Archive for the 'IT' Category

Deploy ODBC Setting with Windows Authentication via GPO

You can actually deploy ODBC Settings via GPO very easily.

Computer Configuration > Preferences > Control Panel Settings > Data Sources
or
User Configuration > Preferences > Control Panel Settings > Data Sources

ODBC Example with Windows Authentication
New > Data Source
Action: Replace
Data Source Name: Test
Driver: SQL Server

Attributes:
Database: DBName
Server: SQLServer
TRUSTED_CONNECTION: Yes

No Comments »

admin on September 26th 2015 in IT, Windows, Windows Server

Compact a vhdx disk

After you delete files from vhdx disk I noticed that it doesn’t free up disk space on a dynamic vhdx file.

Make sure the vhdx file is mounted read-only or not at all and run following command to free up disk space:
Optimize-VHD –Path C:\Data\Test.vhdx –Mode Full

Important: I could just run this command from a computer where Hypver-V role was installed.

No Comments »

admin on May 19th 2015 in IT, Windows Server

Install the IPAM Server on Windows 2012 R2

If you have multiple DNS, DHCP, NPS Servers you can install an IPAM-Server to manage them. It also gives you a good overview and statistics.

Important: The IPAM feature can’t be installed on a DC and the computer needs to be joined to the domain. It should also not be on a DHCP/DNS Server.

Quick step by step guide to install it:
1. Install the IPAM-Feature
You will be asked to choose between an WID DB or an MS SQL Server and to pick a GPO name prefix to provisione the servers with a GPO. I picked the WID DB and as GPO name prefix IPAM.

2. Configure IPAM
Connect to IPAM Server
Provision the IPAM Server
Configure Server Discovery (Pick the Domains)
Start Server Discovery

3. After that you will notice that the servers will be populated but showed as blocked. To manage them install the GPOs on the DCs and add the IPAM Server to the Builtin\Event Log Readers Group.

Run following command to install the GPO’s in the powershell as an administrator:
Invoke-IpamGpoProvisioning -Domain contoso.com -GpoPrefixName IPAM -IpamServerFqdn ipam.contoso.com –DomainController dc1.contoso.com

Now you should see in the Group Policy Manager three new GPOs:
ipam_DC_NPS
ipam_DHCP
ipam_DNS

Make sure that in the Security Filtering all the servers which should be managed are added.
Then run a “gpupdate /force” on all the servers.

Then add the IPAM-Server to the Builtin\Event Log Readers Group

4. Even I did everything above it still didn’t show up as unblocked in the IPAM Server Inventory. The trick was to edit the servers manually and untick and tick again the DNS-Server. After that it worked like a charm;-)

No Comments »

admin on April 20th 2015 in IT, Windows Server

Can’t add the Event Viewer from a Remote Machine to a Management Console (MMC)

If you run the MMC Console as an Domain Admin and you can’t add the event viewer of an remote machine to the mmc console it is probably because of the firewall settings.

Go to the remote machine and run firewall.cpl:
Allow an app or feature through Windows Firewall->Check Remote Event Log Management.

That’s it. Enjoy;-)

No Comments »

admin on March 31st 2015 in IT, Windows Server

Troubleshooting Active Directory Replication

In Windows 2003 there was a useful gui tool replmon but they didn’t continue developing and shipping it.

But you can also do it comfortable with the command repadmin. Here the most important commands:
repadmin /showrepl
repadmin /showrepl * /errorsonly
repadmin /showrepl * /csv
repadmin /queue
repadmin /queue DCServerName
repadmin /replsummary

repadmin /syncall DCServerName /APed
* All Partitions Push enterprise distinguished Name
** Pushes all DCs to start the replication

No Comments »

admin on March 3rd 2015 in IT, Windows Server

Windows 2012 R2 Single Sign On with RemoteAPP Web Access

It took me quite long to figure it out to get RemoApp on WebAccess working with “Web Single Sign On”.

Here the steps to get it done:

1. ISS Certificate for https

If you have an internal CA you need to create a certificate for IIS and make sure it is trusted on your client computer to connect via https to:
https:\\yourserver.domain.local\rdweb\

Certificate can be created or imported here in IIS:
1. Run inetmgr
2. Choose your IIS Server
3. Import or create a certificate in Server Certificates

Follow these steps to activate it in IIS:
1. Run inetmgr
2. Go to IIS Server\Sites\Default Web Site\Bindings\https:
3. Edit Setting and pick there the SSL Certificate

If you have an internal CA and it is already trusted on your client computer then you don’t require to do anything otherwise you need add the Root Certificate into the Trusted Root Certifications Container.

Important: You should also have valid certificates for your connection broker and rdp etc.

2. Change “Form Based Authentication” to SSO
1. Run inetmgr and enable only Windows Authentification in RDWeb Authentication

2. Backup and edit %SYSTEMROOT%\Web\RDWeb\pages\web.config

3. Change Authentification Method (Comment Forms out)
<authentication mode=”Windows”/>
<!–
<authentication mode=”Forms”>
<forms loginUrl=”default.aspx” name=”TSWAAuthHttpOnlyCookie” protection=”All” requireSSL=”true” />
</authentication>
–>

4. Change Security Mode (Comment it out)
<!–
<security>
<authentication>
<windowsAuthentication enabled=”false” />
<anonymousAuthentication enabled=”true” />
</authentication>
</security>
–>

4. Backup and edit %SYSTEMROOT%\Web\RDWeb\Pages\en-us\Default.aspx

5. Change to private mode
public bool bShowPublicCheckBox = false, bPrivateMode = true, bRTL = false;

3. IE Security
In my environment it just worked when I didn’t use you the FQDN for my Server in Internet Eplorer. As soon as I used the FQDN it asked me to put in the credentials and to avoid that I made sure that our internal domain is added to the Intranet Zone in Internet Explorer.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List

Add:
*.yourdomain.com with value 1

4. Trusted RDP Connection
Even you can login to the webapage now without beeing prompted you will still get a warning dialog as soon as you click on an icon.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client

And add the thumbprints of the RDP Certificates in “Specify SHA1 thumprints of certificates representing trusted .rdp publishers”

5. Allow Delegation of Default Credentials for RDP
So finally you get a last dialog which will ask yo to put in the credentials. If you don’t like that you can solve it with following GPO.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\System\Credential Delegation\Allow delegation default credentials

And add: TERMSRV/*.yourdomain.com

No Comments »

admin on February 12th 2015 in IT, Windows Server

Context menu appears slow with right mouse click on desktop on Windows 8.1

When I right clicked on my desktop it took about 30 second until the context menu appeared. I tried to solve it with updating the graphic card drivers but it still didn’t help. Finally I found the solution.

Delete all Graphiccard related entries in the registry:
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers

No Comments »

admin on January 20th 2015 in Windows

How to make a member Domain Controller to the primary Domain Controller in an emergency

So if you can’t recover the Primary Domain Controller then you have no other choice than making a member DC to a PDC. You can seize the roles with ntdsutil.

Run command prompt with domain admin rights:
1. ntdsutil
2. roles
3. connections
4. connect to server MyMemberDC
5. q
6. Seize domain naming master
7. Seize PDC
8. Seize RID master
9. Seize schema master
10. q q
11. dsa.msc

* We don’t seize Infrastructure Master because it should be on another DC where the Global Catalog isn’t installed.
* You can get help in ntdsutil anytime if you just write help and press enter

No Comments »

admin on January 17th 2015 in Windows Server

Google Cardboard – virtual reality cheap for your smartphone

I have always been a big fan of virtual reality but haven’t been following it for a long time. Somewhere on the net I heard about Google Cardboard and I thought i give it a shot. I didn’t have very high expectations because it is made just of carton, lenses and magnets. To my suprise the experience was awesome.

More Info:
Cardboard

What it looks like:
Google Cardboard

No Comments »

admin on January 12th 2015 in Virtual Reality

Run Android Apps on Windows or Mac

There are several software (emulator) to run android apps on your windows or mac computer. I tried so far BlueStacks and Genymotion. BlueStacks made a cluttered and slow impression and Genymotion worked smoothely and fast.

Here you can download Genymotion:
Genymotion

If you want to install Android apps on Genymotion you need to install Google Play Store first. Follow this step by step:
1. Create a virtual device
2. Download the right Google Play Store version
3. Drag&Drop the zip file in the running virtual device
4. Let it install and restart the device
5. Run Google Play Store and run all updates

No Comments »

admin on January 1st 2015 in Mobile




Check out new movies online website. Download and buy movies now.