Light

we have configured dhcp server 2008 r2. with 2 scopes (vlan1 & vlan10), in vlan10 have reserved 40 ip addresses, need deny policy other computers try ip address should denied. as scope special computers high bw network, reserved ip addresses, if other user chance connect network, should unable ip address.   indeed, cannot control dhcp policies. dhcp low-level networking operation , know nothing policies. have use hardware level (mac) addresses allow access dhcp. bill Windows Server  >  Windows Server General Forum

hi in company based on necessity provide admin privilege users adding user account local administrators group. found security flaw in that. whoever getting admin privilege adding team members local administrators group without passing information have full privilege on pc. workaround restricted them on accessing local users , groups console. still there lot of other ways including commands.  is there way restrict this? not want misusing admin privilege. shanif salim hi shanif, alternatively, use group policy preferences secure local administrator groups, here article has same request yours, please take , have try following it: how use group policy preferences secure local administrator groups http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/ please note: since web site not hosted microsoft, link may change without notice. microsoft not guarantee accuracy of information. regards, wendy please remember m

my administrative pw has apparently expired. cannot reset because did not copy disc. there options me? hi  you can follow steps on article reset local admin password on server 2008/2012; http://www.kieranlane.com/2012/12/12/resetting-administrator-password-windows-2008/ this posting provided no warranties or guarantees,and confers no rights. best regards burak uğur Windows Server  >  Windows Server General Forum

im working on windows server 2012 standard machine , trying create ip security policy rule, on windows server 2008 block ip address internal lan on machine running rras , dhcp dns, if assign new ip security policy not effect lan server computer please hi, sorry not clear needs. did mean older ipsec policy didn’t work after create new one?  if misunderstood anything, please feel free let me know , appreciate if can provide more detailed information. please pay attention 1 policy can assigned computer @ time. assigning policy automatically unassign assigned policy. in addition, must create mirrored policy on other computer , assign policy computer if want assign computer-to-computer ipsec policy. need use group policy if want assign policy many computers. more information: how block ip address using ipsec how block ip address using ipsec https://www.serverintellect.com/support/windowsserversecurity/ipsec-blockip/ note : microsoft providing information convenience yo

hello, please explain processs 2008 servers update computer certificate internal ca? on 6/10 discovered our 2003 sp2 enterprise internal ca's root cert going expire on 6/16. renewed using same key. since users , computers have been getting updated certs expiration dates year in future. what process 2008 server gets updated cert? have tried rebooting, gpupdate, manaully running "certificateservicesclient" system task nothing happens. have had handful of 2008 servers update im unsure how. our few 2003 servers seemed update whereas few 2008 servers have. thanks help   hello, it better post here:  http://social.technet.microsoft.com/forums/en-us/winserversecurity/threads     this posting provided "as is" no warranties or guarantees , , confers no rights. microsoft student partner 2010 / 2011 microsoft certified professional microsoft certified systems administrator: security microsoft certified systems engineer: security

hello gentlmens, i'm student , have problem cant edit default domain policy "group policy management/forest:test.com/ default domain policy even "default domain controllers policy " cant edit i'm administrator have full rights, messing? please help. define "administrator".... if "domain admin" or "enterpriese admin" sould fine... if local admin on comptuer editing gpo may not have permission gpo. check gpo permissions tab , see if memeber of of group can edit it. hope helps alan burchill (mvp) http://www.grouppolicy.biz @alanburchill Windows Server  >  Group Policy

i had written code works me very well. cls $gname = "depta-users-write-all-user" #gname = "ad.role.depta.users.write.all.user" $ds = new-object ("system.directoryservices.directorysearcher") $ds.filter = "(&(objectclass=group)(name=$gname))" $de = $ds.findone() if ($de -ne $null) { $dn = $de.properties["distinguishedname"] $ds.filter = "(&(objectclass=user)(memberof=$dn))" foreach ($item in $ds.findall()) { echo $item.properties["distinguishedname"] } } now if comment out 2nd line , uncomment 3rd line. code prints nothing... though $gname @ line 3 valid group , has many users.... code fails , prints nothing. i don't understand why code broke. val it: unit=() damn permissions thing. running same code a higher privilege account resolved issue. val it: unit=() Windows Server

hey guys, i'm running get-gporesultantsetofpolicy command against bunch of servers , keep getting following error: get-gpresultantsetofpolicy : resultant set of policy (rsop) report cannot generated user contoso\jason on server066 computer because there no rsop logging data user on computer. because user has never logged onto computer. i'd rather not log each server individually if can avoid it.  know way done?  i've tested wmi queries , psremoting boxes command fails against , worked fine, i'm confident communication working.  there way have work no user or local account?  i'm trying effective computer policy these servers. also i'm aware of gpresult , fallback plan.  i'd prefer keep in powershell if have option. thank in advance. hope helps! jason hi jason, are specifying user account -user switch? haven't used cmdlet myself, way read docs computer policy returned if omit switch. don't retire technet! - (maybe there&#

hi all i have infrastructure running windows server 2012 remote desktop services, working fine. have question regarding licensing structure. we using device cal's , want know if change computer name, uses previous assign device cal or takes new device cal ? asitha hi, no, not issued new per device rds cal after name change.  additionally, old name still show in rd licensing manager. -tp Windows Server  >  Remote Desktop Services (Terminal Services)

hi,  i have question i've been pondering ages never needed perfect until now! it's hanging indents , tabbed lists (i.e. bullet points).  i have paragraph of text hanging indent, underneath still aligned want use bullet points, however... won't let me align actual bullet point margin of hanging indent! either before or after hanging indent margin, if see mean, , therefore looks bit skewed , not in alignment. how how how can align beautifully. tell me hang head in shame if easy have been secretary 18 years , have managed without having this!  any appreciated. thanks,  fp set left indent of bulleted paragraph same value sum of left indent , hanging indent of main text. discrepancy see due spacing of individual characters; depends on font , of character. in screenshot on left, see left margin , hanging indent margin of main text. in screenshot on right, see left margin , hanging indent margin of bulleted text. the left margin of bulleted text in same pos

hi all, i want write powershell script can display me list of queue managers in stopped state. please note using ibm mq's. i know there command dspmq <queue manager name> display status of specific queue manager, want list queue manager status in stopped (ended) state , start them on basis of user input. can tell me script same? hi, have asked ibm if supply powershell cmdlets manage this? if not, i'd start there. don't retire technet! - (don't give yet - 13,225+ strong , growing) Windows Server  >  Windows PowerShell

setup: windows server 2008 r2 64bit - updated wsus 3.0 sp2 built in db (not sql) sql 2008 (fully patched) - not used wsus (yet...) this server master server replica server's connect (there 10, potentialy maybe 70-80 servers in future). i noticed morning w3wp process using around shy of 1gb of ram... after doing digging, restarted wsus app pool in iis , bloated w3wp process shrank right down does know cause process large?  cant seem find other similar posts regarding issue... hi, can use performance monitor to  capture of per-process memory utilization machine freezes. review /actual/ memory usage @ moment @ freezes. also, can review wsus softwaredistribution.log , iis logs determine if there wsus activity occurring during moment of last lockup. Windows Server  >  WSUS

i cannot join web server in dmz dc in dmz on same ethernet switch.  instead, had open asa firewall ports allow web server communicate dc on inside.  have "ad sites , services" configured both ip subnets , corresponding dcs.  see servers on inside attempting communicate dc in dmz.  hi harry, what's error message when join web server dmz? when join server domain, locate dc randomly. after added dmz, think can disable ports, web server communicate dc located in dmz. Windows Server  >  Directory Services

i have new surface pro. started word document , saved it. when woke , returned file, computer had mysteriously rebooted. opened file , autorecover showed original file had saved, sans work had done. checked autosave preferences, , relieved see set save every ten minutes. when went autosave folder, saw .asd files , found latest 1 , double clicked (a mistake, know, should have right right-clicked open or opened word). asked me if wanted go app store find right file open with, , said yes. realizing mistake, closed ms store application.  the .asd files gone. not in recycling bin. search .asd files unsuccessful. totally screwed? why did happen? why .asd files illusionist, see them dont?  hi lightman, i tested issue in own environment, opened asd file , stored in original file won’t removed or deleted. normally, typically never used , older asd files removed. first suggest try recover lost document. search autorecover files on file menu, click open, , click recent documen

i have gpo deploy server 2008 remoteapps windows thinpc os's attached gpo's have wmi filter. gpo being filtered out on windows thinpc's the wmi filter set to: here gpresult /r windows thinpc: as can see gpo common apps 002 being denied , filtered out here screenshot of gpo can see filter attached @ bottomg of screenshot: so going question... any ideas why being filtered out, wen wmi filter speficicaly says ally win enbed standard danny g guillory jr. twitter: @dguilloryjr blog: http://msvenom.wordpress.com/ linkedin: http://www.linkedin.com/in/dannyjr ok figured out... ran wmi quary on windows thin pc it shows as: select * win32_operatingsystem caption = "microsoft windows embedded standard " notice space after letter d , "... danny g guillory jr. twitter: @dguilloryjr blog: http://msvenom.wordpress.com/ linkedin: http://www.linkedin.com/in/dannyjr Wind

i need intercept requests form clients willing join domain. it needed verified whether build version of machine join domain isn't old. if so, should deny joining domain must rebuild machine using newer version of build. should client side app, guess api hooking must in case? clues function should intercepted make easiest way? or api , functions used during joining domain process? thanks syed, guess, netapi32 goal then. Windows Server  >  Directory Services

hi all, one question licensing. sounds simple, it's difficult. the environment: install hyper-v server 2008 r2 on bare metal, means i'm talking single license on vm host. forget clients, it's host software. , no additional windows server license affected. is "free use" license or "free download" license? i'm sceptical term "free download". know "adobe photoshop free download" - means download free, use product have buy license (that's ok, , clear-cut). i'm looking written statement microsoft . have found source this? after 3 days of search i've found nothing exact written definition producer. it's frustrating of microsoft staff (and our microsoft vendors) confuses „microsoft hyper-v server 2008 r2“ , „microsoft windows server 2008 r2 hyper-v“. noone there knows product named hyper-v server 2008 r2. of them have no clue how license correct ... maybe 1 of can help. thanks frank microsoft s

do regular users need write / create folder access root of c:?  can edit permission , done or break other things?  i see there gpo restrict access.  is best way? you can restrict access c drive using gpo in following user configuration \ administrative templates \ windows components \ windows explorer then prevent access drives computer if want play option , see how can affect on systems Windows Server  >  Remote Desktop Services (Terminal Services)

i want install quicken deluxe 2016 on computer , quicken tells me need .net framework 4.0 -- , how it? you can here. https://www.microsoft.com/en-us/download/details.aspx?id=17851       regards, dave patrick .... microsoft certified professional microsoft mvp [windows] disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights. Windows Server  >  Windows Server General Forum

hi what best approach migrate windows server 2003 domain windows server 2008. of servers in domain virtualised using vmware esx. domain has 2 terminal servers running third-party application isn't 64-bit compatible. group policy used manage terminal services users , roaming profiles used under current system slow load. thanks you can add new windows 2008 server , perform dcpromo on server.   here high level steps: 1.       upgrade schema using correct version of os – adprep a.       http://technet.microsoft.com/en-us/library/dd464018(ws.10).aspx b.       http://portal.sivarajan.com/2010/03/windows-2008-r2-adprep.html 2.       verify schema version a.       http://portal.sivarajan.com/2010/03/active-directory-schema-version.html 3.       install new windows 2008 server , join domain.  perform dc promo , select “additional dc existing dc option” a.       http://msdn.microsoft.com/en-us/library/ee797379(cs.10).aspx 4.       if planning d

i shut down firewall service on server running 2012r2 inside vm.  immediately vm lost connectivity , can't log in. can explain why might have happened? thanks sounds may have disabled firewall service? in short, appear outside though server has been disconnected network including rdp, although network tasks initiated server may still function. https://technet.microsoft.com/en-us/library/cc766337%28v=ws.10%29.aspx?f=255&mspperror=-2147217396 i'd console in reenable it.       regards, dave patrick .... microsoft certified professional microsoft mvp [windows] disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights. Windows Server  >  Platform Networking

is there way passwordless rdp authentication certificates can in linux ssh keys? think can done smart cards, tied card , card reader. works ssh keys can pop private key onto iron key , use login remotely. no, rdp not support this. either, username/password or smart card certificate. rdp implies interactive logon , username/password or smart cards support interactive logon windows. vadims podāns, aka powershell cryptoguy weblog: www.sysadmins.lv powershell pki module: pspki.codeplex.com check out new: ssl certificate verifier check out new: powershell file checksum integrity verifier tool. Windows Server  >  Security

i'm system administrator. handed dvd, told go forth , install server. using our key, installed server 2012 r2 standard okay. when activated host, entered key , told this key didn't work, please check , try again, or try different key. looked in our mpn portal , key have. so: time call microsoft. information want? edit: never mind!  they (we) out of licenses r2 standard. Windows Server  >  Windows Server 2012 General

  hi all   i plan make internet kiosk using 1 server 10 thin client.   what have right think.   thin client dump terminal, every application run on session running on server.   what configuration if have use windows xp professional or windows server 2003.   which product have buy / deploy, how license have pay.   is enough 1 licese.   as information, ncomputing says use own technology called user extension protocol didnt use terminal service technology.  refer fact ( need client access license terminal service).   i still confuse, because on windows xp eula said there max 10 connection.   thank's side,   i need know right think less budget   thanks people read , answer it.   heru sudarto hi,   things consider regards licensing. to use xp workstation need os license. (so thin client linux doesn't require local license, 1 of reasons linux versions cheaper) to use windows server need os license.   now tricky part. nee

i using windows server 2008 r2, using software comsol . whenever run model, workstation utilizes physical memory i.e. 64gb cpu usage 2% @ time. how can synchronise physical memory , cpu workstation utilizes 50% of physical memory , 50% cpu usage. hello mohd abdullah azeem, use wsrm   (windows system resource manager). on memory tab, select either use maximum committed memory each process or use maximum working set limit each process, , type number limit (in mb). more information memory allocations, see understanding memory management in windows system resource manager. add or edit resource allocation dialog box http://technet.microsoft.com/en-us/library/cc725852.aspx best regards, harry this posting provided "as is" no warranties, , confers no rights. Windows Server  > 

hello, every time new user opens remoteapp icon receive the following message: "your remote desktop connection failed because remote computer cannot aunthenticated" "the remote computer not authenticated due problems security certificate. may unsafe proceed" "certificate name: name in certificate remote computer: servername.xx.domain.local" "certificate errors: certificate not trusted certifying authority" i have 2 options "ok" or "view certificate" if click "ok" message goes away not open remoteapp, if click on "view certificate" allows me save cerificate in user's pc , user able open remoteapp the problem certificate says expire in 3 weeks. specific date 6 months after initial ts license installation (implementation). questions:  if certificate expires ts renew itself? would i able install again in user's pcs? do have ssl ceritificate? the server used internally , vpn client when working remotly.

hi, i have domain 3 domain controllers: 1 of them windows 2008 r2 sp1, others windows 2003 r2 sp2. i have member server windows 2008 r2 sp1, vmware virtual machine. i can't connect server via rdp. authentication error prevents connection, though give correct credentials. i log domain admin in vmware console. if run gpupdate, got following error: user policy not updated successfully. following errors encountered: processing of group policy failed. windows not resolve user name. caused 1 of more of following: a) name resolution failure on current domain controller. b) active directory replication latency (an account created on domain controller has not replicated current domain controller). computer policy not updated successfully. following errors encountered: processing of group policy failed. windows not obtain name of domain controller. caused name resolution failure. verify your domain name system (dns) configured , working correctlyuser policy not upda

hi, hope can shed light on this... once in while issue (and all) users niggling issues, such 'documents' link in start menu not working (other issues within various applications crop @ same time). we have various namespaces set on our domain, 1 of called \\stockportgrsch.net\userfiles . there 3 namespace servers namespace (fs04, fs05 , fs06). when above issue arises, if i look @ permissions for 'c:\dfsroots\userfiles' on each of servers, find on @ least 1 of them (and again all), permission inheritance seems broken. broken mean 'administrators' showing in acl, when @ inheritance thinks it's turned on. fix have @ present click 'disable inheritance', click apply, , click 'enable inheritance'. puts permissions correctly, below. know can every time can't keep checking , worried might symptom wider issue! hi, little strange permission of folder should set when creating dfs namespace , should not affected in access

i have setup vpn , routing on windows 2008 enterprise server (sp2) domain controler, server multi-homed 1 interface used active directory domain, 1 interface used server backbone , other isolated network wich needs dhcp access. server behind seperate firewall, forwards ports pptp.  removed block of 10 ips dhcp used vpn , configured server vpn handle pool, installed wins server thinking help, , finaly disabled windows firewall on both server , client. now here situation @ time: - can connect vpn without problems. - can ping machines on internal network, ip, netbios name, , fqdn. - can ping vpn client machine on network. - can see shares on machines except on vpn server (i get  "system error 53 has occurred." , ip on internal interface or lan) - system error 5 has occured when try see shares on vpn client (it not important if can not access shares on clients, wanted let know, maybe you) - can map network drives on domain machines except on vpn server. - trie

i have small site, single windows 2008 r2 server.  has 2 nics, 1 lan, , second facing internet router.  rras installed (along dns, dhcp dc etc).  internet traffic lan must go through server, , subsequently router.  outbound internet traffic appears fine, and so is inbound vpn.  however there web site hosted on server , appearing on lan, cannot access the web site @ all if connect on internet side of server (using internet facing ip of server).  likewise need port 6001 visible internet , not appear on internet side of server either.  server not respond ping internet facing nic.  sounds firewall type activity, cannot find it. windows firewall off, , trend wfbs running.  even taking wfbs down does not improve situation.  looking forward helpful advice cheers  hello, you have done not recommended configuration, called multihoming , should avoided on dcs multiple reasons. http://support.microsoft.com/kb/157025 http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihome

hello i have apply-image newly bought computer. when go bcdboot c:\windows, screen shows "failure when attempting copy boot files". i know there master boot record , boot entry. have read lot these 2 subject. not able grasp whole idea. can give me step step instruction tell me next make work? thanks trio hi, >>when go bcdboot c:\windows, screen shows "failure when attempting copy boot files". issue may caused reserved partition have not set active happened. please follow steps below. boot windows 7 installation dvd, select repair , open command prompt. type diskpart type select disk 0 type list partition then note partition number installed windows 7. type select partition x    (x partition number windows installed) type active type exit type bcdboot c:\windows     (if c windows partition) if doesn't help,i suggest post on win7set&setup forum further assistant: https://social.technet.microsoft.com/forums/windows/e

hi all!, we having problem time zone redirection, have customers on different time zone , using remote app system that's hosted on our server, whenever use program should saving data using local time it's using same time server, want enable allow time zone redirection both on server connecting , on local computers, before that, trying test out on our side changing time on 1 computer , remoting server have enabled time zone redirection. seems not work, question can able test out on local network, , if how test out? Windows Server  >  Remote Desktop Services (Terminal Services)

hi,  may has similar problem or can give me helping hand.  i'm having 9node cluster ( windows 2012 r2 , patched rtm version on )  the cluster connected san equallogic ( firmware 6.11).  hitkit driver 4.7.1  the system running clean , without event logs until page pool usage of nodes turn on 15 gb of paged pool memory.  i monitore via performance counter  ( \memory\pool paged bytes) otherwise have no indication example process view, calculated sum on overview ( taskmanager / memory ) shows on contraditory 15gb memory usage.  i downloaded rammap tool sysinternals doesnt show me possible information information , acutally information differs rammap performance counter ( rammap = 251mb, performance counter = 15gb )  just make point clear , there no information beside sum of page file on system page , perfcounter page pool memory used process . therefor hidden process "needs" it.  i tried many thinks ,  like search memory hole in drivers , hyper-v stack , equa

recently users complain when opening office documents dfs share, pop's file in use , option open read only. when happens, looking in open files list, document not opened else.  looking @ process explorer, don't see thing touching either.    accessing file subnet using machine same user account doesn't have issues.  multiple users complaining , nothing have changed aware of.... there no tmp files. any other directions should at?  i've rebooted , still happens. some how appears caused user's windows temp folder files Windows Server  >  File Services and Storage

i have installed virtual pc on laptop , installed windows server 2003 on virtual pc. now when trying connect internet virtual pc, getting error message "internet explorer not open search page" when check network connection in virtual pc , see message "windows can not find networks" how can connect internet virtual pc ? how can bind network connection of laptop virtual pc ? i able connect internet virtual pc when installed first time. dont remember did after that. getting these message, shall ? thanks reply hi,   according description, issue seems related virtual pc. focus on general question windows server system , here not best support resource virtual pc, recommend further support in corresponding community can qualified pool of respondents. understanding.   for convenience, have list related link followed.   discussions in virtual pc   http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.virtualpc&cat=en_us_4596f