Microsoft Supportability e-Newsletter

Microsoft has put together a comprehensive and technical article Windows Time and the W32TM service explaining how the Windows Time service works and how the time on desktop machines is synchronized with the server. There are some best practices that Read More...

Locking down desktops is becoming more and more prevalent in today’s corporate environment. Malware, viruses and malicious users are putting the pressure on IT staff to remove users as local admin’s and lockdown systems. In order for this to be successful, administrators need a delivery mechanism to install software and hot fixes to users machines. Here is some of our experiences in locking down desktops as a very import step in securing your infrastructure. Specifically, we focused on locking down desktop via Group Policy and how to leverage that in an Active Directory environment. Read More...

This is a common topic in the DFS_FRS field. Customers often describe how some users are unexpectedly denied access to targets in the namespace while other users can access the targets without problems. Customers also ask whether there are DFS permissions somewhere that must be adjusted. The answer is that DFS clients will respect the combination of NTFS and share permissions set on the particular target the client is trying to access. Read More...

Under some circumstances, a domain controller cannot be gracefully demoted due to the required dependency or operation failing. These include network connectivity, name resolution, authentication, Active Directory service replication, or the location of a critical object in Active Directory. As a last resort, we can perform a forced removal of a domain controller from Active Directory to avoid having to reinstall the operating system on a domain controller that has failed and cannot be recovered. When a domain controller can no longer function in a domain (that is, it is offline), you cannot remove Active Directory in the normal way, which requires connectivity to the domain. Forced removal is not intended to replace the normal Active Directory removal procedure in any way. It is virtually equivalent to permanently disconnecting the domain controller. Read More...