Category Archives: Windows

Open Windows Firewall Ports for SQL Server

http://blogs.msdn.com/b/jorgepc/archive/2009/08/25/open-firewall-ports-for-sql-server-the-easy-way.aspx @echo ========= SQL Server Ports =================== @echo Enabling SQLServer default instance port 1433 netsh firewall set portopening TCP 1433 “SQLServer” @echo Enabling Dedicated Admin Connection port 1434 netsh firewall set portopening TCP 1434 “SQL Admin Connection” @echo Enabling conventional SQL Server Service Broker port 4022 netsh firewall set portopening TCP 4022 “SQL Service Broker” … Read More »

Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.

Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done. Advanced help for this problem is available on http://support.microsoft.com. Query for “troubleshooting 1202 events”. Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID. This… Read More »

Install an Additional Domain Controller from IFM (Install From Media) in Windows Server 2012

To to add a DC to a domain over a slow link? SYSVOL replication going slow? Use Install From Media instead! Install an Additional Domain Controller from IFM (Install From Media) in Windows Server 2012 Install an Additional Do…er 2012 _ MS Server Pro

Exchange to move marked messages to junk folder

Run the following command via Exchange Management Shell. New-TransportRule -Name ‘SCS MailGuard classified messages moved to Junk Mail’ -Comments ” -Priority ‘0’ -Enabled $true -SubjectMatchesPatterns ‘[BANNED]’,'[SPAMMY’,'[SPAM’ -SetSCL ‘9’ I believe Exchange 2007 will be a minimum requirement.

Exchange 2007 / 2010 Limit Memory Usage

SBS 2011 Exchange Memory Usage Limits with side note for Exchange 2007 / 2010 How to limit Exchange 2010 memory usage

WSUS Best Practices & Cleanup info

Best Practices with Windows Server Update Services 3.0 Geek of All Trades: 6 Tips for 100 Percent WSUS Compliance What to do when your WSUSContent folder grows too large Scripts WSUS Cleanup <- Using adapted version here WSUS Cleanup v2 Script PoshWSUS WSUS: How to change the location where WSUS stores updates locally http://blogs.technet.com/b/sus/archive/2008/05/19/wsus-how-to-change-the-location-where-wsus-stores-updates-locally.aspx wsusutil.exe movecontent… Read More »

Webserver & SSL Hardening – IIS

IIS-Hardening-1-Disable-insecure-Ciphers-and-Hashes I believe that a reboot is required for the configuration to take effect. A reboot is required. May not be required for Windows 2003 / IIS6? Might get away with a “iisreset /restart” Useful links to check before and after applying the registry script. http://www.serversniff.net/sslcheck.php https://www.ssllabs.com/ssltest/analyze.html https://www.nartac.com/Products/IISCrypto

Disable Windows Update Forced Reboots

Registry Method Open Registry Editor and create a DWORD called NoAutoRebootWithLoggedOnUsers under HKEY_LOCAL_MACHINE, SOFTWARE, Policies, Microsoft, Windows, WindowsUpdate and finally AU. The value of NoAutoRebootWithLoggedOnUsers must be set to 1 to enable and 0 to disable. Group Policy Method Open Group Policy editor and navigate through Local Computer Policy, Computer Configuration, Administrative Templates, Windows… Read More »

Registering an Application to a URI Scheme

http://msdn.microsoft.com/en-us/library/aa767914.aspx#prot_sec

.NET Framework repair

Microsoft .NET Framework Repair Tool Version 2 of the Microsoft .NET Framework repair tool is available .NET Framework Setup Verification Tool User’s Guide ASoft .NET Version Detector…

Writable Protected Storage Service for Win7

Old versions of Outlook fail to save passwords when installed on Windows 7. https://sites.google.com/site/simpledotnet/outlook-express-6/writable-protected-storage-service-for-win7 ProtectedStorage.v0.3

Group Policy Debugging

http://support.microsoft.com/kb/325376 How to enable verbose startup, shutdown, logon, and logoff status Message To enable verbose status messages by using Group Policy Object Editor To enable verbose status messages by using Group Policy Object Editor, use the method that is appropriate to your situation: In a domain environment If you are in a domain environment and… Read More »

Show locked Tables, Views etc in Microsoft SQL

SELECT DISTINCT object_name(a.rsc_objid) AS object, a.req_spid, b.loginame FROM master.dbo.syslockinfo a (nolock) JOIN master.dbo.sysprocesses b (nolock) on a.req_spid=b.spid WHERE object_name(a.rsc_objid) IS not null ORDER BY object

Opening up SQL server in the Windows Server 2008 firewall

@echo ========= SQL Server Ports =================== @echo Enabling SQLServer default instance port 1433 netsh firewall set portopening TCP 1433 “SQLServer” @echo Enabling Dedicated Admin Connection port 1434 netsh firewall set portopening TCP 1434 “SQL Admin Connection” @echo Enabling conventional SQL Server Service Broker port 4022 netsh firewall set portopening TCP 4022 “SQL Service Broker” @echo… Read More »

David InfoCenter, Internet Explorer 10 (maybe?) and mailto links

David InfoCenter, Internet Explorer 10 (maybe?) and mailto links resulting in the following window… Windows Internet Explorer Could not perform this operation because the default mail client is not properly installed And once you press Ok, a hundred (or so) iexplorer.exe processes run. Cause I believe missing registry keys in HKEY_LOCAL_MACHINE\Software\Classes\mailto. Attached is a reg… Read More »

Allow users with Local Admin & UAC still have logon script run and successfully map drives.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] “EnableLinkedConnections”=dword:00000001 Computer Configuration -> Preferences -> Windows Settings -> Registry. Create a DWORD with a name EnableLinkedConnections and a value of 1

How to Configure IPv6 Using Group Policy

http://www.expta.com/2009/02/how-to-configure-ipv6-using-group.html

Printing not working on RDP session even though printers are visible in RD session (ie drivers installed and sent with session etc)

Cause: Besides having the role of Terminal Services in Application Mode installed, you also installed the role of a Domain Controller (DC) When a DC is being configured as a TS server, there is a standard warning message which states: “Installing Terminal Services on a Domain Controller is not recommended. Do you want to continue?”… Read More »

No more connections can be made – when joining domain

Check time on DC and workstation is within 5mins 😉 Also… One additional thing I found very handy was the ability to join the domain using a specific server. The best way I found to do this in our situation was with powershell. All systems were Windows 7. Open powershell Type add-computer -? Specifically: “add-computer… Read More »

The Ultimate Guide to SBS 2008 Setup Failures

http://blogs.technet.com/b/sbs/archive/2010/08/03/the-ultimate-guide-to-sbs-2008-setup-failures.aspx

In DNS zone domain.local, your local server is not in the name server records . Migration will fail without fixing this issue. Go to http://support.microsoft.com/kb/2578426 for more details.

Grant Full Access to All Mailboxes in Exchange 2010

Get-MailboxDatabase -identity “[mailbox database name]” | Add-ADPermission -user [username] -AccessRights GenericAll

Your Remote Desktop Services session ended because the remote computer didn’t receive any input from you

http://technet.microsoft.com/en-us/library/ee791886(WS.10).aspx (Not tested as on 21-03-2013 10:35)

Group Policy installation failed error 1274

You’re seeing the dreaded scourge of asynchronous policy processing. It’s not a “feature” (and was default-off in Windows 2000 but default-on in Windows XP and above) and causes exactly what you’re seeing– non-deterministic behavior with processing some types of GPO settings. In a GPO that applies to that computer, add the following setting: Computer Settings Administrative Templates… Read More »

New-ExchangeCertificate Cmdlet Syntax Generator

http://www.tachytelic.net/2010/03/new-exchangecertificate-cmdlet-syntax-generator/