Archive for November, 2017


How to dedicate DC to Exchange? and It is recommended to exclude the DC PDC server:

 To be performed on all exchange servers:

set-exchangeserver exchangesrv1.domain.local -StaticDomainControllers NewDC1,NewDC2

set-exchangeserver exchangesrv1.domain.local -StaticGlobalCatalogs NewGc1,NewGC2

set-exchangeserver exchangesrv1.domain.local -StaticExcludedDomainControllers OldDc1,OldDC2

How to determine which domain controller is used:

To be performed on all exchange servers:

Get-ExchangeServer -Identity “ServerName” -status | fl

Get-ExchangeServer -Status | FL name,StaticDomain*,CurrentDomain*,Static*


Get-ExchangeServer -Status | Set-ExchangeServer -StaticDomainControllers, -StaticGlobalCatalogs,



Decommissioning WINS in a large company is not an easy task and side effects could be important:

  • Legacy applications
  • Legacy Windows systems, Samba-based servers
  • Old appliances, legacy SAN/NAS devices
  • Short names (and not FQDN) hardcoded in legacy or in-house developped applications
  • My Network Places (or Network Neighborhood) to quickly repopulate this browse list as the Browser service is still based on NetBIOS.
  • Any third-party network applications that leverage the browse list to find network resources users can attach to.
  • Microsoft DFS referrals (see below: The default behavior of DFS is to use NetBIOS names for all target servers in the namespace)
  • WINS could be necessary also for client vpn subnets (that need to resolve netBios names).

How to detect Wins traffic on a network using Firewall logs:

  • TCP 42 to detect WINS replications
  • The WINS Server services listen on UDP port 137 for incoming NetBIOS name resolution requests (to detect client computers/servers using WINS)

Very good article:

Impact and changes:

  • Change DHCP scopes (removing option 44 on scopes)
  • Change local TCP/IP properties on all computers, servers to remove Wins servers
  • The default behavior of DFS is to use NetBIOS names for all target servers in the namespace:

My personal recommendations:

WINS is not deprecated in 2012 R2 and in 2016 neither:


If you are configuring a new company from scratch try to not install WINS, else for an existing company with Windows applications and computers (100% in reality!), I would say that WINS is not necessary, but it is recommended. It is easy to install and to maintain. It is a faster to resolve and robust. Administration tasks are close to zero!

Reference article:


Q1. Well…how do automatic updates work? Can I control them?

A1.  A default install of Office 365 ProPlus is configured to update automatically from the cloud.  Separately, each month a new build of Office 365 ProPlus is released in the cloud.  When a computer with Office 365 ProPlus detects that a new build is available, the difference – or delta – between the new build and the existing one is streamed down in the background.  Updates are then installed when Office apps/processes aren’t running. So, with the default configuration Office 365 ProPlus, you will always be up-to-date. IT Pros can customize the configuration by controlling if updates are searched and applied automatically and/or from which source this will happen.  (More on this in Managing Updates for Office 365 ProPlus – Part 2.)


Q4. I use WSUS and/or System Center Configuration Manager to manage Office updates today.  Can I continue to use these products to update Office 365 ProPlus?

A4.  Automatic updates is a servicing model built into Office 365 ProPlus, and provides the ability to be always up to date, or “evergreen”, with security and functionality enhancements.  Office 365 ProPlus updates are not provided via Windows Update.  Some environments may prefer to use their existing software distribution tool to manage updates for Office 365 ProPlus, and this can be facilitated using the Office Deployment Tool.  Check out the References section below for more information.


How to use ODT for O365?

Netsh command reference:


Using Netsh to redirect a port to another computer:

How to create a wifi hotspot with netsh:

Using netsh with DHCP:

Using netsh to capture traffic:

a) Open an elevated command prompt and run: “netsh trace start persistent=yes capture=yes tracefile=c:\temp\nettrace-boot.etl” (make sure you have a \temp directory or choose another location).

b) Log on and stop the trace using: “netsh trace stop” (from an elevated prompt).

c) Open the .etl with Network monitor (Netmon allows us to choose .etl as a file to open as if it was an .cap file from a traditional trace.)



Did you know that you can virtualize your Windows Server 2016 Essentials? Instead of hacking into Windows Server Essentials itself and using that as a Hyper-V host we go ahead and do it the official way and download Microsoft Hyper-V Server 2016 for free. Some administrators don’t like a server without a GUI (server core) but it has a lot of benefits compared to a full blown server with the GUI and roles installed.

  • It requires less resources.
  • It is more secure because the attack surface is smaller.
  • Reduced management.
  • Requires much less updates from Windows Update so less reboots needed.

For managing the Server Core with Hyper-V only we use a normal workstation with Windows 10 + RSAT (Remote Server Administration Tools). OK, admitted it is a little bit more complicated but it outweighs the benefits!

If you want to learn more Hyper-V Server 2016 I suggest What’s new in Hyper-V on Windows Server 2016 at Technet. Probably most important new feature is Windows PowerShell Direct. This allows you to run Windows PowerShell commands in a virtual machine from the host without an actual network connection. More reading here Manage Windows virtual machines with PowerShell Direct

Here are list of technical ressources to clone an old physical server/computer to a VM:



Recommended infrastructure for small companies (<25 persons):

Network switch manageable: 1Gb per port minimum. Cisco catalyst, Netgear, Zyxel, HPE

UTM appliance (FWnextgen, VPN, IDS/IPS):

Antivirus / security agents :

  • Windows defender (default recommended)
  • EDR client software (crowdstrike / carbon black)
  • Microsoft sysmon

Windows server standard/essentials:

Windows server essentials:

Windows computer:

Windows home prohibited (cannot join a windows domain!)

Windows XP is not supported.

Windows 10 professional recommended. 8 GB RAM, dual-core, SSD 512 GB, Wifi, 15″ screen minimum.

(to benefit of the latest security features, and to be able to join a windows domain: Estimated price for a Windows 10 Pro: 157 Euros (vat included)

Recommended: Microsoft volume license (OPEN):

Resellers: ,

Choisir une appliance de securite UTM ?

Comment choisir son appliance de securite UTM ‘unified threat management’ ?


D’abord comprendre ses besoins (NextGen FW, proxy,VPN?, AV?, …)

Critères de selection:


Some products:

checkpoint :

arkoon stormshield :

fortinet fortigate :

dell sonicwall :

sophos :

paloalto ( more for NGFW) :

watchguard firebox :


Link to web resources to map home drive on Windows computers:

– AD user account properties

– GPO settings: group policy setting called “Set user home folder” and is found under Computer Configuration > Policies > Administrative Templates > System > User Profiles.

– GPO preferences