Windows 10 - Update

I've had the Windows 10 technical preview for a while now, but other that run it up in VMware workstation I've not done much with it. Today I wanted to check something, and found out my build was too old. I was just about to head over to MSDN and get the latest ISO when I thought, "I wonder if I can update it 'in place'".
Note: This procedure is going to take a while.

Solution

1. Hit the Windows Key or press 'Start' (Are we still calling it start, I don't know?) > Search for Windows Update > Select 'Windows Update Settings'.

2. Preview builds > Download now.

3. After a while (about 25 mins in my case) > Install.

4. Let it bounce, (after about an hour.)

5. Don't get too exited it still takes ages to finish installing and run sysprep.

Published By

S.G.Godwin Dinesh.MCA
Sr.System Administrator

Windows Disable UAC Thorough Group Policy

UAC (User Account Control) - while a good thing, sometimes causes more annoyances than solves problems, to turn it of through group policy do the following.

Solution

This Policy is a Computer based policy and needs to be applied to Computers NOT Users.

Local Policy or 2002/2003 Domain

Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options

2008 Domain

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

Set the Following

• User Account Control Behaviour of the elevation prompt for administrators in Admin approval mode - No Prompt or Elevate without Prompting
• User Account Control Detect Application installations and prompt for elevation - Disabled
• User Account Control Run all administrators in Admin approval mode - Disabled

ESXi 4 - Adding a license key

ESXi is free, however when you have installed it you will see,

Solution

1. To get your key go to the VMWare web site > Products > Download > Log in > It will give you a key with the download.

2. Connect to the ESXi host with your vSphere client.

3. Select the Host > Configuration tab > Licence sd Features > Edit > Enter Key > Type in the key > OK > OK.

 Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator

Missing Internet Explorer Maintenance option from GPMC with Windows 7 / 2008 R2

One of the changes with Windows 8 and Group Policy was that the Internet Explorer Maintenance section of GPMC was removed from under Windows Settings (see Interesting Change to Group Policy in Server 2012/Windows 8).

However people have been noticing that the same Internet Explorer Maintenance option is removed from GPMC when they now install IE 10 on Windows 7 / Serve 2008 R2 (See image below).

So if you still use the Internet Explorer Maintenance section in Group Policy be aware that you will lose access to the ability to edit these policy setting if you update to IE10.

Alternatively you can simply reset the Internet Explorer Maintenance settings (see How to remove imported internet explorer Group policy settings) and just use the standard Group Policy Administrative Templates or Group Policy preferences. In which case you will also want to read my other post about controlling IE Site Zone mappings using preferences How to Configure IE site zone mapping using group policy without locking out the user.

TIP: I have not verified this but some people say that un-installing IE10 will restore the Internet Explore Maintenance option in GPMC

Warning: Some people are having issues with just removing IE10. So if you are having issues check out the comment in Godwin Dinesh blog post Warning: Installing IE 10 on your Windows 7 Workstation Removes IE Maintenance Policy from Group Policy.


Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator

Windows 8 (Server and Client) Black Screen -Post VMware Tools Install

Issue

I've seen this on both the Windows 8 (Consumer Preview), and the Windows Server 8 (Beta), whilst running them in VMware Workstation 8. They install fine, but if you install the VMware tools all you get is a black screen.

This is because the SVGA Driver than VMware Tools installs Windows 8 does NOT Like.

Note: This does not hppen on ESXi 5.

Solution

I knew this was going to happen, so I took a snapshot before I installed VMware tools, Then I had the luxury of reverting back. If you are reading this you probably didn't! If that IS the case, then press F8 as the Virtual Machine starts to boot to launch Automatic Repair (be quick on the keys).

Installing VMware Tools in Windows 8

1. To stop this happening, when you install VMware tools select > Custom > Remove the SVGA Driver > Next > Finish > Yes (to reboot).

2. You will notice that the display driver that is uses, is the "Microsoft Basic Display Adaptor".

Installing and Configuring WebDAV on IIS 7 and Later

Walking Through the Installation Process

1. When the installation package opens, you see the following screen. If you agree to the license terms, check the "I accept" box, then click Install.
   
2. The progress indicator will reflect the status of the installation as it proceeds.
   
3. After the installation has completed, click Finish.
   
4. The WebDAV extension module is now installed.

Installing WebDAV on IIS 7.5

IIS 7.5 for Windows Server 2008 R2

1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
4. On the Select Role Services page of the Add Role Services Wizard, expand Common HTTP Features, select WebDAV Publishing, and then click Next.
5. On the Confirm Installation Selections page, click Install.
6. On the Results page, click Close.

IIS 7.5 for Windows 7

1. On the taskbar, click Start, and then click Control Panel.
2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
3. Expand Internet Information Services, then World Wide Web Services, then Common HTTP Features.
4. Select WebDAV Publishing, and then click OK.

Installing WebDAV on IIS 8.0 and IIS 8.5

IIS 8.0 on Windows Server 2012 and IIS 8.5 on Windows Server 2012 R2

1. Click the Server Manager icon on the desktop.
2. In the Server Manager window, click the Manage menu, and then click Add Roles and Features.
3. On the Before You Begin page, click Next.
4. Select the Installation Type and then click Next.
5. Select the Destination Server, and then click Next.
6. On the Select Role Services page, expand Web Server (IIS), expand Web Server, expand Common HTTP Features, and then select WebDAV Publishing. Click Next.
7. On the Select Features page, click Next.
8. Confirm the installation selection, and then click Install.
9. On the Results page, verify that the installation succeeds, and then click Close.
10. On the Confirm Installation Selections page, click Install.
11. On the Results page, click Close.

IIS 8.0 for Windows 8 and IIS 8.5 for Windows 8.1

1. On the taskbar, hold down the Windows key, and then press the X key. Click Control Panel.
2. In the Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
3. Expand Internet Information Services, then World Wide Web Services, then Common HTTP Features.
4. Select WebDAV Publishing, and then click OK.

Enabling WebDAV Publishing by Using IIS Manager

The WebDAV extension module makes it easy to add WebDAV publishing to existing sites by providing you with a wizard that walks you through all of the required steps.
Note: The following procedure is performed using IIS 8.5 on Windows Server 2012 R2

Step 1: Enabling WebDAV and Adding an Authoring Rule

In this first step, we add WebDAV publishing to the Default Web site, and add the required settings to allow the local administrator account to edit the content.

1. In IIS Manager, in the Connections pane, expand the Sites node in the tree, then click the Default Web Site.
2. As shown in the image below, double-click the WebDAV Authoring Rules feature.
   
3. When the WebDAV Authoring Rules page is displayed, click the Enable WebDAV task in the Actions page.
   
4. Once WebDAV has been enabled, click the Add Authoring Rule task in the Actions pane.
   
5. When the Add Authoring Rule dialog appears:
   1. Click All content to specify that the rule applies to all content types.
   2. Choose Specified users and type "administrator" for the user name.
   3. Select Read, Source, and Write for the permissions.
   4. When you have completed these items, click OK.
   

Summary for enabling WebDAV authoring and adding an authoring rule
Task completed. You have enabled WebDAV authoring on an existing Web site.
To recap the items that you completed in this step, we added WebDAV publishing to the Default Web Site by:

• Enabling WebDAV for the Web site.
• Adding an Authoring Rule for the local administrator account for Read, Source, and Write access.

Note: As mentioned earlier, your default request filtering settings may block several file types from WebDAV authoring. If you do not modify your request filtering settings, you may see various errors when you try to publish files that are blocked. For example, if you attempt to upload or download a web.config file you will see errors in your WebDAV client. For more information about configuring your request filtering settings, see the How to Configure WebDAV with Request Filtering walkthrough.

Step 2: Logging in to Your WebDAV Site

In Step 1 above, you enabled WebDAV publishing for your Default Web Site and added an authoring rule for the local administrator account for Read, Source, and Write access to your Web site's content. In this step, you log in using your administrator account.
Ensuring that you have authorization and authentication configured

1. In IIS Manager, in the Connections pane, expand the Sites node in the tree, then click the Default Web Site.
2. Double-click the Authentication feature.
   
3. When the Authentication feature opens, make sure that Windows Authentication is enabled. If it is not enabled, select Windows Authentication, and click Enable in the Action menu.(Note: You can use Basic Authentication with WebDAV, but the WebDAV redirector will only use Basic authentication with SSL connections.)
   
4. In IIS Manager, click the Default Web Site under the Sites node in the tree.
5. Double-click the Authorization Rules feature.
   
6. When the Authorization feature opens, make sure that an Allow rule is defined that includes the administrator account. (For example, the default rule for IIS allowing access to All Users will include the administrator account.)
   

Logging in to your WebDAV site using your administrator account
Logging into your WebDAV site requires the WebDAV Redirector. The WebDAV Redirector is used to publish content to an existing Web site that has the WebDAV nodule installed. You must use Server Manager to install the Desktop Experience feature before you can use the WebDAV redirector. For more information, see Using the WebDAV Redirector.

1. On your WebDAV server, open a command prompt session.
2. Type the following command to connect to your WebDAV server:
   
   net use * http://localhost/

You now have a drive mapped to your WebDAV-enabled web site using the local administrator account, and based on the authorization rule that we added in Step 1, you have Read, Write, and Source access to the content folder.
Summary for logging into your WebDAV site
To recap the items that you completed in this step:

• You verified that your Web site had sufficient authentication and authorization settings.
• You logged in to your WebDAV site as the local administrator. 

Source:
www.technetsupport.microsoft.com

Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator

DNS_Domain Issue

Error

The primary cause (99.99% of the time) a client cannot connect to, or join a domain is DNS related.

Solution

1. To Troubleshoot you need to know the IP address of your DNS server, In many cases it's on the first domain controller but that's not always the case so find out (go to a WORKING client or Server) and do the following:
Start > run > cmd {enter} > ipconfig /all {enter}.

2. Now take note of the following entries

DNS Servers . . . . . . . . . . . :

3. Go back to the PROBLEM client and ensure that it is also pointing to the same DNS server, (In the example below the problem client is pointing to 172.16.254.200 and the working on is pointing to 172.16.254.203).

4. To change or check IP settings on the client, Start > ncpa.cpl > locate your network card > Right click > Properties.

Note: If you have multiple network cards you might want to right click and disable any other network cards while you attempt to join the domain.

5. Select "Internet Protocol Version 4" > Properties > Here is our rogue DNS setting.

6. You can either manually change it to the correct entry,

7. OR, if you have a DHCP scope leasing your DNS settings simply select "Obtain DNS server address automatically" > OK > OK.

8. If that still does not rectify the problem go to the DNS server in question and Start > Run > Services.msc > Ensure the "DNS Server" service is running.

9. Make sure the problem client can "Ping" the IP address of the DNS server and the domain controller (if they are different). If this fails (times out) you have a comms problem check the network card and cabling.

10. Then make sure it can also "Ping" the DNS server and domain controller by name.

11. Then as a final check on DNS execute an "nslookup" command on the domain controllers name:

nslookup servername.domainname.domain-extension

12. That looks a bit healthier.

Create a Security Group For Domain FTP Access _Windows 2012 folder share over HTTP

Note: For a Standalone/Workgroup server see below for setting up users and groups.
1. Launch Server Manager > Tools > Active Directory Administrative Center.

2. New > Group.

3. Give the group a sensible name.

4. Here I'm going to create a user to test with, in production you would just use the domain users who you want to give access to.

5. I will simply create a user called 'ftpuser'.

6. Add the domain user(s) to your new security group.

7. Create a folder that will be the 'root' of your FTP site.

8. Grant your security group rights to this folder (Note: By default they will only get Read rights, you will need to add 'Write' if you want your users to be able to 'put' files).

Create a Security Group For Workgroup / Standalone FTP Access

1. From Server Manager > Tools >Computer Management.

2. System Tools > Local Users and Groups > Groups.

3. Give the group a sensible name.

4. I'm going to create a test user called ftpuser, this is done in Local users and groups > Users.

5. Place the user(s) you want to grant access to, into your local security group.

6. Crete a folder that will be the 'root' of your FTP site and open its properties.

7. On the security Tab > Advanced > Grant your security group rights to this folder (Note: By default they will only get Read rights, you will need to add 'Write' if you want your users to be able to 'put' files).

Windows Server 2012 Install FTP

1. From Server Manager > Tools > Add Roles and Features.

2. Next.

3. Next

4. Next

5. Select Web Server (IIS) > Select Add (when prompted) > Next.

6. Next

7. Next

8. Locate and Select FTP Server AND FTP Extensibility > Next.

9. Install

10. Close.

11. Reboot the server. This is because some of the firewall settings have a habit of not enabling until the server has restarted, this does not happen all the time, so you may be lucky and not need to reboot. But I'm a firm believer in 'If something can go wrong, it will go wrong'.

Windows Server 2012 Configure FTP

1. Windows Key > Internet Information Services (IIS) Manager.

3. Expand the servername > Right click 'Sites' > Add FTP Site.

4. Give the site a name > Browse to the folder you are going to use as the FTP 'root' folder > Next.

5. Select No SSL (I'm not going to secure the site with web certificates) > Next.

6. Authentication = Basic > Allow Access to = Selected roles or user groups > Permissions = Select read and write as appropriate > Finish.

7. Windows Key+R > firewall.cpl > Allow an app or feature through Windows Firewall.

8. Ensure FTP Server is allowed for the 'profile' that your network card has been allocated.

9. Advanced Settings.

10. Incoming Rules.

11. There should be three FTP Settings, by default they should be enabled (for FTP Port 21, Passive Ports, and Secure FTP / TCP 990).

Windows 2012 FTP Server - Testing Access

1. You can test the firewall is open by opening a telnet session to the server on port 21;

telnet {ip address or name of server} 21

2. This is what you should see (or in some cases a blinking cursor, if you are going through a firewall or device that suppresses response headers).

3. Or you can use a web browser and navigate to ftp://{ip address or name of the FTP server}.

4. Or from command line you can use the direct ftp command like so;

ftp {ip address or name of server}

Windows 2012 FTP Server - Testing External Access

To access the server externally (from the internet), requires your remote users to know either the public IP address or the public name of the server. In addition FTP (TCP Port 21) needs to be open to that IP address. This can be done by giving the server its own public IP address, or by Port Forwarding FTP from your public IP address to the private IP address of the FTP server. How that is done will differ depending on your firewall or router.
Note: If you have a Cisco Firewall, I'll put the links you require on the bottom of the page.
1. Here I'm on an external machine, and I'm using FileZilla (a free FTP client) to connect to my FTP server.

2. Just to test I'll drag a file to the FTP server, to make sure I can write/put files.

3. Here is the file uploaded.

4. Back on the server, in the 'root' folder you can see the file successfully uploaded.

Published By
S.G.Godwin Dinesh.MCA
Sr.System Administrator