Well even when you are working on the floor at Teched you have the opportunity to research and deal with customer queries. So I was busy doing my flipping between the Ask the Experts and the Hands On Labs and a delegate asked me a question that deserves serious consideration.
The delegate was asking what was Microsofts recommendation around having more than one Network Card in a Domain Controller.
Well my response was and is that this is not a recommended configuration however we do realise alot of our customers do work in this configuration.
Please see below for the kbarticles and background information around this.
The reason for this is various issues which are well documented in the following articles.
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx
http://forums.techarena.in/active-directory/954155.htm
Both these technical references point to kbarticles which highlight specific issues which can arise in this situation , but also highlight workarounds.
246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per NIC too):
http://support.microsoft.com/?id=246804
296379 - How to Disable NetBIOS on an Incoming Remote Access Interface [Registry Entry]:
http://support.microsoft.com/?id=296379
Well Rane Johnson and myself delivered our Women in Technology session at Teched yesterday. I can honestly say that it went very well and was well received by our ladies and gentlemen who attended. To say the least this was not run like a normal break out session and to the suprise of the ladies & gentlemen we made the event as interactive as possible !. There were some great networking going on which we carried on into the Community Evening where we made a point of signing the Community Lounge “Berlin Wall”.
I would like to thank Rane Johnson Microsoft Technical Audience Marketing Lead for CEE for helping me make this session a great success.
Plus also Paula Januszkiewicz ,http://blogs.technet.com/plwit and Ilse Van Criekinge of Microsoft for helping us make this event a success !
See a selection of feedback quotes ;
“ A very inspirational Session - Thankyou!”
Also from an Male attendee
“Such an inspiring session with speakers passionate about the subject. Really enjoyed that the session was interactive since it makes the session much more valuable than else. The topic is very important, also for us men, and should be emphasized more in coming events.”
So thankyou to all that attended and I look forward to meeting up with you hopefully at some event in the future !
Hi Everyone,
Well I am now here working in Teched Berlin and it is an amazing place. The Messe. I am due to help deliver the Women in Technology session on Tuesday at 17:00. We have some great givaways.
Plus also some T-Shirts and Laptop bags. If you want to know the details of our session please see my previous posting. http://blogs.technet.com/janelewis/archive/2009/10/28/microsoft-teched-berlin-2009-it-is-going-to-be-great.aspx
We are really looking forward to delivering it. Apart from that breakout session I am also going to be working hard on the Technical Learning Centres Stands throughout the week.
What I thought was a great cool present to the presenters was a small piece of the Berlin Wall !. Really Cool !
Hi Everyone,
We want to let you know that there is a correction to the link to download
“Group Policy Settings added to Windows 2008”.
So if you are looking for it the link is here
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=18c90c80-8b0a-4906-a4f5-ff24cc2030fb
Apologies if you have had trouble finding it
Hi
I recently had an interesting question posed by my customer with regards to search issues within Outlook 2007 and the way WDS works in Windows Vista and Windows 7
The user in question used outlook for around 80% of their working day. This involved them search for work orders and service requests and dealing and escalating them appropriately.
The work order was the anchor point of reference in what sometimes could be a very complicated email trail. It was therefore essential they could track down the related mails via its numerical reference.
However the Service request or Work Order could be typed in various ways e.g.
W000001234 SREQ000001234 , 1234 W01234,
The common denominator in the above is the actual 4-6 numeric at the end of the string. The user stated that this was the one constant people used in either the subject or the body of the email.
However since Vista the way that searches are handle by the Operating system and how that is integrated with Outlook has changed as explained in this excellent blog by Jonas Barklund
So the major difference is the way the OS and anything integrated or sat on top of the search Engine (Windows Desktop Search) which is built into Vista and Windows 7 deals with searches.
Windows XP is Character based , XP with WDS installed, Vista and Windows 7 is normally word based. Therefore as the blog above states;
“On Windows XP search is character based. That is, if you search for a string 'test', it will find files named 'my test data.doc', 'additional testing.xls' as well as 'latest junk.txt' or (if you tell it to search also contents of files) files containing words such as 'test', 'tester' and 'fattest'.
On Windows Vista, and on Windows XP with WDS installed, search is normally word based. Searching for the string 'test' will only find documents with the word 'test' in them, or words beginning with 'test'. So it will find the files named 'my test data.doc' and 'additional testing.xls' but it will not find 'latest junk.txt'. Moreover, it will find documents containing 'test' or 'tester' but it will not find documents containing 'fattest'.”
So how does this relate to my issue ?
The user wanted to search for any 5 or 6 numeric number string e.g. 123456 in the Header and the body of the message regardless of how it was formatted or positioned in the string and get a positive hit.
Based on the above information Vista sp2 with Outlook 2007 sp2 would not do this as WDS does not execute these type of Character based searches , therefore it was not finding anything . This is by design.
So to get around this issue up steps forward Search Folders. I created within Outlook 2007 a Customised Search folder.
For instructions on how to create a work folder please see below;
Applies to Outlook 2007
1. With Outlook open, click on File > New > Search Folder… or you can hit Ctrl + Shift + (keyboard shortcut)
2. A New Search Folder dialog box will open. The box displays the different types of search folders that you can customize; in this case I selected create a custom Search Folder, then selected Choose to Name the Sarch Folder.
3.Give the Search a name such as “Work Orders Searches”
4. Now click on Criteria…
A Search Folder Criteria dialog box will open, this is where you specify which items you want the search to look for, in this case I want the folder to show me all messages that contain the numbers 1234 in the subject field and message body. (For more options you can click on the More Choices and the Advance tab). Click OK
This now then locates the messages and places them in the Search folder specified.
This search folder can be dragged and dropped into your favourites for easy access.
Well the time for Teched Europe is drawing near and I am really looking forward to it. I have the privilege of working at it again this year and am looking forward to visiting Berlin which is a city I have never been to before. Although I realise I may have to pack a few woolly jumpers as it will be chillier than Barcelona !
As well has a whole host of technical sessions , I am particularly looking forward to our
Women in Technology Session that I am coordinating and delivering with my Colleagues Rane Johnson of Microsoft Ilse Van Criekingese of Microsoft, and Paula Januszkiewicz who is an MVP Enterprise Security. All of us work within the I.T. industry for many years and bring a strong passion for technology and all have spoken at Teched events in the past. In fact both Ilse, and Paula are speaking at this years events and I am speaking and working on the Technical stands at the event.
However we also bring a strong belief that we wish to Attract, Retain and Develop women into the I.T. industry and to underpin that belief we are delivering the following Women in Technology session in the Europa 1 – Hall 7-3b 17:00 – 18:15
So please if you are attending TECHED in Berlin look to attend this session or encourage your colleagues to attend. We are looking to make this a VERY INTERACTIVE Session. Plus it is just not Women we are looking to attend Men are very welcome too :).
So Myself and my colleagues looking forward to seeing you there.
A customer of mine has been enquiring about the current situation of Scalable Networking Pack in relation to Windows 2008. Out of my research I have come up with the following information plus also some recommendations.
After Windows 2003 SP2 this setting was enabled by default. Many customers experienced some issues http://support.microsoft.com/kb/948496/jp. This was related to the fact that certain NIC cards especially Broadcom had compatibility issues with Network cards using Broadcom 5708 chipsets are known to have compatibility issues w/ TCP Chimney Offload feature.
http://blogs.msdn.com/sqlprogrammability/archive/2008/05/27/sql-server-intermittent-connectivity-issue.aspx & http://blogs.technet.com/networking/archive/2008/11/14/the-effect-of-tcp-chimney-offload-on-viewing-network-traffic.aspx and http://support.microsoft.com/kb/942861
It was therefore advisable to “Switch off” the SNP via this registry key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
EnableTCPA REG_DWORD 0x0 ßOK
EnableRSS REG_DWORD 0x0 ßOK
EnableTCPChimney REG_DWORD 0x0 ßOK
0 = disabled
1 = enabled default
With the release of 2008 I have been asked by my customer whether this is an issue still.
Well the answer is that potentially it could be , however to mitigate the issue ensure that you have the LATEST NIC card drivers as part of your server build, and checkout their comptibility with TCP Chimney Offload feature
Windows 2008 specific reference to Scalable Networking Pack.
http://support.microsoft.com/kb/951037
Hi ,
I had an interesting issue with a customer recently.
After a recent promotion of a couple of Domain Controllers , it came to light some time later that users were able to set their passwords to 0 e.g. minimum password length = 0.
On investigation what was discovered was the following.
When the Domain controller was promoted a secedit script was run. This had been part of a server build process for sometime. It was normally run on completion of the normal member server build was run.
What was included in the secedit.db script was the following critical entries to our discussion;
[Unicode]
Unicode=yes
[System Access]
MinimumPasswordAge = 0
MaximumPasswordAge = 42
MinimumPasswordLength = 0
PasswordComplexity = 0
PasswordHistorySize = 0
LockoutBadCount = 0
RequireLogonToChangePassword = 0
ForceLogoffWhenHourExpire = 0
Secedit configuration that was run
copy x:\abc\xxx\secedit.db c:\secedit.sdb /y
secedit /configure /db c:\secedit.sdb /cfg x:\abc\xxx\xxxabc.inf /overwrite /log x:\abc\xxx\error.log /quiet
attrib +h c:\secedit.sdb
This script was run using Domain Admins credentials
The result of running this command After the Domain Controller was promoted was the following Behaviour;
The Default Domain Account Security settings were overwritten by the “new” Secedit.sdb settings above. This overwrote the settings that are getting applied via the Account Security section in the Default Domain Policy.
Note this is expected behaviour because of the way Domain Controller reads its Security settings.
Information below taken from a Gary Olsen blog of 2005.
“Domain controllers provide security settings to domain users at logon time. This is a critical (and confusing) concept. The user's machine doesn't pull the security settings from the GPO at startup as it does for other machine settings. The client gets the security settings when the user is validated. The security settings that domain controllers apply to clients upon a successful user logon are those that are stored in the DC's local secedit.sdb security database. The DC gets the Account Security settings from the domain policy and applies them to its local .sdb. Note that this applies only to the account security settings, not to any other policy setting. DCs then replicate their local .sdb with each other.”
Note: If you modify block the Default Domain Policy applying to the Domain Controllers it is likely to exhibit this behaviour. Especially if the blocking or modification of the secedit.sdb is leaving the Domain Controller with insecure settings.
Therefore DO NOT run any modification to the secedit.sdb on a Domain Controller. Also do not block the application of the Default Domain Policy to the Domain Controllers OU. Please see previous blog links for further information.
It can potentially have serious implications.
http://blogs.technet.com/janelewis/archive/2007/04/24/just-don-t-do-it.aspx
Other useful links
http://technet.microsoft.com/ja-jp/library/cc730910(WS.10).aspx
http://support.microsoft.com/kb/313222
http://support.microsoft.com/kb/278316
Microsoft MVP Mark Parris is hosting a Windows 7 (Public) House Party on 26th October in the Leg of Mutton and Cauliflower Public House, Ashtead, Surrey.
Mark will be raffling off a copy of Windows 7 Ultimate with all proceeds go to Help for Heroes/ Headley Court.
Please come along and help a great cause, whilst learning a little bit about Windows 7.
If you want to contact Mark directly about this Tweet him @markparris
[ADUG] UK Active Directory User Group
http://adug.co.uk/blogs/markparris/
http://adug.co.uk
Twitter
http://twitter.com/markparris
LinkedIn
http://www.linkedin.com/in/markparris
well this is a rather neat addition to our methods of learning. If you really want to just dip your toe into a subject and have a “snack” then please see the following range of “Learning Snacks”
For other Windows Server 2008 Learning Snacks, please visit:
| Windows Server 2008 | |
| 
| Introducing Branch Office Server in Windows Server 2008 (4 minutes)
This Snack describes the benefits that Windows Server 2008 provides for installing and maintaining a branch office network. It demonstrates the installation of a branch office network by using the new server core option. It also lists the benefits of Active Directory read-only domain controllers (RODCs) and BitLocker Drive Encryption. |
| 
| Implementing Active Directory Domain Services in Windows Server 2008 (6 minutes)
This Snack describes the new options available in Windows Server 2008 for installing and configuring Active Directory Domain Services (AD DS) and auditing changes to it. It lists the features of read-only domain controllers (RODCs) and describes how to perform a non-authoritative or an authoritative restore of AD DS data. |
| 
| Implementing Network Access Protection in Windows Server 2008 (7 minutes)
This Snack describes the benefits of implementing Network Access Protection (NAP) in Windows Server 2008. It describes how to configure network and health policies for various types of clients. It identifies the options for configuring Dynamic Host Configuration Protocol (DHCP) enforcement for NAP and demonstrates the steps for testing a NAP implementation with DHCP enforcement. |
| 
| Implementing Windows Server 2008 Security (4 minutes)
This Snack examines and lists the features of Group Policy settings in Windows Server 2008. It demonstrates the steps for implementing Group Policy settings and the process of upgrading them. It also explains the purpose of security templates that can be imported into Group Policy settings. |
For other Windows Server 2008 Learning Snacks, please visit:
http://www.microsoft.com/learning/en/us/training/format-learning-snacks.aspx
Hello Again,
I got a really good tip from a Colleague Richard Diver the other day which helps verify whether a customer had the conficker virus. This was a tip passed on to him by Lesley Kipling a Senior Support Engineer within Microsoft Security team in the U.K.
Top Tip
To prevent panicking your customer when they might have a Conficker infection, keep this snippet handy to check for sure:
1. In Registry Editor, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
2. In the details pane, right-click the netsvcs entry, and then click Modify.
If the computer is infected with the Win32/Conficker virus, a random service name will be listed.
If you think you have it this website has some excellent information and guidance
http://www.microsoft.com/security/worms/conficker.aspx
Plus also visit this website for more generic information
http://www.dhs.gov/ynews/releases/pr_1238443907751.shtm
Jane
Hi Everyone,
This is a great opportunity to “GET ON THE BUS” and take advantage of getting your hands on the latest Software, Training, and excellent guidance and information from top technical experts. There are also some great giveaways of Windows 7 bus tour shirts plus much more !. This is also the chance for IT pros, devs, BDMs and IT Academy students to learn all about Windows 7, Server R2, and Exchange 2010 all while focusing on new training and certification opportunities to help sharpen your skills on next year’s hottest technologies.
DETAILS
Microsoft Get On the Bus Tour
Season 2: Europe
Tour Dates:
Milan, 26 Oct | Zurich, 27 Oct | Paris, 28 Oct | London, 29 Oct | Brussels, 30 Oct | Amsterdam, 2 Nov | Frankfurt, 3 Nov | Munich, 4 Nov | Vienna, 5 Nov | Prague, 6 Nov | Berlin, 9 Nov
www.thebustour.com/thebus
Microsoft Learning and the Springboard Series unite to bring you Season 2 of the Get On the Bus Tour. This European road show starts on 26 October in Milan, Italy, and takes the crew of the Career Express bus through 11 cities, ending at Tech·Ed Europe in Berlin, Germany, on 9 November. At each tour stop, participants get an exclusive preview of Windows® 7, Windows Server® 2008 R2, and Microsoft® Exchange Server 2010. The Career Express Tour focuses on new training and certification opportunities to help you sharpen your skills on next year’s hottest technologies! Join us at the stop nearest you for technical training, professional networking, hands-on experiences, and real-world guidance from industry experts.
Learn more and REGISTER for your local event today!
v Jump start your career with Microsoft Learning, visit www.microsoft.com/learning
v For IT Pro tips, tricks and resources for Windows 7, visit the Springboard Series at www.microsoft.com/springboard
Want to stay up to speed on the latest information for the Bus Tour?
Follow us on Twitter http://twitter.com/thebustour
Well our 4th Connected Women in Technology Event went really well on Weds 30th of September. It was Dells turn to host the event at their HQ in Bracknell, and I was pleased to say over 200 women from Dell , Google, Microsoft, Nortel , Cisco , IBM, Intel, HP were in attendance. When I get the photos I will post them up here. The theme of the day was
“Discovering Your Strengths to make an impact”
A really inciteful session was run by Eileen Brown talking about Johari. I have learnt about a little bit more about what peoples perception of me is from doing this exercise. So this is what mine turned out like…….as you can see…nobody said I was quiet and retrospective :).
If you want to do yours click here
It was also nice to get some press coverage of the event.
http://www.v3.co.uk/v3/news/2250457/peer-groups-aid-advancement
http://www.computerweekly.com/Articles/2009/10/02/237963/what-it-women-want-is-more-flexible-career-paths.htm#
Have a great weekend !
Jane
Hi just a quick post while I think of it.
I have just found a GUI to our Recycle Bin Powershell command line. Check it out and download from here.
http://www.overall.ca/index.php?option=com_content&view=article&id=40:adrecyclebin&catid=15:adrecyclebinexe&Itemid=64
Features
- Supports Windows 2008 R2 Active Directory Recycle Bin technology
- Supports Object reanimation in earlier versions of Active Directory
- Review deleted objects
- Restore multiple objects at the same time
Jane
I had a few “Hit the button at the wrong time” issues :) with my post about Security Essentials the Other day. So I wanted to make a few things clear.
1. This is the replacement for ONECARE – although we will be supporting customers until the end of their current subscription.
2. Security Essentials is the released version of the Morro product that has been talked about for a while now.
3. Security Essentials is a malaware protection product only. For full details please reference the following web site.
http://www.microsoft.com/security_essentials/
But the great news is that it is FREE, SUPPORTED AND RECEIVES REGULAR UPDATES WITHOUT ANY ANNOYING BUGGING POPUPS for adverts etc etc.
