Backtrack:  
 
showing posts tagged with 'windows'
edited by on June 19th 2015, at 09:40
This article contains a list of download links for the offline/standalone installers for .NET Framework. Each major version is listed, along with the OSes supported by that version.

To install, open the main download for the desired version, select your language, download the main file and run the installer.

For releases that have separate language packs: first download and install the main file. After the installation, click the download link for the language pack, select the preferred language, then download and install that file. You can install more than one language pack on a MUI system.

Version Download links OS requirements .NET Framework 4.6 RC   ...
edited by on June 17th 2015, at 14:33
Angry IP Scanner is a very fast, lightweight IP scanner. It has been around for a long time already, and used by many IT professionals to help accomplish tasks. Although version 3 of the program is available for some time now, I still like to use the old version (version 2), simply because it works on every system without the need for Java (version 3 requires Java, unfortunately).

Version 3 comes with an installer available as a download. Version 2 does not, and although it has the built-in ability to create shortcuts if the user chooses to, I rather prefer a proper installer, with proper uninstallation support, in short: the Windows-way. As no such installer exists, I decided to create my   ...
edited by on June 15th 2015, at 11:54
When running multiple scripts in a session, which use and add the same snap-in using Add-PSSnapin, only the first one succeeds. Subsequent attempts to add the same snap-in will result in an error:

Error
Cannot add Windows PowerShell snap-in My.SnapIn because it is already added. Verify the name of the snap-in and try again.

You can resolve this issue by enclosing it in the following if-statement:

if ( (Get-PSSnapin -Name My.SnapIn -ErrorAction SilentlyContinue) -eq $null ){ Add-PsSnapin My.SnapIn}

It (silently) checks the presence of the requested snap-in. If it does not exist (i.e. the check returns $null, then it loads the snap-in.

Note: replace My.SnapIn with whatever snap-in you   ...
edited by on June 12th 2015, at 13:14
Attached to this article are scripts to configure proxy settings for Internet Explorer (all versions). As Google Chrome uses the IE settings for their proxy settings, it can be used for that browser as well. I know there are other, far better methods for configuring proxy settings for clients, but continue your read to see why they were not usable in this particular case.

I ran into a customer where they were still using Internet Explorer Maintenance in their group policies to configure proxy settings for their clients. As a result, all users who got more recent computers did not get the proxy settings, as they were running Internet Explorer 10 or newer. Starting from IE10, configuration of  ...
edited by on June 10th 2015, at 16:04

When demoting a 2003 domain controller using dcpromo, you may run into the following error:

Error
The operation failed because:

Failed to configure the service NETLOGON as requested

"The wait operation timed out"

The error message is quite misleading as the real cause has got nothing to do with NETLOGON, but is in fact a DNS issue. You will most likely have the server's primary DNS pointing to itself using loopback address (127.0.0.1) or its own IP address.

You can correct the issue by having the DNS point to remaining domain controllers, and remove any DNS pointing to itself (i.e. loopback address or any other IP owned by the server being demoted).

edited by on June 10th 2015, at 14:29

There are two ways to see which Certificate Authority servers exist in your AD domain.

1. Check the Cert Publishers group

The AD group Cert Publishers contain the servers that are permitted to publish certificates to AD. As a consequence, this gruop will contain all servers that are CAs.

2. Use certutil

You can use the certutil command to view (and select from) a list of CAs in the current AD domain:

certutil -config - -ping

Note: type the command as-is, including all spaces and hyphens.

A window will appear, listing the CA name and the server it runs on.

edited by on June 10th 2015, at 14:20
After migrating AD from 2003 to 2012, I ran into this issue on a RADIUS server running 2008 R2, used for authentication. When attempting to retrieve AD information for a particular user, the following error appeared:

Error
An error (1301) occurred while enumerating the groups. The group's SID could not be resolved.

The solution (at least for Windows 7 and 2008 R2), is to install hotfix 2830145.

The hotfix is only available by request through e-mail.

When attempting to log on to a 2012-based domain controller, the following SIDs are unmappable:

S-1-18-1 : Authentication authority asserted identity

S-1-18-2 : Service asserted identity

2012 introduces two new securit  ...
edited by on June 9th 2015, at 10:47

It has always been a bit tedious to manage and customize Internet Explorer through group policies, especially when your network has different versions of Windows and/or different versions of Internet Explorer.

To reduce complexity of maintaining Internet Explorer in a network, since long, Microsoft has made available the Internet Explorer Administration Kit. This tool allows you to exert more control over Internet Explorer, its settings and its behaviour.

More information and downloading the IEAK: https://technet.microsoft.com/en-us/ie/bb219517.aspx

edited by on June 8th 2015, at 10:36
Upon unauthorizing a Windows DHCP server, you may get the following error:

DHCP
The parameter is incorrect.

Most commonly, there are two reasons for this error to occur.

If you have just unauthorized a DHCP server, it may take a while for AD to replicate the change to other domain controllers. As a result, the DHCP server may still think it's authorized, whereas it is not. Either wait for, or trigger AD replication throughout your network.

Another reason for this error to occur is the presence of another DHCP server in AD that no longer exists. You can check this with the netsh dhcp command, available on any server with the DHCP server role installed:

netsh dhcp show server

Run the com  ...
edited by on June 5th 2015, at 10:40
If your inter-domain trust is down, and the eventlog reveals the following error:

Error
There are currently no logon servers available to service the logon request. (0x51F)

Then check the following:

Check whether you can still access the DNS servers at the other side: try using the name first, then try through IP. If DNS does not work, there's an issue with your DNS.

Check whether the DNS zones for the domain are still in place. If it exists, try performing a reload from master. If this fails, you either have connection issues, or the other side has removed the required zone delegation, preventing you from retrieving the zone information.

If you can neither connect through DNS or IP, ch  ...
edited by on June 3rd 2015, at 16:08
On Windows 8.1 and Server 2012 R2, SMB 1.0 (aka CIFS) is no longer enabled by default. This means clients that don't support at least SMB 2.0 (for Windows: everything predating Vista/2008) can no longer directly connect to a 8.1/2012R2 server, and instead, are presented with an error if they attempt to do so:

Error
The specified network name is no longer available.

You can re-enable SMB 1.0 support by installing the SMB 1.0/CIFS support feature on your server.

Some users reported that even after enabling this feature, they could not access shares on the server. Apparently, the SMB 1.0 driver is not loaded properly, because of a missing dependency on the Server service (aka LanmanServer).
  ...
edited by on June 3rd 2015, at 15:47
As long as there are 2003 domain controllers in your network, your old NT4 workstations will be able to authenticate against your domain. As soon as you migrate those 2003's out of the network, you'll run into trouble. By default, Server 2008 R2 no longer accepts authentication requests from NT4 because they use cryptography that's too old and unsafe.

The best solution is to get rid of those NT4 machines, but if that's not possible, you can re-enable support for cryptography on your DCs through GPO.

Either edit the Default Domain Controller Policy group policy, or create a new GPO in the Domain Controllers OU.

Edit the GPO and navigate to: Computer Configuration > Administrative Templa  ...
edited by on June 3rd 2015, at 15:09
SMB (Server Message Block) is an application protocol, most commonly used for file and printer sharing. Although it was originally designed by IBM for use in OS/2, it has been adopted and improved upon by Microsoft as the primary protocol for file and printer sharing in their Windows for Workgroup. It has been in use ever since on Windows and a myriad of other OS flavours.

Although SMB is proprietary to Microsoft, SMB is also available on linux (through Samba), Apple (first Samba, then later, Apple's own SMBX), and a myriad of other OS vendors. In fact, Apple has replaced their own AFP in favour of SMB in their latest releases of Mac OSX. SMB has become the most commonly used protocol for f  ...
edited by on June 3rd 2015, at 11:49

A bit of a hidden feature in Windows 8: you can actually "quit" Windows Explorer.

Right-click the (empty) taskbar while holding down Ctrl+Shift to reveal Exit Explorer as an additional menu item. Clicking it will then end Windows Explorer, leaving you with a blank screen, same as ending explorer.exe from the task manager.

You can then call up task manager (Ctrl+Shift+Esc), and start Windows Explorer again (File > Run > explorer.exe).

edited by on May 29th 2015, at 13:24
The old method of disabling Java updates through the registry or GPO, mentioned in this article is no longer valid for Java 7 (1.7) and 8 (1.8), nor does it prevent the UAC prompt from appearing when the updater runs in the background. The method explained here is a better, more up-to-date solution to completely disabling Java updates from running, and includes the required registry change to stop the updater from running, preventing the UAC prompt from ever appearing.

Disabling Java update from control panel is not as straight forward as it seems to be. Java update can only be disabled with administrative rights, so you need to run the Java control panel elevated. Since you can't do this t  ...
edited by on May 29th 2015, at 12:46
If you completely want to disable Java Update (which is especially useful on Remote Desktop Servers), you have make a few adjustments to the registry.

EDIT (2015-05-29): this method is depecrated, and only applies to Java 1.6 on Windows XP or older. Only the alternate method is still valid as this prevents the updater program from running.

To disable Java Update, navigate to the key (32-bit and 64-bit differs):

32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy

64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy

Find the value EnableJavaUpdate and set it to 0. This will disable Java Update in the Control Panel.

To prevent the update check  ...
edited by on May 28th 2015, at 10:46

When attempting to log on with a domain account on a computer joined to a domain that has both 2012R2 and 2003 domain controllers, you may encounter the following error:

Error message
unknown username or bad password

Additionally, an Event ID 4 on Source: Kerberos is logged. You can only log on using local accounts.

Solution

Mixed 2012R2 and 2003 AD environments require hotfix 2989971 to be installed on every 2012R2 DC. See the KB for a full explanation.

The hotfix requires Update 1 (2919355) to be installed first. The hotfix is also included in update rollup 2984006.

edited by on May 27th 2015, at 15:47
A collegue ran into an issue with Microsoft Outlook (2010) and the AVG Outlook plugin: when attempting to open mails on a shared Exchange mailbox, the message body would be cleared from that e-mail. The message body would be deleted from Exchange itself as well, resulting in other users accessing the mailbox to also see empty message bodies. If a mail contained attachments, they would be left alone.

After a long search, the culprit seemed to be the AVG Outlook plugin. Upon opening an e-mail, the plugin would scan the e-mail, which somehow went wrong, resulting in clearing the message body (probably because it was marked as bad?). Because of the nature of the mailbox (it's a shared Exchange   ...
showing posts tagged with 'windows'