windows blue screen

windows blue screen

Dear experts,
When I try to copy files from my system drive (c) ssd to a HDD my PC slows down - hangs and after a certain it crashes with a blue screen.
I also cannot synchronise my local FS (the folders I configured to be synched) with Wuala
Here are the sysdump detailed errors:051615-4968-01.dmp 16.05.2015 20:12:14 SYSTEM_THREAD_EXCEPTION_NOT_HANDLED 0x1000007e ffffffff`c0000005 fffff801`354d1066 ffffd000`9e5ccf28 ffffd000`9e5cc730 USBXHCI.SYS USBXHCI.SYS+ba63 x64 Wdf01000.sys+1066 8 15 9600 432 768 16.05.2015 20:16:06

fvevol.sys fvevol.sys+10683 fffff801`36336000 fffff801`363cb000 0x00095000 0x534325db 08.04.2014 00:25:31
ntoskrnl.exe ntoskrnl.exe+8755c fffff800`96414000 fffff800`96ba8000 0x00794000 0x550f41a6 23.03.2015 00:26:46
USBXHCI.SYS USBXHCI.SYS+ba63 fffff801`37870000 fffff801`378c5000 0x00055000 0x54337388 07.10.2014 07:00:56

All the USB drivers are up to date - the problem started arising after the last huge MS patch day May 13th

Many thanks for your support



Do a system restore to before the patches were installed, or uninstall the patches manually one by one, until you found the one that causes the crash.



Do a system restore to before the patches were installed, or uninstall the patches manually one by one, until you found the one that causes the crash.



In addition to the above, the error implicates a driver. See this Microsoft Answer thread.

http://answers.microsoft.com/en-us/windows/forum/windows8_1-performance/bsod-system-thread-exception-not-handled/f43a4f49-dc84-41e5-a234-664aced7afeb

Try replacing / upgrading the video and network drivers.
Run memtest86 and test memory.
Also run System File Checker. Open cmd.exe with Run as Administrator and run SFC /SCANNOW. Allow to complete, shut down, start up and test.



updating the chipset driver can help also





Is there a Windows Server 2008 R2-tool that send reports when shared
folder access has been given to a new user?

Is there a Windows Server 2008 R2-tool that send reports when shared folder access has been given to a new user?

I´m looking for a tool that can:
1. Sends a report to a certain email address when a user has been given rights to a new/existing folder
2. Generates report of which user has what privileges to which of the selected folders - automatically on certain intervals

I´m using Windows Server 2008 R2.

This is to document the security in the company. I read about Dumpsec here, but it wasn`t what I wanted.



I think you can use one of this 2 products :
https://www.manageengine.com/products/active-directory-audit/
or
http://www.isdecisions.com/products/fileaudit/

File Audit is for access audit.
ADAudit is better for what you want to do; you can send reports when unauthorized access is granted for exemple...or for permissions change.



I think you can use one of this 2 products :
https://www.manageengine.com/products/active-directory-audit/
or
http://www.isdecisions.com/products/fileaudit/

File Audit is for access audit.
ADAudit is better for what you want to do; you can send reports when unauthorized access is granted for exemple...or for permissions change.



Thank you. ADAudit looks great, but isn't there any built in tool already in the file server role? A third party tool like ADAudid is quite expensive.



The only way Windows itself can record this activity is by making sure Auditing is enabled in the GPO or Domain Security policy. At that point, Windows will log the event and you can look it up in Event Viewer. Yes, it's not easy and it will not provide you with a clean report but that's a starting point.

After the auditing has been activated, you may be able to develop a report in Powershell that reports on activity found in the logs.

Hope this helps!



This solution will do for now. Thank you!



Windows update error

Windows update error

I am working on a remote computer that has been infected, mainly with PUPs. I believe after running numerous scans I have resolved this issues. Rkill found several issues which have all been resolved. When attempting windows updates I get error code 6B7 & 641. Seems to pertain to security updates for .Net Framework and Microsoft Office 2010. When I attempt to go to Microsoft's "fixit" tools page for Windows updates I get an error going to that page from Chrome (even though I can access it from my computer) and IE won't start.


I have done a sfc /scannow - no issues


I have uninstalled the IE 11 update


Started the computer in a clean boot state


I have rechecked for updates and am installing only the IE updates - says successful


I have reset Google Chrome


Restarting the computer


IE still will not start



Try the following to see if it helps:
Go to Control Panel, Internet Options, Advanced and click on Reset. See the check box (default is unchecked) that will do a full reset. Click on the box to set the option, OK out and allow the reset to take place. Restart the computer. See if that helps.

With respect to Windows Updates and the fact you ran SFC, you may need to try a Windows 7 Repair Install. You need the Windows 7 DVD to do this. Here is a Seven Forums tutorial to assist you.

http://www.sevenforums.com/tutorials/3413-repair-install.html



Try the following to see if it helps:
Go to Control Panel, Internet Options, Advanced and click on Reset. See the check box (default is unchecked) that will do a full reset. Click on the box to set the option, OK out and allow the reset to take place. Restart the computer. See if that helps.

With respect to Windows Updates and the fact you ran SFC, you may need to try a Windows 7 Repair Install. You need the Windows 7 DVD to do this. Here is a Seven Forums tutorial to assist you.

http://www.sevenforums.com/tutorials/3413-repair-install.html



Resetting user customizations failed on Resetting IE settings.



Any other suggestions for the Windows Update resolution? As I said I am working remotely. Thanks!
Mags



Try the Windows Repair Install as I suggested. That is about all that is left (given what you have tried).

If Repair Install does not work, you will need to back up and reinstall Windows.

You will need local access to the computer to effect the repairs above.



John I don't know how that would be possible since I do not have physical access to his computer.
What about the IE error...I've never seen that before.
Mags

Hyper-V Virtual Machines - how to access files, folders, drives on the
host PC

Hyper-V Virtual Machines - how to access files, folders, drives on the host PC

I have a Win 8.1 Pro 64-bit PC and I've installed Hyper-V. I have created a Win 7 32-bit VM, and set it up without a network connection. Looks great so far!

How do I access the "real" drives/partitions of the host Win8.1 PC or transfer files between the host and the Win 7 VM?

And, FWIW, I'll be creating a Win XP VM, as well. I will need to move files back & forth there, too.

Help!

ub



Hello,

Basically, you would configure the networking for the guest and host to communicate with each other,
Please see here:https://social.technet.microsoft.com/Forums/windowsserver/en-US/ba1d4fdf-9eee-46ae-bdc8-fcbc807b1d0f/how-can-i-access-the-host-file-system-from-a-hyperv-image?forum=winserverhyperv

or you would configure a pass through disk,
Please see here:http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx

Hope this helps!
:o)

Bartender_1



Hello,

Basically, you would configure the networking for the guest and host to communicate with each other,
Please see here:https://social.technet.microsoft.com/Forums/windowsserver/en-US/ba1d4fdf-9eee-46ae-bdc8-fcbc807b1d0f/how-can-i-access-the-host-file-system-from-a-hyperv-image?forum=winserverhyperv

or you would configure a pass through disk,
Please see here:http://blogs.technet.com/b/askcore/archive/2008/10/24/configuring-pass-through-disks-in-hyper-v.aspx

Hope this helps!
:o)

Bartender_1



If you could post the IP details of your server and VM we could be able to help how to access them.

Sudeep



You can use copy and paste. I cannot test right now because I don't have any more win7 test machines. It works with 8.1, simply copy on your host and paste on your target Hyper-V-VM. It's using the Hyper-V-pseudo-RDP for data transferring, no network connection is needed here.



Set up an EXTERNAL virtual switch that is shared with the host OS.

Bind that vSwitch to your VM(s).

If there is a DHCP service on the network shared with the host then the VM will pick up an IP address. You are able to connect to any resource on the network at that point.

Or, you can assign a static IP address to the VM if required.

Another option is to create an INTERNAL virtual switch. This will allow communications between the host and the guests only while restricting all other network traffic to VMs on that same INTERNAL vSwitch.



My "server" is a Windows 8.1 Pro PC. I'm trying to run legacy applications as well as provide a one-icon click to transfer VM files back to the host for a more proper backup.

AnInternal Network, ah "switch," is it? That's what I'm looking for. Not to the Internet, simply to the drive(s, in my case) on the Win8 PC. So - I'll google that for now, but anyone know the steps to set that up?

I love that I could copy & paste, that's easy, but a more direct connection would really be the ticket.

Appreciate all the responses & guidance so far!

ub

C# datetime validation problem

C# datetime validation problem

We have a Visual Studio 2010, C#, Windows application.

We have a custom form in the C# project which has a datetime control.
We are capturing the Validating event for this control.

The event appears to get fired correctly when the user attempts to leave the control.

If the user uses the mouse to select a new date, when inside the validation routine, the Value property is set to the newly selected value.

However, if the user uses the keyboard to enter a new date, when inside the validation routine, the Value property is still set to the previous value.

How do I get the Value property to have the correct value after the user changes the value with the keyboard? Or, what is the correct way to get the new value when inside the Validating event for the datetime control?

Thanks.



can you post the validation method ?



can you post the validation method ?



Sure. I've been able to recreate this in a new Windows project.
The validation snippet from the test project:
private void dtReqShipDate_Validating(object sender, CancelEventArgs e)
{
this.lblValidateValue.Text = this.dtReqShipDate.Value.ToString("M/d/yyyy");
}



are you firing this method when you click a button ?

please post the whole routine so I can see whats going on please



That is the whole method from my test project.

But, more info...
Inside the InitializeComponent() method:this.dtReqShipDate.Validating += new System.ComponentModel.CancelEventHandler(this.dtReqShipDate_Validating);

I've updated a zip file of the test form I used to recreate the issue.



I cannot reproduce the problem using the files from your zip. Is there something else that needs to occur.

What I tried:
Modified the date using the keyboard and tabbed out of the control. Label updates with new value.
Modified the date using the keyboard and moused out of the control. Label updates with new value.
Modified the date using the date dropdown and tabbed out of the control. Label updates with new value.
Modified the date using the date dropdown and moused out of the control. Label updates with new value.

-saige-

C: drive becoming full after Windows Update

C: drive becoming full after Windows Update

Hello,

I created a new server and ran the Windows Updates and it seems like there were about 110 updates and now my C: drive is full on a Windows 2008r2 server. How can I regain some of my disk space back? I'm assuming the first step would be to make sure it's Windows Updates is causing this challenge.



How much GB is your C?



How much GB is your C?



I have 50GB on C: drive and 5GB available.
I also have 85GB on D: drive and all is available.



Also, does MS provide a tool that will show me exactly what is causing this issue?



Hi Uppercut7141,

I have a few suggestions based on my experience with similar problems with a SBS2003 server.

First, it would help to know the size of your C drive (partition), how much free space you had prior to the updates and how much you have now.

Do you have any utilities that show you disk usage by directories and file types on your server? I am a huge fan of TreeSize Professional. It will quickly show you where the space is being used. I have used it many times to locate bloated directories or unexpectedly large files.

Are you running WSUS on this server? If you are, I would check that folder to see if it is the source of the problem. If you are running WSUS, that database can quickly become huge if you are downloading all updates for a variety of other server/client operating systems.

If your WSUS file is huge, you can 1) try to compact it or 2) move the WSUS database to another drive. I personally moved my WSUS database to another drive. I'm not sure how to do it on 2008 R2, but I would bet a quick search on EE would give you the steps to follow.

Another potential culprit is Exchange if you are running that. I know these are just general ideas. Perhaps it will give you something to check while you wait for a real 2008 R2 expert to chime in. Good luck!



I just saw your drive specs. 50GB seems a little on the small side, I have a 75GB partition on my SBS2003 server and a 100GB partition on my 2012R2. Are you using your C drive as a file server for your network? Since D is 100% free, I would look to see if there are any files you can move over to it. TreeSize Professional would help you identify potential files to use. There may be other utilities that would also work, but it sure beats running searches in Windows Explorer!

Server (Windows 2012 R2) can't acccess administrative shares on
computer clients

Server (Windows 2012 R2) can't acccess administrative shares on computer clients

Hi all,

I am facing a very odd problem. I have several Windows 2012 R2 Servers in a subnet (192.168.10/24) and computer clients in another subnet (192.168.11/24), the gateway between two networks is correctly configured (switch layer 3 without acl's or rules). The servers can access administrative shares between themselves. The computers can access administrative shares of servers (using domain admin account), also the computers can access administrative shares between themselves and they able to ping on servers. The servers can't ping computers.
- I removed AV software (no software blocking connection);
- I can connect (RDP) to computers from the servers normally (no problems with ACL's or Routes);
- Computers can access shares normally on servers (including administrative shares - no problems, again routes are ok);
- The permissions are fine.

Do you the any ideas?



So, I did a basic test as suggested, the connection was blocked by McAfee HIPS. I uninstalled that software and the problem was solved.



Did you do basic troubleshooting? That would start with
telnet client01 445



So, I did a basic test as suggested, the connection was blocked by McAfee HIPS. I uninstalled that software and the problem was solved.



The solution was removing McAfee HIPS, after that the problem was gone.





Network Connection Script

Network Connection Script

Hi, I would like to write a Wireless Network Connection Script so that by hitting a couple of keys, I could activate/dis-activate the wireless connection using the program AutoHotkeys. Can someone help me with this? Thanks



Here's a one-click/two-click technique that I use. Although I'm a big fan of AutoHotkey, it's not needed in this situation.

First, make a shortcut as follows:
Control Panel
Network and Sharing Center
Change adapter settings
Right-click on your wireless adapter and click Create Shortcut

It will say that Windows can't create a shortcut here and will ask if you want the shortcut on the desktop instead — click Yes.

That shortcut will act as an enable/disable toggle for your wireless connection. If the wireless is disabled, a single left-click on the shortcut will enable the wireless; if the wireless is enabled, a right-click will give you a context menu with a Disable option. In other words, one mouse click (a left) on the shortcut will enable wireless; two mouse clicks (a right and a left) on the shortcut will disable wireless.

You may place the shortcut wherever you want, such as the Start menu and/or the Desktop; and/or pin it to the taskbar. Regards, Joe



Here's a one-click/two-click technique that I use. Although I'm a big fan of AutoHotkey, it's not needed in this situation.

First, make a shortcut as follows:
Control Panel
Network and Sharing Center
Change adapter settings
Right-click on your wireless adapter and click Create Shortcut

It will say that Windows can't create a shortcut here and will ask if you want the shortcut on the desktop instead — click Yes.

That shortcut will act as an enable/disable toggle for your wireless connection. If the wireless is disabled, a single left-click on the shortcut will enable the wireless; if the wireless is enabled, a right-click will give you a context menu with a Disable option. In other words, one mouse click (a left) on the shortcut will enable wireless; two mouse clicks (a right and a left) on the shortcut will disable wireless.

You may place the shortcut wherever you want, such as the Start menu and/or the Desktop; and/or pin it to the taskbar. Regards, Joe



I followed your instructions to a t and unfortunately, it doesn't work for me. I see the shortcut on the start menu and when I click on the trackpad on the left or the right, I see a little box on the screen saying that it is enabling it but I don't see one that says disabling. However, I just noticed that I can go to Wireless Network Connection and it says Disabled but I'm still connected to the net. So apparently it does not disable the connection.



Hmmm, works perfectly here — it's a technique I've been using for many years on lots of laptops, with different versions of Windows and different wireless adapters.

To be clear, when I left-click on the shortcut, I see this:



I use a trackpad on an HP ENVY 15t. Let me go back and re-do it and I'll show u what I get.



I use the touchpad on two different HP EliteBook models (both with W7 Pro 64-bit) and they work fine. I'll be very surprised if your HP ENVY doesn't.

Windows Small Business Server 2003

Windows Small Business Server 2003

Reinstalled Windows Small Business Server 2003, which now has a wireless router. when we enter http://SERVER/ConnectComputer, we receive "unable to display page, or check "URL, cannot be found or is not available.

Should we assign IPs to each work station before attemting to have them join the domain?



You are going to have to have IP addresses on any device that you want to communicate with the server. That also includes the server.



You are going to have to have IP addresses on any device that you want to communicate with the server. That also includes the server.



I assume you have set up the wireless router to issue IPs Via DCHP ?

If so then you need to make sure that the DHCP on the router is set to give out valid IPs and subnet masks for your networks AND that it is issuing the IP of the SBS server as the DNS server.



Yes, make sure to assign a static ip to your server. Also you can configure a dhcp scope on your wireless router to assign ip's to your workstations. Make sure they are all on the same subnet.



In an SBS network you definitely want the SBS Server to handle DHCP and be the ONLY DNS for the clients. If you do not do this, you will break the local resolution that the SBS will expect and you WILL have mystery issues running the wizards down the line.



Should we assign IPs to each work station before attemting to have them join the domain?
no do not manually config IP's for each workstation this should be handled by the SBS2003 server. On the wireless router turn off DHCP.

Windows 8.1 Wireless with Realtek RTL8188CU USB wireless

Windows 8.1 Wireless with Realtek RTL8188CU USB wireless

I have two routers:WRT54GL with standard Linksys firmware on 2.4GHz channel 9
Belkin Play Max / N600 HD F7D4301/F7D8301) v1 on 2.4GHz channel 2 (plus it has 5GHz active)
Using WPA2-Personal on both.

Both the routers seem to be working fine and I'm able to connect devices to them.

Except, a Windows 8.1 desktop with a Realtek RTL8188CU USB wireless interface:WILL connect to the Linksys router wireless just fine
but it won't connect to the Belkin router wireless at all.
The passphrases are different but, as above, I can connect other devices to the Belkin wireless.

The Windows 8.1 "Set up a new connection or network" / "Set up a new network" is supposed to show a list of wireless routers but it shows NOTHING even after giving it some time to populate the list (90 seconds is recommended).
So, it doesn't even show the one that works!

The purpose of the wireless interface is to test wireless routers. This isn't a good situation.



My built-in Intel Wi-Fi card in my X230 Windows 8.1 laptop. works with any modern Wi-Fi router I have tried (Lots), so this is not a Windows 8.1 issue.

It is reasonably possible that that your USB card is not compatible with the Belkin router. That has happened before and is likely the reason here. Try a different USB wireless adapter.



My built-in Intel Wi-Fi card in my X230 Windows 8.1 laptop. works with any modern Wi-Fi router I have tried (Lots), so this is not a Windows 8.1 issue.

It is reasonably possible that that your USB card is not compatible with the Belkin router. That has happened before and is likely the reason here. Try a different USB wireless adapter.



John: Thanks! That was it it seems...



Thanks Fred and I was happy to help.





Sysvol and Netlogin Shares

Sysvol and Netlogin Shares

I've been following all the discussion regarding the recent MS15-011 patch that was released. In the KB it discusses at a minimum users should harden NETLOGIN and SYSVOL. Can someone explain what these shares are used for and why Microsoft recommends those be hardened at a minimum. I have an idea, but as a Unix person I'd like to understand their use a little better.



Hi credog,

SYSVOL is an NTFS share on all domain controllers and contains two Essential folders for active directory, Scripts and Policies.
The policies folder contains a copy of all the group policies that are defined in the domain
Scripts is the logon scripts for all the domain users.

Netlogon is the share name of the scripts folder.

Regards

Guy



Hi credog,

SYSVOL is an NTFS share on all domain controllers and contains two Essential folders for active directory, Scripts and Policies.
The policies folder contains a copy of all the group policies that are defined in the domain
Scripts is the logon scripts for all the domain users.

Netlogon is the share name of the scripts folder.

Regards

Guy



Do not harden default security of these TWO folders

These TWO folders created by AD by default
http://social.technet.microsoft.com/wiki/contents/articles/8548.sysvol-and-netlogon-share-importance-in-active-directory.aspx

If you make any changes to security of these folders, it might be possible that nobody will get GPOs

Further more to restore there default security is complex task
https://social.technet.microsoft.com/Forums/windowsserver/en-US/d54c2e41-f827-4db3-8956-1b3d15f5a076/want-to-modify-sysvol-and-netlogon-share-permissions



Microsofts recommended hardening of the share is just making sure domain users only have read access.
Because the vulnerability the MS15-011 patch fixes can enable someone on a remote network unrestricted access to a domain computer, if they could access these shares they could take an entire domain down.

I think Mahesh jumped the gun on you actually stating you were going to do it.



Thanks for the explanation. I guess I'm a little confused though. With the new patch (MS15-011), Microsoft recommends at a minimum hardening the two shares. Are you guys recommending against that? It seems that at long as the systems have gotten the patch, that pushing that change out to domain computers would be a good idea.


Value name Value
\*NETLOGON RequireMutualAuthentication=1, RequireIntegrity=1
\*SYSVOL RequireMutualAuthentication=1, RequireIntegrity=1



No, I'm not recommending against it, I think its a good thing to enable mutual auth,
When I say "making sure domain users only have access" i should have worded "making sure only domain users have access"

Mutual authentication is the best method for this, as the server and guest have to be able to verify each other without swapping information prior to any traffic being sent.

If someone had control of a domain workstation, they would not be able to impersonate a domain user in this way.

I think Mahesh was thinking along the lines of NTFS permissions hardening, or security tab where you assign user access permissions, which can be a big balls up if incorrectly configured.

server keeps displaying "We couldn't complete the updates Undoing
changes..."

server keeps displaying "We couldn't complete the updates Undoing changes..."

I can't boot the Windows 2012 R2 guest OS after an Windows update. I got this message: WE COULDN’T COMPLETE THE UPDATES. UNDOING CHANGES... It will last for ever.

I've tried to disable secure boot, reboot, etc. Unfortunately it didn't work. I can't go in safe mode.

Thanks



The faulty update (KB3000850) has been uninstalled (CMD)

I used DISM.

dism /image:C: /get-packages

dism /image:C: /remove-package/PackageName:Package_for_KB3000850~31bf...

It worked. I think another update must be installed before installing this one. Otherwise Windows wikk keep booting for ever.



The faulty update (KB3000850) has been uninstalled (CMD)

I used DISM.

dism /image:C: /get-packages

dism /image:C: /remove-package/PackageName:Package_for_KB3000850~31bf...

It worked. I think another update must be installed before installing this one. Otherwise Windows wikk keep booting for ever.



This is the solution I found.







Reinstall Win 8 on Toshiba laptop from copied Recovery partition

Reinstall Win 8 on Toshiba laptop from copied Recovery partition

I am working on a Toshiba Satellite laptop that had a hard drive failure on the main partition. I was able to recreate the partitions on a new hard drive (using diskpart) as they existed on the original drive. I was able to copy the 8G Recovery partition (last partition) to the new drive using Easeus Partition Manager. My assumption was that I should be able to reinstall Windows from that partition, but have not been successful at doing so.

I have booted a Windows 8 installation disk and tried to do the Reset. I get the message: Unable to rest your PC. A required drive partition is missing". I have doublechecked and the Restore partition and it appears to have a complete collection of files on it and it is listed as a Recovery partition, both in the label and in the partition type.

I have held down the 0 key when turning the system on, but that appears to have no effect.

I have held down F12 when turning the system on and it gives me some choices on physical boot devices (ODD, HDD, USB, etc.) but nothing about the Recovery.

The client never made the Recovery Disks and I don't have any similar computers around from which to make such disks.

I'd like to be able to do the reinstallation without the time and expense of ordering the disks from Toshiba. Is there a reasonable alternative?



Have you tried pressing F8 to see if it takes you to the recovery partition ?



Have you tried pressing F8 to see if it takes you to the recovery partition ?



Holding F8 or Fn-F8 as I turn power on seems to make no difference. It tries to boot from the DVD.



If there was a disk failure, it is likely that also the recovery partition was affected. So if after that you copied it you also copied the errors it contained.

I'm afraid you will have to order the recovery media from Toshiba.



The recovery disks would be filled up with preinstalled stuff you normally wouldn't even want.
It is desirable to have a clean system with just the drivers. So download the windows ISO and most probably, your serail number will be picked up automatically from the UEFI firmware.
Instructions for OEM systems: http://www.eightforums.com/tutorials/18309-windows-8-windows-8-1-iso-download-create.html#option1



It is very easy to uninstall those programs you don't need after you have done a factory restore. If you do a normal installation, chances are that you forget things that may be needed, and then not everything will run as it is supposed to. Troubleshooting things like that usually takes more time than doing a factory restore then removing just those things you don't want.

SBS2011 to Windows 2012 R2 DC & WIndows 2012 R2 with Exchange 2013

SBS2011 to Windows 2012 R2 DC & WIndows 2012 R2 with Exchange 2013

I'm about to start a project/migration from SBS2011 to Windows 2012 Std , this will be the first SBS2011 to Win2012 I've done.

I've previous completed EX2003 to EX2010 many times, but on from an SBS Server.

Project Outline:
From SBS2011
To 1x Windows 2012 R2 DC, 1xWindows 2012 with Exchange 2013, 1x Windows 2012 Memberserver

Does anyone have any step by step articles which will help?



This is a very good TechNet based article on the process, if you've been through similar don't worry you will be fine. Take image backups before you start just to be sure.

http://blogs.technet.com/b/infratalks/archive/2012/09/07/transition-from-small-business-server-to-standard-windows-server.aspx

Maybe consider putting a second DC onsite? What is this member server? Can it be a DC?



This is a very good TechNet based article on the process, if you've been through similar don't worry you will be fine. Take image backups before you start just to be sure.

http://blogs.technet.com/b/infratalks/archive/2012/09/07/transition-from-small-business-server-to-standard-windows-server.aspx

Maybe consider putting a second DC onsite? What is this member server? Can it be a DC?



See the article below for your reference.
http://blogs.technet.com/b/infratalks/archive/2012/09/07/transition-from-small-business-server-to-standard-windows-server.aspx

Will.



Will im taking pride with 20,000 points in providing the same solution as you here :) GL OP.



Yeah sorry i didn't refresh the page i had it open too long, you beat me to it.:-P

Will.



Thanks ill give this ago. Project doesn't start till next month, but want to see what routes i can take

Upgrading Windows 2003 R2 DFL and FFL to Windows 2008R2 and rollback
plan

Upgrading Windows 2003 R2 DFL and FFL to Windows 2008R2 and rollback plan

Hello Experts,

We are planning to upgrade DFL and FFL from Window Server 2003R2 to Windows Server 2008R2 for our single domain.

We have 8 Windows Server 2008 R2 DCs geographically located in the UK and Japan.
They consist of 7 VMs and 1 Physical server.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Steps to upgrade;

Raise the DFL
Force Replication (repadmin /syncall /Aped)
Raise FFL
Restart the KDC service on all the domain controllers.

---------------------------------------------------------------------------------------------------------------------------------------------------------------
Below are the options I am considering as a rollback plan to Windows 2003 R2 DFL and FFL if we have any serious problems.

1.Before the upgrade I will take a snapshot of all the VMs and if needed revert 1st of all the DC that holds the FSMO roles and then do the remaining DCs

However for the only Physical server I will use the Server Backup tool to take a backup of the systemstate and restore if needed.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

2. Take a systemstate backup using the Server Backup tool within Windows Server 2008 R2 of the Domain controller holding the FSMO roles.

Perform an DSRM authoritative restore of Active Directory for the Domain controller that holds the FSMO roles using the built-in Windows Server backup tool.

On the rest of DC' s use the same procedure but perform a non-authoritative restore of Active Directory.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Any advice/recommendation would be appreciated in regards to rollback plan or problems experienced.



Before the upgrade I will take a snapshot of all the VMs...


never take snapshots of domain controllers; 2012 was the first version that is able to handle that
prior to that, you will cause problems

Never Snapshot a Domain Controller! Here’s Why…
http://windowsitpro.com/blog/never-snapshot-domain-controller-here-s-why



Before the upgrade I will take a snapshot of all the VMs...


never take snapshots of domain controllers; 2012 was the first version that is able to handle that
prior to that, you will cause problems

Never Snapshot a Domain Controller! Here’s Why…
http://windowsitpro.com/blog/never-snapshot-domain-controller-here-s-why



Thanks, Option 1 to take snapshots is a big NO NO!

Option 2 has been revised to the below;

2. Take systemstate backup of the DC with the FSMO roles only
--------------------------------------------------------------------------------------------------
Is there any known issues with RHEL environments that are integrated with Active Directory when upgrading DFL and FFL from Windows 2003R2 to Windows 2008R2?

I have read the krbtgt account password changes and will cause issues when upgrading DFL and FFL to get around this the KDC services will need to be restarted on all Domain Controllers.

Any other advice would be appreciated especially from past experience.



Is there any known issues with RHEL environments that are integrated with Active Directory...


not that i'm aware of
what are you using? samba? IMU?
we used IMU (previously SFU) for our RHEL/CentOS systems and was fine when we upgraded from 2003 to 2008 then 2008 R2



LDAP + Kerberos or Winbind



Have successfully upgraded DFL and FFL from my experience make sure you do the AD health checks and that you meet the pre-requisites.

PowerShell Script to modify session attributes in user objects

PowerShell Script to modify session attributes in user objects

I have a script I have written to modify the '-TsMaxDisconnectionTime' to 15 minutes against a list of users in a csv file. the script runs without any incidents or errors. At the end of my time line and no longer have the time to research... any help would be greatly appreciated...

Import-Module ActiveDirectory

Add-PSSnapin Quest.ActiveRoles.ADManagement

$users = import-csv C:tempgisuserscfw.csv | ForEach-Object {Get-QADUser -SamAccountName $_.SamAccountName}
{
Set-QADUser -Identity $User -TsMaxDisconnectionTime "00:15"
}



So what is the question? You said it runs with no errors?



So what is the question? You said it runs with no errors?



Sorry... it runs with no errors but dosent make the change... when I run it per user it correctly changes the attribute to 15 minutes... it has something to do with the way I am calling the csv file...



This will work. You just have to make sure your CSV file has a Column Header named SamAccountName



I do have the header named 'SamAccountName' here is the error it returns... I also insured that I do have the actual username aka SamAccountName in the csv file.


Set-QADUser : Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))
At line:3 char:64
+ $Users = Import-Csv C:tempgisuserscfw.csv | ForEach-Object { Set-QADUser -Iden ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-QADUser], COMException
+ FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.SetUserCmdlet



Anti Virus

Anti Virus

Hi,

I'm looking real time scanner/Anti virus/application for my 2 Windows VPS.

users upload files/folders several times in a week, sometimes it contains virus, Malware, suspicious text, shell scripting, which is dangerous for others users.

so any anti virus which available which auto scan file/folders when anybody upload files and infected files put in trash/quarantine etc ?

Both OS are 2003 & 2008 Server.

BR
Javaid



At the university where I work at we use MS Forefront Endpoint, it should do what you are looking for. This is the commercial version of MS security Essentials but is designed for a commercial environment such as using on servers etc.



At the university where I work at we use MS Forefront Endpoint, it should do what you are looking for. This is the commercial version of MS security Essentials but is designed for a commercial environment such as using on servers etc.



Forefront is great. I don't suggest going for a free app for your servers. Comodo Endpoint is great too (I use them). Malwarebytes Pro will also do the trick and the cost is a very low price for lifetime.



There are tons of AV apps to chose from. If you want a free one, I suggest Microsoft Essentials which is a free download from Microsoft. It works well.

There are many AV reviews online. My biggest concern with AV products is the accuracy in identifying spyware, attacks and real time protection.

Here is a link to many apps in a review. Take a look and make a decision.

http://www.pcmag.com/products/25442



The problem with asking the AV question is that you will get as many different opinions as there are people answering your question(as you can already see). Indeed make your own decision using the comparative sites.



try AVAST endpoint-protection-suite

Hyper V from 2008R2 to 2012R2 and vice-versa

Hyper V from 2008R2 to 2012R2 and vice-versa

Hi, I just want to confirm my theory. I have multiple W2008R2 host servers each with multiple virtual machines. As a recovery plan I have copies of all the VMs located on at least one other host in the event of a catastrophe. Now I'm bringing 2012R2 host servers into the mix and have been playing with moving VMs back and forth. I know that you can't move a VM from a 2008R2 host to a 2012R2 host without first importing it into a 2012(non-R2) host and then exporting it again. That works fine even though it is a crazy thing to do. I have been playing with moving a VM from the 2012R2 to a 2008R2 server with no luck. I have tried it with both a 2008 and 2012 VM and I have even re-exported the VM from the 2012 (non-R2) server and all fail. I get the error that it can't find the virtual machine " A server error occurred while attempting to import the virtual machine. Import failed. Import failed. Unable to find virtual machine import files under location
'path' You can import a virtual machine only if you used Hyper-V to create and export it." Since 2012R2 doesn't create a config.xml file when the export is run. I copied a config.xml file from another server image, placed it in the proper location for the new import, tweaked the path within the file and it still did not import. I'm assuming that a VM on a 2012 host cannot move to a 2008 host ... am I correct? My concern here is that I only have one new host server with 2012R2 so I would not be able to export the production VMs to another host in the event of a catastrophe. Your ideas are appreciated.



Simply can't be done. 2012 R2 has VM features that 2008 R2 does not, so the configuration files are not backwards compatible. Moving to 2012 R2 is a one-way trip. Full stop.

Now, just for the record, some people will point out that you can create a new VM and attach the VHD (but not VHDX) and this will *usually* work. But if you've upgraded the integration services (and, of course, you should) then even that isn't safe and comes at no small risk to your data.



Simply can't be done. 2012 R2 has VM features that 2008 R2 does not, so the configuration files are not backwards compatible. Moving to 2012 R2 is a one-way trip. Full stop.

Now, just for the record, some people will point out that you can create a new VM and attach the VHD (but not VHDX) and this will *usually* work. But if you've upgraded the integration services (and, of course, you should) then even that isn't safe and comes at no small risk to your data.



Cliff, thanks for the reply. I figured it was a one way street. On a little side note, in 2008R2 I would make a "template" for all of the OS systems I use as VMs (2008, W7 (64/32)) so when I have to make a new machine I just rename the .vhd files, tweak the .xml files to the "new" computers name and then import it. I then sysprep it and join it to the domain and it is back in business. I'm not having the same success with the 2012R2 host. Any ideas how I can export a basic server (still in the workgroup environment, but up-to-date with MS updates) and export it in a manner that will allow me to import it as a new machine.



Your process should still work. Although if this is going to be a regular event, I'd probably use something like MDT or SCVMM to standardize the process and make it more repeatable.





How to increase system drive from template

How to increase system drive from template

Hi, im building Windows servers from template with C: 50gb, i have a request to build a new server wih 100gb, how do we increase C: size to 100gb from this template before starting he build?



not sure if you can from the template but the process is very easy.

Once you have the vm cloned, just increase the hard disk to 100. Ideally you want one vmdk per drive

then in windows, rescan the hard disks in computer management/Disk Management, right click and rescan.

You should see the extra disk and can just extend the volume.



not sure if you can from the template but the process is very easy.

Once you have the vm cloned, just increase the hard disk to 100. Ideally you want one vmdk per drive

then in windows, rescan the hard disks in computer management/Disk Management, right click and rescan.

You should see the extra disk and can just extend the volume.



I think you will have to create a vm from the template, increase the drive sizes as you see fit, then convert it back to template again.



you could do that, but this is a one off request I assume? I find it better to be conservative on the template, then just increase based on the purpose of the server. We use the same template for all servers, and group policy defines what role it will play. If it is a file server for example, we would allocate more storage as needed



Many thanks all.



Backup Options

Backup Options

Dear Experts,
I am facing a problem I do not have enough knowledge to resolve. I need to purchase a PC that act as a Quickbooks server and a file server. Any good desktop PC should be sufficient. The issue is, the user insists on using something like Dell RD1000 Removable Disk Storage for data backup, where your backup drive stays connected, but you switch the backup media daily. From what I can see, I need to purchase a server to work with RD1000, not a regular desktop. I asked HP, and they also replied that I need to purchase a server. The user does not want to use cloud backup, and wants to be able to make a daily backup, then take the media home with him.
I remember this was simple to do when iOmega Zipdrive was around, but I think that technology is not current anymore.
Purchasing a decent server for him seems like an overkill, and certainly puts us above his budget. Is there another type of backup storage alternative?
Please advise.



Here's info on Robocopy:
http://acidx.net/wordpress/2011/12/data-backups-with-robocopy/

You can always change the drive letter in Disk Management to what you need it to be...usually it should stay the same unless you have something else plugged into another USB port, etc..

More on .bat and Task Scheduler:
http://www.wikihow.com/Write-a-Batch-File

http://www.thewindowsclub.com/how-to-schedule-batch-file-run-automatically-windows-7



If you get Windows 7 or Windows 8 professional, you can use the Windows backup agent to back up to standard external USB drives.

This also has the options for folder backups, and even image-based whole drive backups.

If they just want a functional, inexpensive solution, this should work for them.



USB HDD's are cheap. I'd suggest they use several of these.
The problem with any backup solution which uses removable cartridges is that the only way to restore is to use the same type of backup device. Will they have a backup (spare) of that device?
How can they be sure there backups are working? With USB device it is easy to connect backup to another PC and check it.



Make a scheduled task via Task Schedule that has a Robocopy script (xxx.bat) that will copy data to an external drive daily (incrementally if needed) and you are good to go.

For example:
robocopy D: F: /E /COPYALL /B /XO /R:1 /W:1

Search the web on Task Scheduler and Robocopy - it's fairly easy, it will work for what you need.

-Harp



Dear CorinTack,
Thank you for a prompt response, doesn't your solution only work with one backup media, though?
My user wants to have Monday backup, Tuesday backup, and so on, so he can go home with the media.
Does that mean I should setup up 5 backup jobs for 5 separate external harddrives? I thought Windows 7 and 8 only let me do one set.

Dear akb and Harper McDonald,
Thank you for your suggestions. If I were to use 5 external HDDs for each weekday of the week, and created a backup job, does the destination drive always stay the same? For example, if I use Monday HDD that becomes F drive when I plug in, then remove it to plug in Tuesday HDD, does it become F drive again reliably?
For some reason, I had a problem in the past using USB backup drives, where every once in a while, the drive name changed and caused an error. Having to go through "Safely remove hardware" step was always a problem for the users, also.



Here's info on Robocopy:
http://acidx.net/wordpress/2011/12/data-backups-with-robocopy/

You can always change the drive letter in Disk Management to what you need it to be...usually it should stay the same unless you have something else plugged into another USB port, etc..

More on .bat and Task Scheduler:
http://www.wikihow.com/Write-a-Batch-File

http://www.thewindowsclub.com/how-to-schedule-batch-file-run-automatically-windows-7

SBS 2008 - More that 75 Users

SBS 2008 - More that 75 Users

We have a SBS Server 2008 and out user count has been increasing. Our PCs are not joined to the domain but the users do connect via outlook to exchange and also connect to shared folders.
Are there any implications it we have more than 75 users loaded on SBS Server 2008?



The 75 users limit isn't really a technical limitation in SBS 2008 as it doesn't really have the ability to track CALs. Do you recall ever having to install additional CALs you purchase with SBS 2008? :)

If you are currently exceeding the 75 users limit though, you are violating the licensing agreement. This means will most likely incur fines and get into some legal trouble should an auditor come knocking on your door tomorrow.

To comply with Microsoft's licensing terms, you will need to look at moving to a full blown Server 2012 R2 environment with a separate Exchange server, file server, DC, etc.

The days of an all-in-one solution such as SBS are over.



The 75 users limit isn't really a technical limitation in SBS 2008 as it doesn't really have the ability to track CALs. Do you recall ever having to install additional CALs you purchase with SBS 2008? :)

If you are currently exceeding the 75 users limit though, you are violating the licensing agreement. This means will most likely incur fines and get into some legal trouble should an auditor come knocking on your door tomorrow.

To comply with Microsoft's licensing terms, you will need to look at moving to a full blown Server 2012 R2 environment with a separate Exchange server, file server, DC, etc.

The days of an all-in-one solution such as SBS are over.









Windows 8.1 Login in to a 2008 server domain login in with temp profie

Windows 8.1 Login in to a 2008 server domain login in with temp profie

User profile keeps login in with a temporary file - i have reset the keys on registry and it comes back to the same-
it should login to a Windows 2012 server DC profile - i have reset -rejoined the PC to the domain- other profiles log on just fine
Profile size is 30 gb


Please advice



These are some steps to follow in the event it is not a corrupted profile http://www.sysprobs.com/fix-temporary-profile-windows-7 but if you have tried this already then it is usually an indication of a bad profile--best way to deal with it is to create a new profile. To do this reboot the PC, then if you are using roaming profiles rename the roaming profile folder on the server (do this before logging on again). Then logon to the PC with an admin user other than the user with the profile problem; then go to c:users and rename that user's folder something like c:usersuser.bad. Then reboot the PC again and then logon as the user and let a new profile be created.



These are some steps to follow in the event it is not a corrupted profile http://www.sysprobs.com/fix-temporary-profile-windows-7 but if you have tried this already then it is usually an indication of a bad profile--best way to deal with it is to create a new profile. To do this reboot the PC, then if you are using roaming profiles rename the roaming profile folder on the server (do this before logging on again). Then logon to the PC with an admin user other than the user with the profile problem; then go to c:users and rename that user's folder something like c:usersuser.bad. Then reboot the PC again and then logon as the user and let a new profile be created.



If you're using roaming profiles, then this is often a problem with the permissions to the roaming profile share or user's folder on the server. Share permissions to the top-level shared folder have to be at least Modify, and NTFS permissions to the user's individual folder need to be Full. Also, make sure that the user's .V2 profile folder exists before trying to log on.







chrome extension reload on 3 browser tabs slows my computer. Is there a
tool that uses less cpu?

chrome extension reload on 3 browser tabs slows my computer. Is there a tool that uses less cpu?

I am using this tool to show activity on a website I am logged onto
I used another extension for chrome on another computer, but did not do a full test

Lightweight; maybe 'reload' has ads or tracking



which extension are you using exactly



which extension are you using exactly



When I looked up your answer, I realized that the product is no longer supported so I deleted.
I remember there were options to use reload 'with some helpful ads'

Now I just do manual reload extension which 1 click will work on many pages.

Thanks.







Some icons not clickable in the task bar

Some icons not clickable in the task bar

The problem is that when I minimize my applications to the task bar I cannot un minimize the application from the task bar. Some icon I can but not all. Reboot only fixes the problem for some minutes to hours. I have deleted my profile and reimage my pc. The problem comes back. This is a domain enviroment, windows 7 workstation. The video drivers are updated. any suggestions.



Try this right click on the task bar and select "Cascade Windows" to force all windows onscreen.

And also try hold [Windows KEY] + [Shift] then press the [Left arrow] key 2 or 3 times. If that doesn't work try again with the right arrow key instead.



Try this right click on the task bar and select "Cascade Windows" to force all windows onscreen.

And also try hold [Windows KEY] + [Shift] then press the [Left arrow] key 2 or 3 times. If that doesn't work try again with the right arrow key instead.



Question:Are these machines connected to multiple monitors? If so, Roshan's second suggestion will work to get the windows back to your active screen if now only using a single monitor. This can sometimes happen when a machine has two monitors and then the device is disconnected from the second monitor. The PC thinks two monitors are connected, either because of a manual setting to extend desktops or because of a resize/resolution issue, and sometimes Video Drivers. When this occurs, the PC thinks two monitors are present and auto-opens a program to the last used monitor. If the second monitor is no longer connected but the PC is still set to extend, this will be your issue.

I have learned to always move all windows from my second third and forth monitors back to my primary display before logging off or closing programs on those screens.



What I just found out is that if I have two of the same applications minimized to the task bar, when I click on the minimized application, the application will not open or preview. When this happen the work around is to right click the task bar>properties>taskbar buttons>select never combine. Yes I am running two monitors and they both work. I have even changed the home screen and resolution and still a no go. Just the solution previous solution works.



Even when I try the solutions above, I can get the windows back but when I minimize the windows the icons go back to a frozen state. The issue will be at the taskbar. Any more suggestions. The work around that I have explained in my previous comment works the best. But I still need the taskbar button fixed. Reimage did not work. Is it a windows update like a .net framework security patch?



I do not have any further suggestions except perhaps it is related to the Aero desktop settings? This is a long shot but perhaps disabling and re-enabling the Aero desktop will work?

SCCM 2012 R2 Windows 7 "Set Network Location"

SCCM 2012 R2 Windows 7 "Set Network Location"

I create a image from Windows 7 Ent x64 DVD. Everything is working fine but at first network login the "Set Network Location" pop up.
On the Network and Sharing Center the Computer is in Domain Network. I attached picture of both windows.
How can I avoid this pop up? I am testing in a VMware machine



use oobe

https://technet.microsoft.com/en-us/library/cc749283(v=ws.10).aspx



Home



use oobe

https://technet.microsoft.com/en-us/library/cc749283(v=ws.10).aspx



Home



I already have this oobe:


true
Work
1


Any other option, and thanks for your help.



or create setupcomplete.cmd
in

%WINDIR%SetupScriptsSetupComplete.cmd

and add that

reg add "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionNetworkListNewNetworks" /v NetworkList /t REG_MULTI_SZ /d 00000000 /f



I add the Command line to the task sequence.



VB Script ,Shell Scripting ,Windows Batch Scripting

VB Script ,Shell Scripting ,Windows Batch Scripting

Hi experts

I have about 300 folders, inside each folder has few mix files exe / pdf/ and some file with name BUT NO EXTENSiON . I want to rename those files without NO EXTENSION to doc file
is there batch file can do this task
thanks in advance

this is what did on mine batch but it seemed not working
@ECHO OFF
PUSHD .
FOR /R %%d IN (.) DO (
cd "%%d"
IF EXIST *.* (
REN *.* *.jpg
)
)
POPD



Your code and the description are not fitting together that much, but from what I read:



Your code and the description are not fitting together that much, but from what I read:



That Qlemo too quick again! Aside from the fact I was about to use %%a the same... you should be good to go except I think you will also need "tokens=*" in case of filenames or dirs with spaces in:



hi Steve

your code is working , can i ask you why it tried ran through C drive.

for instance the folderfiles is on c:new . is there a way when run your bat it just go to c:new and that's it. i saw it running through program files/windows, look like complete c drive
secondly, there showing something file too long name so if my files has too long name, will it work?
many thanks in advance



It should work down from the current directory, you can change to that first, or use the line cd /d "c:new" to move there first.

Alternatively you can add the path as part of the dir, i.e.



steve

cd /d "c:start dir" ? do i need to change it to cd /d "c:new dir"

because the folder is on c:new

thanks in advance

Event Log Errors

Event Log Errors

In the last 24hrs, my event logs are showing the following error:
"Session "Circular Kernel Context Logger" failed to start with the following error: 0xC0000035"

How do I diagnose and remedy this?



Rename this file --> %windir%panthersetup.etl to setup.old

Clear event log to see if it comes backs and reboot. Test



Rename this file --> %windir%panthersetup.etl to setup.old

Clear event log to see if it comes backs and reboot. Test



This is a part of Performance diagnostics. The additional message should be STATUS_OBJECT_NAME_COLLISION.
I t looks like there is duplicate domain security identifier but I think you can ignore this event. Some users tried to do:Renaming file: %windir%panthersetup.etl to setup.old and reboot.







Win8 Tablet: Get to troubleshooting menu from boot.

Win8 Tablet: Get to troubleshooting menu from boot.

I have a Windows 8 tablet. Model: Hexa BlueM. I cannot remember the password, so I want to reset to factory. How do I get to the reset (Troubleshooting, advanced boot options) screen at boot?

Thanks,
mug



From the logon screen, left-click on the icon in the lower-right corner. Hold Shift down and click on Restart.

You can also get there from a boot DVD, but this above method may be easier.

If the lost password is really the only issue, there may be better ways to deal with it. Is it a local password or a Microsoft account?



From the logon screen, left-click on the icon in the lower-right corner. Hold Shift down and click on Restart.

You can also get there from a boot DVD, but this above method may be easier.

If the lost password is really the only issue, there may be better ways to deal with it. Is it a local password or a Microsoft account?



That works perfectly. Thank you.
It is a local password. Let me know if you have a fix.

mug



This is a clever process that will allow you to reset it:http://pcsupport.about.com/od/windows-8/a/reset-password-windows-8.htm

The basic trick is to replace the file that runs from the logon screen when you click on the Ease of Access icon with cmd.exe. Running it will bring you to a prompt where you are able to change your password.



This worked to get to the Troubleshooting menu, however none of the options worked with this tablet. After selecting any of the options, it would go to another window either with two blank, unclickable buttons (reset the OS), or it would go to a blue screen with nothing but the username and a green dot. No options on either menu.



The clever trick above works well on a PC, but there is no keyboard on this tablet and I cannot boot to cmd prompt, nor can I boot from bootdisk.

is it possible to hide to prevent a non administrator user from typing
a path in windows explorer?

is it possible to hide to prevent a non administrator user from typing a path in windows explorer?

is there a way in the registry to prevent a user from typing say c:program files or c:windows
in the address bar?
if so how can this be done?
Thanks!



Here is another EE question for the same thing.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_23863918.html



Here is another EE question for the same thing.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_23863918.html



...but there will still be other ways like portable 3rd Party Explorers (total commander, for example). So this will only be "security by obscurity".



so there isn't a way for a specific user to prevent it? I'm able to do it system wide.



MLGPOs can be set for single users and restrict that, yes. But as mentioned, they can be easily circumvented, as they only work for explorer.exe, not for other explorer-like tools like total commander.



here is a working solution for any that are interested.
prevents them from typing anything in address bar but allows administrators to do so.
http://www.sevenforums.com/tutorials/87750-run-command-enable-disable.html

File created/modified audit settings with EventLog in C++

File created/modified audit settings with EventLog in C++

Hello Experts,

I want to write a C++ program for setting audit property settings.

I know we can audit file access EventLog like followings,

https://blogs.manageengine.com/it-security/eventloganalyzer/2012/06/20/object-access-auditing-simplified-find-the-who-what-where-when-of-file-folder-access.html

We have to set "Audit object access" to true in local security policy and set audit property to true of target folders manually.
I want to know how to set audit property of target folders(Folder->Property->Security->Advanced->Auditing->Create files / write data to TRUE) by C++ program.

Any idea welcome.

Nobuo Miwa



First of all - be aware that you are delving into heavy stuff here.

You can do that using 'AddAuditAccessAce()' (https://msdn.microsoft.com/en-us/library/windows/desktop/aa374973%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396). Unfortunately, there isn't much sample code out there, but surprisingly there's an MSDN entry about a bugfix that comes with code illustrating how to use it, see http://support.microsoft.com/kb/274432/en-us



First of all - be aware that you are delving into heavy stuff here.

You can do that using 'AddAuditAccessAce()' (https://msdn.microsoft.com/en-us/library/windows/desktop/aa374973%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396). Unfortunately, there isn't much sample code out there, but surprisingly there's an MSDN entry about a bugfix that comes with code illustrating how to use it, see http://support.microsoft.com/kb/274432/en-us



Thanks for the advice.
I will try this.



Thank you and good luck! ;o)





Run TASK scheduler on demand

Run TASK scheduler on demand

Hello,
I created a script to run a task already defined in task scheduler on demand. I would like to use VBScript as I can compile to an exe and encrypt the id and password. Any help would be great. Thanks
Script:set objShell = CreateObject("WScript.Shell")
objShell.run "cmd.exe /C ""SCHTASKS /Run /S servername /U halcyonuswername /P password" & " /I" & " /TN" & " ExportsBank of eden (qqq) file Export"""

Thank you for your help



My two second google search;
http://stackoverflow.com/questions/6984710/is-there-a-method-to-encrypt-passwords-stored-in-a-vbs



My two second google search;
http://stackoverflow.com/questions/6984710/is-there-a-method-to-encrypt-passwords-stored-in-a-vbs



Thank you for the password info, but I am more interested in finding out why does the code I posted is not working.



BTW, it works from the command prompt if I type the following:SCHTASKS /Run /S servername /U halcyonusername /P password /I /TN "ExportsBank of eden (qqq) file Export"



Ahh, I must have read it wrong.
Have you tried replacing the " with ( ) or '



So, What is the error you are getting?
You compile it to exe right, then execute it and what happens?

windows: bat file to 'tail' last 50 lines of a file

windows: bat file to 'tail' last 50 lines of a file

Hi Experts,

How can I keep only the 50 last lines of a file (maximum, could be less if file is small) and output those to a new file?
It can't have any 3rd party help, since this needs to happen on many servers of which I am not admin.

Thanks very much.
W.



Powershell v2:



Powershell v2:



Try if this is fast enough:



You could try this batch file



This is my way of doing TAIL in batch.... this one is bit like last two but uses FIND command to count lines then show last 50 using more, if lines <50 then show whole file... saves looping through the file a line at a time with batch... save it as tail.cmd for instance:
http://scripts.dragon-it.co.uk/links/batch-bottom-footer-lines



Thanks all of you.
Can you make it happen that the tail.cmd is called from another script with the filename as parameter?

Dell Win8.1 Recovery Disk Validation Test

Dell Win8.1 Recovery Disk Validation Test

I have a new Dell laptop running Win8.1 and they have added their own branded backup/recovery tools.

They have a process to create Recovery Disks, but I had an issue so searched the web for fixes and found TWO huge major issues everyone seems to have with Dell Recovery Disks:
1. The Create Disk process doesn't work. Mine used 2 DVDs, said it completed, but I have serious doubts.

2. When actually needed, the recovery disks don't recover. You are hosed at the worst possible time to be hosed.

Is there a way to test the validity of recovery disks you built to be viable and complete now when system is secure and safe, instread of relying on them, using them, having them fail, and no longer being able to create recovery disks.

I have not applied the Win8.1 Pro Pak, but will.

I have looked a little, but doesn't he OS itself have usable tools for this?



>> Is there a way to test the validity of recovery disks you built to be viable << put in another disk of the same size, and run the recovery DVD's

i mean, even if a test "validates" the dvd's - are you sure it will work?



>> Is there a way to test the validity of recovery disks you built to be viable << put in another disk of the same size, and run the recovery DVD's

i mean, even if a test "validates" the dvd's - are you sure it will work?



The only test I'm aware of is to have the recovery software read the disks and actually apply files back to restore system to a viable, minimal, earlier state - provided disks were built correctly. This is possibly too late if the disks are bad or incomplete.

I'll contact he vendor see if they can provide a net set of directories/files and sizes maybe I can compare to my disks.



that's what i said, but on ANOTHER disk drive, so you don't loose anything



That just proves the created recover disks create same disks - doesn't prove either set works. I can put the DVDs in another machine and browse the contents. But I don't know if I have 3000 files in 10 folders or are supposed to have 3005 files in 11 folders.

Where is my personal "crash and burn" pc when I need it.



i don't understand you; if it creates the same HDD, it does work imo, since that's what it's supposed to do.
what else do you expect from it?

>> Where is my personal "crash and burn" pc when I need it. << what do you mean??

What are the ramifications of removing a Windows PKI?

What are the ramifications of removing a Windows PKI?

I inherited a Windows domain with a PKI configured. To the best I can determine, it appears it was set up with the goal of enabling encryption on a file server but that it was never enforced and that file server has since been replaced.

I'd like to remove the PKI because it doesn't appear that we're using it and it's messing up some third party certs installed on a couple of domain controllers used for LDAP authentication for cloud services.

What possible/likely consequences are there of removing it (assuming that I follow the articles for removing it)?



If some form of PKI services are installed, it may be running Cert authority services or used to issue cert to other station or server, good to make this is not the intent and the server is not having a CA role. The certificate store will be archiving all certificate and it is good to backup all including private key in case there is need for them due to EFS or other services unknown at the point of removal. Of course ideally it is to clone another HDD before changes make and safekeep for monitoring as backup recovery if need to..also the security log from security event to backup for audit trail...but "PKI" is a big word though for a server may be just part of the PKI ecosystem

In case the below are relevant
How to decommission a Windows enterprise certification authority and remove all related objects



If some form of PKI services are installed, it may be running Cert authority services or used to issue cert to other station or server, good to make this is not the intent and the server is not having a CA role. The certificate store will be archiving all certificate and it is good to backup all including private key in case there is need for them due to EFS or other services unknown at the point of removal. Of course ideally it is to clone another HDD before changes make and safekeep for monitoring as backup recovery if need to..also the security log from security event to backup for audit trail...but "PKI" is a big word though for a server may be just part of the PKI ecosystem

In case the below are relevant
How to decommission a Windows enterprise certification authority and remove all related objects



Thanks, this gives me more of an idea to look for what it may affect.







Share replication

Share replication

I forget the process - but I know you can set up a shared space on a network that is replicated between servers, so if one server goes down, that file or database is still available to the users.

Can anybody point me in the right direction for that?



What you are looking for is DFS (Distributed File System), refer to following links:
https://technet.microsoft.com/en-us/library/cc782417(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb727150.aspx



What you are looking for is DFS (Distributed File System), refer to following links:
https://technet.microsoft.com/en-us/library/cc782417(v=ws.10).aspx
https://msdn.microsoft.com/en-us/library/bb727150.aspx



Thank you - it eluded me for awhile there



I can always count on EXP EXCH for the answers I don't have





Toshiba portege laptop LAN driver not working

Toshiba portege laptop LAN driver not working

I recently installed windows 7 on a Toshiba Portege R930, so far I had download LAN drivers from the Toshiba site but no luck. Can’t someone help? I’ll appreciated



Did this machine come with Windows 7? If not, what did it come with?

Windows 7 and most Windows before and after have built in LAN drivers that have always worked for me.

What does Device Manager say about the LAN card? Is it working?



Did this machine come with Windows 7? If not, what did it come with?

Windows 7 and most Windows before and after have built in LAN drivers that have always worked for me.

What does Device Manager say about the LAN card? Is it working?



That's always been the case with few exceptions, the computer was working well before the system had a problem and I had to reinstall windows. I'm pretty sure this computer came with windows 7. Below is a print of device manager.



Did you install the chipset drivers before anything else and reboot before trying the rest of the drivers? The chipset drivers are always the most important, as everything else depends on that working properly.



Agree, and you should check ALL your drivers because you have WAY too many driver problems.

You need Wireless, Wired, and Bluetooth drivers, possibly Audio (Bluetooth).



And all of those are typical when chipset drivers are missing or incorrect. Although chipset drivers are included to some extend with the OS, an i7 which your PC uses, is much newer than Windows 7 SP1, so the chipset won't be automatically included, that will only be the case for older hardware.

Control panel services vs task manager services

Control panel services vs task manager services

What's the difference between these two management tools? They don't seem to list the same exact services...



One is all services vs. services that ran or are running?



One is all services vs. services that ran or are running?



You can find out how many service you have installed by exporting the services list to a text file then opening this text file into Excel and see the row count.
Right-click services > Export list



They both display the same list of services. However, the column names are not consistent between the two: in Task Manager the "Description" column is the one that matches the "Name" column in services.msc



The services in the control panel shows you all available services, whether they are running or not. You can then change their settings, so they are started, disabled etc at bootup. The task manager only shows those services that are currently running.



Not true - at least on Win8.1 anyway! Task Manager shows all services, you just need to sort by the correct columns

Windows 8.1 update hangs the system requiring hard shutdown to use

Windows 8.1 update hangs the system requiring hard shutdown to use

The issue occurs when the system updates are being installed. The progress bar sticks forever. Need to force shutdown the system to use again.

Looking to remove or disable the install of the failing update. Not sure how to see which one failed or how to removed the update that is pending to be installed now.



To mention also the system is in wonderful heath and is only a few months old and the user treats it well. The system is performing perfectly for all other tasks.

I am hoping there is a way to fix this remotely where getting physical access to the computer is not easy.

Thank you for all help and assistance here. Even if you read and got nothing ... thanks for reading ;)



To mention also the system is in wonderful heath and is only a few months old and the user treats it well. The system is performing perfectly for all other tasks.

I am hoping there is a way to fix this remotely where getting physical access to the computer is not easy.

Thank you for all help and assistance here. Even if you read and got nothing ... thanks for reading ;)



I would start by checking event logs - there may be something in here that points to the problematic update. Other option would be to install each update one at a time until you find the one that causes the issue (very time consuming depending on the number of updates unfortunately).

Running sfc /scannow is also worth a look as it will check the system for any corruption.

Also ensure there's no unnecessary devices connected to the computer during the update.



All great directions. Thank you. Will get back with update on what the logs state and if that fixes it.

Is there a way to clear out the downloaded Windows updates? Like maybe deleting all from "C:WindowsSoftwareDistributionDownload" or something ...



open windows update and view update history. It will display which update failed to install. Sometimes simply retrying works, so that should be the first to try now.



Windows update by default creates restore points. So just use a restore point to go back to before the updates were starting to install. Then change the update setting to not automatically update, but rather to "Check for updates but let me choose to download and install them". After that you can try selecting only one update at a time, or 2. That way it is easier to find out which one fails, and often if they are installed individually, they are more likely not to fail installing.

Besides that, it is often better to wait with the installation of Windows updates for 1 or 2 weeks. The last year or so m$ has had a record of releasing untested and buggy updates which caused rather big problems and which were removed from their update servers after a short period. With the setting I mentioned you can decide for yourself when you want to update.

Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEMCurrentControlSetServicesVSSDiag,...).
hr = 0x80070005, Access is denied. . Eventid 8153

Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEMCurrentControlSetServicesVSSDiag,...). hr = 0x80070005, Access is denied. . Eventid 8153

How do I identify the cause and find the solution to this?

Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEMCurrentControlSetServicesVSSDiag,...). hr = 0x80070005, Access is denied.
.

Operation:Initializing Writer

Context:Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {641bcef8-1cbd-4baa-b391-60642aa9cb5f}



One of the service account is not having access to the registry value mentioned.

Check the detail of this account from the detailed tab of the event log entry, assign modify permission to this account for the registry string. Usually it's always "Network Service"



One of the service account is not having access to the registry value mentioned.

Check the detail of this account from the detailed tab of the event log entry, assign modify permission to this account for the registry string. Usually it's always "Network Service"



Thanks. It was the Network Service







Set up a Home Wireless Network

Set up a Home Wireless Network

Hi, I need some help in creating a Home Network configuration on my Windows 7. I would like to be able to send documents/photos/printing instructions, etc from my iPad Air, iPhone 6 to my computer and visa versa via wireless.
I currently have a wireless network set up (done by Comcast), that enables the laptops or other devises to connect to the web or watch TV wireless via their router but I don’t see how I can use this to for example send a picture from my iPhone to my computer or to instruct the printer to print a document from my iPad.
I’ve looked into setting up a Home Group Network but got totally lost in the process. Can someone give me step by step instructions please? Thanks



I find the best way to share documents with mobile devices is via cloud storage (Google drive or Onedrive) that way documents and photos can be stored in a central location for you to retrieve on your home machine.

For the printing i have an AirPrint/Cloud Printer from HP (HP Officejet 7500a) which allows me to print from my Apple and Android devices directly to the Printer. AirPrint works really well on Apple devices as all that needs to be done to set this up is the printer has to be connected to the same network as the device wanting to print.



I find the best way to share documents with mobile devices is via cloud storage (Google drive or Onedrive) that way documents and photos can be stored in a central location for you to retrieve on your home machine.

For the printing i have an AirPrint/Cloud Printer from HP (HP Officejet 7500a) which allows me to print from my Apple and Android devices directly to the Printer. AirPrint works really well on Apple devices as all that needs to be done to set this up is the printer has to be connected to the same network as the device wanting to print.



Look to see if the wired devices are on the same subnet as the wireless devices.

On a wireless computer, open command and type ipconfig and enter. What is the internal IP address?

On a wired computer, do the same thing. What is the internal IP address?

If both are the same (except for the final octet) e.g. 192.198.1.xxx then connect the printer to the network, give it a static IP on the network. Now add the printer driver to the iPad.

The printer needs to be capable of air printing. My HP 8610 is capable and my iPhone has the HP driver on it for printing. It works fine.



John, I went to run and put ipconfig and a black window with white letters showed up on the screen for a micro second and went away. Tried it several times - got same result.
Roshan, is there a cost for using Google Drive?



No inital costs for Google Drive or One Drive.



You need to open command (cmd.exe) so that a black window open and stays open. Then run ipconfig. Please post the results back here.

What is my network speed? How can I increase it?

What is my network speed? How can I increase it?

Configuration:1 server with 1000 Base T nic card
15 Windows 7 computers with 1000 Base T nic cards
4 XP computers with 100 Base T nic cards
1 router with 100 Base T
48 port 10/10/1000 Base T managed gigabit switch
All are connected by Cat 6 cable

From what I understand - the network will run at the "slowest" nic speed of all devices connected to the 1000 Base T switch

Goal: Have the network running at the max nic speed of each computer.

What are your thoughts?



the network will run at the "slowest" nic speed of all devices connected to the 1000 Base T switch


That's not 100% correct...each device will run at its rated speed...so the 1GB nic's will run at 1GB...the 100Mb nics at 100Mb

So your pc's with 1GB nic's will transfer at that speed to the server - long as both are connected to the gig switch



the network will run at the "slowest" nic speed of all devices connected to the 1000 Base T switch


That's not 100% correct...each device will run at its rated speed...so the 1GB nic's will run at 1GB...the 100Mb nics at 100Mb

So your pc's with 1GB nic's will transfer at that speed to the server - long as both are connected to the gig switch



That was true when we used Hub and not switches.

Each port on a switch is unique pipe and flows are the spend of the nic on the pc provided the switch has a port that matches or greater than.

Check the lights on your switch to make sure they registering the ports at the correct speed most managed switches have lights with different colors to tell you what speed the port is. Thru the GUI of the managed switch it will show you also.



Where's your server connected? To the Gigabit switch or the router?



every device must be using gigabit Ethernet, gigabit Ethernet port, gigabit switch and if compatible enable fat channel



It seems that smckeown777 and trgrassijr55 are on the same page. Yet, nattygreg, has a different opinion.

Which is true:All devices must have gigabit Ethernet nic card
OR
I can have a mixture 100 / 1000 connected to the gigabit switch and each will operate independently at the speed of the nic card in that device?

Corrupt Windows; Am I running Windows 7 Pro or Home?

Corrupt Windows; Am I running Windows 7 Pro or Home?

Seems like a silly question but...

I have a customer whose Windows 7 O/S just died (constant reboot at startup, no safe mode etc.), and on failed startup repair it gives BadPatch as the reason. System restore doesn't work. Looks like it's going to but then at the end it says it failed.

I pulled the drive out and put it in my PC and CHKDSK repaired some minor things (miscalculated space marked as free, etc.). No better though.

There is no sticker on the laptop, as this was apparently downgraded from Windows 8.

The OS is version 6.1.7601.2.1.256.1. Is this enough to tell me if it is pro or home? I can find no info online.



The OS is version 6.1.7601.2.1.256.1. Is this enough to tell me if it is pro or home?


I would say the answer is no.

6.1.760x is Windows 7 or Windows 2008 R2.

The 1 at the end means service pack 1

I am not aware of what the meaning is for the remaining portion is for.



Is this PC tied to a domain? If so it has to be a pro license. Also what brand of PC is this (Dell, HP, Lenovo?) For downgrades they usually don't give you a key and have a disc to install the downgraded version



The OS is version 6.1.7601.2.1.256.1. Is this enough to tell me if it is pro or home?


I would say the answer is no.

6.1.760x is Windows 7 or Windows 2008 R2.

The 1 at the end means service pack 1

I am not aware of what the meaning is for the remaining portion is for.



If it was the free upgrade from Windows 8.x to Windows 7, then that was only available for PC's that came with at least Windows 8.x Pro, and then logically you would also at least upgrade to Windows 7 Pro... For Windows 8.x PC's you didn't have free upgrade rights.



DaveWWW--
Right click Computer|Properties. Near the top It should tell you what version of Win is being used. If SP1 it will say Service Pack two lines down.

Bad Patch at the end of System Repair, is usually not repairable.
Make an image of the disk (in another PC) and try a new hard drive.



So when it's booting and you tap F8 you should have a option to repair computer. Is that a option in your case?

clients computer has virus / spyware. I want to install logmein so I
can access computer because client needs computer back

clients computer has virus / spyware. I want to install logmein so I can access computer because client needs computer back

my computer and clients computer is windows7. Which logmein should I use. Do I need two email accounts or one email account. Please provide download link.



https://secure.logmein.com/products/pro/

Also, in case you need antivirus cleanup links:http://support.kaspersky.com/viruses/utility



https://secure.logmein.com/products/pro/

Also, in case you need antivirus cleanup links:http://support.kaspersky.com/viruses/utility



I don't think LogMeIn has a free version any more. You might be better with TeamViewer.
http://www.teamviewer.com/en/index.aspx



I would be very careful trying to remove this file over a remote connection. Normally a machine should be disconnected from the network and then the removal should be attempted.



Hi rgb192,

Go on this link - LogMeIn Download

And download the first one on the left side, at the top - "LogMeIn host software (Windows)" for Windows 7.

Thanks,
D.



Does logmein have a free version
and what is the link to windows7

or can teamviewer do the same?

computer using WSUS are getting alerts that they have updates

computer using WSUS are getting alerts that they have updates

We recently have computers getting the Windows update alert. When I tried to update a few it fails and states that it is being monitor by the Administrator.
This just recently started happening. As far as I'm aware, computers using WSUS should never get those alerts. Is this correct?

I have a new assistant IT person and I've assigned WSUS to him. My suspicion is he has made a change by mistake.

Where should I look to solve this issue.



Your thinking is flawed. WSUS is a pull not a push process and you've set the Windows update settings to notify, another option is to automatically download and notify for install, or automatically download and install.. These settings are all maintained in Group Policy in the Computer Policy Windows Update settings.

All WSUS does is it allows you to manage which updates are approved for installation and downloads 1 copy (if you have it set this way) for mass distribution to the network. (you can have it set to that updates are not stored locally but downloaded from Microsoft



Your thinking is flawed. WSUS is a pull not a push process and you've set the Windows update settings to notify, another option is to automatically download and notify for install, or automatically download and install.. These settings are all maintained in Group Policy in the Computer Policy Windows Update settings.

All WSUS does is it allows you to manage which updates are approved for installation and downloads 1 copy (if you have it set this way) for mass distribution to the network. (you can have it set to that updates are not stored locally but downloaded from Microsoft



Thanks for the clarification. I'll double check our settings.

Why would updates that do "not" apply to a computer get sent to the computer?



they NEVER get sent to the computer.. sending implies getting PUSHED to the computer and it is a PULL operation .. The client queries the WSUS server for what is available and then downloads them either from MU or WSUS



At the bottom of the message there is a link to check online for updates. That will work as long as you're connected.



At the bottom of the message there is a link to check online for updates you can allow/disallow via group policy this setting

Enterprise Certificate Authority crashed

Enterprise Certificate Authority crashed

i have a windows server 2008 Certificate server that crashed and need to know how to introduce an new cert server in the enterprise without causing any problems. can this be done?



absolutely no problem.

Look at section 6 for removing old CA: http://support.microsoft.com/kb/889250
And just install a new CA besides the old (or chrashed one).
Please do a proper job planning new CA;
https://aaronwalrath.wordpress.com/2010/04/16/install-an-enterprise-certificate-authority-in-windows-2008-r2/
https://www.youtube.com/watch?v=ihhkhldofmU
http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx
https://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx



absolutely no problem.

Look at section 6 for removing old CA: http://support.microsoft.com/kb/889250
And just install a new CA besides the old (or chrashed one).
Please do a proper job planning new CA;
https://aaronwalrath.wordpress.com/2010/04/16/install-an-enterprise-certificate-authority-in-windows-2008-r2/
https://www.youtube.com/watch?v=ihhkhldofmU
http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx
https://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx



I'm assuming this was an Enterprise Root CA??

Do you want clients to be able to use their existing certs? If so, you'll need to treat this as a DR exercise.
http://blogs.technet.com/b/pki/archive/2010/04/20/disaster-recovery-procedures-for-the-active-directory-certificate-services-adcs.aspx

If you don't mind having to reinstall certs everywhere (basically starting your PKI from scratch) just install a new CA, as Jakob said.



thank you guys. my only concern is when i remove these objects from the AD schema will it create an issue before i stand up another cert server?

thanks
John



not at all..... When migrating from 32-bit Win2003 CA server to new 64-bit 2008/2012 I always have at least 2 different Enterprise CA servers in the domain. Absolutely no issues



Thank you guys; the information was most helpful

How to install terminal service on Windows 2012 R2?

How to install terminal service on Windows 2012 R2?

Hi,

I have 2 questions about terminal service on Windows 2012 R2:
1-How to install terminal service on Windows 2012 R2?

2- If we don't purchase a number of licence yet do we have like 120 days to activate it?



Terminal services was renamed "remote desktop services" in the 2008 timeframe.

Run the add roles wizard from server manager. From there, I strongly suggest to choose the "scenario" radio button to deploy remote desktop services. Then complete the wizard.

As for the trial, yes, you have a couple months. But getting CALs and setting that up is best done sooner rather than later. Too many times I've seen people put it off and then hit problems activating the CALs that ends in significant problems, reinstalls, wasted time, and eve data loss.



Terminal services was renamed "remote desktop services" in the 2008 timeframe.

Run the add roles wizard from server manager. From there, I strongly suggest to choose the "scenario" radio button to deploy remote desktop services. Then complete the wizard.

As for the trial, yes, you have a couple months. But getting CALs and setting that up is best done sooner rather than later. Too many times I've seen people put it off and then hit problems activating the CALs that ends in significant problems, reinstalls, wasted time, and eve data loss.



Thanks



This did not answer my question.





Windows FAX and Scan "Forward as an email" is greyed out

Windows FAX and Scan "Forward as an email" is greyed out

Hello Experts,
I want to be able to forward faxes in my Windows FAX and Scan folders as an email, however that button is greyed out. I have not been able to find a solution to this online anywhere. The FAX server is running on a Windows Server 2008R2 and being accessed via Windows fax and scan by a domain admin from another server 2008r2 server. Any help in getting this feature enabled would be helpful.



If you rightclick a FAX and send to mail recipient does that work?



If you rightclick a FAX and send to mail recipient does that work?



Do you have software on the servers that can email, like Outlook? If there isn't a email client like outlook then it can't work.



In order for the SendTo -> Email function to work, you must have an email account setup for that user using either a local client app (Outlook, Eudora, Thunderbird, etc) or a web based client setup which has the option to be set as the default email (Yahoo, for example). Do you?



Thank you for all the responses. Yes, I have Outlook 2007 setup to an Exchange 2003 server running on the same computer that I am attempting to do the forward fax as email task. Right-Clicking on the fax view within the Windows Fax and Scan brings up a context menu and the forward as email selection is greyed out.



To e-mail a scanned document or picture'
Click the Start button , click All Programs, and then click Windows Fax and Scan.
To use Scan view, at the bottom of the left pane, click Scan.
Click the document or picture in the list of scanned files, and then click Forward as E-mail on the toolbar.
n the e-mail message that appears, type the e-mail address for each of your primary recipients in the To box. In the Cc box, type the e-mail address for each of the secondary recipients to whom you want to send a copy of the mail. If you're sending to multiple addresses, you typically need to separate them with semicolons. To see how to add multiple addresses, refer to the Help for the program.

In the Subject box, type the subject of the e-mail message, and then type your message in the body of the e-mail message.

When you're satisfied with your message, click Send.

Source Microsoft
http://windows.microsoft.com/en-au/windows/fax-email-scanned-document#1TC=windows-7

Block USB/C: Drive Access

Block USB/C: Drive Access

Hey guys,

We have some guests using a Desktop here for a few days. I'd like to block all access to the C: drive and any removable media. any suggestions?



Hi both can be manipulated in the local group policy on the machine. Bear in mind this wint effect the administrator account but other guest accounts. This guide is applicable to windows xp aswell as 7.

http://www.howtogeek.com/howto/8035/how-to-restrict-access-to-drive-in-my-computer-on-windows/



Hi both can be manipulated in the local group policy on the machine. Bear in mind this wint effect the administrator account but other guest accounts. This guide is applicable to windows xp aswell as 7.

http://www.howtogeek.com/howto/8035/how-to-restrict-access-to-drive-in-my-computer-on-windows/



Thats a good tip. Now if they typed in Run and then C: they would still be able to access? Also what about usb and the cd drive?



They won't be able to.

USB blocking can also be done via local group policy.

User Configuration >> Policies >> Administrative Templates >> System >> Removable Storage Access



Come back to me with the results and we can proceed with the blocking of the CD drive. But I believe the option to block the CD drive will be included with the options I've stated above.



Why do you want to take on such task when simply enabling guest account will do, they cant install or remove programs through get account, if you are worried about bios settings simply set the password in bios, it becomes inaccessible unless they steal the computer.

Blocking cd n usb will render the computer useless if there are files they need to access from these devices.

but if its only for internet access only then, do what Roshan said the local policy will take care of that.

Network Time Server Settings Used in Domain after FSMO Transfer?

Network Time Server Settings Used in Domain after FSMO Transfer?

I just finished transferring FSMO roles from at 2003 domain controller to a 2012 domain controller. Everything seems to be ok. I am just wondering, do all of the NTP time server source settings migrate to the new FSMO domain controller, or do I need to set this up again?

What are the commands to check what IP address active directory (or is it a particular DC) is pulling NTP updates from?

Thanks



No they don't migrate, you can use w32tm to check for configurations

https://technet.microsoft.com/en-us/library/w32tm.aspx

For example w32tm /query /configuration

Compare what you had on your old PDCe and set the new one.

Thanks

Mike



No they don't migrate, you can use w32tm to check for configurations

https://technet.microsoft.com/en-us/library/w32tm.aspx

For example w32tm /query /configuration

Compare what you had on your old PDCe and set the new one.

Thanks

Mike



If you mean, will the new Domain Controller pull its time from the same place the old DC did, no.

If you're talking about member machines, yes, they should all pull from the new DC.



Running the w32tm /query /configuration on the older server 2003 R2 DC states that the command is not recognized. I vaguely remember having to use some other depreciated command to on the old DC to get this info in the past, but I cant remember what this was. I think it was the Net time command, which I would execute to quickly find out, but there is a caution about running this command on a server that is using Windows Time Service.

Executing the w32tm command on the 2012 DC, displays a bunch of technocratic data that is particularly useful. IE no listing of any NTP servers in the output.

I found the following link, but take a look at the minuscule size of the scroll bar! LOL, I don't want to have to read through that just to find a OS consistent command to list current NTP sources. Argggggle!

Link...
https://technet.microsoft.com/en-us/library/71e76587-28f4-4272-a3d7-7f44ca50c018

Thanks again for your efforts :-)



Ok so I think I figured it out.

I ran the following command on my computer w32tm /query /source and the results show one of the older non PDCEs. Then I log into the new server 2012 PDCE and run the same command and it points to the previous 2003 PDCE, that has since had this role transferred. I then run the following command on it net time /querysntp and it has a list of 4 ntp servers.

Thanks for pointing me in the right direction .



There was an error in this gadget