Takže po dlhšej dobe pokračujem. Dneska popišem WMI filtre a taktiež Loopback Processing.
WMI Filtre
WMI filtre sa používajú na to, aby sa lepšie špecifikovali podmienky aplikovania GPO politík. Ale najprv si vysvetlime, čo to vlastne WMI je. WMI je skratka od Windows Management Instrumentation, čo predstavuje rozhranie cez ktoré je možné tak vyčítať rôzne údaje z OS ako aj samotné nastavenia OS meniť. WMI si predstavte ako databázu na každom Windows OS. Pomocou podobných príkazov ako sú SQL príkazy je možné vyčítavať rôzne informácie. Napríklad je možné vyčitať informácie o type a modele BIOSu na počítači. Ďalej napríklad informácie o veľkosti RAM pamäte, verzia OS, zoznam hotfixov, rýchlosť otáčok ventilátora na CPU,…
Read more…
At one of our bigger customer we started to have weird problem. When you disabled UAC it was still active even after reboots.
Read more…
Most of you probably already updated Active Directory infrastructure from Windows 2003 to Windows 2008 R2. What I see most is that administrators do not upgrade DFS replication subsystem for SYSVOL shares. Before Windows Server 2008 (also R2) was released FRS (File Replication System) is used. In Windows 2008 R2 there is new version released and it’s called DFSR (Distributed File System Replication).
FSR
FSR uses NTFS volumes’ USN journal to determine when a change has occured to a file and triggers replication. When FSR detects file close it gathers information about file and it’s attributes. It also checks file’s MD5 hash. If MD5 hash changes it will trigger replication. If file has changed whole file is send to FSR replication partners.
DFSR
First benefit of DFSR is that it doesn’t replicate whole file, but just a changed data in the file. To be able to check only changes in files it uses RDC (Remote Differential Compression) compression algorithm.
Read more…
Couple days I installed Windows Server 8 and I started to play 🙂
There is weird desktop in new Windows. It’s not as pretty as it is in Windows Server 2008. It’s kinda forced to use touch screen, but who would use touch screen to administer servers? Not me 🙂
Normal stuff
- I couldn’t find any way to restart/shutdown Windows Server 8. Only way I could use is command line (shutdown.exe). But there is a way via Metro…upper right corner…Settings…Power…Restart (http://technet.microsoft.com/library/hh831491.aspx)
- I don’t know how to turn IE ESC off. I couldn’t find any setting to enable/disable it
- It is nice to be able to team network interfaces, but there is no help what each setting means
Active Directory
Nice article about changes http://blogs.technet.com/b/askds/archive/2012/04/06/group-policy-management-improvements-in-windows-server-quot-8-quot-beta.aspx
DNS
They have imported DNSSec into DNS server.
Security tab for DNS server settings is running faster 🙂
Windows Update Service
I received errors after installation and I couldn’t run WSUS console.
Read more…
When you are facing slow logons into domain and you also get events 1030 and 1006 you need to look into your network. By default Kerberos uses UDP packets to communicate. You need to force Kerberos to use TCP instead of UDP by changing registry key:
HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\ Kerberos\\Parameters
If it doesn’t exists just create it 🙂
Create DWORD key called MaxPacketSize and set it to value 1.
For more infor there is official KB http://support.microsoft.com/kb/244474/en-us
Nowadays I meet couple customers which wanted to implement old school technologies: folders redirection and roaming profiles. When they have implemented features they didn’t do it right way, because they have used default settings which are not really what you might want. I also read couple articles why roaming profiles and folders redirection are bad solutions. They really ain’t that bad.
Read more…
When you start cmd.exe in Windows 2008 or Windows 7 you will get little small tinny window:
Small cmd.exe
This is getting on my nerves to change is on every server/workstation I log in.
Read more…
When I was cheking Remote Desktop configuration on couple Windows 2008 R2 servers I’ve noticed that I cannot access Remote Desktop Session Host Configuration and I get following error:
Read more…
Today I spent half a day of debugging one weird problem. One of my customer just upgraded to Exchange 2010. They wanted to use ouf of office assistant. When they clicked in outlook clients on OOOA they’ve got error:
Out of office assistant error
Read more…
One of our customer migrated his whole IT infrastructure into another datacenter. We powered off virtual machines at production site and powered on cloned versions of virtual machines. Domain Controllers were up all the time. Only member servers’ clones moved into another datacenter. They’ve ran for three days in another datacenter. Active Directory domain was up all the time. After tests we deleted clones in another datacenter and powered on virtual server in primary datacenter – their friday’s copies. And now we had problems on couple of servers.
Read more…
Categories: Security, Windows Tags: accounts, bad password, computer account, ERROR_ACCESS_DENIED, ghost, netdom, netlogon, nltest, relationship, reset password, security database, snapshot, Unauthenticated, vitual
Recent Comments