Archive for the ‘Server 2008’ Category

How To Force Adding Of Domain Admin Group to Local Admin Group

How To Force Adding Of Domain Admin Group to Local Admin Group

A common problem in Windows domain management is the removing of Domain Admin group from Local Admin group by users. This operation prevent from the Domain Admin group to connect to Administrative shares (like c$), log on to user workstation/server, track on user activity and so on.
Using «Restrict Groups» option from Windows 2000/2003 GPO impose some solution for this problem, but if there local users on the workstation/server, this option inefficient, and may harm the workstation/server users.

Machine Script Solution:

By combine Windows 2000/2003 GPO and creating a machine script, we can get
A good Solution to this problem, and by avoiding the problems that «Restrict Groups» option from Windows 2000/2003 GPO create.

The script structure:

Script Name: Machine_Startup_Script.vbs (You can use any name that you like,
But you need to verify that the file name suffix end with

Operation Interval: Each machine startup or/and shutdown.

‘Beginning Of the Script

On Error Resume Next

‘get main objects/variables
Set ws = WScript.CreateObject ( «WScript.Shell» )
compname = ws.ExpandEnvironmentStrings ( «%COMPUTERNAME%» )
Set adGrp = GetObject ( «WinNT://» & compname & «/Administrators,group» )

‘add domain groups to local admin group
adGrp.Add ( «WinNT://mywindowsdomain/Domain Admins,group» )

‘End of the Script

mywindowsdomain = The NetBIOS name of the Domain that the user workstation log into.

Sentence that begin with » ‘ » use for a comment only.

After creating the script, we need add this script to Domain Default GPO – as
Computer startup or/and shutdown script and we done.


Script Center

Windows 2000 Computer Startup Scripts:

Active Directory Services and Group Policy in Windows Server 2003:

Windows 2000 Group Policy:

Installing and Configuring Windows Server 2008 SMTP

Installing SMTP Server Feature on Windows 2008 is an easy process requiring only few steps to complete. On this article we will describe a step by step configuration and installation of the SMTP Server feature and how to enable the smtp to relay from local server.

Step 1:

Opening Server Manager Console and under Features select Add Features

Тег «Далее»

Рубрики:Server 2008 Метки:

Windows Server 2008 SMTP Service logging

Если установленная SMTP на Windows Server 2008 не пишет лог, то:

1) Install ODBC Logging module (role service in Server Manager)

2) Stop / Start the SMTP Service

3) Verify your SMTP service is configured for logging.  It’s not on by default.

4) Try a local telnet test (assuming the telnet client is installed)

5) Look at your log folder.

To Reproduce the logging ‘behavior’

1) Install Windows Server 2008 (obvious step)

2) Install the basic web server components. (static content with anonymous user)

3) Install telnet client and SMTP services

4) Enable logging on SMTP instance

5) try a telnet test locally

6) Verify the smtpsvc folder isn’t in the location you configured for logging (default is c:\windows\system32\logfiles)

7) Add the ODBC logging module (no iisreset is required) *Or in my tests there wasn’t

8) Stop / Start the SMTP service (net stop smtpsvc && net start smtpsvc)

9) Try another telnet test

10) Verify the SMTPSVC folder is present.


Steve Schofield
Microsoft MVP — IIS.


Рубрики:Server 2008 Метки:

Как подружить Vista и Samba

4 ноября, 2008 1 комментарий

Установив Microsoft Vista обнаружил, что с компьютера невозможно получить доступ к сетевым ресурсам на сервере Samba под Linux. Быстрый поиск показал, что причиной является отсутствие поддержки NTLMv2 на нашем Samba сервере. В Microsoft Vista по умолчанию отключены более старые протоколы аутентификации. 

Исправить эту ситуацию можно так:

1. Открыть окно «Run» для выполнения команд и запустить «secpol.msc»:

Vista and Samba

2. Выбрать «continue» когда Vista выведет предупреждение

3. Выбрать «Local Policies» —> «Security Options»:

Vista and Samba

4. Найти «Network Security: LAN Manager authentication level» и открыть. 

5. Изменить значение по-умолчанию «NTVLM2 responses only» на «LM and NTLM – use NTLMV2 session security if negotiated»:

Vista and Samba

Теперь Vista сможет работать с Samba нормально. Однако лучшим вариантом, пожалуй, является обновление Samba до 3-ей версии, где уже реализована поддержка NTVLM2. 

Нас ведь интересует безопасная работа 🙂


Полезные ресурсы по Windows Server 2008

Документация от Microsoft на русском языке:


Как продлить работу пробной версии Vista/Server 2008 до 120 или 240 дней

Windows Vista and Windows Server 2008 has free activation grace period which allows user to install and use the operating system for 120 days and 240 days without product key or product activation completed. The initial grace period given is 30 days and 60 days respectively for Windows Vista and Server 2008, and user has to “rearm” the system when the expiration of grace period is nearly ending in order to reset and extend the trial evaluation period, and hence activation grace period again.

  1. Open an elevated privilege command prompt.
  2. Type the slmgr.vbs -rearm, and then press Enter to reset the activation grace period to 60 days.
  3. Restart the computer.

Тег «Далее»

Windows Essential Business Server 2008

Стала доступна Public Preview версия Windows Essential Business Server 2008. Я давно ждал этого продукта, поскольку для многих организаций ограничение на количество пользователей для Small Business Server делают невозможным его использование.


Windows Essential Business Server 2008 is designed for the needs of midsize organizations with up to 250 desktops, helping IT professionals take control of their systems, reduce time spent “fighting fires” and focus more on strategic efforts to drive business growth. The solution includes built-in IT best practices and provides a unified console for management of key workloads and product licensing, which makes IT budgeting and purchase simpler and more predictable.

Windows Essential Business Server combines the technologies of Windows Server 2008, Exchange Server 2007, Forefront Security for Exchange Server, System Center Essentials 2007, the next version of Internet Security and Acceleration Server and, in the Premium Edition, SQL Server 2008 technology. The product will be demonstrated on IBM BladeCenter S and HP BladeSystem c-Class c3000 hardware at the “Heroes Happen Here” launch on Feb. 27 in Los Angeles, and is slated for availability in the second half of 2008.

Значительно изменился состав поставляемых в комплекте продуктов, а, соответственно, и цена:

· Windows Essential Business Server 2008 Standard Edition software, including five CALs, $5,472 (U.S.); additional CALs $81 each (U.S.)

· Windows Essential Business Server 2008 Premium Edition software, including five CALs, $7,163 (U.S.); additional CALs $195 each (U.S.)

Дороговато, хотя и в комплекте идет немало.

HOW-TO start VMWARE Server on Windows Vista or Windows 2008 Server

25 февраля, 2008 2 комментария

It presents you with that dialog (as opposed to the «Local»/Remote» radio selection) because the VMWare services aren’t running on the host.

I haven’t specifically tried VMWare Server on 2008 yet, but it sounds like the driver signature enforcement might be killing the services on startup. The same exact thing happens on Vista 64-bit, which I have been able to get working.

Do this:

Completely uninstall VMWare Server…tell it to remove the license. Go through and delete all its crap that it leaves behind (mostly C:ProgramDataVMWare). I’d even go so far as regedit, search «vmware» and delete anything there too.

Then reboot with Driver Signature Enforcement disabled (as Windows boots up, press F8, select «Disable Driver Signature Enforcement»).

Then install VMWare clean. Reboot and again select to disable Driver Signature Enforcement.

See if VMWare works now.

You must disable Driver Signature Enforcement every time you boot up.

Рубрики:HOW-TO, Microsoft, Server 2008, VMWARE