Problem
======
Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 35
Description:
The time service is now synchronizing the system time with the time source VM IC Time Synchronization Provider.

It looks this is an issue with a hyper-v client pulling time from the domain.

Based on the notes it only happens after the hyper-v client has synced time with the host (VM IC time provider).

So it appears to be the typical conflict between pulling domain time vs. pulling time from the host, we've seen this with vmware, virtual server etc...

The machine is VM, if I just only synchronizing the system time from domain time,

How can I disable VM IC Time Synchronization Provider?

Solution
=========
Please disable Hyper-V 時間同步化服務 on Client.

ISSUE
====
Windows Time Service fails to start at reboot on Hyper-V Guest OS

ASSOCIATED EVENTS
==============
Event Type:   Error
Event Source: W32Time
Event Category:    None
Event ID:       30
User:            N/A
Computer:    XXXXXX 
Description:

The time service encountered an error while reading its configuration from the registry and cannot start. The error was: 系統找不到指定的檔案。 (0x80070002)

SOLUTION
========
Uninstall the Integrated Services from the Guest OS: Hyper-V Guest Components



Reboot Guest OS

Reinstall the Integrated Services on the Guest OS: Hyper-V Guest Components



Reboot Guest OS

問題描述︰

[Non-NAP capable XP clients receive full access in NAP DHCP enforcement ]

說明與方法︰

BACKGROUND
==================

When a non-NAP-capable XP SP3 computer first joins the network and attempts to acquire a DHCP lease from a NAP-enabled DHCP server in a DHCP enforcement scenario, it is granted full network access despite a network policy requiring quarantine. This occurs because the client is not evaluated by NPS.

If a release/renew is executed on the client, it will acquire a restricted IP address 50% of the time. (Or we can reproduce this issue by disable and re-enabling the NIC on XP SP3 client)

The behavior is not observed for Vista.

This issue is currently under investigation and mitigation

問題描述︰
[Unable to edit local security policy]

Attempts to edit the local security policy of a Windows Server 2003 member results in the following error:
"Windows cannot read template information"

說明與方法︰
ANALYSIS
=======================

We can reproduce the problem by deleting the local Guest account
When opening the local policy, the values under this registry hive (HKLM\Security\Policy\Accounts\S-1-...) are processed.
If a value exists here with insufficient (or missing) data, the process will fail.

RESOLUTION
=======================

Here is the steps to restore the Guest account:
1. Open regedit
2. Go to "HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Builtin\Aliases\Members\"
3. There are few keys with different SIDs

4. Expand each SIDs and find the one that has the "000001F5" subkey

5. Copy the parent key string, in this example, it is "S-1-5-21-3217643301-207217351-1313294057"
6. Edit "restore_guest_acct.reg.txt" with notepad
7. Replace "S-1-5-21-4052084063-2461485535-52935827" with the string copied in step 5
8. Save the file and remove the ".txt" extension
9. Backup the current "HKEY_LOCAL_MACHINE\SECURITY" hive
10. Double click the reg file to register the Guest account
11. Check to see if you can now read the Secpol.msc

Below is a sample registry information for a local Guest account in Chinese traditional Windows 2003 OS

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\Names\Guest]
@=hex(1f5):

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\000001F5]
"F"=hex:02,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f,00,00,00,00,00,00,00,00,\
  f5,01,00,00,01,02,00,00,15,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00
"V"=hex:00,00,00,00,b0,00,00,00,02,00,01,00,b0,00,00,00,0a,00,00,00,00,00,00,\
  00,bc,00,00,00,00,00,00,00,00,00,00,00,bc,00,00,00,22,00,00,00,00,00,00,00,\
  e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,\
  00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,\
  00,00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,\
  00,00,00,00,00,00,00,00,00,e0,00,00,00,00,00,00,00,00,00,00,00,e0,00,00,00,\
  08,00,00,00,01,00,00,00,e8,00,00,00,04,00,00,00,00,00,00,00,ec,00,00,00,04,\
  00,00,00,00,00,00,00,f0,00,00,00,04,00,00,00,00,00,00,00,f4,00,00,00,04,00,\
  00,00,00,00,00,00,01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,44,00,00,\
  00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\
  00,00,00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\
  00,4c,00,03,00,00,00,00,00,14,00,1b,03,02,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
  00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,\
  01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,\
  00,00,00,20,02,00,00,47,00,75,00,65,00,73,00,74,00,00,00,9b,4f,86,4f,d3,8c,\
  58,5b,d6,53,fb,96,66,81,2f,00,b2,7d,df,57,4b,4e,28,75,84,76,67,51,fa,5e,33,\
  5e,36,62,66,81,01,02,00,00,07,00,00,00,01,00,01,00,01,00,01,00,01,00,01,00,\
  01,00,01,00

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-4052084063-2461485535-52935827\000001F5]
@="Ȣ"