Browsing "Windows 2003"

Some quick command line tools for AD

1. To quickly list all the groups in your domain, with members, run this command:

dsquery group -limit 0 | dsget group -members –expand

2. To find all users whose accounts are set to have a non-expiring password, run this command:

dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0

3. To list all the FSMO role holders in your forest, run this command:

netdom query fsmo

Read more »

Why can I not access administrative shares from Windows 7 or Windows 8 ?

Someone asked me about this recently. They had a Windows 8 laptop and a Windows 7 desktop and no matter what they tried, they were unable to access the C$ on either the laptop or the desktop.

They were 100% sure they were using the correct credentials but for whatever  reason, Windows would not accept their login when trying to map a drive (\\desktopname\c$)

The issue is related to UAC and how that restricts remote connections. This has been the case since Vista and the same issue (feature :)  is still in Windows 8.

The issue only applies to local accounts and not domain accounts.

The quick fix is to just disable UAC but if you want to keep that running but still allow admin share access, do the following:

To disable UAC remote restrictions, follow these steps:

  1. Click Start, click Run, type regedit, and then press ENTER.
  2. Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows\CurrentVersion\Policies\System
  3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type LocalAccountTokenFilterPolicy, and then press ENTER.
  6. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Exit Registry Editor.

The LocalAccountTokenFilterPolicy registry entry in the registry can have a value of 0 or of 1. These values change the behavior of the registry entry to the behavior that is described in the following table.

Value Description
0 This value builds a filtered token. This is the default value. The administrator credentials are removed.
1 This value builds an elevated token.

 

How can I search for all users that have the “Network Policy” set to false using PowerShell ?

If you need to search Active Directory to find users who currently have the “Network Access Permission” set to “Deny Access” on the Dial-in tab of their user account

Dial-in

run this Powershell command:

Get-ADUser -Filter {(mail -like “*”) -and (ObjectClass -eq “user”)} -Properties msNPAllowDialin | Where { $_.msNPAllowDialin -match “False” } | fl Name, msNPAllowDialin

You need to ensure you start Powershell with the AD modules installed.

Windows Update Error 0xC80003FB

Click Start, select Run, type in: services.msc
then press enter
Now look for the Automatic Updates Service, right click it and choose to stop

Click Start, select Run, type in: %windir%SoftwareDistribution
then press enter
Open the Datastore folder and delete its contents.

Click Start, select Run, type in: type services.msc
then press enter
Now look again for the Automatic Update Service and choose to start

Try running the Updates again.

Can I still use Microsoft Virtual Server or Microsoft Virtual PC to test Windows Server 2008 clustering?

Virtual Server has commonly created a shared disk over the emulated SCSI controller to use for clustered storage. However, Server 2008 clustering doesn’t support parallel SCSI.

But there is light at the end of the tunnel. Server 2008 clustering supports the majority node set model, which means a cluster doesn’t need shared storage. Server 2008 can use node-voting with three nodes or more, or a file-share witness instead of the quorum disk for two-node clusters.

If you want shared storage, the easiest option is probably iSCSI because the iSCSI initiator is built into both Server 2008 and Windows Vista. For the iSCSI target, you may have access to an iSCSI SAN/device, a software solution such as Windows Storage Server, or an add-on iSCSI

Aug 20, 2007 - Exchange, General, Windows 2003    1 Comment

I changed the IP address of a server running the SMTP service, but I can’t send mail to it locally. What’s the problem?

t’s common to install the SMTP service on servers that require limited mail-sending capabilities–for example, on a Microsoft SharePoint server. I recently had a problem in which the box got a new IP address, and at that point the services that used the SMTP service could no longer send email. The problem was that the server had a relay restriction list in place, and the list didn’t have the new IP address listed.

To resolve the problem, you need to update the relay list. Start the Microsoft Management Console (MMC) Internet Information Services Manager snap-in by accessing Start, Programs, Administrative Tools, Internet Information Services (IIS) Manager. Right-click the SMTP virtual server and select Properties, then select the Access tab. Click the Relay button. Be sure to add the IP address of the server trying to connect or a subnet containing the servers trying to send via the server by clicking the Add button. When you’re finished, click OK on all dialog boxes.

Jul 20, 2007 - Exchange, Windows 2003    No Comments

What’s the new transaction log size in Microsoft Exchange Server 2007?

The transaction log size in Exchange 2007 is now 1MB instead of 5MB, which was the transaction log size for Exchange 2003. The reason for the size reduction is related to the new log shipping clustering technologies in Exchange 2007. The smaller the log file means a smaller amount of data loss because you can’t ship a transaction log until it’s closed and it needs 5MB of data written before you can close. With Exchange 2007, you only need 1MB of data written. In addition to the reduction of size of the transaction logs the naming scheme has been changed from E<2 digit storage group identifer><5 hexidecimal digits> to E<2 digit storage group identifer><8 hexidecimal digits> which means even though there will be five times the number of transaction logs the number of transaction logs you can have in total is over two thousand times the number of transaction logs you could previously have under Exchange 2003 (you don’t go all the way up to ffffffff, rather 7fffffec).

Extracting the SMS Installer Download on a Workstation

Extracting the SMS Installer-ISU integrated download (or, just the standard SMS Installer) requires that a SMS site server be present on the network connection. When the extraction intiates is asks for a valid server name and will check to see if its available.

Say, you downloaded SMS Installer from home on a dial-up connection, what do you do then? Wait until you are in the office?

Do this:

On your workstation, change the data value in the following key:

Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftSMSSetup
Data: Type
Data Value: dword:00000001

Usually this is set to 00000004 on a workstation

You can download a compiled exe with the above fix here SMS Installer Reg Key Fix

How can I prevent someone from accessing event logs on my server through the network?

Windows automatically limits access to the Security log to only those users who have the Manage auditing and security log user right. However, guests can access the System and Application logs. To disable guest access to these logs, open a Group Policy Object (GPO), go to ComputerConfigurationWindows SettingsSecurity SettingsEvent LogSettings for Event Logs, and enable Restrict guest access to system log and Restrict guest access to application. In Windows Server 2003 and Windows XP, these policies are named Prevent local guests group from accessing system log and Prevent local guests group from accessing application log, respectively. Other users will still be able to view these logs provided they possess the Access this computer from the network user right. Windows doesn’t offer a more granular way to control access to the logs.

Related Posts Plugin for WordPress, Blogger...
Pages:123456»