Category: Other

Windows Firewall through policies + SCM

So everybody should enable firewall policies in order to keep their environment secure. Best practice is to manage the firewalls through policies.. keep a default policy to enable the firewall and do not allow incoming connections.. then based on server role add exceptions and ports. That way, each server added to the domain is secured by the firewall by default, but additional policies can enable applications to receive traffic.

Read more

Whoopsie, here we go again.. antivirus kills Windows

Once in a while, antivirus companies create a new signature file that kinda stops the entire system instead of just the virus..

It’s like the docter amputates the heart of the patient, just to cure a brooze

Congratulations McAffee this time:

Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010.
WARNING: If you have not done so already, do NOT download the 5958 DAT and disable all automatic pull and update tasks.

FIM RC1 U3 and admin rights

So I tried to install the FIM RC (u3) in a demo environment, and what a hush hush was that.. My setup was fairly easy, all (except SQL) on a single box.. offcourse reading is not my best skill, but the install went fine.. and the portal was ready for the administrator account (installed it with). It opened on the fim server without a problem, but getting it to work remotely, that was another problem..

The guide tells you to register SPN’s for the Kerberos to work if the FIM Portal and FIM service are on seperate servers, but ALSO if you want to use the FIM password reset extension.. however registering the http/servername to a service account renders the remote login useless.. you will receive an HTTP Error 401. The requested resource required used authentication.

If you where to google (or bing) on that error code the links tell you to disable Kernel Mode kerberos in IIS.. well that kinda did NOT do the trick either and although the Sharepoint site comes up then, the FIM portal dies..

Read more

Best Practices Analyser + MOSS

When installing MOSS in an 2008R2 environment, you will notice that the Best Practices Analyser for Sharepoint will not run.. now this is not only to the fact that the BPA is running on the 2008R2 environment, it’s when the entire sharepoint farm is running on 2008R2. One  option is to have a single 2008/2003 server on the same farm and point to that, or wait for the next release of BPA for Sharepoint.

The error received would be: Failed to retrieve the configuration database connection string from machine ‘<insert machinename>’ due to the following error: Failed to retrieve the configuration database connection string from machine ‘<insert machinename>’

Read more

What's the next topic

Perhaps you dear readers want to know more about a specific thing? Take the poll .. and I will see what I can do 🙂

Read more

Group Policy Preferences & Drive Mappings

When using GPP’s to map drives, some of you will notice that some drives are not correctly mapped on the clients. Some users will receive other network mappings (they “sort of” never heard of before) and some network connections are there, but will not be re-attached (device name is already in use).

Read more

"Windows Installer does not permit installation from a Remote Desktop Connection"

When you try to install an MSI through an RDP connection you could get the “Windows Installer does not permit installation from a Remote Desktop Connection” dialog. Everyone seems to think that the \tsclient<drive> is a regular network share.. but it is not!.. it’s a software feature of Terminal Services service. However, if you find yourself in the position where you must use the mapped drives for installing software, either copy the software first, or map the \tsclient<drive> first.

Read more

Poor man's iSCSI

If you want to implement iSCSI it’s best to keep the normal network traffic and the iSCSI traffic apart from each other. And that usually means buying a 2nd switch capable of reaching high speeds and jumbo frames. Off course for production systems I recommend spending a few bucks.. however if you only want iSCSI in you lab, there are easier ways of creating a switch!.

Read more

How to hack Vista without bitlocker

While browsing I stumbled upon a nice video explaining the trick the get a command prompt during the loginscreen of a user.. and that command prompt is in the system security context. They say physical access is full access and without bitlocker they are right.. take a look at the short video below..

Read more

Did you install Exchange?

Lots of us install Exchange (what ever version) in our infrastructure.. do you know what Exchange does to your Active Directory.. make a statement order the shirt 😉 Link

Read more