Find all computers on the current domain with a name that starts with “wks” :

C:\> dsquery computer -name wks* -desc desktop*

Find all computers in the Aberdeen OU:

C:\> dsquery computer ou=Aberdeen,ou=Workstations,dc=ss64,dc=com

Echo all inactive computer accounts (more than 4 weeks inactive):

C:\> dsquery computer -inactive 4

Disable all inactive computer accounts (more than 4 weeks inactive):

C:\> dsquery computer -inactive 4 | dsmod computer -disabled yes

Créditos: http://ss64.com/nt/dsquery-computer.html

Installing a RDP SSL Certificate

1. On your Microsoft certificate authority server open the Certificate Templates console.

2. Duplicate the Computer template and use the Windows Server 2003 Enterprise format (Server 2008 v3 templates will NOT work).

3. Change the template display name to RemoteDesktopComputer (no spaces). Verify the Template Name is exactly the same (no spaces). You can use a different name if you want, but both fields must match exactly.

4. Now we need to create an application policy to limit the usage to RDS authentication, then remove the other application uses for the certificate. On the extensions tab click on Application Policies then click on Edit.

5. Click on Add, then click on New.  Set the value of Name to Remote Desktop Authentication. Change the object identifier to 1.3.6.1.4.1.311.54.1.2.

13. In the same GPO node, configure the Require use of specific security layer for remote (RDP) connections to use SSL (TLS 1.0).

14. Wait for the GPO to replicate, then refresh the GPO on a test server. Wait a minute, then open the Certificates MMC snap-in for the computer account. Look in the PersonalCertificates store for a certificate that has the Intended Purposes of Remote Desktop Authentication. If it’s not there, wait a minute, and refresh. If it never appears, something is wrong. Look at the gpresult to make sure your GPO is being applied to the server.

15. Once the certificate appears, double click on the certificate to open it. On the Details tab look at the first few characters of the thumbprint value and remember them.

16. To make sure the RDP service is aware of the new certificate, I restart the Remote Desktop Services service.

17. Open an elevated PowerShell prompt and run this command:

Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -Filter “TerminalName=’RDP-tcp’”

Validate that the Security Layer value is 2 and that the thumbprint matches the certificate. If both of those settings are correct, then you are good to go!

As a quick test I attempted to connect to this server from a non-domain joined computer that did not have the root certificate for my CA. I configured the RDP client to warn on any security issues. As expected, the client threw errors about the CRL not being available, and that it didn’t trust the chain. I also viewed the certificate and verified it was the correct one.

It seems Windows 8 has much more stringent certificate checking than Windows 7. The screenshots below are from Windows 7, in case you didn’t recognize the chrome. When using a Windows 7 non-domain joined computer to access the same TLS protected server, I got NO certificate warnings. That was even with the RDP 8 add-on hotfix. I’m glad to see Win8 does thorough certificate validation.

Connecting to the same server from a domain-joined computer that trusted the root CA resulted in no security warnings and a successful connection. If you look at a Wireshark capture you can also validate that CRL information is being exchanged between the computers, which means TLS is being used.

Créditos: http://www.derekseaman.com/2013/01/creating-custom-remote-desktop-services.html

Dsquery is a command-line tool that is built into Windows Server 2008. 
It is available if you have the Active Directory Domain Services (AD DS) server role installed. 
To use dsquery, you must run the dsquery command from an elevated command prompt. 
To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

To find inactive computer accounts (number is inactivity in weeks):
dsquery computer -inactive 2

To find computers with stale passwords (number is stale in days)
dsquery computer -stalepwd 45

There is also a combination to disable / delete the accounts:
combined with dsmod/dsrm

dsquery computer -inactive 4 | dsmod computer -disabled yes
dsquery computer -stalepwd 45 | dsrm computer

You can get additional info on both of these tools with dsquery computer /? ,dsmod computer /?, and dsrm computer /?

Créditos: http://community.spiceworks.com/scripts/show/339-find-and-or-cleanup-old-computer-accounts-in-ad

CLASS MACHINE
CATEGORY !!category
CATEGORY !!categoryname
POLICY !!policyhorarioverao
KEYNAME “System\CurrentControlSet\Control\TimeZoneInformation”
EXPLAIN !!explaintextdst
PART !!labeltextdst DROPDOWNLIST REQUIRED
VALUENAME “DisableAutoDaylightTimeSet”
ITEMLIST
NAME !!Disabled VALUE NUMERIC 0 DEFAULT
NAME !!Enabled VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
END CATEGORY
END CATEGORY

[strings]
category=”Custom Policy Settings”
categoryname=”Horário de Verão”
policyhorarioverao=”Disable DST”
explaintextdst=”Disable Automatically adjust clock for daylight saving changes”
labeltextdst=”Disable DST”
Enabled=”Enabled”
Disabled=”Disabled”

Fonte : http://blogdosmonges.blogspot.com.br/2009/10/desativacao-do-dst-para-o-horario-de.html

SNR Margin – Relação Sinal ruído:

– 5db ou menos = ruim, impossível sincronia, quedas freqüentes
– 8db-13db = regular – sem problemas com sincronia do modem
– 14db-22db = muito bom
– 23db-28db = excelente
– 29db-35db = raro

Atenuação:

– 0 – 19dB = excelente,cabeamento excelente, bem próximo ao DSLAN
– 20-30dB = Muito bom
– 30-40dB = bom
– 40-60dB = regular
– 60-65dB = pobre
– 65dB ou superior terão problemas

Créditos : http://www.flogao.com.br/mastergleidson/blog/2468044

The winsxs folder in c:\windows can be really big, the only way to cleanup is using the microsoft command line tools :

Windows Server 2003 : VSP1CLEAN.exe
Windows Server 2008 : COMPCLN.exe
Windows 7 and Server 2008 R2 : DISM.exe

I will explain the last one here.  Start your command prompt As Administrator.

Usage: dism /online /cleanup-image /spsuperseded

Note:
After running this command it won’t be possible to uninstall any service packs!

Before :

After:

So almost 3Gb on my Windows 7 Sp1 machine is released.

You can also run these commands :

Takeown /f %windir%\winsxs\ManifestCache\*
Icacls %windir%\winsxs\ManifestCache\* /GRANT administrators:F
Del /q %windir%\winsxs\ManifestCache\*

In my case this cleanup another 500Mb

Créditos : http://www.microsoftpro.nl/2011/07/28/how-to-cleanup-the-winsxs-folder-on-windows-7-sp1-windows-2008-windows-2008-r2-sp1/

Crie um arquivo .adm com o bloco de notas e cole esse codigo dentro!
Após isso caregue na edição da GPO.

CLASS USER
CATEGORY “Ferramentas Administrativas”
POLICY “Retirar Ferramentas Administrativas do Menu Iniciar”
EXPLAIN !!ADMHelp
KEYNAME Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
PART !!ADM_Configure DROPDOWNLIST REQUIRED
VALUENAME “Start_AdminToolsRoot”
ITEMLIST
NAME !!ADMoff VALUE NUMERIC 0 DEFAULT
NAME !!ADMon VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
END CATEGORY

[strings]
ADM_Configure=”Qual configuração você deseja?”
ADMoff=”Oculta”
ADMon=”Visível”

; explains
ADMhelp=”Remove o item Ferramentas Administrativas do Menu Iniciar!”

Créditos : https://social.technet.microsoft.com/Forums/pt-BR/winsrv2003pt/thread/dfe2107d-69fd-4bf5-a456-8880cb30b29f/

Script Power Shell :

Neste caso, você pode também (veja qual solução é a mais simples para teu uso) usar este script abaixo;

set oShell = CreateObject(“WScript.Shell”)
oShell.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_AdminToolsRoot”, “0”, “REG_DWORD”

Créditos: http://social.technet.microsoft.com/Forums/pt-BR/winsrv2008pt/thread/d287bce7-251f-4cf9-a4c8-16e1c9640016/

206.51.26.0/24
193.109.81.0/24
204.187.87.0/24
206.53.144.0/20
216.9.240.0/20
67.223.64.0/19
93.186.16.0/20
68.171.224.0/19
74.82.64.0/19
173.247.32.0/19
178.239.80.0/20

——————————————————————————————————————-

If WScript.Arguments.Count > 1 Then
WScript.Echo
WScript.Echo “Usage: cscript “”Clear Event Logs.vbs”” [computer name]”
WScript.Echo
WScript.Quit
End If

Dim strComputer ‘ As String

If WScript.Arguments.Count > 0 Then
strComputer= WScript.Arguments(0)
Else
strComputer= “localhost”
End If

ClearEventLogs strComputer

WScript.Echo “Done”

Private Sub ClearEventLogs( _
strComputer)

WScript.Echo “Clearing event logs on ” & strComputer & “…”

Set objWMIService = GetObject( _
“winmgmts:” & “{impersonationLevel=impersonate,(Backup)}!\\” _
& strComputer & “\root\cimv2”)

Set colLogFiles = objWMIService.ExecQuery( _
“Select * from Win32_NTEventLogFile”)

For Each objLogfile in colLogFiles
ClearEventLog strComputer, objLogfile.LogfileName
Next
End Sub

Private Sub ClearEventLog( _
strComputer, _
strEventLogName)

WScript.Echo “Clearing ‘” & strEventLogName & “‘ event log on ” _
& strComputer & “…”

Set objWMIService = GetObject( _
“winmgmts:” & “{impersonationLevel=impersonate,(Backup)}!\\” _
& strComputer & “\root\cimv2”)

Set colLogFiles = objWMIService.ExecQuery( _
“Select * from Win32_NTEventLogFile where LogFileName='” _
& strEventLogName & “‘”)

For Each objLogfile in colLogFiles
Dim backupFilename
backupFilename= “C:\” & strEventLogName & “_” & GetFormattedTimestamp() _
& “.evt”

errBackupLog = objLogFile.BackupEventLog(backupFilename)
If errBackupLog <> 0 Then
WScript.Echo “The ” & strEventLogName & ” event log on ” _
& strComputer & ” could not be backed up.”
Else
objLogFile.ClearEventLog()
End If
Next
End Sub

Private Function GetFormattedTimestamp()
Dim timestamp
timestamp = Now

GetFormattedTimestamp = Year(timestamp) _
& LPad(Month(timestamp), 2, “0”) _
& LPad(Day(timestamp), 2, “0”) _
& “_” & Replace(FormatDateTime(timestamp, 4), “:”, “”)

End Function

Private Function LPad( _
strValue, _
nLength, _
strPadCharacter)

Dim strPaddedValue

strPaddedValue = strValue

While (Len(strPaddedValue) < nLength)
strPaddedValue = strPadCharacter & strPaddedValue
WEnd

LPad = strPaddedValue
End Function
——————————————————————————————————————-
Link Download : clean-event-viewer.txt

Vamos mostrar uma prática comum no dia a dia. Precisamos verificar se um endereço de IP está sendo usado no momento, para isso executamos o PING no endereço. Exemplo, vamos pingar o endereço IP 192.168.112.170.

Já que respondeu vamos descobrir agora qual o nome DNS desse computador no domínio executando nslookup.

Agora vamos mais a fundo, quem será que está logado nessa estação de trabalho? Para isso vamos utilizar o PSLOGGEDON.

Você vai ter que executar o download da ferramenta, que é bem leve (1.60MB), para isso visite: http://technet.microsoft.com/en-us/sysinternals/bb897545.aspx.

Depois é só executa-la uma vez e acessar o cmd para trabalhar com o comando. Estou usando o powershell por costume, mas pode ser o prompt de comando, que alguns chamam de DOS. 

Baseado no número do computador que queremos descobrir o usuário logado digitamos:

Psloggedon nome_computador -l -x

Vejamos o help do aplicativo para entender melhor.

O que fizemos foi buscar quem está logado localmente sem mostrar a opção logon times (que pode trazer informações desnecessárias).

Esse é o método mais prático, mas se você precisa buscar pelo nome de usuário também é possivel digitando:

Psloggedon nome_usuario -l -x

Note que você tem que ter permissão nas máquinas do domínio para executar essa operação, algumas ele pode não abrir, mas veja que ele conseguiu descobrir a máquina “TIAGO”.

Se você não usar a opção “–l” ele busca logins remotos também.

Crédito : http://www.portaltecnologia.net/2010/05/07/psloggedon-como-descobrir-o-usuario-logado-em-uma-estacao/