Test post from phone

Posted on December 13th, 2011 in Uncategorized by alt-92

Greetings

Posted from WordPress for Windows Phone

Been there, done that. Next hype plz.

Posted on May 28th, 2011 in Uncategorized by alt-92

 

 

mis

RSAT for Windows 7 SP1 available

Posted on April 8th, 2011 in Server 2008, Windows 7 by alt-92

The Ask the Directory Services Team Blog posted some goodness:
The Remote Server Administration Toolkit update to support Windows 7 Service Pack 1 has been released.
See http://blogs.technet.com/b/askds/archive/2011/04/07/rsat-for-windows-sp1-is-now-available.aspxor get it at http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d

Windows Server 2008 CAs and Server 2003 DCs – are you seeing event ID 13 popping up every eight hours?

Posted on March 15th, 2011 in Deployment, Security, Server 2003, Server 2008 by alt-92

Be careful when implementing a Windows 2008 based Certificate Authority in a mixed 2003R2 and 2008(R2) environment. By default, the installation of the ADCS Role on a 2008 Server selects SHA2 type algorithms which are not quite compatible with Server 2003R2 SP2 or XP SP3.
You will need a hotfix.

While waiting for a new hardware setup I decided to jump the gun and upgrade my old 2003CA to 2008 in advance – a pretty straightforward process of decommissioning and deploying a new CA on a fresh 2008 install.  Both my Home Theatre setup and laptop are running Vista or 7, and there’s a virtualized Core 2008 Domain Controller as well. No problems there.
However, there is still one slight snag as I’m still using a 2003 machine as second physical DC (which hosts my DFS namespace and I haven’t gotten around to upgrading that one).
After a couple of days, that machine started spewing Event ID 13 errors every eight hours in the Application log:

Event Type:    Error
Event Source:    AutoEnrollment
Event Category:    None
Event ID:    13
Date:        28-2-2011
Time:        18:14:37
User:        N/A
Computer:    MYDC
Description:
Automatic certificate enrollment for local system failed to enroll
for one Domain Controller Authentication certificate (0x80092009).
Cannot find the requested object.

For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.

Secure Channel for LDAP over SSL also breaks because of this, so you’ll see those warnings as well.

A quick look in the ADCS Snapin confirmed both the Directory Email Replication and Domain Controller Authentication certificates were trying to autoenroll but failing every 8 hours.

A search for "cannot find the requested object" quickly resolved that, pointing the way to http://support.microsoft.com/kb/968730.

After requesting the hotfix and rebooting, AutoEnroll properly processes the request again, and SSL enabled LDAP connections are restored.

More information is also available on the Windows PKI Technet Blog: http://blogs.technet.com/b/pki/archive/2011/02/08/common-questions-about-sha2-and-windows.aspx

Windows 7 Action Center prompts and GPO Preferences

Posted on November 2nd, 2010 in Server 2008, Windows 7 by alt-92

On a regular Windows 7 install, Action Center in Control Panel notifies the user in case settings are not set to defaults or if maintenance settings are not set  – for instance, if you’ve configured Windows Update to prompt for install (and not automatically install available updates on shutdown), or Windows Backup.

Notifications are presented by means of the little Action Center flag in the systray, and a popup window:
acflag

You can disable these messages normally in the Action Center either by clicking the links provided or by changing the Action Center settings on the left.
actioncenter

actioncentersettings

On most Corporate networks however, Control Panel entries are either limited to user specific settings or even blocked altogether, in which case Action Center is not available but the notification will still bug you about the settings  – like when you’re using SCCM for instance to install updates.

That’s not a bad thing per se, as Antivirus products also use the Action Center to notify you in case something is wrong.
Simply hiding the Action Center flag may not be the solution, that’s like sticking your head in the sand saying neenerneenerneener and waiting for that freighttrain to hit you head-on.

In that case, Group Policy Preference allows you to enter presets and disable the abovementioned prompts.
I’ve used Process Monitor to filter on the exact registry entries used to configure the settings.
procexp

Then, create a GP preference and snapshot* the disabled items.
*These are REG_BINARY keys, the valuefield is too short to enter the values manually.

gpmcpref.winupdate

gpmcpref

For reference, these are the exact keys and binary values used.

Windows Update:
gpmc.winupdate

Windows Backup:
 gpmc.backup

Once applied to your User OU, these settings ensure the Action Center will still prompt for any other mishaps but ignore Windows Update or Backup.