Currently, we have no script to rebuild WMI in Windows 7 client. Following is the procedure to rebuild WMI in Windows 7.

  1) Perform a manual logcopy on the PC.
  2) Open an elevated command prompt.
  3) Verify the WMI repository is not corrupt by running the following command:

      winmgmt /verifyrepository

If the repository is not corrupted, a “WMI Repository is consistent” message will be returned. If you get something else, go to step 4.

4) Run the following commands:   

winmgmt /salvagerepository

If the repository salvage fails to work, then run the following command to see if it resolves the issue:
winmgmt /resetrepository

After the last command, there should be a “WMI Repository has been reset” message returned.

NOTE: We always use winmgmt /resetrepository to repair the WMI in the Windows 7 client.

說明與方法︰如何在英文版的作業系統更換 code page 成為 950 Chinese (Traditional, Taiwan)

[操作步驟]

·         Windows Server 2008

1.      Region and Language -> Change System locale -> 更換成 Chinese (Traditional, Taiwan) 後重新開機

2.      打開CMD, 預設就是 950 (Traditional Chinese)

3.      也可以切換成 437 (English)

·         Windows Server 2003

1.      Regional and Language Options -> Install files for East Asian Languages, 重新開機

2.      Advanced 設為Chinese (Taiwan), 重新開機

3.      預設打開為950

4.      也可以切換成 437

參考資訊︰

chcp command

http://technet.microsoft.com/en-us/library/cc772981(WS.10).aspx

Code Page Identifiers
http://msdn.microsoft.com/en-us/library/dd317756(v=vs.85).aspx

Problem:
======
You would like to know how audit file and folders access

Solution:
======
Step 1: To enable local Windows security auditing
1. Log on to server with an account that has Administrator rights.
2. Click Start, point to Run, and then type "gpedit.msc".
3. Expand Computer Configuration->Windows Settings->Local Policies, and then double-click Audit Policy.
4. In the right pane, double-click the policy "Audit object access".
5. Click the Success (An audited security access attempt that succeeds).
Note: If there server is a domain controller, please open "Domain Controller Security Policy" to do the above settings.

Step 2: To audit the folder objects
1. Open explorer, right click folder/file and choose properties.
2. Click Security tab.
3. Click Advanced button.
4. In the Access Control Settings window, click Auditing Tab.
5. Click Add button to add the users you want to audit and choose to below audit entries.
For example: you want to know who deletes this folder or subfolder and files, then you audit everyone for "Delete" and "Delete Subfolders and Files" events.
6. Close the all windows

Step 3: Check the information in the Event Viewer.
1. Open event viewer.
2. Check the events under security logs. For a permission change, there will event 560 logged.
Tips: First filter the security log to only view the events with ID 560.
Then type the file or folder name if the descript of the find window to locate the exact events. Below is a sample event.

Event Type: Success Audit
Event Source: Security
Event Category: Object
Event ID: 560
User: AAA\Administrator
Computer: AAA
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: E:\1\New Text Document.txt
Handle ID: 1260
Operation ID: {0,198287}
Process ID: 360
Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AAA Primary Logon ID: (0x0,0x12C8C) Client User Name: - Client Domain: - Client Logon ID: -
Accesses: DELETE
ReadAttributes
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x10080

Reference:
=========
How To Enable and Apply Security Auditing in Windows 2000 http://support.microsoft.com/kb/300549/en-us

SYMPTOM

==================

You run the following cmdlet and it failed to complete.

CMDLET\>New-RoutingGroupConnector -SourceTransportServers "Server01","Server02" -TargetTransportServers

"Eexch01","Eexch02" -BiDirectional $true -name TW2003-2010 -debug -verbose

Active Directory operation failed on dc.domain.com. This error is not retriable. Additional information: T

he name reference is invalid.

This may be caused by replication latency between Active Directory domain controllers.

Active directory response: 000020B5: AtrErr: DSID-03152392, #1:

0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 78e030df (msExchSourceBridgeheadServers

DN)

+ CategoryInfo : NotSpecified: (0:Int32) [New-RoutingGroupConnector], ADConstraintViolationException

+ FullyQualifiedErrorId : 6C3EB645,Microsoft.Exchange.Management.SystemConfigurationTasks.NewRoutingGroupConnector

VERBOSE: [10:22:19.103 GMT] New-RoutingGroupConnector : Ending processing &

ANALYSIS

==================

From the following output, you can see that the object DN of Default SMTP Virtual server is the same on all servers except one.

CN=2,CN=SMTP,CN=Protocols,CN=SERVER02,CN=Servers,…

CN=1,CN=SMTP,CN=Protocols,CN=SERVER01,CN=Servers,…

CN=1,CN=SMTP,CN=Protocols,CN=EEXCH02,CN=Servers,…

CN=1,CN=SMTP,CN=Protocols,CN=EEXCH01,CN=Servers,…

CAUSE

==================

This is a known issue with Exchange 2007 and Exchange 2010

Here is a workaround for Exchange 2003 server (it only apply if the Exchange server is not Exchange cluster server)

1. Close Exchange system manager

2. Install windows support tools

3. Open ADSIEDIT.MSC

4. Locate on <Configuration>\services\Microsoft Exchange\<Org Name>\Administrative Groups\<Exchange 2003 AG name>\Servers\<Exchange 2003 servername>\Protocol\SMTP

5. On “CN=2” folder, Right click it and select “Rename”, type “1”

6. Force DC replication and restart SMTP service on the Exchange server

After that , you can add the Exchange 2003 server as source or target of the RGC by below powershell.

Set-routinggroupconnector –identity <name of RGC> -sourceTransportServers < all source transport servers’ FQDN> -TargetTransportServers < all target transport servers’ FQDN>

Note:

1. You need to do for two RGC, because RGC is two ways.

2. You need to retype server’s FQDN on sourcetransporservers or targetTransportServers even though they are added.

WORKAROUND

==================

Since your server is a cluster server, we cannot modify the DN to workaround the issue.

修改您之前的 Cmdlet 指令，把 SERVER02 從指令中先移除

New-RoutingGroupConnector -Name TW2010-2003 -SourceTransportServers SERVER01,SERVER02 -TargetTransportServers EEXCH01,EEXCH02 -BiDirectional $true

錯誤訊息: Logon failure: unknown user name or bad password.

1. 先確認執行MBSA的電腦的登入帳號為遠端電腦的 administrator

Ex: 設定預設的administrator密碼跟遠端電腦一樣

· Domain中的電腦預設的administrators群組都有加入 Domain Admins的帳號

2. 關閉遠端電腦的簡易檔案共用

· Domain中的電腦預設的簡易檔案共用為關閉的

錯誤訊息: could not resolve the computer name:

3. 若遠端電腦的 Windows Firewall有啟動, 打開群組原則並設定以下選項:

· Domain中的電腦預設的Windows防火牆為關閉的

電腦設定->系統管理範本->網路->網路連線->Windows防火牆->標準設定檔

a. Windows防火牆: 允許遠端系統管理例外: 設定IP位置/網段或字串 (*=允許所有)

b. Windows防火牆:允許檔案及印表機共用例外: 設定IP位置/網段或字串 (*=允許所有)

c. Windows防火牆:定義連接埠例外

語法:<port>:<Protocol>:<Scope>:<Status>:<Name>

例: 將所有TCP 135 port的流量開啟

135:TCP:*:enabled:MBSA

需將以下的Port定義好:

TCP: 135

TCP: 139

TCP: 445

UDP: 137

UDP: 138

4. 把 Windows Update Agent的DCOM port 改為 static 的port number

a. 打開控制台->系統管理工具->元件服務

b. 元件服務->電腦->我的電腦->DCOM設定->Windows Update Agent – Remote Access->按右鍵選內容

c. 找到結束點並安下新增

選擇使用靜態結束點, 並定義 static port number. Ex: 如 1000

d. 設定好後打開登錄編輯程式檢查下面的機碼

HKEY_LOCAL_MACHINE\Software\Classes\AppID\{B366DEBE-645B-43A5-B865-DDD82C345492}\Endpoints REG_MULTI_SZ “ncacn_ip_tcp,0,n”

(where n is the port number you have decided to use.)

e. 也記得在群組原則中的Windows Firewall設定把設定好的TCP port允許