I'm trying to reACL a file server because my robocopy isn't going smoothly. Apparently, there's no single account with access to all the files.

I figure the way to re-acl everything was to take ownership at the root folder and push that down but considering it's a 10TB file server, is there a better way to do this so I can robocopy the entire server?

Hi All,

I am currently setting up an offline Root CA using Windows Server 2016 Core. Part of the istall requires using the certsrv snapin. As this isnt part of the server core install (is it?) I am using a Windos 10 machine. Neither machine is in a domain. I can browse to the server quite happily (\\servername). It prompts me for the username and password. If I try to use the certsrv snapi in or server manager I cannot connect with access denied (Certsrv) or WinRM Negotiate authentication error (Server Manager).

I have enabled remote management via sconfig and turned off windows firewall on the Windows core machine. What else am i missng?

Cheers,
Paul

I was having an issue connecting to our CIFSs shares that are on our NetApp storage.

So the CIFS SVM initially creates an AD computer account in the domain. Then a windows client is able to use that account to \\CIFS\Share into the NetApp CIFS volume.

But it stopped working with "no logon servers available" and "we can't login with your credentials"

I noticed the AD computer values are missing as if it was no longer joined. I replicated this issue in my lab and duplicated the results pretty much by disabling the account.

How can I rejoin a CIFS server to the domain and gain access?

I have a computer that's running quite slowly today.  I'm remoting into the PC, so I can't see what's going on first hand.

After loading up taskmgr and clicking on the Performance tab, I don't see any disks.

What comes to mind for you, here?

This box is running Windows Server 2016

PowerShell Script Request: Remote Windows 2016 Server Page File and Location.

Hey Experts.  I need to copy data from a directory on a server (serverA) but a Windows service on the server needs to be stopped before the data is copied.  Not sure how to get the script to check for the Windows service (say spooler) to be stopped before the script continues on.  Thank you in advance for any help!

Script to list logons on a specific domain controller, which the user actually logged onto that domain controller. Trying to look up examples and I just keep finding ways to find a specific user, I want all of the logons for the past X hours, of any user.

Hi All,

We are looking at installing a Server 2016 server (standalone) with the CS role. We are primarily going to be using it to secure our DC's (currently 2008R2 - but will be upgraded soon), for LDAPS but may look to utilise it further for other devices/servers as well. I am looking for opinion / best practices on how to set this up.

I was thinking that we would only need one enterprise server currently for our needs. I have read however that it is better to have two, a root and subordinate with the root turned off. Would this be over kill given our needs?

Secondly what length key would be best and algorithm to use. According to MS SHA2 with a 2048 key should be fine, however I have also read that that SHA256 would be better.

Should we stick with the default 5 year certificate lifespan.

Which template is most suited for securing the DC / LDAPS

Should I create a dedicated account for access to the server / servers

Finally if one Enterprise root server is deployed, should this be turned off when not in use. I read a MS article that says this is not recommended.

Thanks for your help.

Paul

How big does AD have to be (and how slow does the link need to be) to justify installing a new domain controller in a regional office using the IFM (Install From Media) method?

I think we'll have a 50 mbps symmetrical site-to-site VPN.

Our NTDS folder is 375 megs in size.

Should I use IFM or just do it the regular way?

I'm no pro so picking the easy method is very much preferable.

Reading about IFM here:
https://social.technet.microsoft.com/wiki/contents/articles/8630.step-by-step-guide-to-install-an-additional-domain-controller-by-using-ifm.aspx

I became concerned reading this passage:

"Important :
The next steps are required to change the SYSVOL folder security settings. These steps change the file hash, which will become the same file hash as in the IFM. If you use DFS Replication, SYSVOL will keep the presided data only if the file hash on the source domain controller and the destination server are the same
On the destination server, right-click the SYSVOL folder, and then click Properties.
Click the Security tab, and then click Advanced.
Click the Auditing tab, and then click Edit.
Clear the Include inheritable auditing entries from this object’s parent check box, and then select it again.
Click Apply, and then click OK.
"

The existing domain controllers are Server 2012 and the new one will be Server 2016.  The functional level will remain at Server 2008 R2

Working through some issues on a Server 2016 Essentials server and noticed that the remote web access portal site (remote,domain.com/remote) is not accessible internally (on the LAN) but works fine externally. If I ping the site internally from the Server 2016 Essentials server, it replies back with the public IP address of the server. This seems correct and matches what we see on other Server 2016 Essentials servers with Anywhere Access/RWA working internally and externally. Likewise, if we compare DNS settings (Forward Lookup Zones) between working and non-working servers, settings appear to be the same.

Internally, if I enter the public IP in a browser, the page does not resolve. Externally, it does resolve, as does the DNS address - remote.domain.com/remote.

Running the Anywhere Access repair wizard did not address the issue. It completes successfully, but does not allow us to access the site internally on the same LAN as the server. Doesn't matter if I try from the server itself or a client workstation.

Hi team,

[Server00]: PS C:\Users\dperezb\Documents> Install-WindowsUpdate

Confirm
Are you sure you want to perform this action?
Performing the operation "(13/02/2020 8:59:39) Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.281.594.0)[197MB]" on target
"MDMVFS01".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): A

X ComputerName Result     KB          Size Title
- ------------ ------     --          ---- -----
1 Server00     Accepted   KB2267602  197MB Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.281.594.0)
1 Server00     Accepted   KB4524244   67KB Security Update for Windows Server 2016 for x64-based Systems (KB4524244)
1 Server00     Accepted   KB4537764    1GB 2020-02 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4537764)
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    + CategoryInfo          : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate

I connect with a administrator user.

Regards.

Hi, I'm working on updating / upgrading our WSUS infrastructure from Windows Server 2012 R2 to Windows Server 2019.  ANd since I am building from scratch, I figured I would reevaluate some settings.

The one in particular is whether to implement SSL (8351) or stick to the default (8350) as I've done in the past.

So, I figured why not ask the experts (gurus) in the community to see how they run their WSUS environment.

The other items is what do you typically run for downstream servers, autonomous or replica?


Thanks in advance.