blog.saalmink.nl

After installing the vmware tools on a Windows 2008 (R2) server, the mouse (still) performs very slow.

The solution is to update the video card driver.
Even after vmware tools installation, the vga card is listed as “Standard VGA Graphics Adapter”
Normally all drivers can be found at:

C:\Program Files\VMWare\VMWare Tools\Drivers\

However, the vga driver is located at:

C:\Program Files\Common Files\VMWare\Drivers\

Take the “wddm_video” folder.

A reboot is required. After that, you’ll be surprised :)
Increasing the virtual video RAM is supposed to increase performance even more.

After cacls, xcacls.vbs, now we have icacls to set file and folder permissions.

Here are some practical examples.

Create a bunch of directories

md d:\apps
md d:\profiles
md d:\users

Share the directories. Note the offline caching; users are allowed to enable offline caching for their homedirs, other directories are disabled for offline caching.

net share apps=d:\apps /grant:everyone,FULL /CACHE:None
net share profiles=d:\profiles /grant:everyone,FULL /CACHE:None
net share users=d:\users /grant:everyone,FULL /CACHE:Manual

Now let’s script the ntfs permissions for the apps share:
- “(OI)(CI):F” means Full Control “This Folder, Subfolders and files”
- “(OI)(CI):M” means Modify “This Folder, Subfolders and files”
- “/inheritance:r” means remove all inherited ACL’s from parent

icacls "d:\apps" /grant "domain admins":(OI)(CI)F /inheritance:r
icacls "d:\apps" /grant "everyone":(OI)(CI)M /inheritance:r

On the profiles share, only the “domain admins” should be allowed to enter all “Folders, Subfolders and files” (hence the (OI)(CI):F) , everyone else should be able to to ready “this folder only”.
So without an combination of (CI) and/or (OI) it means “this folder only”

icacls "d:\profiles" /grant "domain admins":(OI)(CI)F /inheritance:r
icacls "d:\profiles" /grant "everyone":R /inheritance:r

Upon creating a new user, the Domain Admin should manually create a profile folder for the user and add the user with appropriate rights.

The same goes for the users share containing the homedirectories of all users

icacls "d:\users" /grant "domain admins":(OI)(CI)F /inheritance:r
icacls "d:\users" /grant "everyone":R /inheritance:r

Now use your own imagination :)

This “system reserved partition” is used for two things:

• When booting from an encrypted volume (bitlocker), some bootfiles simply can’t be crypted. They reside on this partition
• Windows Recovery Environment (WinRE)

If you do not need bitlocker and you want to keep things simple (e.g. for imageing purposes), you might want to remove this partition when installing Windows. In this example i assume there’s only one drive and it’s empty.

• Start Windows setup as usual
• At the screen where you select your language, keyboard and locale, press Shift+F10. You now enter a dos prompt.
• diskpart
• list disk
• select disk 0
• create partition primary
• select partition 1
• format fs=ntfs quick
• exit
• exit
• now resume setup as normal, but select the primary partition at the partitioning screen

Doing a full backup of an Exchange 2003 database was easy.
Start, run, ntbackup, backup, custom, select the exchange object, select a destination file, create a schedule and there you go: your daily scheduled database dump. This (and this is important as we’re dealing with a database) would also commit all data tot the database and purge the transaction logs.
This would then be backupped by any backup application.
More expensive backup solutions would do these kind of database tricks by default. But as i prefer to use non-intelligent, image-based backups (like V2i, Symantec Backup Exec System Recovery, or Drivesnapshot), this had to be done manually.

Doing the same with Exchange 2007 took me some time to find out. Here’s how.

You’ll need Service Pack 2 for Exchange 2007. This includes a plugin for Windows Backup (wbadmin.exe, the successor of ntbackup) so that it’s Exchange-aware.
Please note that Windows Backup can only create backup on a volume basis (complete drive letters or mountpoints only)! That’s why my Exchange 2007 servers have a dedicated drive for the Exchange Database + System files + Transaction Logs. This keeps the backups as small as possible, without extra data. Allthough it’s better to have the Transaction Logs on another drive aswell in case of serious recovery, but i’m going to test that later.
Backups are on a seperate partition too.

This gives the following scenario:
C: = Windows 2008 + Exchange 2007 installation
D: = dvdrom drive
E: = dedicated to: Exchange Database, System files and Transaction Logs
F: = dedicated to: Exchange backup/dump

To create the backup, the following command is used:

WBADMIN START BACKUP -backupTarget:F: -include:E: -vssfull -quiet

-vssfull is the option that purges the Transaction Logs
-quiet will not ask “are you sure?” but still shows some output (you might want to pipe this to a file as some sort of log)
This can be scheduled with Windows Task Scheduler (Server manager, Configuration, Task Scheduler, Task Scheduler Library).

Only one instance of the backup is kept on F:, but that’s no problem as all partitions are backed up by the regular backup.

Having problems with sending mail?
You might want to try to simulate a smtp session to see what goes wrong exactly.

Start a msdos prompt and type:

C:\WINDOWS>telnet smtp.xs4all.nl 25

Your smtp may be different offcourse.

Trying 194.109.6.51...
Connected to smtp.xs4all.nl.
Escape character is '^]'.
220 smtp-vbr11.xs4all.nl ESMTP Sendmail 8.13.8/8.13.8; Mon, 14 Sep 2009 15:03:50 +0200 (CEST)

Type “helo” followed by your domain

   helo bogusdomain.nl
250 smtp-vbr11.xs4all.nl Hello xxxxxxxxx [a.b.c.d], pleased to meet you

Type “mail from:” followed by your email address

   mail from:[email protected]
250 2.1.0 [email protected]... Sender ok

Type “rcpt to:” followed by your email address

   rcpt to:[email protected]
553 5.3.0 [email protected]... Relaying denied,Authenticate with your username and password first

Now we see what is wrong here. This server doesn’t allow me to relay.
Type “quit” to exit.

   quit
221 2.0.0 smtp-vbr11.xs4all.nl closing connection
Connection closed by foreign host.

If you didn’t get an error after “rcpt-to:”, continue with:

250 2.1.5 Ok
   data
354 End data with <CR><LF>.<CR><LF>
   hello hugo

   .
250 2.0.0 Ok: queued as 60D2A4A24A

  quit
221 2.0.0 Bye

Mail should arrive now.