Server 2008

Terminal Server Security

Posted by robd on December 01, 2014
powershell / 1 Comment

Today a client noticed several thousand failed secuity attempts on their Terminal Server:

 

So after filtering the Event 4625 in event viewer I found I couldnt export the Source Network Address. So came up with this handy powershell script to export the IP to a csv:

 

Tags: , , ,

DNS for a subdomain

Posted by robd on May 08, 2014
DNS / No Comments

Hi All,

My company uses a sub domain for a satellite office, all works fine and replication takes places etc etc.

The problem I had was with DNS.  I’m based in Contoso.local and I cannot ping any device the sub-domain Sub.contoso.local without fully qualifying the domain.

For example if I ping a server1 on the subdomain using

DNS cannot route the command where as if I type

it works fine.

I’ve checked DNS on Contoso.local and there are conditional forwarders to Sub.contoso.local:

DNS_Issue

So how can I get around this??  The answer is to add a DNS Suffix locally or to all the domain devices via group policy:

Group policy:

Computer Policy > Policies > Administrative Templates > Network/DNS Client > DNS Suffix Search List.

DNS_Issue_GP_Suffix

Then GPUPDATE /force your client and run IPCONFIG /ALL and you should see:

DNS_Issue_IPCONFIG

 

 

Tags: , , , , , ,

Find AD users using Profile Paths (roaming profiles)

Posted by robd on May 08, 2014
powershell / No Comments

So today due to a server migration I needed a list of all the users who have roaming profiles, found this useful Powershell script:

Please note you need to ammed this line of code to suite your site: “OU=VI2,OU=Students,OU=Users,OU=Monmouth School,DC=Monmouth,DC=local”

Tags: , , , , , , ,

User Account Control (UAC) for Server 2008

Posted by robd on September 03, 2013
Server 2008 / No Comments

Today a admin mentioned how annoying the “Run as Administrator” option is on Server 2008, well I agree so here’s how to turn it off:

Click Start

Type UAC:

UAC1

Click “Change User Account Control Settings” and change the sliding setting.  I chose Never notify:

UAC2

Click OK and Yes if prompted.

If for some reason this doesnt change UAC for all users of the server you either need to create a group policy to change:

“User Account Control:Run all administrators in Admin Approval”

or you can change it locally using Local Security Policy i.e.

Click Start, Run, type:

secpol.msc

UAC3

Go to:

UAC4

Find: “User Account Control:Run all administrators in Admin Approval” and choose Disabled.

UAC5

Done.

Tags: , ,

Windows 7 Login Wallpaper with Group Policies

Posted by robd on October 09, 2012
Group Policies, Windows 7 / 1 Comment

I’m sure you all know what group policiesare as I’m guessing you wouldn’t be here otherwise!

Well here’s a quick how to on the settings you need to set up a login Wallpaper for Win 7:

Firstly you’ll need a Domain Controller running Server 2008 (I used R2) or a Windows 7 workstation with the AD tools installed and be logged on as a admin of some sort (preferably a Domain Admin):

1. open group policy Management.

2. Go to: Computer Configuration\Preferences\Windows Settings\Files

3. Right-click the “Files” icon and click:  New > File

4. Select Replace

5. Type in the UNC path for your source file i.e. \\Server\Share\LogonWallpaper.jpg
     •Remember this file needs to be small, less than 256K
     •Also the permissions on this share need to allow the computer account READ access. If in doubt use “Authenticated Users”.
6. For the Destination File, type this (without the quotes): “%windir%\system32\oobe\info\backgrounds\backgrounddefault.jpg
7. Click the “Common” tab

8. Select “Remove this item when it is no longer applied”. This will ensure your file is removed if:
     •The GPO is deleted or disabled
     •The workstation is moved to another OU
     •The policy is filtered out
     •You update your policy to send a new wallpaper file
9. Select Item-level targeting to specify only Windows 7 computers. This will ensure your file isn’t sent to versions of Windows that wouldn’t make use of it anyway i.e. XP.
10. Go to: Computer Configuration\Policies\Administrative Templates\System\Logon
11. Click “Always use custom logon background” and set it to “Enabled”
Done.

Tags: , , ,

Copy Protected by Chetan's WP-Copyprotect.