Blog: Windows 2003 Server

I have a few notes to share on DFS in Windows 2008 R2. First of all, Microsoft changed the way DFS replication is done starting in Windows 2003 R2. In previous versions, DFS replication for SYSVOL shares on domain controllers as well as DFS replications was handled by FRS (File Replication Service). Starting in Windows 2003 R2, the service was overhauled along with the management interface. Replication for DFS is now handled by DFS Replication Service and the two (DFSR and FRS) don’t play ball with one another. That is to say that you can’t use pre-windows 2003 R2 servers in the same DFS replication topologies with post-windows 2003 R2 servers. However, SYSVOL in all versions continues to use FRS until all domain controllers are Windows 2008. Additionally, once you have your DFS tree in place and get your replication topology set up, you’re not done. Make sure to edit the file exclusions list for the replication group. By default, a new replication group EXCLUDES files with the ~ (to start the file), .tmp, and .bak files. The ~ makes sense, but .tmp and .bak could be  a problem depending on the type of data in the share.


I’ve been researching some slow installs on one of our terminal servers for a while now. An install, which normally takes a couple of minutes, had been taking close to an hour; giving me time to complete other installs and come back to it. It seemed like a registry issue for the longest time, but I wasn’t completely sure where to begin. I found a posting on an HP forum about an older version of the Universal Print Driver leaving a ton of garbage in the registry when it was installed. Checking the tree (HKEY_CURRENT_USER\Software\Hewlett-Packard, HKEY_USERS\.DEFAULT\Software\Hewlett-Packard) and there were quite a few keys with GUIDs (100a6cf5-1f38-4593-558c-306404c054e2) running down the list. [more]

Following recommendations from, I deleted all the HP printers, deleted all the HP drivers from the local print server properties, and then backed up and deleted the trees listed above as well as the HP Universal Print Monitor key (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\HP Universal Print Monitor). I then reinstalled the necessary HP printers, one of which installed the Universal Print driver again, and checked the registry. Much cleaner.

After running a test install, it appears that removing those entries really cleaned up the registry quite a bit and is speeding up the installs. To give you an idea of the sheer size of the exported entries, in the default .reg format, the export took nearly 40MB. In plain-text (.txt) export, the size doubled. That's a lot of HP garbage.


One way to exclude directories (thus not single files or filettypes) of roaming profiles to be placed on the servers is by using the Group Policy Object:

  • User Configuration
  • Administrative Templates
  • System
  • User Profiles
  • "Exclude directories in roaming profile" [more]

You can enable this and type in the folders you want to exclude.  You only type the name of the folder from the root directory of the profile.  So if you want to exclude "D:\Documents and Settings\tuser\Application Data\Microsoft\Internet Explorer\UserData" then you type in “Application Data\Microsoft\Internet Explorer\UserData”.  For extended folder entries you separate each by a semi-colon:  "UserData;Cookies;My Documents;Temp;Start Menu;Application Data\Microsoft\Internet Explorer\UserData;"

Be sure to include a semicolon at the end.

To verify delivery to the targeted user accounts, go to a device where a targeted user account has logged on and check the following registry key manually: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System


At a client site, I have been testing some automated ways to move users from v1 to v2 profiles. All their users are on Windows XP and we are moving them to Windows 7. I was looking specifically for a graceful way to allow interoperability between the profile versions and keep us from having to touch every user profile to copy over data. What I found was a little annoying. There is really only two ways to migrate data from v1 to v2 profiles.

  1. Use Folder redirection to share data between the profile versions by redirecting relevant data to a network share that can be used by both profiles.
  2. Use the user state migration tool [more]

If you are NOT using roaming profiles, the USMT is the best way. If you are using roaming profiles, the folder redirection is the best way. The gotcha here is to make sure you create the folder redirection policy FIRST on a Windows Vista, 7, or 2008 system BEFORE editing it on a Windows XP or 2003 system. There is something about the way the GPO is created/built that will not allow it to apply to vista, 7 , and 2008 systems if it is created with XP or 2003 first.


A while back I mentioned that you can just enter sendto in the start/run field and it would open your sendto folder.  There are many of these shell folders – special folders that may be on disk, or may be fabricated by the OS.  The “correct” way to reference these is with the “shell:” prefix.  So you can specify shell:sendto, shell:startup, shell:favorites, etc. [more]

The full list is in your registry at


Note: The name in the registry does not always match the name you see in explorer.


64 bit Gotcha:   If you are creating a DSN on a 64bit machine for a 32 bit database, then you will need to create a 32bit DSN. This cannot be done from the Control Panel  ODBC Data Source Administrator , because this program creates a 64bit DSN. In order to create the 32bit DSN, you must run the program odbcad32.exe from the Windows\syswow64 directory.  The KB article here talks about this issue. In particular, I ran into this problem when moving a VMware Virtual Center from one machine (32 bit, Windows 2003) to a new machine (64 bit, Windows 2008 R2). [more]


I had a situation come up this week where a user was able to change the security on a file that they had created. This type of action was not desirable and I was having a hard time tracking down how this was happening. It turned out to be the following: User had modify permissions for the folder and subfolders so they were free to create and delete files. However, the CREATOR OWNER permission was also on the folder and was set to FULL CONTROL. Thus, when the user created a new file, they were the owner. As such, they were then given the ability to change the permissions. So, the gotcha is be careful how the CREATOR OWNER permission is used…and keep a watchful eye on curious users.


I’ve been using the Microsoft RDP client for the Mac to login to one of our terminal servers.  Unfortunately this client has an annoying bug where the time zone is not set correctly if time zone redirection is set through group policy.  After manually changing the time zone a few days in a row I decided to look for more automated solution.  I found that you can invoke the Date and Time control panel applet from a command line and pass the desired time zone.  The command is: [more]

control.exe timedate.cpl,,/Z Central Standard Time

The time zone has to match the one key values saved in the registry at HKLM\Software\Microsoft\Windows NT\CurrentVersion\Time Zones.  I put this in a command file and added it to my startup group on the server.


Have you run MSINFO32 to get OS information and been greeted by this error: "Windows cannot open Help and Support because a system service is not running. To fix this problem, start the service named 'Help and Support'."  You then go to the services listing and find that 'Help and Support' is not there.

Microsoft indicates this is a known issue on SBS 2003 after installing SP2 (I have seen and resolved this same behavior on Standard Edition as well).  Here is the fix: [more]

  1. open a command prompt and change directory to %windir%\PCHealth\HelpCtr\Binaries
  2. -run 'start /w helpsvc /svchost netsvcs /regserver /install'
  3. -once complete, refresh your Services listing and you should see 'Help and Support' ready to be started
  4. -after starting that service, run MSinfo32 again


When re-imaging a Windows 2003 server you will be prompted to activate Windows. When I did this it would not allow me to connect to the internet and thus I had to do it by phone. When entering the key info over the phone with Microsoft’s automated response system and then inputting the activation code given to me from the phone it told me that it was an invalid key. After much trouble I found that when I chose the option to change my CD key and then input the same CD Key I was using on the phone I was able to finally activate it over the phone.