Password Does Not Meet Complexity Requirements
KB ID 0000229 Problem Windows Server has a password complexity requirement to make sure passwords are strong. Yes it can be disabled, but while it is in place you need your passwords to confirm to the following. Error within AD Error at Logon Note: To disable password complexity click here. Solution To meet the policy your password MUST, 1. Passwords cannot contain the user’s account name or parts of the user’s...
Windows – Location Based Printing with con2prt
KB ID 0000510 Problem Yes these days we would prefer to use GPO or GPP to do this, but some printers simply refuse to be farmed out this way, and a lot of clients don’t want to install their network printers in that manner. Con2prt is a very old piece of software it’s part of the Windows NT4 ZAK (Yep it’s that old!). Its purpose in life is to connect clients to printers. So how can we do that based on location? We...
Mapping Printers based on Computer OU (via Script)
KB ID 0000645 Problem Location based printing has long been a pain. In the past I’ve tackled it with Group Policy Preferences, and I’ve even gone ‘old school’ and mapped printers with con2prt. A few months ago I put in a new network at a school, they were using a vbs script to deploy all their classroom printers, and I had a quick (unsuccessful) attempt to do the same. But time was against me and I used GPP...
Finding Out the Last Time Domain Users have Logged in
KB ID 0000682 Problem Active directory keeps a log of the last time a domain user has authenticated to the domain (from server 2000 onwards) , the drawback with 2000 is that this value didn’t replicate so you had to query each domain controller and cobble the results together. After 2003 this value was replicated (after convergence,) to all domain controllers. Solution Update Here’s a much better way of showing who logged...
Deploy ODBC Settings via Group Policy
KB ID 0000805 Problem I’ve briefly mentioned this before when I wrote about Group Policy Preferences so when I had to do this on-site this week, I jumped straight into the group policy management console, and found that because my ODBC connection was using SQL authentication (with the SQL sa account), this would NOT WORK, (it only works with Windows authentication and even then it needs a tweak). If you are using SQL...
Server 2012 – ‘The Active Directory Services Installation Wizard is relocated in Server Manager’
KB ID 0000714 Problem I’ve already written about promoting or adding a Windows Server 2012 Domain Controller; Add a Server 2012 Domain Controller to a 2008 Domain But if you attempt to run ‘dcpromo’ from command line, you will see this error, and a link to a Technet article. (Perhaps a clickable link to a picture showing where dcpromo now lives would be better!) Solution Note: I’m assuming you have already...
Configure Wireless Network Stings via Group Policy
KB ID 0000923 Problem If you have a corporate wireless network, you can send the settings out to your clients, rather than have them all ask you what the wireless settings are, and how do they connect. Here I’m going to use Domain group policies, but the procedure is the same for local policies (just run gpedit.msc instead). And the dialog boxes are exactly the same as if you were configuring them on the client machine. (You...
Windows Server – Secure RDP Access with Certificates
KB ID 0000944 Problem This ensures that traffic that is sent over an RDP connection to a server is protected by TLS/SSL Encryption. IT DOES NOT stop clients connecting to an RDP server if they do not have a trusted certificate. If you need that level of security, that should already be done by 802.1x. Solution Create an RDP Certificate Template 1. On the domain CA Launch the Certification Authority Management Console > Certificates...
Cisco – Automatic Re-enrollment Fails to MSCEP/NDES
KB ID 0000970 Problem I’ve covered setting up NDES at length in the past, but what happens when your issued certificates expire? If you are using them for all your VPNs what then? Well thankfully you can get your devices to automatically re-enroll and before they expire, for example to renew the cert at 80% of its lifetime you would use the following; crypto pki trustpoint PNL-TRUSTPOINT enrollment url...
Using “DCPROMO /ADV” to Promote Remote Domain Controllers
KB ID 0000106 Problem For everyone that’s ever sat in a server room/cupboard and had to wait for a server to replicate active directory from a remote site, you will appreciate just how helpful the /ADV switch is when creating a domain controller. What does it do? Well Basically it lets you build a domain controller from a backed up copy of active directory, so after a reboot the new domain controller only has to replicate the...