How to Delegate the Right to Unlock User Accounts

Friday, September 26, 2008

In order to delegate the right to unlock locked user accounts to a user or group in Active Directory, you first need to make the right visible in Active Directory Users and Computers (ADUC).

The %windir%\System32\dssec.dat file contains all the rights attributes that can be exposed in ADUC. These rights attributes are grouped under headings surrounded by square brackets, such as [user] or [computer]. Each attribute is assigned a value (filter) as follows:

0 - Read and Write is exposed
1 - Write is exposed
2 - Read is exposed
7 - Hide the attribute

To modify the filter, open dssec.dat in Notepad. Find the lockoutTime attribute under the [user] heading. Be careful to select the [user] heading, as there's another lockoutTime attribute under [computer]. Change the value of the filter from 7 to 0 (lockoutTime=0) and save the changes.

To delegate the right right to unlock user accounts in ADUC:
  1. Right-click the OU or domain in Active Directory Users and Computers and select Delegate Control from the context menu
  2. Click Next on the Welcome dialog
  3. Click Add to select the user or group and click OK
  4. Click Next
  5. Select Create a custom task to delegate and click Next
  6. Select Only the following objects in the folder. In the list, check User objects and click Next
  7. Clear the General checkbox and check the Property-specific box
  8. Check both the Read lockoutTime and Write lockoutTime boxes and press Next
  9. Click Finish

Note: You only need to edit the dssec.dat file on the computer where you are performing the delegation. You do not need to modify it from any other machine, including the one where the user administration will occur.

Read more ...

Getting NumLock to Stick

Sunday, September 21, 2008
Here's a tip on how to get the Num Lock key to stay on (or off) every time a user logs on.

Simply set the NumLock key to the desired status (on or off), press Ctrl-Alt-Delete (Ctrl-Alt-End in a Hyper-V guest, Ctrl-Alt-Ins in a VMware guest), and select Log off.

This will set the HKEY_CURRENT_USER\Control Panel\Keyboard\InitialKeyboardIndicators to 0 (OFF) or 2 (ON), depending on your preference. The next time you logon, the NumLock setting will stick.
Read more ...

First Ever EXPTA Hyper-V Contest Winner!

Wednesday, September 17, 2008

Congratulations to Thorsten Schuett in Berlin, Germany!

As the 100,000th visitor to my blog, Thorsten will receive a signed copy of my new book, "Windows Server 2008 Hyper-V Unleashed." This book represents our experience working with Hyper-V with our customers over a year before it was available to the public.

Thanks to all the entries I received. I appreciate the kind words and hope that you all find the information I provide in this blog useful.
Read more ...

First Ever EXPTA Hyper-V Contest!

Friday, September 12, 2008

Sometime next week the EXPTA {blog} will get its 100,000th visitor.

To celebrate, I will send that lucky visitor a free copy of my new book, Windows Server 2008 Hyper-V Unleashed, anywhere in the world!

All you have to do is take a screenshot of the hit counter at the bottom of this blog and email it to me at, along with your name and address.

I get a lot of hits per day, most of them from Google searches, so it's very likely that the 100,000th visitor may not read this post. Because of this, I'll choose the winner whose entry is the closest to 100,000 from the first 10 entries I receive. The entry must show the bottom of the blog with a counter of at least 100,000 and must be submitted by September 22, 2008.

Of course, if you subscribe to this blog you'd be one of the first to learn about this contest!

Good Luck!
Read more ...

Windows Server 2008 Hyper-V Unleashed

Wednesday, September 10, 2008
I'm very pleased to say that my new book, Windows Server 2008 Hyper-V Unleashed, has hit store shelves!

This book is a culmination of our experience deploying Hyper-V in enterprise organizations. And today, Microsoft's Virtualization Product Group featured it on their Virtualization Team Blog.

Coauthor Rand Morimoto and I are very pleased that this book has been released to coincide with Microsoft's official launch of Hyper-V this week.

Check out what's in the book at InformIT!
Read more ...