Archive for the ‘Maintenance’ Category

Active Directory

1) Review User Accounts and remove retired accounts.

2) Run Microsoft’s Domain Controller Diagnostics – From a command prompt, run dcdiag.exe (on DC only). If the commands are unrecognized, install Windows Support Tools.

3) Verify that approved password policy is being enforced.

4) Review the domain controller disk space reports.

5) Check your backups – AD backup includes capturing system state, information related to AD database, logs, registry, boot files, SYSVOL and other system files.

6) Check to make sure that AD replication is working correctly. To check, you can run the following command:
repadmin /showrepl

7) Check event logs for persistent errors.

8) Perform defragmentation to increase performance as large directories running for long time can get large and fragmented.

9) Verify integrity of AD DS database files with respect to AD semantics using NTDSUTIL.

DNS

1) Review DNS Records for obsolete static entries.

2) Ensure DNS Scavenging is configured.

3) Clean up forwarders

4) Remove stale zones

5) Remove WINS dependencies (DNS is fully capable of providing all long and short name resolution services)

6) Security Aspects
– Allow only secure dynamic updates for all DNS zones. This ensures that only authenticated users can submit DNS updates using a secure method, which helps prevent the IP addresses of trusted hosts from being hijacked by an attacker.
– If the server running the DNS Server service is a domain controller, use AD ACLs to secure access control of the DNS Server service.

DHCP

1) As always, check logs for critical DHCP related events. It would be recommended to implement a proactive monitoring solution for real-time data.

2) Frequent maintenance of the DHCP database is needed to keep it functioning properly and to recover whitespace. While DHCP is configured to do online maintenance to the database by default when there are no client requests; for busy DHCP servers, which possibly doesn’t have downtime, it is recommended to run offline maintenance against the dhcp.mdb file on a quarterly or half-yearly basis.
On a DHCP server computer, open a command prompt (Administrative access)
Use the Jetpack.exe tool to perform offline compaction.
Syntax: jetpack database_name temporary_database_name

Example:
cd WINDOWS\system32\dhcp
net stop dhcpserver
jetpack dhcp.mdb tmp.mdb
net start dhcpserver

This should work for both Windows Server 2003 and Windows Server 2008

Advertisements

1) Check server for latest available service packs and updates

2) Confirm file format (NTFS)

3) Check end-user disk quota availability and restrictions

4) Check File/Folder share permissions

5) Check and verify AV signatures. Ensure that AV scans for file server are scheduled for after-hours. Also make sure that AV auto-protection is ON

6) Check and verify that data drive (usually the non-OS) has at least 10% free disk space (may vary depending on your requirements)

7) Use any of the following paid/free tools (to name a few) for directory/folder size reporting so that you are able to determine what is hogging space on your data drive:

8) Perform disk cleanup. Manually delete temporary files or use one the following third party tools

9) Check and confirm that successful backup of the data has been taking place

10) Review security related vulnerabilities; check event logs – security

11) Review data (files/folders) on the server

  • Old and useless data can be purged
  • Old but required data can be moved to portable storage (external HDD, DVDs) and stored in fire-proof cabinet

12) Age of Files for archival purpose can be estimated by using tool like

13) Check if shadow copy feature is enabled and that there enough storage for the shadow copies (preferably on separate volume on another disk)

14) Keep a log/report of tasks perform for comparison for next audit/maintenance

You receive the following error when you click a hyperlink in Outlook (2003, 2007, 2010)

Error: This operation has been cancelled due to restrictions in effect on this computer

This is possibly due – default browser setup, registry corruption or file association

Step 1
Before I start with possible causes and solutions that I have encountered, please do the following:

1) Create a System Restore point
http://support.microsoft.com/kb/322756
2) Backup your registry completely
3) Backup user preferences and data for IE and Chrome/Firefox (if any); plugins or add-ons (if any)

This is for precaution only, I have not encountered any issues.

Step 2
Cause 1 – This issue may come up if the default browser is changed from Internet Explorer to either chrome or firefox.

Solution – This issue is known to Microsoft and so they allow you to fix this issue automatically or manually using this link:

http://support.microsoft.com/kb/310049#fixit4me

Cause 2 – After upgrading to a newer version of Microsoft Internet Explorer the following registry key may either missing or corrupted:

HKEY_Local_Machine\Software\Classes\htmlfile\shell\open\command

Solution – This issue is known to Microsoft and so they allow you to fix this issue automatically or manually using this link:

http://support.microsoft.com/kb/310049#fixit4me

Microsoft suggests that you either reset IE settings and manually set IE as default browser OR import the following registry key from a different computer which is working fine

HKEY_LOCAL_MACHINE\Software\Classes\htmlfile\shell\open\command

Step 3
It is important to verify that “HKEY_CLASSES_ROOT \.html” key is “htmlfile” and not “ChromeHTML” or “FireFoxHTML”

Step 4
If the doing the above still does not help, then uninstall Google Chrome and/or Firefox completely. You can re-install them later.

To remove Chrome or Firefox using “Add/remove Programs” in XP or “Programs and Features” in Vista/7 under control panel is one way to go.

To manually and completely remove Chrome; make sure that you un-hide file extensions. Backup your registry as I am going to suggest editing the registry and incorrect modification to registry can cause system damage.

Download the “chrome_remove.reg” file from here, rename it to “remove.reg” and run it.

Then;
For Windows XP; go to C:\Documents and Settings\USERPROFILE\Local Settings\Application Data\Google
For Windows 7; go to C:\Users\USERPROFILE\AppData\Local\Google

Right-click the Chrome folder and Delete it.

To manually and completely remove Firefox; first using “Add/Remove Programs” in XP or “Programs and Features” in Vista/7 under control panel to uninstall the application.

Then;
Delete Firefox installation folder under C:\Program Files\Mozilla Firefox or C:\Programs Files (x86)\Mozilla Firefox

Then;
For Windows XP; delete C:\Documents and Settings\USERPROFILE\Local Settings\Application Data\Mozilla\Firefox
For Windows 7; delete C:\Users\USERPROFILE\AppData\Local\Mozilla\Firefox

Then;
Download the “firefox_remove.reg” file from here, rename it to “remove.reg”  and run it or simply locate the following entries in registry and delete them:

HKEY_CLASSES_ROOT\FirefoxHTML
HKEY_CURRENT_USER\Software\Mozilla
HKEY_CURRENT_USER\Software\MozillaPlugins
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins

Step 5
Rebooting your computer would be a good thing to do after uninstalling the other browsers and registry change. Check if hyperlinks work now.

Step 6a – Windows XP
Finally if there is still an issue, you can download the html association fix registry file here and run it. This is specifically for Windows XP. This will reset all the registry associations for default browser to IE and original state.

This registry fix has been tested by me and I did not find any issues with it.

Step 6b – Windows 7
Finally if there is still an issue, you can download the html association fix registry file from here and run it. This is specifically for Windows 7. This will reset all the registry associations for default browser to IE and original state.

This registry fix has NOT been tested by me.

Step 7
Reboot your computer and test.

Conclusion

I have tested all the steps except for Step 5 (my issue was chrome related) and Step 6b. Please read through completely and most importantly follow Step 1 and backup.