The Password Export Server version 3.1 (PES v3.1) is a part of the Active Directory Migration Tool (ADMT) v3.1 toolset. You can use PES v3.1 to migrate passwords, when performing account migrations between different Active Directory Domains.

Download;

Password Export Server version 3.1 (x86)
Password Export Server version 3.1 (x64)

A blocking tool is available for organizations that would like to temporarily prevent installation of Service Pack updates through Windows Update.

This tool can be used with:

• Windows Server 2003 Service Pack 2 (valid through March, 2008)
• Windows XP Service Pack 3 (valid for 12 months following general availability)
• Windows Vista Service Pack 1 (valid for 12 months following general availability)

Download here

The Windows command-line tools are used to perform various tasks related to Windows Vista, Windows Server 2003, and Windows Server 2008.You can use the command reference to familiarize yourself with new and enhanced command-line tools, to learn about the command shell, and to automate command-line tasks by using batch files or scripting tools.

Download here

When you have the Group Policy Preference (GPP) Client Side Extensions (CSE) downloaded you'll notice that they are not (yet) in the .MSI format - so using Group Policy Software Installation (GPSI) is not possible. Bummer, right!?

We have .EXE files for Windows XP/2003 and .MSU files for Windows Vista... But that's not the only thing we need to think about. Before "deploying" these things to the clients on the network we need to know the OS version (XP/2003/Vista), the OS architecture (32 or 64 bit), the Service Pack Level, and whether or not the Group Policy Preference Pre-requisites (WmlLite - http://support.microsoft.com/kb/914783/en-us) are installed.

To make all this pretty easy I've created a "demo" script for deploying the GPP CSEs using Startup Script - or a manual launch (in admin context). My good friend Jeremy Moskowitz asked me to do this - so, a couple of hours later the "demo" - or "beta" - script is public (download below)...

Note: I haven't been able to test in all scenarios yet, but I *think* they are all covered pretty well by now. Please report back if you find any problems - any feedback is welcome!

Download the VBS script right here!

NB! You might need other language version for the XmlLite GPP CSE Pre-requisites, so watch out!

Running the script in your production network is on your own risk. The code is delivered "As Is" - totally free of any charge. No strings attached.

 

I hope this works out nicely for you!

.

This information is widely available but very useful so here is how I do it!

1. Run REGEDIT on any domain workstation logged in as a domain admin

2. Hit Alt ‘f’ than ‘c’

3. In the Select Computer search box, type its name in the dialog box (or of course browse for it)

4. In the remote machine’s registry browse to the following key: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

5. Find the value named ‘fDenyTSConnection’ (REG_DWORD). Change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled).

6. Close REGEDIT.

7. Of course you will need to reboot the remote machine for the change to take effect. My favourite way to do that is to open the command prompt and type ‘shutdown –i’, fill in the appropriate fields and away you go.

If you have ever tried defining the Security Options policy setting called: "Interactive logon: Message text for users attempting to log on", you may have had some difficulties formatting the message the way you wanted it. This blog is about "how to" workaround a minor bug in the GPEDIT tool…

 

The issue:

First things first - the Group Policy setting is located here:

"Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\"

The value is a Multi-String registry value that allows you to make multiple lines in the message. The message pops up right after a users hits Ctrl+Alt+Del as a general warning to the user before actually logging on. But, unfortunately the formatting isn’t as perfect as it could be.

What happens is, that carriage returns are lost after formatting this "pre-logon message" with GPEDIT, imagine you would want a message like this (see Figure 3):

—>

I don’t know why this should be so hard? Jump next line please…

Let’s do a comma, and continue the line…
Line number 4 is ready, but let’s jump line 5 & 6 now…

Line 7 finishes up this story!

<—

Such a message would end up as (see Figure 5):

—>

I don’t know why this should be so hard? Jump next line please…
Let’s do a comma, and continue the line…
Line number 4 is ready, but let’s jump line 5 & 6 now…
Line 7 finishes up this story!

<—

So, basically the problem is: line feeds/carriage returns/empty lines disappear completely!

You can actually see this within the GPEDIT GUI, but only if you hit "Apply" before "OK" - if you just hit "OK" after typing in your message you cannot see that it’s actually changed by GPEDIT (so you think the formatting is working as it should). I tested this behavior with GPEDIT on Windows XP SP2 (local policy), Windows Server 2003 SP1 (domain policy), Windows Vista SP Pre-RC (local policy) and Windows Server 2008 RC1 (domain policy).

Figure 1 - I typed in my message with the format I wanted:

Figure 2 - I clicked Apply, and the formatting was changed:

If I had just click OK I wouldn’t have noticed the change - anyway it’s a bit annoying, right?

 

Solution/Workaround:

The solution I came up with is to modify the policy file directly/manually using Notepad. The file is located here:

"\\DOMAIN.local\SYSVOL\DOMAIN.local\Policies\{GPO-GUID}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf"

Within that file we have the relevant registry value, called "LegalNoticeText":

MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,I don’t know why this should be so hard? Jump next line please…," ",Let’s do a comma"," and continue the line…,Line number 4 is ready"," but let’s jump line 5 & 6 now…," "," ",Line 7 finishes up this story!

Notice the " " (<quote><space><quote>) sequences, which are the same as empty lines.

This is the relevant line from a working GptTempl.inf file (the correct syntax written manually), and it actually works great:

Figure 3 - Pre-logon message on a Windows Server 2003 SP1 Domain Controller: 

Figure 4 - The above inserted GptTmpl.inf line also works for Windows XP SP2 in the same domain:

So, this proves that the INI file can actually be correctly formatted so clients (tested w/WS2003 SP1 and XP SP2 in a domain) can show the message perfectly. Please notice that the behavior is similar with local policies, but my testing has been focused on domain environments so far.

If you try to modify the working policy setting using GPEDIT again - after changing just a tiny bit (or just hitting OK to an existing setting) within the GPO the formatting/syntax is ruined again unfortunately (when GPO is saved by GPEDIT)! Look here what came out of it when I tested it:

MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,I don’t know why this should be so hard? Jump next line please…,Let’s do a comma"," and continue the line…,Line number 4 is ready"," but let’s jump line 5 & 6 now…,Line 7 finishes up this story!

Notice the " " (<quote><space><quote>) sequences are gone! This gives a wrong result (no empty lines) when clients get the pre-logon message.

Figure 5 - The formatting is lost (or wrong) when GPEDIT does the job:

 

Please notice, if you’re testing this you will have to define an additional policy setting for it to work, namely the "Interactive logon: Message title for users attempting to log on" setting.

Figure 6 - The title must be set for pre-logon message to appear

 

Conclusion

So, my conclusion is that (existing version of) GPEDIT doesn’t modify the GptTmpl.inf file properly (or the registry for local policies for that matter) - for this particular value at least… My best guess is that it doesn’t handle the quotes (") correctly, but I can’t be 100% sure. A bug report has been made for Microsoft - so hopefully it will be fixed before the final release of Windows Server 2008 and the Remote Server Administration Tools (RSAT).

However, as mentioned you can make it work with a workaround like this: Just perform the GptTmpl.inf (below SYSVOL) editing manually, make a backup of the file when it’s perfect - and never touch that GPO with GPEDIT again… Until Microsoft releases an updated version of GPEDIT anyway.

 

Related KB articles out there:
KB 330618
KB 238149
Technet article

 

.