Firewall tweaks for GPO

Leave a reply

here are the Firewall rules you need to consider for playing around GPO.

For remote policy updates
Remote Scheduled Tasks Management (RPC)
Remote Scheduled Tasks Management (RPC-EPMAP)
Windows Management Instrumentation (WMI-in)

For remote policy logging
Remote Event Log Management (NP-in)
Remote Event Log Management (RPC)
Remote Event Log Management (RPC-EPMAP)
Windows Management Instrumentation (WMI-in)

TCP RPC port 135, named pipe port 445, and the dynamic ports associated with the endpoint mapper, like always.

 

Courtesy:
1. http://blogs.technet.com/b/mempson/archive/2013/01/15/firewall-ports-for-gpo-remote-update-and-rsop-reports.aspx
2. http://technet.microsoft.com/en-us/library/jj572986.aspx

Retweet

dhcp renamed to mshome.net ?!

Leave a reply

If you are seeing your Windows dhcp server got renamed to yourservername.mshome.net!

Here is the possible cause, disable ICS-Internet Connection Sharing from all the network cards.

Retweet

Delete work items from TFS 2010

Leave a reply

If you want to delete unwanted Work Items from a Team Foundation Server.

Tool required: witadmin.exe
Location: “C:\Program Files\Microsoft Visual Studio 10.0\Common 7\IDE”

How to delete-
witadmin.exe destroywi /collection:http://localhost:8080/tfs/Collection_Name /id:WI_IDs /noprompt

Example:
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE>witadmin.exe des
troywi /collection:http://localhost:8080/tfs/Collection_Name /id:4939,4940,4941,4942,4943,49
44,4945,4946,4947,4948,4949,4950,4951,4952,4953,4955,4956,12091,12092 /noprompt

Retweet

BSNL ADSL Broadband using DSL-2750U

8 Replies

BSNL ADSL Broadband using DSL-2750U
A short blog on how to configure your DSL-2750U[D-Link] Device for a ADSL Broadband connection. For a beginner configuration using this device is bit tough. Attaching step-by-step screenshots for easy setup.

1. Unbox your new DSL-2750U
2. Connect the device adapter and switch-on.
3. Search on your laptop for a new wiresless network connection named DLink.
4. Open any internet browser and connect using http://192.168.1.1
5. username/password: admin/admin [you will land on a page written as Device Info ]
6. From the left side navigation > go to Advanced Setup
7. Select Layer2 Interface and click on the add button on the right side. This will open up and page as shown below.

 

 

 

 

 

 

8. Select WAN Service from the same Advanced Setup main menu.

summary

Summary

 

 

 

 

 

 

 

 

9. Done

Retweet

Windows 2008 ServerCore Basic Config Commands

1 Reply

How to change Windows 2008R2 hostname when there is no GUI.

netdom renamecomputer %computername% /NewName:<New_Server_Name>

How to set/change IPv4 address.

This will show current address > netsh interface ipv4 show address
This will set IPv4 address > netsh interface ipv4 set address name=”Local Area Connection” source=static address=10.0.0.4 mask=255.0.0.0 gateway=10.0.0.1
This will set DNSServer > netsh interface ipv4 set dnsservers “Local Area Connection” static 10.0.0.1 Primary

Join existing Domain.
This will join Server to an existing Domain > netdom join MIA-RODC /Domain:woodgrovebank /UserD:administrator /PasswordD:<password> [MIA-RODC < Server Name, woodgrovebank < NETBIOS name of existing Domain, UserD < Domain Administrator]

Disable Network Connection.
netsh interface set interface “local area connection” disabled << This will disable Network Connection
netsh interface>set interface “local area connection” enabled << This will enable Network Connection

Create new Domain using unattended
dcpromo unattend:unattended.txt

unattended.txt

[DCINSTALL]
username=administrator
password=<password>
sitename=defautl-first-site-name
replicaornewdomain=domain
newdomain=forest
newdomaindnsname=<yourdomain_name>
forestlevel=3
databasepath=%systemroot%’NTDS”
logpath=%systemroot%’NTDS”
sysvolpath=%systemroot%’SYSVOl”
installdns=yes
confirmGC=yes
safemodeadminpassword=<password>
rebootoncompletion=yes

Refer: http://support.microsoft.com/kb/947034

 

How to add users into AD administrators group-
dsadd user “CN=mohan mathew,DC=tfs2010,DC=test” -disabled no -samid mohan -pwd <password> -mustchpwd no -memberof “CN=Administrators,DC=tfs2010,DC=test”

 

Retweet

HTC Desire – Change Default Application Installation Path

3 Replies 

Android - How to change the default application installation path to SD Card, instead of Internal Memory.

My Environment;
HTC Desire
Windows 7 x64

REquirments;
Java JDK Latest
Android SDK Latest

1. Install Java SDK
2. Install Android SDK
3. Open Android SDK Manager from Programs
4. Select Available packages from the left pane
5. Select Android Repository with updates only option
6. Make sure you have selected Usb Driver package
7. Start installation by clicking "Install Selected". [downloading + installation will take bit long]
8. Once the installation is completed, connect your Desire to PC using USB cable in charing mode.
9. Start Command Promot and navigate to C:\Program Files (x86)\Android\android-sdk\
10. Check tools and platform-tools directory for adb.exe file.
11. Change directory to location where adb.exe resides. 
Next command will set the default installation path
12. adb shell pm setInstallLocation 2, DONE!


Additional Information;
The getInstallLocation command gets the current install location
  0 [auto]: Let system decide the best location
  1 [internal]: Install on internal device storage
  2 [external]: Install on external media

The setInstallLocation command changes the default install location
  0 [auto]: Let system decide the best location
  1 [internal]: Install on internal device storage
  2 [external]: Install on external media
Retweet

Windows Server RunAs different user

1 Reply

On certain occasions, we might need to run different programs in an elevated mode. We can run it using any high privileged user accounts from ordinary user desktop. Attaching some screenshots.

Windows 2003 Server – feature is available from the program right click menu!

runas_different_user

Windows Server 2003

Windows 2008 Server – feature is removed from right click menu, but still available through command prompt [cmd.exe] .

G:\>runas /user:mohan@domain notepad
Enter the password for mohan@domain: xxxxx
Attempting to start notepad as user “mohan@domain” …

Windows 2008 R2 Server – feature is available by pressing SHIFT + right click! Yes, it is hidden.

runas_different_user_2008R2

Windows Server 2008 R2

Retweet

DISABLE ctrl+alt+del

3 Replies

1. howto DISABLE Alt+Ctrl+Del when your screen is locked. Just for avoiding accidental computer restarts! But still you can restart computer by hiting Alt+Ctrl+Del two time. For completely disabling the Alt+Ctrl+Del restarting for your computer see next session in this post.

Disable Alt+Ctrl+Del

Disable Alt+Ctrl+Del

2. howto disable Alt+Ctrl+Del computer restart. Navigate to the following registry keys and create key named ‘NoClose’ with value ’0′.

User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer]
Value Name: NoClose
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = shutdown enabled, 1 = shutdown disabled

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]Value Name: NoCloseData Type: REG_DWORD (DWORD Value)Value Data: (0 = shutdown enabled, 1 = shutdown disabled

 

Once you did this correctly, you can verify it by pressing ‘Alt+Ctrl+Del’, there you can see the ‘Shutdown’ button is grayed out!

Retweet

workgroup WSUS clients

2 Replies

If you have a workgroup which you wish to use a WSUS Server to push Microsoft updates, add the below lines into client computer registry and check for updates.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate]“WUServer”=”http://192.168.182.130:8530″”WUStatusServer”=”http://192.168.182.130:8530″
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate\AU]“NoAutoUpdate”=dword:00000000″AUOptions”=dword:00000003″ScheduledInstallDay”=dword:00000007″ScheduledInstallTime”=dword:00000023″UseWUServer”=dword:00000001″RescheduleWaitTime”=dword:00000001″NoAutoRebootWithLoggedOnUsers”=dword:00000001

http://192.168.182.130:8530 >> this is my local WSUS server with port.

Retweet

CHANGE Powershell execution policy

1 Reply

In a AD environment, script executions specially powershell scripts can be controlled using group policy.

Note:- only if you have regedit permissions [try ... Run > regedit :) ]

Restricted – can’t run any scripts
AllSigned/RemoteSigned – either self signed or trusted certificate required
Unrestricted – no restriction in running any scripts.

For a normal user executionpolicy will be Restricted, for security reasons. This can be overridden by a simple Registry tweak!!

Just save below registry script into a notepad and save it as powershell-executionpolicy.reg, and run it.  If you are familiar with registry entry, it is very easy to decipher.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]

“Path”=”C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe”
“ExecutionPolicy”=”RemoteSigned”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell]“Path”=”C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe”"ExecutionPolicy”=”RemoteSigned”

Retweet