Windows Server – Where Has Disk Management Gone?

KB ID 0000724 

Problem

Much as I like Server 2012, I’m stuck in my ways when it comes to admin tasks, when I want to do some disk management, I right click computer and select manage, and disk management is never far away. Until now where it’s nowhere to be seen.

Solution

Option 1 (The Tech Ninja Way)

Press Windows Key+R and Run diskmgmt.msc

Option 2 (The Lazy GUI Way)

Open the advanced context menu (Windows Key+X), select Disk Management.

Option 3 (The ‘I’m only including this to stop the pedants sending it in’ way)

Press Windows Key+Q > In the search section type ‘disk manage’ > Select Settings > Select and format disk partitions.

Update 06/12/12

Email from Nick Keyzer

You can also move your mouse cursor to the bottom left corner of your screen. This will trigger the ‘start’ menu icon. Simply Right-Click the bottom left corner for additional management menus including ‘Disk Management’.

Related Articles, References, Credits, or External Links

NA

Adding a Domain Group to the Local Administrators Group

KB ID 0000589 

Problem

This weekend I’ve been doing a school migration, (go live is tomorrow). Just as we were finishing up today, we found out a client application needed a certain user group to have LOCAL administrator rights on the client machines.

I remembered that it could be done and it had something to do with “Restricted Groups”. So when I got home I fired up the test network and ran though it for tomorrow.

Solution

1. Launch “Active Directory Users and Computers” (Start > Run > dsa.msc {enter}). Ensure you have a domain security group, (Not a distribution group) with the domain members you wish to grant access to.

2. On a domain Controller, Start > Administrative Tools > Group Policy Management > Locate the OU that contains the computers that you wish to grant administrative rights to > Right Click >Create a GPO in this domain, and Link it here.

Warning: Do not create a GPO on an OU that contains servers or anything you would NOT want you users to have administrative access to.

3. Give the policy a sensible name.

4. Edit the policy that you have just created.

5. Navigate to:

[box]Computer Configuration > Windows Settings > Security Settings > Restricted Groups[/box]

Right click > Add Group.

6. Browse and locate your domain security group > OK.

7. Under “This group is a member of” > Add > Add in Administrators >OK.

8. Apply > OK

9. Now on your clients, the domain group will be added to the local administrators group.

Note: this may require a reboot or a “gpupdate /force” command.

 

Related Articles, References, Credits, or External Links

NA

Managing Forefront Endpoint Protection (FEP) with Microsoft Group Policy (GPO)

KB ID 0000604

Problem

FEP is Microsoft’s offering for antivirus, try to think of it as the corporate version of Security Essentials. Just about everything on the net for managing it seems to be geared to managing it with SCCM. Which is fine if you have SCCM, but what if you don’t? Thankfully you can manage it with group policy, even if information on how to do it is rarer than hens teeth!

With a Microsoft CoreCAL you can use the FEP client, so if you already have CoreCALs, then it’s a solution that can save you some cash on your corporate AV strategy.

Solution

Installing Forefront Endpoint Protection

The client software is available in x64 and x86 bit flavours, it is installed from a single executable (FEPInstall.exe). There is no MSI installer (yeah thanks Microsoft!) So if you want to roll it out on mass, you need to either install it using a startup script, include the software in your ‘Master/Golden Image’ and re-image you machines, or tear your hair out trying to work out SCCM.

Managing Forefront Endpoint Protection with Group Policy

1. First you need to download the policy definitions, copy the FEP2010.admx file to %Systemroot%PolicyDefinitions.

2. Then copy the FEP2010.adml file to %Systemroot%PolicyDefinitionsEN-US

Creating a Group Policy Central Store

3. If you have all your ADMX policy definitions in a central location, all your clients can use them. The correct place for them is in the sysvol directory, in a folder called policies (this is where your clients read their group policies from). To create the directory issue the following command;

[box]MD “%logonserver%sysvol%userdnsdomain%policiesPolicyDefinitions”[/box]

4. Now copy all your policy files into it, (from the folder we used earlier) with the following command;

[box]xcopy %systemroot%policydefinitions*.* “%logonserver%sysvol%userdnsdomain%policiesPolicyDefinitions” /S /Y[/box]

5. Then either create a new policy, or edit an existing one that’s linked to the COMPUTER objects you want to manage.

6. Navigate to;

[box]Computer Configuration > Policies > Administrative Templates > System > Forefront Endpoint Protection 2010[/box]

Here you will find the policy settings you require.

7. When you are controlling settings via GPO this is what you will see on the client machines.

Importing and Exporting Forefront Policy Settings

8. From the files you extracted earlier locate and run the FEP2010GPTool.exe. From here you can import and export all the policy settings from a particular group policy. Microsoft have published a set of policy settings which you can download for various server roles.

Note: By default each policy you import will merge with the existing settings in the GPO, unless you tick the “clear the existing Forefront Endpoint Protection settings before import” option.

Updates for Forefront Endpoint Protection

9. Windows uses it’s existing ‘Windows updates’ path for getting updates. If you have a WSUS server you will need to enable the updates in the ‘Products and Classifications’ section.

10. If you DONT have WSUS but you are behind a proxy, you can manage FEP proxy settings from the following policy.

Related Articles, References, Credits, or External Links

NA

Manage your Cisco Firewall from your Windows Mobile Device

KB ID 0000158 

Problem

You have a new windows mobile device and your bored! – well not really, I hope I never have to do this in anger but, It was an exercise in proving it can be done 🙂

Solution

Before you start you need to ensure the following has been done,

1. The firewall in question needs an RSA Key generating on it, (on the firewall issue the following command “crypto key generate rsa” {without the quotes}.

2. The IP of the phone needs allowing – you can analyse the logs to see what’s trying to connect on port 22 and allow that, or issue the following command “ssh 0 0 outside” NOTE that opens your firewall up to SSH access from ANY IP address – so only turn that on when you need it, or find the ip of the phone and allow that!

3. You need a copy of “PocketPuTTY” on your phone.

To put PocketPuTTY on your phone, either use Active Sync, Windows Mobile Device Center, or copy it on with an SD card.

Then on the phone simply navigate to PocketPuTTY, run it, and give it the IP address of the firewall. (Note: You may need to un-tick the “Use Compression” option).

Related Articles, References, Credits, or External Links

Connecting to and Managing Cisco Firewalls

HP / 3COM – Setup the V1910-24G Switch

KB ID 0000495 Dtd 20/08/11

Problem

I was surprised this week when I went to fit one of these switches, I know HP bought 3Com some time ago but when I popped open the HP box I did not expect to see a 3Com switch.

Anyway, heres a very quick run down on initial setup (assign IP and secure the system passwords).

Solution

1. On the chassis locate the sticker with the serial number on it, on here it will show you the IP address that its set to by default, this is an IP in the 169.254.x.x range so providing you have a laptop/PC set up for DHCP simply connect it to the Switch (any port) and you can open a web browser session to it.

2. Default access is user name admin with a blank password.

3. To change the password, select Users >Modify.

4. Select the admin user and change the password below. Note: You can add additional users here as well.

5. To change the management IP address, select Network > VLAN Interface > Modify.

6. Out of the box you will only have one VLAN, change the setting to manual.

7. Set the required IP and Subnet mask > Apply (At this point you will be kicked out of the management console, connect the switch to your live network and you will be able to connect to its new address).

 

Related Articles, References, Credits, or External Links

NA