Active Directory Users & Computers (ADUC)

Active Directory Users & Computers (ADUC) is one of several Microsoft Management Consoles (MMC) used for management in a Windows environment.  As the name implies, it is used to manage users and computers.  However, we don’t typically manage actual user accounts, but we do manage the AD groups they’re in.  We also manage computer accounts, and the groups they’re in, as well.  This is the standard tool for that.

First Steps

“We have joined several computers to the WT domain. These computers do not have any policies specifically applied to them except for the default policies. When I look at these computers in ADUC and do a right-click Manage on the computer I get an error on one computer that says the computer “cannot be managed. The network path was not found.” On another I get “Event viewer cannot connect to computer. RPC server is unavailable” but the manage console opens. What am I missing?”

Almost certainly a firewall setting.  We’re not enabling firewall rules SMB/RPC/etc by default at the domain level since we’d basically have to open it to all of campus and thats just too widely spread.
If they are all Win7 boxes, and assuming you have a limited number of machines where you do your system administration, create a policy with a custom rule in the Advanced firewall that allows all Ports and Programs inbound from the IP’s of your system administration boxes.

Remote Control

What’s the right click “Remote Control”  option in MMC? ‘Remote Control’ reads the computer’s host name from the AD MMC and runs the mstsc.exe application to connect to that computer. We’ve added this option for conveniance, but you’ll need to take one step before it’ll work. You need to copy the associated rControl.exe tool in a locatable path on EVERY “client” machine from which you’re going to use the ‘Remote Control’ action inside the AD MMCs. You can simply copy it to the %WINDIR% (e.g. C:\Winnt), for example. For now, you can download this file from http://www.wolftech.ncsu.edu/files/rcontrol.exe

Version 1.3 of rControlAD adds Registry Keys to better control the behavior of rControl. These keys allow you to configure whether the Remote Desktop session will connect to the console, use full screen or specific window size, and the use of a custom Port number.

The Registry keys are:
[HKEY_CURRENT_USER\Software\Microsoft\rControlAD] “FullScreen”=”1”
“ConnectToConsole”=”0”
“Width”=”0”
“Height”=”0”
“UseCustomPortNumber”=”0”
“PortNumber”=”3389”

These are the default values. You can change them for your needs:

“FullScreen”= when set to 1, the session opened by rControlAD will open in full screen.
When set to 0, the session opened by rControlAD will use the “Height” and “Width” reg key values.

“ConnectToConsole”= When set to 1, the session opened by rControlAD will Connect to console (Session 0). Note: connecting to console session is supported only on Windows XP and above.

“Width”= When “FullScreen” is set to 0, this value will be used to determine the session window’s width.
“Height”= When “FullScreen” is set to 0, this value will be used to determine the session window’s Height.

“UseCustomPortNumber”= when set to 1, rControl will read and use the Port Number specified at “PortNumber” registry value. The default is “UseCustomPortNumber”=”0”, so the default Remote Desktop port is used (3389)

Source: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=12244

 

 

SpecOps GPUpdate