Microsoft Windows Server 2003 and Windows XP scripts (I’m talking about command-line stuff that most people don’t even know exists) can be really handy or really annoying, but usually they seem to be both.

I am a technology director for a private school with around 700 students and 80 staff members. Every year half the students get their login credentials deleted and recreated. Teachers move from one classroom to another, needing access to different network printers. On top of that we have a few Windows 98 machines around that can be troublesome when dealing with mapped drives and whatnot, but are usually solid.

The issues I run into every year are these:

First, printer issues:

Adding printers to a machine that more than one person will login to…

To deal with this you used to (win9x) be able to just add a printer. Now if you don’t want to go through Group Policy and change things there you have to run a little script that globally adds the printer to the machine:

rundll32 printui.dll,PrintUIEntry /ga /c\\computerName /n\\serverName\printerShareName
sc \\computerName stop spooler
sc \\computerName start spooler

This works great but it’s a HUGE pain to do accross twenty or thirty machines when there should just be a GUI that can help you through it.

Next is user additions:

I have to add around 350 student users to our system and give them proper access to their home directories on the network etc. This ends up looking like this text for every user:
dsadd user “CN=UserName, OU=students, OU=users, dc=ourdomain, dc=local” -samid UserName -display “FirstName LastName” -upn UserName@ourdomain.local -pwd Password -fn FirstName -ln LastName -mustchpwd yes -loscr student.bat -memberof “cn=students, ou=groups, dc=ourdomain, dc=local” -hmdrv u: -hmdir “\ServerName\students\UserName”

Which is fine, I run it in a batch file mail-merged from a spreadsheet and they all get added in a couple minutes, but there is no error log and it does not create the user’s home folder with the proper permissions.

So, they’re generally good, but lack a couple things, now I have a problem because I don’t have directories for my new users that we created with that last script though, so I have to do this:

I create a really bad macro that manually opens the properties of every new student in Active Directory (the authentication management GUI). The macro goes to the homedirectory section and changes where it’s pointing then changes it back and saves. This creates the directory.

Unfortunately this leaves all student users with full access to their directory which means they can delete their own entire directory. I now have to edit the access control list for each directory to set admins with full access and each user with Read/Write/Change access only.

cacls fodlername /t /p builtin\Administrators:F
cacls foldername /e /t /g ourdomain\username:C

Also good, but there is no switch to run it quiet so you have to choose (Y/N) every time you set administrator with full priviliges. Poor planning on their part, a long time hitting Y then ENTER on my part.

That’s it; I’m reminded of these issues every year as school begins, Justin advised me to release my tension in blog form, so there it is.

In general I don’t have too much of a problem keeping up with issues at work. When we get to this point in the year though, things start to get pretty crazy. This year in addition to the usual school starting sorts of tasks like adding student users to the system and making sure computers are setup for new staff, we’re implementing a new student database for grading, attendance, lunch etc. They’ve also just set in place four ‘modular classrooms’ about 200 feet from the building. We had fiber optic cable run to one of the closets and I’m going to be working on getting network and phone wiring done. I look at my ‘to do’ list and I want to just take a nap. I was given permission to hire a temp, which has worked out GREAT, and he has relieved a lot of pressure just by being able to deal with stuff that comes up during the day that isn’t already on the list.

It’s really awesome to work where I do because I keep learning lots of new things and I’ve been able to implement new standards that make a lot of sense. It gets busy though and while I’m usually pretty calm under pressure, if I’ve been abnormally short with you anytime in the last few weeks I apologize.

I want to write lots of great things about the New York trip and generally inform ya’ll of the other things going on in my life but right now I can’t get work off the brain so it’ll have to wait.

Have a great day.

I woke up this morning and went to the landfill to drop off the smelly, wet carpet that has been sitting in our driveway for the last few days. On my way there I went through a stoplight that didn’t have power, I’m not sure why it didn’t register that I needed to stop. I had to swerve sharply to avoid a Pontiac Vibe that had stopped in the intersection when it saw me barreling toward it.

On the way to work it started to rain monsoon style. As I was coming up to Cavenaugh a guy was running across the street at the exact vector necessary for me to smash into his legs and throw him up over the lines that run the stoplights. It would’ve been an olympic record.

I didn’t actually get in an accident but that’s the closest I’ve come in a long time. Two in one day.

The title of the post is up and running because the c7technologies.com server is back up. You can see the week-long conversation I had with my host at http://truevektor.net/hostprob.htm.

Talk to ya’ll later, I’m going to New York for the weekend.