Category Archives: Microsoft MAP Tool

The Microsoft Assessment and Planning Toolkit (MAP) is an agentless, automated, multi-product planning and assessment tool for quicker and easier desktop and server migrations. MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information.

Microsoft Assessment & Planning Toolkit (MAP 8)

Holla,

I feel MAP Toolkit is a great product but is often a black sheep. Why do I say that? Simple, It’s because MAP did not get the lime light it is supposed to get!

Determine your Windows Server 2012 readiness

MAP 8.0 assesses the readiness of your IT infrastructure for a Windows Server 2012 deployment. This feature includes detailed and actionable recommendations indicating which machines meet Windows Server 2012 system requirements and which may need hardware updates. A comprehensive inventory of servers, operating systems, workloads, devices, and server roles is included to help in your planning efforts.

Determine your Windows 8 readiness

MAP 8.0 assesses the readiness of your IT environment for a Windows 8 deployment. This feature evaluates your existing hardware against the recommended system requirements for Windows 8. It provides recommendations detailing which machines meet the requirements and which may need hardware upgrades. 

Key benefits include:

· Assessment report and summary proposal to help you understand the scope and benefits of a Windows 8 deployment

· Inventory of desktop computers, deployed operating systems, and applications

Assess your environment for Office 2013 and Office 365

MAP 8.0 assesses readiness for Office 2013 and Office 365 and provides an in-depth assessment of client desktops for upgrading or migration. This feature also offers support for Office 365 features such as web apps, Exchange Online, SharePoint Online, or full Office 365 client support.

Migrate to Windows Azure Virtual Machines

MAP 8.0 performs a comprehensive assessment of Windows Server and Linux machines to determine feasibility of a migration to Windows Azure Virtual Machines. MAP then provides suggested changes to prepare targeted machines for migration. This feature helps you reduce the operating costs of hosting on-premise servers, as well as estimating the required size and monthly network and storage usage required to migrate on-premise Windows and Linux servers to Windows Azure Virtual Machines using actual data from the targeted environment.

Here’s my take on MAP. MAP is an awesome tool if you want to do the following:

  1. Agentless Inventory
    • Provides you a free way to assess your environment to let you know how many PC/Servers running which Operating System, what application(s) is installed and what kinda hardware you got there!
  2. Windows Server & other workloads Sizing Tool
    • How many times do you look for a Hyper-V sizing tool and when you tried it, it doesn’t do justice to your sizing?
    • MAP provides you detail sizing after analyzing your environment and frankly it’s the best Sizing Tool ever!
  3. Microsoft Product(s) Readiness
    • Windows 8
      Windows 7
      Windows Vista
      Windows XP Professional
      Office 2010 and previous versions
      Windows Server 2012
      Windows Server 2008 or Windows Server 2008 R2
      Windows Server 2003 or Windows Server 2003 R2
      Windows 2000 Professional or Windows 2000 Server
      Windows Internet Explorer 9 and previous versions
      VMware vSphere
      VMware vCenter
      VMware ESX
      VMware ESXi
      VMware Server
      Selected Linux distributions
      LAMP application stack discovery
      SQL Server
      MySQL
      Oracle
      Sybase
      Hyper-V
      Lync
      System Center Configuration Manager
      Forefront Endpoint Protection

Not enough? GO over to http://technet.microsoft.com/en-us/library/bb977556.aspx and check it out yourself!

Signing Off
K

Advertisements

Network access: Sharing and security model for local accounts

The “Network access: Sharing and security model for local accounts” is usually set to Guest Only for computers that is not joined to a domain, or better known as a single computer or part of a workgroup.

When this setting is changed, you will also modify the Sharing and Security tabs in Windows Explorer.

The Network Access: Sharing and security model for local accounts has 2 values as explained below:

Guest only

  1. If ‘Network access: Sharing and security model for local accounts’ is set to ‘Guest only’, anyone connecting to the computer remotely will be given the same level of access as the Guest account. They will not be able to perform any administrative tasks remotely.
  2. If the computer is not joined to a domain, this sharing and security model will allow shared folders to be accessed by everybody, with either ‘full’ or ‘read-only’ access. Access to shared folders can be restricted to users of a computer.

Classic

  1. If ‘Network access: Sharing and security model for local accounts’ is set to Classic, anyone connecting to the computer remotely will be allocated a level of access according to their user credentials on the remote computer.
  2. If the computer is not joined to a domain, this sharing and security model will allow shared folders to be accessed either by everybody, or by specific users. If the file system is NTFS, file and folder permissions can give even greater control over shared resources.

To change this setting, you can refer to the step by step guide:

For Windows XP:

Go to Administrative Tools

  1. Go to Control Panel.
  2. Look for Administrative Tools and double click it.

Double click on Local Security Policy

  1. Double click on Local Security Policy

Expand till you find Security Options

  1. Expand Security Settings
  2. Expand Local Policies
  3. Expand Security Options
  4. Look for “Network access: Sharing and security model for local accounts” & double click it.

Change the value to "Classic - local users authenticate as themselves"

  1. Change the value to "Classic – local users authenticate as themselves"
  2. Click OK

 

For Windows Vista to Windows 7:

@ The Search bar; Type "Local Security Policy"

  1. Click on the Start button and on the The Search bar; Type "Local Security Policy"
  2. Click on "Local Security Policy" under the Search Results Programs Section.

Expand till you find Security Options

  1. Expand Security Settings
  2. Expand Local Policies
  3. Expand Security Options
  4. Look for “Network access: Sharing and security model for local accounts” & double click it.

Change the value to "Classic - local users authenticate as themselves"

  1. Change the value to "Classic – local users authenticate as themselves"
  2. Click OK.

 

To change this setting using Group Policy:

Group Policy will only be effective on computers that are joined to a domain.

Fire up Group Policy Management

  1. Fire up Group Policy Management
  2. Expand “Domains” – <Domain Name> – “Group Policy Objects” – “Default Domain Policy”
  3. Right click on Default Domain Policy and select Edit…

Expand till you find Security Options

  1. Expand “Computer Configuration” – “Policies” – “Windows Settings” – “Security Settings” – “Local Policies”.
  2. Click on Security Options & look for “Network access: Sharing and security model for local accounts” & double click it.
  3. Double click on it!

Check the Define this policy setting

  1. Check the “Define this policy setting”
  2. Make sure that the option “Classic – local users authenticate as themselves” is selected.
  3. Click OK.

 

Scripts!

Alternatively, you can run the script below if your current users has administrators rights. Copy and paste the script below into a notepad and save it as NetworkAccessSharingClassic.vbs and distribute it to your users.

————————————Script Begins——————————–

Option Explicit
Dim objShell
Dim strVal, strKey, strReg

strKey = "forceguest"
strVal = "00000000"
strReg = "HKLM\SYSTEM\CurrentControlSet\Control\Lsa\"

Set objShell = CreateObject("WScript.Shell")
objShell.RegWrite strReg & strKey, 1, "REG_DWORD"
objShell.RegWrite strReg & strKey, strVal, "REG_DWORD"

—————————————Script Ends———————————–

Please note that the script above is not written entirely by me. I’ve always created my scripts by referring to websites like Hey Scripting Guy and ActiveExperts

Creating Local Admin Accounts

For easier manageability for a workgroup environment, it is recommended for administrators to create a local admin account. These account can be use to retrieve information, deploy applications and many more via scripts.

Creating a Local Admin Account for Windows 2000 to Windows XP:

In Control Panel. Double Click on Administrative Tools

  1. Go to Control Panel.
  2. Look for Administrative Tools and double click it.

Double Click on Computer Management

  1. Double click on Computer Management

Expand Local Users and Groups & Right Click on Users

  1. Expand Local Users and Groups & Right Click on Users and select New User…

Provide a Common UserName & Password

  1. Provide a Common UserName (e.g. LAdmin) & a strong common Password.
  2. Uncheck the User must change password at next logon
  3. Check Password never expires
  4. Click on Create Button & then Close Button.

Right Click on the Newly Created UserName & Select Properties

  1. Right Click on the Newly Created UserName & Select Properties

Select Users & Click on the Remove button

  1. Select Users & Click on the Remove button
  2. Click on the Add button.

Type Administrators in the column & click OK

  1. Type Administrators in the column & click OK

Click OK

  1. Click OK and you are done.

 

Creating a Local Admin Account for Windows Vista and Windows 7:

Type Computer Management on the Search Bar

  1. Go to start Menu and click on Start.
  2. On the Search Bar, type in Computer Management and Select Computer Management

Right Click & Select New User...

  1. Expand the Local Users and Groups on the left side of Computer Management Pane
  2. Right Click and Select New Users, or you can select the User folder and click on Actions – New User

Provide a common UserName & Password

  1. Provide a meaningful and common UserName (e.g. LAdmin) which you will be creating for the rest of your workgroup Computers.
  2. Provide a strong password.
  3. Uncheck the “User must change password at next logon”
  4. Enable Password never expires

Right Click on LAdmin & Select Properties

  1. Right click on the common UserName that you’ve created and in this case, it’s LAdmin.
  2. Click on Properties.

Select Users & Click Remove

  1. Go to the Member Of Tab on your LAdmin Properties
  2. Select Users and click on Remove button.
  3. Click on Add button

Type in Administrators & Click OK

  1. Type Administrators on the provided column and Click OK
  2. Click OK again to complete the process.

 

Scripts!

Alternatively, you can run the script below if your current users has administrators rights. Copy and paste the script below into a notepad and save it as CreateAdminAcc.vbs and Remember to change the highlighted values below in the script before you distribute it.

————————————Script Begins——————————–

strComputer = "."
strUser = "LAdmin"
strPassword = "P@ssW0rd"

Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colOperatingSystems = objWMIService.ExecQuery _
    ("Select * from Win32_OperatingSystem")

For Each objOperatingSystem in colOperatingSystems
   strOS = objOperatingSystem.Caption & " " & objOperatingSystem.Version
Next
   
If left(strOS,19) = "Microsoft Windows 7" then
Set objUser = GetObject("WinNT://" & strComputer & "/" & strUser & ",user")
objUser.AccountDisabled = false
objUser.SetPassword strPassword
objUser.SetInfo
Else
If left(strOS,20) = "Microsoft Windows XP" then
Set objlocal = GetObject("WinNT://.")
objlocal.Filter = Array("user")
   For Each User In objlocal
       If lcase(User.Name) = lcase(strUser) Then
    Set objUser = GetObject("WinNT://" & strComputer & "/" & strUser & ", user")
    objUser.AccountDisabled = false
        objUser.SetPassword strPassword
        objUser.SetInfo
    StrFlag = 0
    Exit For
       Else
    StrFlag = 1   
       End If   
   Next

If StrFlag = 1
   Set objComputer = GetObject("WinNT://" &strComputer)
   Set colAccounts = GetObject("WinNT://" & strComputer & "")
   Set objUser = colAccounts.Create("user", strUser)
   objUser.SetPassword strPassword
   objUser.Put "UserFlags", 65600 ‘
   objUser.SetInfo
   Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
   Set objUser = GetObject("WinNT://" & strComputer & "/" & strUser & ",user")
   objGroup.Add(objUser.ADsPath)
End If

end if

—————————————Script Ends———————————–

Please note that the script above is not written entirely by me. I’ve always created my scripts by referring to websites like Hey Scripting Guy and ActiveExperts