Archive

Archive for the ‘Microsoft’ Category

Certification Authority – decrease key lenght

June 27th, 2012 No comments

One my colleague wanted to make one of our customer’s environment very secure so he decided to install Enterprise Certification Authority environment with 4kB keys. He created one offline root CA with 4kB key (Windows 2003). This computer is offline all the time. Another CA is Issuing CA which key is signed by root CA. This issuing CA also had 4kB key (Windows 2008 R2). Certificates issued by issuing CA were from 2kB-16kB.

Problem raised when customer wanted to create certificate for Cisco devices to secure Wifi. To make those devices use and trust certificates from issuing CA customer needed to import Root and Issuing CA public certificates into those Cisco devices. And this was a problem. Those Cisco devices didn’t want to work with more than 2kB certificates.

Read more…

Windows Server 2012 on VMWare

June 6th, 2012 No comments

Today we tried to run Windows Server 2012 RC on VMWare. Our version of OS on VM was set to Microsoft Windows Server 8.

After first reboot after installation we got black screen with little circles going around forever:

 

Never ending cycling

Never ending cycling

 

We couldn’t make it work. But we found solution. Just change OS Version of VM to Microsoft Windows Server 2008 R2 (64-bit).

For Windows 8 it is required to change OS Version to Windows 7. Thanks to Róbert Švec.

We hope VMWare will fix this soon 🙂

 

 

Exchange 2003 Out of office assistant subject language

May 31st, 2012 No comments

Today I was asked to find out why some users gets Out of office message subject in Slovak language and some in English. Company has two Exchange 2003 servers. One is for Front-end and second is to host mailbox databases.

Read more…

Exchange Distribution Group restriction

May 29th, 2012 No comments

Today one of our customers called me and asked how they can prevent from receiving e-mails from Internet for particular distribution group. They have Exchange 2010 SP2. I instructed him to check field on properties of distribution group called Require that all senders are authentificated.

Read more…

Add Unix commands into Windows

May 29th, 2012 No comments

When I want to feel like guru or I just need to use some Unix based utilities in Windows, I used to install http://www.cygwin.com/. It’s cool. But I recently found out that Windows has native support for Unix based applications.

Read more…

Categories: Linux, Windows Tags: , , ,

RDS/TS Licencovanie

May 29th, 2012 No comments

Dostaval som casto otazky ohladom licencii pre RDS/TS. Vela adminov sa pytalo na zvlastne otazky o odpocitavani licencii na licencnom servery.

Ked chcete pouzivat RDS/TS viac ako 120 dni, tak si treba nainstalovat a skonfigurovat licencne sluzby pre RDS/TS. Taktiez je potrebne zakupit RDS/TS CAL-y (Client Access Licenses). CAL-y su licencie pre pripojenie sa k RDS/TS serverom. Ked sa instaluju RDS/TS licencne sluzby, tak su na vyber tri varianty licencovania CAL-ov:

Read more…

Categories: Windows Tags: , , , ,

Split AD from one forest

May 15th, 2012 2 comments

Today I tried to split two domain created in one AD forest.

Scenario

I had 1st created domain domain.local which was top-forest root domain. It contained two domain controllers (SRVDC01.domain.local (W2008R2) and SRVDC02.domain.local(WS8)). Second domain I’ve created was domain2.local which was in same AD forest, but in different AD tree. I had little problem when creating new domain domain2.local, because SRVDC02.domain.local was powered off for couple days. DCPromo on SRVXX01.domain2.local was complaining about some replication problems. So I needed to power it on and force replication. It was weird, because SRVDC2.domain.local haven’t hold any of FSMO roles. When it was all done, all looked up and running.

Read more…

Categories: Security, Windows Tags: , , ,

#5 GPO Serial – WMI Filtre a Loopback Processing

Takže po dlhšej dobe pokračujem. Dneska popišem WMI filtre a taktiež Loopback Processing.

WMI Filtre

 WMI filtre sa používajú na to, aby sa lepšie špecifikovali podmienky aplikovania GPO politík. Ale najprv si vysvetlime, čo to vlastne WMI je. WMI je skratka od Windows Management Instrumentation, čo predstavuje rozhranie cez ktoré je možné tak vyčítať rôzne údaje z OS ako aj samotné nastavenia OS meniť. WMI si predstavte ako databázu na každom Windows OS. Pomocou podobných príkazov ako sú SQL príkazy je možné vyčítavať rôzne informácie. Napríklad je možné vyčitať informácie o type a modele BIOSu na počítači. Ďalej napríklad informácie o veľkosti RAM pamäte, verzia OS, zoznam hotfixov, rýchlosť otáčok ventilátora na CPU,…

Read more…

Categories: GPO, Windows Tags: , , ,

Disabled UAC still active

April 17th, 2012 No comments

At one of our bigger customer we started to have weird problem. When you disabled UAC it was still active even after reboots.

Read more…

Categories: Security, Windows Tags: , ,

SYSVOL FRS to DFSR migration

April 16th, 2012 1 comment

Most of you probably already updated Active Directory infrastructure from Windows 2003 to Windows 2008 R2. What I see most is that administrators do not upgrade DFS replication subsystem for SYSVOL shares. Before Windows Server 2008 (also R2) was released FRS (File Replication System) is used. In Windows 2008 R2 there is new version released and it’s called DFSR (Distributed File System Replication).

FSR

FSR uses NTFS volumes’ USN journal to determine when a change has occured to a file and triggers replication. When FSR detects file close it gathers information about file and it’s attributes. It also checks file’s MD5 hash. If MD5 hash changes it will trigger replication. If file has changed whole file is send to FSR replication partners.

DFSR

First benefit of DFSR is that it doesn’t replicate whole file, but just a changed data in the file. To be able to check only changes in files it uses RDC (Remote Differential Compression) compression algorithm.

Read more…