The customer may need to re-install the missing applications after running CleanWipe.

Note: The zip file is password protected.
Un-Zip Password: symantec

1. Extract the file to a new folder in a convenient location, such as the Desktop, using the un-zip password provided above.
2. Browse to the new folder and execute the utility by double clicking ‘CleanWipe.exe’
3. Follow the on-screen instructions.

The utility runs in verbose mode and will ask you about the components you want uninstalled.

Note: If the CleanWipe utility fails to remove Symantec Endpoint Protection, please proceed through the manual uninstall procedure for the version of the product you have installed.

You can find the manual uninstall instructions in the following document:

Title: How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions
Solution ID: 2007073018014248
Document URL:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007073018014248

Title: ‘Manual uninstallation documents for Symantec Client Security products’
Solution ID: 2002031914291648
Document URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002031914291648

————————————————[UPDATE]——————————————————–
You can use CLEANWIPE from Symantec to remove the AV and all other associated applications.

To download the utility, open the following web page in a browser:
https://fileshare.symantec.com
Log in with the following information:

Login ID: cleanwipeutility
Password: CL3@nw!p3

Once you have downloaded the utility, please follow these instructions.

Note: The zip file is password protected.
Un-Zip Password: symantec

1. Extract the file to a new folder in a convenient location, such as the Desktop, using the un-zip password provided above.
2. Browse to the new folder and execute the utility by double clicking ‘CleanWipe.exe’
3. Follow the on-screen instructions.

The utility runs in verbose mode and will ask you about the components you want uninstalled.

Note: If the CleanWipe utility fails to remove Symantec Endpoint Protection, please proceed through the manual uninstall procedure for the version of the product you have installed.

You can find the manual uninstall instructions in the following document:

Title: How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions
Solution ID: 2007073018014248
Document URL:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007073018014248

Title: ‘Manual uninstallation documents for Symantec Client Security products’
Solution ID: 2002031914291648
Document URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002031914291648

Windows Server 2003 R2 and Windows XP Time Synch Notes

November 21, 2009 Leave a comment

Time Synch: Windows Server 2003 R2 and Windows XP Pro in an Active Directory Domain

Some of you out there perhaps are having time synching problems – May of my clients did – here are some notes that can help you fix the problem.  Warning, these changes could prevent workstations from being able to log back into the server – please read carefully, if you have any questions please call us.

The problem:  The Primary Domain Controller PDC/ Server is off by minutes from the actual time.   Workstations synch with the PDC Server and perhaps users use applications that require the correct time – Time-sheets, etc.

Traditionally, the LAN Administrator would log onto the server and correct the time manually.  The server would be fine for few months and eventually someone would alert the LAN Administrator the time is off again. 

This is an issue with old servers that rely on their internal time clock.  The internal time clock is powered by a battery just like you watch and once this battery no longer recharges then the time it constantly needs to be set manually – as part of the solution – You could also change the internal CMOS battery.  However, nowadays almost everyone has access to the internet and there are other solutions to this problem.   One solution is presented here – I use this solution internally in our Network and it works great.

The traditional method to synch the workstation clock with the server also needs to be recognized as part of the problem as this is a manual command that needs to be automated.

C:\Users\ENDUSERNAME.BESTNETWORKS>net time \\server /SETCurrent time at \\server is 11/21/2009 3:41:00 PMThe current local clock is 11/21/2009 3:41:00 PMDo you want to set the local computer’s time to match thetime at \\server? (Y/N) [Y]: YThe command completed successfully.

This command allows the workstation to synch its time against the file server.  I have implemented this command as part of the logon script many times.  I would like to find a better solution. Perhaps – Visual basic scripting or as part of a Group/Domain Policy.

[Microsoft Article ]

Synching to an Internal Time Source

The simplest solution to time synchronization in an Active Directory environment is to let the PDC Emulator in the forest root domain use its own CMOS clock as the source of reliable time for the forest. To do this, you can simply take no action. The only annoying result is that you will occasionally see the following event logged to the System log in Event Viewer:

Event ID: 12

Event source: W32Time

Event description: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

Basically, what this event means is that the PDC Emulator in the forest root domain has not been configured to synchronize its clock with an external stratum 1 time source, and as a result the clocks on all machines in your forest cannot be considered reliable. Now this may be an issue if employees rely upon their workstations’ CMOS clocks for signing in and out, but as far as Kerberos is concerned it’s a non-issue because Kerberos only requires that clocks on clients and authenticators agree with each other, not that they display accurate time. So if every machine’s clock in the forest is one hour late, Kerberos will still work fine and replay attacks will be prevented, which is the purpose of W32Time anyway.

Synching to an External Time Source

If you want to ensure that the clocks on your machines are more accurate in terms of absolute (and not just relative) time, you can sync the PDC Emulator in your forest root domain to one of the reliable time servers available on the Internet. This is a good idea if your company is a large enterprise with sites spanning several countries, or if your organization has two or more forests linked by forest trusts. The procedure for doing this on a PDC Emulator running Windows Server 2003 in the forest root domain is as follows. Open Registry Editor (regedit.exe) and configure the following registry entries:

1   HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

This registry entry determines which peers W32Time will accept synchronization from. Change this REG_SZ value from NT5DS to NTP so the PDC Emulator synchronizes from the list of reliable time servers specified in the NtpServer registry entry described below.

2   HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

This registry entry controls whether the local computer is marked as a reliable time server (which is only possible if the previous registry entry is set to NTP as described above). Change this REG_DWORD value from 10 to 5 here.

3   HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer

This registry entry specifies a space-delimited list of stratum 1 time servers from which the local computer can obtain reliable time stamps. The list may consist of one or more DNS names or IP addresses (if DNS names are used then you must append ,0x1 to the end of each DNS name). For example, to synchronize the PDC Emulator in your forest root domain with tock.usno.navy.mil, an open-access SNTP time server run by the United States Naval Observatory, change the value of the NtpServer registry entry from time.windows.com,0x1 to tock.usno.navy.mil,0x1 here. Alternatively, you can specify the IP address of this time server, which is 192.5.41.209 instead.

  • NOTE:  I’m not sure but…  if I’m working on a workstation (say windows XP-PRO or Vista) will it work if I change the name of the external server to the name of the Internal Domain controller Server? After all,  the PDC is already synchronizing against the external server per the steps above.  I will test this on a vista computer and later on an XP computer!!!  The problem I have with this is that this is a manual change and I will like it best to be an automated change – specially if I have to do it on a client site with 100s of computers.  Alternatively I would use the net time \\server /set < [mapped-drive path]\yes.txt comand.

Now stop and restart the Windows Time service using the following commands:

4    net stop w32time  && net start w32time

It may take an hour or so for the PDC Emulator to fully synchronize with the external time server because of the nature of the polling method W32Time uses. Depending on the latency of your Internet connection, the accuracy of the CMOS clock on your forest root PDC Emulator may be within a second or two of UTC. If you need more accurate time however, you can purchase a hardware time source like an atomic clock and connect it to your PDC emulator.

Alternatively, if you don’t want to wait for time convergence to occur between your stratum 2 time server (your forest root PDC Emulator) and the external stratum 1 time server, you can run the following command on your PDC Emulator:

5    w32tm /resync /rediscover

Tip
There are additional registry settings you can configure to ensure external time synchronization operates effectively, see this article in the Microsoft Knowledge Base for details.

All available synchronization mechanisms

The “all available synchronization mechanisms” option is the most valuable synchronization method for users who are on a network. This method enables synchronization with the domain hierarchy and may also provide an alternative time source if the domain hierarchy becomes unavailable, depending on the configuration. If the client cannot synchronize time with the domain hierarchy, the time source automatically falls back to the time source that is specified by the NtpServer setting. This method of synchronization is most likely to provide accurate time to clients.

Windows Time service registry entries

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\

Collapse this tableExpand this table

Registry Entry MaxPosPhaseCorrection
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Notes This entry specifies the largest positive time correction in seconds that the service makes. If the service determines that a change larger than this is required, it logs an event. Special case: 0xFFFFFFFF means always make time correction. The default value for domain members is 0xFFFFFFFF. The default value for stand-alone clients and servers is 54,000 (15 hours).
Registry Entry MaxNegPhaseCorrection
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Notes This entry specifies the largest negative time correction in seconds that the service makes. If the service determines that a change larger than this is required, it logs an event instead. Special case: -1 means always make time correction, The default value for domain members is 0xFFFFFFFF. The default value for stand-alone clients and servers is 54,000 (15 hours).
Registry Entry MaxPollInterval
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Notes This entry specifies the largest interval, in log seconds, allowed for the system polling interval. Note that while a system must poll according to the scheduled interval, a provider can refuse to produce samples when requested. The default value for domain members is 10. The default value for stand-alone clients and servers is 15.
Registry Entry SpecialPollInterval
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
Notes This entry specifies the special poll interval in seconds for manual peers. When the SpecialInterval 0x1 flag is enabled, W32Time uses this poll interval instead of a poll interval determine by the operating system. The default value on domain members is 3,600. The default value on stand-alone clients and servers is 604,800.
Registry Entry MaxAllowedPhaseOffset
Path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
Notes This entry specifies the maximum offset, in seconds, for which W32Time attempts to adjust the computer clock by using the clock rate. When the offset exceeds this rate, W32Time sets the computer clock directly. The default value for domain members is 300. The default value for stand-alone clients and servers is 1.
         

Other links:

http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html?printversion

Sony AIT drive units are Out !???

November 10, 2009 Leave a comment

Acording to a Sony Sales person Sony will no longer market or sell AIT tape units as of March 2010. For the price, these units were of the best in the market with a great proven functional record. I hope there is a Sony replacement for this great product

[Sony Letter]

Sony Electronics Inc.

1 Sony Drive, Park Ridge, New Jersey 07656

October 2009

Dear Valued Sony AIT Tape Drive Customer:

This letter serves as a soft reminder to our channel partners that, as of March 2010, Sony Electronics Inc. will no longer be offering AIT drives or AIT library/automation systems. This difficult decision was made after careful review and consideration.

As stated in our previous letter issued in April 2009, Sony will continue to accept purchase orders for delivery through March 2010 subject to product availability, however, due to stronger than expected sales demand, we are already running out of inventory on some product lines, specifically AIT-2T, AIT-3 and AIT-5 tape drives.

As a result of this, we are compelled to inform you of the models which are still available for sales as of this date, as shown below;

Currently Available Models Single drive Library / Autoloader E-mail archiving
AITI100S AITI390S LIB81A3XBB OEASW500B1
AITI100AS AITE390S LIB81A3XBRBB OEABF1000B1
AITI100ST LIB162A3XBB CV1UE2000B1
AITE100S AITI520S LIB81A4BB
AITE100UL AITE520S LIB81A4BRBB
LIB162A4BB

Easier Maintenance of Sony AIT-3 WORM Tape

Categories: Uncategorized Tags: ,

Outlook attached documents and how it works – clarification

November 1, 2009 1 comment

Outlook attached documents and how it works – clarification
Outlook by default saves all attached documents in a hidden (very well hidden) temporary folder.  The folder’s name varies…

The main intension of this folder is to have an area in the computer where “safe” attachments could be open in temporary bases.  This area is located inside the “Temporary Internet Files” this folder, itself is a hidden folder located inside the “Local Settings” folder which is also a hidden folder located inside the “user’s profile” folder (not hidden) located inside the “Documents and settings” off the root directory.

The Problem:  Here is the problem many users are having.  First, this is a TEMPORARY folder and not a place to save any files as this area is meant to be clear after you exit outlook. 

Proper Steps: if you only need to read the attached file and no changes are made to the document. Then the process works as follows: you receive an e-mail message containing an excel file “report.xls”, you double click on the file, this opens the file placing a copy of the file automatically in the temporary area – if all you do is read the file, then close it, the file is automatically remove from this temporary folder after you close the e-mail message that contains the attached file.

That is great for some messages however businesses are much more dynamic.  The user often opens the file and makes changes to it. This is ok, as long as you save it in a different location (My documents\folder name\[Report.xls] ) make a note that this is no longer the same file  attached to the e-mail message.  You are not making changes to the original file attached to the e-mail message but to a different file.  If all you do is click on save then another version of the file is stored in the TEMPORARY LOCATION in this case it would be named report(1).xls.  Lets say that now you close excel and the email containing the message but open the same e-mail message and again click on save without changing the file location to a different folder then report(2).xls will appear and so on.

The first time that you open an attached document (word, excel, power point etc.) Outlook creates a new subdirectory under your Temporary Internet Files directory, and places the temporary file in the new subdirectory.

The name of the new subdirectory is unknown and is randomly generated before it is created.

The following paths are examples from three different operating systems.

  • Microsoft Windows 98
    C:\Windows\Temporary Internet Files\OLKC320
  • Microsoft Windows NT 4.0
    C:\WINNT\Profiles\”username”\Temporary Internet Files\OLK2
  • Microsoft Windows 2000
    C:\Documents and Settings\”username”\Local Settings\Temporary Internet Files\OLKCE
  • Microsoft Windows XP
    C:\Documents and Settings\”username”\Local Settings\Temporary Internet Files\OLK849\

I hope this notes help
Cesar