I didn’t know before that actually every authenticated user can add up to 10 computers to the domain by default. This is a security issue and should be prevented.
Follow the steps to do so:
1. Open ADSI Editor
2. Click with the right mouse button on ADSI Editor and make a default connection
3. Click with the right mouse button on the domain / properties
4. Change the value for ms-DS-MachineAccountQuota to 0
admin on July 15th 2009 in Windows Server
When somebody adds a computer to the domain it usually goes into the CN=Computers,DC=Domain. If you want to choose another OU as the default container, you can do this with the redircmp “DN of the OU”.
By the way you can do the same for the users with the command redirusr “DN of the OU”.
admin on July 15th 2009 in Windows Server
- Start/Settings/Control Panel
- Add Remove Programs
- Add/Remove Windows Components
- In the Windows Components Wizard disable Internet Explorer Enhanced Security Configuration
admin on July 14th 2009 in Windows Server
Windows PowerShell is a new feature which comes with Windows 2008 server. It need to have the .Net Framework installed and can also be installed on Windows 2003 Server, Windows XP-Vista.
Create a textfile “NewUser.ps1” with following content:
$objOU=[ADSI]LDAP://OU=Users,DC=test,DC=com
$objUser = $objOU.Create("user", "CN=Test1 User")
$objUser.Put("sAMAccountName", "Test1.User")
$objUser.SetInfo()
$objUser = $objOU.Create("user", "CN=Test2 User")
$objUser.Put("sAMAccountName", "Test2.User")
$objUser.SetInfo()
Important: To run this scripts in PowerShell you need to first active it:
set-executionpolicy remotesigned
Go into the directory where the script is located and run it like this:
./NewUser.ps1
Get users samid:
dsquery user -name "*User" | dsget user -samid
admin on June 5th 2009 in Windows Server
| dsadd |
Creates and object in the directory |
| dsget |
Gets the attributes of an object |
| dsmod |
Changes the attributes of an object |
| dsmove |
Moves and object |
| dsrm |
Removes and object or container with all objects |
| dsquery |
Runs a query |
| csvde |
Import/Export Objects from/into a csv file |
| ldifde |
Import/Export (Lightweight Directory Access Data Interchange Format) |
| dsa.msc |
Active Directory Console |
Examples:
dsadd user “cn=Todd Test,ou=Users,dc=mist,dc=com” –samid ttest –upn ttest@mist.com
dsadd group “CN=Marketing,OU-Groups,DC=mist,DC=com” –samid Marketing –secgrp yes –scope g
dsget group “CN=Marketing,OU-Groups,DC=mist,DC=com” –members -expand
dsget user “cn=Todd Test,ou=Users,dc=mist,dc=com”
dsrm “cn=Todd Test,ou=Users,dc=mist,dc=com”
csvde –i –f NewUsers.txt
ldifde -i -f NewUsers.ldf
admin on June 4th 2009 in Windows Server
I gave users permissions to login to the Server but it still didn’t work. After trying out for a while I found out the solution.
Login to the Server as Admin:
1. gpedit.msc (Local Group Policy)
2. Computer Configuration/Security Settings/Local Policies/User Rights Assignment
3. Allow log on trough Terminal Serives you need to add your group or users
Warning: This should normally not be done and could be a security risk!
admin on June 4th 2009 in IT, Windows Server
Installation
1. Download it from http://www.microsoft.com/wsus
2. Make sure following roles are installed on the Server:
- MS Internet Information Server 7
- – ASP.NET
- – 6.0 Management Compatibility
- – IIS Metabase Compatibility
- – Windows Authentication
And install Microsoft Report Viewer Redistributable 2005
[http://go.microsoft.com/fwlink/?LinkID=70410]
3. Run the downloaded setup and follow the wizard
Configure WSUS so Computer are assigned via GPO
1. Open WSUS Console
2. Go to Computer/All Computers and create there a new Computer Group
3. Go to Options/Computers and choose “Use Group Policy or registry settings on computers.”
4. Open Group Policy Management Console
5. Create a New Group Policy and Link it to the right OU
6. WSUS Settings you will find in: Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update
7. Enable “intranet Microsoft update service location”
Intranet Update Service: http://yourwsusserver/
Intranet Statistics Server: http://yourwsusserver/
8. Enable “Client Side Targeting”
Target Group: Computer Group you created in WSUS (See step 3)
9. Check the other useful settings like Configure Automatic Updates and No Auto-Restart with logged on users
10. Restart one of the client computers and check if they are in WSUS Console listed in your new created computer group.
admin on May 28th 2009 in IT, Windows Server
The easiest way to find out if the group policy is applied and really changed the right settings you can check it in registry.
Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
admin on May 28th 2009 in Windows Server
I just installed Win2k8 Core on WMWare and tried to install VMWare as usual from the menu: VM\Install VMWare Tools… but nothing happened.
So I goggled and the solution is actually very easy:
1. Filemenu: “VM\Install VMWare Tools”
2. Command prompt run: “D:\Setup.exe”
That’s it…. have fun.
admin on January 22nd 2009 in Windows Server
After a fresh installation of Windows 2008 Server you have the handy “Initial Configurations Task” Wizard. If you have chosen “Do not show this window at logon” it won’t appear anymore. So how can you relaunch it?
Just run “oobe” from the prompt.
admin on January 22nd 2009 in Windows Server
