Posts

Showing posts from August, 2010

Password RegEx Check

i'm trying use regex validate password strength cisco ucs password. due complexity requirements i'm having bit more trouble expected. what's expected: if enable password strength check locally authenticated users, cisco ucs manager rejects password not meet following requirements: must contain minimum of 8 characters , maximum of 64 characters. must contain @ least 3 of following: 1) lower case letters 2) upper case letters 3) digits 4) special characters must not contain character repeated more 3 times consecutively, such aaabbb. must not identical username or reverse of username. must pass password dictionary check. example, password must not based on standard dictionary word. must not contain following symbols: $ (dollar sign), ? (question mark), , = (equals sign). should not blank local user , admin accounts. that comes this documentation , and appreciated. thanks adam hi adam, question: regex solid requirement? i'd validate

In what order of folders are permissions applied

if apply permissions folder in order permissions applied subfolders ie applied alphabetically ie subfolder a, subfolder b etc or applied date order ie subfolder 01/01/12, subfolder 02/01/12 etc or other order? hi. this rather low question. give 2 cents anyway. first off tool using change rights? if instance take explorer approach: 1. change rights of main folder 2. explorer goes through folders , files below , tells them there has been change made please recalculate. 3. if abort have inconsistencies, therefore set on mail folder not on below. i therefore believe might differend depending on tools changing acl use. oscar virot Windows Server  >  File Services and Storage

Secure RD Gateway with PhoneFactor using Radius

i have followed document "secure rd gateway phonefactor using radius" found on phonefactor customer portal unable work. i first set without pf , works after making modifications according document unable reach remote desktop. i have windows server 2008r2 server alone in our dmz acting gateway remote desktops in our production lan. is able work using local sam or require ad membership or ldap bind? not specify in document. the pf authentication works when directly rdp server.  i asking here because saw microsoft had acquired phonefactor , haven't found better forum approach. thank you. i have gotten working. a couple of items need added phonefactor document application; there must @ least 2 servers, rd gateway , phonefactor agent on separate machines. not work if put pf , rd gateway on same machine, if change ports on nps and/or pf. also if using on servers joined domain rd gateway server must member of domain group "ras , ias servers" i

server 2012 standard won't install roles - corrupted files - 0x80073701

im getting error when adding roles server referenced assembly not found  error 0x80073701 ...so looks files corrupted  it dc controller , file server - important avoid re installation... have 4 month !! i tried running checkdisk sfc/ scannow , other tricks  also run dism /online /clenaup-image /restorehealth   - says problem fixed still there  maciunio hi, i searched issue , caused corrupted update installation such service package installation. also in search result, part of cases resolved system repair important have backup before goes further , may have repair install mentioned dave if removing updates mentioned in cbs log.  if have feedback on our support, please send tnfsl@microsoft.com. Windows Server  >  Windows Server 2012 Setup

DCOM errors on Windows 2008 Servers

hello all, we facing below error on 4 servers running on windows server 2008 sp2, requesting fix. log name:       system source:         microsoft-windows-distributedcom date:           3/27/2012 10:10:05 am event id:       10010 task category:  none level:          error keywords:       classic user:           n/a computer:       **.**.local description: server {23b67c54-d9b2-11d2-a045-0080c76912de} did not register dcom within required timeout. thank you, anand hi anand, try 1 http://technet.microsoft.com/en-us/library/cc774175(ws.10).aspx br rené Windows Server  >  Windows Server General Forum

ForEach-Object not getting items, $_ is the collection

first run line: ([adsi]'winnt://mycomputer').psbase.properties cool, returns: propertyname                                      value                                                                                    capacity                                            count ------------                                      -----                                                                                    --------                                            ----- operatingsystem                                   windows nt                                                                                      4                                                1 operatingsystemversion                            6.1                                                                                             4                                                1 owner                                             [redacted]                                    

Change IP on server and WSUS still looking the old IP

hi all: i have made changes of ip in servers, servers still appearing in wsus console, old ip , seems dissconected console, how can refresh ip connected wsus again? im using wsus 3.0 sp2 thanks!! 2010-08-05 11:32:22:508  836 1660 misc warning: winhttp: sendrequestusingproxy failed < http://10.235.145.6:8530/selfupdate/wuident.cab >. error 0x80072efd it seem either there no web server @ 10.235.145.6, or wsus not installed on port 8530, or client system(s) cannot find pathway 10.235.145.6. lawrence garvin, m.s., mcitp:ea, mcdba, mcsa principal/cto, onsite technology solutions, houston, texas microsoft mvp - software distribution (2005-2010) mvp profile: http://mvp.support.microsoft.com/profile/lawrence.garvin blog: http://onsitechsolutions.spaces.live.com Windows Server  >  WS

UAC and administrators group

hi,   i looking able use uac features allow adminstrator option enter there credentials elevation inot every 1 knows master admin password, have enabled , applied gp run admin in approval mode , set behavior of admin prompt administrators in admin approval mode ask credentails when set ask administrator credentails , after asks adminstator password.. have tried different scenarios..can tell me set allow in administrators group give elevation without having enter main password   cheers howdie!   am 30.08.2010 16:53, schrieb richyball: > looking able use uac features allow any > adminstrator option enter there credentials elevation inot > every 1 knows master admin password, have enabled , applied > gp run admin in approval mode , set behavior of the > admin prompt administrators in admin approval mode ask for > credentails when set ask administrator > credentails , after asks adminstator password.. have > tried different scenar

Ask users for Reboot using group policy?

greetings. i know similar question came up, trying tiny bit different (and might not possible actually.) what need push users request reboot machine , reboot if users not postponing it. effectively trying same thing pops after auto updates installed without doing auto-updates (or if there no updates run @ particular point.) the targets set of windows 7 (and couple of windows xp) machines on windows 2008 domain controller. any idea? trying avoid force reboot on users actively doing work (sadly people work odd hours sometimes, finding time , day of week when can force machines reboot difficult - it's backup plan of that's option - hope isn't.) hello, i need write script or program this. you can use group policy preferences create 2 seperate tasks on each machine. 1. task run within logged on users session task (script or program) ask user rebooting. if users clicks on "yes", computer reboot. 2. second task independent first one. task ru

Access to the RD Session Host in Redirection Mode (for VDI)

hello, i'm testing vdi workflow, rd session host, connection broker , rd web access role on same server.   when configure rd session host in redirection mode, can't access anymore server in remote desktop mode (with account domain admin)...since he's redirect... ;) but need access administration...   how can connect rd session host remote desktop session, when in redirection mode ? i forced gpo enable remote desktop conenction allowed, added rd session host (and broker since roles on same server) computer, in local group  "session broker computer"   anyways can't connect...if disabled redirection mode, work again....   thanks in advance,   regards, hi, when connecting, use /admin command line switch, this: mstsc /admin -tp Windows Server  > 

Fetching Group Membership Info of a User

hi,   can "group membership info" of user when he/she disconnected ad? i have observed that user can login on machine because of cached credentials. however, unable fetch information of group user belongs in ad when disconnected. is cached somewhere, or there setting in ad can provide when user offline or other solution? thanks & regards, dharmesh mehta http://smartsecurity.blogspot.com dharmesh m mehta hello,   can "group membership info" of user when he/she disconnected ad? i have observed that user can login on machine because of cached credentials. however, unable fetch information of group user belongs in ad when disconnected.   the cached credentials logon enable users used logon computer locally still able login when domain unavailable. because cached logon user doesn't been granted ticket domain when login, user allocate access local computer resources. expected group membership of user fetched because needs access domain (dc).    

Which client are querying which dns server

Image
i need find out clients hitting dns servers. have 2 dns servers need find out clients using them. know can turn on logging gives me messy results. in enterprise enviroment. there way of being able tell clients hitting dns server? using 2008 dns, ad enviroment. jim thomas another way use netmon or wireshark track dns query traffic server. see if these help: enable dns request logging windows 2003/2008 https://support.appriver.com/kb/a669/enable-dns-request-logging-for-windows-20032008.aspx nagios - dns monitoring http://www.nagios.com/solutions/dns-monitoring technet: "how can tell using dns server?" 12/22/2012 http://social.technet.microsoft.com/forums/en-us/winservernis/thread/fc4ce750-d5ac-4669-a22d-88b8c9f8fc11/ technet: "retiring dns server" 5/11/2009 http://social.technet.microsoft.com/forums/en-us/winservernis/thread/d6b5ebca-e030-4d2c-ac08-ecfb4e7daaa1 dns records disappearing , dns auditing http://msmvps.com/blogs/acefekay/archive/2

Problem with CDP Locations

hello, i experiencing issue. setup follows: offline root ca enterprise issuing subca recently attempting set eap-tls wired network test. ran radius error code 259. said crl not verified. i ran pkiview.msc , get: cdp location #1 expired ldap:///cn=openxcorpca,cn=openxcorpca,cn=cdp,cn=public%20key%20services,cn=services,cn=configuration,dc=corp,dc=openx,dc=com?certificaterevocationlist?base?objectclass=crldistributionpoint cdp location #2 unable download http://ca-cert-01/certenroll/%3ccaname%3e.crl location #1 offline root ca location #2 issuing enterprise subca. i attempted location #2 , error. when use following url crl. http://ca-cert-01/certenroll/ca-cert-01.crl my question is #3ccaname%3e.crl incorrect? how change it? thank you, akash that incorrect name. have lot of other expired stuff. problem can't tell server - ca-cert-01 subordinate or root? screenshot of pkiview.msc expanded or can use following command on radius server against certif

TPM / Bitlocker implementation on a domain join machine which is being shared by multiple users

hello all, project - there more 2 users access same windows 8 machine using domain credential , need ensure should implement tpm/bitlocker machine and users should not share bitlocker password. machine detail. tpm mother board. os - windows 8 x64. domain joined machine (dc - windows 2008 r2) number of users going use machine domain credential - more 1 any suggestion, pointer implement same great. thanks in advance, arun arun kumar | mcse:w2k3 + messaging | mcts:exchange 2007 | mcts:ocs 2007 r2 | itil-f v3 hi, i'm little unclear question. bitlocker per device function users able access drive when have password. you can use efs instead per user encrypt function. still cannot stop users sharing password if to. technet subscriber support in forum |if have feedback on our support, please contact tnmff@microsoft.com. Windows Server

Periodic log file parsing

hello everyone,   here challenge. need parse log file periodically. not have code trying figure out how that. here case; 1- log file ( get-content c:\logs\test.log ) 2- each matching line something  ( get-content c:\logs\test.log | select-string "failed123"  | foreach-object )  3- remember last processed line , record it. ( maybe output line number temporary log file)  4- exit powershell 5- 5 minutes later start process log file again , start last processed line ( maybe read content of temp log file , line number start processing line number again )  6- each matching line again. 7- remember last processed line , record it. 8- exit powershell. another thing if log file gets rotated, need powershell process log file beginning. i hope explained well. any thoughts, ideas , input appreciated.    thanks you.         orhan taskin couple of questions: is every line in log file unique, or there multiple identical events (ie same timestamp

modify BOOT.WIM --> PEIMG failed to complete the operation with status code 0x800703fb.

hi,   i have problem when have deploy windows server 2003 x64 r2 on dell poweredge 2950 or 1950. i'm using wds server running on windows server 2003 r2 sp2 x64 , want deploy windows server 2003 x64 image dell poweredge 2950. poweredge 2950 has nic broadcom netxtreme 2 network card , therefore need vista driver (.inf) broadcom netxtreme 2. i've tried inject ris drivers of win server 2003 (ris drivers vista/longhorn aren't available yet). when injected these vista drivers peimg got error code: 'peimg failed complete operation status code 0x800703fb'. peimg commands tried put in.   my command inject driver boot.wim (windows server 2008 x64) -->   imagex /mountrw d:\temp\customboot.wim 2 d:\temp\mount   peimg /inf=d:\temp\drivers\bdrv5706\diag\bxdiag.inf /image=d:\temp\mount   peimg /inf=d:\temp\drivers\bdrv5706\ndis6\bxnd.inf /image=d:\temp\mount   peimg /inf=d:\temp\drivers\bdrv5706\vbd\bxvbd.inf /image=d:\temp\mount   peimg /inf=d:\temp\drivers\bdr

REFS - The volume repair was not succesful

after power failure 1 of refs drives not accessible anymore. when try access it, error: ------------------------------------------------ <driveletter>: not accessible the volume repair not succesful ------------------------------------------------ is there way recover problem? or possible using third party refs recovery tool? regards, jan vergeer hi jan, if disk cannot recognized on computer either, build-in functions may not able data recovered. i cannot confirm if third party recovery tool work or not. if still readable on disk level, recovery tool may able restore content on disk - if physical damage or logical issue affect whole volume, data restored, may not able recognized (as parts of file damaged).  please remember mark replies answers if , un-mark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com. Windows Server

Problem with Administrator login

hi have problem windows 2008 server standar, try log in administrator , "user or password incorrect" if reboot in directory service restore mode, can success. i've read, in windows 2008 administrator account disabled default have no found way enable it. tried in windows vista doesn't work. tried reset administrator password passware cd same result. in advance, hope can me problem have nice day daniel beas from experience, directory restore mode password specific password setup during dcpromo, or when domain controller created. password can same other admin passwords, not changed if domain admin password changed.  it looks password on administrator account got changed.  is there user account domain admin privileges. that, can change back.  at point, beyond skills assist, not sure how change domain admin password if not have domain admin rights. i hope best of luck @ resolving this. scotty

Best practice for Hyper-V 2012 trunk

Image
hi all, what correct way configure vm trunking enable on phisical switch. this blog states  http://blogs.technet.com/b/chrad/archive/2009/06/24/buzz-getting-vlan-trunking-working-with-hyper-v.aspx 1. create virtual switch. 2. add vm use switch, , configure vlan id on vm network card in hyper-v. ------------------------ or: 1. create each vlan in trunk virtual switch (with vlan id). 2. asign designated virtual switch vm. thanks! zarko hi, in previous versions of hyper-v, 1 parent virtual nic supported, in windows server 2012 hyper-v, multiple nics supported. in addition, can share physical nic bound hyper-v switch management operating system. to enable functionality, open hyper-v manager. in actions pane, select virtual switch manager. in virtual switch manager, select switch. in details pane switch, illustrated below, select allow management operating system share network adapter. you can create multiple parent virtual nics use live migration, storage,

Powershell with WSS Username Token profile 1.0

hello. been trying authenticate web service using powershell. using new-webserviceproxy (with -credential), able obtain list of available methods. when trying invoke receive authentication error response. further reading reveal particular web service employs wss token profile 1.0 standard password digest. for reason credentials passed don't appear accepted (tested valid credentials through soap ui, received data). there way add required authentication headers request, or better if powershell able employ wss token profile 1.0 standard. appreciated what "invoke-webserviceproxy".  command have written or did somewhere. \_(ツ)_/ Windows Server  >  Windows PowerShell

Redirect output to file from remote session

how can redirect output remote session local file? if add pipe tee or output-file at end of  an invoke-command cmdlet empty file created. file console output created ok local sessions. i created remote session with new-pssession -computername sharepointtest2 -credential fal\kraviss -name "newsession" -sessionoption (new-pssessionoption -nomachineprofile) and ran with invoke-command -session (get-pssession) -filepath "c:\documents , settings\kraviss\my documents\powershell\updatespperms.ps1" is script using write-output, or write-host send results console?  write-host go straight console, , can't redirected.  should using write-output. [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " " Windows Server  > 

kCFErrorDomainWinSock:10054

hi there! i've installed avast on personal computer @ home. has scanned hard drive and, in way, think must have spoiled since i'm now unable access web page. what's strange i'm still able use msn messenger , other softwares. last week, tried use microsoft internet explorer. unable access page. so, i've installed firefox , safari thinking might have change of browser. when got in safari, got unknown error: kcferrordomainwinsock:10054. i tried find solution to problem, nothing helped me yet. can me on one? thanks! alex. 1) please specify proxy address in internet explorer  , check it 2) please let know error message getting in internet explorer. thanks syed khairuddin Windows Server  >  Windows Server General Forum

Is it possible to set the output format in Custom CmdLet

hi, i have custom cmdlet  developed in c#. when writeobject(<the object>), prints properties 1 after in powershell window. want print in tabular format. i know can if in powershell command use <cmdletname> | format-table. what want know is possible me make appear in tabular format default (not using |format-table). thanks... girija shankar it possible. need create format file (xml) , load it to current session with the update-formatdata cmdlet. more information, type in console: ps > get-help about_format.ps1xml the online version can found here: http://technet.microsoft.com/en-us/library/dd315396.aspx shay levy [mvp] http://blogs.microsoft.co.il/blogs/scriptfanatic powershell toolbar Windows Server  >  Windows PowerShell

DNS questions

Image
we  try set dns server block external ip address going-in , allow internal servers , ips only--- dmz zone. how set in dns servers? think  this can set in firewall said can done on dns server. a dns server not used purposes of filtering traffic.  you cannot use dns block packets entering network.  you correct firewall used purpose. itgeared.com | Windows Server  >  Directory Services

Error in Windows ERD Commander

hi, i forot administrator password windows server 2003 operating system. i tried reset password using erd commander's locksmith. once selected locksmith got following error message //no operating system selected. log off select operating system" appears. when logoff , tried see operating system, couldn't find operating system. please guide me solve problem. regards, fahim     seems hard drive not detected due driver failure happens sata , sci drives still more hep post in sysinternal forums  http://forum.sysinternals.com/miscellaneous-utilities_forum11.html   and please see article how recover administrator password  http://www.petri.co.il/forgot_administrator_password.htm http://www.virmansec.com/blogs/skhairuddin Windows Server  >  Windows Server General F

Windows 2008 Foundation Server and Terminal Services Licenses - The serial number is not valid

hi i have windows 2008 foundation server running on hp proliant ml 115.  want able use server terminal server , have purchased windows 2008 terminal services client access licenses (cals), ms product number x14-52739 (hp branded product 46753-b21).  server member of windows 2003 sbs domain, have installed terminal services licensing manager on foundation server , discovery scope forest wide.  when go install ts cals through automatic connection ms clearance house, receive error, serial number not valid.  have tried install licenses through web browser , via telephone, license team telling me license code have invalid. as test have tried install ts cal license have on windows 2008 standard server through web browser installation method , goes through motions install license ok.  ts cal license code have ok, won't activate / install on windows 2008 foundation server. as test, have tried install 2008 ts cals supplied through our microsoft partner program, these not activate / install

Microsoft Windows 2008 + CAL

Здравствуйте! Вопрос: есть сервер c windows server 2008, есть необходимость закупки еще одного сервера. Если на новый сервер мы поставим еще одну лицензию windows server 2008, то нужно ли приобретать дополнительные cal ’ы к новому серверу? hi, alexander,   please edit post in english or ask in russian forum.  http://technet.microsoft.com/ru-ru/ms376608.aspx Windows Server  >  Management

Split DNS and auto failover to other site ?

Image
hi, hope can ask complicated question here? first describe setup question hope understand mutch beter? i hope :-d i have network of 3 site (1 domain) + 1 remote partner site .  on site 1 , 2 have servers redundancy.site 3 client site site 1 first site have ipv6 we have remote site forest trust. internal  we use domain name domain.local external domain.org all servers windows 2012 except sccm server (not upgrade yet) put in nice diagram: the isue have following : use outlookanywhere laptop/remote user can use outlook vpn. goal have subdomain exchange.domain.org. has record external ip of site 1 , 2 , 1 aaaa record srv02 second interface on site1. want run domain domain.org on own dns servers. prefer not install dns servers on network. problem have in 2 parts part 1: want external usages ips external ips of site 1 , 2. on inside want them use internal ip becouse external ip not reachable inside. in bind9 on linux can use split dns this. can d

How to deploy 2008 at 3 locations

we upgrading our current server 2000 'workgroup' mode servers full ad server 2008 r2.  have 3 locations , not connected together, within next year want 3 new servers communicationg together.  each location setup on differnet subnet think addressing should ok.  question is when set these new servers each 1 setup domain controller can set domain name same on each server or should each location unique??  there need when initial install make easier connect 3 servers down road?? thanks advice, i'm wnat set correctly make easier when connect togehter. thanks you can not set single domain span across multiple locations don't have network connectivity among them. until happens, might want consider maintaining existing workgroup environment - in meantime, ensure server names , ip subnets unique in each... hth marcin Windows Server  > 

Server 2003 SP2 stuck at "checking for the latest updates for your computer"

i have 2 server 2003's, both have sp2 , both received updates last time on 12/15-16/2012. since updates no longer working. ie hangs when attempting updates , has closed via task manager. have uninstalled updates happened last day updates did work no success. have cleared internet history, rebooted servers thousand times...  background intelligent transfer service , automatic updates running. have deleted "datastore.edb" file in windows distribution... no clue else try. suggestions appreciated! thank in advance!! also have re-registerd following dll's: regsvr32 wuapi.dll regsvr32 wuaueng.dll regsvr32 wuaueng1.dll regsvr32 wucltui.dll regsvr32 wups.dll regsvr32 wups2.dll regsvr32 wuweb.dll hello flashtrooper, did check event viewer ? errors/warning related windows update ? useful investigation. regards, luca disclaimer: posting provided "as is" no warranties or guarantees, , confers no rights.

Unable to login to Server 2003 using adminitrator domain account

we not able login domain server server 2003 using domain admin account. able log in using local admin account. tried dropping , re-adding server domain, still had same issue. after logging in using local admin account created new sid using sysinternals. seemed work, next day after server reboot, encountered issue again. ideas why happening , why creating new sid seems fix issue until reboot? try adding domain admins local administrators group.       regards, dave patrick .... microsoft certified professional microsoft mvp [windows] disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights. Windows Server  >  Windows Server General Forum

PS v1 command to list users with the ""Automatically update e-mail addresses..." not checked.

i looking ps cmlet, or script, or whatever, list users "automatically update e-mail addresses based on e-mail policy" check mark removed. have looked @ cmlets can find , don't see option. thanks. hi, maybe can try: get-mailbox | { $_.emailaddresspolicyenabled -eq $false } ? hope helps. grégory schiro - powershell & mof Windows Server  >  Windows PowerShell

Unlinked group policy

i need take group policy link specific organizational units edit policy specific each ou. is there way without affecting policy in other areas, using same policy. dave dave kozlowski 1) think u have put ur ous in ou , apply general policy(the 1 u create),or aply domain lvl if u want apply ous on domain (u can block inhertance if u have few ous dont want apply this), 2) u have create copy(copys) of the gpo u want change,change it and apply specific ous requested.( u need 1 copy each ou if u have specific need of them.) i cant undertstand why u need many diferent gpo specific need? hope can help renato   renato kurti ccna,mcp,mcts,mcitp Windows Server  >  Group Policy

Powershell List Box Items to Execute Active Scripts

hi, i'm starting brush on topic of creating simple gui's in powershell. want accomplish create list box list of items maybe csv or array , have each 1 of items execute active script when click on it. trying accomplish have list of items going execute weblinks through internet explorer. know kind of weird 1 since easy enough create simple html file hyperlinks it's long story , entirely beside point. anyway, if had ideas of how go accomplishing this, great! thanks! start primalforms ce http://www.sapien.com/downloads (you have register gain access it) Windows Server  >  Windows PowerShell

Slow copy over WAN with DELL 710 running WIN2008 R2

we have 4 win 2008 r2 servers on large enterprise network (30 locations).  2 of these servers dell 310 units , 2 others dell 710.  with the latest patches , drivers.  discovered dell 710 units have problem when copying / other systems any files on wan (local lan copies fine).  exact same copy (same files same remote systems) over wan / dell 310 units perform 5 times faster (at speed expect). we in contact dell problem, wondering if has suggestions out there us. thanks in advance   i thought had posted our solution this, guess forgot.  turned out wierd one.  dell r710 purchased 48gb of ram.  future consideration.  os loaded windows 2008 r2 standard limited 32gb of ram.  problem if have more memory os expecting problem introduced.  removing memory system had 32gb fixed problem. i left issue microsoft post knowledge based article on subject.  when last checked dell , microsoft continued investigate, our system has been in production 2 months without issue (after removing u

Is SMB encrypted over the WAN on windows server 2008?

i setup windows 2008 server in rackspace's data center , using smb share files on wan client computers. wondering if smb automatically encrypts end end. hi,   encryption 1 of new smb 3.0 security enhancements in windows server 2012 rtm. can enabled on per-share basis, or enforced shares on server. smb 3.0 uses aes-ccm [rfc5084] encryption algorithm, , provides data integrity (signing).   take advantage of new feature, smb client , smb server must support smb 3.0. smb 3.0 protocol introduced in windows server 2012 , in windows 8, smb encryption cannot used in windows 2008 server.   more detailed information, refer article below:   encryption in smb 3.0: protocol perspective http://blogs.msdn.com/b/openspecification/archive/2012/10/05/encryption-in-smb-3-0-a-protocol-perspective.aspx   regards, we trying better understand customer views on social support experience, participation in interview project appreciated if have time. helping make community for

Manage licences - split users in groups

hello, i have licences 18 concurrent (rdp) users on win 2008 r2 server. problem have more 90 users in domain need manage licences. i'm looking solution following: i want seperate 90 users into 9 groups with 10 users in each group. i need configure windows in way permit 2 concurrent users each group. this way make sure all teams (groups) will able connect @ time without licence conjestion. can please help? thank you  hi, rds licensing not concurrent.  either per user or per device. if need have 90 different people connecting server 2008 r2 using remote desktop , choose per user licensing, need purchase 90 rds per user cals. if need control license usage for third-party software uses concurrent licensing, need write script/program, or purchase a tool appsense or res workspace manager. -tp Windows Server  > 

Configure user program restrictions in AD for Win7?

Image
hello, i'm curious how granular 1 can in configuring programs user can run ad / locally when have been granted admin access. have standard desktop image push out bunch of software on it.  ensure license compliance, want restrict users can run programs.  catch being have admin access. doable? have loose admin access restrict programs can run? thank you! are familiar applocker?  may want @ option - http://technet.microsoft.com/en-us/library/ee791851(v=ws.10).aspx santhosh sivarajan | houston, tx http://www.sivarajan.com/ posting provided no warranties,and confers no rights. Windows Server  >  Directory Services

Domain logon scripts + Registry

i need import reg file hklm portion of registry. clients xp pro.  portion of registry needs elevated permissions import key.  i've encoded reg file exe (using autoit) to use runas command , hide admin password. however i'm having trouble running exe because of ntfs security on clients. is there better way of importing reg files need elevated user access without revealing admin passwords in scripts? our dc nt4, end users wxp pro. i appreciate help.   thanks the logon script runs under context of user logging in.  try reg import using startup script instead.  startup scripts run under context of local system , such have higher level of privilege regard registry.   tony www.activedir.org Windows Server  >  Directory Services

Need information on Public Domain Registration

hello, we running internal domain domainname.local ~50 users. use google apps mail , hosted website. we planning register domainname.in external users. thinking use domain rename functionality rename internal domainname.local domainname.in. also, use tmg our gateway. publishing external ip of tmg domainname.in. how should configure tmg work this? i right way it? suggestions? domain rename requires lot of effort n planning, not simple be. until, want expose internal domain internet, don't recommend because of various security risks, domain rename not required. if still interested read domain rename, refer below articles. http://technet.microsoft.com/en-us/library/cc781575%28ws.10%29.aspx http://msmvps.com/blogs/acefekay/archive/2009/08/19/domain-rename-with-or-without-exchange.aspx you don't have change internal domain name, need register external domain name i.e domainname.in isp & rest can configured on tmg. for tmg, suggest post in tmg forum tmg expe

Mac security issue

full disclosure security mailing list had video showing compromise of mac via rdp: protocol handler in 8.0.36 of microsoft remote desktop https://www.wearesegment.com/research/microsoft-remote-desktop-client-for-mac-remote-code-execution is there date fix released? is there way disable rdp schema handler in mean time, or other mitigation? (short of uninstalling app). hello simon, we have shipped update fixes issue. if not done please update latest version. eva Windows Server  >  Remote Desktop clients

DNS conditional Forwarders Queries

Image
hi all, i have query conditional forwarders, read more article, still need understand better of conditional forwarders scenario faced in current experience, we have 2 different forests, 1 x.local , other y.loc , trusted "extrenal" non-transitive trust methodology on forest x.local, have conditional forwarder routing "(standard)" type accept dns request y.loc (primary , secondary dns servers) , y.loc windows server 2003 forest , hence have forwarders of x.local (primary & secondary dns servers) , working few days normally. recently had changed conditional forwarders x.local forest , in dns of conditional forwarder change option standard "store conditional forwarders in active directory , replicate dns servers in forest" , after dns resolution of "y.loc" results failure name resolution. kindly provide reason of behaviour. thanks hi ramesh,   according description:            >> …y.loc windows server 2003 forest…   

gpo for blocking controlpanel

can 1 me in gpo want policy hide control panel ,network setings , want block .exe files in excuting plz tell me how itin 2008 in 2003 when go ou properties  tab  there can find gpo edit opton cant find thing in 2008 , me same ,                                           hi, in 2008 have use gpmc. group policy management console (gpmc.msc) makes easier understand, deploy, manage , troubleshoot group policy implementations , provides single administrative tool managing group policy across enterprise , installed default on server running active directory domain services (ad ds) role. almost settings same 2003. http://technet.microsoft.com/en-us/library/cc725828(ws.10).aspx http://www.windowsecurity.com/articles/group-policy-related-changes-windows-server-2008-part1.html if found post helpful, please give "helpful" vote. if answered question, remember mark "answer". posting provided "as is" no warranties , confers no rights! test suggestion

Cannot add desktops to my domain

i have server running windows sbs 2008 standard. logged in domain admin. have started having problems accessing data on server. cannot access server desktops. cannot access external drives server. cannot add new desktop domain on server. attempt access file server (non domain controller) going \\servername , tells me windows cannot access \\servername . error message error code 0x80070035 - network path not found. i fortunate enough copy user shares off server. don't want have reinstall os on sbs server. can give me pointers? any suggestions appreciated. hi, this forum remote desktop services/terminal services. i recommend ask question in sbs forum or newsgroup in order receive best response. thanks. -tp Windows Server  >  Remote Desktop Services (Terminal Services)

Windows 2003 DFS in 2008 Forest After decommissioning last Windows 2003 Controller !

hi,,, i have dfs in windows 2003 environment , planning remove last windows 2003 active directory  controller, , raise functional level of forest 2008 exchange 2016 deployment.  i did search online , didn't find complexity matrix combination : active directory 2008 & forest function level 2008 + windows 2003 dfs . any idea ? thanks ahmad ahmad sabry afaik, there no issue running dfs namespace in 2003 (2000 mode) in dfl 2008+.  take advantages of new features of dfs 2008 mode, should migrate dfs namespace 2008 mode when dfl @ 2008+. thanks ned pyle! https://blogs.technet.microsoft.com/askds/2008/01/15/migrating-your-dfs-namespaces-in-three-sorta-easy-steps/ hth this posting provided without warranty of kind Windows Server  >  Migration

Sum Columns using Powershell

i have written following powershell script getting disk space information servers in our environment. $servers = get-content e:\poc.txt $array = @() foreach($server in $servers){ $sysinfo = get-wmiobject win32_volume -computername $server for($i = 0;$i -lt $sysinfo.count; $i++){ $sname = $sysinfo[$i].systemname $servername = $server $label = $sysinfo[$i].label if(($label) -and (!($label.contains("filler")))){ write-host "processing $label $server" $name = $sysinfo[$i].name $capacity = [math]::round(($sysinfo[$i].capacity/1gb),2) $fspace = [math]::round(($sysinfo[$i].freespace/1gb),2) $sused = [math]::round((($sysinfo[$i].capacity - $sysinfo[$i].freespace)/1gb),2) $fspacepercent = [math]::round((($sysinfo[$i].freespace*100)/$sysinfo[$i].capacity),2) $obj = new-object psobject $obj | add-member -membertype notepro