Browse by Tags

Tagged Content List
  • Blog Post: Using AD Recycle Bin to restore deleted DNS zones and their contents in Windows Server 2008 R2

    Ned here again. Beginning in Windows Server 2008 R2, Active Directory supports an optional AD Recycle Bin that can be enabled forest-wide. This means that instead of requiring a System State backup and an authoritative subtree restore, a deleted DNS zone can now be recovered on the fly. However, due...
  • Blog Post: Enabling CEP and CES for enrolling non-domain joined computers for certificates

    Hey all, Rob here again. I thought I would expand upon my last blog describing Certificate Enrollment Web Services by covering some of the different configurations that are possible. As a refresher, Certificate Enrollment Policy and Certificate Enrollment Services abstracts certificate Policy and...
  • Blog Post: Friday Mail Sack: Newfie from the Grave Edition

    Heya, Ned here again. Since this another of those catch up mail sacks, there’s plenty of interesting stuff to discuss. Today we talk NSPI, DFSR, USMT, NT 4.0 (!!!), Win2008/R2 AD upgrades, Black Hat 2010, and Irish people who live on icebergs. Faith and Begorrah! NSPI max sessions per...
  • Blog Post: Windows 7 for TechNet and MSDN Subscribers

    Ned here. Come and get it... :) Press Release TechNet Subscribers MSDN Subscribers For all others, you'll have to wait until Friday. Oh the humanity. Just a quick reminder - unless you are part of TAP, TechBeta, or OEM Beta, you cannot get support for Windows 7 . If you don't know what those...
  • Blog Post: Auditing Password and Account Lockout Policy on Windows Server 2008 and R2

    Ned here again. Let’s talk about auditing your domain for changes made to Password and Account Lockout policies. Frankly, it’s a real pain in the neck to figure out Password and Account Lockout auditing and there are legacy architectural decisions behind how this all works, so I’ll...
  • Blog Post: Tuning replication performance in DFSR (especially on Win2008 R2)

    Hi all, Ned here again. There are a number of ways that DFSR can be tuned for better performance. This article will go through these configurations and explain the caveats. Even if you cannot deploy Windows Server 2008 R2 - for the absolute best performance - you can at least remove common bottlenecks...
  • Blog Post: Extended Validation support for websites using internal certificates

    Hey all Rob here again. One feature that that is new with Windows Server 2008R2 / Windows 7 is the ability to configure your internal certification authority hierarchy in order to issue certificates that can show as Extended Validation certificates. So for those of you who do not know, this means...
  • Blog Post: Global Object Access Auditing is Magic

    Hi folks, Ned here again. I mentioned this once in a Friday Mail Sack but today I circle around and explain a well-hidden security feature added in Windows 7 and Windows Server 2008 R2: Global Object Access Auditing Oh boy, auditing! I bet you are excited! What is it and how to enable it ...
  • Blog Post: Friday Mail Sack – Limping In Edition

    Hi there world. It’s been a particularly gnarly week: not too many questions that most people would find relevant, plus it was just crazy busy (stupid Windows 7 and R2, being all popular and whatnot, leads to a lot of USMT work for me… D-: ). Hence – late posting with not much sirloin...
  • Blog Post: Windows Server 2008 R2 CAPolicy.inf Syntax

    Greetings! This is Jonathan again. I was reviewing Chris’ excellent blog post series on designing and implementing a PKI when I realized that it would be helpful to better document the CAPolicy.inf file. The information in this post relies heavily on the information published in the Windows Server...
  • Blog Post: Changes in Functionality from 2008 to 2008 R2 (mostly)

    Ned here again. We're all snowed in down in Charlotte today, but that doesn't stop the blogging. We've published a new TechNet guide to many of the changes between Windows Server 2008 and Windows Server 2008 R2; it's definitely worth a look and has good links to more details. This guide is not exhaustive...
  • Blog Post: New DNS and AD DS BPA’s released (or: the most accurate list of DNS recommendations you will ever find from Microsoft)

    Hi folks, Ned here again. We’ve released another wave of Best Practices Analyzer rules for Windows Server 2008 / R2, and if you care about Directory Services you care about these: AD DS rules update Info: Update for the AD DS Best Practices Analyzer rules in Windows Server 2008 R2 Download...
  • Blog Post: Windows Server 2008 R2 DFSR Features

    Ned here again. The cat is out of the bag now and we're a little more free to talk about DFSR features that are planned (not guaranteed - planned ) to release with Windows Server 2008 R2. Our friends at the File Cabinet blog have posted an excellent writeup - definitely worth a look: DFS Replication...
  • Blog Post: Friday Mail Sack: Walking Tall Edition

    Hello folks, Ned here again. After a week in Las Colinas Texas, the blog migration, and Jonathan’s attempted coup, we are still standing. Since I’m sure your whole day has been designed around this post I won’t keep you waiting. RODC WAN down behavior DFSR and the PDCE RPC...
  • Blog Post: The Windows Server division wants your feedback

    Ned here. The Windows Server division is looking for your feedback. A snippet from their post: From our research we have identified 5 areas where our customers have expressed increased concerns: Enabling an increasingly mobile workforce Working within the constraints of tightening...
  • Blog Post: Certificate Enrollment Web Services

    Hey everyone, Rob here again. With the release of Windows Server 2008 R2 and Windows 7 we have added new methods of enrolling for certificates: Certificate Enrollment Policy (CEP) and Certificate Enrollment Service (CES). CEP is a web service that enables users and computers to obtain certificate enrollment...
  • Blog Post: Windows Server 2008 R2 Beta Available

    Ned here. You can grab the beta: Download Windows Server 2008 R2 Remember that unless you are part of TAP, TechBeta, or OEM Beta, there is no support for this product. It is only for evaluation purposes, and should be used in non-production, non-critical environments. Feel free to ask questions...
  • Blog Post: You probably don't need ACCTINFO2.DLL

    Hi folks, Ned here again. Customers periodically ask us for a rumored replacement for the Windows 2000 acctinfo.dll that works on 64-bit Windows 7 and Windows Server 2008 R2 . That old DLL added an extra tab to the Active Directory Users and Computers snap-in to centralize some user account info: ...
  • Blog Post: Replacing DFSR Member Hardware or OS (Part 4: Disk Swap)

    Hello folks, Ned here again. Previously I covered how to use an N+1 server placement method to migrate an existing DFSR environment to new hardware or operating system. Now I will show you how to replace servers in an existing Replication Group using the disk swap method. Make sure you review the...
  • Blog Post: Windows 2008 R2: Managing AD LDS using the AD PowerShell Module

    Hello it’s LaNae again. Now that Windows 2008 R2 is available we get to use the coolness of PowerShell with AD LDS. When you install the AD LDS role on a Windows 2008 R2 server it will also install the AD PowerShell module. Unfortunately the documentation in the help files for each cmdlet does not...
  • Blog Post: Remote Server Administration Tools (RSAT) Available For Windows 7 Beta

    Ned here. For those testing Windows 7 administration capabilities, this is for you. Download here This is the list of Windows Server 2008 administration tools which are included in Win7 RSAT Client: Server Administration Tools: • Server Manager Role Administration Tools: • Active...
  • Blog Post: Active Directory Recycle Bin in Windows Server 2008 R2

    Ned here again. Now that the moratorium has ended, I can start talking about new features in Windows 7 and Windows Server 2008 R2. To get things rolling today, I wanted to give you a very brief introduction to the AD Recycle Bin. It's brief because we expect a lot of folks will be using this and we already...
  • Blog Post: Hunting down DES in order to securely deploy Kerberos

    Hello folks, Ned here again. By now many businesses have begun deploying Windows Server 2008 R2 and Windows 7. Since Active Directory has become ubiquitous, Kerberos is now commonplace. What you may not know is that we made a significant change to default cryptographic support in Kerberos starting in...
  • Blog Post: Netmon, MPS, RODC's, and that new OS you might have heard about

    Ned here. A few big pieces of news, in case you've been having a busy week: Netmon 3.3 has been released . You can download from here . Read more about the new features (such as autoscroll, frame commenting, experts, WWAN support, and more) right here . MPS Reports . They're back. They work...
  • Blog Post: Done

    Ned here. Windows 7 client, Windows Server 2008 R2, and Windows Server 2008 R2 Hyper-V Standalone are RTM. Read more here on when you can get what, and other high-fiving amongst ourselves: Microsoft Press Pass When will you get Windows 7 RTM? Windows Server Division blog announcement ...