2015 in review

The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 21,000 times in 2015. If it were a concert at Sydney Opera House, it would take about 8 sold-out performances for that many people to see it.

Click here to see the complete report.


Windows Server 2003 Active Directory Domain Rename Tools

Windows Server 2003 Resource Kit Tools


The following tools are provided:

  • Acctinfo.dll (documented in Readme.htm)
  • Adlb.exe: Active Directory Load Balancing Tool
  • Admx.msi: ADM File Parser
  • Atmarp.exe: Windows ATM ARP Server Information Tool
  • Atmlane.exe: Windows ATM LAN Emulation Client Information
  • Autoexnt.exe: AutoExNT Service
  • Cdburn.exe: ISO CD-ROM Burner Tool
  • Checkrepl.vbs: Check Replication
  • Chklnks.exe: Link Check Wizard
  • Chknic.exe: Network Interface Card Compliance Tool for Network Load Balancing
  • Cleanspl.exe: Spooler Cleaner
  • Clearmem.exe: Clear Memory
  • Clusdiag.msi: Cluster Diagnostics and Verification Tool
  • Clusfileport.dll: Cluster Print File Port
  • Clusterrecovery.exe: Server Cluster Recovery Utility
  • Cmdhere.inf: Command Here
  • Cmgetcer.dll: Connection Manager Certificate Deployment Tool
  • Compress.exe: Compress Files
  • Confdisk.exe: Disk Configuration Tool
  • Consume.exe: Memory Consumers Tool
  • Creatfil.exe: Create File
  • Csccmd.exe: Client-Side Caching Command-Line Options
  • Custreasonedit.exe: Custom Reason Editor (documented in Readme.htm)
  • Delprof.exe: User Profile Deletion Utility
  • Dh.exe: Display Heap
  • Diskraid.exe: RAID Configuration Tool
  • Diskuse.exe: User Disk Usage Tool
  • Dnsdiag.exe: SMTP DNS Diagnostic Tool (documented in Readme.htm)
  • Dumpfsmos.cmd: Dump FSMO Roles
  • Dvdburn.exe: ISO DVD Burner Tool
  • Empty.exe: Free Working Set Tool
  • Eventcombmt.exe: Check Replication
  • Fcopy.exe: File Copy Utility for Message Queuing
  • Frsflags.vbs
  • Getcm.exe: Connection Manager Profile Update
  • Gpmonitor.exe: Group Policy Monitor
  • Gpotool.exe: Group Policy Objects
  • Hlscan.exe: Hard Link Display Tool
  • Ifilttst.exe: IFilter Test Suite
  • Ifmember.exe: User Membership Tool
  • Inetesc.adm: Internet Explorer Enhanced Security Configuration
  • Iniman.exe: Initialization Files Manipulation Tool
  • Instcm.exe: Install Connection Manager Profile
  • Instsrv.exe: Service Installer
  • Intfiltr.exe: Interrupt Affinity Tool
  • Kerbtray.exe: Kerberos Tray
  • Kernrate.exe: Kernel Profiling Tool
  • Klist.exe: Kerberos List
  • Krt.exe: Certification Authority Key Recovery
  • Lbridge.cmd: L-Bridge
  • Linkd.exe
  • Linkspeed.exe: Link Speed
  • List.exe: List Text File Tool
  • Lockoutstatus.exe: Account Lockout Status (documented in Readme.htm)
  • Logtime.exe
  • Lsreport.exe: Terminal Services Licensing Reporter
  • Lsview.exe: Terminal Services License Server Viewer
  • Mcast.exe: Multicast Packet Tool
  • Memmonitor.exe: Memory Monitor
  • Memtriage.exe: Resource Leak Triage Tool
  • Mibcc.exe: SNMP MIB Compiler
  • Moveuser.exe: Move Users
  • Mscep.dll: Certificate Services Add-on for Simple Certificate Enrollment Protocol
  • Nlsinfo.exe: Locale Information Tool
  • Now.exe: STDOUT Current Date and Time
  • Ntimer.exe: Windows Program Timer
  • Ntrights.exe
  • Oh.exe: Open Handles
  • Oleview.exe: OLE/COM Object Viewer
  • Pathman.exe: Path Manager
  • Permcopy.exe: Share Permissions Copy
  • Perms.exe: User File Permissions Tool
  • Pfmon.exe: Page Fault Monitor
  • Pkiview.msc: PKI Health Tool
  • Pmon.exe: Process Resource Monitor
  • Printdriverinfo.exe: Drivers Source
  • Prnadmin.dll: Printer Administration Objects
  • Qgrep.exe
  • Qtcp.exe: QoS Time Stamp
  • Queryad.vbs: Query Active Directory
  • Rassrvmon.exe: RAS Server Monitor
  • Rcontrolad.exe: Active Directory Remote Control Add-On
  • Regini.exe: Registry Change by Script
  • Regview.exe (documented in Readme.htm)
  • Remapkey.exe: Remap Windows Keyboard Layout
  • Robocopy.exe: Robust File Copy Utility
  • Rpccfg.exe: RPC Configuration Tool
  • Rpcdump.exe
  • Rpcping.exe
  • RPing: RPC Connectivity Verification Tool
  • Rqc.exe: Remote Access Quarantine Client
  • Rqs.exe: Remote Access Quarantine Agent
  • Setprinter.exe: Spooler Configuration Tool
  • Showacls.exe
  • Showperf.exe: Performance Data Block Dump Utility
  • Showpriv.exe: Show Privilege
  • Sleep.exe: Batch File Wait
  • Sonar.exe: FRS Status Viewer
  • Splinfo.exe: Print Spooler Information
  • Srvany.exe: Applications as Services Utility
  • Srvcheck.exe: Server Share Check
  • Srvinfo.exe: Remote Server Information
  • Srvmgr.exe: Server Manager
  • Ssdformat.exe: System State Data Formatter
  • Subinacl.exe
  • Tail.exe
  • Tcmon.exe: Traffic Control Monitor
  • Timeit.exe (documented in Readme.htm)
  • Timezone.exe: Daylight Saving Time Update Utility
  • Tsctst.exe: Terminal Server Client License Dump Tool
  • Tsscalling.exe: Terminal Services Scalability Planning Tools
  • Uddicatschemeeditor.exe: UDDI Services Categorization Scheme Editor
  • Uddiconfig.exe: UDDI Services Command-line Configuration Utility
  • Uddidataexport.exe: UDDI Data Export Wizard
  • Usrmgr.exe: User Manager for Domains
  • Vadump.exe: Virtual Address Dump
  • Vfi.exe: Visual File Information
  • Volperf.exe: Shadow Copy Performance Counters
  • Volrest.exe: Shadow Copies for Shared Folders Restore Tool
  • Vrfydsk.exe: Verify Disk
  • Winexit.scr: Windows Exit Screen Saver
  • Winhttpcertcfg.exe: WinHTTP Certificate Configuration Tool
  • Winhttptracecfg.exe: WinHTTP Tracing Facility Configuration Tool
  • Winpolicies.exe: Policy Spy
  • Wins.dll: WINS Replication Network Monitor Parser
  • Wlbs_hb.dll & Wlbs_rc.dll: Windows Load Balancing Server Network Monitor Parsers

Deploying Legal Notice Logon Banner in Domain Computers

As of Audit Purpose or Standard Organization Policy, we need to deploy legal notice logon banner message/warning of usage logon message in domain computers.

To do it automatically, we can use logon script/group policy.

Since group policy is easy to mange, I’d like to show you how to do it.

Open group policy management console, go to group policy objects, right click on it and select new to create new GPO as below. (You can create and link directly on the OU that you wish to deploy GPO but I create it separately to show clearly.)


Right click on newly created GPO and select edit to make changes.

Go go Computer Configuration>Windows Settings>Security Settings>Security Options> and find Interactive logon: Message tesxt for users … . Enable and define the message that you wish to show as logon message.


Find Interactive logon: Message title for users attempting… and Define the message title for your logon message.

After that, link newly created GPO with the OU that you wish to display logon banner.


If you want your GPO immediately, just force update Group Policy via command line or else just wait to refresh the policy automatically by default timer.
Below is the sample logon banner message.
I used the Windows Server 2008 R2 Standard for this demonstration.

Have a good time.
(Be knowledgeable,pass it on then)

How to Show a Custom Text Message Before Logon through Group Policy Preferences

This function tested with Domain Controller 2008 and Windows 7 Client.

To create do the following:

1- Open Group Policy Management console.

2- Right click on Default Domain Policy and click Edit. (That is just test, if you use practice, please create new GPO)

3- Go to Computer Configuration\Preferences\Windows Settings\Registry.

4- Now create 2 new Registry Item. Right click on Registry, click New and click Registry Item.

5- For message header, use:

Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value name: legalnoticecaption
Value type: REG_SZ
Value data: Your Message Header (For example: Welcome to Contoso Network)

Click OK.

6- For your message Text, use:

Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value name: legalnoticetext
Value type: REG_SZ
Value data: Your Message Text (For example: This is Test Message)

Click OK.

7- Close GPO Edit and GPMC.

8- Open CMD and run GPUPDATE /FORCE command.

9- Restart your Windows 7 Client.

10- Press Ctrl + Alt + Delete to logon.

11- Now, User can see your Message, before logon:

Here is Message on Windows XP client.

Again, that is just a simple test and meant to be fun.

How to troubleshoot journal wrap errors on Sysvol and DFS replica sets

The USN journal is a log of fixed size that records all changes that occur on NTFS 5.0-formatted partitions. NTFRS monitors the NTFS USN journal file for closed files in FRS replicated directories as long as FRS is running.

Journal wrap errors occur if a sufficient number of changes that occur while FRS is turned off in such a way that the last USN change that FRS recorded during shutdown no longer exists in the USN journal during startup. The risk is that changes to files and folders for FRS replicated trees may have occurred while the service was turned off, and no record of the change exists in the USN journal. To guard against data inconsistency, FRS asserts into a journal wrap state.

To perform maintenance on FRS replica set members, administrators may stop the FRS service for long periods of time. In this case, administrators may not realize the potential impact. Also, error conditions may cause the FRS service to shut down, and this causes a journal wrap error. In very large replica sets, replica members may encounter the following error during an authoritative restore (BURFLAGS=D4):

To recover, the affected replica member must be reinitialized with a nonauthoritative restore (BURFLAGS=D2) where it will synchronize files from an existing inbound partner. This re-initialization can be time-consuming for large replica sets.

The non-authoritative restore process must be invoked manually. To do this, you must set BURFLAGS=D2 in the Windows NT registry.

By default, versions of the Ntfrs.exe file from Windows 2000 Service Pack 3 (SP3) and from Windows 2000 SP3 hotfix do not perform an automatic non-authoritative restore, when journal wrap errors are detected. SP3 versions of NTFRS may be configured to function like SP2 when the “Enable journal wrap automatic restore” registry entry is set to 1 in the following registry subkey:


Important MS do not recommend that you use this registry setting, and this setting should not be used versions of Windows after the Service Pack 3 version of Windows 2000. The recommended method for performing a non-authoritative restore on FRS members of DFS or SYSVOL replica sets is to use the FRS BurFlags registry value.




What happens in a Journal Wrap?

FRS has an internal database that contains all the files and folders it is replicating and each of these has a unique global ID (GUID).  The database also contains a pointer to the last NTFS disk operation (in the USN Journal/NTFS Journal) that the FRS service processed.

If a user changes a file or folder on a disk, the following happens:

The operation is picked up by NTFS and an entry is made in the NTFS Journal

FRS monitors the NTFS Journal for changes and notes that a change has been made to that file

FRS keeps a record of the last NTFS Journal event that it processed and checks if it has processed it already

If it hasn’t processed it already, it looks at whether it is a file that it should replicate

If it should be replicated, the file goes into the normal process of staging, replicating, etc.

FRS increments the entry in its database about the NTFS Journal event that it has processed so it won’t consider it again

If there is a situation that the replication files has got few changes and the DC’s doesn’t communicate with each other because replications partners was shut down for a long time, FRS was not running or because of a communication failure in the network. When the communication is reestablished, FRS still knows the last NTFS Journal entry that it processed and it will compare this with the current NTFS Journal the next time it restarts.


The next time the FRS service starts, it sees that it has missed NTFS operations on the disk (It compares the its last processed NTFS operation and current NTFS journal database). This is when FRS complains it has reached a Journal Wrap state, the NTFS Journal log has wrapped around and it doesn’t know the current state of things on the disk.

%d bloggers like this: