Running Dropbox On Windows Server
KB ID 0001489 Problem If you are here, you have probably already found out that Dropbox is not supported on Windows Server platforms. You can install it and set it up happily but it stops working and needs to be relaunched all the time (manually). I love dropbox! So much I actually pay for it! I run it on my management server and its handy for copying file up into my test network, so I can appreciate how annoying it is having to...
Patch Your DNS Servers! SigRed
KB ID 0001687 Problem WARNING: This is rated 10 on the CVSS scale. Affected Server OS: Windows 2003, Windows 2008, Windows 2008 R2, Windows 2012, Windows 2012 R2, Windows 2016, Windows 2019 Yesterday Microsoft released a critical notice (KB4569509) to address vulnerabilities identified in (CVE-2020-1350). Basically it allows a remote attacker to perform remote code execution on your DNS servers (unless you patch them!) The reason its...
Windows Server DHCP Failover & Load Balancing
DHCP Failover KB ID 0001488 Problem Applicable to: Server 2012/2016/2019/2022 Even though we have had this functionality for a while, I’m still seeing people deploy DHCP scopes (split 80/20) across two servers? You can deploy multiple DHCP servers to serve the SAME DHCP scopes, in either load balanced, or hot standby deployment. Solution: DHCP Failover I’m assuming you already have one DHCP server setup and, with a...
Remove and Reinstall Microsoft WSUS
KB ID 0001679 Problem I don’t like WSUS, the product is OK (ish) the problem with it is, every time it’s deployed, typically the person it was deployed for never looks after it, or manages it properly, and months/years later it becomes a massive ‘bag of spanners’, which is never the client’s fault, it’s always the poor guy who built it, or the support company’s fault. If you run WSUS, log into...
Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1
KB ID 0001675 What are these protocols? Both SSL and TLS are cryptographic protocols designed to secure communications over a network (remember the internet is just a network). Originally we had SSL version 1 and version 2. But they were, (to be honest) ‘a bit bobbins’ and full of security holes, so never really took off. Version 3 however did and was widely supported. The problem with version 3 was, (again) that was also ‘bobbins’....
Windows Server – Schedule a Reboot
KB ID 0001321 Problem Back in the day we just used the ‘At’ command to schedule a reboot, but starting with Server 2012 that was stopped! If you try it now you will see the following; The AT command has been depreciated. Please use schtasks.exe instead Solution (The Quick Way) Execute the following command (change time and data accordingly); schtasks /create /tn “Scheduled Reboot” /tr “shutdown /r /t 0” /sc once /st...
Group Policy: Item-Level Targeting
KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...
Apply Group Policy To a Security Group
KB ID 0001653 Problem On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go; Solution If you do not already have one, create a group for your users. Add the users, (as appropriate). On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your group members are...
Get Ready for LDAPS Channel Binding
KB ID 0001645 Problem I have written about Enabling LDAPS a long time ago, but it’s a subject that’s about to become important again, so I’ll revisit the subject. Microsoft are about to ‘enforce’ LDAPS authentication against their domain controllers, in the March 2020 round of updates. Now delayed until second half of 2020. What does that mean? Well lookups against LDAP will now need to be secure, (i.e....
Windows Server – Change Your Password in an RDP Session (Send Ctrl+Alt+Del)
KB ID 0001183 Problem Colleague: Windows Server, Where’s Windows Security gone? Me: Eh? Colleague: Windows Security! Me: What are you trying to do? Colleague: I want to change my password and I can’t send a Ctrl+Alt+Delete to the remote server. Well I know that pressing Crtl+Alt+Delete would let you change your password like so; I wasn’t aware that in Server 2008 and earlier if you were connected via RDP you got a...