Hiren's Boot CD is a boot CD containing various diagnostic programs such as partitioning agents, system performance benchmarks, disk cloning and imaging tools, data recovery tools, MBR tools, BIOS tools, and many others for fixing various computer problems. It is a Bootable CD; thus, it can be useful even if the primary operating system cannot be booted. Hiren's Boot CD has an extensive list of software. Utilities with similar functionality on the CD are grouped together and seem redundant; however, they present choices through UI differences.
List of Tools
All in One Bootable CD which has all these utilities
Partition Tools
Partition Magic Pro 8.05
Best software to partition hard drive
Acronis Disk Director 10.0.2160
Popular disk management functions in a single suite
Paragon Partition Manager 7.0.1274
Universal tool for partitions
Partition Commander 9.01
The safe way to partition your hard drive,with undo feature
Ranish Partition Manager 2.44
a boot manager and hard disk partitioner.
The Partition Resizer 1.3.4
move and resize your partitions in one step and more.
Smart Fdisk 2.05
a simple harddisk partition manager
SPecial Fdisk 2000.03t
SPFDISK a partition tool.
eXtended Fdisk 0.9.3
XFDISK allows easy partition creation and edition
GDisk 1.1.1
Complete replacement for the DOS FDISK utility and more.
Super Fdisk 1.0
Create, delete, format partitions drives without destroying data.
Partition Table Editor 8.0
Partition Table and Boot Record Editor
Backup Tools
ImageCenter 5.6 (Drive Image 2002)
Best software to clone hard drive
Norton Ghost 11.5
Similar to Drive Image (with usb/scsi support)
Acronis True Image 8.1.945
Create an exact disk image for complete system backup and disk cloning.
Partition Saving 3.71
A tool to backup/restore partitions. (SavePart.exe)
COPYR.DMA Build013
A Tool for making copies of hard disks with bad sectors
DriveImageXML 2.02
backup any drive/partition to an image file, even if the drive is currently in use
Drive SnapShot 1.39
creates an exact Disk Image of your system into a file while windows is running.
Ghost Image Explorer 11.5
to add/remove/extract files from Ghost image file
DriveImage Explorer 5.0
to add/remove/extract files from Drive image file
WhitSoft File Splitter 4.5a
a Small File Split-Join Tool
Express Burn 4.25
CD/DVD Burner Program to create and record CDs/DVDs, also create/burn .iso and .nrg images
Smart Driver Backup 2.12
Easy backup of your Windows device drivers (also works from PE)
Double Driver 1.0
Driver Backup and Restore tool
DriverBackup! 1.0.3
Another handy tool to backup drivers
Recovery Tools
Active Partition Recovery 3.0
To Recover a Deleted partition.
Active Uneraser 3.0
To recover deleted files and folders on FAT and NTFS systems.
Ontrack Easy Recovery Pro 6.10
To Recover data that has been deleted/virus attack
Winternals Disk Commander 1.1
more than just a standard deleted-file recovery utility
TestDisk 6.10
Tool to check and undelete partition.
Lost & Found 1.06
a good old data recovery software.
DiyDataRecovery Diskpatch 2.1.100
An excellent data recovery software.
Prosoft Media Tools 5.0 v1.1.2.64
Another excellent data recovery software with many other options.
PhotoRec 6.10
File and pictures recovery Tool.
Winsock 2 Fix for 9x
to fix corrupted Winsock2 information by poorly written Internet programs
XP TCP/IP Repair 1.0
Repair your Windows XP Winsock and TCP/IP registry errors
Active Undelete 5.5
a tool to recover deleted files
Restoration 3.2.13
a tool to recover deleted files
GetDataBack for FAT 2.31
Data recovery software for FAT file systems
GetDataBack for NTFS 2.31
Data recovery software for NTFS file systems
Recuva 1.24.399
Restore deleted files from Hard Drive, Digital Camera Memory Card, usb mp3 player...
Partition Find and Mount 2.3.1
Partition Find and Mount software is designed to find lost or deleted partitions
Unstoppable Copier 4b
Allows you to copy files from disks with problems such as bad sectors,
scratches or that just give errors when reading data.
Testing Tools
System Speed Test 4.78
it tests CPU, harddrive, ect.
PC-Check 6.5
Easy to use hardware tests
Ontrack Data Advisor 5.0
Powerful diagnostic tool for assessing the condition of your computer
The Troubleshooter 7.02
all kind of hardware testing tool
PC Doctor 2004
a benchmarking and information tool
CPU/Video/Disk Performance Test 5.7
a tool to test cpu, video, and disk
Test Hard Disk Drive 1.0
a tool to test Hard Disk Drive
Disk Speed1.0
Hard Disk Drive Speed Testing Tool
S&M Stress Test 1.9.1
cpu/hdd/memory benchmarking and information tool, including temperatures/fan speeds/voltages
Monitor Tester 1.0
Allows you to test CRT/LCD/TFT screens for dead pixels and diffective screens
RAM (Memory) Testing Tools
GoldMemory 5.07
RAM Test utility
Memtest86+ 2.11
PC Memory Test
MemTest 1.0
a Memory Testing Tool
Hard Disk Tools
Hard Disk Diagnostic Utilities
Seagate Seatools Graphical v2.13b
SeaTools for Dos 1.10
Western Digital Data Lifeguard Tools 11.2
Western Digital Diagnostics (DLGDIAG) 5.04f
Maxtor PowerMax 4.23
Maxtor amset utility 4.0
Maxtor(or any Hdd) Low Level Formatter 1.1
Fujitsu HDD Diagnostic Tool 7.00
Fujitsu IDE Low Level Format 1.0
Samsung HDD Utility(HUTIL) 2.10
Samsung Disk Diagnose (SHDIAG) 1.28
Samsung The Drive Diagnostic Utility (ESTOOL) 2.11
IBM/Hitachi Drive Fitness Test 4.14
IBM/Hitachi Feature Tool 2.11
Gateway GwScan 5.12
ExcelStor's ESTest 4.50
MHDD 4.6
WDClear 1.30
Toshiba Hard Disk Diagnostic 2.00b
HDD Regenerator 1.51
to recover a bad hard drive
HDAT2 4.53
main function is testing and repair (regenerates) bad sectors for detected devices
Ontrack Disk Manager 9.57
Disk Test/Format/Maintenance tool.
Norton Disk Doctor 2002
a tool to repair a damaged disk, or to diagnose your hard drive.
Norton Disk Editor 2002
a powerful disk editing, manual data recovery tool.
Hard Disk Sentinel 0.04
Hard Disk health, performance and temperature monitoring tool.
Active Kill Disk 4.1
Securely overwrites and destroys all data on physical drive.
SmartUDM 2.00
Hard Disk Drive S.M.A.R.T. Viewer.
Victoria 3.33e and 3.52rus
a freeware program for low-level HDD diagnostics
HDD Erase 4.0
Secure erase using a special feature built into most newer hard drives
HDD Scan 3.1
This is a Low-level HDD diagnostic tool, it scans surface find bad sectors etc.
HDTune 2.55
Hard disk benchmarking and information tool.
Data Shredder 1.0
A tool to Erase disk and files (also wipe free space) securely
System Information Tools
Aida16 2.14
a system information tool, extracts details of all components of the PC
PCI and AGP info Tool (0903)
The PCI System information & Exploration tool.
System Analyser 5.3u
View extensive information about your hardware
Navratil Software System Information 0.60.32
High-end professional system information tool
Astra 5.41
Advanced System info Tool and Reporting Assistant
HWiNFO 5.2.5
a powerful system information utility
PC-Config 9.33
Complete hardware detection of your computer
SysChk 2.46
Find out exactly what is under the hood of your PC
CPU Identification utility 1.16
Detailed information on CPU (CHKCPU.EXE)
CTIA CPU Information 2.7
another CPU information tool
Drive Temperature 1.0
Hard Disk Drive temperature meter
PC Wizard 2008.1.871
Powerful system information/benchmark utility designed especially for detection of hardware.
SIW 2009-02-24
Gathers detailed information about your system properties and settings.
CPU-Z 1.50
It gathers information on some of the main devices of your system
PCI 32 Sniffer 1.4 (0903)
device information tool (similar to unknown devices)
Unknown Devices 1.2 (0903)
helps you find what those unknown devices in Device Manager really are
MBR (Master Boot Record) Tools
MBRWork 1.07b
a utility to perform some common and uncommon MBR functions
MBR Tool 2.2.100
backup, verify, restore, edit, refresh, remove, display, re-write...
DiskMan4
all in one tool for cmos, bios, bootrecord and more
BootFix Utility
Run this utility if you get 'Invalid system disk'
MBR SAVE / RESTORE 2.1
BootSave and BootRest tools to save / restore MBR
Boot Partition 2.60
add Partition in the Windows NT/2000/XP Multi-boot loader
Partition Table Doctor 3.5
a tool to repair/modify mbr, bootsector, partition table
Smart Boot Manager 3.7.1
a multi boot manager
Bootmagic 8.0
This tool is for multi boot operating systems
MBRWizard 2.0b
Directly update and modify the MBR (Master Boot Record)
BIOS / CMOS Tools
CMOS 0.93
CMOS Save / Restore Tool
BIOS Cracker 4.8
BIOS password remover (cmospwd)
BIOS Cracker 1.4
BIOS password remover (cmospwc)
BIOS Utility 1.35.0
BIOS Informations, password, beep codes and more.
!BIOS 3.20
a powerfull utility for bios and cmos
DISKMAN4
a powerful all in one utility
UniFlash 1.40
bios flash utility
Kill CMOS
a tiny utility to wipe cmos
Award DMI Configuration Utility 2.43
DMI Configuration utility for modifying/viewing the MIDF contents.
MultiMedia Tools
Picture Viewer 1.94
Picture viewer for dos, supports more then 40 filetypes.
QuickView Pro 2.58
movie viewer for dos, supports many format including divx.
MpxPlay 1.56
a small Music Player for dos
Password Tools
Active Password Changer 3.0.420
To Reset User Password on windows NT/2000/XP/2003/Vista (FAT/NTFS)
Offline NT/2K/XP Password Changer
utility to reset windows nt/2000/xp administrator/user password.
Registry Reanimator 1.02
Check and Restore structure of the Damaged Registry files of NT/2K/XP
NTPWD
utility to reset windows nt/2000/xp administrator/user password.
Registry Viewer 4.2
Registry Viewer/Editor for Win9x/Me/NT/2K/XP
ATAPWD 1.2
Hard Disk Password Utility
Content Advisor Password Remover 1.0
It Removes Content Advisor Password from Internet Explorer
Password Renew 1.1
Utility to (re)set windows passwords
WindowsGate 1.1
Enables/Disables Windows logon password validation
WinKeyFinder 1.73
Allows you to View and Change Windows XP/2003 Product Keys, backup and restore
activation related files, backup Microsoft Office 97, 2000 SP2, XP/2003 keys etc.
XP Key Reader 2.7
Can decode the XP-key on Local or Remote systems
ProduKey 1.35
Recovers lost the product key of your Windows/Office
Wireless Key View 1.20
Recovers all wireless network keys (WEP/WPA) stored in your computer by WZC
NTFS (FileSystems) Tools
NTFS Dos Pro 5.0
To access ntfs partitions from Dos
NTFS 4 Dos 1.9
To access ntfs partitions from Dos
Paragon Mount Everything 3.0
To access NTFS, Ext2FS, Ext3FS partitions from dos
NTFS Dos 3.02
To access ntfs partitions from Dos
EditBINI 1.01
to Edit boot.ini on NTFS Partition
Browsers / File Managers
Volkov Commander 4.99
Dos File Manager with LongFileName/ntfs support
(Similar to Norton Commander)
Dos Command Center 5.1
Classic dos-based file manager.
File Wizard 1.35
a file manager - colored files, drag and drop copy, move, delete etc.
File Maven 3.5
an advanced Dos file manager with high speed PC-to-PC file
transfers via serial or parallel cable
FastLynx 2.0
Dos file manager with Pc to Pc file transfer capability
LapLink 5.0
the smart way to transfer files and directories between PCs.
Dos Navigator 6.4.0
Dos File Manager, Norton Commander clone but has much more features.
Mini Windows 98
Can run from Ram Drive, with ntfs support,
Added 7-Zip, Disk Defragmenter, Notepad / RichText Editor,
Image Viewer, .avi .mpg .divx .xvid Movie Player, etc...
7-Zip 4.65
File Manager/Archiver Supports 7z, ZIP, GZIP, BZIP2, TAR, RAR, CAB, ISO, ARJ, LZH, CHM, MSI, WIM, Z, CPIO, RPM, DEB and NSIS formats
Off By One Browser 3.5d
an independent web browser that runs completely self- contained
Other Tools
Ghost Walker 11.5
utility that changes the security ID (SID) for Windows NT, 2000 and XP
DosCDroast beta 2
Dos CD Burning Tools
Universal TCP/IP Network 6.4
MSDOS Network Client to connect via TCP/IP to a Microsoft based
network. The network can either be a peer-to-peer or a server based
network, it contains 91 different network card drivers
NewSID 4.10
utility that changes the security ID (SID) for Windows NT, 2000 and XP
Registry Editor PE 0.9c
Easy editing of remote registry hives and user profiles
Dos Tools
USB CD-Rom Driver 1
Standard usb_cd.sys driver for cd drive
Universal USB Driver 2
Panasonic v2.20 ASPI Manager for USB mass storage
ASUSTeK USB Driver 3
ASUS USB CD-ROM Device Driver Version 1.00
SCSI Support
SCSI Drivers for Dos
SATA Support
SATA Driver (gcdrom.sys) and JMicron JMB361 (xcdrom.sys) for Dos
1394 Firewire Support
1394 Firewire Drivers for Dos
Interlnk support at COM1
To access another computer from COM port
Interlnk support at LPT1
To access another computer from LPT port
and too many great dos tools
very good collection of dos utilities
extract.exe pkzip.exe pkunzip.exe unrar.exe rar.exe
ace.exe lha.exe gzip.exe uharcd.exe mouse.com
attrib.com deltree.exe xcopy.exe diskcopy.com imgExtrc.exe
undelete.com edit.com fdisk.exe fdisk2.exe fdisk3.exe
lf.exe delpart.exe wipe.com zap.com format.com
move.exe more.com find.exe hex.exe debug.exe
split.exe mem.exe mi.com sys.com smartdrv.exe
xmsdsk.exe killer.exe share.exe scandisk.exe scanreg.exe
guest.exe doskey.exe duse.exe biosdtct.exe setver.exe
intersvr.exe interlnk.exe loadlin.exe lfndos.exe doslfn.com
Cleaners
SpaceMonger 1.4
keeping track of the free space on your computer
WinDirStat 1.1.2.80
a disk usage statistics viewer and cleanup tool for Windows.
CCleaner 2.17.853
Crap Cleaner is a freeware system optimization and privacy tool
Optimizers
PageDfrg 2.32
System file Defragmenter For NT/2k/XP
NT Registry Optimizer 1.1j
Registry Optimization for Windows NT/2000/2003/XP/Vista
DefragNT 1.9
This tool presents the user with many options for disk defragmenting
JkDefrag 3.36
Free disk defragment and optimize utility for Windows 2000/2003/XP/Vista
Process Tools
IB Process Manager 1.04
a little process manager for 9x/2k, shows dll info etc.
Process Explorer 11.33
shows you information about which handles and DLLs processes have opened or loaded
Pocket KillBox 2.0.0.978
can be used to get rid of files that stubbornly refuse to allow you to delete them
Unlocker 1.8.7
This tool can delete file/folder when you get this message - Cannot delete file:
Access is denied, The file is in use by another program etc.
CurrPorts 1.60
displays the list of all currently opened TCP and UDP ports on your computer
Startup Tools
Autoruns 9.39
Displays All the entries from startup folder, Run, RunOnce, and other Registry keys,
Explorer shell extensions,toolbars, browser helper objects, Winlogon notifications,
auto-start services, Scheduled Tasks, Winsock, LSA Providers, Remove Drivers
and much more which helps to remove nasty spyware/adware and viruses.
Silent Runners Revision 59
A free script that helps detect spyware, malware and adware in the startup process
Startup Control Panel 2.8
a tool to edit startup programs
Startup Monitor 1.02
it notifies you when any program registers itself to run at system startup
HijackThis 2.0.2
a general homepage hijackers detector and remover and more
Tweakers
Dial a Fix 0.60.0.24
Fix errors and problems with COM/ActiveX object errors and missing registry entries,
Automatic Updates, SSL, HTTPS, and Cryptography service (signing/verification)
issues, Reinstall internet explorer etc. comes with the policy scanner
Ultimate Windows Tweaker 1.0
A TweakUI Utility for tweaking and optimizing Windows Vista
TweakUI 2.10
This PowerToy gives you access to system settings that are not exposed in the Windows Xp
Xp-AntiSpy 3.97.2
it tweaks some Windows XP functions, and disables some unneeded Windows services quickly
Shell Extensions Manager (ShellExView) 1.36
An excellent tool to View and Manage all installed Context-menu/Shell extensions
EzPcFix 1.0.0.16
Helpful tool when trying to remove viruses, spyware, and malware
Antivirus Tools
ClamWin Antivirus 0.94.1 (0903)
a free antivirus, GNU GPL Open Source Virus Scanner
Spybot - Search & Destroy 1.6.2 (0903)
Application to scan for spyware, adware, hijackers and other malicious software.
SpywareBlaster 4.1 (0903)
Prevent the installation of spyware and other potentially unwanted software.
SmitFraudFix 2.400
This removes Some of the popular Desktop Hijack malware
ComboFix (0903)
Designed to cleanup malware infections and restore settings modified by malware
CWShredder 2.19
Popular CoolWebSearch Trojan Remover tool
RootkitRevealer 1.7.1
Rootkit Revealer is an advanced patent-pending root kit detection utility.
Ad-Aware SE Personal 1.06 (0903)
find and remove spyware, adware, dialers etc. (a must have tool)
Code:
http://rapidshare.com/files/208219263/Hirens98.part1.rar
http://rapidshare.com/files/208219265/Hirens98.part2.rar
Monday, July 6, 2009
Sunday, April 19, 2009
Configuring IIS To Host an FTP Site (Part 2)
Some differences in the two versions of the FTP services that can be run on Windows Server 2008.
Introduction
In my previous article in this series, I showed you how to install the FTP role services, and I began talking about SSL encryption for FTP. Although SSL encryption is certainly not a requirement for using FTP, it is a good idea to at least give your users the option of encrypting their FTP sessions, because you never know when they will need to transfer a sensitive document. Over the next two articles, I will show you how to add SSL security to your FTP server.
The New Version
If you look at your server’s Administrative Tools menu, you will notice that it contains a link for the Internet Information Services (IIS) Manager, and another link for the Internet Information Services (IIS) 6.0 Manager, as shown in Figure A. There is actually a really good reason for this.
In my previous article in this series, I showed you how to install the FTP role services, and I began talking about SSL encryption for FTP. Although SSL encryption is certainly not a requirement for using FTP, it is a good idea to at least give your users the option of encrypting their FTP sessions, because you never know when they will need to transfer a sensitive document. Over the next two articles, I will show you how to add SSL security to your FTP server.
The New Version
If you look at your server’s Administrative Tools menu, you will notice that it contains a link for the Internet Information Services (IIS) Manager, and another link for the Internet Information Services (IIS) 6.0 Manager, as shown in Figure A. There is actually a really good reason for this.
Figure A: Windows Server 2008 includes two separate IIS management tools
When Microsoft created Windows Server 2008, one of their goals was to completely revamp the FTP server in an effort to modernize it. However, the new code was not completed in time for the Windows Server 2008 release. Since Microsoft did not want to release Windows Server 2008 with no FTP support, they ended up porting the IIS 6.0 version of the FTP services from Windows Server 2003 into Windows Server 2008.
If you choose the Internet Information Services (IIS) 6.0 option from the Administrative Tools menu, you will see the console shown in Figure B. This is essentially just a watered down version of the IIS Management Console that was included for the sole purpose of managing the FTP services. If you right click on the Default FTP Site, and choose the Properties command from the resulting shortcut menu, Windows will display the FTP site’s properties sheet. A quick look at the properties sheet’s various tabs will show you that there simply isn’t an option for encrypting FTP sessions.
If you choose the Internet Information Services (IIS) 6.0 option from the Administrative Tools menu, you will see the console shown in Figure B. This is essentially just a watered down version of the IIS Management Console that was included for the sole purpose of managing the FTP services. If you right click on the Default FTP Site, and choose the Properties command from the resulting shortcut menu, Windows will display the FTP site’s properties sheet. A quick look at the properties sheet’s various tabs will show you that there simply isn’t an option for encrypting FTP sessions.
Figure B: The Internet Information Services (IIS) 6.0 manager is a leftover from Windows Server 2003The good news is that you are not stuck using the legacy FTP server. Microsoft went on to complete their new FTP server, and released it as an out of band add-on. This means that it is not technically a part of the operating system, but is an add-on that is designed to work with the operating system.
I once asked someone in Redmond if the new version of the FTP server would be integrated into Windows Server 2008 when the next service pack was released. I was told that the FTP server was going to remain an out of band add-on, because doing so allowed the IIS team to modify it whenever they wanted without having to deal with all of the politics associated with modifying an operating system component.
Since the new FTP server is far superior to the one that ships with the operating system, let us go ahead and uninstall the IIS 6.0 version, and then we will download and install the new version.
Removing the IIS 6.0 FTP Server
Even though we just installed the IIS 6.0 version of the FTP services, let us go ahead and remove it. I only wanted to install it as a way of showing you the difference between what was included in Windows Server 2008, and what you got with the out of band release.
To remove the previous version of the FTP services, open the Server Manager, and select the Roles container from the console tree. Scroll down until the console lists all of the role services that are installed, and click the Remove Role Services link. When you do, Windows will open the Remove Role Services Wizard. Deselect the FTP Publishing Service check box, and click Next, followed by Remove and Close.
Installing the IIS 7 FTP Server
The first thing that you will have to do is to download the Microsoft FTP Services for IIS 7.0. The actual download link that you will use varies depending on whether you are running the 32-bit or the 64-bit version of Windows Server 2008. If you are running the 32-bit version, you can download the FTP services here. If you are running the 64-bit version of Windows Server 2008, then you will want to download the FTP services here.
Save the file that you have downloaded to an empty folder on your server’s hard drive. Next, double click on the file that you have downloaded, and click the Run button when prompted by Windows. Windows will now launch the Microsoft FTP Services for IIS 7.0 installation wizard.
Click Next to bypass the wizard’s Welcome screen. The wizard will now display the End User License Agreement. Accept the license agreement, and click Next. At this point, you will see a screen that is similar to the one shown in Figure C, asking you which of the individual FTP services components you would like to install. For our purposes, make sure that all of the components are set to be installed, and click Next.
Figure C: Make sure that all of the FTP components are going to be installedYou should now see a message telling you that Windows is ready to install the FTP services. Click the Install button to initiate the installation process. When the installation process completes, click Finish.
Accessing the FTP Server
Now that our quick and painless installation process is complete, let us open the IIS 7.0 management console. To do so, select the Internet Information Services (IIS) Manager option from the Administrative Tools menu. When the Internet Information Services (IIS) Manager console opens, select the container from the console tree that bears the name of your server. As you can see in Figure D, some FTP management tools have been added to the server.
Figure D: The Internet Information Services (IIS) Manager console now supports FTPNow scroll through the console tree to
Figure E: Enter the name of the site and the site’s physical pathOn the following screen, select the Allow SSL option, and click Next. Click Finish, and IIS will create a bare bones FTP site. We will configure and secure this site in Part 3.
Conclusion
As you can see, the IIS 7.0 version of the FTP services offers a lot more options than the IIS 6.0 version does. In the next article in the series, I will show you how to apply SSL encryption to an FTP server. In the mean time though, I would strongly recommend that you take the time to check for any updates to the FTP services that might have been released since the time that Microsoft first made the services available.
Configuring IIS To Host an FTP Site (Part 1)
How you can configure IIS to act as an FTP server.
Introduction
It is easy to think of IIS as just being an application for hosting Websites, but IIS can also be configured to act as an FTP server that allows users to upload and / or download files. An IIS FTP site can be bound to a Web site or it can be a standalone site. In either case, IIS offers you a great deal of flexibility in setting up an FTP site. In this article series, I will show you how to install the necessary services, and how to provision your IIS server. I will also show you some variations of these techniques that you can use to adapt your FTP site to specific types of situations.
Why Use FTP?
FTP (File Transfer Protocol) is far from being the only game in town when it comes to file transfers, so you may be wondering why I am bothering to write about FTP as opposed to some other type of file transfer mechanism. After all, the FTP protocol has been around since 1971, and is a bit dated to say the least.
I am not going to try to tell you that FTP is the be all – end all when it comes to file transfer protocols. There are certainly file transfer methods that are more efficient. Even so, there are a couple of different reasons why I chose to write about FTP. For starters, FTP is universal. Everybody knows what FTP is, and it works on pretty much every operating system.
FTP completely masks the complexities of interacting with various operating systems and file systems. It doesn’t matter if a user is using Linux, Windows 95, Windows Vista, or something really obscure. As long as their operating system is FTP aware, they can transfer files to or from an IIS server that is running on Windows Server 2008.
The other reason why I wanted to write about FTP is because the FTP services are included with IIS. You do not have to develop or purchase any additional software. Simply install the necessary components, adjust a few configuration settings, and you are in business.
Installing an FTP Server
Windows Server 2008 gives you two different options for installing an FTP Server. One option is that you can install the FTP server through the GUI. The other option is to configure the server to operate as a server core installation. As you might have heard, server core deployments are entirely command line driven, but are arguably more secure than their GUI counterparts because fewer Windows components are installed. In the interest of reducing complexity, I am going to focus my discussion on performing a traditional, GUI based installation.
With that said, begin the process by opening the Server Manager and scrolling through the pane on the right to the Roles Summary section. Next, click the Add Roles link that’s located within this section. When you do, Windows will launch the Add Roles Wizard.
Click next to bypass the wizard’s Welcome screen, and you will be taken to the Select Server Roles screen. Select the check box corresponding to the Web Server (IIS) role, and click Next. You will now be taken to the wizard’s Select Role Services screen. This screen lists the various IIS related components that you can install. Since many of the services required by an FTP server are selected by default, go ahead and click Next to accept the default values. You will now be taken to a confirmation screen that lists the choices that you have made. Take a moment to review the components that will be installed, and then click the Install button. When the installation process completes, verify that the installation was successful, and then click the Close button.
Now, open the Server Manager and navigate through the console tree to Server Manager Roles Web Server (IIS). Upon selecting the Web Server (IIS) container, scroll through the pane on the right until you locate the Role Services section. As you examine the entries in this section, you will notice that the FTP Publishing Service and its subcomponents are not installed.
You can install these components by clicking the Add Role Service link. Upon doing so, Windows will open a dialog box that prompts you to select the role services that you want to install. Select the check box corresponding to the FTP Publishing Service. Upon doing so, the underlying FTP Server service and the FTP Management Console check boxes will also be selected. Leave these items selected.
Click Next, and Windows will display a summary screen that shows you which role services that you are about to install. Assuming that your choices appear to be correct, go ahead and click the Install button. Windows will now install the selected role services. When the installation process completes, take a moment to verify that the installation was successful, and then click the Close button. I also recommend going back to the Server Manager and taking another look at the Role Services for the Web Server (IIS) role. You should be able to verify that the FTP Publishing Service, the FTP Server, and the FTP Management Console are all installed.
Securing Your FTP Server
Now that the necessary role services are installed, it is probably a good idea to secure your FTP server. One of the primary techniques used to secure an FTP session is to encrypt the session using SSL. Keep in mind that SSL encryption is not mandatory though. In some cases uploading or downloading unencrypted files is not a big deal. For example, I downloaded a new Microsoft Word template from one of my publishers via FTP last week. The transmission wasn’t encrypted, but it really did not matter because it was just a document template. In any case, it is a good idea to at least give your users the option of encrypting the session if they want to.
SSL encryption is based on the use of digital certificates. The certificate is not just used as the basis for encryption, it also serves as a mechanism to positively identify your server. There are actually three different options available to you in regard to using a certificate. You can purchase a certificate from a commercial certificate authority, you can generate your own certificate from a Windows Server that is configured to act as an Enterprise Certificate Authority, or you can configure your FTP server to generate a self signed certificate.
When you are trying to decide which method to use, remember that the client computer has to trust the certificate that the server is using. Windows clients automatically trust certificates from the major commercial certificate providers. They will usually also automatically trust an Enterprise Certificate Authority, so long as the client machine is a domain member. A client will never automatically trust a self signed certificate.
Conclusion
As you can see, certificate trust is a major issue when it comes to providing SSL encryption. In Part 2, I will continue the discussion by showing you how to configure a client to trust an otherwise untrusted certificate. I will also show you how to enable SSL encryption for your FTP server.
Introduction
It is easy to think of IIS as just being an application for hosting Websites, but IIS can also be configured to act as an FTP server that allows users to upload and / or download files. An IIS FTP site can be bound to a Web site or it can be a standalone site. In either case, IIS offers you a great deal of flexibility in setting up an FTP site. In this article series, I will show you how to install the necessary services, and how to provision your IIS server. I will also show you some variations of these techniques that you can use to adapt your FTP site to specific types of situations.
Why Use FTP?
FTP (File Transfer Protocol) is far from being the only game in town when it comes to file transfers, so you may be wondering why I am bothering to write about FTP as opposed to some other type of file transfer mechanism. After all, the FTP protocol has been around since 1971, and is a bit dated to say the least.
I am not going to try to tell you that FTP is the be all – end all when it comes to file transfer protocols. There are certainly file transfer methods that are more efficient. Even so, there are a couple of different reasons why I chose to write about FTP. For starters, FTP is universal. Everybody knows what FTP is, and it works on pretty much every operating system.
FTP completely masks the complexities of interacting with various operating systems and file systems. It doesn’t matter if a user is using Linux, Windows 95, Windows Vista, or something really obscure. As long as their operating system is FTP aware, they can transfer files to or from an IIS server that is running on Windows Server 2008.
The other reason why I wanted to write about FTP is because the FTP services are included with IIS. You do not have to develop or purchase any additional software. Simply install the necessary components, adjust a few configuration settings, and you are in business.
Installing an FTP Server
Windows Server 2008 gives you two different options for installing an FTP Server. One option is that you can install the FTP server through the GUI. The other option is to configure the server to operate as a server core installation. As you might have heard, server core deployments are entirely command line driven, but are arguably more secure than their GUI counterparts because fewer Windows components are installed. In the interest of reducing complexity, I am going to focus my discussion on performing a traditional, GUI based installation.
With that said, begin the process by opening the Server Manager and scrolling through the pane on the right to the Roles Summary section. Next, click the Add Roles link that’s located within this section. When you do, Windows will launch the Add Roles Wizard.
Click next to bypass the wizard’s Welcome screen, and you will be taken to the Select Server Roles screen. Select the check box corresponding to the Web Server (IIS) role, and click Next. You will now be taken to the wizard’s Select Role Services screen. This screen lists the various IIS related components that you can install. Since many of the services required by an FTP server are selected by default, go ahead and click Next to accept the default values. You will now be taken to a confirmation screen that lists the choices that you have made. Take a moment to review the components that will be installed, and then click the Install button. When the installation process completes, verify that the installation was successful, and then click the Close button.
Now, open the Server Manager and navigate through the console tree to Server Manager Roles Web Server (IIS). Upon selecting the Web Server (IIS) container, scroll through the pane on the right until you locate the Role Services section. As you examine the entries in this section, you will notice that the FTP Publishing Service and its subcomponents are not installed.
You can install these components by clicking the Add Role Service link. Upon doing so, Windows will open a dialog box that prompts you to select the role services that you want to install. Select the check box corresponding to the FTP Publishing Service. Upon doing so, the underlying FTP Server service and the FTP Management Console check boxes will also be selected. Leave these items selected.
Click Next, and Windows will display a summary screen that shows you which role services that you are about to install. Assuming that your choices appear to be correct, go ahead and click the Install button. Windows will now install the selected role services. When the installation process completes, take a moment to verify that the installation was successful, and then click the Close button. I also recommend going back to the Server Manager and taking another look at the Role Services for the Web Server (IIS) role. You should be able to verify that the FTP Publishing Service, the FTP Server, and the FTP Management Console are all installed.
Securing Your FTP Server
Now that the necessary role services are installed, it is probably a good idea to secure your FTP server. One of the primary techniques used to secure an FTP session is to encrypt the session using SSL. Keep in mind that SSL encryption is not mandatory though. In some cases uploading or downloading unencrypted files is not a big deal. For example, I downloaded a new Microsoft Word template from one of my publishers via FTP last week. The transmission wasn’t encrypted, but it really did not matter because it was just a document template. In any case, it is a good idea to at least give your users the option of encrypting the session if they want to.
SSL encryption is based on the use of digital certificates. The certificate is not just used as the basis for encryption, it also serves as a mechanism to positively identify your server. There are actually three different options available to you in regard to using a certificate. You can purchase a certificate from a commercial certificate authority, you can generate your own certificate from a Windows Server that is configured to act as an Enterprise Certificate Authority, or you can configure your FTP server to generate a self signed certificate.
When you are trying to decide which method to use, remember that the client computer has to trust the certificate that the server is using. Windows clients automatically trust certificates from the major commercial certificate providers. They will usually also automatically trust an Enterprise Certificate Authority, so long as the client machine is a domain member. A client will never automatically trust a self signed certificate.
Conclusion
As you can see, certificate trust is a major issue when it comes to providing SSL encryption. In Part 2, I will continue the discussion by showing you how to configure a client to trust an otherwise untrusted certificate. I will also show you how to enable SSL encryption for your FTP server.
How to Install Windows Server 2008 Step by Step
Installing Windows Server 2008 is pretty straightforward and is very much like installing Windows Vista, but I thought I'd list the necessary steps here for additional information. For those of you who have never installed Vista before, the entire installation process is different than it used to be in previous Microsoft operating systems, and notably much easier to perform.
Using Vista's installation routine is a major benefit, especially for a server OS. Administrators can partition the system's hard drives during setup. More importantly, they can install the necessary AHCI or RAID storage drivers from a CD/DVD or even a USB thumb drive. Thus, error-prone floppies can finally be sent to the garbage bin.
Note: Windows Server 2008 can also be installed as a Server Core installation, which is a cut-down version of Windows without the Windows Explorer GUI. Because you don’t have the Windows Explorer to provide the GUI interface that you are used to, you configure everything through the command line interface or remotely using a Microsoft Management Console (MMC). The Server Core can be used for dedicated machines with basic roles such as Domain controller/Active Directory Domain Services, DNS Server, DHCP Server, file server, print server, Windows Media Server, IIS 7 web server and Windows Server Virtualization virtual server.
To use Windows Server 2008 you need to meet the following hardware requirements:
Component &Requirement :
~~~~~~~~~~~~~~~~~~~
Processor
• Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor)• Recommended: 2GHz or fasterNote: An Intel Itanium 2 processor is required for Windows Server 2008 for Itanium-based Systems
Memory
• Minimum: 512MB RAM• Recommended: 2GB RAM or greater• Maximum (32-bit systems): 4GB (Standard) or 64GB (Enterprise and Datacenter)• Maximum (64-bit systems): 32GB (Standard) or 2TB (Enterprise, Datacenter and Itanium-based Systems)
Available Disk Space
• Minimum: 10GB• Recommended: 40GB or greaterNote: Computers with more than 16GB of RAM will require more disk space for paging, hibernation, and dump files
Drive
DVD-ROM drive
Display and Peripherals
• Super VGA (800 x 600) or higher-resolution monitor• Keyboard• Microsoft Mouse or compatible pointing device.
Follow this procedure to install Windows Server 2008:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Insert the appropriate Windows Server 2008 installation media into your DVD drive. If you don't have an installation DVD for Windows Server 2008, you can download one for free from Microsoft's Windows 2008 Server Trial website.
2. Reboot the computer.
4. Next, press Install Now to begin the installation process.
5. Product activation is now also identical with that found in Windows Vista. Enter your Product ID in the next window, and if you want to automatically activate Windows the moment the installation finishes, click Next.
If you do not have the Product ID available right now, you can leave the box empty, and click Next. You will need to provide the Product ID later, after the server installation is over. Press No.
6. Because you did not provide the correct ID, the installation process cannot determine what kind of Windows Server 2008 license you own, and therefore you will be prompted to select your correct version in the next screen, assuming you are telling the truth and will provide the correct ID to prove your selection later on.
7. If you did provide the right Product ID, select the Full version of the right Windows version you're prompted, and click Next.
8. Read and accept the license terms by clicking to select the checkbox and pressing Next.
9. In the "Which type of installation do you want?" window, click the only available option – Custom (Advanced).
10. In the "Where do you want to install Windows?", if you're installing the server on a regular IDE hard disk, click to select the first disk, usually Disk 0, and click Next.
If you're installing on a hard disk that's connected to a SCSI controller, click Load Driver and insert the media provided by the controller's manufacturer.
If you're installing in a Virtual Machine environment, make sure you read the "Installing the Virtual SCSI Controller Driver for Virtual Server 2005 on Windows Server 2008"
If you must, you can also click Drive Options and manually create a partition on the destination hard disk.
11. The installation now begins, and you can go and have lunch. Copying the setup files from the DVD to the hard drive only takes about one minute. However, extracting and uncompressing the files takes a good deal longer. After 20 minutes, the operating system is installed. The exact time it takes to install server core depends upon your hardware specifications. Faster disks will perform much faster installs… Windows Server 2008 takes up approximately 10 GB of hard drive space.
The installation process will reboot your computer, so, if in step #10 you inserted a floppy disk (either real or virtual), make sure you remove it before going to lunch, as you'll find the server hanged without the ability to boot (you can bypass this by configuring the server to boot from a CD/DVD and then from the hard disk in the booting order on the server's BIOS)
12. Then the server reboots you'll be prompted with the new Windows Server 2008 type of login screen. Press CTRL+ALT+DEL to log in.
13. Click on Other User.
14. The default Administrator is blank, so just type Administrator and press Enter.
15. You will be prompted to change the user's password. You have no choice but to press Ok.
16. In the password changing dialog box, leave the default password blank (duh, read step #15…), and enter a new, complex, at-least-7-characters-long new password twice. A password like "topsecret" is not valid (it's not complex), but one like "T0pSecreT!" sure is. Make sure you remember it.
17. Someone thought it would be cool to nag you once more, so now you'll be prompted to accept the fact that the password had been changed. Press Ok.
18. Finally, the desktop appears and that's it, you're logged on and can begin working. You will be greeted by an assistant for the initial server configuration, and after performing some initial configuration tasks, you will be able to start working.
Next, for the initial configuration tasks please follow my other Windows Server 2008 articles found on the Related Windows Server 2008 Articles section below.
For Official Microsoft information on Windows Server 2008, see the Windows Server 2008 homepage.
Using Vista's installation routine is a major benefit, especially for a server OS. Administrators can partition the system's hard drives during setup. More importantly, they can install the necessary AHCI or RAID storage drivers from a CD/DVD or even a USB thumb drive. Thus, error-prone floppies can finally be sent to the garbage bin.
Note: Windows Server 2008 can also be installed as a Server Core installation, which is a cut-down version of Windows without the Windows Explorer GUI. Because you don’t have the Windows Explorer to provide the GUI interface that you are used to, you configure everything through the command line interface or remotely using a Microsoft Management Console (MMC). The Server Core can be used for dedicated machines with basic roles such as Domain controller/Active Directory Domain Services, DNS Server, DHCP Server, file server, print server, Windows Media Server, IIS 7 web server and Windows Server Virtualization virtual server.
To use Windows Server 2008 you need to meet the following hardware requirements:
Component &Requirement :
~~~~~~~~~~~~~~~~~~~
Processor
• Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor)• Recommended: 2GHz or fasterNote: An Intel Itanium 2 processor is required for Windows Server 2008 for Itanium-based Systems
Memory
• Minimum: 512MB RAM• Recommended: 2GB RAM or greater• Maximum (32-bit systems): 4GB (Standard) or 64GB (Enterprise and Datacenter)• Maximum (64-bit systems): 32GB (Standard) or 2TB (Enterprise, Datacenter and Itanium-based Systems)
Available Disk Space
• Minimum: 10GB• Recommended: 40GB or greaterNote: Computers with more than 16GB of RAM will require more disk space for paging, hibernation, and dump files
Drive
DVD-ROM drive
Display and Peripherals
• Super VGA (800 x 600) or higher-resolution monitor• Keyboard• Microsoft Mouse or compatible pointing device.
Follow this procedure to install Windows Server 2008:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. Insert the appropriate Windows Server 2008 installation media into your DVD drive. If you don't have an installation DVD for Windows Server 2008, you can download one for free from Microsoft's Windows 2008 Server Trial website.
2. Reboot the computer.
3. When prompted for an installation language and other regional options, make your selection and press Next.
4. Next, press Install Now to begin the installation process.
5. Product activation is now also identical with that found in Windows Vista. Enter your Product ID in the next window, and if you want to automatically activate Windows the moment the installation finishes, click Next.
If you do not have the Product ID available right now, you can leave the box empty, and click Next. You will need to provide the Product ID later, after the server installation is over. Press No.
6. Because you did not provide the correct ID, the installation process cannot determine what kind of Windows Server 2008 license you own, and therefore you will be prompted to select your correct version in the next screen, assuming you are telling the truth and will provide the correct ID to prove your selection later on.
7. If you did provide the right Product ID, select the Full version of the right Windows version you're prompted, and click Next.
8. Read and accept the license terms by clicking to select the checkbox and pressing Next.
9. In the "Which type of installation do you want?" window, click the only available option – Custom (Advanced).
10. In the "Where do you want to install Windows?", if you're installing the server on a regular IDE hard disk, click to select the first disk, usually Disk 0, and click Next.
If you're installing on a hard disk that's connected to a SCSI controller, click Load Driver and insert the media provided by the controller's manufacturer.
If you're installing in a Virtual Machine environment, make sure you read the "Installing the Virtual SCSI Controller Driver for Virtual Server 2005 on Windows Server 2008"
If you must, you can also click Drive Options and manually create a partition on the destination hard disk.
11. The installation now begins, and you can go and have lunch. Copying the setup files from the DVD to the hard drive only takes about one minute. However, extracting and uncompressing the files takes a good deal longer. After 20 minutes, the operating system is installed. The exact time it takes to install server core depends upon your hardware specifications. Faster disks will perform much faster installs… Windows Server 2008 takes up approximately 10 GB of hard drive space.
The installation process will reboot your computer, so, if in step #10 you inserted a floppy disk (either real or virtual), make sure you remove it before going to lunch, as you'll find the server hanged without the ability to boot (you can bypass this by configuring the server to boot from a CD/DVD and then from the hard disk in the booting order on the server's BIOS)
12. Then the server reboots you'll be prompted with the new Windows Server 2008 type of login screen. Press CTRL+ALT+DEL to log in.
13. Click on Other User.
14. The default Administrator is blank, so just type Administrator and press Enter.
15. You will be prompted to change the user's password. You have no choice but to press Ok.
16. In the password changing dialog box, leave the default password blank (duh, read step #15…), and enter a new, complex, at-least-7-characters-long new password twice. A password like "topsecret" is not valid (it's not complex), but one like "T0pSecreT!" sure is. Make sure you remember it.
17. Someone thought it would be cool to nag you once more, so now you'll be prompted to accept the fact that the password had been changed. Press Ok.
18. Finally, the desktop appears and that's it, you're logged on and can begin working. You will be greeted by an assistant for the initial server configuration, and after performing some initial configuration tasks, you will be able to start working.
Next, for the initial configuration tasks please follow my other Windows Server 2008 articles found on the Related Windows Server 2008 Articles section below.
For Official Microsoft information on Windows Server 2008, see the Windows Server 2008 homepage.
Sunday, April 5, 2009
Working With the Domain Controller Diagnostic Utility (Part 6)
Discussing the remaining tests that you can perform against your domain controllers.
Introduction
So far in this article series, I have shown you quite a few different tests that you can perform on your domain controllers by using the Domain Controller Diagnostic Utility. Even so, there are still some tests that I have not talked about yet. In this article, I want to wrap things up by showing you the remaining tests.
Register in DNS
If you have been working with Windows for a while, then I am sure that you know that the Active Directory is completely dependent on the DNS services, and that every host on your network requires a Host (A) record on the organization’s DNS server. What a lot of people do not realize though, is that when you create the first domain in a forest, there are some domain specific DNS records that are created within a folder named DomainDnsZones. This folder is located within the Forward Lookup Zones in your domain folder.
The DomainDnsZones folder mains records for each domain controller. Without these records, other servers on the network will not be able to locate the domain controller’s directory resources. It is therefore essential that each domain controller be able to register itself within the DNS. This is where the Register in DNS test comes into play. This test verifies that the domain controller is able to register a directory server locator record
You can perform the Register in DNS test by entering the following command:
DCDIAG /Test:RegisterInDns /DnsDomain:
For example, if your domain were named Contoso.com, the command would look like this:
DCDIAG /Test:RegisterInDns /DnsDomain:Contoso.com
Replications
As I am sure you know, Windows 2000 Server and every subsequent version of Windows Server use a multimaster domain model. This means that each domain controller has its own copy of the Active Directory database, and updates can be made directly to any of these copies. When an update is made to the Active Directory database, the update is then replicated to the other domain controllers.
The Replications test checks to make sure that these updates are occurring in a timely manner. If there is excessive latency in the update process, then domain controllers will remain out of sync for an extended period of time, and there is a greater potential for conflicts to occur.
You can perform the Replications test by entering the following command:
DCDIAG /TEST:Replications
RID Manager
Any time that you create a new Active Directory object, such as a user or a group, Windows assigns it a unique Security Identifier (SID). That SID is made up of a domain SID that is common for all objects within a domain, and a relative identifier (RID) that is unique within the domain. The RID master provides each domain controller within a domain a pool of RIDs that it can use when new objects are created. When the pool nears depletion, the domain controller issues a request to the RID master for additional RIDs. If the domain controller is unable to contact the RID Master, then no additional objects will be able to be created on that domain controller once the pool of RIDs has been exhausted.
The RID Manager test allows you to verify that a domain controller can identify and contact the RID Master, and that the RID Master contains the appropriate information. You can run this test by entering the following command:
DCDIAG /Test:RidManager
Services
In Windows Server 2008, the Active Directory is now listed as a service within the Service Control Manager. As you might have guessed, the Active Directory is a bit more complex than it initially appears. The Active Directory Domain Service has a number of dependency services, some of which include the DNS Server (if it is present on the server), Kerberos Key Distribution Center, Intersite Messaging, and the File Replication Service.
You can use the Services test to make sure that the Active Directory Domain Service and all of its supporting services are running. To do so, issue this command:
DCDIAG /Test:Services
System Log
According to Microsoft’s documentation, the System Log test examines the system to make sure that no errors are being generated. This makes it sound as though this test parses the System event log looking for errors. Perhaps on some level it does, but that isn’t what appears to happen when you actually perform the test.
When you run the system log test, the Domain Controller Diagnostic Utility begins by identifying the home server and the Active Directory forest. It then performs a connectivity test, a system log test (which I can only assume looks for critical events in the system log), and a series of partition tests on various Active Directory Partitions (ForestDnsZones, DomainDnsZones, Schema, Configuration, etc.)
You can run the System Log test by entering the following command:
DCDIAG /Test:SystemLog
Topology
Windows Server uses something called the Directory System Agent (DSA) to provide access to the data store. The Directory Service Agent is made up of various services and processes that facilitate that access. The DSA is a part of the Local System Authority subsystem, and is typically accessed through the LDAP protocol.
When multiple domain controllers are in use, each domain controller must have topology information that links it to other DSAs. The Topology test validates that the topology that Windows has generated is fully connected for all DSAs.
One important thing to know about the Topology test is that it is one of the few tests that is not run by default. It must be manually executed. You can perform this test by entering the following command:
DCDIAG /Test:Topology
Verify References
The Verify References test makes sure that the system references required by the File Replication Service and that the general replication infrastructure are intact. You can perform this test by entering the following command:
DCDIAG /Test:VerifyReferences
Verify Enterprise References
The Verify Enterprise References test is very similar to the Verify References test that I just discussed. Like the Verify References test, the Verify Enterprise References test checks to make sure that references required by the File Replication Service and that the general replication infrastructure are intact. What makes this command different from the Verify References command is that it checks file replication service references and the general replication infrastructure across all of the domain controllers in the entire enterprise.
This is another one of those tests that are not run by default. You can perform this test by entering the following command:
DCDIAG /Test:VerifyEnterpriseReferences
Verify Replicas
The Verify Replicas test is another test that is not run by default, and must be manually executed. The basic idea behind this test is that Windows allows you to create application directory partitions, and those partitions can be replicated to other servers. The test allows you to make sure that all of the replica servers contain the appropriate replicas. You can perform this test by entering the following command:
DCDIAG /Test:VerifyReplicas
Conclusion
As you can see, the Domain Controller Diagnostic Utility is capable of performing numerous tests. In my opinion, DCDIAG is one of the most underrated diagnostic tools that Microsoft has ever created.
Working With the Domain Controller Diagnostic Utility (Part 5)
More tests that the Domain Controller Diagnostic Utility can perform.
Introduction
I ended the previous article in this series by talking about some of the individual tests that you could run by using the Domain Controller Diagnostic Utility. Although I have talked about quite a few tests so far, there are plenty of more tests that you can perform. In this article, I want to pick up where I left off, and talk about a few more tests that the Domain Controller Diagnostic Utility can perform.
Locator Check
The Locator Check is one of the more important tests that you can perform using DCDIAG. As I am sure you probably know, the Active Directory assigns various Flexible Single Master Operations (FSMO) Roles to certain domain controllers within the forest. The global FSMO roles are initially assigned to the first domain controller in the forest. There are also some domain level FSMO roles that are assigned by default to the first domain controller in each domain.
The Locator Check test performs tests to make sure that the servers that are hosting the global FSMO roles are known, and that those servers can be located. More importantly, it checks to make sure that the servers hosting global FSMO roles are responding to requests.
Performing a locator check is simple. All you have to do is enter the following command:
DCDIAG /TEST:LocatorCheck
Of course this is just the simplest example of how you would run a locator check test. You have the option of specifying a particular domain controller and a set of authentication credentials just as you can for any other test.
The Intersite Test
Depending on your Active Directory’s topology, the Intersite test may also be an important one. When you run the Intersite test, the Domain Controller Diagnostic Utility performs a series of tests to see if there are any problems with bridgeheads that could cause Active Directory information from replicating across site boundaries.
The syntax used for running the intersite test is almost identical to the one used for the locator check. If you want to perform an intersite test, just enter this command:
DCDIAG /Test:Intersite
The KCCEvent Test
Another replication related test is the KCCEvent test. This test is used to make sure that the Knowledge Consistency Checker (KCC) is functioning, and that it is completing without producing any errors. You can run the KCCEvent test by entering the following command:
DCDIAG /Test:KCCEvent
The KnowsofRoleHolders Test
The Knows of Role Holders test checks to see if the Directory Service Agent knows which servers are hosting the various Flexible Single Operations Master Roles. If you just want to run a quick test, then you can do so by entering this command:
DCDIAG /Test:KnowsOfRoleHolders
Although that test will usually get the job done, you may sometimes want to actually want to check to see which domain controllers that the Directory Service Agent thinks are holding the roles. If you want to identify the individual servers, then you will need to run this rest in verbose mode. To do so, enter this command:
DCDIAG /Test:KnowsofRoleHolders /v
The Machine Account Test
In an Active Directory environment, servers and workstations are joined to a domain. This process of joining a machine to a domain causes a machine account to be created. Like a user account, a machine account has a corresponding password and a number of other attributes that are designed to identify the individual machine. If the machine account becomes corrupted or falls out of sync with the Active Directory, then the corresponding machine will not be able to connect to the domain. Fortunately, there is a test that you can use to check the integrity of a domain controller’s machine account. You can perform this test by entering the following command:
DCDIAG /Test:MachineAccount
In all of the years that the Active Directory has been around, I have only run into a few situations in which a problem with a machine account kept a machine from functioning correctly. In most of those cases, the problem was caused by the machine account’s password getting out of synch with the password for the machine account that is stored in the Active Directory database.
If a machine account does have problems though, there are a couple of optional switches that you can use to correct the issue. One such switch is the /FixMachineAccount switch, which resets the accounts various flags. If that does not correct the problem, then you can always try recreating the machine account by using the /RecreateMachineAccount switch.
The Naming Context Security Descriptors Test
One of the more obscure tests is a check to see if the security descriptors on the naming contexts are correct. If the security descriptors are invalid, then replication may fail. You can run this test by entering the following command:
DCDIAG /Test:NCSecDesc
NetLogons
A similar test related to replication is the NetLogons test. It checks to see that replication is not failing because of insufficient logon privileges. You can run this test by entering the following command:
DCDIAG /Test:NetLogons
The Objects Replicated Test
Another important test related to the replication process is the Objects Replicated test. This test is primarily used to confirm that machine accounts have replicated across all of your domain controllers, but it can also be used to check to see if other types of objects have replicated as well.
In order to use this test, you are going to have to know the distinguished name (DN) of the object that you want to test. If the object that you are looking up is something other than a machine account, then you will also have to know the object’s naming context. The syntax for this test looks something like this:
DCDiag /Test:ObjectsReplicated /ObjectDN:
The Outbound Secure Channels Test
As the machines that store user passwords and various other security settings, domain controllers are some of the most sensitive servers on a network. As such, Microsoft has configured the domain controllers to communicate with each other over a secure channel whenever possible. This prevents people from using a packet sniffer to steal Active Directory information as it replicates from one domain controller to another.
By definition, a secure channel is an authenticated remote procedure call (RPC) connection between two machines in a domain with an established security context used for signing and encrypting RPC packets.
It should therefore come as no surprise that the Domain Controller Diagnostic Utility provides a test for checking outbound secure channels. This is one of those tests that is not run by default, so you will have to run it manually if you want to use it. The syntax looks like this:
DCDIAG /Test:OutboundSecureChannels /TestDomain:
Normally, this test will only check the domain controllers within the current site. You can force the test to check external sites by adding the /NoRestriction switch to the test.
Conclusion
In this article, I have talked about several of the tests that you can perform against your domain controllers by using the Domain Controller Diagnostic Utility. Believe it or not, we are not done yet. There are still several more tests that I want to talk about. In the next article in the series, I will wrap things up by talking about the remaining tests.
Working With the Domain Controller Diagnostic Utility (Part 4)
Demonstrating some additional tests that Domain Controller Diagnostic Utility can perform.
I ended the previous article in this series by talking about some of the individual tests that you could run by using the Domain Controller Diagnostic Utility. In this article, I want to pick up where I left off and talk about more tests that you may perform.
I ended the previous article in this series by talking about some of the individual tests that you could run by using the Domain Controller Diagnostic Utility. In this article, I want to pick up where I left off and talk about more tests that you may perform.
DCPROMO
Some of the tests that are available through the Domain Controller Diagnostic Utility tend to be a bit obscure to say the least. In contrast though, the DCPROMO test is actually very useful. It is designed to let you test a server’s readiness prior to promoting the server to a domain controller. Granted, promoting a server to a domain controller is a fairly simple process. You just enter the DCPROMO command, click Next a few times, and you are on your way. Even so, I have created hundreds of domain controllers over the years, and it has been my experience that every once in a while the process goes belly up because of something unexpected. Personally, I would rather know up front whether or not the server was prepared to be promoted to a domain controller, then to try the promotion, have something go wrong, and have to figure out why. Of course if the domain controller promotion process does end badly, then you can always use the DCPROMO test after the fact to help you to figure out what happened.
If you are going to use the DCPROMO test, then you are going to have to use at least two command line switches with it. The first switch that you have to use is the /DNSDomain switch. You must use this switch to tell the Domain Controller Diagnostic Utility which domain the server is going to be made a domain controller in.
You have to follow the /DNSDomain switch with a secondary switch that tells the Domain Controller Diagnostic Utility what your intentions are for the server. For example, if the server is going to be a domain controller in a new forest, then it would need to be tested differently than it would if it were going to be an extra domain controller in an existing domain.
The switches that you use to tell the Domain Controller Diagnostic Utility how the new domain controller will fit into the existing Active Directory structure are self explanatory for the most part. The switches are:
/NewForest
/NewTree
/ChildDomain
/ReplicaDC
For example, if you wanted to use the server as an extra domain controller in an existing domain named Contoso.com, then the command’s full syntax would be:
DCDIAG /test:DCPROMO /DNSDomain:Contoso /ReplicaDC
One caveat that I do want to mention is that if you use the /NewTree switch, then you will have to use a third switch named /ForestRoot. Simply follow the /ForestRoot switch with a colon and the name of your root domain (/ForestRoot:Contoso.com)
DNS
It is easy to think of the Domain Controller Diagnostic Utility as a mechanism for running diagnostic tests against your domain controllers. Even so, this utility comes with a whole series of tests designed to help you to diagnose problems with your DNS servers. This should really come as no surprise. After all, the Active Directory is completely dependent on the Domain Name Services, and the first domain controller in a forest is usually configured to act as a DNS server.
The DNS test is actually made up of quite a few individual tests, any of which can be performed individually. If you choose to call the DNS test without specifying any additional switches, then the Domain Controller Diagnostic Utility will run all but one of the sub tests. The test that gets skipped involves resolving external domain names. I will talk more about this test in a moment. Before I do, I want to give you a list of the tests that are performed when the DNS test is run without any extra switches. Figure A shows what some of the default DNS tests look like when executed.
Test Name | Switch for performing the test manually | Description of the test |
| Basic diagnostic test | /DNSBasic | This is a basic diagnostic test, which is performed any time that you perform a DNS test. This test cannot be skipped, regardless of which command line switches are used. |
| Forwarder and root hint test | /DNSForwarders | This test checks the DNS server’s forwarders and it’s root hints. |
| Delegation test | /DNSDelegation | This test checks the DNS server’s delegation |
| Dynamic Update Test | /DNSDynamicUpdate | This test checks to see which portion of the DNS namespace the DNS server is authoritative over. |
| Record Registration Test | /DNSRecordRegistration | This test verifies that records can be registered on the DNS server. |
Figure A
Figure B: This is what it looks like when you perform a default DNS test
Earlier, I mentioned that the only test that is not run by default when you specify that you want to test the DNS configuration is the external name resolution test. There are a few switches that you can use if you want to run the external name resolution test though.
One option is to use the /DNAAll switch. This switch tells the Domain Controller Diagnostic Utility to run all of the DNS related tests, including the external name resolution test. The full syntax of this command is:
DCDIAG /TEST:DNS /DNSAll
You also have the option of explicitly calling the external name resolution test rather than just bundling the test with every other DNS related test that the Domain Controller Diagnostic Utility can run. If you want to explicitly call the external name resolution test, then you can do so by specifying the /DNSResolveExtName switch.
In case you are wondering, the external name resolution test attempts to resolve the domain name Microsoft.com. You can however, specify a different external domain name to be resolved by adding the /DNSInternetName switch, in conjunction with the name that you want to resolve.
SysVolCheck
One of the simpler tests that the Domain Controller Diagnostic Utility can perform is the SysVolCheck. This test performs some basic tests against various Active Directory partitions including the forest DNS zones, the domain DNS zones, the schema, the configuration partition, and on the domain partitions. You can see what the SysVolCheck test looks like when executed in Figure C.
Figure C
The SysVolCheck test performs some initial connectivity tests, and then tests the various Active Directory partitions.
FrsEvent
The last test that I want to mention in this article is the FRSEvent test. In Windows FRS refers to the File Replication Service. As such, this test checks to see if the File Replication Service is experiencing any operational errors. This is important, because if the FRS is malfunctioning, then the domain controllers can become out of sync, which can cause policies not to be applied properly until the problem is fixed.
Conclusion
In this article, I have discussed a few more tests that you can run by using the Domain Controller Diagnostic Utility. In the next article in this series I will show you some more tests that you can run.
Subscribe to:
Posts (Atom)