Create local administrator account using Group pol...

Domain Trust relationship failures, it may be a virus making it impossible to login using domain credentials..you are bound to run in to scenario's like this while managing a AD environment.you will have to login to a local administrator account on the client pc and re join the domain or do what ever the necessary troubleshooting procedures. in some cases you don't have local admin passwords on some pc's. so this will be a life saver cause i my self had the unfortunate incident where i had to guide a user to reset the local admin password of a pc over the phone using hiren bootcd.

its very simple actually. use this VB script file, modify it accordingly and add it as a computer start up script via Group policy.

this script first queary for the user name you have specified in the script on the local pc, if it doesn't exist it will create it as an member of the local administrator group. if the user name already exist it will change the password to the one specified.


'---------------------------------------------------------------------------------------------------------------
'this section creates the new user called localsupport if it doesn't existDim AdminPassword
AdminPassword = "password"

QueryForUser("user_name")
               
                Set objNetwork = CreateObject("Wscript.Network")
                strComputer = objNetwork.ComputerName
                Set objComputer = GetObject("WinNT://" &strComputer)

                Set colAccounts = GetObject("WinNT://" & strComputer & "")
                Set objUser = colAccounts.Create("user", "localsupport")
                objUser.SetPassword AdminPassword
                objUser.Put "UserFlags", 65600 '
                objUser.SetInfo

'add to administrators group
                Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
                Set objUser = GetObject("WinNT://" & strComputer & "/localsupport,user")
                objGroup.Add(objUser.ADsPath)

           'msgbox "user was created"

'this section just changes the password if the user exists

 Sub QueryForUser(strlocalsupport)
    Set objlocal = GetObject("WinNT://.")
    objlocal.Filter = Array("user")
    For Each User In objlocal
        If lcase(User.Name) = lcase(strlocalsupport) Then

                strComputer = "."
                Set objUser = GetObject("WinNT://" & strComputer & "/localsupport, user")
                objUser.SetPassword AdminPassword
                objUser.SetInfo

            'msgbox User.Name & " already exists." & vbCrLf & "The password was re-set."
            WScript.Quit
        End If   
    Next
 End Sub

--------------------------------------------------------------------------------------------------------------


to change the password modify the password within the quotes (marked in red), in the following code section. this also allows you to easily change the password in case you have to give the password to a end user.

Dim AdminPassword
AdminPassword = "password"

QueryForUser("user_name")


hope this helps someone, cause this saved my ass so many time. :P

Managing calendar permissions in Exchange Server 2010

Admin may get asked to set and add / Edit permissions for shared Calendars.
these Sharing options are not available in EMC, so we have to use exchange power shell on the server to manipulate them.

View existing Calendar permissions

Get-MailboxFolderPermission -identity "Networking Calendar:\Calendar"

There are 4 MailboxFolderPermission cmdlets in Exchange Server 2010:

• Add-MailboxFolderPermission

• Get-MailboxFolderPermission

• Remove-MailboxFolderPermission

• Set-MailboxFolderPermission

Each cmdlet have different syntax, follow the links for more information..

In this scenario we need to set following permissions to the Calendar Resource named "Networking Calendar.

user - "Nyckie" - full permissions


all users - permissions to add events without the delete permission

• To assign calendar permissions to new users  "Add-MailboxFolderPermission"

Add-MailboxFolderPermission -Identity "Networking Calendar:\Calendar" -User [email protected] -AccessRights Owner

 

• To Change existing calendar permissions  "set-MailboxFolderPermission"

set-MailboxFolderPermission -Identity "Networking Calendar:\Calendar" -User default -AccessRights NonEditingAuthor

 

This assigns the owner righs to the user "nyckig" for the calendar of the "Networking Calendar" resource.and sets NonEditingAuthor permissions as the default permission for the calendar for all other users

__________________________________________

Here are the other permission levels you can assign:-

None - FolderVisible

Owner - CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

PublishingEditor - CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

Editor - CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems

PublishingAuthor - CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems

Author - CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems NonEditingAuthor - CreateItems, ReadItems, FolderVisible

Reviewer - ReadItems, FolderVisible

Contributor - CreateItems, FolderVisible

The following roles apply specifically to calendar folders:

AvailabilityOnly - View only availability data

LimitedDetails - View availability data with subject and location


source -

technet.microsoft.com

http://blog.powershell.no/2010/09/20/managing-calendar-permissions-in-exchange-server-2010/