Configuring DCOM on Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1
Introduction
Microsoft Windows XP Service Pack 2 (SP2) and Windows Server 2003 Service Pack 1 (SP1) include many changes that enhance security. Although these changes resolve problems that were present in earlier versions of Windows, they also prevent SAS DCOM servers from functioning. To enable SAS DCOM functionality, you must disable the additional security that is provided by these service packs.
Because enabling DCOM exposes security vulnerabilities that were corrected with Windows XP SP2 and Windows Server 2003 SP1, we recommend that you consider changing your SAS configuration to use IOM Bridge servers instead of DCOM.
If you continue to use DCOM, you will need to perform the following steps:
• Disable the Windows Firewall
• Configure DCOM Settings on the Server Machine
• Configure DCOM Settings on Each Client Machine
________________________________________
Disabling the Windows Firewall
The Windows Firewall software that is enabled by default in Windows XP SP2 and Windows Server 2003 SP1 prevents SAS DCOM connections from functioning. To disable the Windows Firewall:
1. From the Start menu, select Settings Control Panel and then double-click Windows Firewall.
2. On the General tab of the Windows Firewall dialog box, select Off.
3. Click OK to disable the firewall.
Note: You must disable the firewall on the server machine, and on each client machine.
________________________________________
Configuring DCOM Settings on the Server Machine
To enable DCOM on the server machine, you must grant launch and activate permissions to the client users as follows:
1. From the Start menu, select Run, and then type dcomcnfg. Click OK to launch the Component Services dialog box.
2. In the Component Services dialog box, select Component Services, and then click in the toolbar.
3. In the My Computer dialog box, select the COM Security tab, and then click Edit Limits under Launch and Activation Permissions.
4. In the Launch Permission dialog box, click Add to add the users and groups that will access the SAS server. For each user or group, select the name from the Group or user names panel and then select Allow for each permission.
5. Return to the Component Services dialog box. Expand the tree in the left panel as follows: Component Services Computers My Computer DCOM Config.
6. Select DCOM Config, and then locate your SAS server component in the right panel (for example, SAS.Workspace). Right click on the server component, and then select Properties.
7. In the Properties dialog box, select the Security tab, then select Customize under Launch and Activate Permissions and click Edit.
8. In the Launch Permission dialog box, click Add to add the users and groups that will access the SAS server. For each user or group, select the name from the Group or user names panel and then select Allow for each type of permission.
9. Return to the Properties dialog box, select Customize under Access Permissions, and then click Edit.
10. Select SELF in the Group or user names panel, and ensure that the Allow box is selected for the Local Access and Remote Access permissions.
If the SELF user is not available, add it by clicking Add and typing SELF in the Select Users, Computers, or Groups dialog box.
________________________________________
Configuring DCOM Settings on Each Client Machine
SAS servers use anonymous callbacks to notify client applications of events such as the completion of a SAS job. In Windows XP Service Pack 2 and later, you must grant ANONYMOUS LOGON permissions on each client machine in order to enable anonymous callbacks.
To configure the ANONYMOUS LOGON permissions:
1. From the Start menu, select Run and then type dcomcnfg. Click OK to launch the Component Services dialog box.
2. In the Component Services dialog box, select Component Services, and then click in the toolbar.
3. In the My Computer dialog box, select the COM Security tab and then click Edit Limits under Access Permissions.
4. In the Access Permission dialog box, select ANONYMOUS LOGON in the Group or user names panel, and then select the Allow box for the Remote Access permission.
Thanks & Regards
Sravan Kumar E
Thursday 19 February 2009
Monday 2 February 2009
SCCM Client Installation and software update using AD group policy
To configure an Active Directory Group Policy object to specify the software update point for client installation and software updates
=============
1. Using an editor such as Windows Group Policy editor, open a new or existing Group Policy object.
2. In the Group Policy editor, navigate to Computer Configuration / Administrative Templates / Windows Components / Windows Update, and then open the properties of the setting Specify intranet Microsoft update service location.
3. Click Enabled.
4. In the Set the intranet update service for detecting updates:
5. Give the path as http://servername.domain:default port
==============
Thanks
Sravan Kumar E
=============
1. Using an editor such as Windows Group Policy editor, open a new or existing Group Policy object.
2. In the Group Policy editor, navigate to Computer Configuration / Administrative Templates / Windows Components / Windows Update, and then open the properties of the setting Specify intranet Microsoft update service location.
3. Click Enabled.
4. In the Set the intranet update service for detecting updates:
5. Give the path as http://servername.domain:default port
==============
Thanks
Sravan Kumar E
Show Desktop Icon Missing:
open notepad and pass the below text and save it Show Desktop.scf file name that all you will get ShowDesktop Icon:
===========
[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop
===========
Thanks
Sravan Kumar E
===========
[Shell]
Command=2
IconFile=explorer.exe,3
[Taskbar]
Command=ToggleDesktop
===========
Thanks
Sravan Kumar E
Sunday 1 February 2009
Shell Script to ziping a Bulk files:
======================
Count=1
Part=0
echo "This zip contains the PDF Invoices" > /tmp/README
zip PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip /tmp/README
while [ ${Count} -le 30174 ]
do
FileName=`head -n ${Count} /tmp/modfilelist | tail -n 1`
echo "${Count} - Filename is ${FileName}"
echo "Count = ${Count} - Part = ${Part} - Zipped File Names - /Data/PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip"
zip -g /Data/PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip "`head -n ${Count} /tmp/modfilelist | tail -n 1`"
Count=`expr $Count + 1`
if [ `expr $Count / 8000` -gt $Part ]
then
Part=`expr $Part + 1`
echo "Count = ${Count} - Part = ${Part} - Zipped File Names - /D
ata/PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip"
zip PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip /tmp/README
fi
done
=======================
Thanks
Sravan Kumar E
Count=1
Part=0
echo "This zip contains the PDF Invoices" > /tmp/README
zip PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip /tmp/README
while [ ${Count} -le 30174 ]
do
FileName=`head -n ${Count} /tmp/modfilelist | tail -n 1`
echo "${Count} - Filename is ${FileName}"
echo "Count = ${Count} - Part = ${Part} - Zipped File Names - /Data/PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip"
zip -g /Data/PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip "`head -n ${Count} /tmp/modfilelist | tail -n 1`"
Count=`expr $Count + 1`
if [ `expr $Count / 8000` -gt $Part ]
then
Part=`expr $Part + 1`
echo "Count = ${Count} - Part = ${Part} - Zipped File Names - /D
ata/PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip"
zip PDF_Invoice_`date +'%d-%b-%Y'`-${Part}.zip /tmp/README
fi
done
=======================
Thanks
Sravan Kumar E
To unlock the Bulk AD accounts using Batch file:
Download unlock.exe and save it in your local computer and save the below commnads in batch file:
===============================
unlock . * -view > Unlock-Status.txt
unlock . *
===============================
Thanks
Sravan Kumar E
===============================
unlock . * -view > Unlock-Status.txt
unlock . *
===============================
Thanks
Sravan Kumar E
Subscribe to:
Posts (Atom)