I have just been setting up a new Windows Server 2008 R2 box up as a terminal server. As part of this I enabled the Desktop Experience feature, however this also enabled Windows Mail.
Windows mail seems to generate large amounts of ESENT messages in the log file as it tries to backup the mail database. It also create 5Mb of files for every user as they logon. As we don’t even use Windows Mail, just Outlook for staff I wanted to disable it.
There appears to be no easy way to remove it from the system, but you can prevent it from setting up the details for every user when the log on.
Download and runs the Microsoft Sysinternals program Autoruns as an Administrator and then under the Explorer tab untick “Microsoft Windows” under both the Active Setup\Installed Components and the WOW6432Node\Active Setup\Installed Components.
Now when a new user logs in it will no longer set up Windows Mail files or shortcuts.
Recently we had to change the login names for around 1200 students.
As part of this rename we needed to change their Novell eDirectory account and home directory. We also needed to ensure linked systems such as an LDAP authenticated Moodle site and an IDM linked Active Directory (AD) domain were properly updated.
To perform the user account and folder rename we used Mass User from HBWare. This is a great program we already used for creating and managing home directories and quotas. There was a small bug in the rename area, but it was quickly fixed when brought to Hans’ attention.
Note: Before beginning you need to have a list of the old usernames and the new usernames. A simple two column Excel or CSV file would be fine.
Novell
Create Mapping File: The mapping file is used by Mass User to know what to rename the existing username to.
Use NDS Report ( http://www.novell.com/coolsolutions/tools/13908.html ) to create a list of all the accounts. You only want the DN and CN fields. Save this as an Excel or CSV file.
NDS Report: Select Student OU
NDS Report: Choose only CN
Create a new MS Access file and import the account list
Import the text / excel file that lists the old and new account names.
You now need to create a query that maps the cn to the old account name, and then use this to generate a list of the full old dn and the new account name.
Access: Mapping Query
Access: Query Results
You can then export this as a text file.
Access: Export as text file
Access: Export Delimited
You will need to set the field separate as ‘=’ and set the test qualifier to none.
Access: = as Delimiter and no Text Qualifier
You should end up with each line having format:
OLDNAME.OU.C=NEWNAME
Once the mapping file is generated you can apply it either to individual OUs (e.g. year groups), or to the entire Users container. I would recommend applying to small containers initially to allow checking for errors. After verifying all renames were performed correctly you can then apply the rename to your entire users’ container.
Mass User: Rename
IDM 3.0 – Active Directory
Before doing the mass rename we did some simple tests of renaming eDirectory accounts to see how they replicated to Active Directory. We determined that the individual renames were successfully propagated through IDM to automatically change the pre-2000 and logon name fields to match the new eDirectory account.
When performing the mass rename of accounts, AD was checked after doing each OU to check propagation was successful. We experienced no problems with IDM and all accounts were successfully synchronised with Active Directory.
Moodle
For Moodle we wished for users to retain their own accounts including all their settings and course information. To do this the username stored in the Moodle Database (DB) would need to be changed to the new username.
Before making changes to Moodle I recommend putting the site in admin mode and temporarily disabling your LDAP authentication. I only put the site in Admin mode and then had problems during migration as some students had attempted to logon after I had renamed the eDirectory accounts, but before migrating Moodle accounts. This created new user accounts in Moodle that prevented the update queries running due to duplicate key name problems (ie the old account would not rename to new one if one has already been created with the new name)
First you need to import your list of old and new account names into the database. If you already have it in a separate DB on your Moodle server you can use that, otherwise it is best to just to create a new table in the Moodle DB.
I used this query to check the mapping fields. You will need to adjust the fields and collation types for your own setup.
I use the IDNumber field to store the full DN, if you use a different field you will need to adjust this.
Validation:
# Shows the current username, the new username and the new IDNumber field for validation check.
SELECT mdl.`username` , ern.`StudentId` , replace( `idnumber` , mdl.`username` , ern.`StudentId`
COLLATE latin1_swedish_ci )
FROM moodle.`mdl_user` mdl, sbhsdata.`oasisStudentIdMap` ern
WHERE mdl.`username`
COLLATE latin1_general_ci = ern.`OldStudentId`
Update:
# Replaces the IDNumber field with the new username.
UPDATE moodle.`mdl_user` mdl, sbhsdata.`oasisStudentIdMap` ern
SET `idnumber` = replace( `idnumber` , mdl.`username` , ern.`StudentId` COLLATE latin1_swedish_ci )
WHERE mdl.`username`
COLLATE latin1_general_ci = ern.`OldStudentId`
# Replaces the mdl_user field with the new username.
UPDATE `mdl_user` mdl, `rename` ren
SET mdl.`username` = ren.`newname`
WHERE mdl.`username`= ren.`oldname`
Note: As can be seen by the queries, during the migration I did two separate updates, one to update the IDNumber field and another to update the mdl_user field. When I had completed migration I realised I had only needed to update the mdl_user field as Moodle would automatically update the value in IDNumber at next log on.
Round Up
The migration to the new accounts went well with no problems from student passwords or accounts, although we had a few instances of students using the old username instead of the new one.
Since performing the change we have also implemented a Papercut system which would have required the additional step of renaming all of its accounts to ensure student balances were carried across.
Those who in the past have used the Novell Change Pass utility may have been missing it when moving to Active Directory.
A great tool is Wisesoft Password Control which allows you to just type in the username, it will display info about the account and give you the option to change the password, enable/disable the account and unlock the account.
It is ideal to make available to teachers for resetting the student passwords if you use the Delegate control option in AD Users and Computers for your student OU’s.
The other useful tool on the website is a pair of tools Bulk Password Control and Bulk Modify. These allow you to bulk reset the password for a large group of students, or modify the attributes for a large number of users. It can read these in from a CSV file, and match the CSV entires to either sAMaccountName or some other user attribute. You can also set the attribute based on their existing attributes.
After downloading it will ask you for a code that you can get with a free registration on their site.
Recently I needed to identify where all the space was going on our server. Usually I just use the Folder Size tab extension but it requires scanning every time you close the Properties dialogue.
After looking around online I found a great free utility that displays the info in an easy to explore graphical view. OverDisk scans the drive or folder (this took around 10 mins for a drive containing hundreds of home directories) and then you can save the data so it does not need to constantly rescan (unless you make changes to files).You can also have it only rescan a certain subfolder rather than the entire drive again.
It presents the information in a colour coded pie chart, allowing you to easily see which folders and files are using the most space.
You can click on the folder and the pie chart will change to reflect that folder or click the middle of graph to go up a level. Right clicking on a folder gives you an easy option to Open or Explore in Explorer.
Notepad++ is a freeware text editor that has a wide range of great features.
I use it for nearly all my text based programming (PHP, HTML, CSS, CMD, JS, etc), for editing configuration files and reading Linux text files (i.e. only LF no CR).
It has replaced my previous one, ConTEXT, as my primary editor.
It has a tabbed interface which makes it easy to work on multiple files
good syntax highlighting for a wide range of languages
good regular expression find and replace, as well as find in files in a directory
can change shortcut keys
does manually indenting but to my knowledge does not auto-indent.
It used to be even better, but most recent version does not include the HexEditor plugin from previous releases (although it does appear to still work if it is installed).
The Hex Editor is now available as a plugin for the Unicode version.
VideoLAN VLC is a great cross platform media player ideal for networks. CODECs for most formats are included with the player so it can be easily deployed without needing extra installers.
As it is self contained it is very easy to repackage as an MSI for deployment or it can run straight off the network without installation (although it is a bit slow to load this way).
VLC runs on Windows, Mac and Linux so it can provide a uniform interface across platforms.
The latest version, 0.8.6d fixes some security problems and improves playback on Mac.
EZ GPO is small utility that allows central power policy management through Group Policies. Saving energy, money and the environment.
Ideal for school computer labs and staff rooms, as well as business.
EZ GPO can be deployed by MSI across the network through either AD or Zenworks. You then add the supplied ADM to a group policy and set the idle times for switching monitor off, and putting computer into sleep, hibernate or standby modes.
One other option of EX GPO that makes it very attractive for laptops, is it can allow limited user accounts to change power settings on Windows 2K / XP. As most users will have experienced, Windows stores power settings in HKLM, so a standard user can not specify times for power saving. This can be very annoying if used during presentations, etc.
EZ GPO has an option that fixes this allowing the changing of the power policy.
Finally one other use for EZ GPO, against what was originally intended. If you have a PC that is locked down, but needs to be on continuously (such as a kiosk or display PC) you can use EZ GPO to prevent visible power saving options from starting. i.e No standby mode, or monitor savings. I would however recommend spinning down HDDs .
An LDAP browser for Active Directory. Makes it easy to see all attributes of objects and assists in configuring web applications that authenticate using LDAP.
Can also be combined with UBCD for DOS on the one disk.
It is based on Bart’s PE Builder boot disc, and supports the Bart plugins such as Novell Client and other utilities. UBCD also has the benefit of a better menu structure of all the applications, making it easier to find the program you want.
A great site with a large collection of tools, everything from Active Directory Management and Monitoring through to security, process monitoring and funny screen savers.
