Creating Service Principal Names (SPNs)

Through the years I have had to create a Service Principal Names on servers in Active Directory for one reason or another. So far in the past, I have always used the SETSPN.EXE utility from the support tools that ships with Windows to create thos SPNs. SETSPN however was never that friendly of a tool to me.

Today, I discovered through a few locations on the net that you could also use ADSIEDIT.MSC (also ships in the support tools with Windows) to manage SPNs. Cool. Basically once you have installed the support tools you can run ADSIEDIT.MSC.

From within there, navigate through the tree to the computer or user account you are trying to edit SPNs for. Right click on the CN=… entry for the item and select “properites”. On the “Attribute Editor” tab double click on the “servicePrincipalName” attribute to manage the SPNs for that object. Pretty handy, and more intuitive than the SETSPN.EXE command line.

Shadowing Console Sessions with Remote Desktop

I use remote desktop all the time to connect to servers. One of my favorite features that I discovered some months back was the ability to connect directly to the console session of a server by using the mstsc … /console command line switch or the “connect to console:i:1” entry in an rdp file. This is great when you need to connect to the console of the server to access programs that are running there. However, there can still be only a single person logged into a console at a time so when you connect remotely, you kick of anybody that might have been currently signed in there.

Today when I was bouncing around the net, I found another cool feature that allows you to shadow another session. I am sure all of this is old news to Citrix or App mode Terminal Services admins, but my limited experience with Terminal Services in the past makes this a gem of a discovery.

Basically shadowing a session allows you to watch via remote desktop what the user of the session is doing. You can shadow the console session itself by using the “shadow 0” (that is a zero) command line in another remote session.

Microsoft has a KB article that describes how to do all of this at:

Cool stuff!