Applying Audit Policies

If like me, you are trying to enable Audit Policies on Windows computers in a domain using Local Policies > Audit Policy, and it does not work, then you came to the right place. Legacy Audit Policy: audit object access settings in Local Security Policy The reason is: that is the legacy way to configure Audit Policies. Like Windows XP legacy. You will find plenty of resources out there telling you this is because Advanced Audit Policy is enabled and you need to disable it by setting Local Policies > Security Options > Audit: Force audit policy subcategory settings to override audit policy category settings to Disabled to make it work....

January 11, 2022

Microsoft Windows 7 PPTP issues: spurious ICMP protocol-unreachable sent

I was recently confronted to a strange issue with a PPTP VPN connection to a central site. Some users could connect and some others could not. They all used Windows 7 with SP1, configured the same way, and all computers were behind NAT/PAT routers but not necessarily on the same site. On the VPN server, the only information I could get was this log stating the GRE protocol was unreachable:...

February 23, 2016

VMware and Windows poor TCP performance

I have had a strange issue lately with Windows servers on VMware vSphere 5.1 hosts. Throughput of TCP connections between some virtual machines were very very slow, barely 10 mbit/s . The behavior was easily reproducible : just start an iperf connection between a Windows Server 2008 and a Windows 2012 server, and you get 10 mbit/s . Moving both virtual machines on the same ESXi host, or on different hosts, did not change anything....

October 23, 2014

Using Windows domain resources while VPN is active with different credentials

If you are frustrated to get your Domain account locked while you are logged on a VPN with different credentials than your Domain credentials, then this is for you. Edit the file %userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk with your favorite text editor. All the VPN connections managed by Windows are defined in that file. Search the string UseRasCredentials=1 and replace it with UseRasCredentials=0 for each VPN connection that gets you locked out (or just replace all of them if you are lazy)....

October 23, 2014

Active Directory export script to import into SME Server

I had to migrate users from an Active Directory/Exchange combo to a SME server for temporary disaster recovery event. Here’s the script I wrote to create the export and recreate the users and their aliases in the SME server. The export was done before the disaster of course :) #!/bin/bash #ldapsearch -x -b "dc=customer,dc=com" -h 1.2.3.4 -D "domain\user" -W "(objectclass=user)" > activedirectory.ldiff File="activedirectory.ldiff" #reset files content echo > sme.users echo > sme....

March 9, 2014

OpenIndina: resize an iSCSI LUN exported to Microsoft Windows 2008

Just as a reference for future needs. To resize a zvol exported as an iSCSI LUN to a Windows OS, you need to change the zvol size, then change the “iSCSI backend” the LUN changed size and then do a disk rescan on your Windows initiator. Commands are: zfs set volsize=1T tank/volume sbdadm modify-lu -s 1T Then on Windows, go to Server manager, choose Storage, right click on Disk management and select rescan....

July 21, 2013

Don't use SQL Server 2012 with VMware vCenter and modules yet

Update: I just saw that since April 25th, SQL Server 2012 and Windows Server 2012 are supported by VMware vCenter 5.1U1 . All information is available here : http://blogs.vmware.com/vsphere/2013/04/vmware-vcenter-server-5-1-update-1-released.html Original November 21th 2012: While it is working with the SSO service, vCenter and vCloud Director, it just doesn’t work with Update Manager service. Well, at least with the SQL Server native client v11. Then Update Manager service just doesn’t start and throws an unhelpful 1067 Error....

June 9, 2013

Exchange 2003 : rechercher une adresse email

Si vous voulez retrouver à quel User est lié une adresse email dans Exchange, suivez les points suivants: Ouvrez Active Directory Users and Computers, Clic droit sur le domaine ciblé, cliquez Find, Dans le champ Find, choisissez Custom Search, Choisissez l’onglet Advanced, Entrez comme LDAP query: proxyAddresses=smtp:myemail@mydomain.example Vous devriez avoir un résultat qui est l’user associé à la boite mail ou à l’alias.

March 21, 2012

VMware : migration de Windows

Yo. Si vous voulez migrer des Windows vers une VM VMware, vous rencontrerez sans doute le fameux BSOD 0x7b. Le problème vient du fait que Windows n’a pas les infos pour gérer le disque. Pour aider à la résolution du problème, VMware a posté un item sur sa KB : http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005208 Maintenant la VM devrait démarrer, mais vous n’aurez sans doute pas de connection réseau. Mais si vous essayez de configurer votre ancienne IP sur la nouvelle carte détectée, Windows vous insulte parce que l’IP est déjà configurée sur une autre carte....

March 16, 2012

Transition Exchange 2003 vers 2010 : points clés

Hardware Exchange 2010 requiert un OS 64bits et donc un hardware 64bits. Si le stress sur le disque a été réduit, il a été augmenté sur le processeur et la mémoire. Ne pas lésiner sur les quantités de RAM (>8GBytes). Il est toujours recommandé de séparer les transaction logs des databases donc si possible, deux controleurs RAID et deux groupes de disques distincts pour ces objets. Operating System Bien mettre à jour le controleur de domaine et l’Exchange 2003 actuel (SP2, hotfixes, toussa)....

February 1, 2012