Difference between revisions of "Advanced PC Config Topics"

(Tagged: Moving this page to the Internal wiki.)
Line 144: Line 144:
<pre>%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:R
<pre>%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:R
%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:W
%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:W
%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:C</pre>
%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:C</pre>  
*Notes: run cacls /? to get information on the syntax.
*Notes: run cacls /? to get information on the syntax.  
*Please remember to OMIT the slash at the end of a folder name:<br>Good:&nbsp;"C:\Program Files\MINITAB 14 Student"<br>BAD!!!!:&nbsp;"C:\Program Files\MINITAB 14 Student\" &nbsp;(note slash before " -- remove the slash)
=== Associate an extension or file type with a program using a script  ===
=== Associate an extension or file type with a program using a script  ===

Revision as of 12:46, 17 January 2010

NOTE: This page contains information that is only useful to Helpdesk / LIS faculty and staff. Therefore I'm considering moving this information to our Internal wiki. If you feel that this information is important to the general public and/or do NOT think that this move is appropriate, please comment on the discussion page.

--Hunt, Christopher 14:59, 17 November 2009 (UTC)

DeepFreeze Topics

Test if a machine is frozen (with Deep Freeze)

DFC.exe get /ISFROZEN | find "THAWED"

This will set %errorlevel% to 1 if it's frozen.

Labstats Topics

Adding a new lab in labstats

Just follow the links in the admin interface. Don't forget to:

  • Set the permissions (Administrators => Edit group permissions) to allow public users to view the lab (if that is desired).
  • Add a lab map (if that is desired)

Adding a new lab map in labstats

  • Login to the admin interface
  • Labstats uses "lab" configurations as the basic building block. To create a lab map, you first need to have a lab configuration for the particular computer lab. If there is no configuration for the particular computer lab, go into "Labs", add the new Lab. If the computers for this lab are already deployed with the lab stats client, they will appear in the Labs menu under "Unassigned" computers. Reassign them to the new Lab.
  • Go into the LabMaps section. Add a new map, choose the lab configuration. Drag the computers to arrange them. There are also some custom icons for doors, printers, scanners - use those if you'd like.
  • Finally, remember to assign permissions to the user called "Public User". Click on "Administrators", click on "Edit Group Permissions", click on "Public User", near the bottom of the page find the new lab, select it and place checkmarks next to "View Lab Map" and anything else you want the public to see.

Symantec Ghost Topics

Install a printer globally using Symantec Ghost Console (execute command)

New task => Execute command

Command: cmd

Arguments: /c RUNDLL32 PRINTUI.DLL,PrintUIEntry /ga /n\\papercut\LIB105 & net stop "Print Spooler" & net start "Print Spooler"

Using the Ghost Boot Wizard to create a bootable USB flash disk

A bootable USB flash disk with Ghost can be used to:

  • deploy the ghost console
  • deploy a ghost image from the network to a local disk
  • deploy a ghost image from one local disk to another
  1. Insert the USB flash disk (BACKUP ALL DATA FROM IT AS IT WILL BE ERASED!)
  2. Start the Ghost boot wizard from the Ghost console (or from c:\Program Files\Symantec\Ghost\Ghost Boot Wizard.exe)
  3. Select "Standard Ghost Boot Package" if you don't need network access.
    1. Next.
    2. If the drive you will be imaging TO is a USB drive, pick the USB option. Same with the SCSI
    3. Click next until you get to the "Destination Drive" section.
  4. Select "Network Boot Package" if you DO need network access.
    1. Next.
    2. Pick "Multicard Template"
    3. Select ALL the cards (see the section below on adding a new card).
    4. Click next until you get to the "Destination Drive" section.
  5. Select "Format Disk" and click Next. When it finishes, click "Finish".

Using the Ghost Boot Wizard to create an image of the ghost console partition

The ghost console partition is used to image a machine over the network. Any computer booted from the ghost console partition can be controlled by the Ghost server and an image can be pushed onto it. This is how we image labs.

To create a ghost image of the ghost console partition:

  1. Start the Ghost boot wizard from the Ghost server console (or from c:\Program Files\Symantec\Ghost\Ghost Boot Wizard.exe)
  2. Select "Ghost Console Partition"
  3. Next.
  4. Pick "Multicard Template" and select ALL the cards. If your network card is not in the Multicard template, you will need add it manually. See the section below on adding a driver for a new card. Once you add the driver for a new card manually, you cannot include it in the Multicard Template. You will need to create a separate ghost console image, just for computers with that new network card. When you add the driver for the new card, the driver will appear on the main screen of the ghost boot wizard. The procedure for creating a console image with the new driver is the same, instead of selecting the Multicard template, select the new driver.
  5. Click next until you get to the "Ghost Image Details" section. Here, click browse and choose where the ghost image should be saved. You can also enter a description for the ghost image.
  6. Click Next and then click "Finish" when finished.

This way, the Ghost Boot Wizard creates an uncompressed Ghost console image. This works fine, except it's a little slow when deploying the image. To speed it up, deploy the image to a computer or a flash drive, don't reboot. Then use Ghost again to create an image from the computer or the flash drive that you just ghosted. Choose to compress the new image. You can replace your previous console image with the new, compressed one, as it will be faster to deploy.

What to do if my network card is NOT in the multicard template

You will need a separate ghost console image for this situation.

  1. Follow the procedure outlined here: Adding_More_Network_Card_Drivers - this will allow you to add drivers for your network card.
  2. Then follow Using_the_Ghost_Boot_Wizard_to_create_an_image_of_the_ghost_console_partition, insted of choosing "Multicard Template", choose the network card driver you added in step 1.

Combining a bootable USB flash disk with the ghost console image

Using the procedures above you create two things:

  • A bootable USB stick with ghost on it
  • A ghost image to be deployed

You can actually copy the ghost console image to the USB flash disk. You can put it anywhere, but for this example it should be in the folder called "ghost" on the USB flash disk:

Contents of USB Flash Disk:
GHOST <-- Ghost console partition image goes here

Now you can boot from the USB flash disk, and when ghost loads you can go: Local => Disk => From Image and then select your ghost console partition image.

Adding More Network Card Drivers


Modifying the Multicard Template

Note that this does not work in the latest version of Symantec Ghost (the one we have). Workaround: create a ghost console image for each computer that's absent from the multicard template. Put each ghost console image on a bootable USB flash drive, as outlined in: Combining_a_bootable_USB_flash_disk_with_the_ghost_console_image.


Advanced Image Creation with Symantec Ghost

Skipping Certain Files

You can create a "skipfile" to "skip" (or exclude) certain files while creating the image. This is useful for decreasing the size of the image and making it more portable. For example it can be used to exclude the hibernation file or the page file. E.g.

skipfile should contain the following text:

[ghost exclusion list]
[end of list]

Then run ghost.exe with the flag -skip=@skipfile. *

This can also be used to allow KeyAccess (the KeyServer client) to be installed on the image. For details, see www.sassafras.com/hrl/6.1/clone.html

Symantec Ghost Console cannot generate enough unique names

On the ghost server, sometimes, the Symantec Ghost Server Console may refuse to execute a task with the error message:

The computer name in template configuration can not be used  to generate enough unique values.

The solution seems to be to edit the task, and in the configuration tab, browse, then right-click and edit the configuration template. In the configuration template screen, under the computer name section, make sure there are at least 4 asterisks (*) after the name (e.g BIH512-****).

Large Scale Software Deployment, Account and Settings Management

Change the security or file system permissions on a file or a folder using a script

%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:R
%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:W
%windir%\system32\cacls.exe "C:\Program Files\MINITAB 14 Student" /T /E /C /G Everyone:C
  • Notes: run cacls /? to get information on the syntax.
  • Please remember to OMIT the slash at the end of a folder name:
    Good: "C:\Program Files\MINITAB 14 Student"
    BAD!!!!: "C:\Program Files\MINITAB 14 Student\"  (note slash before " -- remove the slash)

Associate an extension or file type with a program using a script

assoc .dg5=deltagraph
ftype deltagraph="C:\Program Files\DeltaGraph 5\dg5.exe" "%1"
  • Notes: Commands need to be run as an admin. Changes are immediate. This doesn't give a fancy icon to the file type.

Copy Office 2007 Quick Access Toolbar Settings to Default User

Office 2007 (e.g. Word 2007) stores the quick access toolbar settings in "C:\Documents and Settings\%username%\Local Settings\Application Data\Microsoft\Office" in files that end with ".qat". If you use the "copy to default user" technique, anything under "Local Settings" does NOT get copied over. If you really want to control the quick access toolbar settings you will have to create this folder: "C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Office" folder and manually copy over any "qat" files from your template user account.

Install and Config Lab Software

See: Install and Config Lab Software

Change the desktop wallpaper with a script

REG ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "%SystemRoot%\energybliss.bmp"

followed by

%SystemRoot%\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters

Get a list of globally installed printers

rundll32 PRINTUI.DLL,PrintUIEntry /ge

Delete a globally installed printer

RUNDLL32 PRINTUI.DLL,PrintUIEntry /gd /n\\papercut\BIH117

Install a printer globally with a script

RUNDLL32 PRINTUI.DLL,PrintUIEntry /ga /n\\papercut\BIH117
net stop "Print Spooler"
net start "Print Spooler"

Set a printer as default with a script

RUNDLL32 PRINTUI.DLL,PrintUIEntry /y /n "\\papercut\BIH117"

To set the printer as default globally (for all users) you will need to put this in a bat file and place that bat file in Docs&Settings\All Users\Start Menu\Programs\Startup

Two Installed Versions of PowerPoint, Word or Excel, set one as default

Click on Start => Run => Enter

"C:\Program Files\Microsoft Office\OfficeXX\ZZZ.EXE" /regserver

Where XX is a number (11 for Office 2003, 12 for Office 2007) and ZZZ.EXE is the name of the executable for word, excel or ppt (WINWORD.EXE or EXCEL.EXE or POWERPNT.EXE). E.g. set PowerPoint 2003 as the default powerpoint:

"c:\program files\Microsoft Office\OFFICE11\POWERPNT.EXE" /regserver

Performing Silent Software Installations

These are referred to as silent, unattended or network installation / deployment.

  • Any application installer in MSI format can be installed silently, provided that the manufacturer didn't make the installer extremely complex (e.g. LabVIEW) :
MSIEXEC.EXE /I "path and filename of MSI" /QB- /LWAMOE c:\temp\install.log ALLUSERS=1

More detail here: http://www.appdeploy.com/articles/commandline.asp

Add domain users or groups to the local Administrator group

net localgroup Administrators "MIDD\GROUPNAME" /add

Add or change a system variable permanently

For XP and earlier you need the XP SP2 Support Tools from microsoft. http://www.microsoft.com/downloads/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38&displaylang=en - part of these tools is the command line utility setx

setx path "%PATH%;c:\blast-install\bin"
setx DATA "c:\blast-install\data"
setx BLASTDB "c:\blast-install\db"

Computer is slow right after login

Start => Run => cmd

Paste: start /wait Rundll32.exe advapi32.dll,ProcessIdleTasks

Add a Windows Firewall exception with a script

netsh firewall set allowedprogram "C:\Program Files\RealVNC\VNC4\winvnc4.exe" "VNC-LabManager" enable

Update and sync date and time using a script

REM Update time
w32tm /config /manualpeerlist:time.middlebury.edu
w32tm /config /update
net stop w32time
net start w32time
w32tm /resync

Active Directory Domain and Group Policy Notes

  • User|machine policies stored in regedit: HKCU|HKLM\Software\Policies -- the history of applied per-user group policies is in HKCU|HKLM\Software\Microsoft\Windows\CurrentVersion\GroupPolicy\History
  • Per-user policies supposedly applied upon login and every 90mins. Per-machine policies on bootup.
  • I had one instance where two different GPOs were modifying the same setting. Judging by the inheritance tab, one of them should've trumped the other, but neither was getting applied.
  • Per-machine settings trump per-user settings (per-user settings may not get applied).
  • To immediately apply group policies (or refresh group policies) on the client (first two for Windows 2000, maybe XP+?, last one works with XP+, maybe 2k?):
    gpupdate /force
  • You can use gpresult to see what policices were applied. gpedit /z gives very verbose info.
  • Replication between the domain controllers occurs every 15-30 minutes, so keep that in mind when testing new settings (after updating a GPO it may take a bit for the machines checking for updates to get the updated GPO).

Creating a local user on a Windows computer that's joined to a domain

See: Creating a local user on a Windows computer that's joined to a domain

Troubleshooting Sysprep

Sysprep Log Files

Sysprep logs Windows setup actions in different directories, depending on the configuration pass. Because the generalize pass deletes certain Windows Setup log files, Sysprep logs generalize actions outside the standard Windows Setup log files. The following table shows the different log file locations that are used by Sysprep.

Item Log Path





Unattended Windows setup actions


Troubleshooting NetDom

Netdom.exe creates a log file at %windir%\Debug\netsetup.log

- Computer should not be already bound to domain

- Time must be accurate

Script to change (or reset) the machine account password (for a client machine bound to AD)

(requires nltest from the Windows XP resource kit)

nltest /SC_CHANGE_PWD:middlebury.edu

Distributing Specific Applications on a Large Scale


  • QuickTime is an msi, so pushing it or packaging it is OK.
  • Occasionaly the MIME settings break (broken quicktime icon with a question mark in Firefox or Internet Explorer; empty file types and MIME types in QuickTime Control Panel). The only solution I've found is to uninstall QuickTime, then reinstall it. If user accounts created from default user exibit this behaviour, you will need to create an admin account (e.g. "testadmin"), login to it, uninstall/reinstall quicktime, log out, log into another admin account, copy the fixed account (e.g. "testadmin") to default profile.


Get a list of installed applications using a script

wmic /output:c:\AppList.htm product get name,version

Deleting an OEM Partition using diskpart

An OEM partition (such as a recovery partition, or a diagnostic partition) cannot be deleted from Control Panel => Adminstrative Tools => Computer Management => Disk Management. You can, however, delete such a partition using the command line "diskpart". Procedure:

Start => Run => cmd => OK Type the commands below. Replace # with the number of the disk or partition that you find using the "list" command.

select disk #
select partition #
delete partition override
Powered by MediaWiki