One DC with two subnets - Best practices
Hi all Our company will expand with a second physical site, and therefore a separate LAN. We already have an Active Directory in place, running on a Windows Server 2022 machine, with DHCP and DNS services. So we will now have two separate local networks, connected with a site-to-site VPN on router/gateway level, and one AD controller. I was wondering if there is a guide/instructions for setting up such a scenario. Can one AD controller handle this setup? How can I properly set up the DHCP and DNS requests from two different LANs? Thanks for your help
WSUS Automatic Patch and Reboot in Offline Hours
Hello, I'd like to patch and reboot some of our servers automatically in the offline hours, configured by GPOs. I have managed to get the patches installed and defined a active window. But the servers don't reboot. On issue could be the active window. On the GUI the maximum active window can be max 18h. Is this also valid if you set the window per GPO? As I want to have a very narrow window for the reboots so I need a active window e.g. 22h. Also the start could be ater than the end as I want to cover midnight. E.g. active window starts at 4:00 and ends 2:00 so retarts could be triggered between 2:00 and 4:00 Thanx __Leo
Arquivos .tmp sendo criados no servidor
Bom dia. Estou tempo um problema e ja esgotei minhas tentativas de correção. O meu servidor de arquivos esta criando arquivos temporarios conforme a manipulação e criação dos arquivos salvos no servidor. Estes arquivos ficam impossibilitados de serem deletados ate proximo restart do servidor, e em seguida voltam a ser criados novamente. Gostaria de saber se alguem ja presencial um acontecimento deste e se sim, como foi corrigido. Segue a imagem com os arquivos criados. OBS. As pastas do servidor tem sincronismo com o GoogleDriveBLOG: Guidance for Windows Recovery partition (WinRE) patching and why you would need it
This is an extended blog, which continues in comments. Why WinRE partition is controversly discussed on the web? You want to enlarge the C (OS Partition) in a VM and WinRE partition is in the way, the most common advice is to delete the WinRE Partition to resolve this limitation. And this is a bad advice imho. Why keeping the WinRE partition? The WinRE partition enables you for different to access different options including uninstalling Updates *pre-boot* that prevent a system startup. This doesn't happen very often but it can happen. This feature has been added to WinRE starting with Windows Server 2022, and Windows 10 22H2 / Windows 11 22H2, or newer. It is quite unknown, though. Leverage Quick machine recovery, perfectly described by Rudy Ooms in this blog. Direct UEFI setup (BIOS) access, even with fast boot enabled. Use Shift +Restart when in Windows. Device restore or other troubleshooting steps like access to Safe Boot. GPT / UEFI required and recommended anyway for both Windows Server and Client. What's the correct location of WinRE partition? Ideally you only have one WinRE Partition on your OS disk. If you find that your WinRE it is located left of the OS boot drive (C) it has been installed by a bugged release (old ISO). I am sure it was Windows Server 2019 when we noticed that. Aka Windows 10 1809. See below why the certainty. When installing Windows or especially Windows Server always use the lastest ISO for fixes like this or for in-place upgrades. There is no such updated ISO for Windows Server 2016, very unfortunately. They started patching them on a monthly basis with Windows Server 2019. You can access your latest ISOs either via my.visualstudio.com (Dev / Test use only), or admin.microsoft.com for VLSC or CSP production More information can be found in the comment below. Why do I have more than one WinRE partition? This often happened when the existing could not be enlarged during in-place upgrade. Maybe also a bug. Haven't seen this long time. It was common before Windows 10 1809. When installing more than one Windows on one or different physical disks, unfortunately Windows Setup will not use existing WinRE Partitions but create another for each Windows instance. This is known as side-by-side installation or more commonly "Windows OS multi-boot". Each OS instance will create and maintain its own WinRE Partition (by design). Windows OS Multi-boot is a common scenario for users, using designated Windows Installations for specific use cases, like Windows Insiders to test different Insider branches on one physical machine and disk. Speaking for myself I use multi-boot for Windows 11 to seperate gaming from productive work and to evaluate Windows Server Insider. Please mind, each instance requires a seperate license. Why patching Windows RE is important? There is a 2024 CVE that needs to addressed. Please find more information in the comments below on the "How-to".patching the WinRE CVE and remediate the 01-2024 LCU failing. More information on how to actually fix this can be found in this comment below How to relocate the WinRE partition? A WinRE Partition left of C (OS Partition) makes no sense as Windows still may not move partitions to the right or left (while technical possible). Windows can only shrink partitions. But not move them. Mind, that if you change / delete WinRE partitions you need to inform Windows about it via reagentc.exe These tools can be used: Windows Diskpart Settings App > Storage Settings > Advanced Storage Settings > Disks and Volumes Windows 10 22H2 / Windows 11 22H2 / Windows Server 2022 or newer. diskmgr.mmc all legacy OS Windows Key + X > Disk Management Trusted 3rd party tool for Home Use (Windows 10 / 11) or paid for Windows Server use: Minitools Partition Wizard (Free). Available through winget. Formerly recommended Minitools Partition Wizard but they now have a paywall. If you are ok I would still recommend it. Legacy tools like Acronis Partition Wizard is no longer optimized for or SSD / NVMe. Bonus: Use Partitioning tools for Windows Server / expanding WinRE / resize or move OS Drive Create a PAWS VM Client or Server on Azure Local, Azure, Hyper-V, VMware etc. Buy the Tool (aquire a license, required for Windows Server) Install the license on the PAWS Shutdown affected VM Attach affected virtual disk to the PAWS VM, do the resize job Attach modified disks back to the original VM Pro: easy and licensing costs efficient. Cons: Downtime and manual task Hope this is helpful to you. Appreciate your likes, spreading the word.
best /easiest way to grant non-admins permissions to manage windows services remotely
As a part of an automation effort, we want to grant non-admin users the ability to remotely manage certain app services on domain member servers (Windows Server 2022 OS, stop/start/status). I've played around with JEA but was only able to get the get-service command to work, not the stop or start-service. I also played around with group policy, granting FC for the user on the app service, but that didn't seem to do anything at all. I ended up running sc sdset commands on a service, which seemed to work, but that also seems very clunky and not at all easily streamlined, especially if we have several servers to manage that way. Ideally, if the group policy setting would have worked, that'd be a great solution, but I don't know what I'm missing. Has anyone here been able to easily manage granting permissions for non-admin users to manage services or even IIS app pools on remote Windows servers? Most of the time the code used has been powershell, but if there's batch commands that work better, we could use those too. I just don't want to grant local admin permissions just to manage services. Any advice/guidance is greatly appreciated. GinaBPA Errors: DNS can't resolve GC, Kerberos, PDC Resource Record, etc.
Hello, I've been poking around this for hours now and could use another set of eyes. This server has been the PDC for quite some time but I discovered the last people that managed this place, didn't demote the old 2008R2 server (thankfully it still existed virtualized). So I was able to do a graceful demotion of that and removed it from the domain. I'm now trying to resolve some other errors in that come up in the BPA scan... All reference DNS and I just can't figure this out. I've been beating head against the wall trying to understand what's happening, This is MS Server Standard 2022 only 1 DC and DNS. (yeah I know, don't get me started, but it's a really small office)... Would love some suggestions. Thanks!
