Andrew Raia

Add Options to the Delegate Control Wizard in Windows 2008 Server

Posted by Andrew Raia under Permissions, Technology, Windows Server on March 20, 2012 at 10:38 am EST

Locate the delegwiz.inf file in %Windir%\system32. Take ownership and allow administrators full control (make a backup copy first). Erase the contents of the file and replace with the ones below, and re-save the file.

[Version]
signature=”$CHICAGO$”

[DelegationTemplates]

Templates = template1, template2, template3, template4, template5, template6, template7, template8, template9, template10, template11, template12, template13, template14, template15, template16, template17, template18, template19, template20, template21, template22, template23,template24, template25, template26, template27, template28, template29, template30, template31, template32, template33,template34, template35, template36, template37, template38, template39, template40, template41, template42, template43,template44, template45, template46, template47, template48, template49, template50, template51, template52, template53,template54, template55, template56, template57, template58, template59, template60, template61, template62, template63,template64, template65, template66, template67, template68, template69, template70
;———————————————————
[template1]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Create, delete, and manage user accounts”

ObjectTypes = SCOPE, user

[template1.SCOPE]
user=CC,DC

[template1.user]
@=GA
;———————————————————

;———————————————————
[template2]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Reset user passwords and force password change at next logon”

ObjectTypes = user

[template2.user]
CONTROLRIGHT= “Reset Password”
pwdLastSet=RP,WP
;———————————————————-

;———————————————————-
[template3]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Read all user information”

ObjectTypes = user

[template3.user]
@=RP

;———————————————————-
[template4]
AppliesToClasses = organizationalUnit,container

Description = “Create, delete and manage groups”

ObjectTypes = SCOPE, group

[template4.SCOPE]
group=CC,DC

[template4.group]
@=GA

;———————————————————-

;———————————————————-
[template5]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify the membership of a group”

ObjectTypes = group

[template5.group]
member=RP,WP
;———————————————————-

;———————————————————-
[template6]
AppliesToClasses = domainDNS

Description = “Join a computer to the domain”

ObjectTypes = SCOPE

[template6.SCOPE]
computer=CC
;———————————————————-

;———————————————————-
[template7]
AppliesToClasses = domainDNS,organizationalUnit,site

Description = “Manage Group Policy links”

ObjectTypes = SCOPE

[template7.SCOPE]
gPLink=RP,WP
gPOptions=RP,WP
;———————————————————-

;———————————————————
[template8]
AppliesToClasses=domainDNS,organizationalUnit

Description = “Generate Resultant Set of Policy (Planning)”

ObjectTypes = SCOPE

[template8.SCOPE]
CONTROLRIGHT= “Generate Resultant Set of Policy (Planning)”
;———————————————————-

;———————————————————
[template9]
AppliesToClasses=domainDNS,organizationalUnit

Description = “Generate Resultant Set of Policy (Logging)”

ObjectTypes = SCOPE

[template9.SCOPE]
CONTROLRIGHT= “Generate Resultant Set of Policy (Logging)”
;———————————————————-

;———————————————————
[template10]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Create, delete, and manage inetOrgPerson accounts”

ObjectTypes = SCOPE, inetOrgPerson

[template10.SCOPE]
inetOrgPerson=CC,DC

[template10.inetOrgPerson]
@=GA
;———————————————————

;———————————————————
[template11]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Reset inetOrgPerson passwords and force password change at next logon”

ObjectTypes = inetOrgPerson

[template11.inetOrgPerson]
CONTROLRIGHT= “Reset Password”
pwdLastSet=RP,WP
;———————————————————-

;———————————————————-
[template12]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Read all inetOrgPerson information”

ObjectTypes = inetOrgPerson

[template12.inetOrgPerson]
@=RP

;———————————————————-

;———————————————————
[template13]
AppliesToClasses=container

Description = “Create, Delete, and Manage WMI Filters”

ObjectTypes = SCOPE, msWMI-Som

[template13.SCOPE]
msWMI-Som=CC,DC

[template13.msWMI-Som]
@=GA
;———————————————————-

;———————————————————
[template14]
AppliesToClasses=domainDNS,organizationalUnit

Description = “Create an Organizational Unit”

ObjectTypes = SCOPE

[template14.SCOPE]
organizationalUnit=CC
;———————————————————-

;———————————————————
[template15]
AppliesToClasses=domainDNS,organizationalUnit

Description = “Delete a child Organizational Unit”

ObjectTypes = SCOPE

[template15.SCOPE]
organizationalUnit=DC
;———————————————————-

;———————————————————
[template16]
AppliesToClasses=organizationalUnit

Description = “Delete this Organizational Unit”

ObjectTypes = organizationalUnit

[template16.organizationalUnit]
@=SD
;———————————————————-

;———————————————————
[template17]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Rename an Organizational Unit”

ObjectTypes = organizationalUnit

[template17.organizationalUnit]
ou=WP
name=WP
;———————————————————-

;———————————————————
[template18]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify Description of an Organizational Unit”

ObjectTypes = organizationalUnit

[template18.organizationalUnit]
description=WP
;———————————————————-

;———————————————————
[template19]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify Managed-By Information of an Organizational Unit”

ObjectTypes = organizationalUnit

[template19.organizationalUnit]
managedBy=WP
;———————————————————-

;———————————————————
[template20]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Delegate Control of an Organizational Unit”

ObjectTypes = organizationalUnit

[template20.organizationalUnit]
@=WD
;———————————————————-

;———————————————————
[template21]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Create a group”

ObjectTypes = SCOPE

[template21.SCOPE]
group=CC
;———————————————————-

;———————————————————
[template22]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Delete a child group”

ObjectTypes = SCOPE

[template22.SCOPE]
group=DC
;———————————————————-

;———————————————————
[template23]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Delete this group”

ObjectTypes = group

[template23.group]
@=SD
;———————————————————-

;———————————————————
[template24]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Rename a group”

ObjectTypes = group

[template24.group]
cn=WP
name=WP
;———————————————————-

;———————————————————
[template25]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify the Pre-Windows 2000 compatible name for the group”

ObjectTypes = group

[template25.group]
sAMAccountName=WP
;———————————————————-

;———————————————————
[template26]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify the description of a group”

ObjectTypes = group

[template26.group]
description=WP
;———————————————————-

;———————————————————
[template27]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify the scope of the group”

ObjectTypes = group

[template27.group]
groupType=WP
;———————————————————-

;———————————————————
[template28]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify the type of the group”

ObjectTypes = group

[template28.group]
groupType=WP
;———————————————————-

;———————————————————
[template29]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify notes for a group”

ObjectTypes = group

[template29.group]
info=WP
;———————————————————-

;———————————————————
[template30]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify group membership”

ObjectTypes = group

[template30.group]
member=WP
;———————————————————-

;———————————————————
[template31]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify Managed-By Information of a Group”

ObjectTypes = group

[template31.group]
managedBy=WP
;———————————————————-

;———————————————————
[template32]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Create a computer account”

ObjectTypes = SCOPE

[template32.SCOPE]
computer=CC
;———————————————————-

;———————————————————
[template33]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Delete a child computer account”

ObjectTypes = SCOPE

[template33.SCOPE]
computer=DC
;———————————————————-

;———————————————————
[template34]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Delete this computer account”

ObjectTypes = computer

[template34.computer]
@=SD
;———————————————————-

;———————————————————
[template35]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Rename a computer account”

ObjectTypes = computer

[template35.computer]
@=WP
;———————————————————-

;———————————————————
[template36]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Disable a computer account”

ObjectTypes = computer

[template36.computer]
userAccountControl=WP
;———————————————————-

;———————————————————
[template37]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Reset a computer account”

ObjectTypes = computer

[template37.computer]
CONTROLRIGHT= “Reset Password”
;———————————————————-

;———————————————————
[template38]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify the computer’s description”

ObjectTypes = computer

[template38.computer]
description=WP
;———————————————————-

;———————————————————
[template39]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify Managed-By information for a computer account”

ObjectTypes = computer

[template39.computer]
managedBy=WP
;———————————————————-

;———————————————————
[template40]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify that a computer account be trusted for delegation”

ObjectTypes = computer

[template40.computer]
userAccountControl=WP
;———————————————————-

;———————————————————
[template41]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Create a user account in disabled state”

ObjectTypes = SCOPE

[template41.SCOPE]
user=CC
;———————————————————-

;———————————————————
[template42]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Create a user account”

ObjectTypes = SCOPE , user

[template42.SCOPE]
user=CC

[template42.user]
userAccountControl=WP
CONTROLRIGHT= “Reset Password”
;———————————————————-

;———————————————————
[template43]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Delete a child user account”

ObjectTypes = SCOPE

[template43.SCOPE]
user=DC
;———————————————————-

;———————————————————
[template44]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Delete this user account”

ObjectTypes = user

[template44.user]
@=SD
;———————————————————-

;———————————————————
[template45]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Rename a user account”

ObjectTypes = user

[template45.user]
cn=WP
name=WP
distinguishedName=WP
;———————————————————-

;———————————————————
[template46]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Disable a user account”

ObjectTypes = user

[template46.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template47]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Unlock a user account”

ObjectTypes = user

[template47.user]
lockoutTime=WP
;———————————————————-

;———————————————————
[template48]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Enable a disabled user account”

ObjectTypes = user

[template48.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template49]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Reset a user account’s password”

ObjectTypes = user

[template49.user]

CONTROLRIGHT= “Change Password”
;———————————————————-

;———————————————————
[template50]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Force a user account to change the password at the next logon”

ObjectTypes = user

[template50.user]
CONTROLRIGHT= “Reset Password”
userPassword=WP
;———————————————————-

;———————————————————
[template51]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify a user’s display name”

ObjectTypes = user

[template51.user]
adminDisplayName=WP
;———————————————————-

;———————————————————
[template52]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify a user account’s description”

ObjectTypes = user

[template52.user]
description=WP
;———————————————————-

;———————————————————
[template53]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify a user’s office location”

ObjectTypes = user

[template53.user]
physicalDeliveryOfficeName=WP
;———————————————————-

;———————————————————
[template54]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify a user’s telephone number”

ObjectTypes = user

[template54.user]
telephoneNumber=WP
;———————————————————-

;———————————————————
[template55]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify the location of a user’s primary web page”

ObjectTypes = user

[template55.user]
wWWHomePage=WP
;———————————————————-

;———————————————————
[template56]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify a user’s UPN”

ObjectTypes = user

[template56.user]
userPrincipalName=WP
;———————————————————-

;———————————————————
[template57]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify a user’s Pre-Windows 2000 user logon name”

ObjectTypes = user

[template57.user]
sAMAccountName=WP
;———————————————————-

;———————————————————
[template58]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Modify the hours during which a user can log on”

ObjectTypes = user

[template58.user]
logonHours=WP
;———————————————————-

;———————————————————
[template59]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify the computers from which a user can log on”

ObjectTypes = user

[template59.user]
userWorkstations=WP
;———————————————————-

;———————————————————
;[template60]
;AppliesToClasses=domainDNS,organizationalUnit,container

;Description = “Set User cannot change password for a user account”

;ObjectTypes = user

;[template60.user]

;CONTROLRIGHT= “Change Password”
;———————————————————-

;———————————————————
[template61]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Set Password Never Expires for a user account”

ObjectTypes = user

[template61.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template62]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Set Store Password Using Reversible Encryption for a user account”

ObjectTypes = user

[template62.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template63]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Disable a user account”

ObjectTypes = user

[template63.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template64]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Set Smart card is required for interactive logon for a user account”

ObjectTypes = user

[template64.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template65]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Set Account is sensitive and cannot be delegated for a user account”

ObjectTypes = user

[template65.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template66]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Set Use DES encryption types for this account for a user account”

ObjectTypes = user

[template66.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template67]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Set Do not require Kerberos pre-authentication for a user account”

ObjectTypes = user

[template67.user]
userAccountControl=WP
;———————————————————-

;———————————————————
[template68]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify the date when a user account expires”

ObjectTypes = user

[template68.user]
accountExpires=WP
;———————————————————-

;———————————————————
[template69]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify a profile path for a user”

ObjectTypes = user

[template69.user]
profilePath=WP
;———————————————————-

;———————————————————
[template70]
AppliesToClasses=domainDNS,organizationalUnit,container

Description = “Specify a logon script for a user”

ObjectTypes = user

[template70.user]
scriptPath=WP
;———————————————————-

ADD COMMENTS

Mass User Password Change Using Powershell (auto executing)

Posted by Andrew Raia under Powershell, Technology, Windows Server on March 15, 2012 at 3:25 pm EST

So I had a situation where I had to changed multiple passwords to the same default password for multiple user IDs. I came up with this script, it could easily be modified to search by OU or any other AD object, but for now I am just using it for UserID searches. You have to use a wildcard * if you want to get all the ids with similar names, or just use * for everyone. The script will ask you to confirm the list you want to process before hand, and ask you to enter the password twice.

To use this script, copy and paste the text into notepad and save it as a .BAT or .CMD file, The first part is not powershell, its regular command line that allows you to just double click the file to run it rather than going through powershell directly. You must have powershell 2.0 with the active directory module installed to use this, but if you have 2008 R2 and a domain controller you should be set.

:: <#
@echo off
copy %0 %0.ps1 >nul
PowerShell.exe -ExecutionPolicy Unrestricted -NoProfile -Command "$ErrorActionPreference = 'SilentlyContinue'; . %0.ps1; Remove-Item %0.ps1"
pause
exit
:: #>
$ErrorActionPreference = 'Continue'

Function Ask-YesOrNo
{
param([string]$title="Confirm",[string]$message="Are you sure?")
$choiceYes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Answer Yes."
$choiceNo = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Answer No."
$options = [System.Management.Automation.Host.ChoiceDescription[]]($choiceYes, $choiceNo)
$result = $host.ui.PromptForChoice($title, $message, $options, 1)
switch ($result)
{
0
{
Return $true
}

1
{
Return $false
}
}
}
echo "This Script will search Active Directory for User IDs based on your search criteria and then change the password to one you specify."
echo ""
echo "Do You Wish to continue?"
If (Ask-YesOrNo)
{
import-module ActiveDirectory
echo ""
$SearchUser = read-host "Enter Search Criteria"
$userlist = Get-ADuser -Filter 'Name -like $SearchUser'
echo $userlist | Ft Name
echo "Process This List?"
If (Ask-YesOrNo)
{
echo ""
$NewPass1 = read-host "Please Enter New Password"
$NewPass2 = read-host "Please Confirm New Password"
$NewPassResult = [string]::Compare($NewPass1,$NewPass2,$false)
If ($NewPassResult -eq 0)
{
echo ""
echo "Passwords Match"
}
Else
{
echo ""
echo "Passwords do not Match, Please Re-Run this script"
echo ""
break
}
echo ""
$userlist | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$NewPass1" -Force)
echo "Password has been successfully updated"
echo ""
}
Else
{
echo ""
echo "List Denied"
echo ""
}
}
Else
{
echo ""
echo "Exiting Script"
echo ""
}

ADD COMMENTS

Changes

Posted by Andrew Raia under Site News on September 14, 2011 at 1:23 pm EST

I’ve decided to add a new category to the site. Going to be posting a bunch of tech related stuff as it relates to my job, and things i discover , fixes etc. That is all for now.

ADD COMMENTS

WordPress for android test

Posted by Andrew Raia under Testing on April 6, 2011 at 10:17 pm EST

Hmmmmmm….lol

ADD COMMENTS

An Explanation of My Wife’s Condition

Posted by Andrew Raia under General Updates, Medical on August 26, 2010 at 8:37 am EST

So she is in the hospital recovering well, but I wanted to explain exactly what it was that she had. She was diagnosed with Meckel’s Diverticulitus. Typically things that end in itis are an infection of whatever word they come from. For example an infection of the Appendix is called Appendicitis. She had a Meckels Diverticulum which became infected, hence the name Meckels Diverticulitis. What the heck is a Meckels Divericulum you ask? Basically it is a gastrointestinal malformation which is a little leftover over piece ( a few inches) of the connection between the small intestine and the yolk sac that was present during fetal development. It is so rare that only 2% of the population have it and less than that actually have the symptoms. Oddly enough one of the occasional symptoms leads many to believe it is accute appendicitis, which is exactly what we though it was. Most people who have it have symptoms before 2 years of age and some into adulthood. The Dr. removed her appendix as well as a precaution so she will never have to deal with appendicitis either. He said the Mekals Diverticulum had a mild infection but it was push against and irritating the appendix too. Since the infection was mild, she will probably be home today as long as she does well with eating and moving around. Ok well I need to get cleaned up so I can run to the hospital to visit her.

4 COMMENTS
« Previous Entries
Subscribe to Andrew Raia