karthik's blog

When you enable userenv logging, you can perform debug logging of the user profile and the system policy processes. Userenv log files also contain information about the status of each Group Policy extension, such as Application Deployment, Security, and Folder Redirection. Userenv log files reveal what is occurring in the background as a user logs on   Userenv.log file located in the %SystemRoot%\Debug\UserMode folder Userenv log files contains information about the following: Group Policy settings that are not processed or not applied as expected Folder redirection that does not occur Profile or registry hive load, unload, or deletion failures Logon script, or script not applied as expected Default behaviors occurring because a slow link was detected Roaming profile issues Slow logon issues Whether a given GPO is accessible, and if not, why access was denied. The name of the domain controller that is accessing SYSVOL. The Userenv log has a maximum size of 1 megabyt

1.      !thread/!process [address] e - on x64 will not show you the meaningless Args to Child information. 2.      .frame /c [FrameNumber] - sets context to specificied stack frame. On x64 provides more reliable register information than .trap. 3.      kn - Dumps call stack with frame numbers, easier than counting stacks for .frame. 4.      .frame /r [FrameNumber] - same as .frame /c, but shows registers without changing context.Note: With .frame /c or /r you can only trust the nonvolatile registers.  5.      k=rbp rip FrameCount - Dumps call stack starting at rbp/rip on x64. Useful when the stack is corrupt. 6.      .process/.thread /p /r [address] - sets new process context, sets .cache forcedecodeuser, and reloads user symbols. 7.      !process [address] 17 - Sets the context for this command, avoids the need for .process to see user stacks. Try !process 0 17 8.      ~~[ThreadID]s - Changes threads in user mode. Use Thread ID number from output such as !locks.

Address Windowing Extensions (AWE) is a set of extensions that allows an application to quickly manipulate physical memory greater than 4GB. Certain data-intensive applications, such as database management systems and scientific and engineering software, need access to very large caches of data. In the case of very large data sets, restricting the cache to fit within an application's 2GB of user address space is a severe restriction. In these situations, the cache is too small to properly support the application. AWE solves this problem by allowing applications to directly address huge amounts of memory while continuing to use 32-bit pointers. AWE allows applications to have data caches larger than 4GB (where sufficient physical memory is present). AWE uses physical nonpaged memory and window views of various portions of this physical memory within a 32-bit virtual address space. AWE places a few restrictions on how this memory may be used, primarily because these rest

. Active Directory (AD) uses DNS as its locator service to support the various types of services that AD offers, such as Global Catalog (GC), Kerberos, and Lightweight Directory Access Protocol (LDAP). Other non-Microsoft services can be advertised in the DNS, including--but not restricted to--non-Microsoft implementations of LDAP and GC. However, sometimes clients might need to contact a Microsoft-hosted service. For that reason, each domain in DNS has an _msdcs subdomain that hosts only DNS SRV records that are registered by Microsoft-based services. The Netlogon process dynamically creates these records on each domain controller (DC). The _msdcs subdomain also includes the globally unique identifier (GUID) for all domains in the forest and a list of GC servers. If you install a new forest on a system that runs Windows Server 2003 and let the Dcpromo wizard configure DNS, Dcpromo will actually create a separate zone called _msdcs.&ltforest name&gt on the DNS s

All of the objects in the Active Directory forest are represented in the Directory Tree. A Directory Tree is a hierarchy of objects and containers in a directory that can be viewed graphically as an upside-down tree, with the root object at the top. A tree shows how objects are connected in terms of the path from one object to another. The Directory Tree of Active Directory tree is partitioned to allow sections to be distributed (replicated) to domain controllers in different domains within the forest. Each domain controller stores a copy of a specific part of the directory tree, called a “Naming Context” also know as Directory Partition. “Naming Context” is replicated as a unit to other domain controllers in the forest that contain a replica of the same sub tree. A “Naming Context” is also called a Directory Partition. In Active Directory, a single server always holds at least three naming contexts: Schema Naming Context Sche

OU are logical containers in a domain. They can contain users group, computers and other OUs, but only from home domain. you cant put gloal groups or computers from other domains into your domains OU An OU is a container , but not just as container like the users container in DSA.MSC. you can delegate control of container , ut you cant apply group policy to one. How are OU different from groups? a user can e a member of many groups but can only e in one OU at a time. Like groups OU can contain other OU. Groupname appear in ACL (Access control list) but not OU

What’s New in Windows Server 2008 Active Directory Domain Services? Active Directory Domain Services in Windows Server 2008 provides a number of enhancements over previous versions, including these: Auditing —AD DS auditing has been enhanced significantly in Windows Server 2008. The enhancements provide more granular auditing capabilities through four new auditing categories: Directory Services Access, Directory Services Changes, Directory Services Replication, and Detailed Directory Services Replication. Additionally, auditing now provides the capability to log old and new values of an attribute when a successful change is made to that attribute. Fine-Grained Password Policies —AD DS in Windows Server 2008 now provides the capability to create different password and account lockout policies for different sets of users in a domain. User and group password and account lockout policies are defined and applied via a Password Setting Object (PSO). A PSO has attributes for all

The debugging information can be written to different file formats (also known as memory dump files) when your computer stops unexpectedly because of a Stop error (also known as a "blue screen," system crash, or bug check). You can also configure Windows not to write debugging information to a memory dump file. Windows can generate any one of the following memory dump file types: Complete memory dump Kernel memory dump Small memory dump (64 KB) Complete memory dump A complete memory dump records all the contents of system memory when your computer stops unexpectedly. A complete memory dump may contain data from processes that were running when the memory dump was collected. If you select the Complete memory dump option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 megabyte (MB). If a second problem occurs and another complete memory dump (or kernel memory dump) file is c

Windows includes a registry-activated logging service to help diagnose Windows Installer issues. This article describes how to enable this logging service. Windows Installer can use logging to help assist in troubleshooting issues with installing software packages. This logging is enabled by adding keys and values to the registry. After the entries have been added and enabled, you can retry the problem installation and Windows Installer will track the progress and post it to the Temp folder. The new log's file name is random, but begins with the letters "Msi" and end with a .log extension. To locate the Temp folder location, type the following line at a command prompt: cd %temp%  Let me fix it myself Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added prote

ADSI Edit (adsiedit.msc) Updated: March 19, 2010 Applies To: Windows SBS 2008, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2 Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. This topic includes the following sections: Installing ADSI Edit Using ADSI Edit