Thanks Dell for doing this on the Precision T3400:
Screw you Dell for NOT doing this on pretty much any other desktop:
It can’t be that costly to just use quality power supplies across all platforms, and it would definitely speed up my work.
There are a few values within Active Directory that we like to keep up to date. The include things such as Telephone number, Title, Manager and department. By having accurate information, our Exchange Global Address List can be used as an effective company directory and search tool.
However, placing the burden of keeping these things up to date on myself as System Administrator isn’t acceptable, especially when the information is already in the hands of someone else.
Luckily I found a way to use an MMC control to delegate changes to certain personnel.
Note: This is only tested on Windows XP
To begin, create a user group called “ADedits” or something appropriate. Assign this group to the top level User OU in your structure, with special permissions for the following attributes:
Read Name Read Display Name Read First Name Read Initials Write telephoneassistant Read/write adminDescription Read/write adminDisplayname Read/write assistant Read/write fax numbers(other) Read/write mobile number (other) Read/write businessCategory Read/write street Read/write Notes Read/write TelephoneNumber Read/Write department Read/Write Description Read/Write Title Read/Write Comment Read/Write Fax Number Read/Write Home Address Read/Write Street Address Read/Write Company Read/Write Home Phone Read/Write Home Phone (others) Read/Write Mobile Number Read/Write Pager Number (others) Read/Write Phone Number (others) Read/Write Pager Number Read/Write roomNumber Read/Write Post office Box Read/Write PostalAddress Read/Write Zip/PostalCode Read/Write Manager
On the computers where the changes will be made, install the adminpak.msi package from here:
Then create an MMC file, with the Active Directory Users and Computers snap-in. Once thats loaded, right click on the container OU for your user accounts, and select “New Window from Here”. In the window list in the MMC control, close the original window, and then save the MMC for redistribution.
Now you have a control that targets only the Users OU, secured for specified people.
I had been receiving this DFSR error in the event logs for some time, and couldn’t find any real resolution on it. The exact text of the error is:
Error: 1726 (The remote procedure call failed.)
Connection ID: 3880BBEC-6FC1-45B9-8750-196A7C32C9D8
Replication Group ID: B8242CE2-F5EB-47DA-BA5B-1DD2F7EE3AB9
This would cause a break in replication which wasn’t desirable during production hours. The strange thing was, it occurred every 5 minutes like clockwork, for all our servers separated by VPN.
I eventually discovered it was a problem with our Sonicwall devices providing the VPN connection. There was a 5 minute timeout value for TCP connections, which was being enforced on the DFSR connections for some reason.
While not an ideal solution, we have worked around this error by setting the value to a sufficiently high number.
UPDATE Sept 2011: I realized that the majority of this post was describing the problem and not the solution, so I’ve updated with clear instructions on what I’ve done to resolve this.
To start I only created these rules on my hub firewall at our head office. Doing them on each branch office wasn’t necessary.
I created address objects for each of my DFS servers, and placed them into two groups – one for local (from the firewall’s perspective) and one for servers across a VPN link.
Then using the firewall rules matrix, I create two rules, one in each of the indicated sections:
On the properties for each rule, on the Advanced tab, increase the TCP connection timeout to some large value:
This was necessary for my Sonicwall Pro 4060 running SonicOS Enhanced 220.127.116.11-51e. In a couple of days we are replacing this with an NSA 2400 on SonicOS 5.8.x, so I’ll disable these rules to see if the issue still occurs on new hardware.
If you don’t use a print server in your Windows environment (for which there are many valid reasons) then printer management can be a major frustration. We don’t use a print server, but rather create static printers with local TCP/IP ports.
Installing these one by one, or updating drivers had become a drain on time, so I set about finding out how to silently deploy them to our client PC’s.
You’ll need a few support files to get this deployment working. The first are 3 vbs scripts:
You can find these in C:\Windows\System32 on a Windows XP machine.
You’ll also need PSEXEC from here: http://technet.microsoft.com/en-us/sysinternals/bb897553
Place the VBS scripts on a network share, perhaps where you’ll be storing the deployment batch files.
Below is the contents of a single printer install batch file. You can also combine multiple printer commands into one file, so that all printers in one office would be deployed at once.
This batch file should be run from somewhere other than the client PC you’re deploying to. Make sure you have PSexec somewhere in the path on that machine.
::This Script installs the following: ## denotes commented out by default :: Printer Name :: If you do not wish a certain printer to be installed, make a copy of this file, comment out the specific printer, and run the file :: Define computer to push to, and the password to use for psexec authentication set computername=TestPC set password=pa55w0rd :: Printer1 :: :: Deletes previously installed printer of the specified name cscript "\\server\Deploy\prnmngr.vbs" -d -s %computername% -p "Old Printer" :: Deletes static port of previous printer, in case of mis-configuration cscript "\\server\Deploy\prnport.vbs" -d -s %computername% -r IP_192.168.0.42 :: Creates TCP/IP port with specified IP address cscript "\\server\Deploy\prnport.vbs" -a -s %computername% -r IP_192.168.0.28 -h 192.168.0.28 -o raw -n 9100 :: Copies driver for printer from server to local directory psexec \\%computername% -u domain\adminaccount -p %password% xcopy /E "\\server\Printer\HP 4500ps W2K-WXP\*.*" "c:\printdrv\" ::Install printer driver to computer from specified location. cscript "\\server\Deploy\prndrvr.vbs" -a -s %computername% -m "HP Designjet 4500ps HP-GL/2" -v 3 -e "Windows NT x86" -h "c:\printdrv" -i "c:\printdrv\dsgj4500.inf" :: Removes local directory containing print driver psexec \\%computername% -u domain\adminaccount -p %password% cmd.exe "/C rmdir /S /Q "c:\printdrv\"" :: Install the printer, using the print driver specified prior. cscript "\\server\Deploy\prnmngr.vbs" -a -s %computername% -p "Plotter3" -m "HP Designjet 4500ps HP-GL/2" -r IP_192.168.0.28 -u domain\adminaccount -w %password% :: Sets the Printer Properties according to a template created prior psexec \\%computername% -u domain\adminaccount -p %password% regedit.exe /s \\server\Deploy\Preferences\SurveyPrinter-WinXP.reg pause
If you’re deploying to Windows 7 x64, make sure you’re using x64 drivers, and then in the driver install section, change this: -e “Windows NT x86” to this: -e “Windows x64”
As shown in the last command, you can set printer properties (such as including a duplexer, stapler, additional paper trays) by installing the printer on a test machine, configuring the options you want, and then exporting this registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\Printer Name\PrinterDriverData]
You can also modify Printer Preferences using the same method. The registry key to export there is:
If you’re doing this, you’ll want to remove the extra printers from that key, and it must be run by the user who needs the preferences. Because of that I haven’t found a way to deploy the Printer Preferences directly to a user. Instead I just distribute the .reg file for them to run.
Recent versions of the HP printer drivers have been having problems installing using the VBS script. Because of this, a different command is used to install them:
psexec \\%computername% -u domain\adminaccount -p %password% rundll32.exe printui.dll PrintUIEntry /ia /f c:\printdrv\hpcu109u.inf /m "HP Universal Printing PCL 6"
I didn’t use GPO for this deployment, due to the amount of add-in’s required, and the amount of time it would take to install at start up.
Instead, I used a combination of scheduled tasks and msi files. This will work for any version of AutoCAD as far as I’m aware. I’ve used it for vanilla AutoCAD, Map 3D and Civil 3D.
I gladly welcome any suggestions on making this better. If you have one, drop me a comment.
To begin, you need to create deployments on a network share of your product. Ensure that you include the service pack in the configuration.
You’ll also need to extract the supporting programs, Raster Design Object Enabler, and Visual Basic enabler.
To get an .msi out of these programs:
Copy both the Raster Design msi and the whole folder for the VBA enabler to your network share.
Using a scheduled task, you can get your users to log off their computers at the end of the day, and have the deployment run overnight.
There are separate scheduled tasks for Windows 7 x64 and Windows XP, due to the command differences.
schtasks.exe /create /tn map2011install /tr "\\server\apps\Private\Map3D\Map2011-x86-Standalone\mapdeploy.cmd" /sc once /ST 14:25:00 /s computername /ru "domain\administrator" /rp "password" /V1 /F
schtasks.exe /create /tn map2011install /tr "'\\server\apps\Private\Map3D\Map2011-x64-Standalone\mapdeploy.cmd'" /sc once /ST 10:01:00 /s computername /ru "domain\administrator" /rp "password" /F /RL Highest
These commands will create a named task that runs once at the time specified. It will run your batch file from the network share with the supplied credentials.
Put a bunch of these in a batch file, replacing the computer names from your pre-defined list, and then run it.
These are the commands that run when the scheduled task is executed:
::Run the Map2011 deployment, using the .ini file that was created during your deployment creation start /wait "Installing Map 3D 2011" \\server\apps\Private\Map3D\Map2011-x86-Standalone\AdminImage\Setup.exe /qb /norestart \\server\apps\private\Map3D\Map2011-x86-Standalone\AdminImage\Map2011-x86-Standalone.ini /language en-us :: Wait for 33 minutes before proceeding. This is necessary because the /wait of the previous command only affects the "setup" phase of the deployment. \\server\apps\Private\Map3D\Map2011-x86-Standalone\timeout.exe 2500 :: Push the Raster Design Object enabler to the client start /wait \\server.ca\apps\Private\Map3D\Map2011-x86-Standalone\Raster_Design_2011_OE_32.msi /qn /norestart :: Push the VBA object enabler to the client start /wait \\server.ca\apps\Private\Map3D\Map2011-x86-Standalone\AutoCAD_2011_VBA_Enabler_Install_Image\AcVbaInstaller.msi /qn /norestart :: Copy this support folder, as it causes an issue with other programs; see note below. xcopy "C:\Documents and Settings\All Users\Application Data\Autodesk\Geospatial Coordinate Systems" "C:\Documents and Settings\All Users\Application Data\Autodesk\Geospatial Coordinate Systems Temp" /E /C /I /Q /Y
You can find timeout.exe from any of the Windows Resource Kits, or built into Windows 7.
Regarding the xcopy command, see this bug. This affects Map3D 2010 and 2011.
You may wish to control the interface and settings of your AutoCAD deployment, or provide a standardized layout for all your users. Its possible to work some of this directly into the deployment, but I find its easier to separate it out. You can do this using Enterprise CUIX files, and customized profiles.
Here’s what you do:
Now on the desktop, make a copy of the AutoCAD Map 3D 2011 shortcut, and make the target look like this:
"C:\Program Files\Autodesk\AutoCAD Map 3D 2011\acad.exe" /p "\\Server\Deployment\template-Standard-acad2011.arg"
Put that shortcut in your network share deployment folder too.
Now you can instruct your users to use that shortcut which will automatically load your standardized profile. The changes you made to the CUIX will be read only (by nature of the Enterpise CUIX) however the users can make their own customizations because of the CUSTOM.cuix.
If you have Wake-On-LAN enabled on your computers, you can add this to your scheduled task batch file to turn on your computers in the middle of the night:
mc-wol mac_address timeout 120