Tag: Windows

Migrating Users on Windows 2003 Domains

Steve and I have often been stumped with migrating users simply because there’s not an easy to follow “how to”. So here’s an easy-to-follow “how to”.

To migrate users across domains, you will need the Active Directory Migration Tool from Microsoft. Install this on both servers.

First thing’s first – you’ll need to create a trust between the two domains. To create a trust:

  1. Set up a secondary DNS zone on each domain controller you plan to use. You need to enable Zone transfers on the DNS servers, and then create a secondary zone on each server of the other domain.
  2. Create a domain admin user account on each domian with the same username and password.
  3. On one of the servers you are working on, access Administrative Tools > Active Directory Sites and Trusts. Right-click on the domain you are using – and then click properties. From here, you can create a two-way trust between each domain.

Now we’re ready to migrate users. If you need the passwords migrated as well, you will need to complete these steps. If not – skip to the next part.

  1. On the source domain controller, you will need to create a key file. Open up the command prompt and type in the following (replace with your own domain and .pes file): 
    <code>admt key /option:create /sourcedomain:your.domain /keyfile:C:\MyKey.pes /keypassword:*</code>
  2. Once the key file has been created – you need to install the Password Server. Run 
    <code>%systemroot%\admt\pes\pwdmig.exe</code>

    to install. During the installation, you will need to use the key file that we created in the previous step. You will also need to specify a domain administrative account to run the service.

  3. Now copy the keyfile to the target server. We need to manually import the key so that the passwords will transfer: 
    <code>admt key /option:import /sourcedomain:<em>your.domain</em> /keyfile:<em>C:\MyKey.pes</em>/keypassword:*</code>

    Enter the same domain and pasword you used in step 1.

  4. On the source domain controller – open Active Directory Users and Computers, and double-click on the BUILTIN\Administrators group. Add the target domain administrator to the group (eg. targetdomain\administrator).

Now to migrate those accounts! Woo!

  1. Open the ADMT tool from Administrative Tools
  2. Right-click on the Active Directory Migration Tool folder
  3. Click User Account Migration Wizard
  4. Select the source and target domain
  5. Select the users either with a file or though the AD tool
  6. Select the target OU where you would like the users to be migrated to in your new domain
  7. Select how you would like passwords to be handled. If you are migrating the passwords, you will need to start the Password Migration Server Service on the source domain now.
  8. Answer the remaining questions appropriately.
  9. Job done!

The new user accounts will appear in the new domain.

Converting WMV with mencoder

Steve and I have been working on a YouTube video downloader based in PHP. One of the features that I’ve been adding in is the ability to upload videos of any format and be encoded into a FLV, just like those big YouTube sites.

One of the problems I’ve been having is that the WMV videos race through at over 10 times the speed of the video, and leave the audio playing at normal speed. This, apparently, has to do with WMVs (and any ASF-based video) using a variable frame rate.

To get around this, you simply need to set a frame rate manually with -ofps. So, to convert a video from WMV to Flash video, you’d need a command like this:

<code>mencoder MyVid.wmv -o MyVid.flv -of lavf -oac mp3lame -lameopts abr:br=56 -ovc lavc -lavcopts vcodec=flv:vbitrate=400:mbd=2:mv0:trell:v4mv:cbp:last_pred=3 -srate 22050 -ofps 25</code>

This will keep the frame rate to 25 fps. Now, all I need to do is work out how to get the correct frame rate for the whole video…

Vista, Why You Eat my Computer?

So, Vista’s been out for a while now – some people think it’s great (usually they are selling it), some think that it’s pants.

Now, I’m not far from the front of the queue when it comes to raving about Linux. Ubuntu was the second Linux distro that I have tried, and I’ve stuck with it quite happily. In fact, things have remained pretty good from my initial post about my first experiences with Ubuntu.

On the other hand, Windows has it’s own place in the world. If you’re a person who can afford Microsoft’s astronomical licensing costs – then Microsoft can offer you some great things too.

Unfortunately, I don’t feel that Windows Vista is one of those great things.

Slug on Mogadon

The thing that strikes me whenever I use Vista is that it is so slow. Not just slow, but slooooooow. I have to use a variety of systems, and when I need to fix somebody’s laptop that is running Vista I should be putting an afternoon aside.

This isn’t entirely Microsoft’s fault. Consumer greed, business greed and the general desire to get more for less has also led to this rocky road to Hell. Computers and notebooks are generally sold cheap. Cheap means under-spec. Even up to the end of Windows XP’s golden lifespan (I’m not saying it’s past it, by the way), computer manufacturers were selling new systems with 256MB RAM. I’m sorry, but I’ve used Windows XP enough to know that as soon as you put on Service Pack 2, some anti-virus software, maybe some anti-malware package and then decide to run a few applications – time begins to speed up around you. Either that or the computer is running slowly. You decide.

Now Vista has mammoth requirements for what is essentially a core program. The minimum amount of RAM to run Vista is 512MB. That’s what I say is minimum for XP nowadays. I recommend having more than 1GB RAM installed for a pleasant Vista experience.

The problem is, noteboook manufacturers might even stump up the extra £5 to put 1GB of RAM in – but when 256MB of RAM is then being stolen by the onboard graphics so that you can see the Aero effects, things are clearly still not right.

Vista will run well on a decent, modern computer system. The problem is that Joe Public will be sold some tat from PC World by a part-time A-level student who will bestow Vista’s Flip-3D as a major selling point. Oh, it can burn DVDs as well.

Real Life

When real-life steps in, this is unsuitable for a lot of computers. Microsoft wants business to be using its latest baby, but on any existing hardware – Vista just doesn’t make the crunch.

My computer is almost 4 years old and runs Ubuntu beautifully. I have 1GB which more than meets any application requirements. In fact, this only becomes a problem when I run Windows XP in a virtual machine. Ironically, XP demands more memory running a few apps than the operating system that it is running on! And Ubuntu has a barrel more services, a 3D desktop, and (when I’m using it), about 10-15 application windows open!

Dual-boot

So I’m dual-booting into Vista at the moment. I do this when I fancy a game of Command and Conquer Generals with my brother over the internet. I often say, “I’ll just boot into Windows – give me 15 minutes.” Usually by the end of that time Windows may have finished messing around with updates, defragging, loading unneccesary services and generally being slow (on a 2.4GHz P4 with 1GB RAM), before I feel that I can get the thing to behave and run reasonably well.

I’ve been stung enough times when Vista decides that the ideal time to start defragging my hard disk drive and running an anti-spyware scan is during the middle of a game.

False Hope

When I was using the Beta versions of Vista, it was slow – but I figured that it was due to being a Beta. There was a clear effort from Redmond to meet Vista’s release date and there was a buzz. Vista naysayers were told to wait for the RTM (release to manufacturing) version. But overall, the performance wasn’t a great deal better in the RTM version.

More False Hope

Service Pack 1 was a glimmer of hope. Some performance increases and a rollup of some updates that fix what I can only describe as stupid problems that should never have been in the RTM version (such as having to Activate Windows after it has already been activated).

I thought I’d give this a try on my system. Guess what? It didn’t install. I wasn’t surprised. The update need prerequisites installed, and othr bits and bobs. I’d already had difficulty getting these installed on other computers, so I have a grave thought that it would mess up my system.

It didn’t install – but at least it didn’t wreck my system. Microsoft’s answer is to just keep trying until it works. Umm, I don’t have hours to piss away waiting for my work computer to continuously fail to install an update that takes around an hour to work out if it wants to install or now.

So, I gave up after attempt 3 or 4. I tried installing manually from the downloads. It’s not right. Vista feels inherently broken.

Time to Upgrade

So it’s time to upgrade to XP. It’s a joke I’ve seen floating around the internet for a while now, but it’s exactly how I’m feeling. I’m going to dual-boot into XP for playing games. It can run fast, and doesn’t have some of the hardware quirks that I’m still experiencing with Vista.

Over time, my disappointment with Vista has settled. It’s OK – but it’s extremely lacking in key areas. And these key areas tip the boat for me.

I’m just thankful that I run a Linux O/S as my main home operating system. I know it’s stable. I know it will behave itself most of the time. It’s still frustrating to use occasionally, but these times of frustration occur much less than when I use Vista.

Stop ‘Computer’ appearing when you logon in Vista

I’ve had a problem lately whereby various roaming profiles have the Computer window appear when users log into Windows Vista.

I messed around with a load of settings to try and work out what it was – I thought that as the problem only manifests itself in Vista with the new profiles, maybe it’s mis-interpreting a group policy setting such as the ‘only show personal folders’ setting.

It took a while, but there was no such setting to make My Computer appear in either the Desktop settings or Start Menu and Taskbar.

The offending article is that nigh-on useless Welcome Center that Vista imposes on users when they log in for the first two times. It seems that if you have redirected folders enabled and have turned off the common options for the Start Menu, then the Welcome Center fails to run. What then compounds the problem is that instead of showing the Welcome Center, it shows the Computer window.

Windows Vista Welcome Center - A useful portal to your computer or just a pain the the backside?

Here’s the kicker, because you cannot see the Welcome Center, you cannot tick the box to tell it never to appear again.

A very simple Group Policy fix is actually found in User Configuration > Administrative Templates > Windows Components > Windows Explorer. Here you can find the option Do not display the Welcome Center at user logon.

Once enabled, the annoying Computer popup is no more.

Enabling Group Favourites on a Network

One of the tricky things about managing Favourites for users on a network is that it’s a nightmare to easily deal with the varied requirements of users.

Generally, you would set up favourites on a Windows network to do one of the following:

  • Leave them as they are. Users can add and remove their own favourite websites
  • Redirect favourites to a shared location with a registry hack – but users lose their personal favourites
  • Add favourites through Group Policy – but you need a network admin to do this whenever something needs to be added.

Now, there’s a groovier, sexier way to do it. You can finally have your cake and eat it. The best part (or worst part depending on your point of view) is – the solution has been there all along.

Before We Start

You’ll need:

  • A Windows-2000 based network with group policy enabled, and an Organsational Unit with user accounts inside.
  • The Group Policy Management Console installed on either the server or a workstation that you will use
  • Administrator Rights

You also need to ask yourself who will have the rights to add shared favourites. This is fairly important, so consider it sensibly.

Getting Started

First of all, log on to a server and run the Active Directory Users and Computers console.

Somewhere in the AD structure, create a new security group called ‘FavouriteManagers’. Next add the users who you want to allow to change favourites to this group. If you don’t mind who changes the favourites, you can skip this step.
1-addgroup.png
This is the group who will be allowed to add favourites to the users. Once you’re done here, and you are happy with the users who are set up in this group – we can set up the tool.

Setting Up the Group Policy to Allow Favourites to be Modified

Log onto your server / workstation as an administrator and do the following:

  1. Open up the Group Policy Management Console, and find the OU where the user accounts you want to control are.
  2. Right-click on the OU and select, Create and Link a GPO here… Call the new policy ManageFavourites.
    2a-addusers.png
  3. Now click on the new policy, and click on the Delegation tab. Click Add… and add the FavouriteManagers group to have edit access
    4a-addusers.png4-addusers.png
  4. Click on the Details tab, and select Computer Configuration Settings Disabled from the drop down list. This will ensure that the logon times are kept brief for users.
    5-compsettings.png
  5. Close the Group Policy Management Console.

Create the Change Favourites

  1. Open a new Microsoft Management Colsole (Start > Run > type mmc > click OK)
  2. Click File > Add/Remove Snap-in
  3. Click Add…
  4. Click Group Policy Object Editor and click Add
  5. Click Browse, then All, double-click on the ManageFavourites policy.
  6. Click Finish. Click Close.
  7. Click on the Extensions tab and select Group Policy Object Editor from the dropdown list.
  8. Untick the Add all extensions checkbox. Then deselect all but the Internet Explorer
    6-gpconfig.png
  9. Click OK.
  10. Expand the tree to User Configuration > Windows Settings > Internet Explorer Maintenance.
  11. Right-click on URLs and select New Window from Here
    7-gpnewwindow.png
  12. Close the Console Root window so that only the URL window is visible.
    8-urlwindow.png
  13. Click File > Options
  14. Give the console a title, I have called mine Favourite-o-matic. Under Console Mode, select User mode – limited access, single window. If you want to, you can change the icon to a more user friendly icon. I like the windows Favourite icon from shell32.
    9-usersettings.png10-changeicon.png
  15. Click OK to close the options dialog.
  16. Click File > Save and save the new console to a share where all of your Favourite Managers can access it. Set up the appropriate links on the start menu / desktop and you’re all done.

Using the Console

All you now need to do is let users know how to add favourites. You can do this by double-clicking on Favourites and Links, and typing links into the tool. You can also organise the favourites into folders to make them easier to manage.

8-urlwindow.png

The only caveat is that when you remove a link, it will not take the link from the user’s Favourites folder. This would still have to be deleted manually. Bear this in mind when you go nuts with all of your new favourite links.

Becta – you’re getting it all wrong

I don’t know what Becta think they aim to achieve with the latest anti-Microsoft report, but I don’t think that they are going to reach the computer utopia that their report on Microsoft Vista and Office 2007 seems to desire.

I’ve breezed through the report, and I can’t get into my head

a) Who the report is aimed at
b) What the purpose is

As anybody who knows me knows, I’m not a Microsoft fanboy – and I’m not completely evangelical about Linux either. Both suit a purpose in their own way.

What irks me about this report is that it makes a great deal of assumptions, that invites the reader to go along with the ride and interpret that as the de-facto way of thinking.

My biggest annoyance of the report is the whinging about Office 2007. It complains that the DOCX format is not widely supported (true enough), and because Microsoft’s implementation of the “industry standard” open document formats is poor, everyone should use the Office binary format and OpenOffice.

Yes, that is right. Instead of being the driving force that Becta is supposedly meant to be, it’s making what I can only describe as a half-baked approach to document interoperability by saying, “Yeah – you should use OpenOffice. You should use ODF. But save in the office binary format.” I cannot fathom what they intend to accomplish with this attitude. If Becta truly are to inspire educational establishments to embrace open source and open standards – they are playing this totally wrong. I’ll rant a bit more about this later on. What beguiles me is that there is no acknowledgement of Office Compatibility mode. Also, Becta seem convinced that having an open document format means that it should render EXACTLY the same in any program that opens it. That’s just not the case. The point of open documents is to enable an application to access all of the information within, and render it approximately close to the original intent. Indeed, the DOCX file is a glorified ZIP file and no more. The XML is what’s in question with the open standards that ODF and DOCX are embroiled in.

Their year-long investigation into Windows Vista is a joke. Their summary is not to use mixed XP / Vista environments. If you’re considering upgrading your network, then take a look at Vista. So, the reader (if an IT person) is being told something that they should know: Any implementation of a new O/S environment takes planning, preparation, and testing. Oh, and mixed environments with XP and Vista are not the end of the world – I run them side by side quite happily.

I think it’s fair that the value added of using Vista Business compared to XP Professional is still in question. Not just for education, but for the industry as a whole. Microsoft have done a great job promoting Vista. But ultimately it is a very greedy operating system. Requirements are higher than what should be reasonable for an O/S, and most of the improvements are aimed at corporate customers where staff have their own computers – not the environment of schools or colleges.

A couple of niggles in Vista that cause complications on a roaming network:

  • The ‘lock computer’ button on the start panel can not be configured or changed. Totally useless in a roaming environment as a user may think that they have logged off when they press it. The consequence is that the new Start Panel has to be disabled on Vista machines.
  • No roaming gadgets – therefore the first thing that has to be turned off
  • Loss of active desktop. Now the intranet has to be opened by the user, instead of it being there by default. I know, gadgets are meant to replace that – which would be fine if it wasn’t for my last point

Also, the blanket statement of exercising your downgrade rights is a joke. Drivers for systems – especially laptops – are getting very difficult to track down all of a sudden for systems pre-Vista. The problem is compounded by the issue of a lack of drivers for Vista for some hardware peripherals. We’re in a transitional O/S point where we can’t seem to win either way. Becta miss this point entirely.

Finally, there’s Becta’s supposed pro-Open Source approach. They rejoice with Open Office, and say that there should be more choice. The problem is that when schools receive documents from other schools, or the education authority, of the government guess what? It’s Office binary format! And schools have Windows rammed down their throats because the EAs insist on them using Windows applications to deliver the curriculum. In fact, over the last couple of years, I’ve seem a number of free and discounted applications sent to schools where they are Windows applications. Then they deliver training on these programs.

If you want schools to be open source, you need:

  • to support the schools in doing so and not blame the industry for trying to sell something instead
  • to put pressure higher up the chain to being implementing policies to migrate to open document formats. Only then would it be possible for educational establishments to embrace this format
  • to start to educate people in education that there is an alternative

Finally, Becta needs to stop leeching off open-source like a parasite. I’m annoyed by it’s “get everything for free – don’t pay Microsoft” attitude. That’s not quite what open-source is about. With thousands of schools around the country, to ask schools to contribute in whatever way they can to projects that they benefit from would make open source more viable, because the UK education system could begin to change and direct the movement of open source. If a school is using an open-source alternative that would have cost them £250 for a site license of something else, why not contribute £50 to a project? If the project could do with documentation or translations, surely a secondary school or college could commit some resources to these kinds of things?

The education sector has by far the most potential to steer and promote the direction of open-source than anything else in the UK. It’s a completely missed and wasted opportunity.

I don’t think it’s unreasonable to expect some practical guidance on these matters from the leader of “the national drive to inspire and lead the effective and innovative use of technology throughout learning.” I really would like to see more of that.

With Vista and Office 2007 out in the wild for over a year now, Becta should have been making these points 12 months ago. Instead they let it slide and the complain when things don’t pan out as they expect, while missing the point entirely.

It’s such a shame.