Bobby Primasta Blogs

After Testing and searching on the internet, at last I can install and run Virtual Server 2005 on my Windows at7 Ultimate x64. ^_^.

Here is step by step :

1. Enable to  turn off application compatibility on Group Policy and disabled Application Compatibility Diagnostic on Local Group Policy

a. Press and hold Windows icon+R, type mmc > OK

b. On the console1 Page, click File > Add/Remove Snap-in…

On Add or Remove Snap-in… Page, choose Group Policy Object, click Add >

On Select Group Policy Object Page, click Finish

On Local Computer Policy Page, Browse to Computer Configuration > Administrative Templates > Windows Component >

Application Compatibility, Enabled all Turn Off Application and Program as picture below.

On Local Computer Policy Page, Browse to Computer Configuration > Administrative Templates > System > Troubleshooting

and Diagnostic > Application Compatibility Diagnostics, disabled all components as pictures below

Restart your computer Or run GPUpdate/force at your command prompt, but lastime my gpupdate/force didn’t work well,

so i just restarted my PC.

2. Installing your Virtual Server 2005 R2 Sp1

a. Run Setup.exe(for your Virtual Server 2005 R2 SP1 x64),

    On Microsoft Virtual Server 2005 R2 SP1 Setup Page, click Install Microsoft Virtual Server R2 SP1

b. On License Agreement Page, choose I accept the terms in the license agreement, click Next >

On Customer Information Page,

Username : bobby.primasta(your name)

Organization : contoso(your company name)

and click Next >

On Setup Type Page, choose Complete and click Next >

On Configuring Components Page, click Next >

In Configuring Components Page, checked Enable Virtual Server exceptions in Windows Firewall,

click Next >

On Ready to Install Page, click Install

After Installation Complete, On Setup Complete Page, click Finish

3. Change Virtual Server Installation file and change it also in Registry With the same name

a. Go to Windows Explorer, browse C:\program files\Microsoft Virtual Server\

    Rename vssrvc.exe to vssrvc_win7.exe(you can named it as you like)

b. Press and Hold Windows icon+r, on Run Page, type regedit > OK

c. On Registry Editor Page, click Edit Find(Ctrl F) type vssrvc.exe, change it to vssrvc_win7.exe as

     pict below, and click Edit > Find Next(F3), change all the vssrvc.exe to vssrvc_win7.exe(about

     5-6 files)

After finish, you must restart your PC to take effect.

4. Run your Virtual Server, and configure the Administration Website to use VM Remote Control Client

a. On Windows Page, Click Start > Microsoft Virtual Server > Virtual Server Administration Websites

b. On Virtual Server Administration Websites Page, On bottom left pane, click Server Properties

Enable Virtual Server Port 5900

Done, now you guys can enjoy to play with Virtual Server 2005 inside your windows 7

Hope it helps ^_^

Good Afternoon all, I just want to re-write what ever I have delivered when we had a User Group meeting last months so

you guys can review it here. We were talking about what is Active Directory? what component that AD have ? DNS, Group

Policy and Etc, so I will review everything 1 by 1.

What is Active Directory ? it sounds familiar for server admin admin and everyone who knows about Microsoft Server, they

will also know about Active Directory ^_^. But here in Brunei, not everyone know about Active Directory and all the

most important component inside the AD itself, the first time I came here, some of them a little bit misunderstand about

OU(Organizational Unit) and Domain, when I said it an OU, they said it is a domain. because inside the AD structure (Active

Directory Users and  Computers is like this :

It looks like a domain structure if you only see the name inside your ADUC, but it is not, because it only an OU. before I

explain detail about OU and any other things just want to tell you about how far is the knowledge people in Brunei in

Active Directory, I hope after this blogs about AD a lot of people in here will really understand about basic function of AD

and its component.

OK let us start ^_^

What is Active Directory ? If I say, Active Directory is an Authentication Server.. what do you guys think ? correct or not ? ^_^

Yes, it is, basically AD is an Authentication Server, that you guys always use to authenticate every users and computers in

inside your organization to login to your network. That is the basic function of AD, this time I will you about component AD

Structures. What do you guys need to know about AD, before you get really deep into it.

Ok, AD basically is divided by two structures, Logical Structures and Physical Structures. (all AD component are inside this two

structures)

1. Logical Structures is

   a. Forest, whole your entire Active Directory within an organization, you call it forest, as you can see in the pictures

       forest consist of domain, child domain, sites and etc.

   b. Domain, one area of your active directory network, within that area you can shares resources( File Server, Print

       Server, email server and etc)

          - Parent Domain, First installation of your AD, you call it first forest and first domain(1 Server as an AD). For the

            example as you can see from the picture contoso.com as a parent domain from Jakarta.contoso.com. 

          - Child Domain, You can create the child domain after you have deployed your first domain, and the the child

             name will followed parent domain, consideration to have a child domain is usually for branch office want to

             all their network resource on their own or they(branch office) want to have separate database from Head

             Quarter. For the example as you can see from the picture jakarta.contoso.com as a child domain from

             contoso.com.

          - Different Domain in same Forest, The same like child domain, installed after first domain deployed in a forest

             but have different name from the parent(totally different name). For the example as you can see from the

             picture Woodgrovebank.com is a different domain from contoso.com but it is still within the same forest.

   c. Domain Tree, domain that are grouped in hierarchical structures, and how they link together.  

   d. Organizational Units(OU) is an container, for each object you have inside your Active Directory, you can put

        user, computer, group, and also you can put another OU inside your current OU.

   e. Objects(Groups, Computers, Users, Servers and etc), smallest part of your AD logical structure, that you have it

       under your network.

2. Physical Structures is the physical locations and hardware, where are you going to place your AD

     a. Sites, a Group of all your network resources inside your AD infrastructures, and also where you can place your DC inside

         Within a site, each DC replicate frequently, but with a different site you can schedule when do you want your AD data

         base replicate to each others. And you can Also have a bridge(DC) to do replication with another site so there is no

         need for DC’s replicate the database to each others, like you can see in the picture above :

         Explanation : DC(bridge) in Bandar Replicate two ways with ADC(bridge) in Kuala Belait, and between ADC in kuala

         belait they replicate to each other but from ADC(KB) no need to replicate to ADC(Bandar), just replicate everything

         from Bandar DC(which is as a bridge) it will consume quite a lot of bandwidth for you WAN Link.

     b. Domain Controller (DC), a server with an Active Directory installed, you can called it as a DC, but to more specified

          DC are also divided into 3 :

         - DC (Domain Controller), A Server with Active Directory Installed, and holding Operations Master, writeable AD.

         - ADC (Additional Domain Controller), A Server with AD Installed, and without holding Operations Master, Writeable AD.

         - RODC (Read Only Domain Controller), A Server with AD installed, without Operations Master and Read Only AD.

.   Note : the one that is not familiar with AD, must have a question for me, bob, what is Operations Master ? hehehe. okay

                I will not tell you the details in this blogs, but I will tell you the details from my another blogs, Operations master is

                the main function of Active Directory, without this your AD will not work properly, Operations Master are divided

                into 5 master roles, Schema Master, Domain naming Master, RID(Relative Identifier) Master, PDC(Primary DC) Master,

                and Infrastructure Master. Each of them have specific task.

Okay, that is it for the first one, let’s  I will continue again for another one. Operations Master and Group Policy. the most

important component on you Active Directory Environment.

This is the last part for the public folder automatically assign, first we will try to log off and login again to check

if the script works or not, and we will create file Screening(we use it for limiting file that can be put or cannot be

put inside the folder) for each folder.

On Windows Page, click Start > Log Off

On Windows Login Page, type password : P@ssw0rd

After login, we are going to check if the folder has already been applied,

On Windows Page, click Start > Computer

On Computer Page, verify that 2 drives have been assigned for the administrator users.

Now, we are going to create file Screening for the folder, In real scenario and office environment, you will

not allow to save audio and video files(it will only be used for private), execute able files(it might content

any virus and malware), system files(only administrator can have this one, not for personal), Image Files

(Only use for private, cannot be used for public, it depend on the company)

On Windows Page, click Start > Administrative Tools > File Server Resource Manager

On File Server Resource Manager Page, Expand File Screening Management > File Screens, on the right pane click

Create File Screening

On Create File Screen Page, under File screen path, type C:\New\Public or you can use browse if you are not

sure with the folder path. And under Define custom file screen properties, click Custom Properties…

On File Screen Properties on C:\New\Public Page, under Copy properties from template (optional) choose Block

Audio and Video Files( you can use another template for reference only, this one is customize ). Under Screening

type choose Active Screening : Do not allow users to save unauthorized files, under File groups, Select file groups

to block, checked Audio and Video Files, Executable Files, Image Files, System Files

On Create File Screen Page, Verify everything click Create

On Save Custom Properties as a Template Page, Choose Save the custom properties as a template, under

Template name: type Restricted for Public, click OK > Create

That’s all for the configuration, easy right ? but you need to try it ^_^ .

Hope that can help you guys.

Thank you.

Dear all, here is the report also for the last month User Group Meeting for Active Directory Knowledge, November 22, 2009

We are talking about how the way the active directory works and testing it using Virtual PC 2007, Windows Server 2008,

Installation of DC, ADC, RODC, and DNS, deploying Group policy and File Server in real scenario, what do you usually have

inside a project, what do you need to know, how do you troubleshoot everything, talking about 7 OSI Layer, so each

person have their own responsibility to do their jobs(Network – System – Applications).

Picture 1 : Explanation about AD, DNS and anything new in AD 2008

Picture 2 : Demo the labs installation and configuration( Each labs have their own explanation)

 

Picture 3 : Examples Scenario for implementing your Active Directory Infrastructure

 

Picture 4 : Virtual PC using DC, ADC and RODC

Picture 5 : Break Session, after the Group Meeting

Thank you so much again guys for your participation ^_^

Dear all, here is our report for last month session virtualization Knowledge with hYper-V and SCVMM, we discussed

about what is VIrtualization, how it works, how Hyper-v do the virtualization, what is SCVMM and what is it inside

SCVMM. It’s was quite interesting forum, and everyone can involve to do try the hyper and also the SCVMM.

Summarize : Microsoft basically have 2 products for virtualization(the latest products) 1 is Hyper-V and the other one

is SCVMM (System Center VIrtual Machine Manager), before they have Virtual Server  2005. what is the different

between both of them ? Hyper-V is the Virtual Machine, and SCVMM is the manager can manage all the Virtual Machine

and have the capability to do P2V, V2V, and other things. I will discuss the detail in separate blogs ^_^. keep waiting guys

Picture 1 : Preparing all the labs, Hyper-V and SCVMM

Picture 2 : Try to do Migration P2V with SCVMM 2008 R2

Picture 3 : Explanation about how the way the Virtualization works(Hyper-V)

Picture 4 : Explanation Continue

Picture 5 : Testing Hyper-V

Picture 6 : Interactive Discussion about Hyper V Failover

Picture 7 : Another Discussion

Picture 8 : Afternoon break

Picture 9 : Took foto after session finish with Microsoft Brunei(Kholil), some of parties left already

Thank you so much for all your participation guys ^_^. See you in the Next Session ^_^

Now we come to next part which is we are going to make quota inside the file server and create script

(create network drives in command line)to be deployed in GPO. For Public Folder we are going to make

200Mb and for Private folder we are going to make 100Mb, if we have a lot of user we need to think about

our SAN(Storage Area Network) Capacity for each server, file server also it is better to be implemented

in member server in the Domain(not in Domain Controller / other Application Server, like exchange,

sharepoint) or put it together with the server + application smaller load, like DHCP Server, DNS Server.

First we need to open File Server Resource Manager

On Windows Page, click Start > Administrative Tools > File Server Resource Manager

On File Server Resource Manager Page, expand Quota Management > Quotas, click Create Quota…

On Create Quota Page, click on Browse, on Browse for Folder Page, expand to New > Public, click OK

On Create Quota  Page, Under Derive Properties fro this quota template (recommended), choose 200 MB

Limit Reports to Users, click Create

e

We are creating Quota for private folder (100Mb)

• On Quotas > Create Quotas > Browse to New > Private, click OK

• On Create Quota Page, Under Derive properties from this quota template (recommended), choose

100 MB Limit

3. Create a script

Now we are going to create a script for both of the folder, to be deployed automatically when users login

to the domain

• On Windows Page, click Start > Run

• On Run Page, type Notepad > OK

• On notepad Page, type the command as below,

( for net use we can try to use it also in command line, basically this command running under

Windows command prompt, %username%, we need it automatically assign a folder for

administrator, we also need to type username and administrator password to be allowed to

access the file in the public folder.)

• On Notepad Page, click File > Save As, On Save As Page, browse to desktop, type

File name  :  mapfolder.bat

Save as type  :  All Files

and click Save

4. Publish it to Domain Policy using Group Policy

• On Windows Page, click Start > Administrative Tools > Group Policy Management

• On Group Policy Management Page, expand to Forest:WOODGROVEBANK.COM > Domains >

WOODGROVEBANK.COM, right click Default Domain Policy > Edit

( We are now going to modified the group policy for all user, and remember if you want to

make this public folder apply for certain Group/Department, but others department cannot

see it then you must create New Group policy in GPM and create OU in AD also for the

Department. Examples :

a. Finance = Create OU Finance, Create New GP Finance and modified like we are creating it

now, Create Finance Folder inside Public  and create new Script to be map to the folder.

b. Accounting = Create OU Accounting, Create New GP Accounting and modified like we are

creating it now, Create Accounting Folder and create new Script to be map to the folder.

So when users from accounting or finance login to the domain, they will only be able to see

their own Public Accounting/Finance folder)

• On Group Policy Management Editor Page, expand User Configuration > Windows Settings >

Scripts (Logon/Logoff), in the middle pane, right click Logon > Properties

( so the script file will be running just after the user login to the domain)

ane

• On Logon Properties Page, click Add, On Add a Script Page, click Browse…

• On Browse Page, as you can see that the folder is now still empty so we need to copy the script

manually to the Logon page group policy.

• On Windows Page, click Start > Computer and Browse to C:\Windows\SYSTVOL\sysvol\

WOODGROVEBANK.COM\Policies\{31B….}\USER\Scripts\Logon, copy your script

( You cannot go to the folder SysVol right away before you at least login 1 time to the domain

or you open the browse inside, because the folder inside the policy will only be MACHINE and
USER, it will not automatically created unless you try to browse it from the GP or 1 of your

user login and do the GP Update. )

• Paste it to this folder.

Note : as you can see under policies, when the first time you do your installation for active

Directory, there are 2 Code, first code {6AC17…} it is for Default Domain Controller Policy

and the second Code {31B2F3………} it is for Default Domain Policy

• You go back to the Group Policy again and now you can see that the file already available on

your folder, click mapfolder > Open

On Logon Properties Page, click OK

• for this testing, I am going to make 1 folder for administrator private Folder.

Browse to Local Disk (C:) > New >  Private, right click New > Folder, type Administrator

So every time user administrator login he will to see 2 map drive, the first one will his private

folder and the second one will be his public folder

OK then, now we have finished Part II, our last part only testing and finalization ^_^. hope you guys

can try it and successfully to do it also. any enquiry just ask me then ^_^

Hope it help

Afternoon all!! Today, I want share about how to make a share folder drive inside every user which login to

domain, every time they login to domain, using every computer inside the domain. If we can do it automatically

then why do we need to do it manually, how bout for 1000 - 20000 users ? ^_^, quite tedious right ? hehehe.

All the users will have 2 Drive as picture below (Automatically).

Public means everyone (or same department) can use it together.

Private mean only that user can see the folder ^_^.

First thing first : how are we going to do this ? ^_^, here is all the step by step to do it :

1. File Services Installations(File Server Resource Manager (FSRM) for making quota for each folder shared )

    it is available for Windows Server 2003 R2 and Windows Server 2008. this configuration, I have done it

    on Windows Server 2008 and you can also do it in Windows Server 2003 R2.

2. Create public and private folder and shared both of the folders

3. Create a script, copy it to domain policy (group policy) or also You can create a specified GPO to certain OU

    if you want to make the public folder only apply for certain Department

4. Publish it to Domain Policy.

Sound’s so easy right ? heheheh then let’s Do IT ^_^… …

1. File Services Installation

• On Windows Page, click Start > Server Manager

• On Server Manager Page, click Roles, scroll down and click Add Role Services

          ( Because when the first time installation for AD 2008, it automatically install the file server so

           We need scroll down, to add another services for file server, if it is not automatically installed

           File Server Role then we can choose Add Roles in the Server Manager role )

• On Select Role Services Page, checked on File Server Resource Manager, click Next >

          ( Distributed File System/DFS we can use it for replication file  and also File Replication Service

           so we need at least to file server and both of them have the same configuration, we can maintain

           their replication, Currently I am writing bout Deploying Public folder automatically, i will talk about

           DFS and file Replication Service in separate Blogs). keep waiting guys, and dun forget to  read and

           try it. heheheh ^_^

• On Configure Storage Usage Monitoring Page, checked on Local Disk (C:), click Next >

          ( You can put this on separate folder, it is not recommeded that you are using C Drive, it is

          better if you use SAN Storage and you put all the reporting there, this print screen for testing

          purpose only )

• On Set Report Options Page, Leave it Default click Next >

• On Confirm Installation Selections Page, click Install (verify your installations)

• On Installation Results Page, click Close

2. Creating Public and Private Folder

• On Windows Page, click Start > Computer

• On Local Disk (C:) Page, right click on blank pane > New > Folder, and type New

Note : Don’t put the shared folder under C Drive, and create file Screening for the folder, after that

you will get a problem when you want to put script inside your Group Policy and you can’t even create

a single GPO after that. I encountered this problem few time, after this blogs, I am going to shared

the Error and how to prevent and solve it also.

• Here is the result for private and public folder which is inside new Folder

• On New Folder Page, right click Public > Share…

• On File Sharing Page, click Share

• On Your folder is shared Page, click Done (do the same thing with Private folder)

• On New folder Page, right click Public folder > Properties

• On Public Properties Page, click Sharing tab > Advanced Sharing…

• On Advanced Sharing Page, click Add, on New Share Page, type Public$, click OK

• On Advanced Sharing and Public Properties click OK to close the Window

This is all for part 1, thank you so much for reading my blogs, hope you guys enjoy this technical things ^_^

Nice to share, Hope can help each others ^_^