Category Archives: Windows Server

WindowsServer

Windows Server – Not display Server Manager

Posted on by

Since Windows Server 2012, Server Manager is displayed when you log in. This can be annoying to close it each time. Hopefully, you can disable this behavior using two solutions:

  • Locally on the server.
  • With GPO.

Local Server Manager

If you want to prevent Server Manager to start automatically:

  • Go to Server Manager, click on Manage and click on Server Manager Properties:
Server Manager Properties

Server Manager Properties

  • Check Do not start Server Manager automatically at logon.
Server Manager not start automatically

Server Manager not start automatically

Group Policy Object

You can also set this option by GPO:

  • Path: Computer/ Administrative Templates / System / Server Manager
  • Setting: Do not display Server Manager automatically at logon
  • Value: Enabled
GPO Server Manager Disabled

GPO Server Manager Disabled

More

You could get more information about Server Manager here.

Share
Active Directory 2012

Active Directory – Create Fine-grained password

Posted on by

Before Windows Server 2008, there was a limitation about password management: only one password policy and lockout policy could be applied to all users in the domain. Therefore, some organizations created several domains to manage different set of user / password policy.

With Windows Server 2008, Microsoft integrated Fine-Grained password policy. With this object, you can now create multiple password policy in the same domain and assign it to a specific user group. However, there was no built-in GUI to create Fine-Grained policy. We had to use ADSIEdit and Attribute Editor to assign a policy to a user group.

Windows Server 2012 uses Active Directory Administrative Center to give us the possibility to create Fine-Grained policy with a wizard. Let’s see how to do that easier.

Continue reading

Share
Active Directory 2012

Active Directory – Enable Recycle Bin

Posted on by

Windows Server 2008R2 introduced a new feature in domain: Active Directory Recycle Bin. A great feature, but it was the first version, so we had to use Powershell to enable the feature, and to restore deleted item.

With Windows Server 2012 R2, Microsoft released a GUI for the Recycle Bin. It is integrated in the Active Directory Administrative Center. With ADAC, you can enable and restore deleted item easily. Of course, you can still do it with Powershell cmdlet.

Continue reading

Share
WindowsServer

Powershell – Add local Administrator

Posted on by

If you want to add Active Directory user or group to the local administrator group on a computer, you can use Powershell.

User and Group

To add user or group, we can use the cmdlet Invoke-Command associated with net localgroup.

Invoke-Command -ScriptBlock {net Localgroup administrators /add $args[0] } -ArgumentList("LAB\alexandre")

Computer

It is also possible to add a computer account into local Administrator group, you can use the command above but don’t forget to add the $ at the end of computer name.

Invoke-Command -ScriptBlock {net Localgroup administrators /add $args[0] } -ArgumentList("LAB\SRVSCCM$")

More

You can get more informations about net localgroup here.

Share
WindowsServer

Powershell – Change computer description

Posted on by

To continue in Powershell posts, we will see how to change the local description of the server. Not in Active Directory attribute but on the computer itself.

System Description

The local description is set is the WMI of the server. In the class Win32_OperatingSystem. To change it, we need to get the objects, set the new content and save the modification.

$OSWMI=Get-WmiObject -class Win32_OperatingSystem
$OSWMI.Description="My Server"
$OSWMI.put()

Remote

It is possible to modify the description on a remote computer, however, we need to adapt the script if the string is store in a variable.

With the Invoke-Command we add the parameter –ArgumentList, so that our variable content will be available on the execution on the remote host.

$myDescription="My Server"
Invoke-Command -ComputerName $lServerName -ScriptBlock {$OSWMI=Get-WmiObject -class Win32_OperatingSystem;$OSWMI.Description=$args[0];$OSWMI.put() } -ArgumentList($myDescription)

More

You can get more information about Win32_OperatingSystem class here

Share
WindowsServer

Powershell – How to format all disks

Posted on by

Did you know that you can manage disks, partitions and volumes using Powershell? Microsoft released a lot of cmdlet in order to facilitate handling of disks.

With virtualization, you can easily add disk to your server, but you have to create the volume yourself. I wrote a script that you can integrate in your process, runbooks or others.

Disks initialization

First thing to do, is to prepare disks to host volume. We need to set disks online and to disable Read only.

try {
#Set all disks, except the first disk, to online and writable
Get-Disk | ?{$_.number -ne 0}| Set-Disk -IsOffline $False
Get-Disk | ?{$_.number -ne 0}| Set-Disk -isReadOnly $False
 
#Initialize all disks
Get-Disk | ?{$_.number -ne 0}| Initialize-Disk -PartitionStyle GPT
}catch{
Write-Host $_.Exception.Message
}

Volume

Once disks are ready, we need to create, and format volume.

try {
#Create Partition on all disk, auto assign letter and use maximum size
Get-Disk | ?{$_.number -ne 0}| New-Partition -AssignDriveLetter -UseMaximumSize
#Get all partitions and format them
Get-Disk | ?{$_.number -ne 0}| Get-Partition |?{$_.type -like "Basic"}| Format-Volume -Confirm:$false
}catch{
Write-Host $_.Exception.Message
}

Remote

If you want to execute these command on a remote host, it is possible. We will use the cmdlet Invoke-Command

try {
#Set all disks, except the first disk, to online and writable
Invoke-Command -ComputerName $lServerName -ScriptBlock {Get-Disk | ?{$_.number -ne 0}| Set-Disk -IsOffline $False}
Invoke-Command -ComputerName $lServerName -ScriptBlock {Get-Disk | ?{$_.number -ne 0}| Set-Disk -isReadOnly $False}
#Initialize all disks
Invoke-Command -ComputerName $lServerName -ScriptBlock {Get-Disk | ?{$_.number -ne 0}| Initialize-Disk -PartitionStyle GPT}
#Create Partition on all disk, auto assign letter and use maximum size
Invoke-Command -ComputerName $lServerName -ScriptBlock {Get-Disk | ?{$_.number -ne 0}| New-Partition -AssignDriveLetter -UseMaximumSize}
#Get all partitions and format them
Invoke-Command -ComputerName $lServerName -ScriptBlock {Get-Disk | ?{$_.number -ne 0}| Get-Partition |?{$_.type -like "Basic"}| Format-Volume -Confirm:$false }			
}catch{
Write-Host  $_.Exception.Message
}

More

You can get more information about Disk Management cmdlet here.

Share
WindowsServer

Server – Internet Explorer GPO not applied

Posted on by

With Active Directory, you can deploy some Internet Explorer configuration using Group Policy (GPO). But sometime, settings for Internet Explorer are not modified, even if the GPO is correctly applied.

This behavior is not a bug, it’s a feature 🙂 When IE Security is enabled, GPO can’t change configuration for Internet Explorer.
Continue reading

Share
WindowsServer

DNS – Remove WPAD Filtering

Posted on by

When you want to deploy an autodiscover proxy configuration for your clients, you can use WPAD with DNS.
However Windows Server DNS can reply non-existent domain for an wpad domain name request.

DNS WPAD Filtering

WPAD record in DNS


DNS WPAD Filtering

Non Existant domain


This behavior is by default and can be decomposed in two parts:

  • If WPAD configuration is already in place when you install the DNS server, no action is required.
  • When you want to set up a new WPAD configuration after DNS installation, you need to edit the block list on all your DNS servers.

Continue reading

Share
WindowsServer

Powershell – How to disable NetBios

Posted on by

Disable Netbios

If you want to use Powershell to disable Netbios on several computers, you can execute this script:

$adapters=(gwmi win32_networkadapterconfiguration )
Foreach ($adapter in $adapters){
  Write-Host $adapter
  $adapter.settcpipnetbios(2)
}

Options

Parameters for settcpipnetbios are:

  • 0: Enable Netbios via DHCP.
  • 1: Enable Netbios on the interface.
  • 2: Disable Netbios on the interface.

For more information on this function: http://msdn.microsoft.com/en-us/library/aa393601(v=vs.85).aspx

Verification

After the script was runned, you will have this configuration:
Disable netbios

Share