I have a 2 node MSCS quorum based cluster and was unable to move my cluster group from node 17 to node16 manually from cluadmin. So let’s have a look and the very first thing one will do is look at cluster.log and event logs…we at Microsoft will grab...

I have seen so many customer requesting how to stop the chkdsk from checking the drive during boot time especially when they have luns in Tera bytes and they cannot afford chkdsk running and hitting the production and uptime of the server. There are 2...

What ===== RODC is a new feature unleashed with windows server 2008. Read-only Domain Controllers differentiate from Domain Controllers with writable AD replica in three basic aspects: - Read-only replica of AD database. - On-demand replication...

Aah i dont write blogs in such a nice format but this was written for an another document and i am putting same copy-paste here to save time.Hope this helps. ======= SYMPTOMS When you are using TPM+PIN+StartupKey protector on vista sp1 bitlocker...

Sometimes a damaged volume may look like it lost its file system and CHKDSK tool will complain that file system is raw The type of the file system is RAW. this is a curious issue as seen here ========= what the hell is a RAW file system?— http://www.microsoft...

Technorati Tags: NTFS So many times we have seen Server Admins asking how to figure out whether someone accessed there files or not or is it possible to play with NTFS time stamps or how exactly time stamps change and under what scenarios. I have heard...

Via this blog I have just tried to show What exactly happens when a new process is created and what all structures are required and parameters passed to that process. What ever mentioned below is all extracted from different places of windows...

A few favorite links of mine on Windows Architecture..Hope you will like reading them.. http://www.osronline.com/ http://www.windowsitlibrary.com/Documents/Book.cfm?DocumentID=356 http://www.jps.at/dev/kurs/3-23.html http://blogs.msdn...

One of the best public document which talks about Registry internals is by Mark Russinovich and I will recommend same before you go ahead with this article. http://www.microsoft.com/technet/archive/winntas/tips/winntmag/inreg.mspx?mfr=true Make...

Lets talk about what is a Dll and why we need it first ... dynamic-link library (DLL) is shared code and data that an application can load and call at run time. A DLL typically exports a set of routines for applications to use and contains other routines...

This is a very good public link to read about service control manager internals and how to manage services. download. microsoft .com/download/f/ 3/9/f3900e1e-a45c-45a4-b716-740e553e1f62/SPTCF_SYS.doc Description of svchost.exe http://support.microsoft...

NTDLL is used to call into the operating system, which is (generally) in the address range (0x80000000-0xFFFFFFFF). The operating system addresses are not accessible in user-mode; therefore a special protected mechanism (using a CPU instruction which...

I tried to dump out the headers and data sections of notepad.exe and ntdll.dll to figure out what are their dependents and what are the functions and services provided by ntdll.dll along with service numbers which are used in kernel mode. Microsoft...

I was curious to see what changes Bitlocker make on my raw disk, So i picked my dskprobe and had a quick look and I will like to share a few changes i saw. There is lot more which gets changed but not covered below. On the OS partition...

I thought of giving everyone feel of how easy it is to configure bitlocker on your machine. I picked a test Lenovo T60p machine and opened bitlocker drive encryption applet from control panel. You will get option to turn on bitlocker but before you do...

Last time we talked about what TPM is and how it works and also about clean boot of pcr’s. This time I will like to throw some light on group policies involved with bitlocker. I will only talk about a few and not all. There is a group policy which...

Last time we talked about TPM and what exactly it is. This time I will continue from where I left last time. As mentioned TPM is nothing but a device to store the secret or *blob and release it when it has measured and verified the integrity of the boot...

Neither Bitlocker drive encyption feature nor TPM chip provide protection against online attacks against the operating system when resuming from sleep mode (sleep = suspend to memory). The standard Windows protections take care of this if they are enabled...

Last time i gave a lay man's overview about bit locker and i stopped at the point why we need a TPM device and what does it do! Basically a TPM device is measuring the integrity of boot components...it’s like i trust A...completely and i asked A to...

This is my first entry for Digging in blog of mine. I thought of giving a brief description of bitlocker as a starter for someone who is not familiar with bitlocker. I will lay down the principle of its working in as simple language as I can. Bitlocker...