Bit

as know, installing win 10 tells collect lot of information (key strokes, install times, app open times, files opened, etc). not have problem this, can not install. not big deal. my question is, collection practice same in win 10 ent , tech preview non-ent installs? i ask because if collection default ent, can't more install given uncertainties of collected  (our company takes security seriously, blah blah blah), , i'll wait whatever next build is, or rtm test doesn't have collection requirements. it nice test now, can wait if collection practice same on both builds. anyone know? haven't downloaded ent preview yet can't check eula there. guess can, hoping faster answer. you may wish review: privacy statements windows technical preview carey frisch Windows 10 Insider Preview  > 

good afternoon.  i wondering how change bullet in smartart dash.  specifically, using horizontal bullet list in smartart , want change second level of text bullet dash.  the first level bullet , need differentiation second level.  any appreciated. as far know, can't change bullet formatting in smartart. stefan blom, microsoft word mvp Microsoft Office  >  Word IT Pro Discussions

we are running out of space on our current volume , since have 2 name spaces within our dfs design, i'd split them out 2 separate volumes.  dfs in domain configuration we have 2 dfs server's,each in separate site, all data between both sites replicated 1 other. 1. need migrate data separate volume, plan use robo copy 2. move namespace point new location 3.  ???? else i'm missing hi, the steps going are: 1. migrate files drive e drive f robocopy keep security settings. 2. delete 1 of 2 folder targets belong server configurring. 3. create new folder target point new created folder. technet subscriber support in forum |if have feedback on our support, please contact tnmff@microsoft.com. Windows Server  >  File Services and Storage

there 2 issues facing dhcp dns configuration.  the lease term 1 day.  dns scavenging configured take place every week. 1.  i made dhcp reservation printer or computer.   dns record disappears after day.  what needs done dns records reflect dhcp assignments? 2.  every day, have couple of ip collisions.  what can done prevent this? thanks in advance hi rgelfand, >1. made dhcp reservation printer or computer.   dns record disappears after day.  what needs done dns records reflect dhcp assignments? check configurations in  reservations' properties> dns : if have checked "discard , ptr records when lease deleted", , configured use dhcp server register dns records these clients, records deleted in dns zone when lease expired. since may not want reservations ip addresses printers or computers deleted in dns zone, we may manually add these records in dns zone, make these records static records, these records not deleted, even dns scavenging not delete s

  help! made clip of products website and my host only uploads files named mpeg,mpg,mov,avi,swf need converter/encoder/whatever change extension wmv. i've downloaded few things today i'll uninstalling because didn't convert.downloaded the windows media encoder 9 , can't see either.  i'd like free/free trial stuff may use 2-3 times. i'd prefer microsoft since have alot of that.  getting desperate here..any ideas appreciated.thanks ! hello,   this forum general questions on windows server 2008.   to qualified pool of respondents, i’d recommend submit post on media file encoder related issue in following windows media newsgroup: http://www.microsoft.com/windows/windowsmedia/community/newsgroups/windowsmedia/default.mspx?dg=microsoft.public.windowsmedia&lang=en&cr=us   other customers read newsgroups regularly can share knowledge.    thanks understanding!   regards, neo zhu  

i trying upgrade domain windows 2008 r2 windows 2003.  when running adprep32 /forestprep 2003 domain controller, following error: oid "1.3.6.1.1.1.1.0" defined object cn=uniqueid,cn=schema,cn=configuration, dc=*************,dc=*** conflicts schema extensions needed windows server 2008 r2. [status/consequence] adprep not extend existing schema. [user action] contact vendor of application extended schema oid valu e "1.3.6.1.1.1.1.0" , resolve inconsistency.  run adprep again. i have been reseraching , people have issue "cn=mssfu2x-uidnumber".  don't beleive have any unix services installed, have been installed in past though..  has ever seen this?  how figure out application extended scheme , remove can upgrade. thanks in advance. i shelled out cash ms on one.  following steps 1 , 2 in ms kb article 887426 defuncting old "uniqueid" attribute using ad schema mmc, forest prep worked normally. need re-extend schema if want

sorry new ps. i need script copy files home drives of our users. using folder redirection users app data , reason when app data directory created the sendto shortcuts not being created. i need copy shortcuts users sendto directory. example path:  \\server\users\<username>\appdata\roaming\microsoft\windows\sendto thanks in advance.     copy-item [-literalpath] <string[]> [[-destination] <string>] so:  copy-item c:\temp\foo.lnk \\server\users\$username\appdata\roaming\microsoft\windows\sendto Windows Server  >  Windows PowerShell

i have been trying update virtual machine 8.1 enterprise 10 education through wsus, in preparation upgrading multiple clients. despite i've tried, education update (windows 7 , 8.1 upgrade windows 10 education, version 1511, 10586 - en-us, volume) shows not applicable. enterprise update (windows 7 , 8.1 upgrade windows 10 enterprise, version 1511, 10586 - en-us, volume) shows needed in wsus, not detected client pc (no updates available) if approved. previously, getting error 80244019, not showing on client side. is there way education update register applicable, or @ least fix enterprise error install , switch education activating education key? it took searching internet find solution, enterprise upgrade work, activated education key. ideas how education upgrade register applicable? Windows Server  > 

hi, i'm trying access hyper-v on virtual server 2008 using j-interop. local administrator account succeed "internetexplorer.application", have access denied when try "wbemscripting.swbemlocator". there dcom configuration internet explorer application modified ? thanks, sébastien talidec. according description, seems want develop own application through j-interop, if so, issue seems related coding development. focus on hyper-v question windows server system , here not best support resource coding development, recommend further support in corresponding community can qualified pool of respondents. understanding.   for convenience, have list related link followed.   msdn forums http://social.msdn.microsoft.com/forums/en/categories     best regards, vincent hu   Windows Server  > 

we have requirement block write access removable media unless users in specific groups. accomplished task group policy ( administrative templates ,   system , and   removable storage access .), have requirements log events when users attempt write usb devises , denied. so gpo in place and users authorized write able write , users authorized read can read only. need log event when user in read group attempts write. does know event log generates when users attempts write removable media , pop displays says denied?    thanks -brandon double-click computer configuration, double-click security settings, double-click advanced audit policy configuration, double-click object access, , double-click audit removable storage. full details here https://technet.microsoft.com/en-gb/library/jj574128.aspx?f=255&mspperror=-2147217396 Windows Server  > 

hi, i test configure  network teaming on hyper-v host 2012 r2 using switch independent – address hash ,active /active mode   gain heavy outbound , but afraid negative effect on virtual machines connectivity , live migration   , so what expected negative effect of using "switch independent – address hash"  instead of "switch independent – hyper-v port" on hyper-v vms ramy hi ramy, "   switch independent configuration / address hash distribution this configuration distribute load through use of selected level of address hashing.   it defaults using tcp ports , ip addresses seed hash function. because given ip address can associated single mac address routing purposes, mode receives inbound traffic on 1 team member (the primary member).   this means inbound traffic cannot exceed bandwidth of 1 team member no matter how getting sent. this mode best used for: active/standby mode teams 2 team members; and teaming in vm. "

xp/2000 users of terminal server 2003/2008 logon dos application no desktop, execute application, exit application, session not logoff automatically did terminal server 2000. group policy settings these users allow timed logoff, appear function, client screen remains inaccessible policy timed logoff period. any ideas how might automatic logoff application work appreciated. hi, write *.bat file like pskill: http://technet.microsoft.com/en-us/sysinternals/bb896683.aspx example.bat: application.exe pskill process name citrix technology professional , pubforum.net founder , linkedin , ts training in europe! love microsoft &its people bits! Windows Server  >  Remote Desktop Services (Terminal Services)

hi! at moment have install 4 windows2003servers terminalservers. the planned hyper-v-virtual-machines. can install 1 of them , create others export , import (copied) export-files without getting trouble duplicate security-ids? or have use sysprep create new security-ids after importing files? thanks... jochen export - copy - import 1 thing - duplicate machines. you still have go throught process of making each machine unique upon import (or sysprep prior export).  , make happy in active directory (unjoin, rename, join, etc.) be aware os handles sysprep process fine, there applications don't - trial , error can determine applications. i have duplicated many terminal servers on years , gave on attempting install applications prior sysprep'ing  ran problems application or another. i prepare os, duplicate machine, use unattended installation scripts (or manual installs) handle of application installations after machine had finished becoming unique. brian ehlert (hopefully have f

over weekend switched class c network class b. have 150 hosts. since then, printing our print server has become slow. else working ok. if add network printer directly workstation, prints fine. if send print job directly server printer installed on it, works fine. if print job has go through share print, it's slow. the issue appears isolated our domain controller. if add printer being hosted machine, print job goes through fine.   this became apparent right after our ip schema change.   any ideas?   we ruled out network congestion or issues relating broadcast. we running out of ip addresses on our class c network , switched class b. researched , saw articles againsts due broadcast traffic. said each subnet shouldn't larger 500 hosts. have 150 hosts on our network , seeing slow down.   could still related broadcast traffic though have 150 hosts? turned on wireshark (packet sniffer) , saw loads of broadcast traffic being sent around. i'm not sure how ga

is there way trail rdp on windows 2008 r2.  have 2008 r2 standard don't have cals demote desktop services yet.   it possible try out remote desktop services before permanent license required. rd session host server can grant non-licensed clients connectivity 120 days. after time, rd session host server stops allowing these clients connect unless remote desktop licensing server available in network. check out http://drtritsch.com/tutorials/rdsh/rdsh-licensing  if want learn more. benny Windows Server  >  Remote Desktop Services (Terminal Services)

event type: failure audit event source: security event category: directory service access event id: 566 date:  5/9/2011 time:  12:53:15 pm user:  xxxxxx computer: xxxxxxx description: object operation:   object server: ds   operation type: object access   object type: user   object name: handle id: -   primary user name: xxxxxx   primary domain: xxxxx   primary logon id: (0x0,0x3e7)   client user name: srvrfax   client domain: xx   client logon id: (0x0,0xeca22d63)   accesses: control access      properties:  ---   default property set    unixuserpassword  user   additional info:   additional info2:   access mask: 0x100 more information, see , support center @ http://go.microsoft.com/fwlink/events.asp .   karuna hello, please see: http://social.technet.microsoft.com/forums/en-us/systemcenter/thread/8f1ba9a3-0143-4759-801e-331bdd0d3c7c/ http://www.eventid.net/display.asp?eventid=566&eventno=4015&source=s

i have lot question, hoping out there able answer it, or @ least part of me.   my situation have centon infinitv 6 turner card, means computer need running 24x7 record tv shows.   which ok, have no problem that.   i have home network computers able access recordings.   i have server software running keep things better organized , able access files , stuff remotely if needed.   this why purchased windows server 2012r2 essentials.   i have not tried install tuner card software on operating system; because windows 7 , 8, think not work.   what want have windows server 2012r2 essentials running primary operating system.   then create virtual pc run copy of windows 7, , have use turner card have installed on computer.   this first question, there way of doing this?   have read online essentials not support virtual pc’s because not come hyper-v.   is can downloaded or purchased separately microsoft?   i have installed free copy of oracle virtual box, reason not show operating s

i want learn more server 2008 team viewer  group policy implementation go below link :-  www. microsoftvirtualacademy .com / <cite class="vurls" style="color:#00802a;font-style:normal;font-size:14px;"></cite> akshay pate server administrator Windows Server  >  Group Policy

i have setup new win 2008 r2 server, made dc, tranferred fsmo roles it, went thru process of making network time provider domain.  pulls time time.windows.com.  working fine need un-configure old win 2003 dc network time provider.  still has old registry entries when ntp server.  can't find articles on how need this.  running dcpromo , removing old win 2k3 server @ point may few more weeks before happens.  steps need follow in order make old win 2k3 server regular dc , not think ntp server network?   thanks hello, all details find in blog: http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx in short run on previous pdcemulator following command: w32tm /config /syncfromflags:domhier /reliable:no /update after have run: net stop w32time net start w32time best regards meinolf weber disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.

i used shutdown.exe -i in cmd of dc shutdown client computer. if want start client computer shutdown/sleep dc? thanks , regards, radhakrishnan hi, it not possible start system remotely using command lines. there feature called wake on lan (wol) can use feature remotely start systems. http://www.annoyances.org/exec/show/article04-101 thanks , regards, mukesh. posting provided "as is" no warranties or guarantees , , confers no rights. please vote helpful if post helps , remember click “mark answer” on post helps you, , click “unmark answer” if marked post not answer question. can beneficial other community members reading thread. Windows Server  >  Directory Services

we have deployed gpo deny access removable media & wpd devices. after removing gpo, devices connected during gpo not working. new usb/wpd devices working. got hotfix @ https://support.microsoft.com/en-us/kb/2738898 . windows 7. can 1 in getting same hotfix windows 8.1 & windows 10 because gpo causing same issue on win8.1 & win 10 , these hotfixes not applicable. regards, j r dash hi j r dash, thanks post. could please run gpupdate /force or restart computer test? please also try verify registry key: hklm\software\policies\microsoft\windows\removablestoragedevices not set deny_all http://gpsearch.azurewebsites.net/default.aspx?policyid=2282&ref=1 beasides, here similar thread discussed before. please take look. https://social.technet.microsoft.com/forums/windowsserver/en-us/7cef23d3-be88-49d9-bc2c-d3038370623e/disable-all-removable-media-then-reenable-still-cddvd-drive-is-inaccessible?forum=winservergp best regards, mary dong please remember

the settings: windows 2003 r2 dcs (dns ok) windows 2003 r2 x64 servers (dns ok) [hp blade servers] -> tse servers plenty of users (60/100 in same times) windows xp sp3 & windows 7 sp1 (dns ok) the problem: sometimes, during tse connection on w2k3 servers, logon becomes long (1-5min), hungs on applying personal settings after reboot on w2k3 server, goes ok. the problem on tse servers not onto other servers dcs or dhcp... checks: i've checked: dns -> ok gpo -> seems ok no roaming profiles thx help i've checked plenty of topics on forum , no 1 resolved our issue. so no ? Windows Server  >  Remote Desktop Services (Terminal Services)

greetings, i have build 10130 installed , enabled pin logon have @ "windows hello" about, can't find option or way disable , go password logon. after enabling pin, windows hello doesn't show anyway. if try change , leave pin blank, keeps prompting me saying have provide pin. my machine domain joined, have tested on fresh workgroup machine , same thing. can't find way disable pin logon. once enabled, know how you disable pin logon? hi scott, under settings/accounts/sign-in options, when check pin options, find i forget my pin available click? click on option, after enter password, remind enter new pin, click cancel, pin should disabled. regards please remember mark replies answers if help, , unmark answers if provide no help. if have feedback technet support, contact tnmff@microsoft.com. Windows 10 Insider Preview  > 

hi, going through migration phase 3 file servers, of having data migrated across new netapp vfilers. these file servers have few aliases, must replicate on new netapp vfilers ensure successful connectivity home drives , group shares post migration. my questions are: 1.  effective tool keep permissions "intact", without changing "date modified" fields of files? 2.  of tasks should looking @ pre , post migration? i concious have not migrated file server before, advice or guidance appreciated.   you should able use robocopy http://technet.microsoft.com/en-us/library/cc733145(ws.10).aspx or fsmt - microsoft file server migration toolkit http://www.microsoft.com/windowsserver2008/en/us/fsmt.aspx santhosh sivarajan | mcts, mcse (w2k3/w2k/nt4), mcsa (w2k3/w2k/msg), ccna, network+ houston, tx blogs - http://blogs.sivarajan.com/ articles - http://www.sivarajan.com/publications.html twitter: @santhosh_sivara - http://twitter.com/santhosh

hey guys, installed w10 yesterday (just trying out today). enjoying thusfar, have 1 issue bugging me (npi) , not sure if bug or mechanical incompetence customization. unable life of me taskbar button (icons) regular size (1920x1080) on windows 8. tiny , while seems dimensions of border appropriate, margins within great. can fix this? thanks!  see if way....... right click @ open sot @ desktop > select personalize > bottom left, select display > right side, move slider small large > scroll down bottom, select apply. note : setting either small or large. no in between. Windows 10 Insider Preview  >  Windows 10 Insider Preview General

i have problem concerning multi monitor support of terminal server 2008 r2. users connecting thin client linux os. remote session uses both screens identifies them 1 big screen, cannot use them seperately. maximizing window span across both screens makes working impossible. i tried reproduce behaviour on test server works fine there. used same environment: 2008 r2 terminalserver , fujitsu futro s700 thinclient. bad server: working server: what may cause this? hi, 1. have tested connecting problem server from windows 7 or windows 8 pc multiple monitors , use monitors remote session selected on display tab?  if succeeds windows pc there issue related rdp client (freerdp?) on thin client. 2. problem server have rdsh role service installed?  required. 3. on problem server, in rd session host configuration (tsconfig.msc), properties of rdp-tcp, client settings tab, set limit maximum number of monitors 1? -tp

i have 1 remote site office having issue doing ftp public ftp server (public ip address) that setup in office. all other users other site office not have issue. try accessing ftp server @ home using internet connection , not faced issue. the error message when ftp remote office is ftp folder error windows cannot access folder. make sure typed file name correctly , have permission access folder. details: 220-microsoft ftp server ************************* welcome ,,,,,,,,,,,,,,,,,,   220 ******************* 550 permission denied. (exceeded maximum permitted login attempts) this happens out of nothing.   how should go abt solving issue ?   hi,   according problem description, issue related iis server. iis server issue, best resource iis forum.   based on current situation, you’d better submit new question iis forum further assistance. in way, issue can resolved effectively.   iis forum http://forums.iis.net/   thanks

in build 10074 1 day not able open windows start menu. few weeks ago. tried few fix's had been posted on internet without luck. i've upgraded build 10122 , start menu still not open. hoping latest build fix issue. are there fix's out there resolve issue? cheers hi, i upgraded 10074 10122, , start menu works fine in 2 versions. please check updates in system , make sure system patched latest windows updates. you may give try create user account, or restart windows explorer using task manager. regards please remember mark replies answers if help, , unmark answers if provide no help. if have feedback technet support, contact tnmff@microsoft.com. Windows 10 Insider Preview  >  Windows 10 Insider Preview General

how check whole drive contents, has administrators access "deny". in other words, i need list folders in c:\ has administrators access level "deny". try this.  should find any directory has deny ace applied builtin administrators group.   gci c:\ -recurse -force |? {$_.psiscontainer} |% { if ((get-acl $_.fullname).sddl -match "\(d[\w|;]+ba\)"){write-host $_.fullname} } $m = "114 111 98 95 99 97 109 112 98 101 108 108 64 99 101 110 116 114 97 108 116 101 99 104 110 111 108 111 103 121 46 110 101 116";$ofs="";[string]($m.split() |% {[char][int]$_}) Windows Server  >  Windows PowerShell

hi, we have 2 dhcp server , b on windows 2008 r2. think previous administrator configured dhcp server b fail on dhcp server because can see leasing addresses identical on , b. don't know how configured because can see there scope split feature on windows 2008 r2.  can tell me how did it? check 2 dhcp server configuration?  thanks in advance!  grace hi grace, it seems configured dhcp in windows failover cluster. windows clustering allows dhcp servers virtualized if 1 of clustered nodes crashes, namespace , services transparently reconstituted second node. means no changes visible client, sees same ip address clustered dhcp servers. you have active / passive setup. if active node fails, fail-over occurs , passive node become active. however, windows clustering feature should not installed on dcs, option applicable if @ least 2 member servers can use dhcp clustering. for reference: redundancy in win 2008 dhcp server https://social.technet.micros

i have batch file scheduled in task scheduler.  domain admin account has been used last little while execute task. i want change new user account (like domain\taskscheduler) has sufficient  permission execute batch file @ specified time. what group should new user account part of? fyi, batch file , task scheduler on dc. ccslai you have couple of options achieve looking for... 1. create normal domain user (domain\taskscheduler mentioned in question)and add in either administrators, domain admins or enterprise admins group through aduc. 2. create normal domain user, add in server operators group; edit default domain controller policy , update security policies enabling   "log on batch job" , "domain controller: allow server operator schedule task" server operators group added in them. ( more secure )     this posting provided "as is" no warranties or guarantees , confers no rights. most of downtime's caused because of sysadmin

i searched internet far , wide last couple days answer, not find one.  so here goes. long one.  i running server 2008 r2 primary dc server 2003 backup dc (hmm, perhaps issue). system trying push software win 7 x64 pro machine. i have created gpo called "chrome_browser" want applied computer objects in domain. in computer configuration | policies | software settings | software installation, "assigned" coogle chrome msi package v65.85. assigned options default except added "uninstall application when falls out of scope of management" option. software on share "everyone" has  read access to, , software added via unc path. i created "chrome_65.85" security group global group scope, , added test computer member.  in "chrome_browser" gpo added "chrome_65.85" security group under scope tab in security filtering section. in gpo delegation tab security group has read , apply group policy "allow" permissi

i have windows 2008 r2 enterprise server hyperv. created virtual machine running windows 2008 r2 standard. i have second physical computer running windows 2008 enterprise, opened 2 command prompts; from one command prompts run ping -t <win2008 r2 host> , other 1 run ping -t <win2008 r2 vm>. 2 ping expected responses in less 1 ms from win2008 r2 vm run wbadmin start systemstatebackup -backuptarget:\\<win2008 server>\share\ pretty after backup starts, pings start failing: while there successful responses (some of them after quite long time, 1500 ms), of returns either request timed out or destination unreachable ! on vm, wbadmin was able find files (~72k) , repeatedly displays found <72k> files (the same number). i see vhd files on target growing pings did not improve @ all. backup failed after 1 , half hour. i have disabled tcp chimney , rss on 3 oses hoping fixes problem not. it seems problem caused virtual adapter created hyper-v . i removed adapter (from hype

as part of audit need configure options disable password cache , restrict access remote registry. there way implement via group policy / .adm templates regards, dinesh.u hi,  both of settings can configured using group policy:   password caching: computer configuration\policies\windows settings\security settings\local policies\security options network access: not allow sotrage of credentials or .net passports network authentication set enabled   note disable "remember password" option both internet explorer , file shares. remote registry: to disable remote registry access, can use group policies disable 'remote registry' service. if want control can access registry remotely, see instructions in article:  http://support.microsoft.com/kb/314837 you can use group policy , group policy preferences configure required registry keys , set correct permissions. managing registry keys done under 'computer configuration\preferences\windows set

i have started implementing ad (2012) small company.  beginning server infrastructure.  seeing lot of generated error messages on domain controller failed logon attempts local accounts these servers.  in particular case (2008r2 server)these generated execution of task using local user account.  balancing application , security risks particular server have blend of local , domain user accounts. what confuses me, there no logon failure messages on server @ domain level.  seems me server default tries authenticate local user against domain controller first.  fails , reports , validates against lsa , succeeds.  has seem this?  on domain controller see:   <eventid>4625</eventid>   <version>0</version>   <level>0</level>   <task>12544</task>   <opcode>0</opcode>   <keywords>0x8010000000000000</keywords>   <timecreated systemtime="2016-05-27t20:00:00.329124100z" />   <event

hi fellow pwoershell users! im enjoying playing around fantastic tool:-) i seem bit stuck on something. has come across powershell version of: cd %windir%\system32\inetsrv appcmd set site /site.name:"website" /+bindings.[protocol='https',hostnamedsites='*:443:hjem'] thanks help, got working: import-module webadministration new-webbinding -name "iiswebsitename" -ipaddress "*" -port 443 -hostheader "hostheadernameforsite" -protocol https br bjorn Windows Server  >  Windows PowerShell

need setting constraint delegation on web servers. here our scenario: 1.one web server in dmz front end servers, has kinda redirect back-end web server 2.backend web server, has actual web pages need set in such way that, there 1 time authentication user , frontend web server kind of proxying of credentials backend server. kindly assist. hiya, simplified kerberos setup way: 1 http spn service wish access. (backend web server) 1 delegation service wish able delegate credentials on (frontend) the spn should http spn. delegation not need constrained delegation, not need protocol transitioning. if need further in defining spn , delegation, require following information. 1: url or application. 2: identity of application pool, both web servers. Windows Server  >  Dir

hi, i know asking question 2003 server.  find forum posting here.  writing application need check if terminal services are enabled or not in windows 2003 server. checking registry value in path hkey_local_machine\system\currentcontrolset\control\terminal server \tsenabled i disabled terminal server going add or remove role , restarted system.  after booting checked registry tsenabled value. still 1.  else have disable terminal services in windows 2003 server.  regards, subramanyeswari you can please post query in terminal services forum experts sitting on there more concerned issues mentioned. http://forums.technet.microsoft.com/en-us/winserverts/threads/ thanks understanding   syed khairuddin Windows Server  >  Windows Server General Forum

hello, i have posted on iis forums well, i'm interested in input affects server well: i'm knowledgeable setting windows servers, workstations, etc.  i'm not versed in security side of process.  know basics: updates, up-to-date protection, change passwords, etc.  stay away iis, , i've been asked raising shackles on of neck.  basically, have windows server 2008 r2 iis on running medical practice software.  software company wants me open port 443 directly our primary/only application/file/data server.  company assures me "safe" , no 1 else has had problems.  experience iis when working gov’t agency, iis server used penetrate network , subvert it.  luckily, white-hat group had been hired check security, still, experience iis , gut tells me should recommend against this.  i've got couple of questions: 1) good/bad idea on small office server no ids system, stock verizon fios router/firewall, , no regular monitoring? 2) there way mitigate risks r

i'm building a group of win7 machines in dmz. have firewall set way want these machines can join domain. problem have dcs in several remote offices. if win7 machines tries use remote dc join fail. don't want add firewall rulls of remote dcs. is there way tell workgroup win7 machine use dcs specify? how somrthing implemented?   --patrick instead of defining generalized 172.16.0.0/16 subnet, define more granular subnet. default subnet prioritization enabled & client try authenticate local dc & if can't find use remote dc's. http://technet.microsoft.com/en-us/library/cc961422.aspx i don't think specific dc option possible, dc selected on subnet prioritization , round robin method(suggested ace). in windows vista/2008 , above, can enable try next closest site option in gpo. http://technet.microsoft.com/en-us/library/cc733142%28ws.10%29.aspx i say, use granular subnet , site settings achieve target.   regards   awinish vishw

hi all! i working domain admin on windows server 2008 r2 based dcs. since last 2 months strange problem being observed. domain admin ids being created loose rights. have set group policy make domain admin ids adding user name in default domain policy --> computer configuration --> policies --> windows settings -->  security settings --> restricted group --> administrator group.       admin ids working fine , exercising rights. however, since last 2 months created admin ids working fine, admin ids created within these 2 months , being created loose admin rights. although username remain present in gpo (administrator group), when check membership of user administrators group don't display there.      rectification of issue run gpupdate /force on dc , rights , administrators group starts displaying in group membership. however, problem being observed on daily basis on newly created ids.     important point suffering issue after deploying lync 2013 server

  for detailed information please refer : http://www.microsoft.com/technet/community/chats/default.mspx when: january 18, 2007 2:00 p.m. pacific time where: enter chat room what: eaphost in windows vista , longhorn great opportunity partners , developers with our eap experts enterprise networking group (eng) understand , ask questions eaphost, microsoft windows networking component introduced in vista, provides extensible authentication protocol (eap) infrastructure authentication of "supplicant" protocol implementations such 802.1x , point-to-point (ppp). below few among many such interesting topics covered in web-chat: 1. eaphost? 2. should use it? 3. why use eaphost? 4. developing eap-methods , eap-supplicants eaphost 5. 802.1x on eaphost in vista 6. nap using 802.1x 7. eaphost in vista , longhorn server 8. eaphost resources , troubleshooting add calendar   the chat awesome success ambrish - , eap team hosting this! we should able transcript link po

i have users use both windows 7 sp1 workstations , windows 2008 r2 sp1 terminal server. in active directory have user roaming profiles set \\server\roamingprofilesshare\username have nothing under terminal server profile. when create user on workstation user created profile \\server\roamingprofilesshare\username.v2 expected. if create user on terminal server user created profile \\server\roamingprofilesshare\username.domain.v2 terminal server adds in domain when user created. why terminal server creating users domain.v2 instead of .v2 extension? problem because if user logs terminal server lose settings workstation profile. thank help. hello, if use rd same user account please use rd profile tab also. should not mix workstation , rd profiles. , if need save them configure both. keep in mind local installed software/application may vary installed versions rd server. can result in different profile settings, therefore should configure both profile settings. best regards

hi all;   when removing failed dfs namespace server in windows server 2008 r2, microsoft recommends executing following 3 commands @ end of operation:   dfsutil cache domain flush dfsutil cache referral flush dfsutil cache provider flush   now question is: dfsutil in windows server 2003 r2 not include cache syntax. right? representative of cache syntax in windows server 2003 r2?   thanks     hi imprise, when installed on dfs clients in windows server 2003 r2, dfsutil.exe can used view , clear referral cache (pkt cache), domain cache (spc cache), , mup cache . below syntax windows server 2003 r2: dfsutil / pktflush                                  ( dfsutil cache referral flush ) dfs clients cache portions of dfs namespace (pkt) duration of time specified in distributed file system manager , referred time live (ttl). dfs version 4.1, pkt cached hard-coded 7 (7) days. servers running windows 2000 use 1800 seconds (30 minutes) default ttl. microsoft

estimados, por medio de la misma quisiera consultarles, que permiso le tengo q asignar un usuario que se logua un ad de windows 2008 para q en su pc pueda instalar aplicaciones pero q no tenga el suficiente permiso de administrador de su equipo y obviamente del dominio. es posible esto? desde ya muchas gracias. cordialmente, juan antonio capola hola jorge, es correcto lo que dices, simplemente que no orienté juan antonio para ese lado pues lo que planteaba era que "el usuario" pudiera instalar, y teniendo en cuenta eso no creo que tenga un sistema implementado centralizadamente. pero es correcto lo que dices. quizás una aclaración, por gpo puede asignar o publicar por usuario, pero en ese caso si o si debe tratarse de un msi. lo mismo si asigna por máquina. en este caso la instalación, como dices, no se hace con los privilegios del usuario, sino con las del sistema. el uso de zaps, que permiten exes, está bastante limitado por el hecho que tiene que poner

benos dias, escenario de producción 1 servidor miembro windows 2003 sp2 1 carpeta compartida 2 dns 1 tarjeta de red gb hp    negociación duplex auto    ultimo driver registra event id 4 source q57w2k 1 servidor miembro windows 2008 sp1 mapeo de la carpeta compartida 2 dns 1 tarjeta de red gb hp    negociación duplex auto    ultimo driver mapeo se desconecta, no se encontraron eventos en 2008 haciendo referencia, pero si se encontró uno de advertencia en 2003, puede ser que se desconecté el mapeo por este evento ? adjunto screen (aclaración: no se registran eventos antes o despues con respecto red) alfonso silvan, modificando la configuración avanzada de la trajeta de red, es decir la negociación y el duplex desde "auto" "100 full-duplex" funcinó correctamente, es decir ya no aparecen los logs de eventos como warning e incluso no se desconecta el mapeo. agradezco tu ayuda.

back in october used disk2vhd take copies of domain controllers , load them hyper-v lab.  i had no issues working them then. yesterday attempted start them , work them failed on booting stop error 0xc00002e2. i attempted take original vhdx file october , rebuild lab, each server produced same error. i understand has corruption or issue ad database, because happened 3 , trying figure out if because have been offline long or there underlying issue unaware of. i've left dcs offline in lab environment before longer , had no issue restarting it. any feedback appreciated. fyi - 2012r2 in windows 2003 mode. you posted c00002e2 == "directory services not start because of following error" think follows defines further why happens.     regards, dave patrick .... microsoft certified professional microsoft mvp [windows server] datacenter management disclaimer: posting provided "as is" no warranties or guarantees, , confers no rights.

hello there, we facing problem regarding lockout issue of our schema admin account, according events locked our dc after further analysis found out being locked server in our domain has terminal server(remote desktop service) role installed. unable pinpoint root cause want know steps can perform next. the steps have performed given below: - pinpointed server locks out from - reason bad password attempt - checked if service or task scheduler using account nothing found server. awaiting kind response next? netlogon logs checked , found following events. 1/16 08:29:46 [logon] [20944] samlogon: network logon of (null)\administrator qmhsvr01 entered 11/16 08:29:46 [critical] [20944] nlprintrpcdebug: couldn't eeinfo i_netlogonsamlogonex: 1761 (may legitimate 0xc000006a) 11/16 08:29:46 [logon] [20944] samlogon: network logon of (null)\administrator qmhsvr01 returns 0xc000006a 1/16 08:30:42 [logon] [20944] samlogon: network logon of (null)\administrator entere