One of the items I had to do a bit of digging to find was the location of the startup folder for all users.

If you aren’t familiar with the “startup” folder on your system I will explain it briefly.

The startup folder is a place you can put executable files (.exe), batch files (.bat), etc. that you want Windows to run every time a user logs into the system. There are a lot of usage scenarios for such a folder, my specific use case is mapping a remote windows share as a drive, for which I use a batch file. (more…)

I recently setup a new secondary windows domain. All of the users are logging in remotely via a VPN connection and their workstations belong to a different, separate domain… I quickly found myself having to regularly administer accounts… What I needed was a password self-service tool so users could take care of simple things like updating their passwords for expired accounts, resetting forgotten credentials, etc.

Budget was tight for the project, and if you do any kind of google search for this tool, paid enterprise stuff like manage engine and netwrix are at the top of the search results.

Manage Engine isn’t free or particularly cheap if you have a fair number of users. Netwrix has a freeware version of their software however it is hamstrung for one on features and based on ancient ASP code (which they still charge for…) for another. If you are running any kind of modern Microsoft network (Server 2008 R2 or newer) avoid Netwrix like the plague. I installed it several times and made sure I had all of the dependencies installed (which are numerous) and still never could get the key functionality to work correctly.

If you are a typical MS person, you, like me, probably wouldn’t have thought to add those two magical words to your google search… “open source”.

After doing as much though, a server application called PWM quickly comes to the forefront. I am not going to go into a full configuration and install of PWM here. However I am going to quickly give a few notes on potential pitfalls I fell head-first into and hopefully shorten your initial setup and installation of the software.

Before you go any further, you need to make sure all of the proper ports are open between your Active Directory Domain Controller and your PWM server. You can see which ports are needed for AD traffic here: What ports on the firewall should be open between Domain Controllers and Member Servers?

(more…)

Ran into a fun issue today… I had a pair of Server 2012 R2 servers in a remote office that refused to sync the proper time for their clocks. No matter what I did they were always off by five minutes. One of them was a domain controller for the office.

In the process of fixing the issue I learned about an interesting feature in hyper-v that was the root cause of all my trouble. By sharing my experience, hopefully you will avoid the same issues I ran into.
(more…)

One of my glorious privileges in IT is managing and enforcing security policy for the company I work for. Being a windows shop, one of the primary tools I use to that end is Group Policy.

For those of you not familiar with Group Policy, it is Microsoft’s gift (and sometimes curse) to admins such as myself. Group Policy, especially in a Domain, is an incredibly powerful tool. It can be used to do all kinds of things, from the simple to the bizarre… across your entire enterprise. The basic premise is that you have a “policy” for how you want your machines to work. For example, you might want to enforce strong passwords, or you might want to do something as granular as granting one particular group of people specific security rights to a local folder on all workstations, perhaps you need to make sure that inbound RDP sessions are disabled by default on a specific set of machines… whatever you want, particularly if it is a Microsoft feature, most likely it can be centrally controlled and administered via group policy. Suffice to say, it is an absolutely essential tool for any Windows Administrator in any large enterprise (you know, more than 2 servers and 10 endpoints…), particularly when it comes to security. That is as much as I will say about it in this post.

I was presented with a particular problem recently. We needed to disable a windows feature that was introduced in Server 2012/Widows 8. Group Policy should do the trick… however when I started digging around in the console I wasn’t finding the setting I needed. It quickly dawned on me that the majority of domain controllers are running Windows Server 2008 R2… and the server I am trying to edit policy on is referencing policy definitions for Server 2008 R2 / Windows 7 and therefore wouldn’t be aware of settings for Windows 8 / Server 2012 machine. What’s an admin to do?
(more…)

So part of my “poor-man’s hyper-v cluster” experiment in my home office here has led me to start looking into storage options for virtual platforms. Hyper-V is apparently quite flexible, however fail-over clustering limits your options.

So for those of you who are just joining us I am doing research on clustered Hyper-V for work. This was a self started project so I grabbed whatever I had available. I am therefore building an Active Directory managed network and a three node Hyper-V cluster using the following components…

Dell Latitude D830 Laptop – Intel Core Duo + 3 GB of RAM + 150 GB HD
Dell Latitude E6400 Laptop – Intel Core 2 Duo + 4 GB of RAM + 230 GB HD
Dell Optiplex 990 Mini-PC – This is my “top of the line” unit lol… Core i7 – 4 GB RAM – 160 GB HD
Ancient TP-Link N150 router – 4 wired ports of 100 mbit bliss… (no gigabit :(…)

Surprisingly enough, even the ancient D830 has a processor that is new enough to run Hyper-V 3.0 on Windows Server 2012R2. This will only work with the server version of the OS though because of no support for SLAT which is an added requirement of the CPU if you are going to run Hyper-V on Windows 8.1. Only the Core I7 has SLAT built-in.

Another interesting note, the E6400 with the Core 2 Duo was by far the biggest pain to get working. Hence I am noting it here for anyone that comes searching…

–NOTE ABOUT DISABLING TRUSTED EXECUTION ON DELL LATITUDE E6400 LAPTOP–
Can’t enable hyper-v role service on Dell Latitude E6400 laptop? Here is why… Trusted Execution needs to be TURNED OFF in BIOS. This is definitely a Dell specific glitch. So, reboot into bios, turn on the TPM, reboot, go into BIOS, ENABLE the TPM (two separate steps) and then under virtualization options turn on everything except for Trusted Execution. Then it will work. Okay… moving on…
–END NOTE–

Okay… this was supposed to be a post about storage. So lets talk storage.
(more…)