W7/2K8 R2 SP1: Remove unneeded Service Pack files

As you might know SP1 for Windows 7 and Windows Server 2008 R2 has been released recently. This SP contains all prior updates released through Windows update and some important updates aside from that.

In this short blogpost I will explain how you can remove the installation files of the SP so you can keep your installation tidy. This is particularly handy when you want to create an image of the installation so you can have your pc's deployed with SP1 included from now on.

Now, off we go.

1. First, open My Computer.
2. Right click on your C-Drive (or the drive on which Windows is installed on, for the sake of argument I'll assume this is C).
3. Choose Properties.

4. Clik Disk Cleanup.

5. Click Clean up System Files.

6. Tick Service Pack Backup Files so the checkbox is selected. As you can see this will cleanup about 540M on my pc.

I hope this helps.

Regards,

Stefan Hazenbroek

ConfigMgr: Drivers not applicable.

Consider the following scenario. You're running SCCM 2007 SP2 with R2 (or R3 for that matter) on Windows Server 2008 and want to deploy Windows 7 cliënts. When you try to import the drivers for your Windows 7 workstations into SCCM you might run into the issue when some drivers give the error:

The selected driver is not applicable to any supported platforms

You'll only get this error when you're trying to import drivers that are Windows 7 exclusive. This issue is due to the fact that SCCM uses the internal methods of handling inf files and Windows Server 2008 does not 'know' of Windows 7 yet. Install the following hotfix from Microsoft to fix this issue.

http://support.microsoft.com/kb/978754

Remember, this is not applicable on Windows Server 2008 R2 but only for windows Server 2008.

Hope this helps.

Regards,

Stefan Hazenbroek

AD CS: Move AD CS Database and Log to a different drive

What if you created a certificate infrastructure, sized it according to the requirements known at the moment and a new project comes along that requires a certifcate services Database and log that is three times the size of the original one, so it doesn't fit onto your sized harddisk. In alot of scenario's it's possible to expand the disks (using vmware, xenserver or hyper-v this is quite easy), but when you're using physical servers it's not so easy.

Or, maybe, when you installed AD CS you forgot to move it from c:\windows\system32\Certsvc. No worries, it's quite easy to change it.

In this short blogpost I'll explain how to move the certificate services database and log location after AD Certificate Services has been installed.

1. Prepare the disk, LUN or whatever you have in mind for your database and log. Ideally both will be placed on separate disks for performance reasons. Create the path for the database and log. In case it'll be placed on one disk I always assume CertDB for the database and CertDB\Logs for the logs, to keep things tidy.

2. Stop the AD Certificate Services service by running net stop certsvc from an elevated command prompt or by right clicking and selecting Stop service in the Services MMC.

3. Copy the database and the logs to their new location.

4. Open the registry editor by starting regedit and browse to HKLM\System\CurrentControlSet\Services\CertSvc\Configuration.

5. Edit the following entries:
DBDirectory (default is C:\Windows\System32\CertLog\..., change it to your new databasedir)
DBLogDirectory (default is C:\Windows\System32\CertLog, change it to your new logdir)
DBSystemDirectory (default is C:\Windows\System32\CertLog, change it to your new databasedir)
DBTempDirectory (default is C:\Windows\System32\CertLog, change it to your new databasedir)

6. Start the certification authority again by running net start certsvc from the commandline or by right clicking the AD Certification Services service and choosing Start. From this moment your DB and log should be running from the new location.

7. Verify it is running from the new location. You can do this by opening up the certification authority MMC. Right click on the name of your CA and choose Properties. Choose the tab Storage. The tab should look like this, with the location of your DB and Logs on a perhaps different drive/letter.

Hope this helps.

Regards,

Stefan Hazenbroek

FS: Disable the Restore button in Previous Versions

Previous Versions (or, Volume Shadow Copy Service) is a very powerful way of letting users manage their own files in an enterprise environment. One issue however, especially for department-shares, is the possibility to restore a file using Previous Versions. There is no pretty way to disable this using a group policy or something similar, but it IS possible.

By default it is possible for users to restore files. By following the next steps you can turn this off so that only Open and Copy can be used.

1. Fire up the registry (regedit).
2. Browse to: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer to turn it on or off for the current user or HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer to turn it off for the local machine. I suggest turning this off on a user basis, so that your IT Administrators can still manage this if needed.
3. Create a new REG_DWORD with the name NoPreviousVersionsRestore. The value for this entry is 1.

It isn't needed for the users to log off and on again for the setting to be put into place. I suggest putting this in a group policy preference for ease of management.

Hope this helps.

Regards,

Stefan Hazenbroek

DFS: Manual removal of a DFS Link.

It can happen to everybody. A DFS Link gets deleted in the wrong way by accident, and now it's stale sources are being a burden in your DFSroots directory. This can happen due to errors in namespace replication or unclean shutdowns. The directory cannot be opened or manually deleted, so how can we get rid of this?

When you try to open the directory you'll get the following error:

It makes sense to get this error, because DFS make a sort of junction point on your fileserver to relocate you to the real point. When you try to delete the folder you'll get this error:

When a DFS link gets created, a reparsepoint is created in the DFSroots directory. This is a link to the original directory. Also, see: http://msdn.microsoft.com/en-us/library/aa365503(VS.85).aspx for more information.

This reparsepoint is also what's causing the error. Normally, if you try to open a reparsepoint (like AppData in Windows 7 is), you'll get redirected to the original directory. In the case of DFS this works somewhat different, because the original directory isn't located on the same server.

To fix this we have to take some steps. First, open up Command Prompt and browse to your DFSroots directory. In my case this is C:\DFSroots. Open up your DFS namespace and look at the folder contents. This folder is what's being published when an user accesses your DFS namespace.

Above are the folder contents of the DFSroots folder in my test environment. Top Secret is a stale folder, so I'd like to delete this. Windows contains a tool called fsutil that can help us reach this goal. Type: fsutil reparsepoint query \\. In my case this would be fsutil reparsepoint query "C:\DFSroots\Public\Top Secret". Remember to enclose your query with quotes ("") when your name contains spaces.

The result should look alot like the following:

As you can see within the Tag Value, this reparsepoint is created by/for Microsoft DFS. Now, we're gonna delete this reparsepoint so our view of the namespace will be nice and clean again. Type: fsutil reparsepoint delete \\ and press Enter. Again, mind the quotes.

In this case the rule is: No result is good result. When you get a blank line your command succeeded. When you try to remove something that's not a reparse point you'll get an error looking a lot like the following one:

This means the reparse point is already deleted or you're giving in the wrong directory in your command line.

Hope this helps in keeping your DFS environment clean and tidy.

Regards,

Stefan Hazenbroek