G->TechLink: G->Pointer's Technology Link

The longer a Windows machine is up and running being years into its lifetime the more frequent inconsistencies can occur. For such a reason modern deployments try to work with an image-based approach - pets vs cattle. If one has to stick on a legacy machine with the pet that is continuously updated the following might help resolve Windows Update issues: If Windows update repeatedly fails to update (e.g. hangs after Downloading 100% or gets stuck in the installation procedure) one can try to install that update "by hand": https://www.catalog.update.microsoft.com/Search.aspx?q=<KB#> , e.g. https://www.catalog.update.microsoft.com/Search.aspx?q=kb4589210 If that does not resolve the issue, one quick first step is to use the System File Checker tool: sfc /scannnow It might be necessary to wait a couple of minutes after system bootup, because in the beginning Windows might report a conflict with another process. That usually resolves itself af...

Bottom line of the linked article is that the permissions should be managed at the NTFS level, while the share should be set to Everyone - Full Control. Sources: Best Practices for Share Permissions in Windows Server 2016

Step by step introduction with screenshots how to deploy DHCP Failover On Windows 2016. Sources: How to Deploy DHCP Failover on Windows Server 2016 step by step

Running your servers out of your living room exposes you sometimes to unusual issues, like getting a server OS to run on a TV Panel. Problem: The Windows Server 2016's default video adapter (Microsoft Basic Display Adapter) would inappropriately overscale the screen, so that the borders were invisible. Solution: (Obviously) install the correct video adapter drivers (which are only available for Windows 7 64-bit, but WHQL compatible and thus still installable on Windows Server 2016. Note: Running the setup.exe on the driver gave me the (imho incorrect) message that there would be newer drivers already installed on my system for the Intel drivers. I performed the following Steps: Sever Manager / Tools Computer Management Device Manager / Display Adapters / Expand Microsoft Basic Display Adapter / Right-Click / Properties Tab "Driver" / Button "Update Driver..." Browse my computer for driver software Browse for folder / Select the folder you...

If you try gpedit.msc or secpol.msc > Security Settings > Account Policies > Password Policy > Maximum password age on a modern Windows Server domain system you will fail: The value (and all the others) are grayed out. The proper way to set the values for Password Policy as a Password Settings Object (PSO): adsiedit.msc Right-click and "Connect to..." and accept defaults ... Note for parameters of type "duration" you may use the so called I8 values or the more easy to read d:hh:mm:ss format. Sources: Configuring Granular Password Settings in Windows Server 2008 Creating a PSO using ADSI Edit Apply or modify password policy

Recently I had to decide for which automation script language to go. As always the simple answer is: What is the use case? Give the most prominent tools a try and see which you like best As the immediate use case at hand is mapping a mouse button to a keyboard key I went for AutoHotkey. Collected below are a couple of URLs worth reading if you're also planning to embark on that journey. Sources: AutoIt VS AutoHotkey (at StackOverflow) AutoIt VS AutoHotkey (at AutoIt Forum) Remapping keys with AutoHotkey Remapping keys with AutoIt (1) Remapping keys with AutoIt (2)

There is a nice article on Azure AD on the things to consider when thinking about working with Azure Active Directory. "Microsoft's identity and access management (IAM) strategy has mostly been playing out in the cloud with its Azure AD service." "Microsoft has three components that power its Azure IAM solutions." Azure cloud computing services, which serve as Microsoft's infrastructure-as-a-service (IaaS) solution Azure AD Premium, [..] Microsoft's "Identity Management as a Service" offering (abbreviated as "IDaaS"). Microsoft's IDaaS provides IAM services for Azure services that are built on the Azure platform. "identity bridge" solutions. An identity bridge is an on-premises component that's used to synchronize local directories to Microsoft's IDaaS and enable single sign-on to IDaaS. Microsoft's identity bridge solutions can bridge Kerberos and LDAP to JSON over REST, as well as SAML. Mark Dio...

Containers are a powerful means of cleanly isolating applications without the tremendous overhead of having each application running in its own virtual machine. So far, the Docker project brought containers to the Linux operating system(s). Sources: Containers: Docker, Windows and Trends by Mark Russinovich Windows Containers Debut in New Windows Server 2016 Preview Keywords: Windows Server, Docker, Containers, Virtualization

For those playing with networking at home and who have an Domain Controller with Active Directory set up (although it would not be needed) and likely have that main server running as a virtual machine it is interesting to know if it has any side effects to revert back to old snapshots. Asking yourself this question, you will pretty quickly find many articles and posts that this would be a bad idea. The why is likely not found so quickly. The linked blog post nicely explains why. In short: You do not want your update sequence number (USN) getting out of sync. Furthermore starting with Windows Server 2012 cloning an AD server IS supported. Sources: Virtual Domain Controller Cloning in Windows Server 2012 Never Snapshot a Domain Controller! Here’s Why… Snapshots and Domain Controllers - Are they ALWAYS bad??? Keywords: Windows Server, Active Directory, Domain Controller, Virtualization, Snapshot

For those playing with networking at home and who have an Domain Controller with Active Directory set up (although it would not be needed) and regularly shut down that main server it is interesting to know if it has any side effects. As long as you do not keep the Domain Controller shut down longer than the days set for the Active Directory forest's tombstone lifetime you should be safe. ADSIEdit can be used to check the set tombstoneLifetime for that particular server. The default for Windows 2008 R2 and upward is 180 days. See the linked TechNet article on how to determine the tombstone lifetime for the forest. Sources: DC offline for 2 months, best way to handle? Determine the tombstone lifetime for the forest Keywords: Windows Server, Active Directory, Domain Controller, TSL, Tombstone Lifetime

Just a word of advice: just because you're on 10.x.y.z does not automatically mean your IT guys really decided for subnet 255.0.0.0 (as class A would suggest). They might have also decided to go for something arbitrary as 255.255.254.0. Important knowledge when you try to configure an NLB'd system and can't figure out why everything seems to work, except when you go outside. Ping fails, telnet fails, ... server not reachable... So, check out the "normal" subnet mask that the machine gets assigned automatically by DHCP change whatever NLB decided itself for the NLB subnet mask add the gateway if it is empty You're good to go... Keywords: Load Balancing, NLB, Windows Server, Redundancy, Failover, Microsoft