Microsoft

If like me, you are trying to enable Audit Policies on Windows computers in a domain using Local Policies > Audit Policy, and it does not work, then you came to the right place. Legacy Audit Policy: audit object access settings in Local Security Policy The reason is: that is the legacy way to configure Audit Policies. Like Windows XP legacy. You will find plenty of resources out there telling you this is because Advanced Audit Policy is enabled and you need to disable it by setting Local Policies > Security Options > Audit: Force audit policy subcategory settings to override audit policy category settings to Disabled to make it work. While it is true that disabling the Advanced Audit Policy will make it work, it will revert to the old, non-granular way of configuring Audit Policies. ...

I was recently confronted to a strange issue with a PPTP VPN connection to a central site. Some users could connect and some others could not. They all used Windows 7 with SP1, configured the same way, and all computers were behind NAT/PAT routers but not necessarily on the same site. On the VPN server, the only information I could get was this log stating the GRE protocol was unreachable: ...

I have had a strange issue lately with Windows servers on VMware vSphere 5.1 hosts. Throughput of TCP connections between some virtual machines were very very slow, barely 10 mbit/s . The behavior was easily reproducible : just start an iperf connection between a Windows Server 2008 and a Windows 2012 server, and you get 10 mbit/s . Moving both virtual machines on the same ESXi host, or on different hosts, did not change anything. ...

If you are frustrated to get your Domain account locked while you are logged on a VPN with different credentials than your Domain credentials, then this is for you. Edit the file %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk with your favorite text editor. All the VPN connections managed by Windows are defined in that file. Search the string UseRasCredentials=1 and replace it with UseRasCredentials=0 for each VPN connection that gets you locked out (or just replace all of them if you are lazy). Save the file. ...

I had to migrate users from an Active Directory/Exchange combo to a SME server for temporary disaster recovery event. Here’s the script I wrote to create the export and recreate the users and their aliases in the SME server. The export was done before the disaster of course :) #!/bin/bash #ldapsearch -x -b "dc=customer,dc=com" -h 1.2.3.4 -D "domain\user" -W "(objectclass=user)" > activedirectory.ldiff File="activedirectory.ldiff" #reset files content echo > sme.users echo > sme.aliases cat "$File" | while read line do #concatenate new line to existing info UserInfo="$UserInfo $line" #treat all info if user is finished if $(echo -e "$line" | grep -q '^$') then echo User info finished #treat only users with mail address if $(echo "$UserInfo" | grep -q '^mail:') then #recover data UserName=$(echo "$UserInfo" | grep '^sAMAccountName:' | sed -e 's/sAMAccountName: //' | tr '\[A-Z\]' '\[a-z\]') UserFirstName=$(echo "$UserInfo" | grep '^givenName:' | sed -e 's/givenName: //') UserLastName=$(echo "$UserInfo" | grep '^sn:' | sed -e 's/sn: //') UserMail=$(echo "$UserInfo" | grep '^mail:' | awk '{print $2}' | tr '\[A-Z\]' '\[a-z\]') UserMailAliases=$(echo "$UserInfo" | grep '^proxyAddresses: smtp:' | sed -e 's/^proxyAddresses: smtp:\(.\*\)@.\*$/\1/' | sort -u | grep -vi "^${UserName}$" | tr '\n' '|' | tr '\[A-Z\]' '\[a-z\]') Tmp=$(dd if=/dev/urandom | tr -dc \_A-Z-a-z-0-9 | head -c 4) UserPassword=$(echo "${UserName}${Tmp}" | tr '\[A-Z\]' '\[a-z\]') #print user info echo "$UserName |$UserFirstName |$UserLastName |$UserPassword" >> sme.users #print aliases if any if \[ $(echo "$UserMailAliases" | wc -c) -gt 2 \] then echo "$UserName |$UserMailAliases" | sed -e 's/^\(.\*\)|$/\1/' >> sme.aliases fi #cleanup some shit unset UserName unset UserFirstName unset UserLastName unset UserMail unset UserMailAliases unset Tmp unset UserPassword fi unset UserInfo fi done You can then import all the users and their aliases with the following commands: ...

Just as a reference for future needs. To resize a zvol exported as an iSCSI LUN to a Windows OS, you need to change the zvol size, then change the “iSCSI backend” the LUN changed size and then do a disk rescan on your Windows initiator. Commands are: zfs set volsize=1T tank/volume sbdadm modify-lu -s 1T <GUID of the volume> Then on Windows, go to Server manager, choose Storage, right click on Disk management and select rescan. You should see some allocated space on the disk. Source: https://www.growse.com/news/comments/growing-an-ntfs-iscsi-volume-that-s-hosted-on-zfs/ ...

Update: I just saw that since April 25th, SQL Server 2012 and Windows Server 2012 are supported by VMware vCenter 5.1U1 . All information is available here : http://blogs.vmware.com/vsphere/2013/04/vmware-vcenter-server-5-1-update-1-released.html Original November 21th 2012: While it is working with the SSO service, vCenter and vCloud Director, it just doesn’t work with Update Manager service. Well, at least with the SQL Server native client v11. Then Update Manager service just doesn’t start and throws an unhelpful 1067 Error. ...

Si vous voulez retrouver à quel User est lié une adresse email dans Exchange, suivez les points suivants: Ouvrez Active Directory Users and Computers, Clic droit sur le domaine ciblé, cliquez Find, Dans le champ Find, choisissez Custom Search, Choisissez l’onglet Advanced, Entrez comme LDAP query: proxyAddresses=smtp:myemail@mydomain.example Vous devriez avoir un résultat qui est l’user associé à la boite mail ou à l’alias.

Yo. Si vous voulez migrer des Windows vers une VM VMware, vous rencontrerez sans doute le fameux BSOD 0x7b. Le problème vient du fait que Windows n’a pas les infos pour gérer le disque. Pour aider à la résolution du problème, VMware a posté un item sur sa KB : http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005208 Maintenant la VM devrait démarrer, mais vous n’aurez sans doute pas de connection réseau. Mais si vous essayez de configurer votre ancienne IP sur la nouvelle carte détectée, Windows vous insulte parce que l’IP est déjà configurée sur une autre carte. Ca vient du fait que Windows ne supprime pas la configuration des périphériques non présents. J’imagine que c’est une feature. ...

Hardware Exchange 2010 requiert un OS 64bits et donc un hardware 64bits. Si le stress sur le disque a été réduit, il a été augmenté sur le processeur et la mémoire. Ne pas lésiner sur les quantités de RAM (>8GBytes). Il est toujours recommandé de séparer les transaction logs des databases donc si possible, deux controleurs RAID et deux groupes de disques distincts pour ces objets. Operating System Bien mettre à jour le controleur de domaine et l’Exchange 2003 actuel (SP2, hotfixes, toussa). L’installation d’Exchange 2010 refusera de poursuivre si certains composants manquent dans l’architecture existante. Ensuite il faut préparer Active Directory pour les nouvelles fonctionnalités d’Exchange 2010/ Depuis les fichiers d’installation, exécutez: setup.exe /PrepareLegacyExchangePermissions ou setup.exe /pl + setup.exe /PrepareSchema + setup.exe /PrepareAllDomains . ...