How to disable IPV6 in windows-7 and windows-8
Originally posted at: http://www.techunboxed.com/2012/08/how-to-disable-ipv6-in-windows-8.html
“IPv6 is the imminent next evolution of the Internet protocol, but it can cause problems with legacy equipment and DNS in certain environments. Disabling IPv6 is an easy way to fix certain network issues with Windows machines. If you’re not experiencing problems, there’s no reason to disable IPv6. Otherwise, it’s easy to turn on and off by editing the Windows registry. Let’s check it out…”
…
Use Registry Editor to expand the registry tree and browse to:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters
Add a Dword 32bit “DisabledComponents” then Double click on the new DisabledComponents value, enter ffffffff into the Value data dialog box, and click the OK button
Done.
HOW BEST NEWORKS’ MAIL925 COMPARES
NOTE: Please visit our new website at http://www.bestnetworksinc.com
We know that choosing a cloud service provider is an important decision. Understanding the facts about your provider is essential to setting expectations on reliability, support and services offered to help make your business successful. It is important that you understand why Best Networks’ Mail925 industry leading offering has been the solution of choice for your peers.
- We offer an unmatched, financially backed SLA of 99.999% to ensure you are consistently up and running.
- Our highly skilled support and migration staff ensures that your transition to the cloud is as smooth as possible. We’ll handle the entire migration process for you – other providers lack this type of hands on support.
- Our robust portfolio of cloud services expands beyond Microsoft products – including VoIP telephone services, Online Backup and more.
-
We enable full administrative control over our cloud services through an easy-to-use web-based control panel.
Given how critical email and other communication/collaboration services are to business, reliability is always a crucial aspect of the cloud service provider selection process. Uptime and data replication are only as good as a provider’s infrastructure and experience – as well as the capabilities of the service itself. Our state-of-the-art infrastructure, proven industry experience and unmatched 99.999% SLA are unbeatable.
Before you decide on a cloud service provider, make sure you get the facts. Below you will find detailed information on how our offering compares to the competition.
Item | Best Networks’ Mail925 | Google Apps |
SUPPORT | ||
Migration Support | Our professional staff, dedicated to your account, manages your email migration from start to finish. |
Online migration toolkit and discussion forum support |
Tech Support | Tailor made support agreement to fit your needs, including a 24/7 phone support option.Online Knowledge Base | 24/7 phone support for Business customers onlyBuilt in support ticketing system in control panel
Online forum |
CONTROL | ||
Management Control Panel | Customers able to provision users and manage settings for Best Networks’ Mail925 proprietary services as well as Microsoft-based and third-party servicesSupports all browsers | Supports all browsers |
End-user Controls |
My Services available in Outlook to change common settings for users’ services and update passwords, reducing administration loadGranular set of permissions controlled by the administrator; ability to manage all services enabled and request additional ones | Limited permissions and functionality |
RELIABILITY AND INFRASTRUCTURE | ||
Security | Policy-based Encryption add-on available; includes templates for HIPAA complianceWipe ActiveSync and BlackBerry mobile devices in case of lost or theft; supports multiple BB policies | Google Message Encryption service availableWipe ActiveSync devices; BlackBerry device wipe requires BES |
Operations: SLA and Location of Data | 7 datacenters (6 US-based, 1 UK-based)SaS 70 Type II Audited, 99.999% uptime SLA | Does not reveal which of its global datacenters are used99.9% uptime SLA |
SERVICES OFFERED | ||
Mobility Support | Support for full range of smartphones and tablets, including ActiveSync (iPhone, iPad, Android, Windows 7) and BlackBerry | Support for ActiveSync devices; BlackBerry support requires BES or downloadable apps from Google |
Supported Mail Platforms | Unlimited storage; message size limit 50 MBEnterprise version of Exchange 2010 (latest version); Outlook 2010 available | Storage max 25 GB; message size limit 25 MBGmail connection for mobile and Outlook is limited; Gmail Business Plans are based off the same free Gmail service |
Public Folders | Public folders available | Public folders supported via Google Groups |
Support for Outlook | Exchange 2010 enables full support of Microsoft Outlook® 2010 features such as improved calendaring and conversation viewOutlook Web App (enhanced web access available with Exchange 2010, supports all browsers)
Microsoft Outlook® 2011 for MAC available |
Google Apps Sync for Microsoft Outlook® is a plug-in for Outlook 2003, 2007, or 2010; however, there are limitations and synchronization issues between the twoOutlook Web App not available; users access Google Apps’ web interface |
Outlook Licenses | Available with any plan | Not available |
Collaboration and File Management | Secure instant messaging, SharePoint document management and online backup | Google IM, Docs and Cloud Connect services |
Archiving | Archiving available (basic and compliant); supports all third party cloud archiving providers | Archiving available |
Voice/Unified Communications Offering | Hosted PBX VoIP-based telephone offering with full Unified Communications optionConference Bridges | Google Voice, a consumer-oriented service |
How to Add, remove or install software during a terminal services remote session
NOTE: Please visit our new website at http://www.bestnetworksinc.com
Lots of my clients have windows 2003 servers – some of these servers are configured for Terminal Server either admin mode or remote access mode.
Often we need to connect to the server remotetly and either install or remove software. By default only Administratos have the right to install or remove software onto a server while in a remote session.
There is a little trick we need to do before…
Shortcuts while in Remote Desktop Connection
NOTE: Please visit our new website at http://www.bestnetworksinc.com
Windows XP, Windows Vista and Windows 7 all have a normal set of shortcuts that I normally use in a day by day bases. When we are active in a remote session these keys are no longer the same!
Here is a combination list of these shortcuts. Knowing them will make your life a bit easier.
- CTRL+ALT+END: I use this one to open the Microsoft Windows Task Manager. Locally the key is (CTRL+ALT+DEL)
- ALT+PAGE UP: Switch between programs from left to right (CTRL+PAGE UP). Locally I cycle thru these key combination (ALT+TAB)
- ALT+PAGE DOWN: Switch between programs from right to left (CTRL+PAGE DOWN). Locally I cycle thru these key combination (ALT+TAB)
- ALT+INSERT: Cycle through the programs in most recently used order (ALT+TAB)
- ALT+HOME: Display the Start menu (CTRL+ESC)
- CTRL+ALT+BREAK: Switch the client computer between a window and a full screen
- ALT+DELETE: Display the Windows menu
- CTRL+ALT+Minus sign (-): Place a snapshot of the entire client window area on the Terminal server clipboard and provide the same functionality as pressing ALT+PRINT SCREEN on a local computer (ALT+PRT SC)
- CTRL+ALT+Plus sign (+): Place a snapshot of the active window in the client on the Terminal server clipboard and provide the same functionality as pressing PRINT SCREEN on a local computer (PRT SC)
Windows cannot access the specified device, path, or file
Windows cannot access the specified device, path, or file
Best Networks Inc.
Cesar Lopez
I had issues with a Windows Server 2003 R2 running in Terminal Server Mode and accessing an executable from another windows 2003 R2 Server.
Same configuration is currently running in another Windows 200 Terminal Server – So the issue must be some type of restriction imposed by Windows 2003 R2. Here are the details of the problem / solving steps.
Configuration
- Drive is mapped as follows G: = \\servername\vol1. Users have Read and Execute access to the folder and file at G\Program\Name.exe
Problem
- Program was installed in terminal server mode as always: User /installed and user /execute
- Created a shortcut in the desktop- within a Terminal Server Virtual Session
- As we tried to execute the shortcut I get the following error:
“Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item”
I have found the solution is a two step process:
- We need to make changes to the Internet Explorer
- And, we also need to make changes to the Group Policies as follows.
First, in the Internet Explorer, we need to trust the File Server as it is part of the Intranet – the executable file sits in another local server.
Open Internet Explorer and go to: Tools, Internet Options, Security and Local Intranet
Select Sites and add the name of the other File Server as follows //ServerName to the list. Note that if you go back and check the server was added to the list you will notice the “//” are now gone.
Second, with this change we have passed the first error. However, an Open File – Security Warning is now present.
“The publisher could not be verified. Are you sure you want to run this software?”
You get this warning if you execute the program using the UNC path or a mapped drive.
Open Start, Run and type gpedit.msc, Click OK
- User Configuration
- Administrative Templates
- Windows Components
- Attachment Manager
- Add .exe to the Inclusion list for moderate risk file types setting. You can also add other extensions if needed.
This will disable the “Publisher Could Not Be Verified,” messages from appearing for the specified file type.
Increase the number of workstations a user can join to a domain
NOTE: Please visit our new website at http://www.bestnetworksinc.com
A Member of a Domain by default is limited to add 10 workstations to a Microsoft Domain.
When the user attempts to add the 11th computer or server to the Domain he/she will get one of the following messages.
When attempting to add a workstation to a Windows 2000 domain and the workstation is a Windows NT 4.0 or Windows NT 4.0 Server:
The machine account for this computer either does not exist or is unavailable.
If the workstation you are adding is a Windows 2000 Pro or a windows 2000 Server then the following message is displayed.
Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.
According to MSKB articles 251335 and 314462, there are three Methods to change this default.
- Pre-Create the User’s Computer Account
- Grant the “Create Computer Objects” and “Delete Computer Objects” Access Control Entries (ACEs) to the User
- Override the Default Limit of the Number of Computers an Authenticated User Can Join to a Domain
Method 1:
- From the Active Directory Users and Computers snap-in, right-click the container where the account resides.
- Click New, and then click Computer.
- In the Computer name box, type the name of the Windows 2000-based computer that you want to add to the domain.
Make sure the computer’s name is also entered in the Computer name (pre-Windows 2000) box (this should occur automatically). - Click Change. Select the user or group that will be joining this computer to the domain, and then click OK.
- If you want Windows NT 4.0 and previous operating systems to use this computer name object, click to select the Allow pre-Windows 2000 computers to use this account check box, and then click OK.
Method 2:
- From the Active Directory Users and Computers snap-in, click Advanced Features on the View menu so that the Security tab is exposed when you click Properties.
- Right-click the Computers container, and then click Properties.
- On the Security tab, click Advanced.
- On the Permissions tab, click Authenticated Users, and then click View/Edit.NOTE: If the Authenticated Users group is not listed, click Add and add it to the list of permission entries.
- Make sure the This object and all child objects option is displayed in the Apply onto box.
- From the Permissions box, click to select the Allow check box next to the Create Computer Objects and Delete Computer Objects ACEs, and then click OK.
Method 2:
You can override the default limit, using either of the following methods:
- Use the Ldp (Ldp.exe) tool included in the Microsoft Windows 2000 Resource Kit.
- Use an Active Directory Services Interface (ADSI) script to increase or decrease the value of the Active Directory ms-DS-MachineAccountQuota attribute. To do this:
- Install the Windows Support tools if they have not already been installed.
- Run Adsiedit.msc as an administrator of the domain.
- Expand the Domain NC node. This node contains an object that begins with “DC=” and reflects the correct domain name. Right-click this object, and then click Properties.
- In the Select which properties to view box, click Both.
- In the Select a property to view box, click ms-DS-MachineAccountQuota.
- In the Edit Attribute box, type a number. This number represents the number of workstations that you want users to be able to maintain concurrently.
- Click Set, and then click OK.
Note: the Key to this change is located in the properties of the Object ms-DS-MachineAccountQuota. One option is to increase the quota, an even better option (depending on the knowledge level on-site) is to clear it to set the number of workstation that can be added by the user to unlimited.
Resources:
check out the article “Recipe 8.11. Changing the Maximum Number of Computers a User Can Join to the Domain,” from the CodeIdol.com.
Using the Active Directory Service Interfaces Editors (ADSI Edit)
To run ADSI Edit on Windows Server 2003 or Windows XP machines, you’ll need to install Windows Server 2003 Support Tools, which you’ll find on the Windows Server 2003 CD or the Microsoft Download Center. If you’re running Windows Server 2008, ADSI Edit is installed as part of the Active Directory Domain Services (AD DS) role, which makes the server a domain controller. You can also install the Remote Server Administration Tool (RSAT) on servers that aren’t domain controllers. On machines running Windows Vista SP1 or Windows 7, you must install RSAT to use ADSI Edit.
http://support.microsoft.com/kb/314462/EN-US/
ADSI Edit (adsiedit.msc)
Updated: March 19, 2010
Applies To: Windows SBS 2008, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2
Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema.
This topic includes the following sections:
- Installing ADSI Edit
- Using ADSI Edit
- Adding ADSI Edit to MMC
- Missing Commands
- Other Topics with ADSI Edit Usage Scenarios
Note |
Another LDAP editor that Microsoft provides is Ldp. To learn more about Ldp, see Ldp Overview (http://go.microsoft.com/fwlink/?LinkId=143517). For an example of Ldp being used, see article 224543 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=23064). |
Installing ADSI Edit
To install ADSI Edit on computers running Windows Server® 2003 or Windows® XP operating systems, install Windows Server 2003 Support Tools from the Windows Server 2003 product CD or from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=100114). For more information about how to install Windows Support Tools from the product CD, see Install Windows Support Tools (http://go.microsoft.com/fwlink/?LinkId=62270).
On servers running Windows Server 2008 or Windows Server 2008 R2, ADSI Edit is installed when you install the Active Directory Domain Services (AD DS) role to make a server a domain controller. You can also install Windows Server 2008 Remote Server Administration Tools (RSAT) on domain member servers or stand-alone servers. For specific instructions, see Installing or Removing the Remote Server Administration Tools Pack (http://go.microsoft.com/fwlink/?LinkId=143345).
To install ADSI Edit on computers running Windows Vista® with Service Pack 1 (SP1) or Windows 7, you must install RSAT. For more information and to download RSAT, see article 941314 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=116179).
Note |
regsvr32 adsiedit.dll
|
Using ADSI Edit
http://technet.microsoft.com/en-us/library/cc773354(WS.10).aspx
ADSI Edit (Adsiedit.msc) is an MMC snap-in. You can add the snap-in to any .msc file through the Add/Remove Snap-in menu option in MMC, or just open the Adsiedit.msc file from Windows Explorer. The following figure illustrates the ADSI Edit interface. In the console tree on the left, you can see the major partitions Domain, Configuration, and Schema. The figure shows the Builtin container of the Contoso.com domain selected. In the details pane on the right, you can see the Builtin groups of Active Directory.
Note |
Adsiedit.msc automatically attempts to load the current domain to which the user is logged on. If the computer is installed in a workgroup or otherwise not logged on to a domain, the message “The specified domain does not exist” displays repeatedly. To resolve this issue, you may want to open an MMC, add the ADSI Edit snap-in, make connections as appropriate, and then save the console file. |
ADSI Edit Node
To view the following commands, in the console tree click the ADSI Edit node, click the Action menu, and then click one of the following:
Connect To
The Connection Settings dialog box appears. You can use the Connection Settings dialog box to create a connection point to an object in Active Directory. The following text boxes are located in the Connection Settings dialog box:
Name. You should not change the text in this box because it might cause an error when you attempt to make a connection. The text in this box is updated automatically, if necessary, when you configure or select a Connection Point.
Path. Displays the URL for the selected object. It cannot be edited. If the path is not correct, click Cancel, and then select the correct object.
Connection Point Section
Click either Select or type a Distinguished Name or Naming Context or Select a well known Naming Context.
- If you click the Select or type a Distinguished Name or Naming Context radio button, type the distinguished name of the object that will be the connection point in Active Directory. For example, if your domain name is contoso.com and you want to connect to the Users container, type cn=users,dc=contoso,dc=com.
- If you click the Select a well known Naming Context radio button, select the directory partition that will be the connection point in Active Directory in the list of partitions in the selection menu.
Tip |
Previous LDAP connections are remembered by the ADSI Edit tool. In versions earlier than Windows Server® 2008, the tool automatically attempts to load the current domain to which the user is logged on. If the computer is installed in a workgroup or otherwise not logged on to a domain, the message “The specified domain does not exist” appears repeatedly. To avoid these issues, open Mmc.exe, add the ADSI Edit snap-in manually, make any connections that are appropriate for you with whatever credentials are necessary, and then save the console file. This gives you your own default console that works with ADSI Edit. |
Computer Section
Specifies whether you connect to the local computer or a remote computer. Click either Default (domain or server that you are logged in to) or Select or type a domain or server. You can enter the domain name or computer name in Domain Name System (DNS) format or NetBIOS format, or you can enter an IP address.
Advanced Button
Click the Advanced button to specify alternate credentials or alternate port numbers or to change the protocol that is used to connect to Active Directory. The Advanced dialog box contains the following text boxes:
Specify Credentials. Use this box to specify alternate credentials. Unless otherwise specified, the currently logged-on user’s credentials are used.
Port Number. Type a port number if you do not want to use the default port for the LDAP or the LDAP Global Catalog protocol. The default LDAP port is 389. The default port for the Global Catalog is 3268.
Protocol Section
Click either LDAP or Global Catalog. The URL in Path might change, based on your selection. LDAP is used by default. To view the Path box, on the Advanced tab, click OK or Cancel.
Refresh
To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.
Directory Partition Node
To view the following commands, select the directory partition node that you want to manage (that is, Domain, Configuration, and Schema), click the Action menu, and then click one of the following:
Settings
The Connection Settings dialog box appears, which provides the same configuration options as previously discussed in the Connect To section.
Remove
Removes the connection point that connects ADSI Edit to a directory partition or container within Active Directory. This command affects only what is shown in the ADSI Edit console. To remove objects from Active Directory, use the Delete command.
Update Schema Now
Reloads the schema information from Active Directory into the local computer’s cache.
New
Click Query to create a new query. For more information about creating LDAP queries, see LDAP Query Basics (http://go.microsoft.com/fwlink/?LinkId=143553).
Refresh
To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.
Object Node
To view the following commands, click an object in the details pane (for example, Account Operators is an object in the previous figure), click the Action menu, and then click one of the following:
Move
Moves the object to another container in Active Directory. Opens a dialog box that you can use to select the destination container.
New Connection From Here
Creates a new connection point node and adds it to the console.
New
The New menu command reveals another menu that contains the Object command, which creates a new child object in the selected container. This command opens a set of chained dialog boxes that begins with the class of the object. If you do not have the appropriate permissions to create an object in the selected container, no classes will be listed. After you select a class, a dialog box opens for each required attribute. In the final dialog box, click More to view and edit any optional attributes.
Delete
Deletes the selected object from Active Directory. A dialog box appears asking you to confirm the deletion. This command does not appear in the menu if you do not have permissions to delete an object from Active Directory.
Rename
Changes the name of the object in Active Directory.
Refresh
To update the object from Active Directory, right-click an object, and then click Refresh. The Refresh command removes the current objects in the container and repopulates the container with updated information from Active Directory.
Adding ADSI Edit to MMC
If you are running ADSI Edit on a computer that is not logged on to a domain or if you want to create a customized MMC, you may want to add the ADSI Edit snap-in to the console.
To add the ADSI Edit Snap-in to MMC
- Open your existing console or create a new console. To create a new console, click Start, click Run, type mmc, and click OK, or at a command line, type mmc, and then press ENTER.
- Click Add/Remove Snap-in, and then click Add.
- In the Add Standalone Snap-in dialog box, click ADSI Edit in the list. If ADSI Edit does not appear here, see Installing ADSI Edit at the beginning of this topic.
- Click Add, click Close, and then click OK.
Missing Commands
The Action menus in MMC are context sensitive. If you do not have permission to perform an action, the action might not appear in the menu.
Other Topics with ADSI Edit Usage Scenarios
Although ADSI Edit is not intended for regular management of your Active Directory environment, there are instances in which you may need to use it. The following topics include procedures that use ADSI Edit.
- Weaken security using ADSI Edit (http://go.microsoft.com/fwlink/?LinkId=143425)
- Manage an AD LDS Instance Using ADSI Edit (http://go.microsoft.com/fwlink/?LinkId=143426)
- Using ADSI Edit to Edit Active Directory Attributes (http://go.microsoft.com/fwlink/?LinkId=143427)
- Article 822444 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=143428)
- Step 1: Create a PSO (http://go.microsoft.com/fwlink/?LinkId=143555)
Memory Limits for Windows Releases
See answer here: http://msdn.microsoft.com/en-us/library/aa366778(VS.85).aspx
Creating an additional domain controller in an existing domain
Please see Microsoft Site for additional detail expalnation: http://technet.microsoft.com/en-us/library/cc738032(WS.10).aspx
Creating additional domain controllers
If you already have one domain controller in a domain, you can add additional domain controllers to the domain to improve the availability and reliability of network services. Adding additional domain controllers can help provide fault tolerance, balance the load of existing domain controllers, and provide additional infrastructure support to sites.
More than one domain controller in a domain makes it possible for the domain to continue to function if a domain controller fails or must be disconnected. Multiple domain controllers can also improve performance by making it easier for clients to connect to a domain controller when logging on to the network. You can add additional domain controllers over the network or from backup media.
Before adding domain controllers you should thoroughly understand Active Directory and the requirements necessary to set up additional domain controllers in an existing domain. For more information, see Checklist: Creating an additional domain controller in an existing domain and Create an additional domain controller.
Using backup media to create additional domain controllers
With Windows 2000, the only way you can create an additional domain controller in an existing domain is by replicating the entire directory database to the new domain controller. With low network bandwidth or a large directory database, this replication can take hours or days to complete. With servers running Windows Server 2003, you can create an additional domain controller using a restored backup taken from a domain controller running Windows Server 2003. This backup can be stored on any backup media (tape, CD, or DVD) or a shared resource.
Using restored backup files to create an additional domain controller will greatly reduce the network bandwidth used when installing Active Directory over a shared resource; however, network connectivity is still necessary so that all new objects and recent changes to existing objects are replicated to the new domain controller.
It is recommended that you use the most recent backup available. Older backups require more network bandwidth for replication. The backup used cannot be older than the tombstone lifetime of the domain, which is set to a default value of 60 days (180 days in a forest that is created on a server running Windows Server 2003 with Service Pack 1 [SP1]).
If a domain controller that was backed up contained an application directory partition, it will not be restored on the new domain controller. To manually create an application directory partition on a new domain controller, see Create or delete an application directory partition.
When adding an additional domain controller using backup media, a System State backup taken only from a domain controllers running Windows Server 2003 can be used once it has been restored. For more information about how to restore a System State backup, see Restore System State data.
For general information about restoring backups, see Authoritative, primary, and normal restores.
Checklist: Creating an additional domain controller in an existing domain
Checklist: Creating an additional domain controller in an existing domain
Step Reference
(Optional) Review concepts about creating additional domain controllers over the network or by using backup media. Creating an additional domain controller
(Optional) Review concepts about security and other options available when using the Active Directory Installation Wizard. Using the Active Directory Installation Wizard
Verify that the server on which you will be installing Active Directory has an NTFS partition. Reformatting or converting a partition to use NTFS
(Optional) Review the role of a domain controller. Domain controllers
Verify that you are a member of the Domain Admins group in the domain where you will be adding the domain controller. Default groups
Verify that DNS is properly configured before installing Active Directory. Checklist: Verifying DNS before installing Active Directory
Create the domain controller. Create an additional domain controller
Using the Active Directory Installation Wizard
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Using the Active Directory Installation Wizard
The Active Directory Installation Wizard installs and configures domain controllers, which provide network users and computers access to the Active Directory directory service. You can install Active Directory on any member server (except those with restrictive license agreements) using the Active Directory Installation Wizard. Using the wizard, you will define one of the following roles for the new domain controller:
• New forest (also a new domain)
For a checklist about creating a new forest, see Checklist: Creating a new forest.
• New child domain
For a checklist about creating a child domain, see Checklist: Creating a new child domain.
• New domain tree in an existing forest
For a checklist about creating a new domain tree, see Checklist: Creating a new domain tree.
• An additional domain controller in an existing domain. This One! We will follow these steps if there is a domain ctrl in place – Cesar
For a checklist about creating an additional domain controller, see Checklist: Creating an additional domain controller in an existing domain.
Before using the Active Directory Installation Wizard, consider DNS configuration and support for existing applications.
DNS configuration
By default, the Active Directory Installation Wizard attempts to locate an authoritative DNS server for the new domain from its list of configured DNS servers that will accept a dynamic update of a service (SRV) resource record. If found, all the appropriate records for the domain controller are automatically registered with the DNS server after the domain controller is restarted.
If a DNS server that can accept dynamic updates is not found, either because the DNS server does not support dynamic updates or dynamic updates are not enabled for the domain, then the Active Directory Installation Wizard will take the following steps to ensure that the installation process is completed with the necessary registration of the SRV resource records:
1. The DNS service is installed on the domain controller and is automatically configured with a zone based on the Active Directory domain.
For example, if the domain that you chose for your first domain in the forest is example.microsoft.com, then a zone rooted at the DNS domain name of example.microsoft.com is added and configured to use the DNS Server service on the new domain controller.
2. A text file containing the appropriate DNS resource records for the domain controller is created.
The file called Netlogon.dns is created in the systemroot\System32\Config folder and contains all the records needed to register the resource records of the domain controller. Netlogon.dns is used by the Net Logon service and supports Active Directory on servers running non-Windows Server 2003 DNS.
If you are using a DNS server that supports the SRV resource record but does not support dynamic updates (such as a UNIX-based DNS server or a Windows NT DNS server), you can import the records in Netlogon.dns into the appropriate primary zone file to manually configure the primary zone on that server to support Active Directory.
If no DNS servers are available on the network, you can choose the option to automatically install and configure a local DNS server when you install Active Directory using the Active Directory Installation Wizard. The DNS server will be installed on the server on which you are running the wizard, and the server’s preferred DNS server setting will be configured to use the new local DNS server.
Before running the Active Directory Installation Wizard, ensure that the authoritative DNS zone allows dynamic updates and that the DNS server hosting the zone supports the DNS SRV resource record. For more information, see Checklist: Verifying DNS before installing Active Directory.
For more information, see Configure a DNS server for use with Active Directory. For general information about DNS integration with Active Directory, see DNS integration.
Support for existing applications
On servers running Windows NT 4.0 and earlier, read access for user and group information is assigned to anonymous users so that existing applications and some non-Microsoft applications function correctly.
On servers running Windows 2000 and Windows Server 2003, members of the Anonymous Logon group have read access to this information only when the group is added to the Pre-Windows 2000 Compatible Access group.
Using the Active Directory Installation Wizard, you can choose if you want the Anonymous Logon group and the Everyone security groups to be added to the Pre-Windows 2000 Compatible Access group by selecting the Permissions compatible with pre-Windows 2000 Server operating systems option. To prevent members of the Anonymous Logon group from gaining read access to user and group information, choose the Permissions compatible only with Windows Server 2003 operating systems option.
When upgrading a domain controller from Windows 2000 to a Windows Server 2003 operating system, if the Everyone security group is already a member of the pre-Windows 2000 Compatible Access security group (indicating backward compatibility settings), the Anonymous Logon security group will be added as a member of the pre-Windows 2000 Compatible Access security group during the upgrade.
You can manually switch between the backward compatible and high-security settings on Active Directory objects by adding the Anonymous Logon security group to the pre-Windows 2000 Compatible Access security group using Active Directory Users and Computers. For more information about adding members to a group, see Add a member to a group. For more information about default groups, see Default groups and Special identities.
Note
• If you select the Permissions compatible only with Windows Server 2003 operating systems check box when installing Active Directory and find that your applications are not functioning correctly, try resolving the problem by manually adding the special group Everyone to the Pre-Windows 2000 Compatible Access security group, and then restarting the domain controllers in the domain. Once you have upgraded to applications compatible with the Windows Server 2003 family, you should return to the more secure Windows Server 2003 operating system configuration by removing the Everyone group from the Pre-Windows 2000 Compatible Access security group and restarting the domain controllers in the affected domain.
Create an additional domain controller
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To create an additional domain controller
1. Click Start, click Run, and then type dcpromo /adv to open the Active Directory Installation Wizard with the option to create an additional domain controller from restored backup files.
2. On the Operating System Compatibility page, read the information and then click Next.
If this is the first time you have installed Active Directory on a server running Windows Server 2003, click Compatibility Help for more information.
3. On the Domain Controller Type page, click Additional domain controller for an existing domain, and then click Next.
4. On the Copying Domain Information page, do one of the following:
• Click Over the network, and then click Next.
• Click From these restored backup files, and type the location of the restored backup files, or click Browse to locate the restored files, and then click Next.
5. On the Network Credentials page, type the user name, password, and user domain of the user account you want to use for this operation, and then click Next.
The user account must be a member of the Domain Admins group for the target domain.
6. On the Database and Log Folders page, type the location in which you want to install the database and log folders, or click Browse to choose a location, and then click Next.
7. On the Shared System Volume page, type the location in which you want to install the Sysvol folder, or click Browse to choose a location, and then click Next.
8. On the Directory Services Restore Mode Administrator Password page, type and confirm the password that you want to assign to the Administrator account for this server, and then click Next.
Use this password when starting the computer in Directory Services Restore Mode.
9. Review the Summary page, and then click Next to begin the installation.
10. Restart the computer.
Notes
• To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
• The /adv switch is only necessary when you want to create a domain controller from restored backup files. It is not required when creating an additional domain controller over the network.
• In step 3, when choosing the option to copy domain information over the network, all directory data for the domain in which this domain controller will be a member will be copied over your network connection. You will have the option to cancel non-critical replication, if necessary.
• In step 3, when choosing the option to copy domain information from restored backup files, you will need to first back up the System State data of a domain controller running Windows Server 2003 from the domain in which this member server will become an additional domain controller. Then, the System State backup must be restored locally on the server on which you are installing Active Directory. To do this using Backup, choose the option Restore files to: Alternate location. For more information about restoring backups, see Related Topics.
• If a domain controller that was backed up contained an application directory partition, the application directory partition will not be restored on the new domain controller. For information about how to manually create an application directory partition on a new domain controller, see Related Topics.
• If the domain controller from which you restored the System State data was a global catalog, you will have the option to make this new domain controller a global catalog.
• You can also use a smart card to verify administrative credentials. For more information about smart cards, see Related Topics.
• You cannot install Active Directory on a computer running Windows Server 2003, Web Edition, but you can join the computer to an Active Directory domain as a member server. For more information about Windows Server 2003, Web Edition, see Related Topics.
Information about functional differences
• Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
How to fix issue with Symantec Endpoint client not installing due to a required reboot.
Problem computer: Windows Vista computer.
Problem: Symantec Endpoint Protection (SEP) Installation fails with the following error “Symantec Endpoint Protection has detected that there are pending system changes that require a reboot. Please reboot the system and rerun the installation.”
Solution: I rebooted the computer several and got the same result each time.
I found the registry key entry that I used to fix the problem.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations
Delete the registry key
Install the software without restarting the computer
NOTE: If you are running Windows Vista look for this key – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Control\SessionManager\PendingFileRenameOperations
Answer was Posted on January 24th, 2009 under Symantec Endpoint Protection, Windows 2008 • Tags: Symantec Endpoint Protection, windows.
How to Compact a Microsoft Database in Access 2007
I was working in MS Access 2007 and after all my changes, Moving / Adding /Deleting / Updating tables etc, I normally go and do a “Compaq and Repair” on the database. With the new “Ribbon Menu” … I was not able to find it! Finally I found it, but wow… Logically, I expected to be in the “Database Tools” section of the Ribbon but it was not there, I search all over this new Ribbon Menu System… after a while I gave up and tried Microsoft web site’s for help… but nothing there either. How can something so commonly use be lost? … any-way
Solution:
1. Click on the “Round Office Bottom” (upper left side), Manage. Compaq and Repair Database.
2. Another solution is to add the “Compaq and Repair Database” to the “Quick Access Toolbar”: Next to Round Office Bottom” you will find other commands like “Save”, “Undo”… to the right there is a kind of down arrow – press on the arrow and click on more commands, now change the list of commands to show you “All Commands” scroll down to find “Compaq and Repair Database” and click on “Add” to add it to the Quick Access Toolbar.
I had a hard time finding this so I hope my notes will help you!
Cesar Lopez
Best Networks Inc