https://skydrive.live.com/view.aspx?cid=C756C44362CD94AD&resid=C756C44362CD94AD%21609

http://www.winhelponline.com/blog/mapped-drives-are-not-seen-from-elevated-command-prompt-in-vista/

 

When I tried to access a network drive via elevated Command Prompt, the drive was not found and I got the error The system cannot find the path specified. However, the drive-letter is listed in (My) Computer and accessible from non-elevated Command Prompt.

Fig 1: Mapped drive not seen from Elevated Command Prompt.

Fig 2: Mapped drive accessible from a standard Command Prompt.

Upon searching the net, I found a Microsoft Knowledgebase article After you turn on User Account Control in Windows Vista, programs may be unable to access some network locations which address the problem. Here is an excerpt from that article that explains everything:

When an administrator logs on to Windows Vista, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights removed (filtered). This filtered access token is used to start the user’s desktop. Applications can use the full administrator access token if the administrator user clicks Allow in a User Account Control dialog box.

If a user is logged on to Windows Vista and if User Account Control is enabled, a program that uses the user’s filtered access token and a program that uses the user’s full administrator access token can run at the same time. Because LSA created the access tokens during two separate logon sessions, the access tokens contain separate logon IDs.

As I created the drive mappings from a standard user token earlier, the drives are not seen from an elevated token (For example, when using an admin Command Prompt.)

The problem was solved after I created the EnableLinkedConnections DWORD value in this registry key and set its Value data to 1:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System

The EnableLinkedConnections value enables Windows Vista to share network connections between the filtered access token and the full administrator access token for a member of the Administrators group.

You must restart the computer after creating the registry value.

Fig 3: Mapped drive seen from both standard and elevated Command Prompt Windows.

Registry fix

To automate the above setting, dowload enablelinkedconnections.zip, unzip and extract the contents to a folder. Double-click enablelinkedconnections.reg to run it. To reverse the changes use the undo.reg file.

And here is a useful note from James Finnigan [MSFT] posted at the MS Newsgroup.

The "EnableLinkedConnections" policy relies on the user being a member of the Administrators group and sharing across the boundary between non-elevated and elevated (which can lead to intentionally misdirected drive mappings by Malware). It is essentially a workaround for customers that are in the process of moving their users to standard user, but need to do so gradually and keep them as members of the Administrators group in the short-term.

MORE INFORMATION

Mapped drives created from an elevated access token will not be visible from processes running in limited user token. If you use Group Policy to create mapped drives, it uses the elevated access token. As a result, your user account (runs with the limited user token by default) won’t see the mapped drives. For more details and a workaround see: Group Policy Scripts can fail due to User Account Control. The script launchapp.wsf helps you create mapped drives under limited user token via Group Policy.

http://www22.verizon.com/residentialhelp/fiosinternet/networking/troubleshooting/questionsone/123899.htm

http://blog.xoc.net/2011/04/fixing-when-windows-sbs-doesnt-show.html

 

I have struggled for a few days trying to get the Windows Small Business Server 2008 connect launcher.exe program to show an existing account in the "Move existing user data and settings" page of the wizard. I tried everything I could think of to determine what was different about the account that was being listed and the account that wasn’t. There are lots of questions being asked about this on the web with no answers that worked for me. (There’s a long and uninteresting story involving an ID-10-T who works for the Microsoft Company Store on why I’m solving SBS2008 problems when 2011 is shipping now…I don’t know if this problem also occurs in SBS2011.)
All of the properties of the accounts were the same. Both had entries in the registry that were identical. I looked at the files that they opened using the SysInternals procmon program. I looked at the network traffic that the launcher program generated using Microsoft Network Monitor 3.4.
Procmon clued me in that there were some log files being generated. They are found in C:\Program Files\Windows Small Business Server\Logs.
Here’s the deal. Launcher downloads an executable called connectcomputer.exe and runs it. Connectcomputer does a huge amount of stuff. I’m not sure it needs to do all that–it has the distinct feel of having been written by an intern. One of the things it does is enumerates your user profile directory and checks every file. If any file in the entire directory tree is not accessible by it, or it runs into any problems with anything, it won’t list that account.
I opened connectcomputer.log in notepad and searched for the account that was missing. It showed an exception. For some reason, there was a recursive reparse point to a directory in my c:\users\myacct\appdata\local\application data directory that looped back to the same directory. A reparsepoint is a fake directory that links to another real directory on the drive. So I (and connectcomputer) could both cd into the "application data" directory forever until the filename became too long and it threw an error. Thus it was finding "c:\users\myacct\appdata\local\application data\application data\application data…" etc. By the way, this will not show up in the Windows Explorer, but does show up in the command line. How this reparse point got created is a mystery…maybe having to do with the account being originally created in Windows XP.
The next trick is removing a reparse point. I had a clue about that, and it just took poking around a little to find it. There is a nifty command line tool that comes with Windows called fsutil. It allows mucking with NTFS from the command line. First you must cd to the the directory that has the bad reparse point. The magic command line that fixed my problem is:
cd \users\myacct\appdata\local
fsutil reparsepoint delete "application data"

I then deleted the log files and reran launcher. This time it complained that it couldn’t read from another directory. That directory wasn’t important to me, so I just deleted it. Having fixed all the problems that the log file complained about, my account showed up in the "Move existing user data and settings" list!

 

You’re seeing the Read Mode display, with a black heads-up toolbar but no application chrome.

To turn that off, open Adobe Reader X, choose Edit – Preferences – Internet and untick "Display in Read Mode by default", then press OK.

http://support.microsoft.com/kb/883614

Method 1: Verify that the services are started

Make sure that BITS and the Automatic Updates service are started. To do this, follow these steps:

1. Click Start, click Run, type services.msc, and then click OK.
2. In the list of services, right-click Automatic Updates, and then click Properties.
3. In the Startup type list, click Automatic, and then click Apply.
4. If Service status is set to Stopped, click Start, and then click OK.
5. Right-click Background Intelligent Transfer Service, and then click Properties.
6. In the Startup type list, click Manual, and then click Apply.
7. If Service status is set to Stopped, click Start, and then click OK.

Back to the top

Method 2: One or both of the services do not appear in the Services Control Manager

Note If you manually type the commands in this section, remember that they are case sensitive.
If the Automatic Updates service or the Background Intelligent Transfer Service does not appear in the Services Control Manager, reinstall that service or those services. To do this, use one or both of the following methods, depending on your situation:

The Automatic Updates service is missing

To reinstall the Automatic Updates service, follow these steps:

1. Click Start, click Run, type the following command, and then click OK:

   %windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\au.inf

2. If you are prompted to insert your operating system CD, type the following path in the Copy files from box, and then click OK:

   %windir%\ServicePackFiles\i386

   Note This location contains the most recently updated service pack files. If you cannot use this path to copy the required files from, insert your operating system CD, and then click OK.

The Background Intelligent Transfer Service is missing

To reinstall the Background Intelligent Transfer Service, follow these steps:

1. Click Start, click Run, type the following command, and then click OK:

   %windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\qmgr.inf

2. If you are prompted to insert your operating system CD, type the following path in the Copy files from box, and then click OK:

   %windir%\ServicePackFiles\i386

   Note This location contains the most recently updated service pack files. If you cannot use this path to copy the required files from, insert your operating system CD, and then click OK.

Update for Windows 10:

Use utilman.exe for cmd.exe

Create new user:

net user <username> /add

net localgroup administrators <username> /add

Login as new user and then reset original user password:

net user <username> *

 

Here’s how:

1. Boot to WinRE (Windows Recovery Environment).

2. Click on the Command Prompt option.
3. Type the following commands and press enter after each one:

• C:
• CD Windows\system32
• ren cmd.exe cmd.old
• ren magnify.exe cmd.exe
• ren cmd.old magnify.exe

4. Restart computer.
5. Click on Easy of Access centre left side bottom à Choose Magnify option.

6. A Command prompt opens up
7. Type: net user administrator /active:yes and press enter.
8. Restart the computer.
9. Logon on administrator account and then using User Accounts page in the Control Panel, remove password for the other account.
10. Type Magnify.exe in Start Menu search box and press enter and open it.
11. Command prompt opens up
12. Type: net user administrator /active:no and press enter.
13. Restart the computer
NOTE: This will disable the administrator account.
14. Now, Boot to winRE again, and click on the Command Prompt option.
15. Type the following commands and press enter after each one:

• C:
• CD Windows\system32
• ren magnify.exe cmd.old
• ren cmd.exe magnify.exe
• ren cmd.old cmd.exe
• exit

16. Restart the computer – system logs on to the User account without asking for password provided there is only one user account.

http://helpdeskgeek.com/how-to/reset-local-security-policy/

Have you ever gotten a computer second-hand? Maybe from a company that was shutting down or from someone who no longer needed theirs? Ideally, you would want to simply reformat the computer and start from scratch, right?

However, that’s not always the case. Let’s say you get a computer that has Windows XP or Windows Vista already installed, but you don’t have the original CD that came with the computer. So you really can’t reformat computer without risking Windows not activating properly.

So what’s the problem with just leaving it the way it is? Well, sometimes when you get a computer, it may have been part of an Active Directory environment, which means it was subject to Group Policies.

Even if you remove the computer from the domain and put it into a workgroup, the local security policies that were changed will not be removed. This can be very annoying because local security policies include settings like preventing users from installing printers, restricting who can use the CD-ROM drive, requiring a smart card, restricted logon hours, password requirements and more!

These are all great in a corporate environment, but will cause all kinds of grief to a normal computer user. So what you can do to solve this problem is to reset the local security settings to their default settings.

The way this can be done is by using the default security configuration templates that come with all versions of Windows XP and Vista. This may sound too technical, but all you have to do is run one command.

First, click on Start, Run and then type in CMD. Now copy and paste the following command into the window:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

If you are running Windows Vista and need to reset the security settings to their default values, use this command instead:

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

That’s it! Now just wait for Windows to go through all the registry settings and reset them. It takes a few minutes and you’ll have to restart the computer to see the changes.

But now you should be able to use your computer without any of the remnants of local security settings from previous Group Policies. Enjoy!

http://community.spiceworks.com/how_to/show/264

http://blogs.technet.com/b/sbs/archive/2010/03/02/recovering-disk-space-on-the-c-drive-in-small-business-server-2008.aspx

 

[Today’s post comes to us courtesy of Damian Leibaschoff and Wayne Gordon McIntyre from Commercial Technical Support and Chris Puckett from Product Quality]

SBS 2008 installs all of its features using a single volume (C:), there are tools available to move some of the data to other locations, but a number of folders that remain in the C: volume can continue to grow if left unchecked, this can potentially eat all the available disk space on the C: drive. Once the C: drive reaches certain low space thresholds, some services will stop functioning properly on the server, while others will change their behavior to prevent data loss. Usually, administrators realize they have a problem when e-mail flow is impacted, under low disk space conditions, due to the Exchange Back Pressure features, mail flow will stop. Users may experience some of the following errors or non-delivery-reports: Error 0x800CCC6C, SMTP_452_NO_SYSTEM_STORAGE, or 452 4.3.1 Insufficient system resources. 
These are some of the steps that can be performed to help recover and prevent these issues.

IIS and SBS Logs

(This is expanding on the existing post “Reclaiming Disk Space Lost to IIS Logs on SBS 2003 and SBS 2008”)

By default, all IIS hosted web sites have logging enabled, this can lead to some large folders in C:\inetpub\logs\LogFiles (Review this post in case you have moved your log files). You may also want to specifically stop logging all together for certain web sites, in particular, the “WSUS Administration” web site (Site Id 1372222313). For this, perform the following steps:

1. Launch IIS Manager from Administrative Tools.
2. Expand Server, Sites, and select the WSUS Administration web site.
3. On the feature panel, click to open Logging.
4. Click Disable in the Actions panel (rightmost panel)
5. Repeat the steps for any other web site. Please note that logging may be needed for troubleshooting or auditing purposes on sites that are public facing, this is usually not the case on the WSUS Administration site.

Some of the SBS 2008 log files can grow to very large sizes, all SBS logs are stores in this folder (and subfolders): C:\Program Files\Windows Small Business Server\Logs\. Some of the logs that will grow the most and may need trimming are:

• Console.log, this log will continue to grow while the SBS Console is running.
• *.evtx files, these are the event logs before the setup of the server completed, they can be safely removed if the server has been in production and had no setup issues.
• W3wp.log, in the C:\Program Files\Windows Small Business Server\Logs\WebWorkplace folder. This is the log for Remote Web Workplace.
• The C:\Program Files\Windows Small Business Server\Logs\MonitoringServiceLogs folder. These are the logs for the Windows SBS Manager service.

POP3 Connector Badmail directory

If you are using the POP3 Connector, you may end up with emails that failed to be delivered (rejected by the local Exchange server) in C:\Program Files\Windows Small Business Server\Data\badmail. This folder will be automatically trimmed to 400mb once it reaches 450mb once a week.

The licensing log can consume a significant amount of hard disk space

This is discussed on the Windows Small Business Server 2008 Release Documentation
You can delete the events in the Windows SBS 2008 licensing log to free up additional space on the hard disk drive.

To delete events in the Windows SBS 2008 licensing log

1. From the server, open a Command Prompt window as an administrator. To do this, click Start, and then in the Search box, type command prompt.
2. In the list of results, right-click Command Prompt, and then click Run as administrator.
3. At the command prompt, type the following command: del "%systemroot%\system32\winevt\logs\Microsoft-Windows-Server Infrastructure Licensing*%4Debug.etl.*"

You can also use Registry Editor to disable the licensing log.

1. Click Start, type regedit, and then press ENTER.
2. In Registry Editor, locate and then click the following registry key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerInfrastructureLicensing
3. In the details pane, right-click TraceMask, and then click Modify.
4. In the Edit DWORD dialog box, change the value for Value data to 0 (zero), and then click OK.
5. Restart the server.

Windows Server Update Services (WSUS) Server Cleanup Wizard

In WSUS, you can delete unused updates and update revisions, computers not contacting the server, unneeded update files, expired updates and superseded updates. In order to accomplish this, you have to manually go through the WSUS Server Cleanup Wizard.
To run the Server Cleanup Wizard :

1. In the WSUS administration console (launch it from the Administrative Tools), select Options, and then Server Cleanup Wizard.
2. By default this wizard will remove unneeded content and computers that have not contacted the server for 30 days or more. Select all possible options, and then click Next.
3. The wizard will begin the cleanup process, and will present a summary of its work when it is finished, depending on the server performance, this may take a very long time. Click Finish to complete the process.

Very large SharePoint SQL transaction log file

Please read the following KB article for an explanation and instructions on how to prevent this:
2000544 SBS 2008 BPA Reports that The Windows SharePoint Services configuration databases log file is getting large (currently over 1gb in size)

Active Directory Certificate Services transaction log files

When completing a critical or system state backup of the C: volume, a new transaction log will be generated under the c:\windows\system32\certlog\ folder. Removing these logs is only safe as long as the CA database file is consistent. In order to remove these logs and reclaim disk space, follow these steps:

1. Open the Services MMC and stop the Active Directory Certificate Services service.
2. Make a backup copy of ALL the file contents present in the c:\windows\system32\certlog\ folder.
3. Delete EDB.CHK and all the files that have an extension of .LOG (*.LOG)
4. Restart the Active Directory Certificate Services service.

Windows Component Clean Tool

The Windows Component Clean Tool (COMPCLN.exe) can be used to remove the files that are archived after Windows Vista SP2 or Windows Server 2008 SP2 is applied. It also removes the files that were archived after Windows Vista SP1 was applied, if they are found on the system. Running this tool is optional.

Installing Windows Server 2008 service packs increases the amount of disk space that is used by the operating system. This space is used to archive files so that the service pack can be uninstalled. Typically, you should run COMPCLN.exe if you want to reclaim this disk space after applying SP2 and if you will not need to uninstall SP2.

NOTE: You cannot uninstall Windows Vista SP2 or Windows Server 2008 SP2 after you run this tool on an image.

Move Data Wizards

We are not going to focus on these wizards on this post, but as a reference, SBS 2008 provides an automated way of moving the following:

• Move Exchange Server Data: which moves both the exchange database file as well as your exchange transaction logs for all storage groups.
• Move Windows SharePoint Services Data: Moves the SharePoint Content and Configuration databases.
• Move Users’ Shared Data: Moves C:\Users\Shares\ directory and all sub directories 
• Move Users’ Redirected Documents Data: Moves C:\Users\FolderRedirections\ directory and all sub directories
• Move Windows Update Repository Data: Moves the repository data from C:\WSUS\WSUSContent and C:\WSUS\UpdateServicePackages. Please note it does NOT move the SUSDB Folder and the WSUS database which contains the metadata.
• More Resources:
  Manage Server Storage by using Windows SBS Console
  Moving Data on Windows Small Business Server 2008
  Introducing Server Storage Management in SBS 2008

Update #1 3/3:
Added reference to WSUS Administration web site ID (Site Id 1372222313)
Added reference to Exchange 2007 BackPressure NDRs and errors due to low disk space