lewisroberts.com

By default, when a Windows domain is created, users are granted the right to add up to ten workstations to the domain (in to the Computers container) without requiring any other privileges. Obviously this is a security risk so you should probably do something about it….

This ten computer policy is governed by the ms-DS-MachineAccountQuota attribute on the domain and you can adjust this down to zero by following the steps below:

1. Open ADSI Edit from the Administrative Tools folder.
2. Right-click ADSI Edit and choose Connect To.
3. In the Connection Point section, choose Select A Well Known Naming Context and, from the drop-down list, choose Default Naming Context.
4. Click OK.
5. Expand Default Naming Context.
6. Right-click the dc=[domain],dc=[com] domain folder, for example, and choose Properties.
7. Select ms-DS-MachineAccountQuota and click Edit.
8. Type 0.
9. Click OK.

-Lewis

I took the exam on Wednesday 6th April and have just got the confirmation result through on my transcript so I can post up about it now. Just 70-680 Configuring Windows 7 to go before I’m an MCITP: Enterprise Administrator and I’ve already started reading the book.

Unfortunately I don’t get a pretty logo this time it seems.

One thing I will say is that the prep materials I have used were all a little old and didn’t cover Windows Server 2008 R2 or its new features. I’m glad I hit Technet to brush up because, even though I passed them all first time, all of the previous exams have caught me unaware. All have had questions on R2 and other new technology delivered in R2 but all of my books are based on R1.

Win7 to go!

-Lewis

I’ve been investigating solutions for Layer 7 load balancing today, well, tonight actually, mainly for my own use initially but obviously in my line of work I’m sure the knowledge will come in handy at some point in the future.

The main reason for someone like me to want or need to fiddle with Layer 7 load balancers (despite it being a part of my job as a SysAdmin) is because most ISPs these days provide nothing more than a single dynamic IP address. When (if you’re anything like me) you want to host multiple websites from multiple platforms such as Windows and Linux from that same IP address (and port!), you pretty much need a Layer 7 load balancer to do the job of distinguishing requests and routing them to the correct content server. A simple port forward on your £20 router won’t cut the mustard! So, a DynDNS account, CNAMEs for the websites in question and a Layer 7 load balancer will achieve the desired effect. It sounds like a lot of work really but I am a SysAdmin and I like to tinker. I’ll amaze you with a Visio diagram later… Continue reading →

Another sort of reminder post for me but when you get this error message when trying to RDP to an NLA enabled Windows Server 2008 server or Windows 7 workstation, just follow the steps in the following Microsoft Knowledgebase article.

http://support.microsoft.com/kb/951608/

This enables CredSSP and can be used on Windows XP Professional SP3.

- Lewis

Well, I’ve had my time off (and been a little lazy but with good reason that I’ll explore for you in more detail at some point in the future) so I’m starting to prepare for 70-647, Windows Server Enterprise Administration.

I’ve booked the exam date (no I won’t tell you the date in case the worst happens) with the specific intention of forcing myself to get my backside in gear and get the exam passed. After this one I’ve got the hopefully straightforward task of passing 70-680, Configuring Windows 7 before I’m a fully fledge MCITP: Enterprise Administrator.

After that it’s onward to Exchange 2010. The book is waiting and looking a little too clean.

-Lewis

Hopefully I won’t be Laughlin at my b0rked VM in a short while. I’ve decided to place my hopes and dreams in the capable hands of the Linux community and use

preupgrade-cli "Fedora 14 (Laughlin)"

Fingers crossed it works as expected or it may be a late Thursday night. I’ll be watching Top Gear while it works its magic. See you on the flip side.

-Lewis

UPDATE: Well, I updated, rebooted and…logged back in to Fedora 13. Great job. Worked well. I’ll try again shall I?

UPDATE 2: Looks a little more sensible this time. Gawd knows what happened before. Everything seems fine too. Good work.

http://support.microsoft.com/kb/816042

A little note for myself really but following this also applies to Windows Server 2008 time sources from pool.ntp.org. Don’t forget you will need to open your firewall up to allow the DC to get accurate time!

-Lewis

Actually I passed on 3rd December but I thought I’d get this up on the blog too.

-Lewis