Remove and Reinstall Microsoft WSUS
Jun17

Remove and Reinstall Microsoft WSUS

KB ID 0001679 Problem I don’t like WSUS, the product is OK (ish) the problem with it is, every time it’s deployed, typically the person it was deployed for never looks after it, or manages it properly, and months/years later it becomes a massive ‘bag of spanners’, which is never the client’s fault, it’s always the poor guy who built it, or the support company’s fault. If you run WSUS, log into...

Read More
Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1
May17

Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1

KB ID 0001675 What are these protocols? Both SSL and TLS are cryptographic protocols designed to secure communications over a network (remember the internet is just a network). Originally we had SSL version 1 and version 2. But they were, (to be honest) ‘a bit bobbins’ and full of security holes, so never really took off. Version 3 however did and was widely supported. The problem with version 3 was, (again) that was also ‘bobbins’....

Read More
Windows Server – Schedule a Reboot
Mar02

Windows Server – Schedule a Reboot

KB ID 0001321  Problem Back in the day we just used the ‘At’ command to schedule a reboot, but starting with Server 2012 that was stopped! If you try it now you will see the following; The AT command has been depreciated. Please use schtasks.exe instead Solution (The Quick Way) Execute the following command (change time and data accordingly); schtasks /create /tn “Scheduled Reboot” /tr “shutdown /r /t 0” /sc once /st...

Read More
Group Policy: Item-Level Targeting
Feb08

Group Policy: Item-Level Targeting

KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...

Read More
Apply Group Policy To a Security Group
Feb07

Apply Group Policy To a Security Group

KB ID 0001653 Problem On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go; Solution If you do not already have one, create a group for your users. Add the users, (as appropriate). On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your users are in...

Read More
Get Ready for LDAPS Channel Binding
Jan28

Get Ready for LDAPS Channel Binding

KB ID 0001645 Problem I have written about Enabling LDAPS a long time ago, but it’s a subject that’s about to become important again, so I’ll revisit the subject. Microsoft are about to ‘enforce’ LDAPS authentication against their domain controllers, in the March 2020 round of updates. Now delayed until second half of 2020. What does that mean? Well lookups against LDAP will now need to be secure, (i.e....

Read More