IT Resource

Microsoft is inviting customers and partners to begin evaluating pre-release versions of Windows Small Business Server 2008 and Windows Essential Business Server 2008.

Due for general release later this year, Microsoft has overhauled its licensing terms following customer feedback on its current Windows Small Business Server 2003 R2 offering.

The new licensing terms mean that customers will be able to purchase single client access licences, allowing them to pay only for the exact number of employees using the product.
Read more…

Have you ever wanted to remove Windows components like Media Player, Internet Explorer, Outlook Express, MSN Explorer, Messenger and more from your Windows installation?  Have you ever wanted to include Service Packs and/or other Windows updates in your installation?  How about the integration of device drivers or even the creation of an unattended installation?  If the answer is ‘yes’ to any or all these questions, then nLite is the tool for you, and I can’t recommend it more highly!

nLite is a tool for pre-installation Windows configuration and component removal at your choice. Optional bootable image ready for burning on media or testing in virtual machines.

With nLite you will be able to have Windows installation which on install does not include, or even contain on media, the unwanted components.

Features

• Service Pack Integration
• Component Removal
• Unattended Setup
• Driver Integration *
• Hotfixes Integration **
• Tweaks
• Services Configuration
• Patches ***
• Bootable ISO creation

* – Textmode (CD Boot) and normal PnP
** – hotfixes with white icons, *KB*.exe, including update packs
and Internet Explorer 7
*** – supports generic SFC, Uxtheme, TcpIp and Usb Polling patching.

nLite supports Windows 2000, XP x86/x64 and 2003 x86/x64 in all languages.

If you would like to know more about nLite, or to download the software, visit the nLite website at http://www.nliteos.com

No, you don’t have to pay a cent for nLite.  Infact, nLite is completely free!  That said, I’m sure they would appreciate a donation.

This guide will run you through the steps required to transfer the Flexible Single Master Operations (FSMO) roles (also known as operations master roles) by using the Active Directory snap-in tools in Microsoft Management Console (MMC) in Windows Server 2003.

FSMO Roles

In a forest, there are at least five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

• Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
• Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
• Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one
  time, there can be only one domain controller acting as the infrastructure master in each domain.
• Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.
• PDC Emulator: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

You can transfer FSMO roles by using the Ntdsutil.exe command-line utility or by using an MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in tools:

• Active Directory Schema snap-in
• Active Directory Domains and Trusts snap-in
• Active Directory Users and Computers snap-in

If a computer no longer exists, the role must be seized. To seize a role, use the Ntdsutil.exe utility.

Transfer the Schema Master Role

Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use this snap-in, you must register the Schmmgmt.dll file.

Register schmmgmt.dll

1. Click Start, and then click Run.
2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
3. Click OK when you receive the message that the operation succeeded.

Transfer the Schema Master Role

1. Click Start, click Run, type mmc in the Open box, and then click OK.
2. On the File, menu click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema, click Add, click Close, and then click OK.
5. In the console tree, right-click Active Directory Schema, and then click Change Domain Controller.
6. Click Specify Name, type the name of the domain controller that will be the new role holder, and then click OK.
7. In the console tree, right-click Active Directory Schema, and then click Operations Master.
8. Click Change.
9. Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the Domain Naming Master Role

1. Click Start, point to Administrative Tools, and then click Active Directory Domains and Trusts.
2. Right-click Active Directory Domains and Trusts, and then click Connect to Domain Controller.

Note: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

3. Do one of the following:

In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.

- or -

In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

4. In the console tree, right-click Active Directory Domains and Trusts, and then click Operations Master.
5. Click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.

Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click Active Directory Users and Computers, and then click Connect to Domain Controller.

Note: You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.

3. Do one of the following:

In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.

- or -

In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.

4. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Master.
5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or Infrastructure), and then click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.

And there you have it. How to view and transfer FSMO roles in Windows Server 2003.

Along with the new Windows Firewall in Windows Server 2003 SP1 and Windows XP SP2, Microsoft provided an updated system.adm administrative template file that adds Group Policy settings that you can use to configure firewall behavior at a local machine policy level or by using an Active Directory-based Group Policy Object (GPO). To access the Windows Firewall Group Policy settings, open either a local machine policy (run gpedit.msc on a workstation) or a GPO stored in a domain. Expand Computer Configuration, Administrative Templates, Network, Network Connections, and Windows Firewall.

You can configure firewall settings under both the Domain Profile and Standard Profile subfolders. You use the domain profile when the computer is connected to the Active Directory network and the standard profile when the machine isn’t connected to the corporate network. This setup lets you configure different settings for networked machines and remote machines, as this figure shows.

Click to enlarge

The options under each of the two branches are identical, and you can click an item to view its description. Here are some key settings you may want to enable:

1. Windows Firewall: Protect all network connections. This setting essentially forces the firewall on or off for the profile.
2. Windows Firewall: Do not allow exceptions. This option instructs the firewall to ignore any exceptions that have been defined. Enabling this setting is equivalent to selecting the “Don’t allow exceptions” check box on the General tab of Windows Firewall in Control Panel.
3. Windows Firewall: Define program exceptions Properties. This setting lets you define custom programs, to which you can then grant exceptions to pass through the firewall.
4. Windows Firewall: Prohibit notifications. This setting stops the firewall from prompting users whether they want to allow exceptions for a currently stopped program.
5. Windows Firewall: Allow logging. This option lets you configure the logging level for the firewall, the log size, and its name and location.

For more information about Windows Firewall policy settings, see Windows Firewall Technical Reference in the Network Security Technologies section of the Networking Collection on the Microsoft Windows Server 2003 TechCenter site on TechNet.