Download – Group Policy Settings Reference

gpo1Title: Group Policy Settings Reference for Windows and Windows Server
Published: 01/03/2017
Publisher: Microsoft Corporation 
Version: October 2016
File name: Windows10andWindowsServer2016PolicySettings.xlsx
File size: 0.7 MB
Download URL: Click here for download

DESCRIPTION

These spreadsheets list the policy settings for computer and user configurations that are included in the Administrative template files delivered with the Windows operating systems specified. You can configure these policy settings when you edit Group Policy Objects.

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)

Tools of the Trade – #03 WinDirStat

Title: #03 WinDirStat
Published: 10/20/2014
Publisher: Open Source
Version: 1.1.2
File size: 0.6 MB
Frequency of use: WEEKLY
Cost: Free but donations are accepted
(PayPal)

Works with PortableApps: Yes
Website: https://windirstat.info
Download URL: Click here to download

DESCRIPTION

WinDirStat (Windows Directory Statistics) is a disk usage statistics viewer and cleanup tool for Windows. On start up, WinDirStat reads the whole directory tree once and then presents it in three useful views:

  • The directory list, which resembles the tree view of the Windows Explorer but is sorted by file/subtree size.
  • The treemap, which shows the whole contents of the directory tree straight away.
  • The extension list, which serves as a legend and shows statistics about the file types.

MY 2 CENTS

WinDirStat can be pretty slow sometimes, but it’s great for finding out why your hard drive is full. I especially like using WinDirStat to delete contents in the Windows Recycle Bin or desktops of other user accounts on a server or PC (like when another admin downloads ISO files to the desktop).

VN:F [1.9.20_1166]
Rating: 10.0/10 (2 votes cast)

Download – Office 2016 Deployment Tool

Title: Office 2016 Deployment Tool
Published: 07/20/2016
Publisher: Microsoft Corporation
Version: 2016
Files name: officedeploymenttool_7213-5776.exe
File size: 2.1 MB
Download URL: Click here for download

DESCRIPTION

The Office 2016 Deployment Tool allows the administrator to customize and manage Office 2016 Click-to-Run deployments. This tool will help administrators to manage installations sources, product/language combinations, and deployment configuration options for Office Click-to-Run.

ADMINISTRATOR TASKS

  • Download an Office installation source to a network share location (use MS Office for Australians, if necessary)
  • Configure an installation to use a network share as the installation source instead of the Internet
  • Configure an installation to suppress all UI
  • Configure whether Office will automatically update or not
  • Configure which products and languages to install
  • Remove Office Click-to-Run products
VN:F [1.9.20_1166]
Rating: 8.4/10 (5 votes cast)

Download – Windows Security Audit Events Spreadsheet

Title: Windows Security Audit Events Spreadsheet
Published: 12/02/2015
Publisher: Microsoft Corporation 
Version: November 2015
File name: WindowsSecurityAuditEvents.xlsx
Size: 70 KB
Download URL: Click here for download

Pop Quiz:

1) What’s the Event ID for an Account Lockout?

2) What about the Event ID denoting that permissions were changed on an object?

3) Or the Event ID for locking or unlocking a workstation?

Don’t worry, I can’t remember those off the top of my head either. And that usually means sifting through bookmarked links, PDFs or hitting Google to look it up.

Fortunately, Microsoft has an Excel spreadsheet detailing 412 different Event IDs related to Windows Security Audit Events. Those 400+ Event IDs are broken up into the following nine categories:

  • Account Logon
  • Account Management
  • Detailed Tracking
  • DS Access
  • Logon/Logoff
  • Object Access
  • Policy Change
  • Privilege Use
  • System

The spreadsheet also contains a tab with a complete description of the event message. This is a great tool for creating event monitors. Download and enjoy!

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)

Whitepaper – Test Lab Guide – Demonstrate IPv6

Whitepaper - Test Lab Guide - Demonstrate IPv6Title: Test Lab Guide: Demonstrate IPv6
File name: TLG_Demonstrate_IPv6.doc
Date Published: 02/17/2012
Language: English
File size: 280 KB
Pages: 24
Version: 1.1
Download: http://www.microsoft.com/download/en/details.aspx?id=10564

Create a test lab to demonstrate IPv6 connectivity with a simulated multi-subnet intranet and IPv4 Internet.

Description:

Internet Protocol version 6 (IPv6) is designed to solve many of the problems of the current version of IP (known as IPv4) such as address depletion, autoconfiguration, extensibility, and restoration of end-to-end connectivity. Its use will also expand the capabilities of the Internet and enable a variety of valuable and exciting scenarios, including peer-to-peer and mobile applications. This paper contains an introduction to IPv6 and step-by-step instructions for extending the Base Configuration test lab to demonstrate IPv6 functionality and connectivity in Windows 7 and Windows Server 2008 R2.

Test Lab Overview

In this test lab, IPv6 connectivity is deployed with:

  • One computer running Windows Server 2008 R2 Enterprise Edition named DC1 that is configured as an intranet domain controller, Domain Name System (DNS) server, DHCP server, enterprise root certification authority (CA), and an IPv6 router.
  • One intranet member server running Windows Server 2008 R2 Enterprise Edition named EDGE1 that is configured as a 6to4 relay.
  • One intranet member server running Windows Server 2008 R2 Enterprise Edition named APP1 that is configured as a general application server.
  • One standalone server running Windows Server 2008 R2 Enterprise Edition named INET1 that is configured as an Internet DHCP server, DNS server, and Web server.
  • One roaming member client computer running Windows 7 Enterprise or Ultimate named CLIENT1.

Test Lab Subnets

The IPv6 test lab consists of three subnets that simulate the following:

  • The Internet (131.107.0.0/24).
  • An intranet subnet named Corpnet (10.0.0.0/24), separated from the Internet by EDGE1.
  • An additional intranet subnet named Corpnet2 (10.0.2.0/24), separated from the Corpnet subnet by DC1.

Computers on each subnet connect using a hub or switch.

image

This test lab guide demonstrates the following:

  • The default behavior of IPv6 and connectivity on an IPv4-only intranet
  • IPv6-based intranet connectivity using the Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
  • IPv6-based intranet connectivity using native IPv6 addressing
  • IPv6 connectivity across a simulated IPv4-only Internet using 6to4

Hardware and Software Requirements

The following are required components of the test lab:

  • The product disc or files for Windows Server 2008 R2.
  • The product disc or files for Windows 7.
  • Four computers that meet the minimum hardware requirements for Windows Server 2008 R2 Enterprise Edition. Two of these computers have two network adapters installed.
  • One computer that meets the minimum hardware requirements for Windows 7 Enterprise or Ultimate.
VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

You’re Terminated

Get to da choppa! One of the not-so-fun jobs as an IT Pro is handling the issue of employee turnover at client sites. It’s one of those facts of life. Whether the employee exit is friendly and planned or angst-ridden and a bombshell, there are a lot of things that have to be done. And, as with most things in life, having a checklist helps make sure nothing is missed.

As an outsourced IT provider you should have a standard operating procedure to help your client get through this process as quickly and easily as possible. Below is a sample “Employee Termination Checklist” you can use. The top half contains things the company personnel need to handle, and the bottom half are responsibilities that fall under the IT Department (probably you).

Click link below to download the Employee Termination Checklist

File name: Employee_Termination_Checklist.doc (28 KB)

Depending on the size of the client, there are things you may need to add or remove, but this document should be a good starting point. If there’s something that you feel is blatantly missing, please feel free to add it to the comments below.

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)

Rename a VPN Connection in Windows 7

This question comes up a lot, so it’s worth documenting:

Question: How do I rename a VPN connection in Windows 7? There’s no option to rename it in the Network and Sharing Center or on the taskbar.

It’s true that there’s no way to rename a VPN connection on the Network and Sharing center main screen:

Network and Sharing Center

…and if you click the icon in the System Tray and then try to right-click the VPN connection, there’s no rename option under properties either:

Network Connections in System Tray

But the rename VPN option is nearby, tucked away under “Changer Adapter Settings” on the Network and Sharing Center:

Click Change Adapter Settings

Here you will see the familiar wired and wireless NICs and VPN connections listed, since there are different types of VPN services you can get online using a torguard coupon to get the best deals for this. Just right-click the VPN connection here and then click Rename.

Right-click the VPN connection, then click Rename

It’s just one of those easily overlooked or forgotten things.

Disclaimer: Matt isn’t really a poo-poo-head, he actually rocks.

VN:F [1.9.20_1166]
Rating: 8.1/10 (22 votes cast)

SBS Ports

Just because a port is open in RRAS or ISA (circa SBS 2003) doesn’t mean that it isn’t being blocked elsewhere, like at the ISP or because port forwarding isn’t setup properly in your firewall. Sometimes you need an outside view of the external ports on your internet connection.

DISCLAIMER – Only open the ports you absolutely MUST have. Example, if you’re not running the POP3 connector or FTP, don’t open those ports! If you’re not sure about a port, check the Port/IP Lookup on Sans.org or ask someone who knows!

To check all of the commonly used SBS ports at once:

  1. Go to www.grc.com/default.htm
  2. Scroll down & click ShieldsUP!
  3. Click Proceed
  4. In the center box on that page, paste this string:
    21, 25, 80, 110, 123, 143, 220, 443, 444, 500, 987, 1701, 1723, 3389, 4125, 4500
  5. Click User Specified Custom Port Probe

image

This scan will come back with a list of ports you entered and show the status.

Sample scan of commonly used ports in an SBS environment. 

Below is a handy chart that I stole from Susan and Windows IT Pro and updated a couple of times over the years.

Common Ports for Small Business Server (SBS)

TCP Port

Service

Description

21

FTP

Enables external and internal file transfer

25**

SMTP – Exchange

Enables incoming and outgoing Simple Mail Transfer Protocol (SMTP) mail for your Exchange Server

80

HTTP – IIS

Enables all nonsecure browser access, including: internal access to IIS Webs including the company Web, Windows SharePoint Web, Windows SharePoint administration Web, and server monitoring and usage reports Enables internal access to Exchange by OWA and OMA clients (SBS 2003)

110

POP3

Enables Exchange to accept incoming Post Office Protocol (POP3) mail

123
(UDP port)

NTP

Enables the system to synchronize time with an external Network Time Protocol (NTP) server

143

IMAP4

Enables Exchange to accept incoming Internet Message Access Protocol v4 IMAP4-compliant messages

220

IMAP3

Enables Exchange to accept incoming Interactive Mail Access Protocol v3 IMAP3-compliant messages

443**

HTTPS – OWA, OMA, Outlook Anywhere, & RWW
(SBS 2008)

Enables all secure browser access, including external access to Exchange for Outlook 2003/2007, OMA and OWA; required for external access to server monitoring, usage reports and RWW (SBS 2008). OMA has been deprecated from SBS 2008. See SBS 2008 RWW video here.

444

WSS (SBS 2003)

Enables internal and external access to Windows SharePoint Services (WSS) Companyweb (SBS 2003)

500

IPSec

Enables external VPN connections by using IPSec

987**

WSS (SBS 2008)

This Secure Hypertext Transfer Protocol (HTTPS) port makes Windows SharePoint Services (WSS) Companyweb site viewable through Remote Web Workplace (SBS 2008). See SBS 2008 RWW video here.

1701

L2TP clients

Enables external L2TP VPN connections

1723

VPN – PPTP clients

Enables external PPTP VPN connections

3389***

RDP – Terminal Services

Enables internal and external Terminal Services client connections (see Note below)

4125 (Note: you can change this port in RRAS)

Remote Web Workplace
(SBS 2003)

Enables external OWA access to Exchange, plus internal and external HTTPS access to the client Web site (SBS 2003)

4500

IPSec

Internet Key Exchange (IKE) Network Address Translation (NAT) traversal

 

**Note: The ports listed above in bold are required by SBS 2008, per Microsoft TechNet article “Managing Windows Small Business Server 2008 Remote Web Workplace”, including port 3389, but see article below.

***Question: Should I open port 3389 for remote administration or remote desktop connections?
Answer from Microsoft: “You no longer need to open port 3389. Windows Small Business Server 2008 uses Terminal Services Gateway to redirect traffic from port 443 to a selected desktop or server for RDP connections. You would need to use RWW or configure the Terminal Services client to use TS Gateway.”
Source: http://technet.microsoft.com/en-us/sbs/cc817589.aspx

There’s also a post on the Official SBS Blog that talks about an IPSec issue back in 2008 that affected ports 1645-1646, 1701, 1812-1813, 2883 & 4500.

I’ll try to keep this form updated as time goes on and will keep a permanent copy at http://www.nogeekleftbehind.com/sbs-ports/.

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Download – Remote Server Admin Tools for Windows 7

Windows 7 logoRemote Server Administration Tools for Windows 7 enables IT administrators to manage roles & features that are installed on computers that are running Windows Server 2008, 2008  R2, or 2003, from a remote computer that is running Windows 7.

Title: Remote Server Administration Tools for Windows 7
Date Published: 08/11/2009
Download size:
– x64 version 222.1 MB
– x84 version 215.1 MB
File type: MSU
System Requirements: Windows 7 (Professional, Ultimate or Enterprise),
Windows Server 2003, 2008 or 2008 R2 
Download URL: Click here

Overview:

Remote Server Administration Tools for Windows 7 enables IT administrators to manage roles and features that are installed on remote computers that are running Windows Server 2008 R2 (and, for some roles and features, Windows Server 2008 or Windows Server 2003) from a remote computer that is running Windows 7. It includes support for remote management of computers that are running either the Server Core or full installation options of Windows Server 2008 R2, and for some roles and features, Windows Server 2008. Some roles and features on Windows Server 2003 can be managed remotely by using Remote Server Administration Tools for Windows 7, although the Server Core installation option is not available with the Windows Server 2003 operating system.

This feature is comparable in functionality to the Windows Server 2003 Administrative Tools Pack and Remote Server Administration Tools for Windows Vista with Service Pack 1 (SP1).

Source: Scott Hanselman (@shanselman on Twitter)

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)