Windows Networking





The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.

Share tech news, updates, or what's on your mind.

Sign up to Post

are there any specific event logs on windows (windows 7) that indicate the exact time a machine was powered on and off. I know from analysis and testing of security.evtx its pretty close if you pick the first and last event of the day to the time a machine has been on/off but I did wonder if there was an exact event in one of the windows and/or applications and services logs which would specifically relate to power on/off for a laptop device.
Become a Certified Penetration Testing Engineer
LVL 13
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I have 2 PCs that are both connected to the same WiFi network.  Both PCs are on the same work network, both have the same workgroup name and I have toggled network sharing off and on - on both of the devices.

Neither can ping the other.  However, where it gets strange here... If I run simultaneous cmd pings of each other, #1 PC starts successfully pinging the other, but stops if I stop the ping attempts from the other PC to it.  #2 PC pings never resolve.

Both devices are Dell Optiplex 3030AIO and on Windows 7 Pro, Service Pack 1
Setup: Windows 2019 Server with 2 network cards: 1 and 2.
Assigned static IP to NIC 1 netmask, DG, no problem.
When assigning static IP, netmask DG it throws me a warning:
"Microsoft TCP/IP Warning - Multiple default gateways are intended to provide redundancy to a single network (such as an intranet or the internet). They will not function properly when the gateways are on two separate, disjoint networks (such as one on your intranet and one on the internet). Do you want to save this configuration?"
I said yes, but then I lost connection to the internet. Ran the troubleshooter and that reset NIC 2 to DHCP (dynamic).
I am probably missing something here.
planning deployment of windows 10 with workgroup server.  if anyone can suggest a good how to and best practices for a small price of eight systems

I have industrial machine needs to connect to an Access Point in order to download data through a software designed by the manufacturer, I am thinking instead of getting Physical Access Point "especially the machine is working in a sever application" to use Virtual Access point on the LAPTOP, tried ICS "Mobile Hotspot"  but this is not helpful because I need the machine to use /

Is there any Free Virtual Access Point can be download works with Windows instead of using ICS  instead of physical AP? or is there a way in Windows 10 to change IP address and subnet Mask for the clients ?

Thank You
we have a process from icontrol enterprises that polls data from our point of sale box and sends to server to process into usable information.  something changed in windows settings the other day and it can no longer get to the server address it is trying to access. (
it says cant connect.  there is some info i found in a log file (see below) that maybe says what needs to be done???
i turned off windows firewall and it still cant connect.  the sonicewall settings were restored to when it last connected fine and there was no change.
any idea what registry or system setting may need tweaking to fix this based on the logfile info?
ps  this is the other icontrol website and it connects to this one fine (

this shows in the log:
12:37:56 Aug 16 713 Network Debug TCP connection abort received; TCP connection dropped, 50978, X0, 443, X1 tcp TCP Flag(s):
12:37:53 Aug 16 1233 Firewall Settings Notice Unhandled link-local or multicast IPv6 packet dropped fe80::5de:548b:4811:2597, 52847, X0 ff02::1:3, 5355 udp  
12:37:53 Aug 16 522 Network Alert Malformed or unhandled IP packet dropped, 17, X1
I have a 2 Network cards in a server, one is setup for 192.168.0.XX and the second is setup using 10.1.30.XX.  I am in a subnet of 10.1.1.XX.  I can make changes on my sonicwall for the 10.1.30 and the 10.1.1 to be able to see each other in my local network.
I am trying to access the software on the 192.168.0.xx server, it is running our video software.  All our cameras are on the 192 backbone.
I not quit sure how to connect the 192. and the 10. networks so I can run remote logon to the server.
I will be contacting the vendor of the video server in the morning to see if they can assist.
I hope this all makes some sense, looking for suggestions?
I had a pc joined to the domain and then a Windows Update was applied. Network Discovery is greyed out, cannot access any network resources, and cannot disjoin / rejoin domain because that is greyed out as well. The services for Network Discovery won't start.
In our Kiwi syslog server that we use to accept logs/events from a
certain Linux custom appliance, we only see  "Local4: ..."  but we
can't see IP addresses of users who use that appliance
(it's called Garrison: )

The support for that product told us it's something we have to
configure in Kiwi syslog server.

Had been browsing all over Kiwi & there's nothing in Kiwi that we

Correct me if I'm mistaken:
is this something to be configured at syslog client end & not
syslog server?  My understanding is the level of logging is
configured at syslog client (in Linux/Unix, there's syslog.conf)

Kiwi just receives everything that's sent to it via Udp514 &
doesn't filter off anything, right?
OWASP Proactive Controls
LVL 13
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

When you Team NICS does it release the IP's that were on the NIC's that you teamed?
Hi EE,

I have a very strange problem at the place I'm currently living in.  My landlord is trialing a new Wifi connection this trial began at 11 am 1 day ago. No wireless configuration changes were required from my end and my tablet and mobile phone connected to the new wifi without issue. However, my Windows 7 desktop either by Wifi (using the same credentials as my mobile and tablet) or LAN DNS resolution doesn't work anymore I can ping external websites fine.

Tried setting my DNS to Google no luck.
Tried disabling IPv6 no luck.
Tried the ipconfig /flushdus, ipconfig /registerdns, ipconfig/release, ipconfig/renew no luck.
Tried the Netsh winsock, reset catalog, int ipv4 and ipv6 reset no luck

Event logs on my PC confirm the started have DNS issues at 11:03 am that day warning is:

The warning is event 1014 and the source is DNS client events. The general section reads, "Name resolution for the name [insert website URL] timed out after none of the configured DNS servers responded.

Any ideas I am completely stumped by this.

Thank you.
Hey guys,
We have a client that is setup with a Remote Desktop Gateway.  We constantly get people who are getting redirected to the incorrect terminal server and they would either get the error message, "The remote comptuer (computer name) that you are trying to connect to is redirecting you to another computer named....," or that people call in and say that all their stuff is gone, because they are in the wrong server.  I don't see anyway to simply tell something, "this user goes to this server," and it is very frustrating.  Does anyone have any ideas?

I've been given two servers for a PHP project inside my company (one for PHP and the other for MS SQL) but my local system administrator has never dealt with remote SQL connections (yeah, I know).

I've managed to use his admin session (thru Skype's desktop presentation) and configured the SQL instance to use a fixed port instead of dynamic (to avoid headaches in the future). I've also created an inbound rule in the SQL server's firewall that allows that same TCP port for the domain. I didn't create an inbound UDP rule for the SQL Browser because I'm not using a dynamic port.

Also, the user that I'm using in my PHP script was created under Security -> Logins but within the database, instead under Security -> Logins for the entire SQL instance. It was created as dbreader and dbwriter only.

This is how my PHP connection looks like (the x are IP address and NNNNN is the port):
$servername = "\\INSTANCENAME, NNNNN";
$connectionInfo = array( "Database"=>"MY_DB_NAME", "UID"=>"loginname", "PWD"=>"somepassword" );
$conn = sqlsrv_connect( $servername, $connectionInfo );

if ($conn) {
     echo "yup";
} else {
     echo "nope";

Open in new window

What else can I try to make the connection happen?

BTW, both sqlsrv and pdo_sqlsrv extensions are loading fine in PHP.

Both servers are Windows Server 2016 and SQL is also 2016.

Thanks in advance!
could someone help me with a very basic (idiots) guide to the difference & interaction in SharePoint between a 'web application' and a site/site collection. And when it comes to access related permissions, e.g. who can access a document uploaded to a site, e.g. https:\\ourcompany\sites\ourteamsite - are access control related permissions typically set per site, or per 'web application'. If that was your concern (permissions) do you need to be focusing on 'site level' permissions, rather than the 'web applications' level permissions? Or where would you apply access control permissions in such a setup, generally?

I am trying to understand if your sharepoint server typically acts as a glorified file server, where lets say each team in the company has a locked down area for sharing files amongst their direct team colleagues, and each individual in the company has a personal area for files only accessible to them, and each of these areas are essentially 'sites' in sharepoint, then what exactly is a 'web application' in regards to sharepoint? is it in my link above, the https:\\ourcompany, which basically represents a collection of sub sites? I ran the cmdlet get-spwebapplication and all it essentially returns is a list of URL's.
Recently installed a new Windows 2008 R2 Server and now the workstations are unable to map to the shared folders on the server.  I can ping the server by name or IP but not map a drive.  I have tried with and without the Firewall Service running.
Hi, I ran this wireshark network protocol analyzer with no programs open, including no background programs. I ran it for three minutes. I have the report in csv and in pcapng format.(I've changed the latter to a .txt extension to upload).

Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
we experience print job hang if user try to print the file more then 4MB .But we try to configure the NB using local printer was fine.

if print using print server will hang the print server and have to manually delete the print job.

for testing purpose we using the same driver same as print server .Our print server is window server 2012.

at first ,we through is WiFi contested but we trying using LAN cable return the same result.

please advice ,we have facing the issue and how to solved it .Thanks
is there any method to remote check the type of lan cable plugging,  from network card device properties / other windows log?
OWASP: Forgery and Phishing
LVL 13
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Hello all,

I need to present a message for the users is they had connected to the wrong port in the wall...

So basically if one of the ports is connected to network is 98.X.X.X we need to warn the user with a message box.

I have searched the web and found something kind of close to what I need 

The type of the script is not important (batch/vbs) as long as it can present "a warning message box".

The script should be able to run on WinXP and later.


I am doing a vmware microsegmentation project. In reviewing traffic flows, I see a lot of traffic on certain LANs UDP 137 and 138 which I believe is MS Netbios. So app server A might be talking to app server B via UDP at these ports say. if these traffic flows were not permitted within the LAN, what would the impact be on Windows networking?
If you give a user Read/Execute on a "Major" folder and down maybe 3 sub-folders give her Full shouldn't she have Full to that sub-folder 3 down?

   It is a take off of an Excel question I asked yesterday. The exact scenario is that she is given Read/Execute on the main folder then three sub-folders down I gave her explicit Full on a single file. She can delete the file but can not modify it. Every time she makes a change and tried to save it she gets an Access Denied error. I know it looks at the permissions on the share and the NTFS permissions and gives her the most restrictive but in the scenario everyone is given Full on the share.

   Shouldn't she have Full in this scenario?
OMG: This is driving me crazy!!!!

A user keeps getting his AD account locked every 20 minutes.

I've googled this to death, and even reached out to our ManageEngine AD Audit techs.

In a nutshell, Microsoft isn't capturing the source machine name or IP if the logon request is not from the MS platform (linux/mac) or the authentication request isn't Kerberos.

How in the world am I supposed to figure out the offending machine?

Using this command, then stopping and starting the logon service:
nltest /dbflag:0x2080ffff

The widows\debug log reveals:
07/09 14:38:14 [LOGON] [4304] ECPHFD: SamLogon: Transitive Network logon of (null)\ from (none) (via DC-2008-01) Entered
07/09 14:38:14 [LOGON] [4304] ECPHFD: SamLogon: Transitive Network logon of (null)\ from (none) (via DC-2008-01) Returns 0xC000006A

"(NONE)" is NOT HELPFUL Microsoft !!!

I've ruled out that these are coming from the outside world so I'm left thinking this is a malicious internal brute force attack or a forgotten app using the user's old password.  We've shut down all of his devices and the problem persists.


Any ideas would be very much appreciated!

Helplessly yours,
hi guys

I'm thinking of ways in which we could educate our staff when it comes to the actual threats of security through emails like phishing.

However, if I wanted to send out reminders frequently like every fortnight, then I'm wondering what sort of content could be covered in order to not become monotonous?

Have you seen this done at firms you've worked at? If so, are there any tips?

Thanks for helping
Hi EE,

We have enabled a firewall on our development boxes and of all sudden, any of the applications that use CNAME's to connect to the SQL server failed, applications that use the actual name of the instance still work. The setup is a follows:

- SQL Servers reside on a 2 mode Windows Cluster.
- The SQL Server service accounts are domain accounts on the same domain as the applications, so the SPN should already be created.
- The authentication is via AD.

What troubleshooting should I do from here any assistance is welcome?

Thank you

Windows Networking





The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.