Skip to main content


Showing posts from 2006

ds: compacting the wins database...

i have been terrible about compacting the wins database. i think about it so infrequently. it's definitely the last thing on my mind. well, according to microsoft, you should compact your wins database when it grows over 30mb. well, it's time. if you want details on jetpack, here's the article . otherwise, here's a short summary: navigate to %systemroot%\system32\wins stop the wins service: net stop wins run jetpack: jetpack wins.mdb tmp.mdb start the wins service: net start wins tmp.mdb can be named anything. it's used to replace the existing file when it finishes. i'm seeing about a 50% reduction in size when i do this. coincidentally, it's the same thing for dhcp except you point it to %systemroot%\system32\dhcp and the dhcp.mdb file. i wrote up this little script to use in mom. depending on the parameters you give, it will check either the wins or the dhcp database to see if it's above 30mb. if it is, it'll create an event. the param

misc: thanks!

for those of you that are MVPs, the kind folks at have once again renewed my one year subscription. for those of that are you not, is an excellent resource when you want to find information relevant to event IDs.

mom: monitoring adam

this just came across. i thought it was interesting for anyone that is interested in monitoring adam. i haven't looked at it yet... i don't really have any adam instances to monitor. anyway, it's a free mp from quest. check it out: .

sms: serial numbers with warranty expiration...

here's something fun to try over the holiday season. marry up serial numbers that you're already collecting from your dell systems and join them to expiration warranty data so that you can see when your systems will go out of warranty. anyway, i'm sure someone very versed in sql scripting can come up with something better than what i've illustrated. i'm using stock scripts from query analyzer. remember, this is completely unsupported by microsoft. :) there are a few things you're going to need to get this started: a csv containing serial numbers and warranty a new table to hold the information a view for the new table a method to get the information into the table a report to look at all the new data for the csv, you're going to need to get this data from dell (or from whatever manufacturer you use). basically, you'll want the format to look like this: ABC1234,12/04/2009 ABC2234,12/04/2008 ... on your sms server, crea

misc: atlanta smug coming up 1/31/07

southeast management user group it's that time again. i've put the agenda below and have provided the links to the event registration. hope to see you there! Event Overview 9:00-10:30 Technical discussion regarding Microsoft’s Desktop Optimization Pack and integration points with System Management Server (SMS) 2003 Service Pack 3 • Application Virtualization with Microsoft SoftGrid • Microsoft Asset Inventory Service • Microsoft Disaster Recovery Toolset • Microsoft Advance Group Policy Management 10:30-10:45 Break 10:45-12:00 Monitoring .NET Applications with Microsoft Operations Manager (MOM) & Avicode 12:00-1:00 Working Lunch Managing Mobile Devices with SMS 2003 & Odyssey Software 1:00-2:30 Monitoring SAP with Microsoft Operations Manager (MOM) & Tidalsoft 2:30-2:45 Break 2:45-3:30 SMS & MOM Top 10 issues delivered by PSS registration links: January 24th 2007 Event Title : Charlotte Southeast IT Management Meeting

miis: attribute not defined as source exception

i ran into this error recently which the fine folks @ helped me clear up. i didn't find but one reference while googling. even though the reference was right, it made so sense to me. no surprise right? here's the error: Microsoft.MetadirectoryServices.AttributeNotDefinedAsSourceException: Attribute "myAttribute" is not declared as a dependency. at Microsoft.MetadirectoryServices.Impl.MVEntryImpl.get_Item(String attributeName) at Mms_ManagementAgent_CCI_MA.MAExtensionObject.MapAttributesForExport(String FlowRuleName, MVEntry mventry, CSEntry csentry) i was goofing around with this sample code . the only thing i did was wrap an additional logic to check myAttribute to see if it needed to be processed at all. basically if myAttribute is marked to a value of "A" then do not process the user object under any circumstances. it seems the problem is that i didn't bother to include myAttribute as part of the flow going through the

mom: maintenance mode hta

in other words, a gui. matt broadstock was kind enough to notify us about this utility on the msmom list. it's a 1.0 version so there are plenty of things to improve, but this makes changing maintenance mode en masse a very simple task. check it out. it's labeled mom maintenance mode utility gui . send up your feedback.

ds: dumping all dns records

i've linked an interesting article on dumping out dns records. the one requirement is that zone transfers has to be turned on for the receiving client. in this case, it'd be your workstation... what fun. here are the steps, in short: nslookup set type=any ls -d > mydnsrecords.txt exit read the full article if you want the details... :T or try this method with dnscmd.exe .

sms: itmu v3 installation failure

run into this error code with itmu v3 ? error code: 0x80004005 this is because in order to successfully complete the install, you've got to rdp to the console session. as a reminder, in order to do this, from a run line type the following: mstsc /v: /console (by the way, the issue has been corrected in the newest bits. :)

os: time sync information

UPDATE : added some information regarding syncing to non-windows time sources. i hate dealing with time synchronization. the tools for windows are so hokey. you know, little nuances like deprecating net time in favor of w32tm just doesn't get enough press. oh well. recently, i had to look through this stuff again. i decided i'd write up a little blog note as a reminder for myself the next time i have to look at this stuff. to start off with, very useful links. how to turn on debug logging in the windows time service how to configure an authoritative time server in windows server 2003 windows time server and internet communication time synchronization may not succeed when you try to synchronize with a non-windows ntp server in windows server 2003 ... and now, some very useful commands: setting a time sync source: w32tm /config / update /manualpeerlist: time time /syncfromflags:MANUAL verifying the settings: w32tm /dumpreg /subkey:parameters

mom/sms: a couple of interesting articles...

i thought i'd point out a couple of interesting articles since the problem seems to surface on some of the listmail subscriptions i'm a part of. the first one is the neverending question... why do the active directory and exchange helper objects get installed on machines that aren't domain controllers or exchange servers? it's simple. the push installation does it automatically. here's the article that goes into detail about the asinine method to avoid this (manual installations or remove through arp). i included this one because it was something one of my coworkers discovered with microsoft (russ slaten to be exact). he's published a blog entry on it. here's the official article , however. basically it details how to get around (scripted or otherwise) the problem when you try to import a report, and it mercilessly tacks your cpu. basically the import object wizard can't handle large sql queries. :)

mom: securevantage directory services management pack

you're probably quite familiar w/ securevantage by now. if you don't, they produce management packs focused on security. it works right in mom... and is pretty wicked stuff. anyway, they offer a free directory services mp which does some basic functionality. if you don't have it, check it out... anyway, the really cool part is they mention me in the management pack description! nice! here's a snippet: Management Pack Purpose The Directory Services Controls MP (DCMP) provides low-level auditing for all types of objects in Active Directory. Directory Services events not only identify the object that was accessed and by whom but also document exactly which object properties were accessed. Features The Secure Vantage DSMP provides detailed OU auditing on user, group, gpContainer, dnsDomain and organizational units. The MP provides base event collection, control alerting, operational views, a forensic analysis report and KB content from Micros

mom: evaluate all criteria

ever wonder how to get an event rule to evaluate all of the criteria that you specify? add this as part of the criteria set: Message DLL - matches wildcard - * make sure this goes to the top of the list (or second to the top anyway).

sms: adjust permissions when using new tables...

okay, here's a little tidbit the next time you go messing around with creating new tables in sms. (uh, not that i have any knowledge of doing that.) if you've seen this error in web reports, then you'll know what i'm talking about. basically, in this scenario, you create a table, populate the data, match it up to something and everything works in query analyzer. the second you move it to a sms report... you get this: An error occurred when the report was run. The details are as follows: SELECT permission denied on object 'myNewTable', database 'mySMSDB', schema 'dbo'. Error Number: -2147217911 Source: Microsoft OLE DB Provider for SQL Server Native Error: 229 essentially, the problem is the table lacks the correct permissions. it seems the best way to go about doing this is first to create a view off the table you've made. afterwards, apply these permissions to the view: smsschm_users select

misc: they say that time changes things...

... but you actually have to change them yourself... -warhol you may have heard that daylight saving time is changing some of its parameters. in case you haven't heard, you should read more about it . in summary, we'll get four more weeks of daylight saving time: three weeks earlier (second sunday in march) and one week later (first sunday in november). go thank your congressman and the energy policy act. just so we're all on the same page, a computer keeps time in gmt format and uses the time zone offset to display the correct time. this means, you can't just sync time on a client and expect that the client will know about the new time zone parameters. the pertinence of a change of this magnitude is that your windows systems contain timezone data that is coded to increase/decrease the time by an hour based on currently known parameters. the other real problem is that microsoft (to date) has no plans to release a patch to address windows 2000 systems for the adjustme

ds: useraccountcontrol passwd notreqd

sometimes when something gets far enough under your skin, you have to go looking for an answer. i've seen this flag come up quite a few times running oldcmp dumps. well, i finally got sick of just saying... "i don't know" and started looking for the answer. also, i couldn't really find any sources of information that specified conditions or anything like that. so ... it made a perfect topic. many thanks to the brilliant minds on the mailing list and at microsoft. alright, so when does this occur? you can't set a user account this way through aduc so you can rule out that someone accidentally did this mousing around. it seems that if you create an account through adsi and don't specify a password, you'll end up with a uac value of 546. (if you don't understand uac values, skim over this article .) 546 basically translates to: normal user (512) disabled account (2) password not required (32) it seems kind of odd not to require a passwor

os: what not to do when using environment variables...

let's say you want to set a value to foo. so, you do something like this: C:\>set foo = geniusboy (you probably already see the mistake i just made.) so, now you want to retrieve the variable to use somewhere. you try to get it back by using this: C:\>echo %foo% %foo% instead of getting back geniusboy, you get back %foo%. hmmm. where did it go? now you run this command just to list all the environment variables that start with f: C:\>set f foo = geniusboy FP_NO_HOST_CHECK=NO so alright, it looks like it took. why doesn't it come back with the first echo command? notice the spaces in the variable? try echoing %foo %. C:\>echo %foo % geniusboy even the value returned has a space. apparently, it is quite literal about those spaces. :) clear the value and try again (don't forget the space). now it works fine: C:\>set foo = C:\>set foo=geniusboy C:\>echo %foo% geniusboy

mom: good resolutions are ...

...simply checks that men draw on a bank where they have no account. so with that in mind, since there are obviously no good resolutions... don't you wish mom 2005 came with some manner of auto-resolving alerts? this has been something that has annoyed me for quite some time. i don't see the purpose of letting alerts linger in the wild for the expanse of eternity when most administrators don't bother using the mom console. they just want stuff in their mailbox. here's a little script to do just that. i just took the scripts you can find all over the internet for resolving all alerts and added a date check so that only things over 5 days old are resolved. running this once a day by scheduled task helps keep things clean. the other benefit is that once the alert is resolved, the suppression goes away and notification fires again if the same problem is detected. just make sure to run it on the mom server. if you want to change it to look for things even older than 5

misc: displaying dell warranty data

might find this useful. took a very long time to get this... but now that i have it, i thought i'd share. using the following url, you can simply supply the service tag of a system to the end of the url. it'll take you right to the warranty page of a dell system. c=us&cs=555&l=en&s=biz & amp;~tab=2&ServiceTag= (it's all one long string; had to line break it) implications being, you could use this in your sms reports. you could also write a script to go to the site, pull down the data you need and write it back to something. hmmm...

mom: the absolute value of negativity...

i spent the better part of an afternoon writing a script to pick up some events in the event (ha?) that a machine had antivirus problems: dats too old, version too old, or antivirus not installed. i don't think that anyone would disagree with me on this one bit. scripting something like this is pretty straightforward... until you introduce it to mom. at that point, it's easy to get entrenched in stupidity. won't bore you with the details of all the iterations i spent writing in goofy lines of debug to figure out why it wasn't working. anyway, turns out the problem had a lot to do with this little bit of script. all the other stuff about version and existence worked fine. If DateDifference(CDate(sAVDate)) < sDaysBehind Then CreateEvent 41102,EVENT_WARN,"Antivirus Health Check","DATs are old." End If i've condensed the createevent line for brevity (and since brevity is the soul of wit, i should make this post small, right? actually... hmmm.).

mom: if it keeps up, man will atrophy all his limbs...

...but the push-button finger. and aren't we better creatures for it, mr. frank lloyd wright? by the way, pass me the remote. i'm already starting off on a very bad note. blogger just ate my homework so to speak. i was nearly done with this post when it decided to go rabid and eat the whole thing before my eyes. oh spare me the virtues of saving often. i'm quite annoyed. oh well. i hear that you actually write better when you write the same thing twice... uh huh. so to get started, recently the idea was tossed around that if we lost our management packs because of some errant corruption, we'd most likely have to reimport the stock management packs, trudge through the years of change data, and reset everything back to the way it was. either that or we have to restore the database. since neither of these options are really any better than eating a handful of chalk, we decided we should export management packs as a part of a weekly process. this way, if anyt

mom: editing rules en masse

so john hann sent an email about a blog post that he wrote which is coincidentally about a blog entry that stefan stranger posted (and might be posted by pete zerger or rory mccaw ) about a utility that michel kemp wrote to edit mom rules en masse. seriously, it's cool. go get it.

misc: registry keys to speed up terminal server

i'd link you directly to the article if i knew where it was. it might be somewhere on anyway, this is a summary of a pretty good article greg shields put together. i believe you can find this stuff from doug brown at if you're interested. disable IE flickering: hkcu\software\microsoft\internet explorer\main Force Offscreen Composition dword: 1 disable file locking (do not use with database apps): hklm\system\currentcontrolset\services\lanmanworkstation\parameters UseLockReadUnlock dword: 1 disable ntfs last-accesed time stamping (use at your own risk): hklm\system\currentcontrolset\control\filesystem NtfsDisable LastAccessUpdated word: 1 disable lazy rights: hklm\system\currentcontrolset\services\lanmanserver\parameters IRPStackSize dword: 15 hklm\system\currentcontrolset\services\lanmanworkstation\parameters UtilizeNT Caching dword: 0 disable paging kernel mode drivers and system code to disk (improves kernel performance?): hklm\system\currentcontr

mom: jalasoft demonstration...

well, i met w/ jalasoft recently along with a couple of other community folks. the folks did a presentation on their xian product and integration with mom. if you're a mom shop, in need of rounding out your monitoring by tapping into your network devices, i would encourage taking a look at their product line. the first thing i'd like to address is the ui. it's, unfortunately, not wrapped into the mom console but modeled a lot like it. so, for usability factors (if you think the mom console is usable), it's at least not something so far out that you have to learn a whole new monitoring system. it seems fairly intuitive... but again, i was watching a guided demo. i'm not sure about the pricing. the product looks polished though. other than utilizing the administrative console separately, xian has a MP pack and reports that come with it. this makes the look and feel tie right into MOM. don't have to worry about having to look at a separate ops console t

mom: in the wild struggle for existence...

there's this little, seemingly trifling, setting in the context dialog box of a computer discovery rule. it reads like this: during computer discovery, contact each computer to verify that it exists . if you're wondering what this setting does, it's been purported that when it's enabled, the management server attempts to connect to the machine defined in the rule through the ipc $. i haven't fired up a network sniffer to confirm this allegation. if anyone has, please do comment!

sms: mid pleasures and palaces though we may roam...

be it ever so humble, there's no place like home. i am speaking of the advanced client, of course. i think i stumbled upon a scenario that seems undocumented. i've checked the following scenarios, both of which are good reads; neither of which discusses my scenario. anyway, here are the links, if you have interest. how it works: roaming in sms 2003 how clients find and use site systems and domain controllers   since it's not mentioned, i'll describe mine. i've a certain number of clients which are managed by the central site server. the reason for doing this is that the primary site server is shared. using the central server, allowed me some greater flexibility on access rights. the central site server has no distribution points since nor any boundaries. i can rely on the other site servers to handle the DP functions required for the clients reporting directly to central. the clients themselves have their sitecode set to the central site server. th

sms: sms_def.mof conversion to policy

some background: when a new sms_def.mof is placed in inboxes\clifiles.src\hinv data loader should pick it up, realize it's new, compile it, and convert it to a policy. i found something interesting. i use a different mof for my domain controllers since grabbing local accounts means grabbing all domain accounts. the reason i'm telling you this is because i moved the dc mof file into the \hinv directory then renamed it. it didn't do anything with the file. i tried again except this time, i copied the dc mof file locally, renamed it to sms_def.mof and dropped it in \hinv. this time, data loader did its work. hmmmm.

misc: psexec service is an incompatible version...?

i run into this problem often enough to have written a small batch file for it. it's really a pretty simple correction but quite irritating. anyway, this is the batch file contents. (this is the kind of stuff you can write before your first cup of coffee. funny how we have to get irritated enough times before doing something to make things easier.) sc \\%1 stop psexesvc del \\%1\admin$\psexesvc.exe del \\%1\admin$\system32\psexesvc.exe sc \\%1 delete psexesvc stop the service.  (it's probably running). delete the psexesvc.exe files that are copied to the server when you initiate a psexec command, then remove the service entirely. once you run psexec again after these steps on the broken client, it should start working again. c:\myBatchFile.bat [servername]

mom: remove computer groups from reporting server

i have been a slacker. don't have anything interesting to post lately. been doing some routine maintenace work and getting started on an upgrade. anyway, i won't hold you in suspense much longer... har. if you have computer groups in your drop-down selections of your mom reports, you can get rid of them if they annoy you that badly. it's unsupported but thought it was an interesting gem to capture. here's the details courtesy of a list member on issue this sql query against your mom reporting server database (systemcenterreporting): delete from sc_computerruledimension_table where name = ' computergroupname ' just replace computergroupname with the name of the computer group you can't stand to look at.

sms: dcm - alpha tech solutions

a few folks have posted comments regarding training on dcm that's available from alpha tech solutions . i wasn't sure how seriously to take it since i'd never heard of it before ... but after talking to one of the dcm dev folks, i decided to look into it a little bit. i emailed their sales person and asked for an eval so that i could go through the training set and review it. to my surprise, they were more than willing. :) training is broken down into two parts. the first part covers the following: introduction installing the dcm authoring tool creating and customizing manifests customizing scenarios (part 1) check service state check file version verify automatic updates verify smtp default domain verify minimum password length the second section covers the following: customizing scenarios (part 2) verify if a hotfix is installed verify if a service exists check file existence number range firewall status deployment and execution reporting by the time you've gone

sms: start to finish guide to mof editing

i finished reading start to finish guide to mof editing: the definitive guide to systems management server hardware inventory customization last week but hadn't had a chance to write up my thoughts about it until now. i had decided to load up vista ... which is another story entirely. i met the author at a user group conference in atlanta (southeast management user group). if you know jeff gilbert, you know what a character he can be. i'll just ask you to keep that in mind as you read the book. i think his intent was to try to make the book as easy to read as possible. i mean, a book on mof editing, is not exactly exciting material. however, he does try to add a bit of humor to keep the reader interested. the examples he uses are also clever enough to help some of the providers make sense. i remember way back when michael schultz asked me to review and edit his original mof editing guide. around this time, the sms mailing list was pretty active with most of us trying

mom: memory processes

NOTE: this script is deprecated. feel free to use it, but you should refer to this post, which actually has a newer, cooler script. this is kind of a follow on to my earlier post regarding cpu processes . this time, it detects memory processes. anyway, the thing works pretty much the same way. the logic is a bit different in the way it returns information, only because i didn't want to figure out how to do a bubble sort in vbscript and finding a threshold marker ... wasn't too sure about that either. i don't profess to be a script guru. what i did was tally up the total process workingsetsize by the number of total processes. using that as a kind of median value, the script returns anything above that threshold line. workingsetsize divided by 1024 gives you the same thing as task manager, in case you were wondering about that. if you have better suggestions, please do rewrite or modify and let me know! :) it's posted to the usual places: myitf

misc: atlanta smug coming up 9/20 8.5 - 3.00

hey folks, there's another southeast management user group coming up september 20, 2006. it'll run from about 8:30 to 3:00 at the sanctuary park facilities up here in alpharetta. if you remember, these run about every quarter or so. looks like a great lineup ... try to be there! the user group section on will be updated soon to reflect the new agenda. if you can't make it, as usual, the presentations will be posted to the site. look forward to seeing you all there. Agenda 8:30am - 9:00am Breakfast 9:00am - 10:15am Server and Desktop Deployment Methodologies with SMS 2003 Part 1 10:15am - 10:30am Break 10:30am - 11:00am SMS Admin Roundtable 11:00am - 12:00pm System Center Operation Manager Beta 2 via Webast in Atlanta 12:00 - 12:45pm Working Lunch Data Protection Manager Today and Beyond 12:45 - 2:00pm Server and Desktop Deployment Methodologies with SMS 2003 Part 2 2:00pm - 2:15pm Break 2:15pm - 3:00pm MOM and SMS Top 10 issues

sms: stopping errant package from sending to distribution points

not real sure how else to put it. this came up on the myitforum sms discussion list today. an administrator inadvertently created a very large patch package and replicated it to all of his distribution points. there's a few things to be aware of here: distribution points off of the site server are not governed by lan sender, hence have no bandwidth throttling distribution manager will attempt to complete the cycle before attempting to stop the cycle i'm not sure what his lan senders were set to ... but distribution manager sending this humongous package out to 20 or so distribution points (which only a few were local) was choking his wan links. how did he stop it? here's the steps: delete the package off the source site server execute stopjob.exe against all destination site servers

sms: itmu cannot start updates installation due to install window violation

don't inadvertently make this happen. it's pretty silly... inside the dsuw, you probably recall being presented with the option to force installations to comply to a window for advanced clients only. this setting is nearly useless if you're using dsuw the way it was intended (as in reoccurring schedules). it's also useless if you're forcing package download and execute instead of running from a remote distribution point. the window that is specified uses the advertisement start time as its beginning marker. this means if you set an early start time to make sure your clients downloaded this month's patches and then a mandatory execution 3 days later, your advertisement would fail. why? well, going on the default setting of 90 minutes, by the time the execution fires, you've already long lapsed that install window. you'll get an error in patchinstall.log that reads: cannot start updates installation due to install window violation.   if yo

mom: monitoring cpu spikes the right way

NOTE: this script is deprecated. feel free to use it, but you should refer to this post, which actually has a newer, cooler script. one of the things i can't stand about most monitoring systems nowadays is that they're not really designed to be viewed by an operator. i think we've diluted that term. we don't enable "operators" to really do much of anything. we give them a little console they can stare at and hope that if they see some alert pop up, they'll wake up and dial someone. how does that translate into a successful use of technology? i think we've all been around a phone long enough to know how to dial it. so ... why not take some baby steps and move forward? here's my baby step. i don't really do things out of my own volition because unless it's making my life easier, it's hard to be inspired. anyway, a fellow coworker received an alert on a cpu spike and asked the obvious question. what's making the condition occur?

os: kerberos maxtokensize giving you problems?

i experienced issues with this pretty quickly awhile back when we were rolling out windows 2000 so whenever i see something on maxtokensize, i wake up. anyway, again, one of the best sources of information, the mailing list, carried a conversation on this which lead to a couple of great links: address problems due to access token limitation tokensz tool

sms: looking for the dcm manifest beta?

saikodi updated his blog recently with some further instructions on locating the dcm manifest beta. i tried to locate it again but couldn't find it. i tried all variations of names to locate it but had no success. know why? i was already signed up. once i switched to "my participation", it was there, hiding in plain sight. search for the word "manifest" in the available list. it should be under the "core infrastructure solutions" connection.

ds: add conditional forwarders by command line

sometimes i think it's relevant to follow your own advice. of course, some lessons aren't learned by sedulous effort. often times, it requires moments of sheer languor. rtfm, rtfm, rtfm i tell myself! if you want to add conditional forwarders through command line, use this: dnscmd [servername] /zoneadd [] /forwarder [primary ip address] [secondary ip address] the /forwarder statement is actually expressing what zone type you want (e.g. primary, secondary, etc). using /forwarder tells dnscmd that you're interested in adding conditional forwarders. this stuff rocks. by the way, this is only available on 2003 or later. here's the tfm if you're looking for all the details.

mom: sp_helpdb - cannot insert the value null into column

been getting any of these errors? the system stored procedure sp_helpdb, which is used to gather information about the databases, has returned an error that may indicate that it cannot determine the db owner for the database [databasename]. here are the details: sp_helpdb @dbname='databasename' on sql server instance: [instancename]. error number: 515, error information: [microsoft][odbc sql server driver][sql server]cannot insert the value null into column '', table ''; column does not allow nulls. insert fails. this generally occurs when there's no owner specified for the database. executing this query will tell you if that's the case: select name, suser_sname(sid) from master.dbo.sysdatabases where suser_sname(sid) is null if indeed it does show up in this query, using sp_changedbowner will fix it. this will assign sa as the owner (make sure to change the database to the one you need to correct): exec sp_changedbowner 'SA'

mom: dell openmanage mp has been updated

it's been about a year since their last release so i'm sure there must be some improvements. i'm profiling the management pack in mpstudio now to see how it looks. by the way, you won't find it yet on the mom catalog, but you can get it here: . by the way, germany scored in the ecu v ger game in the first 5 minutes. wow!

ds: machine account password interval

you're probably familiar with default machine account password reset intervals: nt 4: 7 days 2000 & above: 30 days some additional details on this came through on the list. it's pretty cool so i thought i'd share for those that aren't subscribed. unfortunately the author of this information doesn't a blog (yet). does, however, maintain archives of the list. :) i'd link you... but that section seems unresponsive right now. at any rate, here's a snippet of the post. these are the logs generated during success, failure and offset. success: 05/25 14:48:22 [SESSION] NORTHAMERICA: NlChangePassword: Doing it. 05/25 14:48:22 [SESSION] NORTHAMERICA: NlChangePassword: Flag password changed in LsaSecret 05/25 14:48:23 [SESSION] NORTHAMERICA: NlChangePassword: Flag password updated on PDC 05/25 14:48:23 [MISC] NlWksScavenger: Can be called again in 30 days (0x9a7ec800) failure: 05/16 01:13:24 [SESSION] NORTHAMERICA: NlChangePasswor

mom: looking for a training class?

i have a hard time recommending a training class for mom. this is because, historically, microsoft official curriculum sucks. the information is too vague, not very timely, and doesn't discuss real-world issues. there's a new offering that looks very promising and has had some excellent reviews. i've looked over the syllabus. it looks very complete. it's a 4-day crash course on everything you need to know about mom and will bring your level of understanding much higher than what the MOC class could ever do. it's also taught by mom consultants and know their ... stuff. anyway, there's a class coming up in Atlanta! maybe i'll see you there. here's the details .

mom: tracking down duplicate notifications

while i was out at teched, a reader sent me an email on how to track down duplicate notifications. this was pretty fresh in memory since i had just gone through the same ordeal explaining to another group here why they received duplicated emails. now that i have the exact details at my disposal, i can relay them here with some manner of lucidity. (i hope anyway. still trying to get back into work mode ... and for some reason, someone brewed the old, nasty corporate coffee instead of the new, aromatic seattle's best. ah well...) the first thing to do is find the alert in the mom console. once you've isolated it, check the history tab of the alert. you might see something similar to this: Alert is created in management group myMgmtGroup. === 6/01/2006 08:20:03 === The server side response 'notify group: Network Administrators' triggered by rule 'Send notification for any Alerts with a severity of "Error" or Higher' ( DF7DA784-D7D8-4FC5-8109-04AB0