Download – Windows Security Audit Events Spreadsheet

Title: Windows Security Audit Events Spreadsheet
Published: 12/02/2015
Publisher: Microsoft Corporation 
Version: November 2015
File name: WindowsSecurityAuditEvents.xlsx
Size: 70 KB
Download URL: Click here for download

Pop Quiz:

1) What’s the Event ID for an Account Lockout?

2) What about the Event ID denoting that permissions were changed on an object?

3) Or the Event ID for locking or unlocking a workstation?

Don’t worry, I can’t remember those off the top of my head either. And that usually means sifting through bookmarked links, PDFs or hitting Google to look it up.

Fortunately, Microsoft has an Excel spreadsheet detailing 412 different Event IDs related to Windows Security Audit Events. Those 400+ Event IDs are broken up into the following nine categories:

  • Account Logon
  • Account Management
  • Detailed Tracking
  • DS Access
  • Logon/Logoff
  • Object Access
  • Policy Change
  • Privilege Use
  • System

The spreadsheet also contains a tab with a complete description of the event message. This is a great tool for creating event monitors. Download and enjoy!

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)

Windows Server 2012 and R2 Locks and Limits

The question came up today about using Windows Server Essentials as a RADIUS server. Part of the consideration involves the arbitrary restrictions placed on the OS. Microsoft differentiates the server products with what are affectionately know as “Locks and Limits”.

Most folks in IT are aware of OS limits like the number of users in Windows Server or not being able to RDP into Windows 7 Home Edition. But there are other less-obvious limits like RAM or IAS, RRAS & SMB connection limits.

Fortunately there are two handy spreadsheets that detail the Limits, Roles & Features that are (or are not) available in Windows Server 2012 & R2 Editions.

Windows Server 2012 R2 Locks and Limits

Windows Server 2012 R2 Locks & Limits
File: Windows Server 2012 R2 Products and Editions Comparison.pdf (222 KB)
URL: http://www.microsoft.com/en-us/download/details.aspx?id=41703

  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Standard
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 R2 Foundation
  • Microsoft Hyper-V Server 2012 R2
  • Windows Storage Server 2012 R2 Standard
  • Windows Storage Server 2012 R2 Workgroup

Windows Server 2012 Locks & Limits
File: Windows Server 2012 Products and Editions Comparison.pdf (226 KB)
URL: http://www.microsoft.com/en-us/download/details.aspx?id=38809

  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
  • Windows Server 2012 Essentials
  • Windows Server 2012 Foundation
  • Microsoft Hyper-V Server 2012
  • Windows Storage Server 2012 Standard
  • Windows Storage Server 2012 Workgroup
  • Windows MultiPoint Server 2012 Premium
  • Windows MultiPoint Server 2012 Standard

Currently, there is no word yet on Windows Server 2016 since it’s still in Technical Preview at this time. However, once the licensing folks figure out how to squeeze every penny out of Server 2016 (I’m very interested to see what they do with Nano Edition) there should be an updated spreadsheet released.

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)

Stupid Windows Tricks – Graph Summary View

You ever see an option in Windows that you never click? No?

(Well, maybe it’s just me then…)

Anyway, today I stumbled across the “Graph Summary View” in Server 2012 R2 that I’ve never clicked on before.

image

This feature leaves you a little floating window with either CPU, Memory or Ethernet usage:

CPU

CPU usage - Graph Summary View

Memory

Memory - Graph Summary View

Ethernet

Ethernet - Graph Summary View

This is pretty helpful for tracking resource usage when you’re remoted into a server with low screen resolution.

Once you’re in summary view you can flip between different resources:

Changing views - Graph Summary View

To go back to ‘normal’ mode just right-click and unselect Graph Summary View.

RESOURCE MONITOR

You can also manually shrink Resource Monitor to keep an eye on the server:

image

I’ll be on the lookout for other stuff I’ve never clicked on. Winking smile

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)

Remote Desktop Connection Tips

OK, so I’m probably the last person on the planet to learn of this feature, but on the left side of Remote Desktop Connection (MSTSC.exe) there’s a drop-down that exposes features for Windows 8, 8.1, Server 2012 and Server 2012 R2.

Drop-down for Windows 8 in latest RDP client

This is helpful when you’re on a Win8.x or 2012/R2 machine, RDPed into another machine and you’re not sure if (when you mouse up to the top-right or bottom-right) if you’re popping up the charms menu for your machine or the remote machine.

Also, speaking of Remote Desktop, there are 2 pieces to the puzzle:

  • Remote Desktop Protocol (RDP) – server
  • Remote Desktop Connection (RDC) – client

Below are the current versions and key features.

RDP 8.0 update (10/23/2012)
Windows 7 and Server 2008 R2
http://support.microsoft.com/kb/2592687 

  • RemoteFX for WAN
  • RemoteFX Network Auto Detect
  • RemoteFX Adaptive Graphics
  • RemoteFX Media Streaming
  • RemoteFX USB Redirection for non-RemoteFX vGPU virtual desktops
  • Support for nested sessions
  • Performance counters for monitoring user experience

RDC 8.1 update (2/10/2014)
Windows 7 and Server 2008 R2
http://support.microsoft.com/KB/2830477

  • Full support of transparent windows
  • Moves and resizes of RemoteApp windows
  • Thumbnails, aero peek, and live taskbar
  • Dynamic monitor and resolution changes
  • Support for session shadowing
VN:F [1.9.20_1166]
Rating: 9.5/10 (2 votes cast)

Training – Server 2012 R2 Essentials Now on MVA

Server 2012 R2 Essentials is finally getting some love from the Microsoft Virtual Academy!

Behold: 4.5 hours of Essentials 2012 R2 goodness!
Smile
Instructor: David Fabritius – Microsoft Product Marketing Manager

Description: ​Join Microsoft Product Marketing Manager David Fabritius​ as he takes you through Windows Server 2012 R2 Essentials and the new Windows Server Essentials Experience role available on the Standard and Datacenter editions of Windows Server 2012 R2.

MVA - Windows Server 2012 R2 Essentials

URL: http://www.microsoftvirtualacademy.com/training-courses/windows-server-2012-r2-essentials

Contents:

  1. Overview (36 minutes)
  2. Deployment Options and Licensing (36 minutes)
  3. Installation, Migration, and Getting Started (48 minutes)
  4. Server Management and Monitoring (46 minutes)
  5. Cloud Integration and Add-Ins (40 minutes)
  6. User and Computer Management (32 minutes)
  7. User Experience (33 minutes)

BONUS: There is also a TechNet Virtual Lab for Windows Server 2012 R2 Essentials http://go.microsoft.com/?linkid=9836955

Source: Small Business Server Blog

VN:F [1.9.20_1166]
Rating: 9.8/10 (4 votes cast)

Windows Storage Spaces 2012 R2 Resources

Tonight (Wed 12/18/2013) I had the privilege of giving my talk on
Performance Benchmarking in Storage Spaces 2012 R2” for the
Cincinnati Networking Professionals Association (CiNPA).

For those who attended, and those interested in Storage Spaces, here are the resource links mentioned during the presentation:

Video – Storage Spaces: What’s New in Windows Server 2012 R2
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B218
Video - Storage Spaces: What’s New in Windows Server 2012 R2

Blog – Step-By-Step: Deploy Hyper-V on SMB 3.0
http://blogs.technet.com/b/canitpro/archive/2013/12/18/step-by-step-deploy-hyper-v-on-smb-3-0.aspx
Blog - Step-By-Step: Deploy Hyper-V on SMB 3.0

Download – Iometer
http://iometer.org/doc/downloads.html
Iometer

eBay – Dell PowerEdge C1100 (2 proc, quad core, 24 GB, 1U) for $335
http://www.ebay.com/itm/Dell-Poweredge-C1100-1U-2X-XEON-QC-L5520-2-26GHZ-NO-HDD-24GB-DDR3-Tested-/261199263261
Dell PowerEdge C1100

Blog – Step-by-step for Storage Spaces Tiering in Server 2012 R2
http://blogs.technet.com/b/josebda/archive/2013/08/28/step-by-step-for-storage-spaces-tiering-in-windows-server-2012-r2.aspx
Blog – Step-by-step for Storage Spaces Tiering in Server 2012 R2

Training – Free MVA Networking Fundamentals course
http://www.microsoftvirtualacademy.com/training-courses/networking-fundamentals
Training – Free MVA Networking Fundamentals course

Training – Free MVA Windows Server 2012: Storage
http://www.microsoftvirtualacademy.com/training-courses/windows-server-2012-storage
Training – Free MVA Windows Server 2012: Storage

Training – Free MVA Windows Server 2012 R2 Storage Jump Start: New Choices
http://www.microsoftvirtualacademy.com/training-courses/windows-server2012-r2-storage-jump-start-new-choices
Training – Free MVA Windows Server 2012 R2 Storage Jump Start: New Choices

Video – Using Microsoft Visio 2013 for Network Documentation (Parts 1-3)

  1. http://www.youtube.com/watch?v=GHNEDoncMGU
  2. http://www.youtube.com/watch?v=XVGtlkcR71I
  3. http://www.youtube.com/watch?v=I-odeJEtQ-U

Misc – My Pinterest #Bacon Collection
http://www.pinterest.com/timbarrett/insane-bacon-stuff/
Bacon

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Crazy Screen Shots – Big Files

Today I created the single largest file of my life, 14.6 Terabytes, thanks to Storage Spaces in Windows Server 2012 R2:

14.6 TB file in Windows Server 2012 R2 with Storage Spaces

This file was created on a 1U Dell C1100 server with NO external storage.

  • 4 each Western Digital Red WD40EFRX 4TB IntelliPower 64MB Cache SATA 6.0Gb/s 3.5" NAS Internal Hard Drive
  • 1 each Kingston SSDNow V300 Series SV300S37A/120G 2.5" 120GB SATA III Internal Solid State Drive

Because I can.

VN:F [1.9.20_1166]
Rating: 0.0/10 (0 votes cast)

Training – Windows Server 2012 R2 Storage Jump Start

I have been VERY impressed with the Microsoft Jump Start courses! It’s great to hear that they have another one coming later this month – perfect timing before General Availability (GA) hits for Windows Server 2012 R2.

Microsoft Virtual AcademyTopic: Windows Server 2012 R2 Storage Jump Start:
New Choices

Date: Tuesday September 24, 2013
Time: 12:00 PM – 8:00 PM Eastern (9-5 PDT)
Venue: Online – Microsoft Virtual Academy
Cost: FREE

JumpStartDescription: IT leaders struggle with the costs and complications associated with data growth and are looking for new solutions and tools to help them scale and keep costs down. Come to this Jump Start to find out how the new tools in the R2 release of Windows Server 2012 can help you move workloads to less costly and more robust and scalable storage solutions. Learn more about Automated Tiering, Data Deduplication, Scale-Out File Server, shared VHDX files and Hyper-V live migration over the Server Message Block (SMB) protocol (SMB Direct and SMB Multichannel).

Prerequisites: Having a solid understanding of Windows Server 2012 storage concepts. Preview Windows Server 2012: Storage and What’s New in Windows Server 2012 R2 Jump Start.

Registration: Registration for this event IS required.
Register today!

http://www.microsoftvirtualacademy.com/liveevents/windows-server2012-r2-storage-jump-start-new-choices

VN:F [1.9.20_1166]
Rating: 10.0/10 (1 vote cast)

Updated List of OS Version Queries for WMI Filters

Group PolicyMore likely than not, if you’re using Group Policy to push out software installation or registry entries to client machines or servers on the domain, the policy may be different depending on the OS version or architecture.

Examples, Group Policy Objects may need to be filtered by:

  • Desktop / Server
  • Domain Controller / Non-Domain Controller
  • 32-bit / 64-bit

If you haven’t used WMI filters before, they show up in Group Policy Management at the bottom, between Group Policy Objects and Starter GPOs.

Common OS WMI Filters

The WMI filters use a query to scope down the application of the Group Policy Object applicability. Here’s what a typical WMI OS filter looks like:

WMI filter

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

WMI Win32_OperatingSystem ProductType Tips:

ProductType 1 = Desktop OS

ProductType 2 = Server OS – Domain Controller

ProductType 3 = Server OS – Not a Domain Controller

WMI Win32_OperatingSystem Version Number Tips:

5.1 – Windows XP

5.2 – Windows Server 2003

5.2.3 – Windows Server 2003 R2

6.0 – Windows Vista & Windows Server 2008

6.1 – Windows 7 & Windows Server 2008 R2

6.2 – Windows 8 & Windows Server 2012

6.3 – Windows 8.1 & Windows Server 2012 R2

To create your own WMI filters, here is an updated list of WMI filter queries from Window XP – Windows 8.1 and from Server 2003 to Server 2012 R2.

IMPORTANT DISCLAIMER:
Always test your Group Policies and WMI filters before deploying.

DESKTOPS

ANY WINDOWS DESKTOP OS

  • Any Windows Desktop OS – Version 1
    select * from Win32_OperatingSystem WHERE ProductType = "1"
  • Any Windows Desktop OS – Version 2 (better for Win7 sometimes)
    select * from Win32_OperatingSystem WHERE (ProductType <> "2") AND (ProductType <> "3")
  • Any Windows Desktop OS – 32-bit
    select * from Win32_OperatingSystem WHERE ProductType = "1" AND NOT OSArchitecture = "64-bit"
  • Any Windows Desktop OS – 64-bit
    select * from Win32_OperatingSystem WHERE ProductType = "1" AND OSArchitecture = "64-bit"

WINDOWS XP

  • Windows XP
    select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1"
  • Windows XP – 32-bit
    select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1" AND NOT OSArchitecture = "64-bit"
  • Windows XP – 64-bit
    select * from Win32_OperatingSystem WHERE (Version like "5.1%" or Version like "5.2%") AND ProductType="1" AND OSArchitecture = "64-bit"

WINDOWS VISTA

  • Windows Vista
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1"
  • Windows Vista – 32-bit
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
  • Windows Vista – 64-bit
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="1" AND OSArchitecture = "64-bit"

WINDOWS 7

  • Windows 7
    select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1"
  • Windows 7 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
  • Windows 7 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

WINDOWS 8

  • Windows 8
    select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1"
  • Windows 8 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
  • Windows 8 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="1" AND OSArchitecture = "64-bit"

WINDOWS 8.1

  • Windows 8.1
    select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1"
  • Windows 8.1 – 32-bit
    select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"
  • Windows 8.1 – 64-bit
    select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="1" AND OSArchitecture = "64-bit"

 

SERVERS

ANY WINDOWS SERVER OS

  • Any Windows Server OS
    select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3")
  • Any Windows Server OS – 32-bit
    select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND NOT OSArchitecture = "64-bit"
  • Any Windows Server OS – 64-bit
    select * from Win32_OperatingSystem where (ProductType = "2") OR (ProductType = "3") AND OSArchitecture = "64-bit"
  • Any Windows Server – Domain Controller
    select * from Win32_OperatingSystem where (ProductType = "2")
  • Any Windows Server – Domain Controller – 32-bit
    select * from Win32_OperatingSystem where (ProductType = "2") AND NOT OSArchitecture = "64-bit"
  • Any Windows Server – Domain Controller – 64-bit
    select * from Win32_OperatingSystem where (ProductType = "2") AND OSArchitecture = "64-bit"
  • Any Windows Server – Non-Domain Controller
    select * from Win32_OperatingSystem where (ProductType = "3")
  • Any Windows Server – Non- Domain Controller – 32-bit
    select * from Win32_OperatingSystem where (ProductType = "3") AND NOT OSArchitecture = "64-bit"
  • Any Windows Server – Non-Domain Controller – 64-bit
    select * from Win32_OperatingSystem where (ProductType = "3") AND OSArchitecture = "64-bit"

WINDOWS SERVER 2003

  • Windows Server 2003 – DC
    select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2"
  • Windows Server 2003 – non-DC
    select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3"
  • Windows Server 2003 – 32-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
  • Windows Server 2003 – 32-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
  • Windows Server 2003 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="2" AND OSArchitecture = "64-bit"
  • Windows Server 2003 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "5.2%" AND ProductType="3" AND OSArchitecture = "64-bit"

WINDOWS SERVER 2003 R2

  • Windows Server 2003 R2 – DC
    select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2"
  • Windows Server 2003 R2 – non-DC
    select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3"
  • Windows Server 2003 R2 – 32-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
  • Windows Server 2003 R2 – 32-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
  • Windows Server 2003 R2 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="2" AND OSArchitecture = "64-bit"
  • Windows Server 2003 R2 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "5.2.3%" AND ProductType="3" AND OSArchitecture = "64-bit"

WINDOWS SERVER 2008

  • Windows Server 2008DC
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2"
  • Windows Server 2008 – non-DC
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3"
  • Windows Server 2008 – 32-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND NOT OSArchitecture = "64-bit"
  • Windows Server 2008 – 32-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND NOT OSArchitecture = "64-bit"
  • Windows Server 2008 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="2" AND OSArchitecture = "64-bit"
  • Windows Server 2008 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "6.0%" AND ProductType="3" AND OSArchitecture = "64-bit"

WINDOWS SERVER 2008 R2

  • Windows Server 2008 R2 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="2"
  • Windows Server 2008 R2 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="3"

WINDOWS SERVER 2012

  • Windows Server 2012 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="2"
  • Windows Server 2012 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "6.2%" AND ProductType="3"

WINDOWS SERVER 2012 R2

  • Windows Server 2012 R2 – 64-bit – DC
    select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="2"
  • Windows Server 2012 R2 – 64-bit – non-DC
    select * from Win32_OperatingSystem WHERE Version like "6.3%" AND ProductType="3"
VN:F [1.9.20_1166]
Rating: 9.8/10 (76 votes cast)