Recently I found out that there was no way to implement different password policies on domains running on Windows Server 2003. It didnt sound right to me, why I cannot keep different password complexity, for example, in different OUs for different users? You can actually link to separate OUs with different policies with different values on passwords options, but theyll be ignored by Default Domain Policy. It seems that there’s a way to accomplish this (not an easy way, but anyhow) running domains with Windows Server 2008 and of course in the highest domain functional level. The tools involved: GPMC (included with Windows Server 2008) and ADSI Edit. Here’s the solution: http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part-1.html http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part2.html Cheers!
To pull off some of the best practices that we talked about on the first part of the WSUS 3.0 posts, we’ll take a look to some technical configurations. At this point you must already have set different OUs for the type of computers you have in your environment. This OU separation will help you to improve your patching process. · Group Policies Configuration If you are using Windows Server 2003, first of all let me say that you must install Group Policies Management Console to apply and access all of the policies on your domain, this tool gives you a nice interface to interact with those objects. But if you are using Windows Server 2008, this console comes integrated with the operating system, so there’s no need on installing it. Like you remember, on the first part we talk about applying different policies for different computers and also different levels of GPOs: A “common” GPO for the entire domain and over the OUs (and sub OUs if is the case) applying another GPO for more restrictive options. Let’s start then opening the GPMC and over our domain click on “Create and Link a GPO Here”: After we insert the proper name for our WSUS GPO, we right click on the GPO and select “Edit”. The “Group Policy Object Editor” opens. The location of the most important group policies that we need to configure are located in “Computer Configuration” -> […]
Fortunately there’s a lot of information on Microsoft WSUS official site about almost anything you want to know about how to get started with this powerful tool: WSUS 3.0 Overview Step-by-Step: Getting Started with WSUS 3.0 Deploying WSUS 3.0 This post it’s intended to help about the WSUS first configurations and recommendations about how to use it. When you install WSUS, the configuration wizard it’s pretty much self explained and with the Step-by-Step guide you shouldn’t have any problem. The first warning that we can make at this point it’s about the “Specify Proxy Server” step. If you have one on your network, like an ISA Server 2006, remember that this server use the 8080 port when it works as a proxy. Configure this port on the WSUS, otherwise your connection will fail. Always remember when you are selecting the languages of the updates and the products that you want to receive these updates, you should only select the ones that you actually need. Otherwise the duration of all synchronizations with Windows Update and the WSUS server will increase significantly. Note: The first synchronization of the WSUS server always takes a lot of time. When you have your WSUS server online it’s time to configure your environment. Here are some of the best practices: Best Practices · Test phase first Before applying any patch on your users’ computers or servers, you must always have a stage environment. Replicating all base […]
Publishing a TFS within an ISA Server basically depends on creating three rules for web sites: One will use the TFS default port (8080), the second will use SharePoint (on port 17012) and the other one is for the common HTTP port (80). A small comment about this: The same configuration described here, can also work for Team Foundation Server 2008. It’s very important that you already have defined your public name for the TFS Server and even more important that this public name can be resolved by the ISA Server and over the Internet. Let’s start then: 1 – Publish TFS Services 1.1 – Select “Publish Web Site” and use the proper name for that rule. 1.2 – Select “Publish a single Web Site or load balancer”. 1.3 – If you are not going to use SSL the just select “Use non-secured connections…” 1.4 – In this step you must indicate the FQDN that the clients will use to connect with the Team Foundation Server. Remember that this name should be already accessible for the ISA Server. 1.5 – No selection on Path and select “Forward the original host header…” 1.6 – Select “Accept Requests for: This domain name (type below)” and use the public TFS name again. 1.7 – On the next window you will need to create a Web Listener, which will be accepting the incoming requests for TFS Services port. 1.8 – Select again what kind […]
On the Orlando Tech-Ed that took place on the first days of June, one of the things that were official announced and presented were the Windows Server 2008 exams for Microsoft’s certification. Here’s some of the things you should now if you are planning to get or upgrade to this certification: – This will be a new stage for certification, the names will be: MCTS (three exams) and MCITP (2 exams). – MCSA and MCSE there’ll be still certifications available. – On 2008 the Windows 2000 exams will be retired (the exams but not the certification, of course). – MCTS exams will be availabe one moth after the RTM version of Windows Server 2008. MCITP will be available two months after. – There’ll be a upgrade exam from 2003 certification to 2008. – There will be NOT an upgrade from Windows 2000 to 2008. – MCSA and MCSE professionals will have a 40% discount on the price of the Windows 2008 exams. Taking a look to some of the sites that talked about these new exams, I found out some of the topics that will be on these tests. Peak to Windows 2008 exam: Terminal Services – the different roles, the new features, etc IIS 7 – the new command line tools, new features, etc Server Core – of course, know your way with all the cmdline tooling that you can use Virtualization – be sure to study on how […]
For those who are not comfortable with the size of Vista icons on your desktop, there’s a little trick that I’m sure you’ll enjoy. On your desktop holding CTRL key and scrolling your mousewheel you can set at your placer the icons size. This one also works on the Explorer window when you are navigating any hard drive or folder. Enjoy :) Cheers
Common issue using Team Foundation Server with an external connection: Documents and Reports items becomes unavailable
Team Foundation Server is a very useful tool for team work, badly designed (no secret about that), but useful. The definition itself for TFS almost obligates you that this tool must be accessible not only from the internal network from your company, but also must be from external networks and the Internet. That’s when the problem appears. If you use Internet as the media to connect to TFS, probably you have this issue: even with all the permission in place, the Documents and Reports items from Team Explorer becomes unavailable. Like you know, you can use the FQDN (fully qualified domain name) of the Team Foundation Server name as the connection’s name with Team Explorer, for example: server01.domain.com. Or even you can use the server’s IP. But what happens if you want to work at home with any project within TFS?. If you don’t have a VPN (virtual private network) at your organization to make valid connections with Active Directory it can be very difficult to accomplish that. First you must achieve that you actually have a FQDN available to be used over the Internet. For example, if you own a web site for your organization, like http://www.mycompany.com, you can add a DNS record (tfs.mycompany.com) as a valid connection for your server. This post it’s intended to solve the named issue for TFS and not to guide you for a proper configuration of TFS over Internet, we can dedicate that […]