RSS

Category Archives: Windows Server

prepare RODC installation AD media data

in CMD with administrator privilege run Command:

ntdsutil

ifm

create rodc d:\installationmedia

then wait the process finished. After files be created, copy whole folder to mobile HDD

image

 
Leave a comment

Posted by on August 1, 2011 in Windows Server

 

Can’t download any updates on windows server 2008 r2

customer server running windows server 2008 r2 can not use windows update to check updates or download updates automatically.

1 try to rebuild windows download database

run cmd in administrator privilege then run:

net stop wuauserv
Rename c:\Windows\SoftwareDistribution SoftwareDistribution_OLD
net start wuauserv

2 install KB 947821

for windows 2008 r2 & windows 7: [300MB]

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=914fbc5b-1fba-4bae-a7c3-d2c47c6fcffc&displaylang=en

when start install 947821, it will check windows update settings and correct all things, so it will take a period based on your server and network environment. for this situation it takes about 30mins.

for detail please check http://support.microsoft.com/kb/947821

then everything works.

this kb is recommend by me for WSUS troubleshooting.

 
 

the biggest thing you should know before upgrade to windows 2008 R2

Customer called me again, why my file share folder can not access any more after upgrade to Windows 2008 R2?

Yes, it is a little change in windows 2008 r2 in NTLM Authentication which lead to such scenario. So what is happening? it is called NTLM 128-bit minimum session security. In Windows 7 and Windows Server 2008 R2, NTLM-based minimum session security policy is set to require a minimum of 128-bit encryption for both client computers and servers for new installations of Windows. This requires that all network devices and operating systems using NTLM support 128-bit encryption. Existing session security will be retained when upgrading Windows from an earlier Windows version. If you want to change back to use weaker encryption (40-bit or 56-bit which is used in Windows 2003) , change below settings in Domain group policy and Domain Controller policy (Domain Environment ) or local group policy (Workstation Mode) .

  • Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
  • Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
  • Network security: Allow Local System to use computer identity for NTLM

image image image

 
Leave a comment

Posted by on February 22, 2011 in Windows Server

 

How do I restore security settings to the default settings?

Sample command to reset security settings

The steps below do not apply to Windows XP Home Edition, or Windows Vista Home Basic and Home Premium editions. To restore security setting for Home editions, either use a System Restore or a backup. Note After security settings are applied, you cannot undo the changes without restoring from a backup. If you are uncertain about how to restore your security settings to the default settings, you must make a complete backup that includes the System State (the registry files). Items that are reset include NTFS file system files and folders, the registry, policies, services, permissions , and group membership.
To restore your operating system to the original installation default security settings, follow these steps:

  1. Open a new Command Prompt:
  2. In Windows XP
    • Click Start, click Run, type cmd, and then press ENTER.

    In Windows Vista

    • Click Start and then type cmd in the Start Search box.
    • In the results area, right-click cmd.exe, and then click Run as administrator. You will be prompted to type the password for an administrator account. Click Continue if you are the administrator or type the administrator password. Then, click Continue.
  3. In Windows XP, type the following command, and then press ENTER:

    secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

    In Windows Vista, type the following command, and then press ENTER:

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

    You receive a "Task is completed" message and a warning message that something could not be done. You can safely ignore this message. For more information about this message, see the %windir%\Security\Logs\Scesrv.log file.

Next steps After you complete these steps, standard user accounts may no longer appear on the log on screen when you start your computer or try to switch users. This occurs because standard user accounts are removed from the Users group when you reset Windows security settings. To add the affected users accounts back to the Users group, follow these steps:

  1. Click Start, and then All Programs. Or click Programs.
  2. Click Accessories, and then click Command Prompt (Windows XP). Or right-click Command Prompt, and then click Run As Administrator (Windows Vista).
  3. In the Command Prompt window, type net users and then press ENTER. A list of user accounts is displayed.
  4. For each accountname listed in the Command Prompt that is missing from the log on or switch user screen, type the following command and then press ENTER:
    net localgroup users accountname /add

More information In Windows Vista, the Defltbase.inf file is a Security configuration template for the default security. You can view the settings for this file in the following location:

%windir%\inf\defltbase.inf

APPLIES TO

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Ultimate
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Microsoft Windows Server 2003 Scalable Networking Pack
  • Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 Service Pack 2
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard

from  http://support.microsoft.com/kb/313222

 
Leave a comment

Posted by on September 28, 2010 in Windows Server

 

using wireless NIC from Hyper-V virtual machine.

 
Leave a comment

Posted by on September 26, 2010 in Windows Server

 

confirm your domain function level version

you need adsiedit.msc to find the path.

Forest level setting

Name: msDS-Behavior-Version

Path: CN=Partitions, CN=Configuration, DC=<Forestrootdomain>, DC=com

Value:       

0 or not set=mixed level forest

1=Windows Server 2003 interim forest level

2=Windows Server 2003 forest level

3=Windows Server 2008 forest level

4= Windows Server 2008 R2 forest level

Domain level setting

Name: msDS-Behavior-Version

Path: DC=<domain>, DC=<Forestrootdomain>, DC=com (domain root)

Value:     

0 or not set=mixed level domain

1=Windows Server 2003 domain level

2=Windows Server 2003 domain level

3=Windows Server 2008 domain level

4= Windows Server 2008 R2 domain level

Mixed/Native mode setting

Name: ntMixedDomain

Path: DC=<domain>, DC=<Forestrootdomain>, DC=com (domain root)

Value:     

0=Native level domain

1=Mixed level domain

 

More information, please read:

http://msdn.microsoft.com/en-us/library/cc223739(PROT.10).aspx

 
 

after a software upgrade, the installer asked reboot persistently

this is a common issue that after a software upgrade, the installer asked reboot persistently. So what is the root issue? When the installer replace the current files with new, and it will determin if the file is in using. if yes, it will record them in regedit, like below:

HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations.

When the computer reboot again, Windows will check if there is an entry, if yes delete the files in the entry and then clear the entry. And then the msiesec will check if the entry is deleted, if no, keep ask user to reboot the computer. Sometimes, this reg entry may not work as expected, like Windows can not find the file or the file is current using though everything works fine.

the solution is delete the entry.

 
 
 
%d bloggers like this: