Method 1:
The trust relationship between this workstation and the primary domain failed.
Once you execute it will ask for your domain admin username and password.
Method 1:
The trust relationship between this workstation and the primary domain failed.
Once you execute it will ask for your domain admin username and password.
What’s in Search Crawl SQL database anyway?
Inside are information about status, time etc. found by crawling.
average size for crawl = 0,046 * (content SQL DB)
How to reduce size of Crawl Search SQL DB?
From SharePoint 2010 we can use Health Analyzer for reducing big sized Crawl Search DB. If you for any reason stop crawling scheduled job or remove crawled content then sometimes indexing generates too big search database.
Or it might be fragmented indices. In this case just found rule Search in Health Analyzer and set the rule, that will automatically defrag if many fragmented indices are found.
Search Crawl database often have plenty of empty space. If with defragmentation we didn’t get wanted result, than you can restore crawl db in 2 different ways.
In SharePoint admin console:
Central Administration found Search Administration
Stop All Crawl in content Sources
In Index reset undo Deactivate search alerts during reset in click on Reset Now
In SQL server:
Found Search DB Crawl and open All Tasks – Shrink – Database: undo Reorganize files before releasing unused space
Again for All Tasks – Shrink – Files: undo Release unused space files before releasing unused space
Microsoft Office 2013 shows the following screens when an application is launched for the first time:
Group Policy Management Editor
STEP ONE: If you have not already, download the Office 2013 Administrative Template files. These can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=35554
STEP TWO: Copy the ADMX files to %systemroot%\PolicyDefinitions and the ADML files to the language specific folder (such as en-us) under %systemroot%\PolicyDefinitions.
STEP THREE: Using the Group Policy Management Editor go to User Configuration | Policies | Administrative Templates: Policy definitions | Microsoft Office 2013 | First Run
STEP FOUR: Set the Disable First Run Movie to Enabled and the Disable Office First Run on application boot to Enabled
Like the Office 2010 Welcome screen, Office 2013 shows the following First things first prompt, when a user launches an application for the first time:
Group Policy:
STEP ONE: If you have not already, download the Office 2013 Administrative Template files. These can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=35554
STEP TWO: Copy the ADMX files to %systemroot%\PolicyDefinitions and the ADML files to the language specific folder (such as en-us) under %systemroot%\PolicyDefinitions.
STEP THREE: Using the Group Policy Management Editor go to User Configuration | Policies | Administrative Templates: Policy definitions | Microsoft Office 2013 | Privacy | Trust Center
STEP FOUR: Configure each setting under Trust Center that best suits your needs. If you wish to disable all of these settings, set the first one to Enabled and all the rest to Disabled as shown below
Unlike earlier versions of Microsoft Office, the Microsoft Office 2013 applications, when started, show a Start screen similar to the following, rather than opening the default blank template:
Group Policy:
STEP ONE: If you have not already, download the Office 2013 Administrative Template files. These can be downloaded from http://www.microsoft.com/en-us/download/details.aspx?id=35554
STEP TWO: Copy the ADMX files to %systemroot%\PolicyDefinitions and the ADML files to the language specific folder (such as en-us) under %systemroot%\PolicyDefinitions.
STEP THREE: Using the Group Policy Management Editor, locate the “Disable the Office Start screen for all Office applications” under User Configuration | Policies | Administrative Templates: Policy definitions | Microsoft Office 2013 | Miscellaneous:
STEP FOUR: Enable the “Disable the Office Start screen for all Office applications” setting:
This post’s goal is to show you how you can configure the DNS SRV records in order for clients to be able to automatically detect the KMS server in the environment.
This procedure is also for a second KMS host. Let’s say you have dynamic updates in your DNS, and your first KMS host actually created the records automatically and everything in the environment is working.
In case you would like to add a seconday KMS host for redundancy, you will have to create the second KMS host manually.
This script opens the firewall ports for SQL Server.
To create the script, follow these steps:
Start Notepad.
Copy and paste the following code into Notepad:
netsh advfirewall firewall add rule name=”Open Port 80″ dir=in action=allow protocol=TCP localport=80
@echo ========= SQL Server Ports ===================
@echo Enabling SQLServer default instance port 1433
netsh advfirewall firewall add rule name=”SQL Server” dir=in action=allow protocol=TCP localport=1433
@echo Enabling Dedicated Admin Connection port 1434
netsh advfirewall firewall add rule name=”SQL Admin Connection” dir=in action=allow protocol=TCP localport=1434
@echo Enabling Conventional SQL Server Service Broker port 4022
netsh advfirewall firewall add rule name=”SQL Service Broker” dir=in action=allow protocol=TCP localport=4022
@echo Enabling Transact SQL/RPC port 135
netsh advfirewall firewall add rule name=”SQL Debugger/RPC” dir=in action=allow protocol=TCP localport=135
@echo ========= Analysis Services Ports ==============
@echo Enabling SSAS Default Instance port 2383
netsh advfirewall firewall add rule name=”Analysis Services” dir=in action=allow protocol=TCP localport=2383
@echo Enabling SQL Server Browser Service port 2382
netsh advfirewall firewall add rule name=”SQL Browser” dir=in action=allow protocol=TCP localport=2382
Save the file as a .bat file by using the following name: OpenSqlServerPort.bat
I have a vendor with a web-based service that requires a password encrypted .PFX certificate to be imported into the user’s Personal certificate store.
When I opened up Group Policy Management and navigated to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies, I found several certificate stores that I could import the .PFX file into. The Trusted Root Certification Authorities or Trusted Publishers stores would seem like good places to import this vendor certificate, but neither are the correct store that the vendor requires.
User Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies also had a few stores I could target, but none contain the User’s Personal store. The correct store can be found via Internet Explorer -> Internet Options -> Content -> Certificates -> Personal. Unfortunately, Group Policy isn’t able to target this certificate store.
Since Group Policy and Group Policy Preferences didn’t offer a way to import a .PFX certificate into a user’s Personal certificate store, I turned to scripting the solution.
I first placed the vendorcertificate.pfx on a network share (e.g. %LOGONSERVER%\netlogon\certificates\vendorcertificate.pfx).
Next I created a .BAT script named import-certificate.bat which runs this command:
certutil -f -user -p “CertificatePassword” -importpfx “%LOGONSERVER%\netlogon\certificates\vendorcertificate.pfx” NoRoot
Then created a .VBS script named import-certificate-silently.vbs that will run the import-certificate.bat script silently (so the user does not see a flash of the CMD window when this runs):
Set oShell = CreateObject (“Wscript.Shell”)
Dim strArgs
strArgs = “cmd /c %LOGONSERVER%\netlogon\certificates\import-certificate.bat”
oShell.Run strArgs, 0, false
I then returned to Group Policy Management and navigated to User Configuration -> Preferences -> Control Panel Settings -> Scheduled Tasks. I created a Scheduled Task that runs 30 seconds after the user logs in. The schedule task runs %LOGONSERVER%\netlogon\certificates\import-certificate-silently.bat.
The result is that when Citrix user who belongs to the security group in Active Directory logs into their virtual desktop, the required SSL Certificate is automatically installed in their User -> Personal certificate store.
In Windows Server 2012, remote management is enabled by default but not Remote Desktop. To enable RDP on the server, add the target server to the Server Manager and run remote Powershell console.
On the remote Powershell console, enable remote desktop and firewall using the following cmdlets:
1) Enable Remote Desktop
set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections” -Value 0
2) Allow incoming RDP on firewall
Enable-NetFirewallRule -DisplayGroup “Remote Desktop”
3) Enable secure RDP authentication
set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1
1) Open up Group Policy Management Console. Branch out until you get to the Group Policy Objects folder. Right click on it and click new.
2) In the box that appears enter the name “Internet Explorer 11 Settings” and click ok.
3) Right click on the GPO you just created and click edit.
4) Branch out User, Configuration, Preferences, Control Panel Settings. Then click on Internet settings.
5) Right click on the right hand side and then click new Internet Explorer 10 (Dont worry. If editing from a 2012 R2 server or a Windows 8.1 machines this also means IE11)
6) You will be prompted with the box below. Notice each field has green lines and red lines underneath it.
7) Type a URL in for the home page. Notice how its still red. This means it wont take effect.
8) With the cursor still in the text box press the F6 key. This will then make the line go green. This will now be part of the policy. Dont forget if you want this page to always launch you need to change IE10 / IE11 default behaviour and select “Start with home page”.
9) If you want to set the proxy information go to the connections tab, then click the LAN settings button at the bottom.
10) Tick the use a proxy server for your LAN option. Then enter your address and port number. Note how the options again are red.
11) Once happy press the F6 Key to make them green. Click ok.
Apply the GPO to your relevant OU and your good to go.
What Was doing is that to point the PDC Emulator to NTP Time Server. In some large environment, by identifying the Server that hold PDC Emulator of domain controller is vital.
To point the domain controller to NTP Time Server is either to edit the Registry or using Command.
By Using Command is simple,
w32tm /config /syncfromflags:manual /manualpeerlist:192.168.1.10
However, I prefer to edit Registry. Before I modify the registry, I backup the servers and export the registry. This is to restore back if something failure.
1. Run Regedit
2. Expand the tree and find the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\Type
Change from NT5DS to NTP
3. change the Announce Flags at the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
Edit the DWORD Value to 5. notice that the default value is “a”
4. Enable the NTP Server at the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProvides\NTPServer\Enabled
Change the value from 0 to 1
5. Change the NTPServer IP at the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\NtpServer
Change from time.windows.com,0x1 to the IP address of NTP time Server. For example, 192.168.1.1,0×1
6. Stop and Start the Service
Net Stop W32time
Net Start W32time
Here is the result below:
For synchronizing the time on the domain members and other domain controller / child domain controller, you need to wait 15-30 minutes to update or you can manually sync using command below:
w32tm /resync
For Standalone Workgroup Server, There are 2 option: 1. Point Directly to NTP Time Server or 2.Point and Synchronize to the PDC domain controller. So, I just need to point not directly to NTP Time Server because in my environment, it has the domain controller.
how and I going to do it?
1. Edit and Modify the Registry at
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters\NtpServer
Change from time.windows.com,0x1 to the IP address of NTP time Server. For example, my domain contrller is 192.168.1.10, so therefore I just put as 192.168.1.10,0×9
Here is the result I get,
I wasn’t expected this output above. The source should be 192.168.1.10,0×9
I got so many tested this thing where I also tried to change from “0x9″ to “0x8″ and suddenly it works. and when I reverted back to 0x9, it did not work.
The funny thing also I put FQDN of the domain controller (192.168.1.10 dcexc.netoverme.info) in to the host file (c:\windows\system32\drivers\etc\hosts) and it works.
then I remove the FQDN dcexc.netoverme.info from the Hosts File and it did not work. well, that’s funny. I suspect is that connectivity problem and having delay updating and synchronise to the domain controller, after I kept repeating running the
“w32tm /query /status ” and then it works..
the output should be like below:
Also check the Event viewer (Event ID 37) where it validates the time synchronization.
Services are programs that are configured to run in the background of a Windows computer weather or not there is a users that is logged on. They are essential part of windows and are essential to the operation of any windows computers. Without services computer could not perform automatic updates, run scheduled tasks or even connect to a file share. Therefore the ability to control Windows Services is a vita task for IT administrators.
Quite often disabling services on a computer is the best way to reduce the security surface of a computer or to improve performance by turning off un-used components of the OS. Inversely it is also very important to have the ability to turn on services to enable certain functionality or to ensure that certain services are not turned off.
Below I will go through the two ways you can control services in windows by using Group Policy each ways has its own advantages and/disadvantages but together you can pretty much control any system service the way you want.
In the examples below I am going to show you how to enable the “Applications Identification” service that is required to be enabled to make AppLocker work in Windows 7. If you want to learn more about AppLocker then check out my other post
Even since Group Policy was introduced to Windows 2000 you have been able to configured some aspects of services using native group policy.
Now that you can control service using Group Policy Preference there are only two reason that you will still want to use this method.
Step 1. Edit a computer Group Policy Object that is targeted at the computer that you want to configure
Step 2. Select the services that you want to configure.
Note: If the service that you want to configure is not present in the list you will need to install GPMC on a computer that has the service running. This is a painful restriction of controlling services this way and
Step 3. From the menu click on Action > Properties then tick “Define this policy setting” and then configured the service startup mode to what you want it configured.
Step 4. If you click on the “Edit Security…” button you can also configured who has control over the service. This would be useful if you want to give end users the ability to start and stop specific services. Tip: Tick “Start, stop and pause” for INTERACTIVE if you want the logged on user to control the services.
Now that you have configured the services via group policy you will need to reboot the computer for the new startup mode to take affect. This means if you are disabling a service then it will not stop until your next reboot which could be may days, weeks or even months after you made the policy change.
The newer and almost always better way to configure service now is to you the Group Policy Preference Services options. As opposed to the native method which only allowed you to control the startup and security of service, preference now allows you much greater control.
The only reasons you would not want to use Group Policy Preference to control services are:
Always remember that when you do configure a service startup mode using the native method that this will take precedence over Group Policy Preferences and you can use the security options in conjunction with preferences.
Step 1. Edit a computer Group Policy Object that is targeted to the computers that you want to control the service.
Step 2. Navigate to Computer Configuration > Preferences > Control Panel Settings > Services
Step 3. In the menu click on Action > New > Service and now click on the “…” button next to the Service Name field.
Note: From here you can either type in the service name in the “Service Name” field or click on the “…” button to chose the service from a predefined list of services.
Step 4. Select the service name that you want to configured and then click “Select”
Step 5. Now you can configure the Startup mode from the Startup mode drop down box and you can configure a service action.
Service Action will take place each time there is a group policy refresh so that you do not need to wait for the computer to reboot for the latest startup mode to take affect. This can also be handy to configure if you want a service to start if it crashes or if you have a pesky service that requires restarting on a regular basis to keep running properly.
Step 6. Click on the “Recovery” tab to configure the recovery options of the service as you would configure in the service control panel.
Step 7. As this is a preference you can also configure the standard “Common” options from such as item level targeting which will allow you to granularly control what computer you target this setting.