Remote Desktop Services – Securing By Group Policy
KB ID 0001211 Problem Note: This is not an exhaustive list, but it’s what I use when securing Remote Desktop Services, (Terminal Services) servers. Some of these settings are ONLY for Server 2012 R2 and later. If you have any settings you think are omitted, please comment below. Solution User Access To RDS If you want to create a Domain security group for RDS users than please do so. BE AWARE the ‘Remote Desktop...
Exchange: Hide All Contacts From Global Address List
KB ID 0001564 Problem I saw this on EE this evening, so I thought I’d work it out, what if your Global Address List is full of external ‘contacts’, and you want to remove/hide them? Solution First take a look at them, to see you’re not about to cause any damage! Get-MailContact | Where-Object {$_.HiddenFromAddressListsEnabled -eq $false} If you are happy, to remove/hide them from the GAL, simply do the...
Exchange: ‘Can’t find the Organizational Unit that you specified’
KB ID 0001561 Problem I’ve not actually seen this myself, but it was asked on a forum, and I managed to replicate it on the bench. When working on a user or mailbox in Exchange you may see the following error; Error Can’t find the organisational unit that you specified, Make sure that you have typed the OU’s identity correctly Solution This happens because you have a ‘Slash’ ‘/’in the...
ADFS Logon Page: Change Images and Logos
KB ID 0001556 Problem There are a lot of things that can be customised on the ADFS logon page, but most people just want to change the image, and the ‘Company Logo’. Note: By default the company logo is just the Federation Service Display Name but you can replace that with a logo of you own. Replace ADFS Logon Page Main Image As per Microsoft recommendations; “We recommend the dimensions for the illustration to be...
Certsrv: Can Only See User and Basic EFS
KB ID 0001552 Problem When connected to the Web Enrolment portal (Certsrv) for your Certificate Services, you attempt to submit a certificate request. But you only see User and Basic EFS under Certificate Templates, like so; Solution I’ve done this myself many times, usually you are looking for the ‘Web Server’ template and it’s not there, so we will use that as an example. Go to your CA Server. Windows Server...
Cant Copy a Group Policy Object
KB ID 0001543 Problem Was asked this this morning, why couldn’t someone ‘Copy’ a Group Policy Object (GPO)? Solution At first I was confused, (I made the same mistake they had), look at what I’m trying to copy? It’s not a Group Policy Object, its a ‘Link’ to a GPO. (Note: There’s a shortcut arrow!’) Locate the actual GPO and you can copy it! Related Articles, References, Credits,...
You Have Exceeded the Maximum Number of Computer Accounts
KB ID 0001536 Problem A few weeks ago, this was asked in a forum, and while I knew what the problem was, I’d never seen it myself. So I recreated the problem on the test network to look at why it happened, and how to fix / get around the problem. The following error occurred attempting to join the domain {domain-name} You computer could not be joined to the domain, You have exceeded the maximum number of computer accounts you...
Domain Controller Wont Boot: Stop Code ‘0x00002e2’
KB ID 0001494 Problem I had this problem after a VMware host upgrade last night, this domain controller would not boot, I tried ‘Last Known Good Configuration’, I tried ‘Safe Mode’ it would not boot. More out of desperation than procedure, I tried to boot to ‘Directory Services Restore Mode’ and it booted up (hooray!) I tried all the client’s usual passwords, and could not log in, I messaged...
PowerShell: Bulk Add/Remove Users From Groups
KB ID 0001475 Problem I had to do this a few weeks ago, so I documented it. I had a list of usernames in a CSV file and I needed to bulk-add them to a security group. Bulk Add Group Users Solution Firstly you will need the usernames (sAMAccountNames) in .csv format like so, (Note: As a header Im using User-Name.) I’ve saved the file to C:\Temp on my server. Execute the following commands; Import-Module ActiveDirectory ...
Cisco AnyConnect With Server 2016 NPAS (RADIUS) Different Groups
KB ID 0001474 Problem A few years ago I replaced a firewall that was setup like this, and while it took me a while to work out what was going on, I remember thinking it was an elegant solution. Fast forward to today, and I’m now working with the guy who set it up! (Kudos to Paul White). So when I had a client with a similar requirement, I sat down fired up the lab, and documented it. What was used; Windows 10 Remote Client...