Windows 8.1

Security – Local Administrator Password Solution LAPS

Since Windows Server 2008, we can use Group Policy Preferences to set a password for Local Administrator on all workstations in an OU. In May 2014, Microsoft released a patch to remove this feature. KB2962486

In fact, the password was stored insecurely. It was crypted using a key which is now public MSDN. This is a security leak, password are sent in “clear” and several time by day, using GPO application. If KB2928120 is installed on your system, you can’t no more use GPO to define password for:

  • Drive Maps.
  • Local Users.
  • Scheduled Tasks.
  • Services.
  • Data Sources.

With the Security patch, Microsoft provided a Powershell script to change local password remotely.

Since few days, Microsoft released a new tool: Local Administrator Password Solution (LAPS). With this tool, computers are able to randomly change password for local administrator and store it in Active Directory attribute.

Continue reading

Share
WindowsServer

Server Technical Preview – Enable Graphical Shell GUI

If you are testing Windows Server Technical Preview 2, you probably noticed that the Graphical interface is no more enabled by default.

In fact, in Windows Server Technical Preview, you have two choices at the installation: Core and Core With Local Admin Tools. The second choice, Local Admin Tools lets you configure your server with Server Manager.

Technical Preview Installation

Technical Preview Installation

Server Technical Preview no GUI

Server Technical Preview no GUI

Feature

Like Windows Server 2012, GUI will be enabled by using Server Manager.

  • Go to Server Manager and Select Roles and Features.
  • On the Features Page, check Server Graphical Shell under User Interface and Infrastructure.
Server Preview Enable GUI

Server Preview Enable GUI

  • Start the installation and reboot.
  • After the reboot, GUI is available:
Technical Preview GUI

Technical Preview GUI

More

You can download Windows Server Technical Preview 2 here.

Share
SCCM

SCCM 2012 R2 SP1 – How to do a fresh install

As you know, Microsoft released System Center 2012 R2 Configuration Manager SP1 and System Center 2012 Configuration Manager SP2  (SCCM 2012) in the same time. You can read more here.

This release can be confusing for some people because 2012 SP2 and 2012 R2 SP1 binaries are the same. The same .exe or .iso file.

For exemple, when you want to download and install System Center 2012 R2 Configuration Manager SP1 (SCCM 2012 R2 SP1) from scratch, there is no more 2012 R2 SP1 iso. Only 2 files can be downloaded:

  • SC2012_SP2_Configmgr_SCEP.exe (762 MB)
  • SC2012_R2_SP1_Configmgr.exe (1,10 MB)
SCCM 2012 R2 SP1 Download

SCCM 2012 R2 SP1 Download

For migrating or for fresh install, the file to mandatory execute is SC2012_SP2_Configmgr_SCEP.exe. We only use SC2012_R2_SP1_Configmgr.exe when we want to activate R2 features.

Let’s see how to do a fresh installation of System Center 2012 R2 Configuration Manager SP1 (SCCM 2012 R2 SP1)

Continue reading

Share
WindowsServer

Windows Server – Not display Server Manager

Since Windows Server 2012, Server Manager is displayed when you log in. This can be annoying to close it each time. Hopefully, you can disable this behavior using two solutions:

  • Locally on the server.
  • With GPO.

Local Server Manager

If you want to prevent Server Manager to start automatically:

  • Go to Server Manager, click on Manage and click on Server Manager Properties:
Server Manager Properties

Server Manager Properties

  • Check Do not start Server Manager automatically at logon.
Server Manager not start automatically

Server Manager not start automatically

Group Policy Object

You can also set this option by GPO:

  • Path: Computer/ Administrative Templates / System / Server Manager
  • Setting: Do not display Server Manager automatically at logon
  • Value: Enabled
GPO Server Manager Disabled

GPO Server Manager Disabled

More

You could get more information about Server Manager here.

Share
Active Directory 2012

Active Directory – Create Fine-grained password

Before Windows Server 2008, there was a limitation about password management: only one password policy and lockout policy could be applied to all users in the domain. Therefore, some organizations created several domains to manage different set of user / password policy.

With Windows Server 2008, Microsoft integrated Fine-Grained password policy. With this object, you can now create multiple password policy in the same domain and assign it to a specific user group. However, there was no built-in GUI to create Fine-Grained policy. We had to use ADSIEdit and Attribute Editor to assign a policy to a user group.

Windows Server 2012 uses Active Directory Administrative Center to give us the possibility to create Fine-Grained policy with a wizard. Let’s see how to do that easier.

Continue reading

Share
Active Directory 2012

Active Directory – Enable Recycle Bin

Windows Server 2008R2 introduced a new feature in domain: Active Directory Recycle Bin. A great feature, but it was the first version, so we had to use Powershell to enable the feature, and to restore deleted item.

With Windows Server 2012 R2, Microsoft released a GUI for the Recycle Bin. It is integrated in the Active Directory Administrative Center. With ADAC, you can enable and restore deleted item easily. Of course, you can still do it with Powershell cmdlet.

Continue reading

Share
Exchange-1

Exchange 2013 – Web Management Service doesn’t start

With Exchange 2013, you can have an issue where the service “Web Management Service” can not be started. Without it, you can’t install any Cumulative Update and some Exchange functionality are no more available.

Service not started

If you try to install a new CU, you get this error:

Error:
The following error was generated when "$error.Clear();
if (Get-Service WMSVC* | ?{$_.Name -eq 'WMSVC'})
{ Set-Service WMSVC -StartupType Automatic
Start-SetupService -ServiceName WMSVC
}
" was run: "Service 'WMSVC' failed to reach status 'Running' on this server."

When you look into the Service mmc and try to start manually the service, you get the error code -2147483640 :

Web Management Service Error

Web Management Service Error

Continue reading

Share
SCCM

SCCM 2012 – Installation with SQL Server 2014

System Center Configuration Manager 2012 R2 now supports SQL Server 2014. But you will have an error during the wizard if you try install SCCM 2012 SP1 /R2 on SQL Server 2014.

Issue

SCCM Installation Wizard checks the version of SQL Server. However, it treats SQL Server 2014 like a version not supported:

The SQL Server srvsql.lab.local is not accessible or its version not supported.

Fix

Microsoft released a patch to correct this problem. KB3020755
The description of the KB is “Restore fails when the site database” but we will copy dll into the Wizard folder.

We need to do 4 steps:

  • Download and extract the KB into a temporary folder.
  • Execute CM12-R2-QFE-KB3020755-X64-ENU-OOB.exe. It will extract 2 files : prereqcore.dll and setupcore.dll
  • Copy these files into the SMSSETUP\BIN\X64\ folder.
  • Exit and restart the installation Wizard.

More

SCCM Team wrote a post on this topic here

Share
SCCM

Powershell – Execute SCCM 2012 Applications

Sometimes, it can be useful to execute an Application / Package in the SCCM Software Center using Powershell.
For example, if an application is only available, not required, in the deployment and you want to install several package without logging to the computer.

Unfortunately, there is no built-in powershell cmdlet to do this. We must call method with a specific dll.

Continue reading

Share