Manually Update Windows Trusted Root Certificates
Manually Update Windows Trusted Root Certificates KB ID 0001831 Problem These days your trusted root certificates are simply updated with Windows Update, but what if your servers have no internet access? In this example I will manually update the root certs by downloading them on a machine WITH internet access then importing on another machine that has not. Bear in mind: If none of your machines have internet access they cannot check...
Windows: Migrate DHCP HA
Migrate DHCP HA KB ID 0001826 Problem I got an email last week. “Hi thanks for your video. I have two win 2012 DC DHCP on a failover/load balance config and want to migrate to new Win 2022 VMs. What’s the exact procedure? If it’s a single VM it’s easy but I’m not sure about if it’s on a failover setup.” Well migrating the domain controller element I’ve covered before. Migrate From Server...
Deny RDS
Deny RDS KB ID 0001825 Problem Way back when I started doing tech (in the days of Novell 4 and NT4), my mantra was, if you must deny something then you’ve done something wrong. Now I work for a UK based MSP that offers SPLA licensing to clients. Unlike typical RDS licensing, With SPLA this requires every ‘capable’ AD user that ‘can’ RDP onto a server (regardless of it’s a Session Host RDS Server or...
Auto Update ADMX Files
Auto Update ADMX KB ID 0001824 Problem It’s been a long time since I ran through setting up a central policy definitiosn store. In that time, you’ve probably had to copy ADMX (and ADML) files into your central store manually. Microsoft updates typically DO download updates but puts them (usually) in C:\Windows\PolicyDefinitions, There’s probably a sensible reason for that. When someone cleverer than I has scripted...
Windows LAPS
Windows LAPS KB ID 0001822 Problem We used to have Microsoft LAPS, now we have Windows LAPS! LAPS is a solution that lets’ you store admin passwords ‘elsewhere’ be that in your local Active Directory or Azure Active Directory*. Unlike previously, where you had to deploy/install client software, it’s now built into Windows from the following versions. Windows 11 22H2 – April 11 2023 Update Windows 11 21H2...
Microsoft Edge Multiple Statup Pages (via GPO)
Microsoft Edge KB ID 0001818 Problem Controlling Microsoft Edge with Group Policy is pretty straight forward, you just need to ensure the msedge.admx and msedgeupdates.admx files have been added to your policy definitions store in the right folders. If you have no idea what I’m talking about, see the following article. Microsoft Edge on Server 2019/2016 (and Citrix) Then you can deploy group policies to your...
NameSpace ‘Microsoft.Policies.WindowsStore’ Error
Microsoft.Policies.WindowsStore KB ID 0001817 Problem While working in the Group Policy Management tool, upon expanding administrative templates I got this error. Namespace ‘Microsoft.Policies.WindowsStore’ is already defined as the target namespace for another file in the store. Solution: Microsoft.Policies.WindowsStore Error This is because in your policy definitions there are two (four actually) files that are pointing...
Disable LLMNR and NetBIOS (via GPO)
Disable LLMNR and NetBIOS KB ID 0001816 Problem LLMNR is a protocol that’s used both in IPv4 and IPv6 networks to provide name resolution (in the absense of DNS), the problem with it is that it is wide open to exploitation and can be used to perform a MITM attack on your network. NetBIOS is much older and asscociated with IPv4 networks only. Really old Microsoft OSs used to rely on it heavily, but these days its pretty much...
Upgrade Server 2012 (In Place)
Upgrade Server 2012 KB ID 0001802 Server 2012 End Of Life Note: Also See In Place Upgrade of Window Server Windows Server 2012 (and Windows Server 2012 R2) will go end of life on October 10th 2023. Start planning to migrate your productions workloads off this platform as soon as you can. I’ve mentioned before on the site, I’m not a fan of ‘in place’ upgrades, you get to migrate all the ‘broken bits’...
DC Promotion fails ‘FRS is Depreciated’
FRS is Depreciated KB ID 0001579 Problem Error seen when attempting to add a new domain controller to an existing domain; Verification of replica failed. The specified domain {Domain-Name} is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is depreciated. The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain. You MUST migrate the specified domain...