Posts Tagged ‘Windows’
OS Version: Windows Server 2016
The only situation where you would want to do this would be if you already had an up to date and supported malware detection application installed. If you do not know or are unsure, I definitely do NOT recommend this.
Logged in as Administrator, bring up Powershell.
PS> Uninstall-WindowsFeature -Name Windows-Defender
PS> Restart-Computer -ComputerName “localhost”
Remote server: Windows 2016
I had some issues using Get-WmiObject to work on a remote server in Powershell. I kept getting: “The RPC server is unavailable.” I verified that the “Windows Management Instrumentation” service was running.
It turns out it was the firewall blocking the request.
I used the following to open up ports for the program to access the server information:
C:>netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes
To run a program as a service, bring up an Administrator command prompt and:
C:\> SC CREATE “JGZs Service” binPath=”C:\MyPrograms\JGZsService.exe”
Then you can start the service via the SC command:
C:\> SC START “JGZs Service”
Or from the Services Control Panel applet.
In Windows 2016, Server Manager starts up at logon. It does this in Windows 2012 R2, but I have not confirmed whether the solution is the same to prevent this behavior. To stop this, you do from the Task Scheduler.
You bring up Task Scheduler under Administrative Tools.
Expand Task Scheduler Library/Microsoft/Windows, and go down to ServerManager.
Under Server Manager, you will see two tasks: CleanupOldPerfLogs and ServerManager.
Right mouse click ServerManager and select Disable. This will turn this behavior off for all users that login to the server.
I have verified that can be modified the same way in Server 2012 R2 as well.
Export the certificate when you go to the site. I did this in Chrome through the “Developers Tools”. The result was a pem file.
I brought up the group policy management console and edited the GPO where I wanted the certificate. Then, I imported it.
Import the certificate to:
Computer Configuration/Policies/Windows Settings/Security Settings/Public Key Policies/Trusted Root Certification Authorities
I had to deal with a really neglected domain, and found that all the FSMO roles were on a domain controller that no longer functioned or existed. I had to get the roles on the working server. Using convental methods in the UI or the ntdsutil to transfer the roles succeeded. I had no choice, but to seize all the roles from the missing server. All of these tasks were completed on the domain controller I wanted the roles on as the domain\Administrator.
Check the current roles holders:
C:\>netdom query fsmo
Schema master MYOLDDC1.mydomain.local
Domain naming master MYOLDDC1.mydomain.local
PDC MYOLDDC1.mydomain.local
RID pool manager MYOLDDC1.mydomain.local
Infrastructure master MYOLDDC1.mydomain.local
The command completed successfully.
Enter the ntdsutil utility by entering ntdsutil:
C:\>ntdsutil
And then roles:
ntdsutil: roles
You see the options by entering a question mark at the “fsmo maintenance” prompt. Obviously, this where you also transfer the roles if possible (not so in my case):
fsmo maintenance: ?
? – Show this help information
Connections – Connect to a specific AD DC/LDS instance
Help – Show this help information
Quit – Return to the prior menu
Seize infrastructure master – Overwrite infrastructure role on connected server
Seize naming master – Overwrite Naming Master role on connected server
Seize PDC – Overwrite PDC role on connected server
Seize RID master – Overwrite RID role on connected server
Seize schema master – Overwrite schema role on connected server
Select operation target – Select sites, servers, domains, roles and
naming contexts
Transfer infrastructure master – Make connected server the infrastructure master
Transfer naming master – Make connected server the naming master
Transfer PDC – Make connected server the PDC
Transfer RID master – Make connected server the RID master
Transfer schema master – Make connected server the schema master
Seize the roles one at a time. Each takes a while to complete, but they do.:
fsmo maintenance: seize pdc
Attempting safe transfer of PDC FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210617, problem 5002 (UNAVAILABLE), data 1722Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of PDC FSMO failed, proceeding with seizure …
Server “mydc01” knows about 5 roles
Schema – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Naming Master – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
PDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
RID – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Infrastructure – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
fsmo maintenance:
fsmo maintenance: seize naming master
Attempting safe transfer of domain naming FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321041F, problem 5002 (UNAVAILABLE), data 1722Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,ldap, or role transfer error.
Transfer of domain naming FSMO failed, proceeding with seizure …
Server “mydc01” knows about 5 roles
Schema – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Naming Master – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
PDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
RID – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Infrastructure – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
fsmo maintenance: seize rid master
Attempting safe transfer of RID FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-03210F70, problem 5002 (UNAVAILABLE), data 1722Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection, ldap, or role transfer error.
Transfer of RID FSMO failed, proceeding with seizure …
Searching for highest rid pool in domain
Server “mydc01” knows about 5 roles
Schema – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Naming Master – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
PDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
RID – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Infrastructure – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321041F, problem 5002 (UNAVAILABLE), data 1722Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection, ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure …
Server “mydc01” knows about 5 roles
Schema – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Naming Master – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
PDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
RID – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Infrastructure – CN=NTDS Settings,CN=MYOLDDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
fsmo maintenance: seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321041F, problem 5002 (UNAVAILABLE), data 1722Win32 error returned is 0x20af(The requested FSMO operation failed. The current FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection, ldap, or role transfer error.
Transfer of infrastructure FSMO failed, proceeding with seizure …
Server “mydc01” knows about 5 roles
Schema – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Naming Master – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
PDC – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
RID – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Infrastructure – CN=NTDS Settings,CN=MYDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
fsmo maintenance:
Check to role locations to verify using netdom again:
C:\>netdom query fsmo
Schema master MYDC01.mydomain.local
Domain naming master MYDC01.mydomain.local
PDC MYDC01.mydomain.local
RID pool manager MYDC01.mydomain.local
Infrastructure master MYDC01.mydomain.local
The command completed successfully.
If you need to reset policies on a Windows 10 machine, back to the defaults you can do the following from an elevated command prompt:
To reset the Local Policies:
C:\Windows\system32>setedit /configure /cfg C:\Windows\Inf\defltbase.inf /db C:\Windows\defltbase.sdb
Reset Group Policies by removing the following directories. This file remove the directories with prompting to remove the directory tree as well:
C:\Windows\system32>rmdir /S /Q c:\windows\system32\GroupPolicyUsers
C:\Windows\system32>rmdir /S /Q c:\windows\system32\GroupPolicy
I was having trouble with updates on server. It was complaining about the proxy settings. So, I wanted to have the Windows Update use a different proxy configuration. The following commands can be used to manage the proxy settings from the command line:
Display the current settings:
netsh winhttp show proxy
Set the proxy:
netsh winhttp set proxy proxyservername:portnumber
Set proxy and bypass options:
netsh winhttp set proxy proxy-server=”proxyservername:portnumber” bypass-list=”*.mylocal.domain”
And then, when you really screw something up and just want to start over. Reset:
netsh winhttp reset proxy
Enough is enough. I’ll turn it on when I need it or have infinitely resources to manage the logs when I have Filtering Platform logging enabled. In my case, I was getting a lot messages for event ID 5157 (“The Windows Filtering Platform has blocked a connection.”). For now, how do you turn this off in Windows Server 2012 R2?
To list all the categories:
C:\>auditpol /list /category
Category/Subcategory
Account Logon
Account Management
Detailed Tracking
DS Access
Logon/Logoff
Object Access
Policy Change
Privilege Use
System
To get a list of any sub-categories for a category:
auditpol /get /category:”Account Logon”
auditpol /get /category:”Account Management”
auditpol /get /category:”Detailed Tracking”
auditpol /get /category:”DS Access”
auditpol /get /category:”Logon/Logoff”
auditpol /get /category:”Object Access”
auditpol /get /category:”Policy Change”
auditpol /get /category:”Privilege Use”
auditpol /get /category:”System”
I have picked on the sub-categories under the “Object Access” category, because that is where the Filtering Platform settings exist. To see the current settings for a sub-category:
auditpol /get /subcategory:”Filtering Platform Packet Drop”
auditpol /get /subcategory:”Filtering Platform Connection”
auditpol /get /subcategory:”IPsec Driver”
auditpol /get /subcategory:”IPsec Main Mode”
auditpol /get /subcategory:”IPsec Quick Mode”
auditpol /get /subcategory:”IPsec Extended Mode”
Example:
C:\>auditpol /get /subcategory:”Filtering Platform Connection”
System audit policy
Category/Subcategory Setting
Object Access
Filtering Platform Connection Success and Failure
To disable all audit logging for some sub-categories:
auditpol /set /subcategory:”Filtering Platform Packet Drop” /success:disable /failure:disable
auditpol /set /subcategory:”Filtering Platform Connection” /success:disable /failure:disable
auditpol /set /subcategory:”IPsec Driver” /success:disable /failure:disable
auditpol /set /subcategory:”IPsec Main Mode” /success:disable /failure:disable
auditpol /set /subcategory:”IPsec Quick Mode” /success:disable /failure:disable
auditpol /set /subcategory:”IPsec Extended Mode” /success:disable /failure:disable
C:\>auditpol /get /subcategory:”Filtering Platform Connection”
System audit policy
Category/Subcategory Setting
Object Access
Filtering Platform Connection No Auditing
Or to enable all audit logging for some sub-categories:
auditpol /set /subcategory:”Filtering Platform Packet Drop” /success:enable /failure:enable
auditpol /set /subcategory:”Filtering Platform Connection” /success:enable /failure:enable
auditpol /set /subcategory:”IPsec Driver” /success:enable /failure:enable
auditpol /set /subcategory:”IPsec Main Mode” /success:enable /failure:enable
auditpol /set /subcategory:”IPsec Quick Mode” /success:enable /failure:enable
auditpol /set /subcategory:”IPsec Extended Mode” /success:enable /failure:enable
Environment: VMware ESXi 5.5.x, Windows 2003 VM, Windows 2012 R2 VM.
I needed to expand the system disk of a Windows 2003 VMware virtual machine. I was able to easily extend the disk using vSphere, and Windows displayed the new size. However, I was unable to extend the filesystem using DISKPART. I would receive the following message, when I tried:
“Diskpart failed to extend the volume. Please make sure the volume is valid for extending.”
To get around this, I shutdown my Windows 2003 server. Then added the virtual disk to a Windows 2012 R2 VM. I opened up the Disk Management console via Computer Management. Made the newly added disk Online by right mousing clicking on the disk name (on the left) and selecting Online. Then, I right mouse clicked on the logical disk, in my case the C: drive, and selected Expand. Then, I took the disk offline, but right mouse clicking on the disk name (on the left again) and selecting Offline. Next, I removed the disk from my Windows 2012 R2 VM WITHOUT deleting the file from disk.
Then, all I to do was boot my Windows 2003 VM, and let the chkdsk do its thing.