[THIN] Re: Shadow Keys Time Stamp Issue
- From: "Rick Mack" <ulrich.mack@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 19 Jun 2007 06:09:12 +1000
Hi Michael,
I sent an earlier post which should give you a bit of an insight into shadow
key management.
But there are two simple rules to stop the shadow key causing you issues.
*Rule 1.*
If you're determined to use the shadow key, use the sdt utility (*s*et *d*
ate/*t*ime, look for rdt-sdt.zip) to make sure you've got a consistent
time/date stamp on the shadow key on all your servers, as well as making
sure they all have the same shadow key values.
Use the sysinternals pstools utility, psexec to do this. eg using a batch
file like:
-------
@echo off
:: shadowkey.cmd - propagate shadow key value to servers in a farm and
update the time/date stamp
:: export the shadow key value from your "gold" server as shadow_key.reg
:: copy sdt.exe to c:\windows on all your servers
For /f "skip=3" %%i in ('qfarm /load') do copy shadow_key.reg
\\%%i\c$\temp& psexec
\\%%i c:\windows\regedit.exe c:\temp\shadow_key.reg & psexec
\\%%ic:\windows\sdt.exe 19 6 2007
--------
The syntax for using sdt is:
Format: sdt <day> <month> <year>
Example: sdt 19 6 2007
Would set the registry timestamp to be June 19, 2007
The complementary program to sdt is rdt (read date/time) which will give you
an output like:
Key: Software\Microsoft\Windows NT\Current Version\Terminal
Server\Install\Software. Subkeys 8, timestamp 9:1:2:312 on 6/10/2007
Key: Adobe. Subkeys 1, timestamp 10:48:2:718 on 5/21/2007
Key: Acrobat Reader. Subkeys 1, timestamp 10:48:2:718 on 5/21/2007
Key: 7.0. Subkeys 4, timestamp 10:48:2:718 on 5/21/2007
Key: AdobeViewer. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007
Key: Installer. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007
Key: InstallPath. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007
Key: Language. Subkeys 2, timestamp 10:48:2:718 on 5/21/2007
Key: current. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007
Key: next. Subkeys 0, timestamp 10:48:2:718 on 5/21/2007
Key: Citrix. Subkeys 1, timestamp 19:56:29:464 on 12/7/2006
Key: ICA Client. Subkeys 1, timestamp 19:56:29:464 on 12/7/2006
Key: Keyboard Mapping. Subkeys 0, timestamp 19:56:29:464 on 12/7/2006
Key: Compaq. Subkeys 1, timestamp 9:1:2:312 on 6/10/2007
*Rule 2.*
DON'T use the shadow key.
This makes your life more difficult, especially for stuff like AutoDesk and
Macromedia (now Adobe) applications that will die if they don't have the
right user registry values when you've disabled windows installer for
non-admins. But it's actually not too hard to manage this stuff using
scripting or the desktop standard group policy extension tool.
regards,
Rick
--
Ulrich Mack
Commander Australia
On 6/18/07, Boggan, Michael <Michael.Boggan@xxxxxxxxxxxxxxxxx> wrote:
We are having issues with users loosing configurations, etc, especially
in Outlook and other Office apps. We have been troubleshooting this for a
while now and have been looking at the issue with the shadow key time
stamps. Has anyone else had to deal with this? One of the things we have
noticed using the RDT tool provided by Microsoft is that the time stamps are
changing even when we are not doing anything. Perfect example is that this
morning I had a user loose her configurations. I logged into the server
that they were in this morning and ran RDT and saw that the time stamps on
all of the shadow keys were set to this morning at 2:24 am. We had NOTHING
running at that time of the morning. Especially no installs. Any one have
an idea of why this time stamp would be changing?
*Michael Boggan*
Other related posts:
