If you manage one or several file servers in your infrastructure, you may have the will to customize the Access Denied error message displayed to users. This feature can be used since Windows 8 and Windows Server 2012. It is called Access-Denied Assistance.
Access Denied Custom Message
Access-Denied Assistance can be useful if you want to simplify the process to grant folder permissions to users. Sometime, the user does not know the full path, neither rights needed.
With Access-Denied Assistance, shared folder administrator will receive an email with all information required. No more call for user access.
Let’s see how to do that with Server 2012 R2.
If you manage one or several file servers in your infrastructure, you may have the will to prevent users to paste files with specific extensions. This behavior can be motivated because you don’t have enough storage for big files or for security reasons. Moreover, if you use DFSR to replicate shared folder to another site, you don’t want to block the bandwidth with a movie replication.
Microsoft Windows Server included a role which provide us the ability to manage files on shared folder: File Server Resource Manager (FSRM).
File Server Resource Manager FSRM
In order to block, deny some file extensions, we need to install and configure this role. Let’s see how to do that with Server 2012 R2.
If you manage a System Center Configuration Manager solution in your enterprise, you may have branch sites with slow bandwidth. When you deploy an Application, users in this remote site complain of slow network connections because of SCCM’s downloads.
Several solutions can be used to solve this issue, as BranchCache or deploy a Distribution Point on site. Using BranchCache needs to modify configuration on Windows Servers and Clients, like role installation and GPO. Moreover Distribution Point needs infrastructure on site, so budget allocation. Fortunately, Microsoft allows us to easily manage BITS transfer using SCCM.
Let’s see how to do deploy this configuration on remote sites.
Do you know that you can easily display a World Map of your servers location with System Center Configuration Manager 2012?
This feature is built in with SCCM, and it lets you to quickly have a look on the health of your infrastructure. Moreover, some managers like to have this map available for project presentation.
SCCM Server World Map
In this post, I set the location for one Primary server, but you can do it for all Primary and Secondary sites. Let’s see how to do that:
When you are deploying a “big” software update like KB2919355, with System Center Configuration Manager, you can have the error code 0x800f0821 on some computers.
The computer receives the update, downloads it and starts to install it but the installation will fail.
Installation failed 0x800f0821
This error is raised because the execution time was reached. Depends on computers and servers, you may or not have this error on all SCCM clients.
Let’s see how to change the configuration in SCCM.
With Windows 10, Microsoft integrated an existing feature of Windows Phone 8.1: Wifi Sense. It lets you to share your Wifi passcode with your friends in Facebook, Skype or Outlook.
This feature can be friendly for public people but if you are more concerned about your security network, you may want to disable this feature.
Wifi Sense new network
In the first time, Microsoft says that information sent between you, Microsoft and your friend are fully encrypted. And in second time, a person who got access to your Wifi with Wifi Sense will only have access to internet, and not your internal network. If he needs to access a share or your printer, he needs to enter the passphrase.
Let’s see how to disable this feature.
With Windows 10, Microsoft introduces a new method to get Windows Update. Before it, you can only download update from the Microsoft servers, but with Windows 10 you can also get update from computers already updated. It uses a technology like peer to peer (P2P).
By default, Windows tries to get update from Microsoft server, computer in your local network or from others computers on the internet. This new method speeds up the update download but it means that you can also send data to computers on internet. Depends on your upload rate, this can slow your internet navigation.
Let’s see how to disable this function:
When you deploy a computer with System Center Configuration Manager 2012 using OSD, the WinPE phase displays a name like “IT Organization“. It is possible to change this name by your real corporation name.
WinPE IT Organization
Let’s see how to do that.
If you try to setup IPAM, you can get an error during the provisioning IPAM server step.
“Provisioning IPAM has failed. Check inner exception for more details. Some or all identity references could not be translated”
IPAM Provisioning failed
This error is raised because you try to provision it on a Domain Controller. By design IPAM can not be installed on a DC.
On Technet, Microsoft writes:
An IPAM server is a domain member computer.
|You cannot install the IPAM feature on an Active Directory domain controller.
You could get more information here.
Sometime, you may need to activate Powershell in your SCCM WinPE boot image. This can be used by advanced script, or to display a GUI in Powershell. System Center Configuration Manager 2012 offers the possibility to easily integrated this feature.
How to enable this feature with SCCM 2012 R2: