Disable inactive computers in AD

I would be tempted to run it manually in two parts.. that sounds a little cautious I know..

From your DC you can run

CMD ( as admin )
dsquery computer -inactive 8
(this lists the inactive computers- this list can include serveres!!!)

This will list the computers which have been inactive for 8 weeks or more.

Then you can choose to manually select the highlighted computers (from the query) in AD right click disable.
Or run    dsquery computer -inactive 8 | DSMOD computer -disabled yes

This will error if there is nothing to update “dsquery computer -inactive 8 | DSMOD computer -disabled yes”

I would not schedule this to run automatically.. Just in case it bins a server.. even though servers should never been offline for 8 weeks

PowerActions for vSphere Web Client

PowerActions 1.5.0 is now available for vSphere 6.0 Web Client

http://blogs.vmware.com/PowerCLI/2015/06/good-news-poweractions-now-available-vsphere-6-0-web-client.html

“PowerActions integrates the vSphere Web Client and PowerCLI to provide complex automation solutions from within the standard vSphere management client.

PowerActions is deployed as a plugin for the vSphere Web Client and will allow you to execute PowerCLI commands and scripts in a vSphere Web Client integrated Powershell console.”

Download PowerActions 1.5.0 here
https://labs.vmware.com/flings/poweractions-for-vsphere-web-client

 

How to Disable Windows Defender

1) Open Control Panel
2) Open up Windows Defender
3) Click Tools on the top menu
4) Click on Options
5) Find the Administrator section, uncheck the box for “Use this program”
6) Click the Save button.

Now open services.msc

7) Select Windows Defender
8) Right click and select properties
8) Stop the service
9) Change Startup type to Disabled.

Create or Remove A Static Route in a Microsoft Windows OS

Route traffic via a specific NIC and IP in most Microsoft Windows operating systems.

Quick guide to create a static route in windows or remove a static route in a windows OS.

List static routes
Administrator command prompt
route print

Create a Static Route
Administrator command prompt
Add example :
route add -p 192.168.10.31 mask 255.255.255.255 192.168.1.1 if 2 metric 5

“if” is the network card number to route through.
metric is calculating the fastest, most reliable, and least expensive routes
-p Persistent
ipconfig /all (Shows the NIC for “if” number.)

Deleting a Static Route
Administrator command prompt
Delete example :
route delete 192.168.10.31

Remote Desktop Server – Customisation and Useful GPO settings

User cannot change an expired user account password in a remote desktop session that connects to a Windows Server 2008 R2-based RD Session Host server in a VDI environment

Hotfix Download Available

https://support.microsoft.com/en-us/kb/2648402

  1. 1. Open the following file: %systemDrive%/windows/web/rdweb/pages/web.config
  2. Set the following value to TRUE: <!– PasswordChangeEnabled: Provides password change page for users. Value must be “true” or “false” –> <add key=”PasswordChangeEnabled” value=”false” />

 

 

Disable IE security in a GPO using reg change

https://4sysops.com/archives/disable-internet-explorer-enhanced-security-configuration-ie-esc-with-group-policy/

 

 

Set Trust sites

http://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/

 

 

Setup SSO & disable remote app prompt  

http://social.technet.microsoft.com/wiki/contents/articles/2381.how-to-remove-the-access-messages-and-enable-the-single-sign-on-for-remoteapps.aspx

 

 

Deploying RD Session Host Servers or Farms

http://social.technet.microsoft.com/wiki/contents/articles/5466.deploying-rd-session-host-servers-or-farms.aspx

 

How to Remove the Access Messages and Enable the Single Sign On for RemoteApps

http://social.technet.microsoft.com/wiki/contents/articles/2381.how-to-remove-the-access-messages-and-enable-the-single-sign-on-for-remoteapps.aspx

 

 

Deploy Certificates by Using Group Policy

http://www.ervik.as/microsoft/windows-server-2008-r2/3321-how-to-configure-single-sign-on-for-remote-desktop-services

 

 

Enable RDC Client Single Sign-On for Remote Desktop Services

https://technet.microsoft.com/en-us/library/cc742808.aspx

http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx

https://technet.microsoft.com/en-us/library/cc742808.aspx

 

 

How to resolve the issue: “A website wants to start a remote connection. The publisher of this remote connection cannot be identified.”

http://blogs.msdn.com/b/rds/archive/2011/04/05/how-to-resolve-the-issue-a-website-wants-to-start-a-remote-connection-the-publisher-of-this-remote-connection-cannot-be-identified.aspx

 

 

Do you trust the publisher of this RemoteApp Program? prompt even though the Publisher is trusted?

https://social.technet.microsoft.com/Forums/windowsserver/en-US/f47bcba9-67bf-45d0-af3f-fd9b9982ee2a/do-you-trust-the-publisher-of-this-remoteapp-program-prompt-even-though-the-publisher-is-trusted

 

 

Create a Self-Signed Server Certificate in IIS 7

https://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx

 

 

IT: How To Create a Self Signed Security (SSL) Certificate and Deploy it to Client Machines

http://www.howtogeek.com/107415/it-how-to-create-a-self-signed-security-ssl-certificate-and-deploy-it-to-client-machines/

 

 

 

 

 

Makecert.exe (Certificate Creation Tool)

https://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx

Tested example (sets the start date to 30.6.15 and the end dates is 20yrs+ later.

makecert.exe -r -pe -n “CN=rdscluster.test.world.com” -eku 1.3.6.1.5.5.7.3.1 -b 06/30/2015 -ss my -sr localmachine -sky exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 “E:\Media\Cert\rdscluster.test.world.com.cer”

 

 

About Digitally Signing RemoteApp Programs

https://technet.microsoft.com/en-gb/library/cc754499.aspx

 

 

Create RDS Farm – Check list

https://technet.microsoft.com/en-us/library/cc753891.aspx

 

 

Install the RD Connection Broker Role Service

https://technet.microsoft.com/en-us/library/cc732076.aspx

 

 

Add Each RD Session Host Server in the Farm to the Session Broker Computers Local Group

https://technet.microsoft.com/en-us/library/cc753630.aspx

 

 

Configure an RD Session Host Server to Join a Farm in RD Connection Broker

https://technet.microsoft.com/en-us/library/cc771383.aspx

 

 

Configure DNS for RD Connection Broker Load Balancing

https://technet.microsoft.com/en-us/library/cc772506.aspx

 

 

Limit Profile Size

http://www.techrepublic.com/blog/the-enterprise-cloud/limit-profile-size-with-group-policy/

 

Note Files deleted from a network share do not go to the recycle bin. They are deleted permanently

https://social.technet.microsoft.com/Forums/windowsserver/en-US/7119aafa-fe55-470c-ae20-568b80c5dcb4/files-deleting-over-the-network-share-drive-is-not-going-to-the-recycle-bin-it-permanently-delete?forum=winservergen

 

https://social.technet.microsoft.com/Forums/windowsserver/en-US/db181312-bc96-4c3d-b7d6-daa0250b5552/applying-quota-for-user-profile-in-terminal-server

 

Empty recycle bin at log off… GPO log off script –

User Configuration – POLICIES. WINDOWS SETTINGS – SCRIPTS – Logon/Logoff

Add Empty recycle bin batch

http://www.cryer.co.uk/brian/windows/batch_files/how_to_empty_recycle_bin.htm

e:

cd \$RECYCLE.BIN

del /s /q .

 

Types of profiles

http://blogs.msdn.com/b/rds/archive/2009/06/02/user-profiles-on-windows-server-2008-r2-remote-desktop-services.aspx?Redirected=true

 

 

User Configuration – Administrative Templates – System – Logon/Logoff

 

 

SHOW and HIDE ALL DRIVES

      1. A Create one policy for admins with show all drives https://support.microsoft.com/en-us/kb/231289
      2. Create a second policy for all users with hide all drives and a deny apply policy for admins https://support.microsoft.com/en-us/kb/816100
      3. Third policy has all the terminal server config details

 

 

Temporary Profiles Loading

http://social.technet.microsoft.com/wiki/contents/articles/3571.windows-user-profiles-service-event-1511-windows-cannot-find-the-local-profile-and-is-logging-you-on-with-a-temporary-profile.aspx

Enable replication failed : Hyper-V is not in a state to accept replication on the replica server

After replication was broken, Hyper-V failed  to setup Virtual Machine Replication

Error : Enable replication failed Hyper-V is not in a state to accept replication on the replica server

Enable replication failed Hyper-V is not in a state to acept replication on the replica server

Fix – Option

1) Delete the Virtual Machine from the replica server and setup replication from the primary

or

2) During the setup of replication, specify the export of the Virtual Machine to replicate on the replica server

Enable Virtual Machine replication in Hyper-V (Microsoft Server 2012)

Guide to Virtual Machine replication in Hyper-V (Microsoft Server 2012)

Open Hyper-V manager and select the virtual machine to replicate

enable vm replication 1

Select – Enable Replication

enable vm replication 2

Click Next to continue

 

enable vm replication 3

Select the replica server (Also running Hyper-V)

enable vm replication 4

Specify the connection type (Kerberos or Certificate)

enable vm replication 5

Select the VHDX file to replicate

enable vm replication 6

select replication options

enable vm replication 7

Send replication over the network or select replica export file

enable vm replication 8

Click Finish

enable vm replication 9

Virtual Machine replication will start
enable vm replication 10

 

Please note. This is a rough example and your should research your own methods and setup

How to remove a file lock manually in Microsoft Server 2008

How to remove a file lock manually in MS Server 2008

Open Administrative Tools -> Share and Storage Management.

From the Actions pane, click Manage Open Files.

All locked files and folders should be visible on this server.

To clear a lock, select the relevant file and click “Close Selected”.

Note only use this method if other option to close / unlock a file have been tried and a user definitely not using the the file, otherwise data loss may occur.

SQL Server 2005 database has grown too big and filled the hard disk

Microsoft SQL Server 2005 database has grown too big and filled the hard disk

How much available free disk space ?
How much available free database space ?
How to free up some disk space by shrinking the database?

A quick run through

My Computer shows
C:\ OS with free space
E:\ The DB drive FULL
L:\ The logs drive with free space

——————————————
On E:\ identify which database has grown and filled the disk

Open MS SQL Management Studio
Login with domain account or a SQL database admin credentials – (SA will have these rights)

Right click the offending database

Select tasks -> shrink – > files

It will then show you how much is available to shrink

ie. E:\ Large DB is 39999.00MB
DB allocated space is 19999.00MB
Available space with in the DB is 20000.00MB (50%)

——————————————

The DB will have stopped working as there was no space to extend the file on the main disk

——————————————

In this example we can now click ok to shrink the Large DB, due to having 20,000MB free space with in the DB.
Note : If there was no free space, then you should consider looking at the application for purge options or adding additional storage

—————————————————————————
A database can shrink while running. The shrink will work in the background, IF there is space. However it might slow things down because its actually moving data off pages onto others and then deleting the empty pages when it moves the data it has to reset catalog so that the db knows where that data is in the indexes etc. (reset  means update)
Disclaimer.
This is just and example, in my own words and you should understand the tasks this article talks about and make your own decisions. The author holds NO responsibility for anything which is done based on the topic described above.