Intel Vpro

Intel® Management Engine BIOS Extension (MEBx)

Dell™ Systems Management Administrator's Guide

Intel MEBx Overview

Configuring the Intel Management Engine (ME)

Configuring Your Computer to Support Intel AMT Features

MEBx Default Settings
MEBx Overview

The Intel® Management Engine BIOS Extension (MEBx) provides platform-level configuration options for you to configure the behavior of Management Engine (ME) platform. Options include enabling and disabling individual features and setting power configurations.

This section provides details about MEBx configuration options and constraints, if any.
All the ME Configuration setting changes are not cached in MEBx. They are note committed to ME nonvolatile memory (NVM) until you exit MEBx. Hence, if MEBx crashes, the changes made until that point are NOT going to be committed to ME NVM.

NOTE: Briscoe AMT is shipped in enterprise mode as default.
Accessing MEBx Configuration User Interface

The MEBx configuration user interface can be accessed on a computer through the following steps:

Turn on (or restart) your computer.

When the blue DELL™ logo appears, press

immediately.

If you wait too long and the operating system logo appears, continue to wait until you see the Microsoft® Windows® operating system desktop. Then shut down your computer and try again.
Type the ME password. Press .

The MEBx screen appears as shown below.

The main menu presents three function selections:

Intel ME Configuration
Intel AMT Configuration
Change Intel ME Password

The Intel ME Configuration and Intel AMT Configuration menus are discussed in the following sections. First, you must change the password before you can proceed through these menus.
Changing the Intel ME Password

The default password is admin and is the same on all newly deployed platforms. You must change the default password before changing any feature configuration options.

The new password must include the following elements:

Eight characters
One uppercase letter
One lowercase letter
A number
A special (nonalphanumeric) character, such as !, $, or ; excluding the :, ", and , characters.)

The underscore ( _ ) and spacebar are valid password characters but do NOT add to the password complexity.


Configuring the Intel® Management Engine (ME)

To reach the Intel® Management Engine (ME) Platform Configuration page, follow these steps:

Under the Management Engine BIOS Extension (MEBx) main menu, select ME Configuration. Press .
The following message appears:
System resets after configuration changes. Continue: (Y/N)
Press .

The ME Platform Configuration page opens. This page allows you to configure the specific functions of the ME such as features, power options, and so on. Below are quick links to the various sections.

Intel ME State Control
Intel ME Firmware Local Update
Intel ME Features Control
Manageability Feature Selection
LAN Controller
Intel ME Power Control
Intel ME ON in Host Sleep States

Intel ME State Control

When the ME State Control option is selected on the ME Platform Configuration menu, the ME State Control menu appears. You can disable ME to isolate the ME computer from main platform until the end of the debugging process.

When enabled, the ME State Control option lets you disable ME to isolate the ME computer from the main platform while debugging a field malfunction. The table below illustrates the details of the options.
ME Platform State Control
Option Description
Enabled Enable the Management Engine on the platform
Disabled Disable the Management Engine on the platform

In fact, the ME is not really disabled with the Disabled option. Instead, it is paused at the very early stage of its booting so the computer has no traffic originating from the ME on any of its busses, ensuring that an you can debug a computer problem without worrying about any role the ME might have played in it.
Intel ME Firmware Local Update

This option on the ME Platform Configuration menu sets the policy for allowing the MEBx to be updated locally. The default setting is Always Open. The other settings available are Never Open and Restricted.

To assist with the manufacturing process as well as OEM-specific in-field firmware update processes, ME firmware provides an OEM- configurable capability that leaves the local firmware update channel always open no matter what value you select for the ME Firmware Local Update option.

The Always Open option allows OEMs to use the ME firmware local update channel to update the ME firmware without going through MEBx every time. If you select Always Open, the ME FW Local Update option does not appear under the ME configuration menu. The table below illustrates the detail of the options.
ME Firmware Local Update Option
Option Description
Always Open The ME firmware local update channel is always enabled. A boot cycle does not change enabled to disabled. The ME FW Local Update option can be ignored.
Never The ME firmware local update channel is controlled by the ME FW Local Update option, which can be enabled or disabled. A boot cycle changes enabled to disabled.
Restricted The ME firmware local update channel is always enabled only if Intel AMT is in un-provision state. A boot cycle does not change enabled to disabled.

Always Open qualifies the override counter and allows local ME firmware updates. The override counter is a value set in the factory that, by default, allows local ME firmware updates. The Never Open and Restricted options disqualify the override counter and do not allow local ME firmware updates unless explicitly permitted with the Intel ME Firmware Local Update option. Selecting Never Open or Restricted adds the Intel ME Firmware Local Update option, which can be set to Enable or Disable. By default it is disabled.
LAN Controller

Many OEMs' platforms supply a BIOS setup option to enable or disable the integrated LAN controller. In an ME operating system with AMT or ASF (Alert Standard Format) capabilities, the LAN controller is shared between the ME and host and must be enabled for AMT to work correctly. Disabling the controller may unintentionally affect the ME subsystem functionality. Therefore, you should not disable the LAN controller as long as the ME uses it to provide AMT or ASF. However, if the platform's integrated LAN controller BIOS option is set to None, then the LAN Controller option on the ME Platform Configuration menu has Enabled and Disabled options.

When you select the LAN Controller option on the ME Platform Configuration menu when the ME feature (Intel AMT or Intel QST) is selected, the following message displays: Please set Manageability Feature to None before changing this option. For the ME platform client, the default LAN Controller setting is Enabled.
Intel ME Features Control

The ME Features Control menu contains the following configuration selection.
Manageability Feature Selection

When you select the Manageability Feature Selection option on the ME Features Control menu, the ME Manageability Feature menu appears.

You can use this option to determine which manageability feature is enabled.

ASF — Alert Standard Format. ASF is a standardized corporate assets management technology. The Intel ICH9 platform supports ASF specification 2.0.
Intel AMT — Intel Active Management Technology. Intel AMT is an improved corporate assets management technology. Intel ICH9 platform supports Intel AMT 2.6.

The table below explains these options.
Management Feature Select Option
Option Description
None Manageability Feature is not selected
Intel AMT Intel AMT manageability feature is selected
ASF ASF manageability feature is selected

When you change the option from Intel AMT to None, a warning that Intel AMT un-provisions automatically if you accept the change appears.

The None option has no manageability feature provided by the ME computer. In this case, the firmware is loaded (that is, ME is still enabled) but the management applications remain disabled.
Intel ME Power Control

The ME Power Control menu configures the ME platform power-related options. It contains the following configuration selection.
ME On in Host Sleep States

When the ME ON in Host Sleep States option is selected on the ME Power Control menu, the ME in Host Sleep States menu loads.

The power package selected determines when the ME is turned ON. The default power package turns off the ME in all Sx (S3/S4/S5) states.

The end user administrator can choose which power package is used depending on computer usage. The power package selection page can be seen above.
Supported Power Packages
Power Package
1 2 3 4 5 6 7
S0 (Computer On) ON ON ON ON ON ON ON
S3 (Suspend to RAM) OFF ON ON ME
WoL ME
WoL ON ON
S4/S5 (Suspend to disk/Soft off) OFF OFF ON ON ME
WoL ON ME
WoL
ME OFF After Power Loss No No No No No Yes Yes

* WoL – Wake on LAN

If the power package selected indicates OFF After Power Loss, Intel ME remains off after returning from a mechanical off (G3) state. If the power package selected does NOT indicate OFF After Power Loss Intel ME powers the computer on (S0) briefly, then turn the computer off (S5).
Configuring Your Computer to Support Intel AMT Management Features
After you completely configure the Intel® Management Engine (ME) feature, you must reboot before configuring the Intel AMT for a clean boot. The image below shows the Intel AMT configuration menu after a user selects the Intel AMT Configuration option from the Management Engine BIOS Extension (MEBx) main menu. This feature allows you to configure an Intel AMT capable computer to support the Intel AMT management features.

You need to have a basic understanding of networking and computer technology terms, such as TCP/IP, DHCP, VLAN, IDE, DNS, subnet mask, default gateway, and domain name. Explaining these terms is beyond the scope of this document.

The Intel AMT Configuration page contains the user-configurable options listed below.
For images of these menu options, see Enterprise Mode and SMB Mode.
Menu Options

Host Name
TCP/IP
Provisioning Server
Provision Model
Set PID and PPS



Un-Provision
SOL/IDE-R
Secure Firmware Update
Set PRTC
Idle Timeout

Host Name

A hostname can be assigned to the Intel AMT capable computer. This is the host name of the Intel AMT-enabled computer. If Intel AMT is set to DHCP, the host name MUST be identical to the operating system machine name.
TCP/IP

Allows you to change the following TCP/IP configuration of Intel AMT.

Network interface – ENABLE** / DISABLED
If the network interface is disabled, all the TCP/IP settings are no longer needed.
DHCP Mode – ENABLE** / DISABLED
If DHCP Mode is enabled, TCP/IP settings are configured by a DHCP server.

If DHCP mode is disabled, the following static TCP/IP settings are required for Intel AMT. If a computer is in static mode it needs a separate MAC address for the Intel Management Engine. This extra MAC address is often called the Manageability MAC (MNGMAC) address. Without a separate Manageability MAC address, the computer can NOT be set to static mode.

IP address – Internet address of the Intel Management Engine.
Subnet mask – The subnet mask used to determine what subnet IP address belongs to.
Default Gateway address – The default gateway of the Intel Management Engine.
Preferred DNS address – Preferred domain name server address.
Alternate DNS address – Alternate domain name server address.
Domain name – Domain name of the Intel Management Engine.

Provisioning Server

Sets the IP address and port number (0–65535) for an Intel AMT provisioning server. This configuration only appears for Enterprise Provision Model.
Provision Model

The following provisioning models are available:

Compatibility Mode – Intel AMT 2.6** / Intel AMT 1.0
Compatibility mode allows user to switch between Intel AMT 2.6 and Intel AMT 1.0.
Provisioning Mode – Enterprise** / Small Business
This allows you to select between small business and enterprise mode. Enterprise mode may have different security settings than small business mode. Because of the different security settings, each of these modes requires a different process to complete the setup and configuration process.

Set PID and PPS

Setting or deleting the PID/PPS causes a partial un-provision if the setup and configuration is "In-process".

Set PID and PPS – Sets the PID and PPS. Enter the PID and PPS in the dash format. (Ex. PID: 1234-ABCD ; PPS: 1234-ABCD-1234-ABCD-1234-ABCD-1234-ABCD) Note - A PPS value of '0000-0000-0000-0000-0000-0000-0000-0000' does not change the setup configuration state. If this value is used the setup and configuration state stays as "Not-started."

Un-Provision

The Un-Provision option allows you to reset the Intel AMT configuration to factory defaults. There are three types of un-provision:

Partial Un-provision – This option resets all of the Intel AMT settings to their default values but leaves the PID/PPS. The MEBx password remains untouched.
Full Un-provision – This option resets all of the Intel AMT settings to their default values. If a PID/PPS value is present, both values are lost. The MEBx password remains untouched.
CMOS clear – This un-provision option is not available in the MEBx. This option clears all values to their default values. If a PID/PPS is present, both values are lost. The MEBx password resets to the default value (admin). To invoke this option, you need to clear the CMOS (i.e. system board jumper).

SOL/IDE-R

Username and Password – DISABLED** / ENABLED
This option provides the user authentication for SOL/IDER session. If the Kerberos protocol is used, set this option to Disabled and set the user authentication through Kerberos. If Kerberos is not used, you have the choice to enable or disable user authentication on the SOL/IDER session.
Serial-Over-LAN (SOL) – DISABLED** / ENABLED
SOL allows the Intel AMT managed client console input/output to be redirected to the management server console.
IDE Redirection (IDE-R) – DISABLED** / ENABLED
IDE-R allows the Intel AMT managed client to be booted from remote disk images at the management console.

Secure Firmware Update

This option allows you to enable/disable secure firmware updates. Secure firmware update requires an administrator user name and password. If the administrator user name and password are not supplied, the firmware cannot be updated.

When the secure firmware update feature is enabled, you are able to update the firmware using the secure method. Secure firmware updates pass through the LMS driver.
Set PRTC

Enter PRTC in GMT (UTC) format (YYYY:MM:DD:HH:MM:SS). Valid date range is 1/1/2004 – 1/4/2021. Setting PRTC value is used for virtually maintaining PRTC during power off (G3) state. This configuration is only displayed for the Enterprise Provision Model.
Idle Timeout

Use this setting to define the ME WoL idle timeout. When this timer expires, the ME enters a low-power state. This timeout takes effect only when one of the ME WoL power policies is selected. Enter the value in minutes.
Intel AMT in DHCP Mode Settings Example

The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in DHCP mode.
Intel AMT Configurations Example in DHCP Mode
Intel AMT Configuration Parameters Values
Intel AMT Configuration Select and press .
Host Name Example: IntelAMT
This is the same as the operating system machine name.
TCP/IP Set the parameters as follows:

Enable Network interface
Enable DHCP Mode
Set a domain name (e.g., amt.intel.com)

Provision Model

Intel AMT 2.6 Mode
Small Business

SOL/IDE-R

Enable SOL
Enable IDE-R

Remote FW Update Enabled

Save and exit MEBx and then boot the computer to the Microsoft® Windows® operating system.
Intel AMT in Static Mode Settings Example

The table below shows a basic field settings example for the Intel AMT Configuration menu page to configure the computer in static mode. The computer requires two MAC addresses (GBE MAC address and Manageability MAC Address) to operate in static mode. If there is no Manageability MAC address, Intel AMT cannot be set in static mode.
Intel AMT Configurations Example in Static Mode
Intel AMT Configuration Parameters Values
Intel AMT Configuration Select and press
Host Name Example: IntelAMT
TCP/IP Set the parameters as follows:

Enable Network interface
Disable DHCP Mode
Set an IP address (e.g., 192.168.0.15)
Set a subnet mask (e.g., 255.255.255.0)
The default gateway address is optional
The preferred DNS address is optional
The Alternate DNS address is optional
Set the domain name (for example., amt.intel.com)

Provision Model

Intel AMT 2.6 Mode
Small Business

SOL/IDE-R

Enable SOL
Enable IDE-R

Remote FW Update Enabled

Save and exit MEBx and then boot computer to the Microsoft® Windows® operating system.


MEBx Default Settings

The table below lists all the default settings for the Intel® Management Engine BIOS Extension (MEBx).


Password admin

Intel ME Platform Configuration Default Settings
Intel ME Platform State Control1 Enabled *
Disabled
Intel ME Firmware Local Update Enabled
Disabled*
Intel ME Features Control
Manageability Feature Selection None
Intel AMT *
ASF
Intel ME Power Control
Intel ME ON in Host Sleep States Mobile: ON in S0*
Mobile: ON in S0, S3/AC
Mobile: ON in S0, S3/AC, S4-5/AC
Mobile: ON in S0;ME WoL in S3/AC
Mobile: ON in S0; ME WoL in S3/AC, S4-5/AC

Intel AMT Configuration Default Settings
Host Name
TCP/IP
Disable Network Interface? N
DHCP Enabled. Disable? N
Domain Name blank2
Provisioning Server
Provisioning Server Address 0.0.0.0
Port Number (0-65535) 0
Provision Model
AMT 2.6 Mode N
Set PID and PPS **
Set PID and PPS ** PPS Format: 1234-ABCD-1234-ABCD-1234-ABCD-1234-ABCD
Un-Provision3
SOL/IDE-R
Username & Password Disabled
Enabled *
Serial Over LAN Disabled
Enabled *
IDE Redirection Disabled
Enabled *
Secure Firmware Update Disabled
Enabled *
Set PRTC blank
Idle Timeout
Timeout Value (0x0-0xFFFF) 1

*Default setting
**May cause Intel AMT partial unprovision
1 Intel ME Platform State Control is only changed for Management Engine (ME) troubleshooting.
2 In Enterprise mode, DHCP automatically loads the domain name.
3 Un-provision setting only seen if the box is provisioned.

Setup NTP Server and Service on Windows Server 2008

Time synchronization is an important aspect for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I usually use the servers listed at the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your firewall.
1.First, locate your PDC Server. Open the command prompt and type: C:\>netdom /query fsmo
2.Log in to your PDC Server and open the command prompt.
3.Stop the W32Time service: C:\>net stop w32time
4.Configure the external time sources, type: C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
5.Make your PDC a reliable time source for the clients. Type: C:\>w32tm /config /reliable:yes
6.Start the w32time service: C:\>net start w32time
7.The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:\>w32tm /query /configuration
8.Check the Event Viewer for any errors.

Tested on Windows Server 2008 R2 (Build 7600).

How to enable AD integration on Cyberoam

Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Applicable to Version: 10.00 onwards

Note: Check OS Compatibility Matrix before following this document. Refer the attached PDF for the link of OS Compatibility Matrix.

This article describes how to implement Clientless single sign on authentication with Active Directory integration.

Cyberoam – ADS integration feature allows Cyberoam to map the users and groups from Active Directory for the purpose of authentication.

Prerequisites:
NetBIOS Domain name
FQDN Domain name
Search DN
Active Directory Server IP address
Administrator Username and Password (Active Directory Domain)
IP address of Cyberoam Interface connected to Active Directory server
Import AD groups
Configure Clientless SSO
Configuring ADS authentication

Logon to Cyberoam Web Admin Console and follow the below given steps:

Step 1. Create ADS User Groups
Instead of creating AD groups again in Cyberoam, you can import AD groups into Cyberoam using Import Wizard.

One can import groups only after integrating and defining AD parameters into Cyberoam.

Step 2: Configure Cyberoam to use Active Directory

Go to Identity à Authentication à Authentication Server and click “Add” to configure Active Directory parameters

Cyberoam allows implementing AD integration in two ways:
Tight Integration – With tight integration, Cyberoam synchronizes groups with AD every time the user tries to logon. Hence, even if the group of a user is changed in Cyberoam, on subsequent log in attempt, user logs on as the member of the same group as configured in Active Directory. In this case group membership of each user is as defined in the Active Directory.
Loose Integration – With loose integration, Cyberoam does the Group management and does not synchronize groups with AD when user tries to logon. By default, users will be the member of Cyberoam default group irrespective of Active Directory group, administrator can change the group membership. Cyberoam will use authentication attribute for authenticating users with Active Directory.
Parameters
Values

Server Type
Active Directory

Server Name
AD_Server

Server IP
192.168.1.1

Port
389

It is the port on which ADS server listens for the authentication requests.

If your AD server is using another port, specify port number in Port field.

NetBios Domain
elitecore

If you do not know NetBIOS name, refer to section ‘Determine NetBIOS Name, FQDN and Search DN’.

ADS Username
administrator

Active Directory Administrator Username

Password
As per your requirement

Active Directory Administrator password

Integration Type
Loose Integration with Cyberoam

Domain Name
elitecore.com

Search Queries
DC=elitecore, DC=com


Click “Test Connection” to check whether Cyberoam is able to connect to the Active Directory or not. If Cyberoam is able to connect to the Active Directory, click OK to save the configuration.



Step 3: Select Active Directory as Authentication Server
Go to Identity à Authentication à Firewall and select Active Directory as preferred authentication server.

Authentication Server List displays all the configured servers while Selected Authentication server List displays servers that will be used for authentication when user tries to login.

In case of multiple servers, authentication request will be forwarded as per the order configured in the Selected Authentication server List

Note:

By default, local database is selected. Make sure that the Active Directory server is selected and it is configured on top in the Selected Authentication server List.

You can select 2 authentication mechanisms: The one on top will be primary and the other one will be the secondary. In case primary server is not responding, Cyberoam will attempt to check in the secondary server.



Step 4: Test Active Directory integration
Go to http://:8090 to open the Captive Portal (HTTP client) login page.

Specify username and password.


Username will be displayed on Identity > Live Users page if user is able to log on to Cyberoam successfully.

This completes the AD configuration.


Import AD Groups


To import AD groups into Cyberoam use Import Wizard before configuring for single sign on.


Clientless Single Sign on Implementation
Transparent Authentication (Clientless Single Sign on)

Cyberoam introduces Clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS).

With Single Sign On authentication, user automatically logs on to the Cyberoam when logs on to Windows through his windows username and password. Hence, eliminating the need of multiple logins and username & passwords.

But, Clientless Single Sign On not only eliminates the need to remember multiple passwords – Windows and Cyberoam, it also eliminates the installation of SSO clients on each workstation. Hence, delivering high ease-of-use to end-users, higher levels of security in addition to lowering operational costs involved in client installation.

Cyberoam Transparent Authentication Suite (CTAS)

CTA Suite consists of

CTA Agent – It monitors user authentication request coming on the domain controller and sends information to the Collector for Cyberoam authentication.

CTA Collector – It collects the user authentication request from multiple agents, processes the request and sends to Cyberoam for authentication.

How does Cyberoam CTA Agent work?

User Authentication Information Collection Process

1. User tries to log on to the Active Directory Domain Controller from any workstation in LAN. Domain Controller tries to authenticate user credentials.

2. This authentication process is captured and communicated to CTA Collector over default port 5566 by CTA Agent real time.

3. CTA Collector registers user in the Local database and communicates user information to Cyberoam over the default port 6060

4. Cyberoam queries Active Directory to determine user’s group membership and registers user in Cyberoam database

Based on data from CTA Agent, Cyberoam queries AD server to determine group membership and based on which access is granted or denied. Users logged into a workstation directly i.e. locally but not logged into the domain will not be authenticated and are considered as “Unauthenticated” or “Guest” user. For users that are not logged into the domain, the HTTP Login screen prompting for a manual login will be displayed for further authentication.


Step 5: Installing CTA Suite
Download CTA Suite from www.cyberoam.com/cyberoamclients.html

Extract ctas.rar and install CTA Suite on Domain controller by following the on-screen instructions. Administrative right is required to install CTA Suite.



Check for “Cyberoam Transparent Authentication Suite” tab from “Start” --> “All Programs”.
If installed successfully, “Cyberoam Transparent Authentication Suite” tab will be added.

Consider the below given hypothetical network example where single domain controller is configured and follow the below given steps to configure Cyberoam Transparent Authentication:





Step 6: Configure CTA Collector from CTA Collector Tab on Primary Domain Controller



If “logoff detection settings” is enabled and firewall is configured on the Workstation, please allow the traffic to and from Domain controller.

For E.g. If ping is selected in log off detection and workstation firewall does not allow ping, Cyberoam will always detect user as logged
out. If ping is blocked, Cyberoam will always detect user as logged out.

Step 7. Configure Agent from CTA Agent Tab on Primary Domain Controller







Step 8. Configure Cyberoam
Logon to CLI Console with default password, go to Option 4 Cyberoam Console and execute following command at the prompt:

corporate>cyberoam auth cta enable

corporate>cyberoam auth cta collector add collector-ip collector-port



Step 9. Enable Security Event logging on Active Directory



This completes the configuration.


Determine NetBIOS Name, FQDN and Search DN

On the ADS server:
· Go to Start-->Programs-->Administrative Tools-->Active Directory Users and Computers

· Right Click the required domain and go to Properties tab

· Search DN will be based on the FQDN. In the given example FQDN is elitecore.com and Search DN will be DC=elitecore, DC=com



Document Version: 3.0-15/07/2011

Automate Network Printers Installation with con2prt

As the network grows larger the management of network printers becomes more cumbersome, or that’s the case in the company I’m working for. for that reason I took on the project to find a way to manage our network printers easier, and more efficient. what else can be more easier and efficient than a script? and for network printers installation, con2port is the guy for the job.

the first thing you need to do is to download the con2rpt.exe software from Microsoft “http://download.microsoft.com/download/2/6/0/260afc88-2253-45f8-9781-546cff07edd9/zak.exe” that includes a whole set of tools, but the file you need is in the t\i386\tools directory. copy the con2prt.exe program to your computer C:\ root, that will make the command line typing easier.



as you can see, I copied the con2prt.exe program to c:\tools directory. once you have done that, go to Start then RUN and type CMD and hit Enter. once at the command prompt, type the CD command and the name of the directory to switch to:



that command above, will switch from the C:\ directory to Tools directory where cont2prt program resides.

con2prt.exe is a very simple program with a few commands just enough to do the job we are looking for.

to delete all existing printer connections use the command Con2prt /F or to connect to a printer use the command con2prt \C and then the name of the printer you want to connect to. to make the printer the default use the command con2prt \CD and then the name of the printer you want to connect to.

for example to map a network printer name HRprinter on the print server named printserv, you will type the command: “con2prt \C \\printserv\HRprinter” to make the printer the default printer type the command: “con2prt \CD \\printserv\HRprinter”

as you can see, the use of con2prt is very useful but simple at the same time.

now to put the program in production, copy the con2prt program from your local computer to a network shared drive,and execute the commands using a batch file. for example, if the con2prt program is on a shared folder on the server called printserv\scripts the command you need to enter on the batch file will look like: “\\printserv\scripts\con2prt \C \\printserv\HRprinter”

then after you finish including all the printers on the batch file, set it up as a logon script to load printers automatically on all the computers on the network. by now you should have completed the automation of the network printers installation
Files to Download
zak

how to check Exchange 2007 version

It’s usually fairly easy to find out the current service pack level of a Microsoft Product. Normally, the product’s version information includes the information “Service Pack: #” or something similar. Not so with Exchange 2007. To find out an Exchange 2007′s service pack level, you must first find the build number and then compare the build number to this Microsoft KB article.

To find your build number from the Management Console select “Server Configuration”, right-click your server and select “Properties” and look on the “General” tab.

To find your build number from the Management Shell, run get-exchangeserver against the Exchange server in question. You will want to pipe the output into a different view to be able to see the full version number; for example get-exchangeserver | list. Look for the “AdminDisplayVersion:” line. The “Exchange Version” line, according to this article, refers to “the minimum version of the product that can read the object” and is not the number you need.

Then, compare the build number to Microsoft KB158530. As an example, I am running build 240.6 which equates to Exchange 2007 SP1.

For further reference, check out KB152439 “How to determine the version number, the build number, and the service pack level of Exchange Server”

some important links

http://support.microsoft.com/kb/158530
http://blogs.technet.com/b/scottschnoll/archive/2006/12/31/exchange-2007-platforms-and-product-keys.aspx
http://support.microsoft.com/kb/152439

Norton Recovery Tool for Norton AntiVirus Rescue BootCD

Norton Recovery Tool for Norton AntiVirus Recue Bootable CD

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20090130172953EN&ln=en_US

Windows Systems State Backup

http://blog.augustoalvarez.com.ar/2008/12/12/windows-server-2008-creating-and-maintaining-system-state-backups-on-your-domain-controller/

x11vnc on Ubuntu

X11vnc is a VNC server that doesn't depend on GNOME or KDE, and is recommended for use by Xubuntu users. It's designed to be run from the command-line, which makes it flexible but difficult to learn. The few graphical parts of the interface are quite unattractive, because they're designed to work even on a very minimal installation. X11vnc is available in the x11vnc package in the Universe repository.

Although x11vnc does have a simple configuration file, it's generally easier to specify options on the command-line. To start x11vnc, type:


x11vnc -safer
is a series of commands separated by spaces. X11vnc has a lot of options, which are discussed fully in the x11vnc man page. Common options include:

To set x11vnc to request access each time, include the -nopw -accept popup:0 options
To set x11vnc to only listen for the next connection, include the -once option
To set x11vnc to continually listen for connections, include the -forever option
To set a password, include the -usepw option (and remove the -nopw option above)
To put x11vnc in view-only mode, include the -viewonly option
To set x11vnc to only allow local connections, include the -localhost option
For example, if you want x11vnc to grant view-only access to the next local connection after asking your permission, type this on the command-line:


x11vnc -safer -localhost -nopw -accept popup:0 -once -viewonly -display :0
If you use a password, you will first need to create a password file by doing:


x11vnc -storepasswd
Make sure to use a hard-to-guess password


Connecting to your login screen
Because X11vnc is run from the command-line, it can be started while your computer is still showing a login screen. Exactly how to do this depends on which derivative of Ubuntu you use. In Ubuntu (but not Kubuntu or Xubuntu), x11vnc needs superuser access, and needs the -auth /var/lib/gdm/:0.Xauth -display :0 options to be specified on the command-line.

You can run x11vnc before you've logged in by typing something like this:


sudo x11vnc -safer -localhost -once -nopw -auth /var/lib/gdm/:0.Xauth -display :0
Or you can add the following lines to the bottom of your /etc/gdm/Init/Default to have x11vnc start after your gnome login does:


# Start the x11vnc Server
/usr/bin/x11vnc
(Thanks to the x11vnc FAQ for this tip)

# = vnc4server = # # RealVNC server # # This has been commented out, because it's not obvious what benefits Xvnc provides over x11vnc

How to Easily Evaluate Intel vPro Technology Features on Dell Optiplex Systems

Intel vPro technology provides the enhanced ability to maintain, manage and protect PCs. However, since vPro is based on hardware technology, you need to understand and set up hardware before using it. Let’s focus on Active Management Technology (AMT), one of the vPro features, and use vPro on a Dell Optiplex Desktop PC.

Preparing Dell Optiplex by Setting up MEBx BIOS

Before using a Dell Optiplex PC managed with Intel AMT technology, you need to first set up the AMT configuration. The AMT can be set up using BIOS Extensions called MEBx BIOS configuration. During the power up process (Picture 1), you can press to enter the MEBx BIOS setup screen. (Picture 2)





MEBx Configuration Screen Setup. (This is dependent on an IP address provided by another DHCP server)

1.Enter the MEBx default password ("admin")
2.Change the default password to a new value (this is required.)
3.Select Intel AMT Configuration.
4.Select the Manageability Feature Selection. And select “Enable”.
5.Select SOL/IDE-R, select Legacy Redirection Mode and select Enable
◦Exit to Main Menu and then Select "Intel ME General Settings"
6.Select Activate Network Access. Press in response to the confirmation message.
7.The platform is now configured.


Setup and Configure Tools on PC to Manage the Dell Optiplex

This time, let’s use the Intel Manageability Developer Tool kit on another PC to manage our Dell Optiplex PC. This tool kit runs in Microsoft Windows .NET 2.0 environments and you can download it from the Intel website here: http://software.intel.com/en-us/articles/download-the-latest-version-of-manageability-developer-tool-kit/

Installation is very simple by and done by double clicking the downloaded file. After installation, you can start by launching the Manageability Commander Tools. Then by clicking “Start” on the main menu, you can find your Optiplex PC with vPro technology on the network.

After that, you can manage the system and will have the ability to perform remote Power on/off, BIOS setup, KVM setup, and you can also take control of the managed PC (even if the OS on managed system is on a blue screen).

Host Multiple Domains: Setting Up Virtual Hosts With Webmin

Host Multiple Domains: Setting Up Virtual Hosts With Webmin

If you want to run multiple websites from your VPS, then you can use Apache's support for Virtual Hosts.

First up, where are you going to put your HTML files? You can put the files anywhere you want, but one useful convention is to have a Linux user per virtual host. And to put the HTML files under that user's home directory. This is especially convenient if the user will be uploading files via FTP, since if you chroot the user's FTP access then they can only access files in their home directory.

To setup a user, run something like this:

username=TheDomainNameWithoutAnyDots
adduser $username
passwd $username
mkdir -p ~$username/htdocs
chown -R $username ~$username

Then, to create a virtual host using Webmin:
•Go to your Webmin control panel.
•Upgrade to the latest version of webmin (required if you are running a version older than 1.080, and normally advisable regardless).
•Go to servers.
•Go to Apache WebServer.
•In the 'Create a New Virtual Server' section select "Any Address" (so you do not end up with a hard coded IP addresses in your conf file)
•Enter 80 for Port (and select the last radio button). This way the VirtualHost will co-exist with any SSL-enabled virtual hosts you add later on. SSL-enabled VirtualHosts need to listen on port 443.
•In the "Document Root" field enter where the virtual host HTML files will be. For example, /home/vhostdomain.com/htdocs.
•For "Server Name" enter the domain name for which you want to serve pages. e.g. "vhostdomain.com"

After you have created the Virtual Host, there are a few other things you may wish to edit.

For example, click on the Virtual Host, and go to Networking and Addresses. Enter an "Alternate virtual server names" of *.YourOtherDomain.com. With this setting, your virtual host will serve pages for http://yourotherdomain.com/ as well as http://www.yourotherdomain.com/.

At this point you may also wish to set other options like "Log Files", so the log files for the Virtual Host end up in separate log file from the main server's log files.

To activate your changes, click "Apply Changes" on the main Apache Webmin page.

Of course, be sure to configure your DNS server so the virtual host domain name points to your server's IP address.

Webmin creates a VirtualHost directive in the Apache config file (/etc/httpd/conf/httpd.conf). An example VirtualHost directive looks like this:

<VirtualHost *:80>
DocumentRoot /home/vhostdomain.com/htdocs
ServerName vhostdomain.com
ServerAlias *.vhostdomain.com
</VirtualHost>

See http://httpd.apache.org/docs/2.2/vhosts/examples.html for some more VirtualHost examples.

Resolving: [warn] _default_ VirtualHost overlapon port 80, the first has precedence

If you get this error when restarting Apache, un-comment the NameVirtualHost *:80 line in /etc/httpd/conf/httpd.conf.

Resolving: 403 Forbidden

Unix needs to be able to 'execute' directories in order to open them (not 'read' them as you would expect). If you get a forbidden error, make sure that the directory containing your HTML files and each of its parent directories has chmod o+x set on it. The following script should do that for you:

dir=/home/somevhostdomain.com/htdocs/;
while true; do
# the exit case when we get to the top level directory /
if [ -z "$dir" -o "$dir" = "/" ]; then
break;
fi;
echo chmodding o+x $dir;
# make the directory exectuable (openable) by others
chmod o+x $dir;
# go 'up' a directory
dir=`dirname $dir`;
done

Redirecting an Incoming Request

Somtimes you have content which has been moved or deleted, but you'd like to return something to the client instead of the dreaded 404 response. In this case, you can use the Redirect directive to specify what you want to do:

# Temporary Redirect (code 302)
Redirect /your/path/file.html http:\//yourdomain.com/some/path/file.html
Redirect temp /your/path/file.html http:\//yourdomain.com/some/path/file.html

# Permanent Redirect (code 301)
Redirect permanent /your/path/file.html http:\//yourdomain.com/some/path/file.html

# Moved (code 303)
Redirect seeother /your/path/file.html http:\//yourdomain.com/some/path/file.html

# Gone (code 410)
Redirect gone /your/path/file.html

Note, these do not have to be static html files; the incoming and redirected requests could be to any resource type.

RemoteWAT for Windows7 & Windows Server 2008 and XP GAV

RemoveWAT can crack windows 7 sp1, windows 7 ultimate, enterprise, professional, home, Basic, etc. It’s 100% work and tested. RemoveWAT (Windows Activation Technologies) completely from the OS, whilst still retaining OS genuine status and receiving all updates. RemoveWAT works like windows 7 loader by hazar. So that users can validate the illegal pirated copies of Windows 7 as genuine status forever and permanently. Also allows you to download windows update.


Features list:

•Requires no additional processes running after patching.
•Has a theoretical 100% success rate due to it being hardware independent.
•Efficiently coded with safety checks to prevent damage to a Windows installation.
•Un-install option.
•Complete removal of all genuine related elements visible to the user, whilst keeping the core activation system active, allowing you to pass various genuine checks without issue.
•Progress bar to allow overview of completion time.
•A completley safe solution with zero risk of bricking your bootsector or rendering your pc unbootable
What’s new in RemoveWAT 2.2.6:

•Now provides total WAT protection and fully disables the timebomb in evaluation copies
•Correct Un-install
•renames slmgr on x64 as well
•Works on unicode systems
•silent mode with /s switch
•UI tweaked slightly
•No reboot neccessary
•Passes WGA on x64
How it works:

•Close all antivirus and firewalls, and then run the program with administrator privileges (from the internet need not be switched off)
•Click “Remove WAT” and wait until you see the message on successful completion of the procedure
•Computer will restart automatically
•All the system is activated

Downloads are:-
1/ Chew WAT RemoveWAT(www.Dexcargas.com)
2/ Instructions instructions(www.Dexcargas.com)
3/ RemoveWAT CW(www.Dexcargas.com)