How to create Admin image of Solidworks 2009 and deploy through GPO or command prompt

you must have solidworks license server installed and running before you prepare admin image.

Step1

Open a Command Prompt window (in Windows, click Start, Run, type cmd, and click OK) and enter:

msiexec /a \\yourserver\solidworks2009\swwi\data\English_i386_SolidWorks.msi

In the SolidWorks Setup Wizard, follow the on-screen instructions.

Step2

Go to the folder that contains the administrative image from Command Prompt window. Type following. The command should be in the format:

\\yourserver\solidworks2009\solidworks\SWCreateMST.exe “\\yourserver\solidworks2009\solidworks\english_i386_SolidWorks.msi” INSTALLDIR=”C:\Program Files\Solidworks” SOLIDWORKSSERIALNUMBER=”xxxx xxxx xxxx xxxx” ADDLOCAL=SolidWorks,English,Manuals,Intel_Modules_AgeiaX86 OFFICEOPTION=0

Here, xxxx-xxxx is serial number. The transform file, English_i386_SolidWorks.mst, is created in the folder that contains the administrative image.

Step3

3. In the Active Directory, edit the Published Apps policy for the group or groups to deploy the SolidWorks software.

4. In the Group Policy dialog box, expand Computer Configuration and Software Settings.

5. Right-click Software installation and select New, Package.

6. Browse to the administrative image and click Open.

7. In the Deploy Software dialog box, select Advanced published or assigned, then click OK.

8. In the SolidWorks Properties dialog box, on the Modifications tab:

a. Click Add.

b. Browse to the .mst file.

c. Click Open.

Click OK.

 Command prompt deploy:

msiexec /i \\yourserver\Solidworks2009MSI\Solidworks\English_i386_SolidWorks.msi /qn TRANSFORMS=”\\yourserver\Solidworks2009MSI\Solidworks\English_i386_SolidWorks.mst”

Understanding FSMO roles in windows 2003 AD

Good preparation and correct planning are essential for Active Directory AD installation. Although it’s impossible to predict installation glitches precisely, you can at least minimize the possibility of AD installation problems if you carefully plan the procedure. Here’s what you need to know before you work on Active Directory installation.

FSMO Roles: In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:

Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.

Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.

Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.

Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.

PDC: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.

It is good to have more then one domain controller in same forest. It is always good to designate different FSMO roles to different domain controller. You can do that after installation of DC in your forest.

Global catalog (GC): The Global Catalog server stores and replicates AD information, including the domain forest schema data and configuration data. It can also be seen as a data repository and engine for rapid object searches. The GC lists all the objects within a domain tree or forest. To see your GC server in your domain you must logon to your domain controller. Click start, click administrative tools, click Active Directory sites and services, expand Default First first site name, expand any server.

 

Expand any domain controller, right click on NTDS settings, click on property.

 

Here are some sample command line help and tools you use to check FSMO. You must install windows XP support tools and windows resource kit in your/administrator workstation or in your server to test and manage FSMO roles. You can download support tools from MS web site or support\tools folder inside windows XP cd.

To see which domain controller holds which roles click Start, click Run, type CMD in the Open box, and then click OK.  In the Command Prompt window, type netdom query /domain:<domain> fsmo (where <domain> is the name of YOUR domain).

 

On the command prompt type replmon.exe AD replication monitor will pop up.

 

Right click on monitored servers. Click on search the directory for the server to add, click next and expand default first site name.

Select domain controller and click finish.

 

Right click on your domain click. Click properties. Click on FMSO roles. Click query to see whether it is working or not.

 

 

I did not take all the screenshot. I reckon you can workout with this hints. You can transfer these roles from one DC to another DC. To do that go to command prompt in your admin workstation. You must logon as an administrator/domain admin.

Type ntdsutil.exe in command prompt. Follow the command.

 

Here drwho is the name of the server whom I wanted to transfer roles from another server. This was working environment. So I did not transfer those roles. However you can type following in fsmo maintenance: prompt.

Transfer domain naming master

Transfer infrastructure master

Transfer PDC

Transfer RID master

Transfer schema master

This will transfer roles all five roles to your desired server.

How to create an external trust between two seperate domains/forests

A trust is a relationship established between domains that enables users in one domain to be authenticated by a domain controller in the other domain. There are different type of trust like External, Realm, Forest and shortcut. In this article, I am going to talk about external trust. This can be applied in windows 2003 and windows 2008 also using same principle. External trust is necessary when users from two different domain wants to access resources such as printers and file server of two domains.  There are few requirements to fulfil this goal.

Both domain controller must ping each other IP. If both domain controller sits in different subnet then proper routing required.

DNS records of both domain controller must be added in both server (Example: DNS record of bollywood.com must be added in desibaba.com and vice versa).

FQDN must be added in both DC (Example: FQDN of dns1.bollywood.com must be added in dc1.desibaba.com and vice versa).

Now dc1 will be able to ping dns1 by name and FQDN. Now ready to create an external trust. However, you still can’t ping by FQDN then type IP of PDC of forest A as secondary/alternative DNS in the TCP/IP property of  PDC of forest B. Do vice versa. Now you will be able to ping by FQDN.

One way Trust between two DC. Example: One way trust allows users from dc1 (outgoing) get access to dns1 (incoming) but dns1 doesn’t get access to dc1).

Creating incoming trust in dns1

1. Open Active Directory Domains and Trusts.

2. In the console tree, right-click the domain for which you want to establish a trust, and then click Properties.

3. On the Trusts tab, click New Trust, and then click Next.

4. On the Trust Name page, type the Domain Name System (DNS) name (or NetBIOS name) of the external domain, and then click Next.

5. On the Trust Type page, click External trust, and then click Next.

6. On the Direction of Trust page, click One-way: incoming, and then click Next.

7. On the Sides of Trust page, click This domain only, and then click Next.

8. On the Trust Password page, type the trust password twice, and then click Next.

With the administrator of the other domain, agree on a secure channel password to be used in establishing the trust.

9. On the Trust Selections Complete page, review the results, and then click Next.

10. On the Trust Creation Complete page, review the results, and then click Next.

11. On the Confirm Incoming Trust page, do one of the following:

· If you do not want to confirm this trust, click No, do not confirm the incoming trust.

· If you want to confirm this trust, click Yes, confirm the incoming trust, and then supply the appropriate administrative credentials from the specified domain.

12. On the Completing the New Trust Wizard page, click Finish.

 

Creating outgoing trust in dc1

1. Open Active Directory Domains and Trusts.

2. In the console tree, right-click the domain for which you want to establish a trust, and then click Properties.

3. On the Trusts tab, click New Trust, and then click Next.

4. On the Trust Name page, type the Domain Name System (DNS) name (or NetBIOS name) of the external domain, and then click Next.

5. On the Trust Type page, click External trust, and then click Next.

6. On the Direction of Trust page, click One-way: outgoing, and then click Next.

7. On the Sides of Trust page, click This domain only, and then click Next.

8. On the Outgoing Trust Authentication Level page, do one of the following, and then click Next:

· Click Domain-wide authentication.

· Click Selective authentication.

9. On the Trust Password page, type the trust password twice, and then click Next.

10. On the Trust Selections Complete page, review the results, and then click Next.

11. On the Trust Creation Complete page, review the results, and then click Next.

12. On the Confirm Outgoing Trust page, do one of the following:

· If you do not want to confirm this trust, click No, do not confirm the outgoing trust. Note that if you do not confirm the trust at this stage, the secure channel will not be established until the first time that the trust is used by users.

· If you want to confirm this trust, click Yes, confirm the outgoing trust, and then supply the appropriate administrative credentials from the specified domain.

13. On the Completing the New Trust Wizard page, click Finish.

 

Note : if you want both sides get access to both sides then change that config to two way and set incoming and outgoing in both sides.