Category: Windows Server/Client


How to repair servermanager.exe on 2012 R2 ?

if servermanager crash and if there is an event on application event log:

Event ID: 1000
Faulting application path: C:\Windows\system32\ServerManager.exe
Faulting module path: C:\Windows\system32\wmidcom.dll

Solution:

Rename the registry key HKLM\SOFTWARE\Microsoft\ServerManager\ServicingStorage\ServerComponentCache
to
HKLM\SOFTWARE\Microsoft\ServerManager\ServicingStorage\ServerComponentCache.old
Reboot to take effect then if KO remove the .old registry keys

 

Advertisements

# Try without doing anything bad

Stop-Computer -WhatIf

# Stop the local computer

Stop-Computer

# Try without doing anything bad on multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’ -whatif

# Stop multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’

https://dnschecker.org

 

https://www.whois.net/

 

https://mxtoolbox.com/

 

https://whatismyipaddress.com/

 

http://ping-test.org/

 

https://www.portcheckers.com/

 

 

Microsoft security compliance toolkit:

Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporte pas Desired Configuration Management de System Center Configuration Manager ou SCAP.

https://www.microsoft.com/en-us/download/details.aspx?id=55319

Other references:

2012 R2 hardening (CIS):

https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0.pdf

Windows 10 hardening:

https://www.asd.gov.au/publications/protect/Hardening_Win10.pdf

 

 

 

How to change Users folder from default location to the D: drive ?

Computer\HKEY_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList

Note: You Change All Users Profile Path. For That You Have To Change “ProfileDirectory” Path From ProfileList key (see above). Its Applicable For New User Login !

Article:

https://www.quora.com/How-could-I-change-my-user-folder-default-location-from-C-to-D-in-Windows-10

 

 

 

To test SSL/TLS and much more you can use the free online tool from Qualys:

https://www.ssllabs.com/ssltest/index.html

Links related to TLS which I have consulted: Solving the TLS problem ==> https://www.microsoft.com/en-us/download/details.aspx?id=55266

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==> https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

TLS/SSL Settings ==> https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS10

Managing SSL/TLS Protocols and Cipher Suites for ADFS:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://jorgequestforknowledge.wordpress.com/2017/03/01/hardening-disabling-weak-ciphers-hashes-and-protocols-on-adfs-wap-aad-connect/

 

SSSD principle:

SSSD for SuSE (sles):

https://www.suse.com/support/kb/doc/?id=7022002

http://www.novell.com/support/kb/doc.php?id=7014572

RHEL:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/index

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html

Troubleshooting SSSD:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Troubleshooting.html

Resolution:   id  <userid> ; getent passwd <userid>

Authentication: ssh <userid>@localhost

 

In addition to redhat guide, there are tones of interesting links:

http://thornelabs.net/2014/01/30/authenticate-rhel-5-and-6-against-active-directory-on-windows-server-2008-r2-with-sssd-using-kerberos-and-ldap.html

http://www.chriscowley.me.uk/blog/2013/12/16/integrating-rhel-with-active-directory/

https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1803/ba-p/188568

A colleague of mine found this interesting article:

https://blogs.msdn.microsoft.com/chiranth/2013/09/20/ntlm-want-to-know-how-it-works/

 

GPO Basics:

1) Structure of a GPO:

Group Policy Container (GPC) which exists in Active Directory

and the Group Policy Template (GPT) where the actual content of your GPOs resides.

A third component, known as Client-Side Extensions (CSEs) can be found on client devices and are necessary for them to properly process the Group Policies assigned to them.

ref: http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/13/understanding-the-structure-of-a-group-policy-object.aspx

2) GPO processing (LSDOU):

ref: http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/15/understanding-the-structure-of-a-group-policy-object-part-2.aspx

3) GPO troubleshooting:

http://social.technet.microsoft.com/wiki/contents/articles/22457.10-common-problems-causing-group-policy-to-not-apply.aspx

https://technet.microsoft.com/en-us/magazine/ccba8171-2b4a-4437-ab45-bbdee8323ee2

 

GPO management with PowerShell:

Powershell – how to translate a GPO GUID to Name?

Get-GPO -GUID “{AD7E3746-7135-496B-A1F5-B5B11871F96F}”

Powershell – how list all GPOs?

Get-GPO -all

Get-GPo -all | ft -autosize

Get-GPO -all | out-gridview

Powershell – how many GPOs?

(get-gpo -all).count
203

Powershell – how to translate a GPO Name to GUID?

PS Z:\ADGPO management> Get-GPO -all | where {$_.id -like “bd9df1be-3663-4cb4-bb71-35f7e27c691f”} | select id,displayname | ft -autosize

Id                                   DisplayName
—                                   ———–
bd9df1be-3663-4cb4-bb71-35f7e27c691f Corporate-A-All-Settings-Restore

 

Powershell – create and link a GPO?

 

PS C:\> Get-GPStarterGPO -Name “Laptops”
Next, you can use the New-GPO cmdlet to create the new GPO from your Starter GPO as follows:

PS C:\> New-GPO -Name “France-Laptops” -StarterGpoName “Laptop”

Finally, you can link the new GPO to the targeted OU as follows:

PS C:\> New-GPLink -Name “France-Laptops” -Target “ou=computers,ou=France,dc=hq,dc=mydomain,dc=com”

Alternatively, by using the Windows PowerShell pipeline feature, you can create and link the GPO using a single command.