Microsoft Server OS

55K

Solutions

41K

Contributors

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi

On our server, we have a couple of folders shared on the network - one been called 'shared-files'. When accessed by Windows 10 workstations, we can access the folders as intended.

When accessed either via remote desktop, or when sat in front of the server and logged into its desktop - we lose a lot of permissions for the folders, when accessing the share from the local server.

What would cause a loss of permissions when physically sat at the server or when accessing via remote desktop for local access of that servers shared folders?

Jamie
0
Optimize your web performance
LVL 1
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

how to deploy fireeye agent using gpo in win server 2012
0
In this screenshot what is the exact location of the Test Test user (see the bottom of the screenshot)? Is it OU=users,DC=company,DC=com or is it something else?

The domain name for this organization is company.com

ACTIVE-DIRECTORY-USERS-AND-COMPUTERS
0
Hi,
We have a client's SBS2011 that has had the contents of the SBS program folder deleted, therefore the Console does not run:

C:\Program Files\Windows Small Business Server\
C:\Program Files\Windows Small Business Server\bin\console.exe

Most articles relate to repairing the console from the Add/Remove appwiz.cpl applet:
https://technet.microsoft.com/en-us/library/gg680337(v=ws.11).aspx

This is innafective as the directory is empty, therefore no .msi unistall information to work from.

Can anyone suggest means of reinstalling the console component alone, while being sure the remaining server functionality such as AD, Exchange etc. is unaffected?

Many thanks in advance,
0
Dear Team, As my understanding, if we purchase the OLP Window Server 2016 Standard license, we will have right to downgrade to Window Server 2012R2 Standard, am I right? Will the license key for Window Server 2012R2 be included in Licensing control panel?

Many thanks in advance!
0
I am trying to follow the instructions within the the https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx#Code_Used webpage to import username information from a .CSV file to create usernames within Server 2016 Active Directory but every time I try to do this I receive the following error messages:

When I run the following command within PowerShell (running as an administrator) .\un.ps1 I get the error message

 “ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null.
At C:\Support\UN\UN.ps1:12 char:232
+ ... scription" -AccountPassword (ConvertTo-SecureString $Password -AsPlai ...
+                                                         ~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

ConvertTo-SecureString : Cannot bind argument to parameter 'String' because it is null.
At C:\Support\UN\UN.ps1:12 char:232
+ ... scription" -AccountPassword (ConvertTo-SecureString $Password -AsPlai ...
+                                                         ~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [ConvertTo-SecureString], ParameterBindingValidationException
    + FullyQualifiedErrorId : …
0
Within the https://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx#Code_Used webpage which contains instructions on creating a CSV spreadsheet that contains fields such as the user's firstname, lastname, maildomain, etc. what should be entered within the SAM spreadsheet column?

I understand what all of fields need except for the SAM field. What should be entered within the SAM field?

Firstname | Lastname | Maildomain | SAM | OU | Password | Description

User | Test01 | contoso.com | utest01 | OU=Standard Users,OU=Users,DC=domain,DC=loc | P@ssw0rd| Test User

One of the lines of code explains the syntax as " New-ADUser -Name "$Displayname" -DisplayName "$Displayname" -SamAccountName $SAM -UserPrincipalName $UPN -GivenName "$UserFirstname" -Surname "$UserLastname" -Description "$Description" -AccountPassword (ConvertTo-SecureString $Password -AsPlainText -Force) -Enabled $true -Path "$OU" -ChangePasswordAtLogon $false –PasswordNeverExpires $true -server domain"

Please provide me with the correct entry that should be used for SAM.
0
It frequently happens that when I try to use PAN Global Protect for work VPN that the authenticator token doesn't arrive until after the Global Protect connection attempt has given up/timed out. If I try to connect a second time then the token for the first attempt will often arrive during attempt #2, the second during attempt 3 and so on.

What is likely the problem? And is there anything I can do as an end user to fix this? Anything that IT could do to fix the delays of the token?
0
Hi All,

I get the following error when I check for updates:

There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information: (0x80244022)

 
I then RDP to PRODWSUS01VM which is the windows update server set in my registry.

I ran the Update Services snapin and tried to connect to PRODWSUS01VM but I get the following error:

WSUS console
Can anyone here please assist me what stepsI need to do to ensure the WSUS is working again in my AD domain ?

Thanks,
0
What is the correct process to follow to create a .CSV file containing the first names, last names, usernames, & passwords of users to import into Server 2016 Active Directory?
0
Get 15 Days FREE Full-Featured Trial
LVL 1
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

I've got a client who uses Windows Server 2008 Standard and it appears that sqlservr.exe is taking up enormous amounts of RAM and file sizes.  5GB of RAM to run one instance.

How do I reduce this?  

They are 15 users, using the server for file storage and domain controller/AD only.  Used to run Exchange Server, SharePoint, etc. but now no Exchange, no SharePoint.  If I am running AD, DC, DNS, DHCP, do I have a need for SQL Server?

I need to trim this down, as the system is constantly reading/writing tons of data, and the only massive thing going on appears to be sqlservr.exe.
0
Is there a Dell client system update for Dell servers that will download and install the latest drivers and BIOS updates for Server 2016 Dell servers similar to the Dell Client System Update for workstation which can be downloaded from the http://en.community.dell.com/techcenter/systems-management/w/wiki/1960.dell-client-system-update website?

Where can this product for Dell servers be downloaded from?
0
We moved a website from a server 2008 to a server 2012 system with Windows Authorization turned On and Anonymous turned Off.  Now, we get a HTTP Error 401.2 error.  However, if I turn On Anonymous it works.  Is there a way to take a deeper dive into this type of error to see what permissions we are missing?  I have turned on tracing, but it doesn't produce any trace logs.  To make a short story longer, the Old web code is invoking the Neevia Document Converter product and using the WebKit to parse HTML.  I suspect it has little to do with the Neevia product and more to do with the permissions differences between 2008 and 2012 server.  The building IE parser doesn't work either (gets a timeout).


HT T P Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Most likely causes:
No authentication protocol (including anonymous) is selected in IIS.
Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reac
h the Web server.
The Web server is not configured for anonymous access and a required authorization header was not received.
The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.
Things you can try:
Verify the authentication setting for the resource and then…
0
Hey guys, we have an important file on our file server (Server 08 r2) - it says it locked by a user. I checked in computer management and no one has the file open. How do i fix this?
0
Hi we have a client with mixed OS versions.

DC = Server 2012 r2
App server = Server 2008 r2
RDS = Server 2012 r2

DC migrated from 2003 to 2012 r2

Guide followed : Link


I have tryed many solutions to the problem but nothing has solved the issue. Since we are getting Kerberos messages i tried the standard to synch time servers. But to no help. Only thing that fixes the problem temporarily is rebooting the server.

Some of the errors are :

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Open in new window


Additional information : ID:4, SOURCE:Microsoft-Windows-Security-Kerberos
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server dc$. The target name used was ldap/DC.XXX.local. This indicates that the target server failed to decrypt the ticket provided by the client. 
This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. 
This error can also happen if the target service account password is different than what is configured on the Kerberos 

Open in new window

0
Hi,

I have inherited a Windows 2012 R2 Server running Hyper-V.  Currently, there is only one VM, for simplicity I'll call this VM1.  The former tech set up VM1 with AD and also has up to 10 users remotely log into that VM to work remotely using remote desktop services port forwarding 3389.  Besides the obvious security concerns of port 3389 open to the server--shouldn't separate VMs be set up?  Am I right that it's a security concern to have Remote Desktop Services and AD running on the same server or is that old school thinking?  I'm thinking that they should have a VM that does RDS and another VM that is their AD server.  They're running several SQL databases on this VM as well.  There's 40 GB RAM allocated for this VM.  Please let me know the security concerns and also performance concerns with this setup?  Thanks!
0
Hi,

My client has a SCOM 2012 R2 infrastructure and would like to monitor a service across multiple servers.  The service name is the same across them all.

I can only find a way to monitor the service as a group for critical but cannot find a way for warning.

So for instance if I have 5 servers with the same service I want a warning that the service on 2 of the servers are down and critical when the service on 3 of the servers are down.

Many thanks

Shane
0
In our Win 7 our ability to change the color theme is grayed out. I want to be able to allow certain users to change it. I created a GPO policy and am using GPO filtering but it is not working. I created the policy and gave read\apply permissions to certain users but the ability is still grayed out. What could I be doing wrong?

I have attached a couple screen shots. One of the policy and the second one of the screen where it is grayed out.
contrast.bmp
contrast1.bmp
0
I am trying to open a port on the domain for all computers in the domain via group policy, I did the following;
Computer configurations/Windows settings/Security settings/Windows firewall with advanced security/inbound rules.
New rule
Port
TCP 155
Allow connection if secure
Entered the authorized computer that will be accessing via this port
Domain
Name - finish
Assigned the rule to the domain
Did a update cmd
But the port is not open
Working with a server 2012 and window 10
Open-155.JPGPort-155.JPG
0
Free Tool: Port Scanner
LVL 9
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

People,

I need some help to query all domain controller for certain Security Event ID like: 4740, 4771 and 4776.
My goal is to know which location of the Locked AD account.

This is the script that I have and been working:
$LogonType = @{
	[uint32]2 = 'Interactive'
	[uint32]3 = 'Network'
	[uint32]4 = 'Batch'
	[uint32]5 = 'Service'
	[uint32]7 = 'Unlock'
	[uint32]8 = 'NetworkCleartext'
	[uint32]9 = 'NewCredentials'
	[uint32]10 = 'RemoteInteractive'
	[uint32]11 = 'CachedInteractive'
}
Get-ADComputer -LDAPFilter "(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))" | ForEach-Object {
    "Processing $($_.DNSHostName) ..." | Write-Host
	Get-WinEvent -ComputerName $_.Name -FilterHashTable @{LogName="Security"; ID=4624; Data="John.Wick"} -MaxEvents 200 | ForEach-Object {
		New-Object PSObject -Property ([ordered]@{
			MachineName = $_.MachineName
			TimeCreated = $_.TimeCreated
			User = $_.Properties[5].Value
			Domain = $_.Properties[6].Value
			LogonType = $_.Properties[8].Value
			LogonTypeString = $LogonType[$_.Properties[8].Value]
			SourceIP = $_.Properties[18].Value
			SourceName = (Resolve-DnsName -Name $_.Properties[18].Value -ErrorAction SilentlyContinue).NameHost
			Keywords = $_.KeywordsDisplayNames -join ";"
		})
	}
} | Export-Csv -Path C:\TEMP\John.csv -NoTypeInformation -UseCulture

Open in new window


and this is the second PowerShell script:

get-eventlog -logname "security" | where {($_.eventID -eq 4771) -or ($_.eventID -eq 4776) -or ($_.eventID -eq 4625) } | select timegenerated,message

Open in new window


Any help would be greatly appreciated.
0
We are trying to add an Entry Point for our Microsoft DirectAccess setup (currently in MultiSite) but we are getting stuck adding an additional entry point.  We tried to look in the event viewer without much success (or description of what this error is).  Any ideas or suggestions on where to look?

We are utilizing IP-HTTPS.

Thanks in advance.  

DirectAccess
0
Hi All,

I need to open a case with Microsoft for a server issue, i want to say a year ago i ordered a TechNet or something like that which gave me 5 support incidents for 699 or something like that. I went online today to open a case, and it says a 5 pack is 1999, did something change?
0
Hi All,
We have SCCM 2012, Current Branch.
Been installed (by a consultant) about 6 weeks ago. We have ran into an issue with clients updating and not sure if they have ever updated since it's been installed
I think (I will double check) most of our clients are showing the following errors from the windowupdate.log

2017/08/03 22:09:18.4202729 312   3520  ProtocolTalker  SyncServerUpdatesInternal failed 0x8024401c
2017/08/03 22:09:18.4246690 312   3520  Agent           Failed to synchronize, error = 0x8024401C

I have attached logs from 3 Windows 10 machines. These include WU log and WUAHandler.log
Also attached are 2 SCCM Log files

What I have tried.
1. Can telnet onto port 8530 from any client machine
2. Checked event logs
3. Rebooted SCCM Server
4. Made the changes as per this article - all through I don't think it was relevant - https://blogs.msdn.microsoft.com/the_secure_infrastructure_guy/2015/09/02/windows-server-2012-r2-wsus-issue-clients-cause-the-wsus-app-pool-to-become-unresponsive-with-http-503/
5. Ran through this article - https://technet.microsoft.com/en-us/library/bb735874.aspx.
But still haven't been able to crack the issue.

Questions
1. Can you still use WU to check for updates that will just go to your SCCM Server and expect to find and install updates? Or do updates get installed differently using ADR's?
I was expecting to click "Check for Updates" and find available updates.

2. Under update history, would I still see updates …
0
I have been trying to copy PsExec.exe in to the system32 folder of my server 2012
Every time I get access is denied error
I am logging on as a full domain admin
The copy works on one 2012 server but not the other
I cannot see any difference between the servers or the log on level of the Admin user

I have been through the google sites with no luck
0
I am installing a new domain controller with a company who setup SBS2008 then SBS2011 and used the .local as there internal domain. I want to make their new domain internal or ad.thecompany.com. Exchange has already been pushed out to 365 so there is no mail to migrate. Basically it is users, computers, printers and network shares. The company has about 40 computers so I guess my question is it worth it. The owner loves the idea but not sure about how long it would take.

Thanks
0

Microsoft Server OS

55K

Solutions

41K

Contributors

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.