Wednesday, January 17, 2007

Restart Server Remotely

Do you want to give permission to other people to restart your server remotely? All they can do is to restart the server - nothing else. Here is how you do it:

  • Create a local user in the server
  • Create a local group in the server, and assign the new user to this group
  • Add the user to the built-in Remote Desktop Users group
  • Assign the new group to the local policy to be able to login through Terminal Service and Shutdown the server
  • Create a reboot VBScript - call it r.vbs

Option Explicit
Dim Reboot
Dim Cancel
Dim objShellSet

objShell = WScript.CreateObject("Wscript.Shell")
Reboot = msgBox("You are about to reboot the server now. Click YES to confirm or NO to cancel", 4, "Confirm Reboot Server")

If Reboot = 6 Then
objShell.Run "cmd /c C:\windows\system32\shutdown -r -f -t 30", 0, True

Cancel = msgBox("To cancel the reboot, Click YES now", 4, "Cancel Reboot")

If Cancel = 6 Then
objShell.Run "cmd /c C:\windows\system32\shutdown -a", 0, True
End If
End If

  • Create a wrapper batch file - call it a.cmd

@echo off
cscript r.vbs

  • Assign the new user environment properties to run the a.cmd when they login through terminal service

Friday, January 05, 2007

Run As - explorer.exe - Admin priv

Sometime you need to login to your local machine as a normal user - to maintain least privileges. However, some of your tasks needing you to have higher level of privileges - e.g. open a folder that has NTFS permission for admin group only.

The best way is to run explorer.exe as admin user. But, Windows XP does not support running an explorer.exe as different context. It will spawn a new explorer.exe process under the parent explorer.exe process which has a normal user context.

Here is the trick:

Open the registry (regedit)
Navigate to the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\

Right click the "shell" folder and choose New -> Key
Name it: OpenAsAdminUser

Click the "OpenAsAdminUser" folder and find the (Default) string value
Double Click on that string value, put the value data:
Open An Explorer Window as Admin User

Right Click the "OpenAsAdminUser" folder and choose New -> Key
Give it the name: command

Click the "command" folder and find the (Default) string value
Double click on that string value, put the value data:
runas.exe /user:DOMAIN\ADMIN "explorer.exe /SEPARATE,%L"

Now open your explorer, navigate to any folder you want to open as admin user, right click, you will have the new menu called: Open An Explorer Window as Admin User. Choose that and enter your admin password. Bingo!!

Tuesday, January 02, 2007

Exchange 2003 - Message stuck in the categorizer

If you have a big distribution list or email enabled security group within Active Directory which has a particular member that forwards an email externally, you might not be able successfully send an email to that group.

When you track the message using Exchange Message Tracking Center, you'll find out that the message is in the status: Message Submitted to Categorizer

This is because the automatic forward email is not enabled by default in Exchange 2003. To enable this:
  • Go to Exchange System Manager
  • Expand Global Settings
  • Click Internet Message Formats
  • Right click Default
  • Click Advanced tab
  • Choose Allow automatic forward

If this one does not work, try to do high level diagnostic with categorizer - modify the registry:

HLM\System\CurrentControlSet\Services\MSExchangeTransport\Diagnostics\

Change 2 Categorizer from 0 to 7

and check your application event log