yaro
Hi,
I have a Windows 2008 Active Directory and client machines with Windows 7 and Windows 10. I have a GPO that sets a policy to autolock client machines after 5 minutes of inactivity.
Last week, some of these client machines installed latests updates from Windows Update. Since then, all of them have the same problem: autolock doesn't work.
It is a known problem? Any way to workaround or solve?
Thanks
Good Afternoon,
I am testing Server 2019 in my RDS Environment. I have scripts that build the machine and while testing, I noticed that my font installations weren't working.
I use a powershell script to create a com object representing the Fonts folder.
$fontRoot = "$basepath\Fonts" $FONTS = 0x14 $objShell = New-Object -ComObject Shell.Application $objFolder = $objShell.Namespace($FONTS)
Then I test for a font file in this folder, and if it doesn't exist I use the .copyhere method to install the font to the system. Until 2019, this copies the file into the FONTS folder and created the registry settings to make it available for all users on the system.
$objFolder.CopyHere($font.FullName)
I have completely disabled UAC (and rebooted). I'm also running powershell as an administrator. Instead of installing the font for the system, it installs it for my user and puts the font file in my profile.
This seems like some sort of virtualization doing this, as it's seamless to me.
Any thoughts on how I can script the install of a font per machine for server 2019?
Hi All,
This question has been asked a few times here, but I'm looking for an answer that will work in my situation (if one exists!)
My company is about to deploy Windows Server 2012 R2, and I'm writing the build scripts to automate a load of tasks after sysprep has finished doing its job. As we're a global company, which has adopted a follow-the-sun support model, we need to maintain global standards on the Windows Server image and post-deployment configuration. Meaning a SINGLE image for ALL regions.
Among these tasks is joining the domain, and detecting which region the server has been deployed to and configuring the default regional, language and input settings to that region. The image itself is configured for en-US, which is fine if we're deploying a server in the US. However, I need to completely change the region, input and display language etc. to en-GB and en-AU respectively when deploying servers in those regions (I'm from the UK).
Now I've figured out how to do this for the current user using powershell:
Set-Culture en-GB Set-WinSystemLocale en-GB Set-WinHomeLocation -GeoId 242 Set-WinUserLanguageList en-GB
However, I need to copy these setting to both the welcome screen (most important for password entry), and the default user account. Typically you'd do this in the GUI here:
However, as I'm trying to automate the entire process, I want to avoid any GUI work by the engineer who's deploying the server. I want to automate this process.
The only way that I've found MIGHT work is exporting the current user registry settings for the following:
HKEY_CURRENT_USER\Control Panel\International HKEY_CURRENT_USER\Control Panel\Desktop\MuiCached HKEY_CURRENT_USER\Keyboard Layout\Preload
I then make changes to the keys to either en-GB or en-AU regions (using correct ID's where applicable), change the HKEY to HKU\.DEFAULT and import the reg file with the script.
This is all very messy and actually doesn't work fully. I've ended up with everything looking like it's in the UK region EXCEPT the display language. So the input language actually states it's in UK but in reality its still US. Additionally new users are getting US keyboard and display languages. Everything else is OK though.
So my question is centered around the whole copy process to both welcome screens and default accounts. Is it possible to cleanly script this in either powershell, cmd, or regedit?
Thanks for reading the long post!
Hi, I'm trying to prevent specific accounts from having the ability to logon to any PCs in the domain. What I did in general are:
1) Create an OU named "Users - No Logon" and place the users I don't want to allow logon interactively in this OU.
2) Create a Security Group named "Users - No Logon" and place the users I don't want to allow logon interactively into this Group.
3) Create a GPO named "GPO - Users - No Logon" under the OU "Users - No Logon" and add the Security Group "Users - No Logon" to Windows Settings\Security Settings\Local Policies\User Rights Assignments\Deny logon locally.
Basically the steps matches what are suggested in the following article. However, the accounts added to the Security Group "Users - No Logon" even after multiple log on / log off and reboots.
http://windowsitpro.com/security/service-accounts-can-be-secure-yet-have-non-expiring-passwords
Any ideas what I have done wrong?
Dear all,
I wanted to start a discussion because for me it is not really clear what is the strategy to adopt when using Windows server semi annual channel (SAC). This version of Windows is lightweight, no GUI and less attack surface, I get that... that is why I started using it for things like DCs, etc...
I started to install 1709 servers thinking that it would be like Win10 : every 6 months I'll get a newer version and I will not need to reinstall "new" servers anymore and keep things always up-to-date. Things is : there was never a Windows Update package to upgrade to 1803...
Now is 1809 "out" (pulled back for the same reasons as Win10 but will be available again soon) and then in a near future 1709 will not be supported anymore.
What is the supposed upgrade path for those ? Were these servers meant to be disposable ? In my company where the security is an important point, core would be really nice but if we have to scrap our servers every 18 months, this is not going to be ok.
Should we use the LTSC in core mode or will it be something available with Windows Update like Win10 ? Me I hope so... :-)
Any info, clarification or insight is welcome ! Thanks in advance
Dear sir I have already installed a Windows server 2016 evaluation version now I buy windows server standard 2016 and have the key. How can activate this installed evaluation version with the key which I buy for windows standard server 2016.
Bihar Networking Solution Patna - 801503
Hi,
We applied 4462915 (https://support.microsoft.com/en-us/help/4462915/windows-7-update-kb4462915) onto a Windows 2008 R2 IIS server, and found that after applying the patch our web sites could no longer connect to the SQL backend. Uninstalling the patch resolves issue (we've installed and unistalled it a few times now to confirm). We tested connecting to SQL servers with and without the patch and saw the same result.
I can't find any articles relating to problems with this patch.
Anyone else see this?
Dear Microsoft community,
I will update on monday 15 october 2018, arround 150 Windows 2003 Servers with the following microsoft packages :
windowsupdateagent30-x86.exe (major are x86 servers)
windowsupdateagent30-x64.exe
I plan to use this command to install on each Windows 2003 Server (operation will be streamlined and performed by a tool which permit to teledistribute the command bellow and the proper package) :
windowsupdateagent30-x86.exe /wuforce /quiet /norestart
Before this campaign, in enterprise environment,
i would like to be sure of :
- No risk for the production ? (it seem this Windows component may not cause issue on manufacturing softwares)
- Does this update make instable the system after installation with /norestart specified ? (without reboot)
- Does this update is up on system without reboot ? (it seem this update is applicated without reboot, because the check of the WUA version after installing this update is good, system WUA is at the good version)
Plus if anyone has this feedback on the same thought, please let me know ;)
I have tested on few servers out of production, it seem work greatly.
Best regards to all technicians,
Benjamin
Hi,
We applied 4462915 (https://support.microsoft.com/en-us/help/4462915/windows-7-update-kb4462915) onto a Windows 2008 R2 IIS server, and found that after applying the patch our web sites could no longer connect to the SQL backend. Uninstalling the patch resolves issue (we've installed and unistalled it a few times now to confirm). We tested connecting to SQL servers with and without the patch and saw the same result.
I can't find any articles relating to problems with this patch.
Anyone else see this?
Hello
I cannot get the lan drivers to work :( And i really want windows server 2012 to work. Tryed it with windows server 2008 R2 and i have the same problem there.
Posted a question at gigabytes forum but no one replayed.
CPU: Intel Core i7 4770S 3.1 GHz (Haswell)
MB: Gigabyte GA-Z87X-UD3H
I would be really grateful if someone could help me!
//Kajmac
I have a ticket open with MS and our dir sync seems to not sync changed Active Directory names to Office 365. When a user logs into office 365 they receive the error
AADSTS90019: The SAML 1.1 Assertion contains no ImmutableID of the user
Already ran some scripts.
Set-MsolDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $true
Seemed to be set to false but tested again and same error
edited user account name again in AD to change back to old, that still works, but renaming it again and force full dir sync, on the account we get the error when accessing Office 365 or Outlook
Tried
Set-MsolUserPrincipalName -UserPrincipalName user_newname@domain.com-NewUserPrincipalName user@domain.onmicrosoft.com
then
Set-MsolUserPrincipalName -UserPrincipalName user@domain.onmicrosoft.com -NewUserPrincipalName user_newname@domain.com
Same error. MS seems to be running out of ideas. I don't see much about this. Everything seems to match and sync over.
If i create a new account name with user_newname then in proxy address add the user_oldname to it, no older emails show up nor can the user access their one drive in office 365.
If i set account name back to user_oldname and run sync, everything works. frustrated
Best regards,<br/> <br/> <strong>Joe C<br/> </strong>Partner Online Technical Community<br/> -----------------------------------------------------------------------------------------<br/> We hope you get value from our new forums platform! Tell us what you think:<br/> <a href="http://social.microsoft.com/Forums/en-US/partnerfdbk/threads"><span style="color:#0033cc">http://social.microsoft.com/Forums/en-US/partnerfdbk/threads<br/></span></a>------------------------------------------------------------------------------------------<br/> This posting is provided "AS IS" with no warranties, and confers no rights <hr>
Hi,
Can someone tell me what these errors mean ? I go them when I ran DCdiag on my domain controller.
Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 10/04/2018 09:40:11
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
A warning event occurred. EventID: 0x0000053C
Time Generated: 10/04/2018 09:48:20
Event String:
The DNS registration for DHCPv4 Client IP address 172.16.180.17 , FQDN iMac-7695.lionsclubs.local and DHCID AAEBgrW0ThPMplsI5MTZEDvh9psAvKTigrPF6Mxq5H+SuIQ= has been denied as there is probably an existing client
with same FQDN already registered with DNS.
An error event occurred. EventID: 0x0000165B
Time Generated: 10/04/2018 09:53:14
Event String:
The session setup from computer 'SRVPFS08' failed because the security database does not contain a trust account 'SRVPFS08$' referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 10/04/2018 09:55:25
Event String:
The session setup from the computer SRVPFS08 failed to authenticate. The following error occurred:
An error event occurred. EventID: 0x00002720
Time Generated: 10/04/2018 10:37:51
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 10/04/2018 10:38:56
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
Hi
I have recently added a new Windows Server 2016 as a domain controller and found out that our domain functional level is still on Windows Server 2003. I have done a lot of research on how to upgrade our domain and forest functional level. My question is, is it okay to proceed upgrading the domain and forest functional level to Window Server 2012 R2 with our servers currently:
DC1: Windows Server 2012 R2
DC2: Windows Server 2012 R2
DC3: Windows Server 2012 R2(will demote once everything went well for Server 2016)
DC4: Windows Server 2016
Dears,
trying to dump Kerberos ticket information for a given process (service)
[76] Session 0 0x23:0xefed9ece DOMAIN\SRV_ACCOUNT Kerberos:Network
C:\Windows\System32>klist tickets -lh 23 -li efed9ece
Current LogonId is 0x23:0x848b5004
Targeted LogonId is 0x23:0x7fffffff
Error calling API LsaCallAuthenticationPackage (ShowTickets substatus): 1312
klist failed with 0xc000005f/-1073741729: A specified logon session does not exi
st. It may already have been terminated.
why does this logonsession that clearly exists (running) translates to 0x7fffffff ?
Thanks for your help,
Tim
Iam getting the above error if anyone of you can assist please.
Thank you
Cheers
K
Hi,
We are using RDCMan v2.7 and want to import our computer OU structure info the RDCMan.
So that we have the same structure in RDCMan as AD. That means a "group" in the RDCMan is a "OU". Hope you understand..
Now we just create it manually, and import all servers from a csv file...
Do anyone know of this kind of script ?
Thanks for reply.
/R
Andreas
/Regards Andreas
I am struggling with change password option for a user through one of my application. This application authenticates user provided username/password on AD, particular domain controller. But when i try to change password with admin account for the same user, i am getting 'javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0'
On the domain controller in the logs i am able to see credential validation request as per the timestamp but not able to see any request for password update try like 4724 event. Could somebody help me here.
Hi,
I am currently working on a project in which Active Directory, Microsoft Exhange Server and File Server has to be reviewed on Windows Server 2012 R2. I have tried different tools trial version namely AD Manager Plus, IT Environment health scanner, MaxPowersoft Active Directory Reports Lite, NetIQ, Solar winds, Sekscheck, Enterprise Reporter, Lepide Auditor.
The requirement is that our client is not allowing us to install any tool on Target Servers, so we are looking for a tool that can be installed on Windows 10 workstation (connected to servers) and can get the detailed information for review and assessment
of the target servers.The review incldes following based on best practices:
1- Configuration Review
2- Architecture/Design Review
3- Security Review
Can anyone suggest me a tool that can be installed on a remote workstation connected to the Active Directory, Exchange Server and File Server for the above mentioned review purpose.