Archive

Author Archive

#5 GPO Serial – WMI Filtre a Loopback Processing

Takže po dlhšej dobe pokračujem. Dneska popišem WMI filtre a taktiež Loopback Processing.

WMI Filtre

 WMI filtre sa používajú na to, aby sa lepšie špecifikovali podmienky aplikovania GPO politík. Ale najprv si vysvetlime, čo to vlastne WMI je. WMI je skratka od Windows Management Instrumentation, čo predstavuje rozhranie cez ktoré je možné tak vyčítať rôzne údaje z OS ako aj samotné nastavenia OS meniť. WMI si predstavte ako databázu na každom Windows OS. Pomocou podobných príkazov ako sú SQL príkazy je možné vyčítavať rôzne informácie. Napríklad je možné vyčitať informácie o type a modele BIOSu na počítači. Ďalej napríklad informácie o veľkosti RAM pamäte, verzia OS, zoznam hotfixov, rýchlosť otáčok ventilátora na CPU,…

Read more…

Categories: GPO, Windows Tags: , , ,

Disabled UAC still active

April 17th, 2012 No comments

At one of our bigger customer we started to have weird problem. When you disabled UAC it was still active even after reboots.

Read more…

Categories: Security, Windows Tags: , ,

SYSVOL FRS to DFSR migration

April 16th, 2012 1 comment

Most of you probably already updated Active Directory infrastructure from Windows 2003 to Windows 2008 R2. What I see most is that administrators do not upgrade DFS replication subsystem for SYSVOL shares. Before Windows Server 2008 (also R2) was released FRS (File Replication System) is used. In Windows 2008 R2 there is new version released and it’s called DFSR (Distributed File System Replication).

FSR

FSR uses NTFS volumes’ USN journal to determine when a change has occured to a file and triggers replication. When FSR detects file close it gathers information about file and it’s attributes. It also checks file’s MD5 hash. If MD5 hash changes it will trigger replication. If file has changed whole file is send to FSR replication partners.

DFSR

First benefit of DFSR is that it doesn’t replicate whole file, but just a changed data in the file. To be able to check only changes in files it uses RDC (Remote Differential Compression) compression algorithm.

Read more…

Playing with Windows Server 8 Beta

April 10th, 2012 No comments

Couple days I installed Windows Server 8 and I started to play 🙂

There is weird desktop in new Windows. It’s not as pretty as it is in Windows Server 2008. It’s kinda forced to use touch screen, but who would use touch screen to administer servers? Not me 🙂

Normal stuff

  • I couldn’t find any way to restart/shutdown Windows Server 8. Only way I could use is command line (shutdown.exe). But there is a way via Metro…upper right corner…Settings…Power…Restart (http://technet.microsoft.com/library/hh831491.aspx)
  • I don’t know how to turn IE ESC off. I couldn’t find any setting to enable/disable it
  • It is nice to be able to team network interfaces, but there is no help what each setting means

 

Active Directory

Nice article about changes http://blogs.technet.com/b/askds/archive/2012/04/06/group-policy-management-improvements-in-windows-server-quot-8-quot-beta.aspx

DNS

They have imported DNSSec into DNS server.

Security tab for DNS server settings is running faster 🙂

Windows Update Service

I received errors after installation and I couldn’t run WSUS console.

Read more…

Slow logging into domain

March 26th, 2012 No comments

When you are facing slow logons into domain and you also get events 1030 and 1006 you need to look into your network. By default Kerberos uses UDP packets to communicate. You need to force Kerberos to use TCP instead of UDP by changing registry key:

HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\ Kerberos\\Parameters

If it doesn’t exists just create it 🙂

Create DWORD key called MaxPacketSize and set it to value 1.

For more infor there is official KB http://support.microsoft.com/kb/244474/en-us

 

Roaming profiles and Folder Redirection settings

March 7th, 2012 No comments

Nowadays I meet couple customers which wanted to implement old school technologies: folders redirection and roaming profiles. When they have implemented features they didn’t do it right way, because they have used default settings which are not really what you might want. I also read couple articles why roaming profiles and folders redirection are bad solutions. They really ain’t that bad.

Read more…

Custom cmd.exe appearance

February 29th, 2012 No comments

When you start cmd.exe in Windows 2008 or Windows 7 you will get little small tinny window:

 

Small cmd.exe

Small cmd.exe

 

This is getting on my nerves to change is on every server/workstation I log in.

Read more…

Categories: Windows Tags: , , ,

Damaged WMI database

February 28th, 2012 No comments

When I was cheking Remote Desktop configuration on couple Windows 2008 R2 servers I’ve noticed that I cannot access Remote Desktop Session Host Configuration and I get following error:

Read more…

Categories: Security, Windows Tags: , , ,

Exchange 2010 Ouf Of Office Assistant not working

February 24th, 2012 No comments

Today I spent half a day of debugging one weird problem. One of my customer just upgraded to Exchange 2010. They wanted to use ouf of office assistant. When they clicked in outlook clients on OOOA they’ve got error:

 

Out of office assistant error

Out of office assistant error

 

Read more…

Reset Computer accounts in Active Directory domain

February 21st, 2012 21 comments

One of our customer migrated his whole IT infrastructure into another datacenter. We powered off virtual machines at production site and powered on cloned versions of virtual machines. Domain Controllers were up all the time. Only member servers’ clones moved into another datacenter. They’ve ran for three days in another datacenter. Active Directory domain was up all the time. After tests we deleted clones in another datacenter and powered on virtual server in primary datacenter – their friday’s copies. And now we had problems on couple of servers.

Read more…