tag:blogger.com,1999:blog-35146598432809066352024-02-20T16:17:55.327-05:00System Administrator RecipesOsmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.comBlogger45125tag:blogger.com,1999:blog-3514659843280906635.post-61665608700562025972014-11-10T15:14:00.000-05:002014-11-10T15:14:01.996-05:00Configure NTP Time on Windows Server 2008 R2 and 2012 R2
In the Windows Server<br />
<br />In the Keyboard push "<strong>Window Key</strong> + <strong>R</strong>”<br />
<br />
In the "<strong>Run</strong>" open windows type "<strong>Regedit</strong>"<br /><br /><span style="color: lime;"><strong>Go to:</strong></span> <br />
“<strong>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\</strong>” and edit the “<strong>Type</strong>” value > change from “<strong>NT5DS</strong>” to “<strong>NTP</strong>” and click on “<strong>OK</strong>”<br />
<br /><strong><span style="color: lime;">Go to:</span></strong> <br />
“<strong>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\</strong>” and edit the “<strong>NtpServer</strong>” value > change from “<strong>time.windows.com</strong>” to “<strong>server 1.pool.ntp.org</strong>” or other time server which are geographically close for you, click “<strong>OK</strong>”. <br />
<br />
Here you can find more NTP Servers: <br />
<br />
<a href="http://support.ntp.org/bin/view/Servers/NTPPoolServers">http://support.ntp.org/bin/view/Servers/NTPPoolServers</a><br />
<br />
<span style="color: lime;"><strong>Go to:</strong></span><br />
“<strong>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\</strong>” and edit “<strong>AnnounceFlags</strong>” value > change the value from “<strong>10</strong>” to “<strong>5</strong>”, and click “<strong>Ok</strong>”<br />
<br />
Close “<strong>Registry Editor</strong>” window.<br />
<br />
Open CMD or PowerShell console:<br />
<br /><span style="color: lime;"><strong>Type</strong></span>: “<strong>net stop w32time” and push “Enter”<br /> “</strong>net start w32time” and push “<strong>Enter</strong>”<br /> “<strong>w32tm /resync /rediscover</strong>” and push “<strong>Enter</strong>”<br />
<br />
Go to external Computer<br />
<br />Open the Command Prompt: <br /><span style="color: lime;"><strong>Type</strong></span>: “<strong>net time </strong><a href="file://dc-server/"><strong>\\DC-server</strong></a><strong> name /set /y</strong>” and push “<strong>Enter</strong>”Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-10834056309596656092014-11-10T14:11:00.001-05:002014-11-10T14:16:59.906-05:00Bitdefender Temporarily Disable Client from Control Center<br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Calibri;">Go to "</span><a href="https://gravityzone.bitdefender.com/"><span style="color: #0563c1; font-family: Arial, Helvetica, sans-serif;">https://gravityzone.bitdefender.com</span></a>"<o:p></o:p></div>
Log in with your credentials<br />
<br />
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial, Helvetica, sans-serif;"><span style="background: rgb(251, 250, 250); color: red;"></span><span style="color: red;"><o:p>Create a new Policy:</o:p></span></span></b><br />
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">In “<b style="mso-bidi-font-weight: normal;">Policies</b>” Tab
<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">Create a new Policy “<b style="mso-bidi-font-weight: normal;"><span style="color: #00b050;">Disable Endpoint Protection</span></b>”, then I unselect
all features to disable real protection.<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<b style="mso-bidi-font-weight: normal;"><span style="color: red;"><span style="font-family: Arial, Helvetica, sans-serif;">Disable on the client computer:<o:p></o:p></span></span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Go to “<b style="mso-bidi-font-weight: normal;">Policies</b>”
Tab</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Go to “<b style="mso-bidi-font-weight: normal;">Applied/Pending</b>”
tab on the “<b style="mso-bidi-font-weight: normal;">Policy</b>” menu bar</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Under “<b style="mso-bidi-font-weight: normal;">Applied/
Pending</b>” and “<b style="mso-bidi-font-weight: normal;">Default policy</b>”
click on number of computer with default policy</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->On the new “<b style="mso-bidi-font-weight: normal;">Network</b>”
window, click to select the computer do you want to change the policy</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">5.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In the right panel click in the fourth icon “<b style="mso-bidi-font-weight: normal;">Assign Policy</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">6.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->On the new windows, change from “<b style="mso-bidi-font-weight: normal;">Default Policy</b>” to “<b style="mso-bidi-font-weight: normal;">Disable Endpoint Protection</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">7.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click on “<b style="mso-bidi-font-weight: normal;">Finish</b>”
button</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">8.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Restart the computer <o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">After that if you go to “<b style="mso-bidi-font-weight: normal;">Policies</b>” tab you can see that the new apply policy was applied and
the computer appear now under “<b style="mso-bidi-font-weight: normal;">Applied
/Pending</b>” and “<b style="mso-bidi-font-weight: normal;">Disable Endpoint
Protection</b>” policy.<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<b style="mso-bidi-font-weight: normal;"><span style="color: red;"><span style="font-family: Arial, Helvetica, sans-serif;">Enable on the client computer:<o:p></o:p></span></span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Go to “<b style="mso-bidi-font-weight: normal;">Policies</b>”
Tab</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Go to “<b style="mso-bidi-font-weight: normal;">Applied/Pending</b>”
tab on the “<b style="mso-bidi-font-weight: normal;">Policy</b>” menu bar</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Under “<b style="mso-bidi-font-weight: normal;">Applied/
Pending</b>” and “<b style="mso-bidi-font-weight: normal;">Disable Endpoint
Protection</b>” click on number of computer with default policy</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->On the new “<b style="mso-bidi-font-weight: normal;">Network</b>”
window, click to select the computer do you want to change the policy</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">5.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In the right panel click in the fourth icon “<b style="mso-bidi-font-weight: normal;">Assign Policy</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">6.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->On the new windows, change from “<b style="mso-bidi-font-weight: normal;">Disable Endpoint Protection</b>” to “<b style="mso-bidi-font-weight: normal;">Default Policy</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">7.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click on “<b style="mso-bidi-font-weight: normal;">Finish</b>”
button</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">8.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Restart the computer <o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">After that if click on “<b style="mso-bidi-font-weight: normal;">Policies</b>”
tab you can see that the new apply policy was applied and the computer appear
now under “<b style="mso-bidi-font-weight: normal;">Applied /Pending</b>” and “<b style="mso-bidi-font-weight: normal;">Default Policy</b>” policy.<o:p></o:p></span></div>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-75635976670030144822014-11-03T13:58:00.000-05:002014-11-03T14:02:25.204-05:00Create a local Administrators group through a GPO on Windows Server 2008 R2 /2012 R2<span style="font-family: Arial, Helvetica, sans-serif;">Today, I'm showing how you can implement a GPO on your
Active Directory. I'm using “Restricted Groups” to put users in the “local
admin” group to Log On as a Local Administrator on all your Domain Computers.
Also deny Log On in all servers on the Domain for all members of Local Admins
group.<span style="mso-spacerun: yes;"> </span></span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">By default the Domain Controller have a “Computer”
Organizational Unit, inside that folder you can find all computers installed on
your network. If you trying to apply some group policy in “Computers”
Organizational Unit, that folder no appears on GPO. Then, for apply group
policy on one computer or in all computers on your Domain you need create a new
Organizational Unit that content all computers. Also I suggest create another
organizational Unit that content all servers of your Domain because the servers
by default are in the same “Computer” Organizational Unit. <o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">The Domain Controllers Server are in “Domain Controllers”
Organizational Units. <b style="mso-bidi-font-weight: normal;"><span style="color: red;">Be careful don’t move that server or servers ………………………..</span></b>
<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">In this example I created:<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo8; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->“<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain name
_Computers</span></b>” Organizational Unit<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo8; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->“<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain name
_Servers</span></b>” Organizational Unit<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l0 level1 lfo8; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->“<b style="mso-bidi-font-weight: normal;"><span style="color: #7030a0;">Local Admins</span></b>” Group<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l0 level1 lfo8; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;"><span style="mso-list: Ignore;">·<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->“<b style="mso-bidi-font-weight: normal;"><span style="color: #ed7d31; mso-themecolor: accent2;">IT Test</span></b>” User<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;"><span style="font-family: Arial, Helvetica, sans-serif;">Created a new
Organizational Units:<o:p></o:p></span></span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Push “<b style="mso-bidi-font-weight: normal;">Win
+ R</b>” keys at the same time, in the open “<b style="mso-bidi-font-weight: normal;">Run</b>” window type “<b style="mso-bidi-font-weight: normal;">dsa.msc</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Active
Directory Users and Computers</b>” window, right click on the “<b style="mso-bidi-font-weight: normal;">Domain Name</b>”, click to select “<b style="mso-bidi-font-weight: normal;">New</b>”, then click on “<b style="mso-bidi-font-weight: normal;">Organizational Unit</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->On the “<b style="mso-bidi-font-weight: normal;">New
object – Organizational Unit</b>” window type the Name of the new
Organizational Unit eg. (<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain name _Computers</span></b>),
then click “<b style="mso-bidi-font-weight: normal;">OK</b>” to save it.</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Expand your Active Directory Domain, click on “<b style="mso-bidi-font-weight: normal;">Computers</b>” Organizational Unit</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">5.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In the right panel you see all computers and
servers that are in your domain, click to select the computers do you want to
apply Group Policy. <b style="mso-bidi-font-weight: normal;"><span style="color: #c00000;">*** Do Not Select the Servers</span></b><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">6.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->After you select the computers, right click on
your selection and click on “<b style="mso-bidi-font-weight: normal;">Move…</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">7.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In the “<b style="mso-bidi-font-weight: normal;">Move</b>”
window, click to select the Organizational Unit for do you want move your
selected computers. In my example to (<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain name
_Computers</span></b>), then click “<b style="mso-bidi-font-weight: normal;">OK</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">8.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Now your computers are in the (<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain name _Computers</span></b>)</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">9.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Repeats steps 2 to 7 to create another
organizational Unit for your Server. Use another name eg. (<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain
name _Servers</span></b>)<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt 0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif;">Now you have the Servers and
Computers in different Organizational Units <o:p> </o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;"><span style="font-family: Arial, Helvetica, sans-serif;">Create a New Group:<o:p></o:p></span></span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l4 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Active
Directory Users and Computers</b>” window, right click on the “<b style="mso-bidi-font-weight: normal;">Users</b>” Organizational Unit, click to
select “<b style="mso-bidi-font-weight: normal;">New</b>”, then click on “<b style="mso-bidi-font-weight: normal;">Group</b>”</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l4 level1 lfo2; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">New
Object – Group</b>” type the name of the new group <b style="mso-bidi-font-weight: normal;">eg</b>. (<b style="mso-bidi-font-weight: normal;"><span style="color: #538135; mso-themecolor: accent6; mso-themeshade: 191;">Local Admins</span></b>),
then click “<b style="mso-bidi-font-weight: normal;">OK</b>”<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt 0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif;">The new Group was created<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;"><span style="font-family: Arial, Helvetica, sans-serif;">Created a New User:<o:p></o:p></span></span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l2 level1 lfo3; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Active
Directory Users and Computers</b>” window, right click on the “<b style="mso-bidi-font-weight: normal;">Domain Users</b>” Organizational Unit,
click to select “<b style="mso-bidi-font-weight: normal;">New</b>”, then click on
“<b style="mso-bidi-font-weight: normal;">User</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l2 level1 lfo3; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">New
Object – User</b>” type the name of the new User <b style="mso-bidi-font-weight: normal;">eg</b>. (<b style="mso-bidi-font-weight: normal;"><span style="color: #ed7d31; mso-themecolor: accent2;">IT Test</span></b>), fill all information
required and click next</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l2 level1 lfo3; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In the new window type the password, click to
uncheck “<b style="mso-bidi-font-weight: normal;">User must change password at the
next logon</b>” and click to select “<b style="mso-bidi-font-weight: normal;">Password
never expires</b>”</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l2 level1 lfo3; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In the new window click “<b style="mso-bidi-font-weight: normal;">OK</b>” to closed windows<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;">Add a user in the </span></b><b style="mso-bidi-font-weight: normal;"><span style="color: #7030a0; font-size: 14pt; line-height: 107%;">Local Admins </span></b><b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;">group:</span></b></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l6 level1 lfo4; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Right click on the new user created (<b style="mso-bidi-font-weight: normal;"><span style="color: #ed7d31; mso-themecolor: accent2;">IT Test</span></b>), then click to open “<b style="mso-bidi-font-weight: normal;">Properties</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l6 level1 lfo4; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Properties</b>”
window, click on “<b style="mso-bidi-font-weight: normal;">Member Of</b>” tab,
then click on “<b style="mso-bidi-font-weight: normal;">Add</b>” tab</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l6 level1 lfo4; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In the “<b style="mso-bidi-font-weight: normal;">Select
Groups</b>” window type the group do you want “<b style="mso-bidi-font-weight: normal;">Add</b>” in this example (<b style="mso-bidi-font-weight: normal;"><span style="color: #7030a0;">Local Admins</span></b>)</span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l6 level1 lfo4; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click “<b style="mso-bidi-font-weight: normal;">OK</b>”
to select, and click “<b style="mso-bidi-font-weight: normal;">OK</b>” to
finished<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">Now you are ready to apply Group Policy on the new
Organizational Units created before<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;">Adding a Domain Group (</span></b><b style="mso-bidi-font-weight: normal;"><span style="color: #7030a0; font-size: 14pt; line-height: 107%;">Local Admins</span></b><b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;">) into the Local Administrators Group</span></b><b style="mso-bidi-font-weight: normal;"><span style="font-size: 14pt; line-height: 107%;"><o:p></o:p></span></b></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Push “<b style="mso-bidi-font-weight: normal;">Win
+ R</b>” keys at the same time, in the open “<b style="mso-bidi-font-weight: normal;">Run</b>” window type “<b style="mso-bidi-font-weight: normal;">gpmc.msc</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Group
Policy Management</b>” window, click to expand <b style="mso-bidi-font-weight: normal;">Forest: Domain Name</b> > <b style="mso-bidi-font-weight: normal;">Domains</b>
> <b style="mso-bidi-font-weight: normal;">Domain Name</b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Right click on (<b style="mso-bidi-font-weight: normal;">Domain name _Computers</b>) Organizational Unit that I was created
above in this tutorial, click to select “<b style="mso-bidi-font-weight: normal;">Create
a GPO in this domain, and Link it here…</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">New
GPO</b>” window type the name of the new Group Policy that I want to apply eg.
(<b style="mso-bidi-font-weight: normal;">Domain Name _ Local Admins GPO</b>),
then click “<b style="mso-bidi-font-weight: normal;">OK</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">5.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click to expand (<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain
name _Computers</span></b>) Organizational Unit, right click on the new GPO and
click to select “<b style="mso-bidi-font-weight: normal;">Edit…</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">6.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Group
Policy Management Editor</b>” window click to expand <b style="mso-bidi-font-weight: normal;">Computer Configuration</b> > <b style="mso-bidi-font-weight: normal;">Policies</b>
> <b style="mso-bidi-font-weight: normal;">Windows Settings</b> > <b style="mso-bidi-font-weight: normal;">Security Settings</b> </span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">7.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Right click on “<b style="mso-bidi-font-weight: normal;">Restricted Groups</b>” and click to select “<b style="mso-bidi-font-weight: normal;">Add Group…</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">8.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Add
group</b>” window click “<b style="mso-bidi-font-weight: normal;">Browser …</b>”
button, and type the group do you want to apply the policy. In this example (<b style="mso-bidi-font-weight: normal;"><span style="color: #7030a0;">Local Admins</span></b>)</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">9.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click “<b style="mso-bidi-font-weight: normal;">Check
Names</b>” button, and click “<b style="mso-bidi-font-weight: normal;">OK</b>”
button</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">10.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->A new windows is open, in the “<b style="mso-bidi-font-weight: normal;">This group is a member of:</b>” click “<b style="mso-bidi-font-weight: normal;">Add</b>” and type “<b style="mso-bidi-font-weight: normal;">Administrators</b>”, then click “<b style="mso-bidi-font-weight: normal;">Ok</b>”
to apply</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">11.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Close all open windows </span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l7 level1 lfo5; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">12.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Push “<b style="mso-bidi-font-weight: normal;">Win
+ R</b>” keys at the same time, in the open “<b style="mso-bidi-font-weight: normal;">Run</b>” window type “<b style="mso-bidi-font-weight: normal;">powershell.exe</b>”
and type “<b style="mso-bidi-font-weight: normal;">gpupdate /force</b>”<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">Now all users that you have inside (<b style="mso-bidi-font-weight: normal;"><span style="color: #7030a0;">Local Admins</span></b>) group in my
example (<b style="mso-bidi-font-weight: normal;"><span style="color: #ed7d31; mso-themecolor: accent2;">IT Test</span></b>) user is a Local Administrators in that
Organizational Unit (<b style="mso-bidi-font-weight: normal;"><span style="color: #2e74b5; mso-themecolor: accent1; mso-themeshade: 191;">Domain name
_Computers</span></b>)<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">But that users now are Local Administrator and by default a
Local Administrator can Log On in the Servers too, that is not good. <o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">We need deny the access of Local Administrator to Servers.<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;"><span style="font-family: Arial, Helvetica, sans-serif;">Deny the access of
Local Administrator to Servers:<o:p></o:p></span></span></b></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Push “<b style="mso-bidi-font-weight: normal;">Win
+ R</b>” keys at the same time, in the open “<b style="mso-bidi-font-weight: normal;">Run</b>” window type “<b style="mso-bidi-font-weight: normal;">gpmc.msc</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Group
Policy Management</b>” window, click to expand <b style="mso-bidi-font-weight: normal;">Forest: Domain Name</b> > <b style="mso-bidi-font-weight: normal;">Domains</b>
> <b style="mso-bidi-font-weight: normal;">Domain Name</b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Right click on (<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain
name _Servers</span></b>) Organizational Unit that I was created above in this
tutorial, click to select “<b style="mso-bidi-font-weight: normal;">Create a GPO
in this domain, and Link it here…</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">New
GPO</b>” window type the name of the new Group Policy that I want to apply <b style="mso-bidi-font-weight: normal;">eg.</b> (<b style="mso-bidi-font-weight: normal;">Deny Log On _Local Admins Group</b>), then click “<b style="mso-bidi-font-weight: normal;">OK</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">5.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click to expand (<b style="mso-bidi-font-weight: normal;"><span style="color: #2f5496; mso-themecolor: accent5; mso-themeshade: 191;">Domain
name _Servers</span></b>) Organizational Unit, right click on the new GPO and
click to select “<b style="mso-bidi-font-weight: normal;">Edit…</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">6.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Group
Policy Management Editor</b>” window click to expand <b style="mso-bidi-font-weight: normal;">Computer Configuration</b> > <b style="mso-bidi-font-weight: normal;">Policies</b>
> <b style="mso-bidi-font-weight: normal;">Windows Settings</b> > <b style="mso-bidi-font-weight: normal;">Security Settings</b> <b style="mso-bidi-font-weight: normal;">> Local Policies</b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">7.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click on “<b style="mso-bidi-font-weight: normal;">User
Rights Assignment</b>” and in the right panel double click to open “<b style="mso-bidi-font-weight: normal;">Deny log on locally Properties</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">8.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Deny
log on locally Properties</b>” window click to check “<b style="mso-bidi-font-weight: normal;">Define these policy settings:</b>”, click on “<b style="mso-bidi-font-weight: normal;">Add User or Group</b>” and type the local Administrator group that you
created in my example (<b style="mso-bidi-font-weight: normal;"><span style="color: #7030a0;">Local Admins</span></b>)</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">9.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click “<b style="mso-bidi-font-weight: normal;">OK</b>”
twice time to apply</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">10.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Close all open windows </span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l3 level1 lfo6; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">11.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Push “<b style="mso-bidi-font-weight: normal;">Win
+ R</b>” keys at the same time, in the open “<b style="mso-bidi-font-weight: normal;">Run</b>” window type “<b style="mso-bidi-font-weight: normal;">powershell.exe</b>”
and type “<b style="mso-bidi-font-weight: normal;">gpupdate /force</b>”<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;">Now the Local Administrators can Log On in the users
computers but they cannot Log On in the servers on the Network. Local
Administrators now are restricted but they can Log On in the Domain Controllers
so we need create a GPO for restrict access into Domain Controllers too.<o:p> </o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;"><b style="mso-bidi-font-weight: normal;"><span style="color: #92d050; font-size: 14pt; line-height: 107%;">Deny the access of
Local Administrator to Domain Controllers:</span></b><o:p> </o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Push “<b style="mso-bidi-font-weight: normal;">Win
+ R</b>” keys at the same time, in the open “<b style="mso-bidi-font-weight: normal;">Run</b>” window type “<b style="mso-bidi-font-weight: normal;">gpmc.msc</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Group
Policy Management</b>” window, click to expand <b style="mso-bidi-font-weight: normal;">Forest: Domain Name</b> > <b style="mso-bidi-font-weight: normal;">Domains</b>
> <b style="mso-bidi-font-weight: normal;">Domain Name</b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Right click on (<b style="mso-bidi-font-weight: normal;">Domain name</b>) Organizational Unit, click to select “<b style="mso-bidi-font-weight: normal;">Create a GPO in this domain, and Link it
here…</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">New
GPO</b>” window type the name of the new Group Policy that I want to apply <b style="mso-bidi-font-weight: normal;">eg.</b> (<b style="mso-bidi-font-weight: normal;">Deny Log On _Local Admins Group</b>), then click “<b style="mso-bidi-font-weight: normal;">OK</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">5.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Right click on the new GPO and click to select “<b style="mso-bidi-font-weight: normal;">Edit…</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">6.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Group
Policy Management Editor</b>” window click to expand <b style="mso-bidi-font-weight: normal;">Computer</b> <b style="mso-bidi-font-weight: normal;">Configuration</b>
> <b style="mso-bidi-font-weight: normal;">Policies</b> > <b style="mso-bidi-font-weight: normal;">Windows Settings</b> > <b style="mso-bidi-font-weight: normal;">Security Settings</b> > <b style="mso-bidi-font-weight: normal;">Local Policies</b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">7.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click on “<b style="mso-bidi-font-weight: normal;">User
Rights Assignment</b>” and in the right panel double click to open “<b style="mso-bidi-font-weight: normal;">Deny log on locally Properties</b>”</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">8.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->In “<b style="mso-bidi-font-weight: normal;">Deny
log on locally Properties</b>” window click to check “<b style="mso-bidi-font-weight: normal;">Define these policy settings:</b>”, click on “<b style="mso-bidi-font-weight: normal;">Add User or Group</b>” and type the local Administrator group that you
created in this example (<b style="mso-bidi-font-weight: normal;"><span style="color: #7030a0;">Local Admins</span></b>)</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">9.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Click “<b style="mso-bidi-font-weight: normal;">OK</b>”
twice time to apply</span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">10.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Close all open windows </span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 8pt 0.5in; mso-list: l5 level1 lfo7; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">11.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span></span><!--[endif]-->Push “<b style="mso-bidi-font-weight: normal;">Win
+ R</b>” keys at the same time, in the open “<b style="mso-bidi-font-weight: normal;">Run</b>” window type “<b style="mso-bidi-font-weight: normal;">powershell.exe</b>”
and type “<b style="mso-bidi-font-weight: normal;">gpupdate /force</b>”<o:p></o:p></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 8pt;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="mso-spacerun: yes;"> </span>Now the users on
Local Admins groups are Log On as Local Administrators for all computers on the Network
except Servers and Domain Controllers.<o:p></o:p></span></div>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-51546684203282954212013-09-19T15:57:00.000-04:002015-05-27T15:09:34.877-04:00Port Forwarding with SonicWALL Firewall TZ 200Port Forwarding change the destination IP address to an IP address and port behind the firewall. <br />
Manually you can open different Ports to allow (Webserver, FTP, Email, Terminal Service, VNC, etc.) from the Internet to a server behind the SonicWALL Firewall.<br />
<br />
To open Ports to a Server you need follow the below steps:<br />
<ol>
<li><strong><span style="color: lime;">Creating a Custom Service or Services.</span></strong></li>
<li><strong><span style="color: lime;">Creating the necessary Address Objects.</span></strong></li>
<li><strong><span style="color: lime;">Defining the appropriate NAT Policies (Inbound, Outbound, and Loopback).</span></strong></li>
<li><strong><span style="color: lime;">Creating the necessary WAN, Zone Access Rules for public access.</span></strong></li>
</ol>
The following example cover allowing "TightVNC" from the Internet to a Server on the LAN with private IP address.<br />
<br />
<strong><u>Procedure:</u></strong><br />
<br />
<strong>Step 1: <span style="color: lime;">Creating a Custom Service for "TightVNC".</span></strong><br />
<ul>
<li>In the left panel click to expand "<strong>Firewall</strong> > <strong>Services</strong>".</li>
<li>I the right panel click to select "<strong>Custom Services</strong>".</li>
<li>On "<strong>Services</strong>" click to "<strong>Add</strong>" button.</li>
<li>On the "<strong>Add Service</strong>" open window, type the following data:</li>
</ul>
<span style="color: #b45f06;"><strong> - Name: TightVNC</strong></span><br />
<span style="color: #b45f06;"><strong> - Protocol: "click to expand" and select "TCP"</strong></span><br />
<span style="color: #b45f06;"><strong> - Port Range: 5900 - 5900</strong></span><br />
<ul>
<li>Then click on "Add" button.</li>
</ul>
<strong>Step 2: <span style="color: lime;">Creating the necessary "Address Objects".</span></strong><br />
<ul>
<li>In the left panel click to expand "<strong>Network</strong> > <strong>Address Objects</strong>".</li>
<li>Click on "<strong>Add</strong>" button to create "<strong>Server IP on LAN</strong>" Address Object.</li>
<li>On the "<strong>Network Security Appliance</strong>" open windows, type the following data:</li>
</ul>
<span style="color: #b45f06;"><strong> - Name: TightVNC Private</strong></span><br />
<span style="color: #b45f06;"><strong> - Zone Assignment: LAN</strong></span><br />
<span style="color: #b45f06;"><strong> - Type: Host</strong></span><br />
<strong><span style="color: #b45f06;"> - IP Address: "Here type the Server or Computer IP address" </span>e.g:</strong> 192.168.1.34<br />
<ul>
<li>Click "<strong>OK</strong>" button to create the "Server Public" Address Object.</li>
</ul>
Now<br />
<ul>
<li>Click on "<strong>Add</strong>" button to create "<strong>Public IP</strong>" Address Object.</li>
<li>On the "<strong>Network Security Appliance</strong>" open windows, type the following data:</li>
</ul>
<span style="color: #b45f06;"><strong> - Name: TightVNC Public</strong></span><br />
<span style="color: #b45f06;"><strong> - Zone Assignment: WAN</strong></span><br />
<span style="color: #b45f06;"><strong> - Type: Host</strong></span><br />
<span style="color: #b45f06;"><strong> - IP Address: "Here type the Pubic IP Address"</strong></span> <strong>e.g:</strong> 1.1.1.1<br />
<ul>
<li>Click "<strong>OK</strong>" button to create the "Public IP" Address Object.</li>
</ul>
<strong>Step 3: <span style="color: lime;">Defining NAT Policies.</span></strong><br />
<ul>
<li>In the left panel click to expand "<strong>Network</strong> > <strong>NAT Policies</strong>".</li>
<li>Click on "<strong>Add</strong>" button to create "<strong>NAT Policy</strong>" and chose the following settings from the drop-down menu:</li>
</ul>
<span style="color: #b45f06;"><strong> - Original Source: Any</strong></span><br />
<span style="color: #b45f06;"><strong> - Translated Source: Original</strong></span><br />
<span style="color: #b45f06;"><strong> - Original Destination: TightVNC Public</strong></span><br />
<span style="color: #b45f06;"><strong> - Translated Destination: TightVNC Private</strong></span><br />
<span style="color: #b45f06;"><strong> - Original Service: TightVNC</strong></span><br />
<span style="color: #b45f06;"><strong> - Translated Service: Original</strong></span><br />
<span style="color: #b45f06;"><strong> - Inbound Interface: Any</strong></span><br />
<span style="color: #b45f06;"><strong> - Outbound Interface: Any</strong></span><br />
<span style="color: #b45f06;"><strong> - Comment: TightVNC behind SonicWALL</strong></span><br />
<ul>
<li>Click to check "<strong>Enable NAT Policy</strong>" </li>
<li>Click to check "<strong>Create a reflexive policy</strong>". <span style="color: #e06666;">When you check this box, a mirror outbound NAT policy for the NAT policy you define Policy window is automatically created.</span></li>
<li>Click "<strong>Add</strong>" button.</li>
</ul>
If you wish access this server from other internal zones using the Public IP address 1.1.1.1 consider creating a Loopback NAT Policy.<br />
<ul>
<li>Click on "<strong>Add</strong>" button to create "<strong>Loopback Policy</strong>" and chose the following settings from the drop-down menu:</li>
</ul>
<span style="color: #b45f06;"><strong>- Original Source: Firewalled Subnets</strong></span><br />
<span style="color: #b45f06;"><strong> - Translated Source: TightVNC Public</strong></span><br />
<span style="color: #b45f06;"><strong> - Original Destination: TightVNC Public</strong></span><br />
<span style="color: #b45f06;"><strong> - Translated Destination: TightVNC Private</strong></span><br />
<span style="color: #b45f06;"><strong> - Original Service: TightVNC</strong></span><br />
<span style="color: #b45f06;"><strong> - Translated Service: Original</strong></span><br />
<span style="color: #b45f06;"><strong> - Inbound Interface: Any</strong></span><br />
<span style="color: #b45f06;"><strong> - Outbound Interface: Any</strong></span><br />
<span style="color: #b45f06;"><strong> - Comment: Loopback Policy</strong></span><br />
<ul>
<li>Click to check "<strong>Enable NAT Policy</strong>" </li>
<li>Unchecked "<strong>Create a reflexive policy</strong>". </li>
<li>Click "<strong>Add</strong>" button.</li>
</ul>
<strong>Step 4: <span style="color: lime;">Creating Firewall Access Rules.</span></strong><br />
<ul>
<li>In the left panel click to expand "<strong>Firewall</strong> > <strong>Access Rules</strong>" tab.</li>
<li>In view style click to select "<strong>Matrix</strong>".</li>
<li>Click to select "<strong>From: WAN to: LAN</strong>".</li>
<li>Click "<strong>Add</strong>" button.</li>
<li>In "<strong>Add Rule</strong>" open window entry the following into the fields:</li>
</ul>
<span style="color: #b45f06;"><strong>- Action: Click to check "Allow"</strong></span><br />
<span style="color: #b45f06;"><strong> - From Zone: WAN</strong></span><br />
<span style="color: #b45f06;"><strong> - to Zone: LAN</strong></span><br />
<span style="color: #b45f06;"><strong> - Service: TightVNC</strong></span><br />
<span style="color: #b45f06;"><strong> - Source: Any</strong></span><br />
<span style="color: #b45f06;"><strong> - Destination: TightVNC Public</strong></span><br />
<span style="color: #b45f06;"><strong> - Users Allowed: All</strong></span><br />
<span style="color: #b45f06;"><strong> - Schedule: Always on</strong></span><br />
<span style="color: #b45f06;"><strong>- Comment: Server behind SonicWALL</strong></span><br />
<ul>
<li>Click to check "<strong>Enable Logging</strong>" and "<strong>Allow Fragmented Packets</strong>".</li>
<li>Click on "<strong>OK</strong>" buttom.</li>
</ul>
Now you need install <strong>TightVNC</strong> in you PC or Server, after that go to <a href="http://www.yougetsignal.com/tools/open-ports/">http://www.yougetsignal.com/tools/open-ports/</a> and check is you port is open.<br />
<br />
Congratulation!!! N<span class="hps">ow</span> <span class="hps">you can connect</span> <span class="hps">remotely</span> <span class="hps">using</span> <span class="hps">TightVNC tool.</span><br />
<br />
<h2 style="text-align: center;">
<span style="color: lime;">If you need additional Server or Network support visit </span><a href="http://www.yourtechstaff.com/"><span style="color: lime;">http://www.yourtechstaff.com</span></a><span style="color: lime;"> or call (407) 697 3100</span></h2>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com5tag:blogger.com,1999:blog-3514659843280906635.post-74968990359636798412013-08-19T11:36:00.000-04:002013-08-19T11:38:26.985-04:00Some Computers do not show up in the network list... <span style="color: #cccccc; font-family: Arial;"></span><br />
<span style="color: #b45f06; font-family: Arial, Helvetica, sans-serif;"> <span style="color: #cccccc;">"We have a mixed environment including Windows 2008, 2008 R2,
and 2012 servers. We also have WINS setup and configured on domain controllers.
I do not understand why some servers and computers do not show up in the
network list. One Server and some Computers are in the list, but the others aren’t..."</span></span><br />
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span lang="EN" style="color: #222222; font-family: "Arial","sans-serif"; line-height: 115%; mso-ansi-language: EN;"><span style="color: #cccccc; font-size: small;"><span class="hps">For the solution of this problem follow the steps below:</span></span></span></span></div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span lang="EN" style="color: #222222; font-family: "Arial","sans-serif"; line-height: 115%; mso-ansi-language: EN;"></span></span><span class="hps"><span lang="EN" style="color: #222222; font-family: "Arial","sans-serif"; line-height: 115%; mso-ansi-language: EN;"><span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Go to the <b style="mso-bidi-font-weight: normal;">Primary Domain Controller</b>
and...</span></span></span><br />
</div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span class="hps"><span lang="EN" style="color: #222222; font-family: "Arial","sans-serif"; line-height: 115%; mso-ansi-language: EN;"><span style="color: black; font-family: Times New Roman;">
</span><span style="color: black;"><span style="font-family: Arial, Helvetica, sans-serif;"><b style="mso-bidi-font-weight: normal;"><span style="color: lime;"><u>Enable NetBIOS over TCP/IP</u></span></b>.</span></span></span></span></div>
<ul>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: black; font-family: Times New Roman;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Click “<strong>Start</strong>”, type “<strong>ncpa.cpl</strong>” into the search box for Windows Server 2008 and hit “<strong>Enter</strong>”.</span></span></div>
</li>
<span style="color: black; font-family: Times New Roman;">
<li><div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: left;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Right click on the “<strong>Local Area Connection</strong>” and select “<strong>Properties</strong>”.</span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: left;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Click to select “<strong>Internet Protocol Version 4 (TCP/IPv4)</strong>”, and then click on “<strong>Properties</strong>” button.</span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: #cccccc;">Click on “<strong>Advance</strong>” button, and then click on “<strong>WINS</strong>” tab.<span style="mso-tab-count: 1;"> </span></span></span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: left;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Click to check “<strong>Enable NetBIOS over TCP/IP</strong>”, and then click “<strong>OK</strong>” and exit the settings.</span></div>
</li>
</span></ul>
<span style="color: black; font-family: Times New Roman;"></span><br />
<span style="color: black; font-family: Times New Roman;"><div class="MsoNormal" style="margin: 0in 0in 10pt; text-align: left;">
<span style="font-family: Calibri;"><span style="font-family: "Calibri","sans-serif"; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"><strong><span style="color: lime; font-family: Arial, Helvetica, sans-serif;"><u>Start “Computer Browser” service</u></span></strong></span><span style="font-family: "Calibri","sans-serif"; font-size: 11pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;">.</span></span></div>
<ul>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Click “<strong>Start</strong>”, type “<strong>services</strong>” into the search box for Windows Server 2008 and hit “<strong>Enter</strong>”.</span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Click on “<strong>Services (Local)</strong>”, and then click on “<strong>Standard</strong>” tab.</span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Double click on “<strong>Computer Browser</strong>” service.</span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">On “<strong>Startup Type:</strong>” click to expand and select “<strong>Automatic</strong>”, and then click to “<strong>Apply</strong>” button.</span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">On “<strong>Service status:</strong>” click on “<strong>Start</strong>” button</span></div>
</li>
<li><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: "Calibri","sans-serif"; font-size: 11pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"><span style="color: #cccccc; font-family: Arial, Helvetica, sans-serif;">Now click “<strong>OK</strong>” and exit the settings.</span></span></div>
</li>
</ul>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: "Calibri","sans-serif"; font-size: 11pt; line-height: 115%; mso-ansi-language: EN-US; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-bidi-theme-font: minor-bidi; mso-fareast-font-family: Calibri; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin;"><span style="font-family: Arial;"><span style="font-size: small;"><span style="color: #cccccc;"><span style="font-family: Times New Roman;">
</span><span style="font-family: Arial, Helvetica, sans-serif;">Now you need restart the Server, after the Primary Domain
Controller starting, you are available to see a list of all Servers and
Computers in your network list <span style="font-family: Wingdings; mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-char-type: symbol; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin; mso-symbol-font-family: Wingdings;"><span style="mso-char-type: symbol; mso-symbol-font-family: Wingdings;">J</span></span></span></span></span></span></span></div>
<span style="font-family: Arial;"><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<br /></div>
</span><div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: Times New Roman; font-size: small;">
</span></div>
</span><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<br /></div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span class="hps"><span lang="EN" style="color: #222222; font-family: "Arial","sans-serif"; line-height: 115%; mso-ansi-language: EN;"></span></span> </div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span class="hps"><span lang="EN" style="color: #222222; font-family: "Arial","sans-serif"; font-size: 9.5pt; line-height: 115%; mso-ansi-language: EN;"><o:p><span style="color: black; font-family: Times New Roman; font-size: small;">
</span></o:p></span></span></div>
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0pt 0.5in; mso-list: l1 level1 lfo1; text-indent: -0.25in;">
<span style="color: black; font-family: Times New Roman; font-size: small;"></span> </div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0pt 0.75in; mso-add-space: auto; mso-list: l0 level1 lfo2; text-indent: -0.25in;">
</div>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-50765509283567323352013-08-15T10:11:00.004-04:002013-08-15T10:13:15.374-04:00DC-Server 2008 R2 "Event ID: 7000 and Event ID: 7038" ErrorsWhen a service does not start because of a logon failure, the following error messages may be displayed in Event Viewer on “Administrative Events”:
<br />
<br />
<strong>Source:</strong> Service Control Manager
<br />
<strong>Event ID:</strong> 7000
<br />
<strong>Description:</strong>
<br />
The %service% service failed to start due to the following error:
<br />
The service did not start due to a logon failure.
<br />
No Data will be available.<br />
<br />
<strong>Source:</strong> Service Control Manager
<br />
<strong>Event ID:</strong> 7038
<br />
<strong>Description:</strong>
<br />
The AdRmsLoggingService service was unable to log on as “domain\user” with the currently configured password due to the following error:
<br />
<strong>Logon failure:</strong> <em>unknown user name or bad password</em>.
<br />
To ensure tha service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
<br />
<br />
When you attempt to manually start the service, the following error message may be displayed:
<br />
<br />
<span style="color: lime;"><strong>“Error: 1069 the service did not start due to log on failure”</strong></span>
<br />
<br />
For solution, follow the next steps:
<br />
<br />
<ol>
<li>Click “<strong>Start</strong>”, in “<strong>Search programs and files</strong>” bar type “<strong>services.msc</strong>”, and press “<strong>Enter</strong>” key. </li>
<li>When “<strong>Services</strong>” window is open, double click on “<strong>AD RMS Logging Service</strong>” service to open “<strong>AD RMS Logging Service Properties (Local computer)</strong>” window. </li>
<li>In “<strong>AD RMS Logging Service Properties (Local computer)</strong>” window, click on “<strong>Log On</strong>” tab. </li>
<li>Look at that "<strong>this account:</strong>" is selected, then type the new password, and click “<strong>OK</strong>” button. </li>
<li>Now attempt to manually start the service again.
</li>
</ol>
<br />
Congratulation!!! The “<strong>AD RMS Logging Service</strong>” is started
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-5323287726034564872013-06-10T09:32:00.000-04:002013-06-10T09:34:04.851-04:00"Network mapping is disable by default on domain networks..." on Windows 7 or Windows 8When you want to open the Network Mapping in you personal computer inside of Domains and Public Networks, you receive the error:<br />
<br />
"<strong><span style="color: lime;">Network mapping is disable by default on domain networks. Your network administrator can use Group Policy to enable mapping</span></strong>"<br />
<br />
For fix this error follow the next steps:<br />
<ol>
<li>On "<strong>Windows 7</strong>" click "<strong>Start</strong>", in "<strong>Search programs and files</strong>" type "<strong>gpedit.msc</strong>", then press "<strong>Enter</strong>" key. On "<strong>Windows 8</strong>" press "<strong><span style="color: lime;">Windows</span> key + <span style="color: lime;">R</span> key</strong>", type "<strong>gpedit.msc</strong>", then press "<strong>Enter</strong>" key.</li>
<li>In "<strong>Local Group policy Editor</strong>" click to expand "<strong>Computer Configuration</strong> > <strong>Administrative Templates </strong>> <strong>Network</strong> > <strong>Link-Layer Topology Discovery</strong>".</li>
<li>In "<strong>Link Layer Topology Discovery</strong>" in the right panel double click to edit "<strong>Turn on Mapper I/O (LLTDIO) Driver</strong>".</li>
<li>In "<strong>Turn on Mapper I/O (LLTDIO) Dri</strong>ver" window, click to check "<strong>Enable</strong>", in "<strong>Options:</strong>" click to check "<strong>Allow operation while in domain</strong>". <span style="color: lime;">***</span> <span style="color: #cc0000;"><strong>for security and convenience</strong>,</span><strong><span style="color: #cc0000;"> I don't recomend check</span></strong> "<strong><span style="color: red;">Allow operation while in public network</span></strong>".</li>
<li>Click on "<strong>Apply</strong>", and click "<strong>OK</strong>" to close "<strong>Turn on Mapper I/O (LLTDIO) Driver</strong>" window. </li>
<li>Repeat from step 3 to 5 on "<strong>Turn on Responder (RSPNDR) driver</strong>" policy setting.</li>
<li>Finally click to close "<strong>Local Group Policy Editor</strong>", and restart the machine.</li>
</ol>
Now you can see all computer in your Network. <span style="color: lime;"><strong>:-) </strong></span>Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com1tag:blogger.com,1999:blog-3514659843280906635.post-23224828029250320252013-06-07T13:33:00.000-04:002013-06-08T12:55:35.237-04:00Setup VPN Client in Windows 7 or Windows 8VPN can be used by users to connect back into their home network or company network through of Router or Firewall. <br />
<br />
Now I show you, how you setup the windows 7 or Windows 8 VPN Client.<br />
<br />
<span style="color: #b45f06;">Follow the below steps</span>:<br />
<ol>
<li>Right click on "<strong>Internet Access</strong>" </li>
<li>Click on "<strong>Open Network and Sharing Center</strong>".</li>
<li>In "<strong>Network and Sharing center</strong>" window, click on "<strong>Set up a new connection or network</strong>".</li>
<li>In "<strong>Set up a Connection or Network</strong>" window, click to select "<strong>Connect to a workplace</strong>", then click <strong>Next</strong>.</li>
<li>In "<strong>Connect to a workp</strong>lace" window, click "<strong>Next</strong>" and click on "<strong>Use my Internet connection (VPN)</strong>. <strong>e.g</strong> (<span style="color: lime;"><strong>72.65.23.129</strong></span>)</li>
<li>In "<strong>Internet address:</strong>" type the external Firewall or Router IP address, and in "<strong>Destination name:</strong>" type the name of connection. <strong>e.g</strong> (<span style="color: lime;"><strong>Contoso_VPN</strong></span>)</li>
<li>Click to check "<strong>Remember my credentials</strong>", then click on "<strong>Create</strong>".</li>
</ol>
<span style="color: #b45f06;"><strong>The new VPN connection was created</strong></span>. <span style="color: #b45f06;"><strong>Now we need Set Up this</strong></span>.<br />
<ol>
<li>In "<strong>Network and Sharing Center</strong>" window, click on "<strong>Change adapter settings</strong>".</li>
<li>In "<strong>Network Connections</strong>" windows, right click on the new VPN connection created and select "<strong>Properties</strong>".</li>
<li>In "<strong>VPN Connection Properties</strong>" window, click on "<strong>Security</strong>" tab and expand "<strong>Type of VPN</strong>" and select the connection in my case is "<span style="color: lime;"><strong>PPTP</strong></span>".</li>
<li>Click to check "<strong>Allow these protocols</strong>" and check "<strong>Microsoft CHAP Version 2 (MS_CHAP v2)</strong>".</li>
<li>In "<strong>VPN Connection Properties</strong>" window, click on "<strong>Networking</strong>" tab, click to uncheck "<strong>TCP/IPv6</strong>", select "<strong>TCP/IPv4</strong>" and click on "<strong>Properties</strong>" tab.</li>
<li>In "<strong>Internet Protocol Version 4 (TCP/IPv4) Properties</strong>" window, click on "<strong>Advance Tab</strong>" and click to uncheck "<strong>Use default gateway on remote network</strong>", then click<strong> OK</strong> to close all open windows.</li>
</ol>
<span style="color: #b45f06;">Now you are setting your VPN client connection in Windows 7 or Windows 8</span>. <span style="color: #b45f06;">Congratulation you can connecting </span><strong><span style="color: lime;">:-)</span></strong><br />
<strong><span style="color: lime;"></span></strong><br />
<span style="color: lime;"><strong><em>If you want to know how you can create a WatchGuard Firebox VPN with PPTP, click in the follow Links:</em></strong></span><br />
<br />
<a href="http://systemadministratorrecipes.blogspot.com/2013/05/configure-mobile-vpn-with-point-to.html" target="_blank">http://systemadministratorrecipes.blogspot.com/2013/05/configure-mobile-vpn-with-point-to.html</a>Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-10893809731631702412013-06-03T12:12:00.001-04:002013-07-23T16:32:33.569-04:00Mailbox Size Report for Exchange Server 2010 Exchange Management Shell, Windows PowerShell, and DOS give us the ability to generate and automating detailed reports. In this recipe, I use these cmdlets to create and automating a report on all of the mailboxes database in the organization unit and send an alert email.<br />
<br />
Use the below steps to generate a report of each mailbox in the organization unit, export this report to a CSV file, and send a report email.<br />
<br />
<ol>
<li>Create a folder in <b>C:\</b> drive. <b>e.g</b> (<span style="color: lime;"><b>C:\demo</b></span>)</li>
<li>Open "<b>Notepad</b>" an copy the script below.</li>
<li>Save this script in "demo" folder.</li>
<li>Name this file. <b>e.g</b> (<span style="color: lime;"><b>mailbox_report.ps1</b></span>) <span style="color: red;"><b><i>* Look, the <b style="font-style: normal;"><i>file extension</i></b> is .ps1</i></b></span></li>
<li>Click to close O/S (C:) window.</li>
</ol>
<link href="http://alexgorbatchev.com/pub/sh/current/styles/shCore.css" rel="stylesheet" type="text/css"></link>
<link href="http://alexgorbatchev.com/pub/sh/current/styles/shThemeDjango.css" rel="stylesheet" type="text/css"></link>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCss.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJava.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJScript.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPhp.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPython.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushRuby.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushSql.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushVb.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushXml.js" type="text/javascript">
</script>
<script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPerl.js" type="text/javascript">
</script>
<script language="javascript">
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script>
<script class="brush: html" type="syntaxhighlighter">
<![CDATA[
# script:Mailbox_report.ps1
# version: 1.0
#
# Author: Osmani Urquiza
# Create: 5/31/2013
#
# web: http://www.systemadministratorrecipes.blogspot.com
#
# Type: PowerShell
#
# Generate a report of each Mailbox Database in the Organization Unit, and export the report to a CVS file.
Get-MailboxDatabase | Get-MailboxStatistics |
?{!$_.DisconnnectDate} |
Select-Object DisplayName,TotalItemSize |
Export-CSV C:\demo\Mailbox_Report.csv -NoType
#
# Send a report email to System Administrator.
#
send-mailmessage -to "Administrator@contoso.com" -cc "IT_department@contoso.com" -from "Exchange@contoso.com" -subject "Mailbox_Size_Report" -body "Exchange2010 Mailbox_Size_Report" -attachments "Mailbox_Report.csv" -SmtpServer exchange.contoso.com
</script>
<br />
<span style="color: red;"><b><i>* You need change the email address and SMTP Exchange in the script, before you save it</i></b></span>.<br />
<br />
Now you are ready to run this script manually :)<br />
<br />
<h2>
<span style="font-size: x-large;">Process automation</span></h2>
<br />
Following the below steps:<br />
<ol>
<li>Open "Notepad" and type the next command line:</li>
</ol>
<b>powershell.exe -version 1.0 -command ". '<span style="color: lime;">F:\Program Files\Exchsrv\Bin\RemoteExchange.ps1</span>'; Connect-ExchangeServer -auto; C:\demo\mailbox_report.ps1"</b><br />
<br />
2. Save this in C:\demo.<br />
3. Name this file. e.g (<span style="color: lime;"><b>mailbox_automation.bat</b></span>) <span style="color: red;"><b><i>* Look, the file extension is .bat</i></b></span><br />
<i style="color: red; font-weight: bold;"> </i>4. Click to close O/S (C:) window.<br />
<br />
* <span style="color: red;"><b><i>Maybe you need change the path </i></b></span>"<b><span style="color: lime;">F:\Program Files\Exchsrv\Bin\RemoteExchange.ps1</span></b><b>"</b><span style="color: red; font-style: italic; font-weight: bold;">, this depend where you can find </span>"<span style="color: lime; font-style: italic; font-weight: bold;">RemoteExchange.ps1</span>"<span style="color: red; font-style: italic; font-weight: bold;"> script. By default Exchange Server is installed in C: \ drive, and you can find </span>"<span style="color: lime; font-style: italic; font-weight: bold;">RemoteExchange.ps1</span>"<span style="color: red; font-style: italic; font-weight: bold;"> script in this path</span> "<b><span style="color: lime;">C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1</span></b>".<br />
<br />
5. Open "Task Scheduler" window.<br />
6. In "Task Scheduler" window, click on "Task Scheduler Library".<br />
7. In "Actions" panel click "Create Task".<br />
8. In "Create Task" window, on "General" tab type a Name of the task, On "Change User or Group..." click and select an "Administrator" account.<br />
9. In "Create Task" window, on "Triggers" Tab click on "New" and define the convenience schedule, then click OK.<br />
10. In "Create Task" window, on "Action" tab click on "New" and click on "Browse...", and find where you created "<b style="color: lime;">mailbox_automation.bat</b>", in this case (C:\demo\mailbox_automation.bat), then click OK.<br />
11. Click Ok to close "Task Scheduler" window, type the "User Name:" and "Password" in the Pop Up window and click OK.<br />
12. Right click on the new Task and click "Run".<br />
<br />
END... :)<br />
<br />
Thank you for visiting this blog.<br />
<br />
<br />
<br />
<br />Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com1tag:blogger.com,1999:blog-3514659843280906635.post-81260952643402357912013-05-15T13:27:00.000-04:002013-05-15T13:31:31.595-04:00Configure Mobile VPN with Point to Point Tunneling Protocol (PPTP) in WatchGuard XTM 25 and 26 FireboxThis article covers the steps to configure a "WatchGuard XTM 25 and 26" Mobile VPN with Point to Point Tunneling Protocol (PPTP) to move data safely between two private networks across an unprotected network.<br />
<br />
Mobile VPN with PPTP supports as many as 50 users at the same time. To use Mobile VPN with PPTP you must configure the Firebox and the remote client computers of the remote users.<br />
<br />
To set up VPN with PPTP in a WatchGuard XTM 25 and 26 Firebox follow the next steps:<br />
<span style="color: orange;"><br /></span>
<span style="color: #e69138;"><b> </b></span><br />
<span style="color: #e69138;"><b> 1. Configure Mobile VPN with PPTP.</b></span><br />
<ul>
<li>Log on in WatchGuard System Manager, and go to Policy Manager to activate Mobile VPN with PPTP</li>
<li>In "<b>Policy Manager</b>" window, click to expand <b>VPN</b> < <b>Mobile VPN</b> < <b>PPTP..</b>.</li>
<li>In "<b>Mobile VPN with PPTP Configuration</b>" window, click to check box *<b>Activate Mobile VPN with PPTP</b>.</li>
<li>Below in Encryption Settings be sure *<b>Require 128-bit encryption is check</b>.</li>
<li>In the "<b>IP Address Pool</b>" click to Add button to add the "<b>Host Range</b>". (<span style="color: lime;"><b>Remember this are maximum 50 users allowed</b></span>).</li>
<li>Click <b>OK</b> to save the configuration.</li>
</ul>
<div>
<br />
<b><span style="color: #e69138;"> 2. Add a New Policy.</span></b></div>
<div>
<ul>
<li>Click in " <b><span style="color: lime;">+</span><span style="color: blue;"> </span></b>" sign to add new policy.</li>
<li>In "<b>Add Policies"</b> window, click to expand "<b>Packet Filter</b>".</li>
<li>Click to select "<b>Any</b>" and click "<b>Add</b>".</li>
<li>In "<b>Name:</b>" type the name of the new Policy. <b>e.g </b>"<b><span style="color: #93c47d;">VPN with PPTP</span></b>".</li>
<li>On the "<b>Policy</b>" tab, in the "<b>From</b>" section click <b>Add</b>.</li>
<li>In "<b>Selected Members and Address</b>" section, select "<b>Any-trusted</b>" and click <b>Remove</b>.</li>
<li>Click <b>Add User</b>.</li>
<li>In the "<b>Add Authorized Users or Groups</b>" windows, in the first "<b>Type</b>" drop-down list and select "<b>PPTP</b>".</li>
<li>In the "<b>Add Authorized Users or Groups</b>" windows, in the second "<b>Type</b>" drop-down list and select "<b>Group</b>".</li>
<li>In the "<b>Add Address</b>" window select "<b>PPTP-Users</b>" and click Select. Then click <b>OK</b> to close the "<b>Add Address</b>" window.</li>
<li>On the "<b>Policy</b>" tab, in the "<b>To</b>" section, click <b>Add</b>.</li>
<li>In "<b>Selected Members and Address</b>" section, select "<b>Any-External</b>" and click <b>Remove</b>.</li>
<li>Click <b>Add</b>.</li>
<li>In the "<b>Add Address</b>" windows, in the list select "<b>Any-Trusted</b>" and click <b>Add</b>. Then click <b>OK</b> to close the "<b>Add Address</b>" window.</li>
<li>Click <b>OK </b>to close the "<b>New Policy Properties</b>".</li>
</ul>
<div>
<br /></div>
<div>
<b><span style="color: #e69138;">3. Add new Users.</span></b></div>
</div>
<div>
<ul>
<li>In "<b>Policy Manager</b>" window, Click <b>Setup</b> < <b>Authentication</b> < <b>Authentication Servers..</b>.</li>
<li>In the "<b>Authentication Servers</b>" window, in the "<b>Users</b>" section, click on <b>Add</b> button.</li>
<li>In the "<b>Setup Firebox User</b>" window, fill "<b>Name</b>, <b>Passphrase</b>, and <b>Confirmation</b>" lines.</li>
<li>In the "<b>Firebox Authentication Groups</b>" section, click to select "<b>PPTP-Users</b>" in the <b>Available</b> list and click on " <span style="color: lime; font-size: x-small;"><b><<</b></span> " to move "<b>PPTP-Users</b>" to the <b>Member</b> list.</li>
<li>Click <b>OK </b>to close and save the change in "<b>Setup Firebox User</b>".</li>
<li>Click <b>OK</b> to close and save the change in "<b>Authentication Servers</b>".</li>
<li><span style="color: #ffd966;"><b>*** To add more users repeat the above steps</b></span>.</li>
</ul>
<div>
<span style="color: red;">*** <b>Don't forget save all change in the WatchGuard XTM 25 and 26 Firebox</b></span>.</div>
</div>
<div>
<br /></div>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com1tag:blogger.com,1999:blog-3514659843280906635.post-33039037717442734932013-05-02T11:50:00.001-04:002013-08-16T11:44:22.064-04:00Install Exchange 2010 on Windows Server 2008 R2 At this time we <span class="hps">assume</span> <span class="hps">that you have</span> <span class="hps">installed the</span> W<span class="hps">indows Server</span> O<span class="hps">perating</span> S<span class="hps">ystem.</span><br />
<span class="hps"></span><br />
<span class="hps">And you need to make sure that your Active Directory (AD) environment and your Exchange Server meet the minimum requirements:
</span><br />
<ul><span class="hps">
<li><span style="color: #b45f06;"><strong><em>Active Directory forest functional level is Windows Server 2003 (or higher).
</em></strong></span>
</li>
<li><span style="color: #b45f06;"><strong><em>Active Directory Schema Master is running Windows Server 2003 w/SP1 or later.
</em></strong></span>
</li>
<li><span style="color: #b45f06;"><strong><em>Full installation of Windows Server 2008 w/SP2 or later or Windows Server 2008 R2 for the Exchange Server itself.
</em></strong></span>
</li>
<li><span style="color: #b45f06;"><strong><em>Exchange Server is joined to the domain (except for the Edge Transport Server Role).</em></strong></span></li>
</span></ul>
<span class="hps">
Now, you are ready to start installing Exchange Server 2010.<br />
<br />
Go to:<br />
<br />
<a href="http://systemadministratorrecipes.blogspot.com/2012/11/migrating-from-exchange-server-2003-to.html" target="_blank"><strong><span style="color: #6fa8dc;">http://systemadministratorrecipes.blogspot.com/2012/11/migrating-from-exchange-server-2003-to.html</span></strong></a></span><br />
<br />
<span style="color: lime;"><strong>** Installation starting from step 2 to step 5 **</strong></span><br />
<br />
Now <span class="hps">you have</span> <span class="hps">successfully installed</span> E<span class="hps">xchange</span> <span class="hps">Server 2010 :-)</span>Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-40551351164159475352013-03-28T09:43:00.001-04:002013-03-28T09:43:23.144-04:00Disable USB Port in a Windows Operating System ComputersYou can disable access to your USB ports in your Windows base PC, to prevent people from taking out data from your personal PC without permission or spreading viruses through the use of USB thunderbolt drives.<br />
<br />
For do that follow the next steps:<br />
<br />
<ol>
<li>Go to <a href="http://technet.microsoft.com/en-us/sysinternals/bb963880.aspx" target="_blank">http://technet.microsoft.com/en-us/sysinternals/bb963880.aspx</a> and download "<b><u>Regjump</u></b>".</li>
<li>Unzip "<b>Regjump.zip</b>" file and save "<b>Regjump.exe</b>" file in "<b>System32</b>" folder.</li>
<li>Now open "<b>Command Prompt</b>" as Administrator, and type "<b><span style="color: #b45f06;">regjump HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\USBTOR</span></b>".</li>
<li>In the "<b>Registry Editor</b>" window, in the Work Area double click on "<b>Start</b>" key.</li>
<li>In the "<b>Edit DWORD (32-bit) Value</b>" window, in "<b>Value data:</b>" delete <b>3</b> and type <b>4</b>.</li>
<li>Click <b>OK</b>.</li>
<li>Close "<b>Registry Editor</b>" window.</li>
</ol>
<div>
<span style="color: lime; font-family: Arial, Helvetica, sans-serif;"><b>If you want re-enable access to your USB ports, fallow the above steps. In the step 5 change the value data from (4) to (3)</b>.</span></div>
<div>
<br /></div>
<div>
Enjoy it :)</div>
<div>
<br /></div>
<div>
<b>NOTE:</b> <i>Regjump is a small utility by Microsoft that can be used to open the registry editor to a specified key</i>.</div>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-50875289721036588632013-03-25T14:16:00.001-04:002015-06-01T12:55:00.670-04:00Event ID: 4015 Source: DNS-Server-Service on Windows Server 2008 and Server 2012If you recently installed a Windows Server 2008 or Windows Server 2012 Domain Controller; all seems to be running well but have notice you keep getting a repeating DNS Error like this:<br />
<div>
<br /></div>
<div>
<b><span style="color: #cc0000;">Event ID: 4015 </span></b><br />
<b><span style="color: #cc0000;"><br /></span></b>
<b><span style="color: #cc0000;">Source: DNS-Server-Service</span></b></div>
<div>
<br /></div>
<div>
Details: </div>
<div>
<br /></div>
<div>
"<b>The DNS server has encountered a critical error from Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contain the error.</b>"</div>
<div>
<br /></div>
<div>
All do you need to do is:</div>
<div>
<ul>
<li><i><b>Setting a Windows Server 2008 or Windows Server 2012 Domain Controller as a Global Catalog</b></i>.</li>
<li><i style="font-weight: bold;">Transferring FSMO Roles in Windows Server 2008 or Windows Server 2012</i>.</li>
</ul>
<div>
For fix that, click in the below link and do the step 4 and 5.</div>
</div>
<div>
<br /></div>
<a href="http://systemadministratorrecipes.blogspot.com/2012/06/migrating-active-directory-domain.html" target="_blank"><span style="color: #3d85c6;">http://systemadministratorrecipes.blogspot.com/2012/06/migrating-active-directory-domain.html</span></a><br />
<br />
Now you Active Directory is functioning properly, and the DNS error is fixed :)<br />
<br />
<h2 style="text-align: center;">
</h2>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com1tag:blogger.com,1999:blog-3514659843280906635.post-46645595638795843492013-03-22T11:44:00.002-04:002013-03-22T11:44:41.545-04:00Event ID: 122 Source: DeviceSetupManager in Windows Server 2008 and 2012If you noticed these <strong>Event ID: 122 Source: DeviceSetupManager</strong> error appearing on Event Viewer "<strong>Administrative Events</strong>"<br />
<br />
"<strong><span style="color: #b45f06;">Access to drivers on Windows Update was blocked by policy</span></strong>"<br />
<br />
Follow the next steps to fix it:<br />
<ol>
<li>Open "<strong>Control Panel</strong>".</li>
</ol>
<strong><span style="color: #38761d;">In Windows Server 2008:</span></strong><br />
<ul>
<li>On the<strong> Keyboard</strong> press <strong>Window key</strong>.</li>
<li>In the "<strong>Search programs and files</strong>" bar, type "<strong>Control</strong>" then press <strong>Enter</strong>.</li>
</ul>
<strong><span style="color: #38761d;">In Windows Server 2012:</span></strong><br />
<ul>
<li>On the <strong>Keyboard </strong>press <strong>Window key</strong> + <strong>X</strong>, then click on "<strong>Run</strong>".</li>
<li>In the "<strong>Run</strong>" window, type "<strong>Control</strong>" then press <strong>Enter</strong>.</li>
</ul>
2. In "<strong>Control Panel</strong>" window, in "<strong>Search Desktop</strong>" bar, type "<strong>device installation</strong>" then press <strong>Enter</strong>.<br />
<br />
3. In the "<strong>device installation-Control Panel</strong>" window click "<strong>Change Device Installation Settings</strong>".<br />
<br />
4. In the "<strong>Device Installation Settings</strong>" window click to check "<strong>Yes, do this automatically (recommended)</strong>", then click on <strong>Save Changes</strong> bottom.<br />
<br />
5. Click to close all open windows.<br />
<br />
Congratulation you fixed the error Event Id: 122 :)<br />
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com2tag:blogger.com,1999:blog-3514659843280906635.post-26962816586175084312013-03-21T09:42:00.001-04:002013-03-21T09:42:44.995-04:00Error "The Windows Installer Service could not be accessed"When you try to install an Application in Windows and you received the follow error:<br />
<br />
"<strong><span style="color: #b45f06;">The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or the Windows Installer is not correctly installed. Contact your support personnel for assistance</span></strong>". <br />
<br />
All do you need to do is Unregister and Re-Register the Windows Installer. You can do that<br />following the next steps:<br />
<ol>
<li>Log On "<strong>Administrator Account</strong>".</li>
<li>Click <strong>Start</strong> < <strong>Run</strong>.</li>
<li>In "<strong>Run</strong>"<strong> </strong>window type <strong>cmd</strong>, then press <strong>Enter</strong>.</li>
<li>In "<strong>Command Prompt</strong>" window type "<strong><span style="color: #38761d;">msiexec /unregserver</span></strong>" and press <strong>Enter</strong>.</li>
<li>In "<strong>Command Prompt</strong>" window type "<strong><span style="color: #38761d;">msiexec /regserver</span></strong>" and press <strong>Enter</strong>.</li>
<li>Click to close "<strong>Command Prompt</strong>".</li>
</ol>
Now Try your Windows Installer-based application again. <br />
<br />
Congratulation, now you can install the application :)Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-59883421110351411572013-03-04T13:29:00.000-05:002013-03-04T13:29:16.357-05:00The Local Policy of this system does not permit you log on interactivelyIf you attempting login in your personal PC, and you received the follow error message:<br />
<br />
<h4>
<span style="color: lime;">"The Local Policy of this system does not permit you to logon interactively"</span></h4>
<br />
Don't worries, follow the below instructions:<br />
<ol>
<li>Log on as <b>Administrator </b>in the local PC.</li>
<li>Click "<b>Start</b>" > "<b>Run</b>".</li>
<li>In "<b>Run</b>" Window type "<b><span style="color: #990000;">gpedit.msc</span></b>", then click <b>OK</b>.</li>
<li>In "<b>Gropu Policy</b>" window click to expand "<b>Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment</b>".</li>
<li>In the right panel, locate the entry named "<span style="color: #b45f06;"><b>Allow logon through Terminal Services</b></span>" and double click on it.</li>
<li>In "<span style="color: #b45f06;"><b>Allow logon through Terminal Services</b></span>" window, click "<span style="color: #b45f06;"><b>Add User or Group</b></span>".</li>
<li>In "<b>Select Users or Groups</b>" window, you can find a "<b>Specific User Account</b>" or type "<b>Everyone</b>" and click in "<b>Check Names</b>" bottom.</li>
<li>After the "<b>User</b>" is underline, click <b>OK</b>.</li>
<li><b>Restart your PC</b>.</li>
</ol>
Now, you're supposed to be able to log into your PC.<br />
<br />
If for some reason this fail again, follow the below instructions:<br />
<ol>
<li>Log on in <b>Active Directory Server</b>.</li>
<li>Click "<b>Start > Administrative Tools > Group Policy Management</b>".</li>
<li>In the "<b>Group Policy Management</b>" window, click to expand "<b>Forest:Domain > Domains > You Domain Name</b>".</li>
<li>Right click on "<b>Default Domain Policy</b>", and click "<b>Edit</b>".</li>
<li>In the "<b>Group Policy Management Editor</b>" window, on the "<b>Computer Configuration</b>" click to expand "<b>Policies > Windows Settings > Security Settings > Local Policies</b>".</li>
<li>Click on "<span style="color: #b45f06;"><b>User Right Assignment</b></span>".</li>
<li>In the right panel, locate the entry name "<span style="color: #b45f06;"><b>Deny log on locally</b></span>", and be sure this policy is "<b>Not Define</b>" or the user account name is not under this policy.</li>
<li>Click to close all open windows.</li>
<li>Click "<b>Start</b>", open "<b>Command Prompt</b>" and type "<b>gpupdate /force</b>".</li>
<li>Go back to personal computer and attempting login again.</li>
</ol>
<div>
Now, you should be able to log in successfully on your personal PC :) </div>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com4tag:blogger.com,1999:blog-3514659843280906635.post-14053780155095449122013-02-08T16:25:00.000-05:002015-05-27T15:10:45.891-04:00The security log on this system is full. Only administrators can log on to fix the problemWhen you trying to log on and use an account that is not a member of the Administrator in Windows Operating Systems and you receive the follow message:<br />
<br />
<span style="font-size: small;"><span style="font-family: Arial,Helvetica,sans-serif;"><span style="color: lime;"><b>"The security log on this system is full.Only administrators can log on to fix the problem".</b></span></span></span><br />
<br />
<b><i>Don't worrie, follow the below instruction:</i></b><br />
<ol>
<li>Log on "<b>use an Administrator account</b>".</li>
<li>Click <b>Start</b>.</li>
<li>In <b>"Run" </b>bar type "<b>eventvwr</b>" without quotation mark, and press <b>Enter</b>.</li>
<li>In "<b>Event Viewer</b>" window, right click in <b>Security</b> and click <b>Properties</b>.</li>
<li>In the "<b>Security Properties</b>" window, click to check the "<b>Overwrite events as needed</b>" option under "<b>When maximum log size is reached</b>".</li>
<li>Click <b>Ok</b>, close the "<b>Event Viewer</b>" window.</li>
<li><b>Log off or Restart</b>.</li>
</ol>
<b><i>Now a user with out administrator account can log on again</i></b> :) <br />
<br />
<h2 style="text-align: center;">
<span style="color: lime;">If you need additional Server or Network support visit </span><a href="http://www.yourtechstaff.com/"><span style="color: lime;">http://www.yourtechstaff.com</span></a><span style="color: lime;"> or call (407) 697 3100</span></h2>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com9tag:blogger.com,1999:blog-3514659843280906635.post-79017222877180208812013-02-01T16:01:00.000-05:002013-02-01T16:01:31.860-05:00This task requires that the user account specified has Log on as batch job rights. Windows Serever 2003 and 2008When you trying to run a bat file application from Task Schedule, you get the following notification:<br />
<br />
<div style="text-align: left;">
<strong><span style="color: #b45f06; font-family: "Courier New", Courier, monospace;">"Task Schedule: This task requires that the user account specified has Log on as batch job rights".</span></strong></div>
<br />
To solve this issues follow this instructions:<br />
<br />
<ol>
<li>Click <strong>Start</strong>, </li>
<li>In "<strong>Start Search</strong>" type <strong><span style="font-size: large;">secpol.msc</span></strong> and press <strong>Enter</strong>.</li>
<li>In "<strong>Local Security Policy</strong>" window, click to expand "<strong>Local Policy</strong>".</li>
<li>Click to open "<strong>User Rights Assignment</strong>".</li>
<li>In the right panel, right click on "<strong>Log on as a Batch job</strong>" then click on "<strong>Properties</strong>".</li>
<li>In "<strong>Log on as batch job Properties</strong>" window, click "<strong>Add User or Group</strong>" and include the user or group do you need.</li>
<li>Click <strong>OK</strong>, and close "<strong>Local Security Policy</strong>" window.</li>
</ol>
<br />
Now you are ready to running a bat file application from Task Schedule.<br />
<br />
Congratulation you are done<strong><span style="color: red;"> ;)</span></strong> Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com7tag:blogger.com,1999:blog-3514659843280906635.post-72788859378896781152013-01-23T12:52:00.003-05:002015-06-01T12:54:49.844-04:00Nagios "Return Code of 127 is out of bounds - plugin may be missing" <br />
<span id="result_box" lang="en"><span class="hps">For this tutorial</span> <span class="hps">I assume</span> <span class="hps">you've installed</span> <span class="hps">Nagios</span>. <span class="hps">I</span> <span class="hps">suggest</span> <span class="hps">you</span> <span class="hps">install Nagios using</span> <span class="hps">the script from</span> <span class="hps"> </span></span><br />
<br />
<span id="result_box" lang="en"><span class="hps"><a href="http://systemadministratorrecipes.blogspot.com/2012/06/scripts-nagios-for-install-on-ubuntu.html">http://systemadministratorrecipes.blogspot.com/2012/06/scripts-nagios-for-install-on-ubuntu.html</a></span></span> <span id="result_box" lang="en"><span class="hps"><a href="http://www.blogger.com/For%20this%20tutorial%20I%20assume%20you%27ve%20installed%20nagios.%20I%20suggest%20you%20install%20it%20using%20a%20script%20from%20http://systemadministratorrecipes.blogspot.com/2012/06/scripts-nagios-for-install-on-ubuntu.html" target="_blank"> </a></span></span><br />
<br />
<span id="result_box" lang="es"><span class="hps">After installing Nagios. Start it and you will receive the following error:</span><span class="hps"></span></span><br />
<br />
<span style="color: lime;"> <b>"Return code of 127 is out of bounds - plugin may be missing"</b></span><br />
<br />
<span id="result_box" lang="en"><span class="hps">To fix</span> <span class="hps">this error</span> <span class="hps">follow these </span><span class="hps">instructions:</span></span><br />
<br />
<b><span style="color: #b45f06;"><span id="result_box" lang="en"><span class="hps">Step 1 </span></span></span></b><br />
<span id="result_box" lang="en"><span class="hps"><br /></span></span>
<span id="result_box" lang="en"><span class="hps">Checks that</span> <span class="hps">Nagios</span> <span class="hps">plugins</span> <span class="hps">are installed</span> <span class="hps">correctly</span> <span class="hps atn">in the "</span><span class="hps">libexec" </span></span><br />
<ol>
<li><span id="result_box" lang="en"><span class="hps">Open "<strong>bash-Konsole</strong>", and type "<strong>sudo su</strong>" without quotes, then press <strong>Enter</strong> key. </span></span></li>
<li><span id="result_box" lang="en"><span class="hps"><span class="short_text" id="result_box" lang="en"><span class="hps">Type the</span> <strong><span class="hps">administrator</span> </strong><span class="hps"><strong>password</strong>.</span></span></span></span></li>
<li><span id="result_box" lang="en"><span class="hps"><span class="short_text" id="result_box" lang="en"><span class="hps">Type "<strong>cd /usr/local/nagios/libexec</strong>"</span></span></span></span><span id="result_box" lang="en"><span class="hps"><span class="short_text" id="result_box" lang="en"><span class="hps"><span id="result_box" lang="en"><span class="hps"> without quotes</span></span>, and press <strong>Enter</strong> key.</span></span></span></span></li>
<li><span id="result_box" lang="en"><span class="hps"><span class="short_text" id="result_box" lang="en"><span class="hps">Type "<strong>dir</strong>" </span></span></span></span><span id="result_box" lang="en"><span class="hps">without quotes, then press <strong>Enter</strong> key</span></span><span id="result_box" lang="en"><span class="hps"><span class="short_text" id="result_box" lang="en"><span class="hps"> </span></span></span></span><span id="result_box" lang="en"><span class="hps"><span class="short_text" id="result_box" lang="en"></span></span></span></li>
</ol>
<span id="result_box" lang="en"><span class="hps"><span class="short_text" id="result_box" lang="en"><span class="hps"> </span></span>T</span></span><span id="result_box" lang="en"><span class="hps">his command</span> <span class="hps">should show</span> <span class="hps">you</span> <span class="hps">Nagios</span> <span class="hps">plugins</span> <span class="hps">installed</span>. I<span class="hps">f</span> <span class="hps">the folder</span> <span class="hps">is empty</span> <span class="hps">performs</span> <span class="hps">Step 2</span></span><br />
<br />
<b><span style="color: #b45f06;">Step 2</span></b><br />
<br />
<span id="result_box" lang="en"><span class="hps">Let's copy the</span> <span class="hps">plugins</span> <span class="hps">installed in "/</span><strong> <span class="hps">usr</span> <span class="hps">/</span> <span class="hps">lib</span> <span class="hps">/</span> <span class="hps">nagios</span> <span class="hps">/</span> </strong><span class="hps"><strong>plugings</strong>"</span> <span class="hps">to</span> "<span class="hps">/</span><strong> <span class="hps">usr</span> <span class="hps">/ local</span> <span class="hps">/</span> <span class="hps">nagios</span> <span class="hps">/</span> </strong><span class="hps"><strong>libexec</strong>"</span></span><br />
<ol>
<li><span id="result_box" lang="en"><span class="hps">In the open "<strong>bash-Konsole</strong>", type "<strong>mv /usr/lib/nagios/plugins/* /usr/local/nagios/libexec</strong>" without quote</span></span><span id="result_box" lang="en"><span class="hps">s, then press <strong>Enter</strong> key.</span></span></li>
<li><span id="result_box" lang="en"><span class="hps">Type "<strong>sudo /etc/init.d/nagios restart</strong>" without quotes, then press Enter key.</span></span></li>
</ol>
<span id="result_box" lang="en"><span class="hps">Now open browser type <strong><span style="color: #0b5394;">http://localhost/nagios</span></strong> and log in.</span></span><br />
<span id="result_box" lang="en"><span class="hps"><br /></span></span>
<span id="result_box" lang="en"><span class="hps">After that, Nagios start working </span></span><span id="result_box" lang="en"><span class="hps"><span class="short_text" id="result_box" lang="en"><span class="hps">properly ;)</span></span> </span></span><br />
<h2>
</h2>
<h2 style="text-align: center;">
</h2>
<br />Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com9tag:blogger.com,1999:blog-3514659843280906635.post-6797595712691867422012-12-14T15:36:00.002-05:002012-12-14T15:39:46.935-05:00Kaspersky Administration Kit "MMC cannot open the file C:\Program Files\Kaspersky\..."When I try to launch the Kaspersky Administration Kit interface, I get an error message starting that:<br />
<br />
<strong><em><span style="color: cyan;">MMC cannot open the file C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\CS Admin kit.msc</span></em></strong><br />
<strong><em><span style="color: cyan;"></span></em></strong><br />
<span style="color: cyan;">This may be because the file does not exist, is not an MMC console, or was created by a later version of MMC. This may also be because you do not have sufficient access rights to the file".</span> <br />
<br />
<strong><span style="color: #783f04;">Solution:</span></strong><br />
<ul>
<li>Locate the file "<strong><span style="color: yellow;">CS Admin Kit</span></strong>", and Delete it.</li>
</ul>
<span style="color: #783f04;"><strong>"<span style="color: yellow;">CS Admin Kit</span>" is located in:</strong></span><br />
<br />
For <strong>Windows XP</strong> open: <span style="color: #134f5c;"><strong><span style="color: #38761d;">C:\Documents and Settings\AdminUser\Application Data\Microsoft\MMC\CS Admin Kit</span></strong>.</span><br />
<br />
For <strong>Windows 7</strong> and <strong>Server 2008</strong> open:<strong> <span style="color: #38761d;">C:\Users\AdminUser\Application Data\Microsoft\MMC\Cs Admin Kit</span></strong>.<br />
<br />
<span style="color: #783f04;"><strong>Note:</strong></span> Remplace the "AdminUser" with the user name you are using.<br />
<br />
Now you are ready to open Kaspersky Administration Kit; enjoy it :)Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-71735213119288683652012-12-05T12:45:00.001-05:002012-12-05T14:14:20.812-05:00Full Mailbox Access Permission Exchange Server 2010<br />
When an Assistant Administrator or Department Supervisor need full access to a mailbox other than their own for X reasons. You can do this quickly and easy using the Exchange Management Shell.<br />
<br />
In the scripts below you can see the permissions assigned to different users in your organization and how you can assign a user Full Mailbox Access. Only remember to replace the <span style="color: blue;"><b>blue text</b></span> with the appropriate information of your organization.<br />
<br />
To start, going to open the Exchange Management Shell<br />
<ol>
<li>Click <b>Start </b>< <b>All programs</b> < <b>Microsoft Exchange Server 2010</b>.</li>
<li>Right click on "<b>Exchange Management Shell</b>", then click on "<b>Run as administrator</b>" </li>
</ol>
<ul>
<li>
<span style="color: #e69138;"><strong><u>To view permission on a Mailbox use the below command:</u></strong></span></li>
</ul>
<b><span style="color: lime;">Get-MailboxPermission</span> <span style="color: lime;">"</span><span style="color: blue;">User Name</span><span style="color: lime;">"</span></b><br />
<br />
<ul>
<li>
<b><span style="color: #e69138;"><u>To assign Full Mailbox Access permission from one "User Mailbox" to another "User Mailbox" use the below command:</u></span></b><br />
</li>
</ul>
<b><span style="color: lime;">Add-MailboxPermission</span> <span style="color: lime;">"</span><span style="color: blue;">User Name</span><span style="color: lime;">"</span> <span style="color: lime;">-AccessRights FullAccess -user</span> <span style="color: lime;">"</span><span style="color: blue;">Another User Name</span><span style="color: lime;">"</span></b><br />
<br />
<ul>
<li>
<span style="color: #e69138;"><strong><u>To assign Full Mailbox Access permission to grant a specific user full access to everybody on a specific Exchange Server use the below command:</u></strong></span></li>
</ul>
<b><span style="color: lime;">Get-Mailbox -Server</span> <span style="color: lime;">"</span><span style="color: blue;">Server Name</span><span style="color: lime;">"</span> <span style="color: lime;">-ResultSize unlimited | Add-MailboxPermission -User</span> <span style="color: lime;">"</span><span style="color: blue;">User Name</span><span style="color: lime;">"</span> <span style="color: lime;">-AccessRight FullAccess -Inheritancetype all</span></b><br />
<br />
<ul>
<li>
<b><span style="color: #e69138;"><u>To remove Full Mailbox Access permission on a specific Exchange Server use the below command:</u></span></b></li>
</ul>
<b><span style="color: lime;">Get-Mailbox
-Server</span> <span style="color: lime;">"</span><span style="color: blue;">Server Name</span><span style="color: yellow;">"</span> <span style="color: lime;">-ResultSize unlimited | Remove-MailboxPermission
-User</span> <span style="color: lime;">"</span><span style="color: blue;">User Name</span><span style="color: lime;">"</span><span style="color: lime;"> -AccessRight FullAccess -Inheritancetype all</span></b><br />
<br />
<b>Congratulation!!! <i>Now you know how you can assign Full Mailbox Access quickly in Exchange Server 2010</i></b>. <b>:) </b>Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-78520189973882549402012-12-04T14:50:00.001-05:002012-12-05T14:15:29.113-05:00Delete Emails in Specific Mailbox or in Multiple Mailboxes from Exchange Server 2010<br />
<br />
In order to find and delete a certain email from one mailbox or from multiple mailboxes you can perform
the following steps<br />
<ul>
<li>Click <strong>Start</strong> < <strong>All Programs</strong> < <strong>Microsoft Exchange Server 2010</strong>.</li>
<li>Right click on "<strong>Exchange Management Console</strong>", then click on "<strong>Run as administrator</strong>".</li>
</ul>
Now you opened <strong>Microsoft Exchange Management Console</strong> as administrator. Type the command below and change <strong><span style="color: blue;">blue text</span></strong> according to appropiate.<br />
<br />
<div style="text-align: left;">
* <span style="color: lime;"><strong><u>If you need remove a specific message from a mailbox:</u></strong></span> </div>
<br />
<div style="text-align: left;">
<strong>Search-Mailbox -Identity "<span style="color: blue;">User Name</span>" -SearchQuery subject:"<span style="color: blue;">Email Subject</span>" -DeleteContent</strong></div>
<div style="text-align: left;">
<strong></strong> </div>
<div style="text-align: left;">
* <span style="color: lime;"><strong><u>If you need remove a specific message from all mailboxes:</u></strong></span> </div>
<div style="text-align: left;">
</div>
<h3 style="text-align: left;">
<span style="font-size: small;">Get-Mailbox –Server “<span style="color: blue;">servername</span>” –ResultSize unlimited | Search-Mailbox
-SearchQuery subject:"<span style="color: blue;">Email Subject</span>"
–DeleteContent</span></h3>
<div style="text-align: left;">
<span class="hps"></span><span class="hps"></span><span class="hps"></span><em><strong><span style="color: red;"></span></strong></em> </div>
<div style="text-align: left;">
<span style="color: red;"><strong><span style="color: #e69138;">If you receive the error</span> “Search-Mailbox” Is Not Recognized as the Name of a cmdlet...<span style="color: #e69138;">,</span> <span style="color: #b45f06;">don't worry!!!</span> <span style="color: #e69138;">This error will be generated if the snap-in has not been registered, for fix this error type the next command.</span></strong></span></div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<strong>Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010</strong></div>
<div style="text-align: left;">
<strong></strong> </div>
<div style="text-align: left;">
Now you can trying again. :)</div>
<div style="text-align: left;">
</div>
<h3 style="text-align: left;">
</h3>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-52862043355986113352012-11-23T11:50:00.001-05:002012-11-25T13:29:16.589-05:00Migrating from Exchange Server 2003 to Exchange Server 2010<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-family: inherit;"><span style="font-size: small;">Microsoft Exchange Server is the
backbone of messaging service in most of the organizations and works in
synchronization with the Active Directory. We will make the necessary steps for
a successful migration from Exchange Server 2003 to Exchange Server 2010.</span></span><br />
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: inherit;"><span style="font-size: small;"><br />
I assume you know the hardware requirements for the installation and operation
of Exchange Server 2010.</span></span></div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: inherit;"></span> </div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-family: inherit;"><span style="font-size: small;">Lets get started!</span></span><br />
</div>
<div class="MsoNormal" style="line-height: normal;">
<span style="font-size: large;"><span style="font-family: Arial,Helvetica,sans-serif;"><span style="color: lime;"><b>1. Exchange Server 2003 requirements</b><b> </b></span></span></span></div>
<div class="MsoNormal" style="line-height: normal; mso-outline-level: 2;">
<span style="font-family: inherit;"></span><br /></div>
<div class="MsoNormal" style="line-height: normal; mso-outline-level: 2;">
<span style="color: #b45f06;"><span style="font-family: inherit;"><u><i><b><span style="font-size: 18pt; mso-fareast-font-family: "Times New Roman";"><span style="font-size: small;">Domain Functional Level should be at least 2003 Native</span></span></b></i></u></span></span><span style="font-family: inherit;"><span style="font-size: 18pt; mso-fareast-font-family: "Times New Roman";"><span style="font-size: small;"><span style="font-size: small;"> </span></span></span></span><br />
<ul>
<li><span style="font-size: small;"><span style="font-family: inherit;">Click Start < Administrative tools < Active Directory Users and Computers. </span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;">Right click on Organization Name e.g "xxxxxxxx.com".</span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;">Click "Raise Domain Funtional Level...".</span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;">In "Raise Domain Funtional Level" window, choose Windows Server 2003 and click on <b>Raise</b> button. </span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;">Then you see a caution window ** <b>This cannot be reversed at any point of time</b>, click <b>OK</b>. </span></span></li>
</ul>
<span style="font-size: small;"><span style="font-family: inherit;">At this point you Raised your Domain Functional Level to Windows Server 2003 Native.</span></span></div>
</div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: #b45f06;"><span style="font-family: inherit;"><u><i><b><span style="font-size: 18pt; mso-fareast-font-family: "Times New Roman";"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;">Raise Forest Functional Level </span></span></span></span></span></span></span></span></span></span></b></i></u></span></span><span style="font-size: 18pt; mso-fareast-font-family: "Times New Roman";"><span style="font-size: small;"> </span></span><br />
<ul>
<li><span style="font-family: inherit;"><span style="font-size: small;">Click <b>Start </b>< <b>Administrative tools</b><b> < Active Directory Domains and Trust</b>. </span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Right click on <b>Active Directory Domains and Trust</b>, click on "<b>Rise </b><b>Forest Functional </b><b>Level...</b>". </span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;">In "Raise Forest Functional Level" window, choose <b>Windows Server 2003 </b>and click on <b>Raise</b> button. </span></span></li>
</ul>
<span style="font-family: inherit;"><span style="font-size: small;">At this point you Raise your Forest Functional Level.</span></span></div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: #b45f06;"><span style="font-family: inherit;"><u><i><b><span style="font-size: 18pt; mso-fareast-font-family: "Times New Roman";"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;">C</span>hange Exchange </span></span></span></span></span></span></span></span></span></span></b></i></u></span><u><i><b><span style="font-size: 18pt; mso-fareast-font-family: "Times New Roman";"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><b><span style="font-size: 18pt; mso-fareast-font-family: "Times New Roman";"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;">Server </span></span></span></span></span></span></span></span></span></span></b></span></span></span></span></span></span></span></span></span></span>2003 to Native mode </b></i></u></span></div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<ul>
<li><span style="font-family: inherit;"><span style="font-size: small;">Click <b>Start</b> < <b>All Programs </b>< <b>Microsoft Exchange Server</b> < <b>Exchange System Manager</b>.</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;">In "Exchange System Manager</span><span style="font-size: small;"><b> </b>window", right click on "<b>First </b><b>Organization (</b><b>Exchange)</b> and click on <b>Properties</b>.</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;">In "First Organization Properties" window, in <b>Op</b><b>eration mode</b> you see "<b>Mixed Mode ......</b>" click on <b>Change Mode</b> button, and choose <b>Native Mode</b>.</span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;">You see a "Exchange System Manager" caution window, then click <b>Yes</b>.</span></span></li>
</ul>
<span style="font-family: inherit;"><span style="font-size: small;">Your Exchange is now in Native Mode. </span></span><br />
<br />
<div class="MsoNormal" style="line-height: normal; mso-outline-level: 2;">
<h2>
<span style="font-size: large;"><span style="font-family: inherit;"><span style="color: lime;"><b>2. <span style="font-size: large;"><span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: large;"><span style="font-family: inherit;">Exchange</span></span> <span style="font-size: large;"><span style="font-family: inherit;">S</span></span>erver 2010 prerequisites<span style="font-size: large;"><span style="font-family: inherit;"> <span style="font-family: Arial,Helvetica,sans-serif;">installation</span></span></span> </span></span><span style="color: black;"><br /></span></b></span></span></span></h2>
<br />
<span style="font-family: inherit;"><span style="font-size: small;"> * <i>At this point </i></span></span><span style="font-family: inherit;"><span style="font-size: small;"><span id="result_box" lang="en"><i><span class="hps">you should already</span> <span class="hps">have installed Windows Server</span> </i><span class="hps"><i>2008 R2 SP1</i> </span></span></span></span><br />
<br />
<span style="color: #b45f06;"><b><i> <u>Download and Install “Microsoft Filter Pack” (64bit Version)</u></i></b></span><br />
<ul>
<li>Go <span style="color: blue;"><i><u><b><a href="http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=20109">http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=20109</a></b></u></i><b><i><u></u></i></b></span></li>
</ul>
<ul>
</ul>
<span style="color: #b45f06;"><i><b> <u>Install Exchange Server 2010 Prerequisites on Windows Server 2010 R2 </u></b></i></span><br />
<ul>
<li>Go <span style="color: blue;"><u><b><a href="http://systemadministratorrecipes.blogspot.com/2012/07/installing-exchange-2010-prerequisites.html">http://systemadministratorrecipes.blogspot.com/2012/07/installing-exchange-2010-prerequisites.html</a></b></u></span></li>
</ul>
<span style="font-size: small;"><span style="font-family: inherit;"> * <span style="font-size: small;">After the Server restart:</span></span></span><br />
<ul>
<li><span style="font-size: small;"><span style="font-family: inherit;">Insert the installation Exchange Server 2010 DVD in the DVD drive.</span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;"> <b>Copy</b> the Script below.</span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;">Open <b>Notepad</b> and <b>paste</b> it.</span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;"><b>Save</b> it in <b>C:/ExchangePreparation.bat </b></span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;"><b>Right click</b> in the<b> "ExchangePreparation.bat"</b> file, and <b>Run
as administrator</b></span></span></li>
</ul>
<i><span style="font-size: small;"><span style="font-family: inherit;"><b><span style="color: red;"><span id="result_box" lang="en"><span class="hps"> * In this case the</span> <span class="hps">DVD-Drive letter </span><span class="hps">is </span><span class="hps">E</span>: <span class="hps">\</span>, <span class="hps">you must</span> <span class="hps">check</span> <span class="hps">the letter</span> <span class="hps">corresponding to your</span> <span class="hps">DVD-Drive </span><span class="hps">and</span> <span class="hps">make the change</span> <span class="hps">in the line 7 on the</span> <span class="hps">script.</span></span></span> </b></span></span></i></div>
</div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="font-size: small;"><span style="font-family: inherit;"><b> </b>
</span></span></div>
<link href="http://alexgorbatchev.com/pub/sh/current/styles/shCore.css" rel="stylesheet" type="text/css"></link><span style="font-size: small;"><span style="font-family: inherit;">
<link href="http://alexgorbatchev.com/pub/sh/current/styles/shThemeDjango.css" rel="stylesheet" type="text/css"></link><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCss.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJava.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJScript.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPhp.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPython.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushRuby.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushSql.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushVb.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushXml.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPerl.js" type="text/javascript">
</script><script language="javascript">
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script><script class="brush: html" type="syntaxhighlighter">
<![CDATA[
@echo off
rem C:/ExchangePreparation
rem @Author: Osmani Urquiza
rem @Create: 11/20/2012
cd /d E:\
:: Preparing the legacy (Exchange 2003) Server permissions
setup /PrepareLegacyExchangePermissions
:: Preparing the Schema
Setup.com /PrepareSchema
:: Preparing Active Directory
Setup.com /preparead /OrganizationName:”First Organization”
:: Preparing the Domain
:: If you have multiple domains run Setup.com /preparealldomains
Setup.com /Preparedomain
pause
</script><b> </b><br />
<br />
<i><b><span style="color: #b45f06;"><span id="result_box" lang="en"><span class="hps">* After running the</span> <span class="hps">above script</span> <span class="hps">and successfully complete</span> <span class="hps">all commands</span> <span class="hps">can proceed to</span> <span class="hps">install</span> <span class="hps">Exchange</span> <span class="hps">Server 2010.</span></span></span></b></i></span></span><br />
<br />
<h2>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: large;"><b><span style="color: lime;">3. <span style="font-size: large;">I</span>nstall Exchange Server 2010</span></b></span></span></h2>
<br />
<span style="font-family: inherit;"><span style="font-size: small;"> For </span></span>install Exchange 2010 run the follow script:<br />
<ul>
<li><span style="font-size: small;"><span style="font-family: inherit;"><b>Copy</b> the Script below.</span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;">Open <b>Notepad</b> and <b>paste</b> it.</span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;"><b>Save</b> it in <b>C:/Exchange<span style="font-size: small;">Installation</span>.bat </b></span></span></li>
<li><span style="font-size: small;"><span style="font-family: inherit;"><b>Right click</b> in the<b> "ExchangeInstallation.bat"</b> file, and <b>Run
as administrator</b></span></span></li>
</ul>
<span style="font-size: small;"><span style="font-family: inherit;"><b> <span style="color: red;">*</span></b></span></span><i><b><span style="color: red;"><span id="result_box" lang="en"><span class="hps"> In this case the</span> <span class="hps">DVD-Drive letter </span><span class="hps">is </span><span class="hps">E</span>: <span class="hps">\</span>, <span class="hps">you must</span> <span class="hps">check</span> <span class="hps">the letter</span> <span class="hps">corresponding to your</span> <span class="hps">DVD-Drive </span><span class="hps">and</span> <span class="hps">make the change</span> <span class="hps">in the line 7 on the</span> <span class="hps">script.</span></span></span></b></i><br />
<br />
<i><b><span style="color: red;"><span id="result_box" lang="en"><span class="hps"></span></span></span></b></i><br />
<i><span style="font-size: small;"><span style="font-family: inherit;"><b> </b></span></span></i>
<link href="http://alexgorbatchev.com/pub/sh/current/styles/shCore.css" rel="stylesheet" type="text/css"></link><span style="font-size: small;"><span style="font-family: inherit;">
<link href="http://alexgorbatchev.com/pub/sh/current/styles/shThemeDjango.css" rel="stylesheet" type="text/css"></link><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shCore.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCpp.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCSharp.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushCss.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJava.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushJScript.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPhp.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPython.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushRuby.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushSql.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushVb.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushXml.js" type="text/javascript">
</script><script src="http://alexgorbatchev.com/pub/sh/current/scripts/shBrushPerl.js" type="text/javascript">
</script><script language="javascript">
SyntaxHighlighter.config.bloggerMode = true;
SyntaxHighlighter.config.clipboardSwf = 'http://alexgorbatchev.com/pub/sh/current/scripts/clipboard.swf';
SyntaxHighlighter.all();
</script><script class="brush: html" type="syntaxhighlighter">
<![CDATA[
@echo off
rem C:/ExchangePreparation
rem @Author: Osmani Urquiza
rem @Create: 11/20/2012
cd /d E:\
:: Install Exchange Server 2010
setup.exe
pause
</script><b> </b><br />
<br /><span style="color: #cc0000;"> <i><span style="color: #b45f06;"><b><span id="result_box" lang="en"><span class="hps"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;">When </span>Microsoft Exchange Server 2010 window installation appears<span style="font-size: small;">. <span style="font-size: small;">C</span></span>lick <span style="font-size: small;">on "S<span style="font-size: small;">tep 4: Install Microsoft Exchange"<span style="font-size: small;">, and fo<span style="font-size: small;">llows the next steps</span></span></span></span></span></span></span></span></b></span></i></span></span></span><br />
<ul>
<li><span style="font-size: small;"><span style="font-family: inherit;"><span id="result_box" lang="en"><span class="hps"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;">In the "<b>Exchange Server </b><span style="font-size: small;"><b>2010 Setup</b>" page<span style="font-size: small;">, click to <span style="font-size: small;">choose "<b>Typical Exchange </b><span style="font-size: small;"><b>Server Installation</b>"</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><span id="result_box" lang="en"><span class="hps"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"> </span></span></span></span></span></span></span></span></span></span></span></span></span><i><b><span id="result_box" lang="en"><span class="hps"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"> </span></span></span></span></span></span></span></span></b></i><span id="result_box" lang="en"><span class="hps"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-size: small;"><span style="font-family: inherit;">and </span></span></span></span></span></span></span></span></span></span>Give a <span style="font-size: small;"><span style="font-family: inherit;">c</span></span>heck mark for<b> "Automatically install Windows Server roles and features required for Exchange"</b>.</li>
<li>In the "<b>Configure Client Access server external domain</b>" page, click to check "<b>The Client Access server role will be internet-facing</b>" and give the <b>external domain name</b>.<b> </b></li>
<li>In the "<b>Mail Flow Settings</b>" <b>page, you will get this option to configure mail flow between these Servers, If Exchange 2003 Exists in your Environment</b>. </li>
<li>In the "<b>Readiness Checks</b>" page, setup will verify the prerequisites for selected components and if they have completed successfully. Click <b>Install</b>.</li>
<li>In the "<b>Completion</b>" page you can see the progress of the installation, once all are completed, click <b>Finish</b>.</li>
<li>In the initial <b>setup pop-up </b>screen, after you click <b>Close</b>, you will be prompted to install latest critical updates for Exchange Server before exiting. Click <b>Yes.</b></li>
<li>Now <b>Reboot </b>your Server. </li>
</ul>
<h2>
<span style="font-family: Arial,Helvetica,sans-serif;"><span style="font-size: large;"><b><span style="color: lime;">4. <span style="font-size: large;">Exchange <span style="font-size: large;">Server 2010 Setup</span></span></span></b></span></span></h2>
<br />
<span style="color: #6aa84f;"><b> <span style="color: #38761d;">Send Connector in Exchange 2010</span></b></span><br />
<br />
<ul>
<li>Click <b>Start </b>< <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b> < <b>Organization Configuration</b>.</li>
<li>Click <b>Hub Transport</b>.</li>
<li>In the "<b>Hub Transport</b>"<b> </b>panel, click <b>Send Connectors</b> tab.</li>
<li>Right click in the result panel, and click "<b>New Send Connector ...</b>" </li>
<li>In the "<b>New Send Connector</b>" <b>Introduction</b> window, you can type a friendly name and click Next.</li>
<li>In the "<b>New Send Connector</b>" <b>Address space</b>, click on Add ...</li>
<li>In "<b>SMTP Address Space</b>" window leave by default, then click <b>OK</b>.</li>
<li>In the "<b>New Send Connector</b>" <b>Network Settings</b> by Default type – <b>Use Domain Name System (DNS)</b>; If your using a smart host “Route Mail through the following smart hosts”, and Add the IP and configure your smart host for the same.</li>
<li>In the "<b>New Send Connector</b>" <b>Source Server</b> window, Add new <b>Exchange name</b>, and click <b>Next</b>. If you have multiple Exchange 2010 you can configure the source server as per your Requirement.</li>
<li>In the "<b>New Send Connector</b>" <b>Completion </b>window click <b>Finish</b>. </li>
</ul>
Now you are configured Send Connector in Exchange 2010.<br />
<br />
<span style="color: #38761d;"><b> Receive Connector in Exchange 2010</b></span><br />
<br />
<ul>
<li>Click <b>Start </b>< <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b> < <b>Server Configuration</b>.</li>
<li>Click <b>Hub Transport</b>.</li>
<li>In the "<b>Hub Transport</b>"<b> </b>panel, click <b>Receive Connectors</b> tab.</li>
<li>Right click in the <b>Default Connector</b> , and click to select <b>Properties</b>. </li>
<li>In the "<b>Default Connector</b> <b>Properties</b>" window, click <b>Permission Group</b> tab and check <b>Anonymous users</b> permissions group.</li>
<li>Click <b>Ok</b>.</li>
</ul>
Now your Server will receive mails from Internet (If your Firewall Points to Exchange 2010 Server).<b><span style="color: #38761d;"> </span></b><br />
<b><span style="color: #38761d;"><br /> Configure Client Access Server Role migrating from Exchange 2003 to Exchange 2010 </span></b><br />
<br />
<ul>
<li>Click <b>Start </b>< <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b> < <b>Server Configuration</b>.</li>
<li>Click <b>Client Access</b>, in the result panel click <b>Outlook Web App</b> tab, then right click on <b>owa (Default Web Site)</b>, and select <b>Properties</b>.</li>
<li>In the "<b>owa (Default Web site) Properties</b>" window, in <b>General</b> tab you can set <b>Internal URL - e.g </b>"https://server-name.domain.com/owa" <b>and External Url</b> <b>- e.g</b> "https://mail.domain.com/owa"</li>
<li>In the "<b>owa (Default Web site) Properties</b>" window, in <b>Authentication</b> tab you need check "<b>Basic Authentication</b>" & "<b>Integrated Windows Authentication</b>".</li>
<li>Click <b>Apply</b>, and <b>OK</b>.</li>
</ul>
<div style="text-align: center;">
<i><span style="color: red;">* <b>You can configuring Client Access Server Role using Exchange Management Shell.</b></span></i><br />
<strong><em><span style="color: red;"></span></em></strong> </div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b><span style="color: #134f5c;">Set-OwaVirtualDirectory -Identity “Exchange-Server-Name\owa (Default Web Site)” -ExternalUrl </span><span style="color: #134f5c;"><span style="color: #134f5c;"><a href="https://mail.careexchange.in/owa">https://mail.Domain.com/owa</a></span> </span><span style="color: #134f5c;">-InternalUrl </span><span style="color: #134f5c;"><a href="https://exchange-server-name.domain.com/owa">https://Exchange-Server-Name.Domain.com/owa</a></span></b></div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
<b><span style="color: #134f5c;">Set-OwaVirtualDirectory -Identity “Exchange-Server-Name\owa (Default Web Site-BasicAuthentication:$True -WindowsAuthentication:$True</span></b></div>
<div style="text-align: left;">
<br /></div>
<span style="color: #38761d;"><b> Configure Exchange Control Panel</b></span><br />
<br />
<ul>
<li>Click <b>Start </b>< <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b> < <b>Server Configuration</b>.</li>
<li>Click <b>Client Access</b>, in the result panel click <b>Exchange Control Panel</b> tab, then right click on <b>ecp (Default Web Site)</b>, and select <b>Properties</b>.</li>
<li>In the "<b>ecp (Default Web site) Properties</b>" window, in <b>General</b> tab you can set <b>Internal URL - e.g </b>"https://server-name.domain.com/owa" <b>and External Url</b> <b>- e.g</b> "https://mail.domain.com/owa".</li>
<li>In the "<b>ecp (Default Web site) Properties</b>" window, in <b>Authentication</b> tab you need check "<b>Basic Authentication</b>" & "<b>Integrated Windows Authentication</b>".</li>
<li>Click <b>Apply</b>, and <b>OK</b>.</li>
</ul>
<div style="text-align: center;">
<i><span style="color: red;">* <b>You can configuring Exchange Control Panel using Exchange Management Shell.</b></span></i><br />
<strong><em><span style="color: red;"></span></em></strong> </div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b><span style="color: #134f5c;">Set-EcpVirtualDirectory -Identity “Exchange-Server-Name\ecp (Default Web Site-BasicAuthentication:$True -WindowsAuthentication:$True </span></b></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
</div>
<b><span style="color: #38761d;"> Configure Microsoft Server ActiveSync</span></b><br />
<br />
<ul>
<li>Click <b>Start </b>< <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b> < <b>Server Configuration</b>.</li>
<li>Click <b>Client Access</b>, in the result panel click <b>Exchange ActiveSync</b> tab, then right click on <b>Microsoft-Server-ActiveSync (Default Web Site)</b>, and select <b>Properties</b>.</li>
<li>In the "<b><b>Microsoft-Server-ActiveSync (Default Web Site)</b> Properties</b>" window, in <b>General</b> tab you can set <b>Internal URL - e.g </b>"https://server-name.domain.com/Microsoft-Server-ActiveSync" <b>and External Url</b> <b>- e.g</b> "https://mail.domain.com/Microsoft-Server-ActiveSync". </li>
<li>Click <b>Apply</b>, and <b>OK</b>. </li>
</ul>
<div style="text-align: center;">
<i><span style="color: red;">* <b>You can configuring Microsoft Server ActiveSync using Exchange Management Shell.</b></span></i><br />
<br />
<strong><em><span style="color: red;"></span></em></strong> </div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
<b><span style="color: #134f5c;"> Set-ActiveSyncVirtualDirectory -Identity “Exchange-Server-Name\Microsoft-Server-ActiveSync (Default Web Site)” -InternalUrl <a href="https://exchange2010.careexchange.in/Microsoft-Server-ActiveSync">https://Exchange-Server-Name.Domain.com/Microsoft-Server-ActiveSync</a> –ExternalUrl “<a href="https://mail.careexchange.in/Microsoft-Server-ActiveSync">https://mail.Domain.com/Microsoft-Server-ActiveSync</a>“</span></b></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="color: #134f5c;"> </span></b><span style="color: #38761d;"><b>Configure </b><b>Offline Address Book Distribution </b></span></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<ul>
<li>Click <b>Start </b>< <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b> < <b>Server Configuration</b>.</li>
<li>Click <b>Client Access</b>, in the result panel click <b>Offline Address Book Distribution</b> tab, then right click on <b>OAB (Default Web Site)</b>, and select <b>Properties</b>.</li>
<li>In the "<b><b>OAB (Default Web Site)</b> Properties</b>" window, in <b>URLs</b> tab you can set <b>Internal URL - e.g </b>"https://server-name.domain.com/OAB" <b>and External Url</b> <b>- e.g</b> "https://mail.domain.com/OAB". </li>
<li>Click <b>Apply</b>, and <b>OK</b>. </li>
</ul>
<div style="text-align: center;">
<i><span style="color: red;">* <b>You can configuring OAB using Exchange Management Shell.</b></span></i><br />
<strong><em><span style="color: red;"></span></em></strong><br />
</div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
<i><span style="color: red;"><b> </b></span></i><span style="color: #134f5c;"><b>Set-OabVirtualDirectory -Identity “Exchange-Server-Name\OAB (Default Web Site)” -PollInterval 480 -InternalUrl <a href="http://www.blogger.com/blogger.g?blogID=3514659843280906635">http:// Exchange-Server-Name.Domain.com/OAB</a> -ExternalUrl <a href="https://mail.careexchange.in/OAB">https://mail.Domain.com/OAB</a></b></span></div>
<div style="text-align: left;">
<span style="color: #134f5c;"><br /></span>
<span style="color: #134f5c;"><br /></span></div>
<div style="text-align: left;">
<span style="color: #38761d;"><b> Configure Outlook Anywhere</b></span><i><span style="color: red;"><b> </b></span></i></div>
<div style="text-align: left;">
<br /></div>
<ul>
<li>Click <b>Start </b>< <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b> < <b>Server Configuration</b>.</li>
<li>Click <b>Client Access</b>, in the result panel right click on <b>Server-Name</b>, then click on <b>Enable Outlook Anywhere</b>, and the <b>Enable Outlook Anywhere </b>wizard appears. </li>
<li>In the "<b>Enable Outlook Anywhere wizard</b>"window, type the external host name for Outlook Anywhere users to use when connecting remotely to Exchange <b>e.g </b>"mail.Domain.com", and choose <b>Basic Authentication </b>method. </li>
<li>Click <b>Apply</b>, and <b>OK</b>.</li>
</ul>
<div style="text-align: center;">
<i><span style="color: red;">* <b>You can configuring Outlook Anywhere Exchange Management Shell.</b></span></i><br />
<strong><em><span style="color: red;"></span></em></strong><br />
</div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
<b><span style="color: #134f5c;">Enable-OutlookAnywhere -Server ‘Exchange-Server-Name′ -ExternalHostname ‘anywhere.Domain.com’ -DefaultAuthenticationMethod ‘Basic’ -SSLOffloading $false</span></b><b><span style="color: #134f5c;"><b> </b></span></b></div>
<div style="text-align: center;">
<br /></div>
<h2 style="text-align: left;">
<span style="color: lime;"><span style="font-family: inherit;"><span style="font-size: large;"><b><b>5. </b></b>Request a new Certificate from a trusted Certificate Authority in Exchange 2010 </span></span></span></h2>
<div style="text-align: left;">
<br />
We can use a internal windows Certificate Authority certificate with
Exchange 2010 to avoid Certificate Errors.<br />
<br />
Now will Learn issuing a Internal Windows CA Certificate, for this to be
used externally you need to have a CNAME record in your public DNS <br />
pointing to
your Public IP NAT to your CAS.<br />
</div>
<div style="text-align: left;">
<ul>
<li>Click <b>Start </b>< <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b>.</li>
<li>Click on <b>Server Configuration</b>, in the result panel right click on <b>Server-Name </b>and click to select "<b>New Exchange Certificate..."</b>, and the <b>New Exchange Certificate </b>wizard appears.</li>
<li><b> </b>In "<b>Introduction</b>" windows, type a friendly name for the new certificate <b>e.g </b><i><b>Exchange2010Certs</b></i>, and click <b>Next</b>.</li>
<li>In "<b>Domain Scope</b>" window, <i>Wild Card is used if you are going to manage more URL</i> <b>e.g</b> <i><b>*.Domain.com</b></i>, if not leave it by default, and click <b>Next</b>. </li>
<li>In "<b>Exchange Configuration</b>" window, click to assign the required services:</li>
</ul>
* Click to expand "<b>Client Access server (Outlook Web App)</b>", then click to choose "<b>Outlook </b><b>Web App is on the intranet</b>" and "<b>Outlook Web </b><br />
<b> App is on </b><b>the Internet</b>"</div>
<div style="text-align: left;">
* Click to expand "<b>Client Access server (Exchnage ActiveSync)</b>", then click to choose "<b>Exchange Active Sync is Enable</b>"</div>
<div style="text-align: left;">
* Click to expand "<b>Client Access server (Web Services, Outlook Anywhere, and </b><b>Autodiscover)</b>", then click to choose "<b>Exchange Web </b><br />
<b> Services is </b><b>enable</b>" and "<b>Outlook </b><b>Anywhere is enable</b>"</div>
<div style="text-align: left;">
* Click to expand "<b>Legacy Exchange Server</b>", then click to choose "<b>Use legacy domain</b>"</div>
<div style="text-align: left;">
<ul>
<li>Click <b>Next</b>.</li>
<li>In "<b>Cetificate Domains</b>" window you will see the collection for <b>URL's</b>. click <b>Next</b>.</li>
<li>In "<b>Organization and Location</b>" window fill out the form, and click <b>Next</b>.</li>
<li>In "<b>Completion</b>" window click <b>Finish</b>.</li>
</ul>
<b><span style="color: red;"> You request a file name: Exchange2010Certs. Right click in it and open with Notepad.</span> </b><span style="color: #38761d;"><b> </b></span><br />
<br />
<span style="color: #38761d;"><b> Now we need install Active Directory Certificate Services. </b></span><br />
<br />
<ul>
<li>Click <b>Start</b> < <b>Server Manager</b>.</li>
<li>In new window click <b>Continue</b>.</li>
<li>In "<b>Server Manager</b>" window click on <b>Roles</b>.</li>
<li>In "<b>Roles</b>" panel click <b>Add Roles</b>, click <b>Next</b>, and click to choose "<b>Active Directory Certificate Services</b>".</li>
<li>In "<b>Select Role Services</b>" window click to choose "<b>Certification Authority</b>" and "<b>Certification Authority Web Enrollment</b>", then click <b>Next</b>.</li>
<li>In "<b>Specify Setup Type</b>" window choose "<b>Enterprise</b>", and click <b>Next</b>.</li>
<li>In "<b>Specify CA Type</b>" window choose "<b>Root CA</b>", and click <b>Next</b>.</li>
<li>In "<b>Set Up and Private Key</b>" window choose "<b>Create a new private key</b>", and click <b>Next</b>. </li>
<li>In "<b>Configure Cryptography for CA</b>" window leave it by default with 2048 key Character length, and click <b>Next</b>.</li>
<li>In "<b>Configure CA Name</b>" window leave it by default, and click <b>Next</b>.</li>
<li>In "<b>Set Validity Period</b>" window leave it by default, and click <b>Next</b>.</li>
<li>Finally you see "<b>Instalation Result</b>" window then click <b>Close</b>.</li>
</ul>
</div>
<div style="text-align: left;">
<b> Next</b>;</div>
<div style="text-align: left;">
<ul>
<li>Click <b>Start</b> < <b>Administrative Tools</b> < <b>Internet Information Services (IIS) manager</b>.</li>
<li>In the left panel click to expand <b>Server-Name</b> < <b>Sites</b> < <b>Default Web Site</b>.</li>
<li>Click on "<b>CertSrv</b>", in the <b>Action</b> panel click on <b>Browse *:443 (https)</b>.</li>
<li>When Internet Explorer window open, click on "<b>Continue to this website (not recomended)</b>".</li>
<li>In "<b>Welcome</b>" page, click on "<b>Request a certificate</b>".</li>
<li>In "<b>Request a Certificate</b>" page, click on "<b>advanced certificate request</b>".</li>
<li>In "<b>Advance Certificate Request</b>" page, click on "<b>Submit a certificate request by using a base-64-encode......</b>"</li>
<li>In "<b>Submit a Certificate Request or Renewal Request</b>" page, in "<b>Saved Request</b>" paste content of file "<b><span style="color: red;">Exchange2010Certs</span></b><span style="color: red;"><span style="color: black;">" </span></span>that you create above; in "<b>Certificate template</b>" choose "<b>Web Server</b>", then click <b>Submit</b>.</li>
<li>In "<b>Certificate Issued</b>" page, click to select "<b>Base 64 encoded</b>" and click in "<b>Download certificate</b>".</li>
<li>Click on <b>Save</b>.</li>
</ul>
<b> Next</b>;</div>
<div style="text-align: left;">
<ul>
<li>Click <b>Start</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft exchange On-Premises</b> < <b>Server Configuration</b>.</li>
<li>In "<b>Server Configuration</b>" panel, right click on "<b>Exchange2010Certs</b>" and click to select "<b>Complete Pending request</b>".</li>
<li>In "<b>Complete Pending Request</b>" window, click to browse the new created certificate above then click <b>Complete</b>.</li>
<li>In "<b>Server Configuration</b>" panel, right click on "<b>Exchange2010Certs</b>" and click to select "<b>Assign Services to Certificate...</b>".</li>
<li>In "<b>Select Servers</b>" window, leave by default and click <b>Next</b>.</li>
<li>In "<b>Select Services</b>" window, click to select <b>IMAP</b>, <b>POP</b>,<b> SMTP</b>, and<b> IIS</b> then click <b>Next</b>.</li>
<li>In "<b>Assign Services</b>" window, click on <b>Assign</b>.</li>
</ul>
At this moment the Server Part is ready.</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<span style="color: #38761d;"><b> Now we going to install the Certificate in the Client End.</b></span><br />
</div>
<div style="text-align: left;">
<ul>
<li> Double click on <b>Certificate</b>, and click on <b>Install Certificate...</b></li>
<li>In "<b>Welcome to the Certificate Import Wizard</b>" window, click <b>Next</b>. </li>
<li>In "<b>Certificate Store</b>" window, click to select "<b>Place all certificates in the following store</b>" then click <b>Browse..</b>. select "<b>Personal</b>", click <b>OK</b>, click <b>Next</b>, then click <b>Finish</b>.</li>
<li>In "<b>Certificate Store</b>" window, click to select "<b>Place all certificates
in the following store</b>" then click <b>Browse..</b>. select "<b>Trusted Root Certification Authorities</b>", click
<b>OK</b>, click <b>Next</b>, then click <b>Finish</b>.</li>
<li>In "<b>Certificate Store</b>" window, click to select "<b>Place all certificates
in the following store</b>" then click <b>Browse..</b>. select "<b>Intermediate Certification Authorities</b>", click
<b>OK</b>, click <b>Next</b>, then click <b>Finish</b>. </li>
</ul>
Now you are ready to use a internal windows CA certificate with Exchange 2010.</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<h2>
<span style="color: lime;"><span style="font-size: large;"><span style="font-family: inherit;">6. Move offline address book from Exchange 2003 to Exchange 2010 </span></span></span></h2>
<br />
In the process of migration from Exchange 2003 to Exchange 2010. We going to move the Offline address book.<br />
<ul>
<li>Click <b>Start</b> <<b> Exchange Management Console</b>.</li>
<li>Click to expand <b>Microsoft Exchange On-Premises</b> < <b>Organization Configuration</b>.</li>
<li>Click on <b>Mailbox</b>, in the Mailbox panel click on "<b>Offline Address Book</b>" tab.</li>
<li>Right click on "<b>Default Offline Address...</b>", and click to select <b>Move</b>.</li>
<li>In "<b>Move Offline Address Book</b>", choose your Offline Address Book generation Server to your Exchange 2010 Server, then click <b>Move</b>.</li>
<li>Right click on "<b>New Default Offline Address...</b>", click to select <b>Properties</b>, and click on <b>Distribution</b> tab.</li>
<li>Click to check "<b>Enable Web-based distribution</b>" and "<b>Enable public folder distribution</b>", then click on <b>Add...</b>, and click <b>Apply</b>.</li>
</ul>
The Offline address book migration is complete.</div>
<div style="text-align: left;">
<br /></div>
<h2 style="text-align: left;">
<span style="color: lime;"><span style="font-size: large;"><span style="font-family: inherit;">7. Move Public Folders from Exchange 2003 to Exchange 2010</span></span></span></h2>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-size: large;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-size: small;"> Moving public folders is simple if your mail flow is fine between Exchange 2003 and Exchange </span></span></span></span><span style="font-size: large;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-size: small;">2010.</span></span></span></span></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
For small and medium Public Folder Database we can go ahead and use Scripts. This will add replica of Public Folders from Exchange Server 2003 to <br />
Exchange Server 2010.</div>
<div style="text-align: left;">
<ul>
<li>Click <b>Start</b> < <b>All Programs</b> < <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Shell</b>.</li>
<li>Browse your prompt into the Scripts folder and you can run this command</li>
</ul>
</div>
<br />
<div style="text-align: center;">
<span style="color: #38761d;"><strong> C:\Program Files\Microsoft\Exchange Server\V14\Scripts><span style="color: red;">.\AddReplicaToPFRecursive.ps1 -TopPublicFolder “\” -ServerToAdd “Exchange-Name-Server2010″</span></strong><span style="color: red;"> </span></span></div>
<br />
Once that completes . Dismount your Public Folder database in your Exchange 2003 and try to access data from your Exchange 2010 Mailbox. This <br />
verifies the data has been replicated fine.<br />
<br />
Once the replica is added and data has been replicated over to finish of the Public Folder migration we going to move the replica from Exchange 2003 <br />
to Exchange 2010.<br />
<ul>
<li> Click <b>Start</b> < <b>All Programs </b>< <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Shell</b>.</li>
<li>Browse your prompt into the Scripts folder and you can run this command.</li>
</ul>
<div style="text-align: center;">
<span style="color: #38761d;"><strong> C:\Program Files\Microsoft\Exchange Server\V14\Scripts><span style="color: red;">.\MoveAllReplicas.ps1 -Server “Exchange-Name-Server2003″ -NewServer “Exchange-Name-Server2010″</span></strong> </span></div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<br />
Great, your Public Folder migration is done.<br />
<br />
Now, we are moving Folder Hierarchies.<br />
<ul>
<li>In Exchange Server 2003, click <b>Start</b> < <b>All Programs</b> < <b>Microsoft Exchange</b> < <b>Exchange Management Console</b>.</li>
<li>Click to expand <b>Administrative Groups</b>, right click on <b>Exchange Administrative Group</b>, click on <b>New</b>, then click <b>Public Folders Container</b>.</li>
<li>Click to expand<b> First Administrative Group</b> < <b>Folders</b>, and you can see <b>Public Folders</b>.</li>
<li>Click and Drag “<b>Public Folders</b>” from <b>First Administrative Group</b> <
<b>Folders</b> to <b>Exchange administrative Group </b>< <b>Folders c</b>ontainer. </li>
</ul>
At this moment your Public Folder Folders are completely migrated.</div>
<div style="text-align: left;">
<br />
<h2>
<span style="color: lime;"><span style="font-size: large;"><span style="font-family: inherit;">8. Remove Recipient Update Services</span></span></span></h2>
<br />
Now we remove Recipient Update Services using "Adsiedit.msc". In the process of migration to Exchange 2010.<br />
<ul>
<li>Click <b>Start</b>, in "<b>Search programs and files</b>" type "<b>adsiedit.msc</b>".</li>
<li>In "<b>ADSI Edit</b>" window, right click on "<b>ADSI Edit</b>" and click "<b>Connet to..</b>.".</li>
<li>In "<b>Connection Settings</b>" window, click to check "<b>Select a well known Naming Context</b>" and select "<b>Configuration</b>".</li>
<li>In "<b>ADS Edit</b>" click to expand <b>Configuration </b>< <b>Services </b>< <b>Microsoft Exchange </b> < <b>First Organization (Default ORG name)</b> < <b>Address lists Container</b> < <b>Recipient Update Services</b>, right click to remove the <b>Recipient Update Services</b>, the click <b>OK</b>.</li>
</ul>
Now we remove Routing Group Connector.</div>
<div style="text-align: left;">
<ul>
<li>Click <b>Start</b> < <b>All Programs </b>< <b>Microsoft Exchange Server 2010</b> < <b>Exchange Management Shell</b>.</li>
<li>Browse your prompt into the Scripts folder and you can run this command.</li>
</ul>
</div>
<br />
<div style="text-align: center;">
<b><span style="color: #38761d;"><strong> C:\Program Files\Microsoft\Exchange Server\V14\Scripts></strong><span style="color: red;">Get-RoutingGroupConnector | Remove-RoutingGroupConnector </span></span></b></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<h2>
<span style="color: lime;"><span style="font-size: large;"><span style="font-family: inherit;">9. Uninstall Exchange 2003</span></span></span></h2>
</div>
<div style="text-align: left;">
<ul>
<li>Click <b>Start </b>< <b>Control Panel </b>< <b>Add and Remove Programs</b>.</li>
<li>Search <b>Microsoft Exchange Server 2003</b>, and click <b>Remove</b>.</li>
</ul>
</div>
<div style="text-align: left;">
<i> Congratulation!! </i><span id="result_box" lang="en"><i><span class="hps">You do</span> <span class="hps">successfully migrated</span> from <span class="hps">Exchange Server 2003</span> </i><span class="hps"><i>to Exchange Server </i></span></span><span lang="en"><span class="hps"><i>2010</i> <b><span style="color: #38761d;">:)</span></b></span><span class="hps"></span></span></div>
<div style="text-align: left;">
<span style="color: #b45f06;"><u><i><strong></strong></i></u></span><br /></div>
<div style="text-align: left;">
<span style="color: #b45f06;"><u><i><strong></strong></i></u></span><br /></div>
</div>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-70764008134152118172012-10-17T12:25:00.000-04:002012-10-18T06:58:05.597-04:00Restrict use of a computer to one domain user only<em>The "Authenticated Users" group on each computer allow users from trusted domain to be authenticate</em><br />
<div>
<em>and logon to computer.</em></div>
<div>
<em>If you want restrict use of a computer to one domain user only, performs the following steps:</em></div>
<br />
<span style="color: lime;"><strong>Option 1: Active Directory Users and Computers</strong></span><br />
<br />
<ul>
<li>Click <strong>Start</strong> < <strong>Administrative Tools</strong> < <strong>Active Directory Users and Computers</strong>.</li>
<li>Click to expand <strong>Domain Name</strong> < <strong>Domain Users</strong> < <strong>Organization Units</strong> “Name” < <strong>Users</strong>.</li>
<li>Right click on <strong>User</strong>, then click to select <strong>User Properties</strong>.</li>
<li>In the <strong>User Properties</strong> windows, click to select <strong>Account </strong>tab, then click on <strong>Log On To…</strong> button. </li>
<li>In the <strong>Logon Workstation Windows</strong>, Click to select “<strong>The following computers</strong>”, Then type the <strong>name of the computer</strong>.</li>
<li>Click on <strong>Add button</strong>, click <strong>Ok</strong> for close all windows.</li>
</ul>
<div>
Now the restriction is setup.</div>
<br />
<span style="color: lime;"><strong>Option 2: Domain Wide Policy</strong></span><br />
<br />
<ul>
<li>Click Start, in “<strong>Search programs and files</strong>” type <strong><span style="color: #e69138;">gpmc.msc</span></strong>.</li>
<li>In the “<strong>Group Policy Management Editor</strong>” windows, click to expand:</li>
</ul>
<div>
<strong>Computer Configuration</strong> <<strong> Policies</strong> < <strong>Windows Settings</strong> < <strong>Security Settings</strong> < <strong>Local policies</strong> < <strong>User Right Assignment</strong></div>
<ul>
<li>In the <strong>Policy</strong> panel double click in “<strong>Deny logon locally</strong>” for open the “<strong>Deny logon locally window</strong>”.</li>
<li>In “<strong>Deny logon locally window</strong>”, click to check “<strong>define these policy settings</strong>”, and click on <strong>Add User or Group…</strong> button.</li>
<li>In <strong>Add User or Group</strong> windows type the <strong>name</strong> or click on <strong>browser</strong> button.</li>
<li>Finally when you <strong>add the user or group</strong> click ok to finished.</li>
<li>After that click <strong>Start</strong>, right click on <strong>command prompt</strong>, and click "<strong>Run as Adminitrator</strong>".</li>
<li>In the “<strong>Administrator: Command Prompt window</strong>” type “<strong><span style="color: #e69138;">Gpupdate /force</span></strong>”, then press <strong>Enter</strong> key.</li>
</ul>
<div>
Now the restriction is setup.</div>
<div class="MsoNormal" style="margin: 0in 0in 10pt;">
<span style="color: #333333; font-family: "Segoe UI","sans-serif"; font-size: 10pt; line-height: 115%;"><o:p> </o:p></span><br />
<div>
</div>
</div>
<br />
<ul>
</ul>
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com0tag:blogger.com,1999:blog-3514659843280906635.post-912866723253800812012-08-21T16:02:00.000-04:002012-08-21T16:02:16.355-04:00Audit Logon Times with Windows Server 2003 Group PolicyYou can use <strong>Windows Group Policy</strong> to track employee log in times. Here I will show you how to enable log in auditing using a <strong>Windows Domain and Group Policy Objects</strong> (<strong>GPO</strong>).<br />
<br />
<span style="color: #f6b26b;">For this you need follow me in the steps below:</span><br />
<br />
* <span style="color: lime;">First: we need create a new Policy and Configure Enable auditing in your Policy.</span><br />
<ol>
<li>Click <strong>Start</strong> > <strong>Administrative Tools</strong> > <strong>Active Directory Users and Computers</strong>.</li>
<li>In "<strong>Active Directory Users and Computers</strong>" open window, right click on name of you <strong>Domain</strong>, and click on <strong>Properties</strong>.</li>
<li>In the new open window, click <strong>Group Policy</strong> tab, click on <strong>Open..</strong> button.</li>
<li>In the "<strong>Group Policy Management</strong>", click to expand your <strong>domain</strong>.</li>
<li>Right click in "<strong>Group Policy Objects</strong>", and click on <strong>New</strong>.</li>
<li>In "<strong>New GPO</strong>" open window type the name of the new <strong>Policy</strong>, and click <strong>OK</strong>.</li>
<li>Expand "<strong>Group Policy Objects</strong>", right click on the new created policy, and click to<strong> Edit</strong>.</li>
<li>Click to expand <strong>Computer Configuration</strong> > <strong>Windows Settings</strong> > <strong>Security Settings</strong> > <strong>Local policy</strong>.</li>
<li>Click to select <strong>Audit Policy</strong>.</li>
<li>In the right panel double click on "<strong>Audit account logon events</strong>". </li>
<li>In the "<strong>Audit account logon events</strong>" open windows click to check boxes "<strong>Success</strong>" and "<strong>Failure</strong>", then click <strong>OK</strong>.</li>
<li>Now double click on "<strong>Audit logon events</strong>". </li>
<li>In the "<strong>Audit logon events</strong>" open windows click to check boxes "<strong>Success</strong>" and "<strong>Failure</strong>", then click <strong>OK</strong>.</li>
<li>Close <strong>The Group Policy Object Editor</strong> window.</li>
</ol>
* <span style="color: lime;">Audit account logon events: This secutity setting determines whether to audit each instance of a user logging on to or logging off from another computer in wich this computer is used to validate the account.</span><br />
<br />
* <span style="color: lime;">Audit logon events: this security setting determines whether to audit each instance of a user logging on to or logging off from a computer.</span><br />
<br />
<span style="color: #f6b26b;">Now you need will be assigning the policy to an Organizational Unit (OU) containing the computers we wish to have under the policy. For this follow the steps below.</span><br />
<ol>
<li> Click <strong>Start</strong> > <strong>Administrative Tools</strong> > <strong>Active Directory Users and Computers</strong>.</li>
<li>In "<strong>Active Directory Users and Computers</strong>" open window, right click on (<strong>OU</strong>) what do you want to apply the security setting, and click in <strong>Properties</strong>.</li>
<li>In the new open window, click <strong>Group Policy</strong> tab, click on <strong>Open..</strong> button.</li>
<li>In the "<strong>Group Policy Managenet</strong>" open window is select the (<strong>OU</strong>), right click in it and select "<strong>Link an Existing GPO...</strong>".</li>
<li>Now in "<strong>Group Policy objects</strong>:" select the new policy created in the first step in this tutorial, and click <strong>OK</strong>.</li>
<li>Now in "<strong>Group policy Management</strong>" open window in the right panel we can see the new policy <strong>linked in GPO</strong> for this <strong>Organizational Unit</strong>.</li>
</ol>
* <span style="color: lime;">In a few hours it depend of the size of your network you are ready to see the Audity Log Success in the Log Name: Security at Event Viewer. </span><br />
Osmani Urquizahttp://www.blogger.com/profile/02000629365460600723noreply@blogger.com1