Quantcast
Channel: Windows Server General Forum forum
Viewing all 24879 articles
Browse latest View live

Explanation for privilege difference between two user accounts

June 24, 2019, 11:58 am
$
0
0
I'm configuring a small domain in Windows Server 2012 R2 (fully patched).

We have three workstations, one of them brand new, and four accounts, one of which is the administrator and three users, USER1, USER2 and USER3. All three users were configured by my predecessor with administrative privileges. I'd like to demote them to normal/limited/standard users.

When I joined the new workstation to the domain, the user normally assigned to that workstation, USER1, saw their account "demoted" to a normal user, requiring administrative credentials to perform program installation, for example.

I compared the profiles of an administrative-level user, USER2, with that of the "demoted" user, USER1. I looked at all 13 tabs in the Properties of the profiles and found nothing that would explain the difference in the privileges. The most important tab, "Member of", has an additional security group, "Administrators", for thedemoted user, USER1. The administrative-level user, USER2, does not include membership in this security group.

I don't understand why USER1 is a normal user and USER2 has admin privileges. This must be something simple – where else do I need to look?

TIA and regards, AndyA
Search

Harddisk6\DR6945, is not ready for access yet.

June 20, 2019, 11:55 am
$
0
0

Hi 

 I have this problem with my 2012 R2 server .

Source : disk 

Event ID : 15 

The device, \Device\Harddisk6\DR6945, is not ready for access yet.

i'm sharing DATA through this server and with this error i have a lot of speed and access issues 

Have you any ideas please 

Thank you  

 

What is the object EVERYONE in ACLs? It really means EVERYONE? Even IIS App Pools?

June 18, 2019, 11:06 am
$
0
0

What is the object EVERYONE in ACLs? It really means EVERYONE? Even IIS App Pools?

I have a folder, full of files, in my IIS 8 WebServer and an ASP app running, uploading file to the folder

Current ACL of the folder is: "Everyone:FullControl", it´s a requirement of the Web App, so Uploads can be done

Now, developers, are requesting a change: to add the IIS AppPool\AppName be added to the ACL, again, with FullControl, so APp could upload files.

But considering that the ACL already have Everyone:F as permission, why bother to add IS AppPool\AppName to the ACL, if "everyone" (at least theoretically speaking) includes the IIS App Pools, and all other objects?

I know, by default, "Authenticated Users" and "Everyone" has some sort of equivalence, where "everyone" is "reduced" to not include anonymous users, but in my thinking, the IIS AppPool is an "authenticated" users, isn´t it?

Some DHCP reservations not creating A or PTR records in DNS

December 3, 2013, 1:24 pm
$
0
0

Howdy,

I'm having an issue where DHCP does not update DNS for certain devices.  Now, I may not have a full grasp on how a DHCP reservation should work, but please bear with me.  I have several network-enabled temperature monitors that support DHCP.  I'd like to create a DHCP reservation for each device, and have the DHCP server create/update the DNS records (A and PTR).  However, I can't get DHCP to update DNS at all (i.e. no records are created).

The DHCP server is not a DC (Server 2008 R2), and is configured with DNS dynamic update registration credentials.  The AD account used for dynamic updates is a member of the DnsUpdateProxy security group, along with the DHCP server.  The scope is DDNS enabled, and configured to always update DNS records, discard records when lease is deleted, and to update records for DHCP clients that do not request updates.

The DNS server is a DC (Server 2008).  The zones are AD-integrated, and configured for secure dynamic updates only.

DNS records are created/updated just fine TrendNet print server, but not for these network-enabled temperature monitors (WatchDog 15).  Looking at the DHCP log, I see the temp monitors renew their IP addresses, but do no DNS update requests follow.

One thing I noticed is that the temp monitors don't have a name listed, when looking at the leases, but I assume a reservation, where a FQDN is provided by me, would be enough to not be a problem.  The compliant TrendNet print servers, do have a name for their leases, even before creating a reservation.

How can I get the DHCP server to create A and PTR records for the temp monitors?  Is it even possible for these types of devices?  Thanks in advance for any pointers/help.

(Domain Controllers) dynamic DNS updates configuration of time

June 25, 2019, 2:48 am
$
0
0

Hello,

We are facing a specific issue in our AD environment :

We have 14 DCs that update their records in two external (linux bind) dns servers using dynamic dns updates.

What we found is all the DCs updates their DNS at the exact same time that sometimes leads to a complete domain unavailability for a few minutes.

Each days, the exact time of these updates seems to be 06:00, 12:00 and 18:00.

I created a monitoring of this behavior using nagios and requesting regulary our DNS how many DCs do you have in your records.

As you can see on the attached picture, it represents, on both DNS, how many DCs they have. Since we have 14 DCs, 28 is the max value.

Image

You can see here the problem that all DCs getting out of DNS system at the same time...

I am wondering how can we configure each DC to update its dynamic dns record at specific time so we can achieve to avoid all DCs out of DNS at 6:00, 12:00 and 18:00 

THanks for any help

Intermittent not enough space errors when doing LDAP queries against 2019 domain controller

December 13, 2018, 7:53 pm
$
0
0

Hi All,

We have deployed some new 2019 domain controllers are are having issues where LDAP queries are coming back with:

00000008: SysErr: DSID-0205199E, problem 12 (Not enough space), data 0

Turning on diagnostic NTDS logging the domain controller logs (Event ID: 1535):

Internal event: Active Directory Domain Services has encountered the following exception and associated parameters. 

Exception:
e0010003 
Parameter:


Additional Data 
Error value:

Internal ID:
205199e

Internal event: The LDAP server returned an error. 
 
Additional Data 
Error value:
00000008: SysErr: DSID-0205199E, problem 12 (Not enough space), data 0

The domain controller has plenty of space 80Gb. The issue seems to occur when LDAP clients use the filter syntax: memberOf:1.2.840.113556.1.4.1941:

Has anyone seen this error before?.  Dcdiag and repladmin are clean.

File Cluster Migration from 2008R2 to 2016 - Recreate shares

June 25, 2019, 5:10 am
$
0
0

Hi 

I was trying to migrate a file cluster ( it has only file server installed and no other features ) from 2008 R2 to 2016. For which i have choose to build a new cluster in 2016 and remap the storage attached to the old 2008 R2 cluster to 2016 Cluster. I have done a small POC and it looks good. What i looked is , i dont see the cluster File shares on the new 2016 after storage remapping. I see my NTFS permissions intact. There are a lot of shares present and i cant sit down and recreate all the file shares on my new cluster.  Is there a way to export the cluster file shares from registry ? or  any script which i can use to execute and bring all the cluster file shares on the 2016 cluster.Please suggest

windows could not start Service on local computer. error 5 Access Is Denied windows server 2008 r2

April 10, 2018, 12:39 am
$
0
0

Hi Consultants,

We are using the windows server 2008 r2.

Before the holiday, the services were working normally.

We were shutdown the server and start it again after holiday, then many services couldn't start, it show the error:

"Windows could not start the <service name> service on local computer. Error 5: Access Is Denied"

We tried grant the folder security of the services files: Everyone full , and tried to run the services by the administrator domain but not success.

Please help me fix that issue!

Thank you very much!

Best Regards,

Hien Nguyen

Search

Service not start Access Denied, Software Protection, Event Logs,

September 5, 2012, 1:26 am
$
0
0

Hi Guys

Have a windows 2008 R2 SP1 Standard server that was reporting Non Genuine version.

A college of mine tried a few fixes and was unable to fix this include a repair of the server.

I was able to remove the message by just uninstall Sophos Anti-virus. I have had a similar problem with Bit Defender.

Unfortunally the system now has other problem.

Unable to do windows update.

Event log service will not start Access Denied

Software protect service will not start access denied.

Opening MMC or other windows app reports Publisher unknown.

I have run sfc /scannow as well as reimporting catroot2 and cat root folder. I also used process monitor to locate event log folder causing with Access denied and change the writes to this folder. Unable to start event log or Software protect. 

If anyone has any other idea on how to fix this I would like to hear.

Thanks

Craig

See link for Catroot resolution and Process monitor task.

http://answers.microsoft.com/en-us/windows/forum/windows_7-security/uac-unknown-publisher-alert-with-microsoft/2d787ac4-242a-4597-9670-fecb78e6a12b.

Craig

We are using Qualys for scanning patch compliance for Windows Server 2016. Though we have installed latest Cumulative update on 2016 server is still showing as non complaint with .Net frame work updates

June 26, 2019, 1:39 am
$
0
0

We are using Qualys for scanning patch compliance for Windows Server 2016. Though we have installed latest Cumulative update on 2016 server is still showing as non complaint with .Net frame work updates. 

Even after upgrading the .Net framework to 4.8 and installing cumulative patches related to 4.8 still machine are flagging as vulnerable. Qualys is detecting vulnerability by showing  this folder %windir%\Microsoft.NET\Framework64\v2.0.50727. Can you please help what this folder is related to and is it necessary to keep in Win 2016 server.

AD User Must Use Blank Password to Login

June 26, 2019, 7:20 am
$
0
0
I have two domain users that are unable to login when using their active directory passwords.  However, if the password is left blank, they are allowed to login to their desktop.  I have not changed anything on the domain or the password policy.  How can I force all AD users to authenticate with a password?  FYI- The desktops are Windows 10 machines.

The Service on local computer started and stopped.Some services stop automatically if they are not in use by other services or programs

April 5, 2013, 12:09 am
$
0
0
The Service on local computer started and stopped.Some services stop automatically if they are not in use by  other services or programs

Task Scheduler error 8007045B

June 26, 2019, 11:50 pm
$
0
0
On Windows Server 2016, when rebooting, I get sometimes error x8007045B when the task scheduler starts a powershell script with trigger 'At system startup', using a system account. Is there a way to avoid such error or to handle it?

Server 2008 R2 unresponsive after pressing ctrl-alt-del in the login page of windows

May 23, 2019, 10:04 pm
$
0
0
My problem is that my server 2008 R2 was unresponsive after pressing ctrl-alt-del in the login page of windows. This problem exists after I finished the windows update at last month. I have 4 servers running in 2008 R2 OS, but only 2 of them have this problem. Thank you.

Error 0x80004005 updating KB4499164 and KB4481252 on Server 2008R2 Standard

June 12, 2019, 8:45 am
$
0
0

Hi everyone,

Really hoping someone can offer guidance on this - tried posting at Sysnative first (https://www.sysnative.com/forums/threads/error-0x80004005-updating-kb4499164-and-kb4481252.28482/); I gather they're a bit bogged down at the moment, but after two weeks I can't wait any longer and I'm at a total loss for answers myself. Please feel free to let me know if there's a better sub-forum to post this in.

Below is my thread created at Sysnative and all relevant details should be within.

Thanks in advance!

***

Hi guys,

First time posting for help on this sort of forum, but am at my wits end. Reinstalling or replacing this server is not an option at this point.

We've got a server (running 2008 R2 Standard) that's failing to update these two updates (KB4481252 and KB4499164 - the latter of which is a big concern considering recent news) and I've tried just about everything I can possible think of/find in order to resolve. Multiple updates including KB890830, KB4490628 and KB4499406 installed successfully on the same patch release day these started failing to install, 22/05. (Gives you an idea how long I've been investigating this!)

General and more specific error-code related steps I've already taken:

*Triggered our inhouse Windows Update Fix script (contains compiled bits of 'reset windows update components', clear 'WU AutoUpdate registry key' fixes etc. that we've used for years to great success)
*Done a manual reset of Windows Update Components as per Microsoft's guides.
*Cleared SoftwareDistribution.
*Attempted updating through our global patch management software, Centrastage/Datto Endpoint Management.
*Attempted installing manually by downloading and running the two updates from the Windows Update catalog.
*Attempted installing via WUSA and DISM (as well as trying to 'uninstall' the non-installed KB in case there were remnants)
*Ran Windows Update Troubleshooter.
*Ran WURT/CheckSur and found no errors.
*Ran SFC - no integrity violations were found.
*Ran a dism /checkhealth - no issues found.
*Investigated reports that error can stem from disabled peerdissvc, but Branchcache role is not installed on this server and the service is not present.
*Disabled the anti-virus, Sophos, from running on the machine temporarily.
*Tried with disabled Windows Firewall.
*Tried allowing both ports 443 and 80 inbound and outbound in Windows Firewall as a troubleshooting step.
*As per Microsoft articles, added 'http://*.microsoft.com' to trusted sites and loosened ActiveX settings for Trusted Sites as per their recommendations.
*Tried clearing AppCompFlags\Layers key as a solution that I found as a fix for similar issues relating to the same error code.
*Ran SFCFix.exe - reports no corruptions were detected. (see attached)
*Due to differing KB numbers it's difficult to tell exactly what the last security roll-up is, but I saw Feb's was definitely installed without a shadow of a doubt, so checked the KB for March's rollup (which wasn't showing installed) and tried to install. Same error code.
*Dug through the WindowsUpdate.log and followed down the path of numerous error codes I found in there including 0x80070490, 8007007e, 0x80070002 and 80070663.

SFCFix.txt attached and all files within CBS folder downloadable from https://eu.soonr.com/2/filelink/bsyna-bygkh5o-to6xg2el

SFC and DISM have both been run a couple of times this week, but let me know if you need a more current set.

If anyone's able to assist I'd be eternally grateful, as I'm absolutely stumped.

TIA!
Pascal

Search

User Licensing CAL

June 27, 2019, 5:47 am
$
0
0

Windows Server 2019 16 Core + 10 CAL licenses is for total how many users or devices.

I have 15 users, is it enough or I need to increase to 15 CAL from 10 CAL

Please advice

Remove KMS Host

June 29, 2010, 4:08 pm
$
0
0

I recently bought the Office 2010 Vol. Lisc. and saw the option for the KMS host.  I downloaded it and put it on my one 2008 server I have (rest are 2003).  It shows the partial key in there but now I would like to remove it.  I only have 2 copies and will only be slowing incrementally getting 2010 onto our machines, so MAK seems a better solution, I won't have the 25 minimum machines for a long time.

I used the /upk and all that did was remove the actual lisc. the server was using, not the Office lisc.  I want to make sure that KMS is gone, how can I remove it so it doesn't mess wiht future installs, I now wish I had not even experimented with it!  I cannot find anything on how to remove it.

Server 2008 R2 contact file (*.contact file extension)

June 27, 2019, 12:29 pm
$
0
0

Assuming I am in Server and I just created a new contact by right clicking on the screen, select New from drop down selection, and select Contacts in the next drop down selection.  I have filled out all of the fields for the Contact File and saved it.

Question 1:  Is there a way to use command prompt (CMD) to view the contents of the .contact file I just created?

Question 2:  What is the command to view the contents and direct or append it to a file.

The reason for my question is because the requirements for my students is to create a contact using the method described above and share the contact out in a shared folder.  I am trying to build a program that can grade everything including of everything that is supposed to be in the .contacts file.  The grading system is fairly simple since most everything can be found in command line.  

Thanks for any help anyone can provide.  This will greatly reduce the amount of time it takes to grade a classroom for the install and setup of server and exchange from hours to minutes.

Connect gpon to server, using line to phone and iptv

June 23, 2019, 2:05 pm
$
0
0

Hello there, I have an question about ftth

My company using gpon with isp's modem that support line to phone and iptv services. But it's very slow and unstable.

I wanna use a windows server as a modem like that, how can I build that PC (hardware and software) to use like isp modem.

Managing Certificates in Windows Servers environment

June 27, 2019, 9:50 pm
$
0
0

Hi, Guys.

Do you know how to track in the environment to obtain which servers are deployed with a specific certificate? Can this be fetched via PowerShell in AD using the "Issuer" parameter or do you have other applications or tools to get this done?

Thank you. 

Viewing all 24879 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>