In IIS, there is an option to "Create Domain Certificate." This works great except for one problem. The template that this process uses is the "Web Server" template in the CA which has a key with only 1024 bits. I have duplicated this template and then changed the minimum key length to 2048.
I have an Enterprise CA running on Windows Server 2008 R2.
Is it possible to have all the IIS servers in my domain use the new template when going through the "Create Domain Certificate" wizard?
I would like to grant Read-Access to event logs on all my domain controllers, ideally at a domain level using GPO. I would like members of a group to be able to view the Application Log, the System Log, and several logs in "Application and Services logs" such as "Directory Service" and "File Replication Service." What would be the best strategy of going about this?
Please note that most of my Domain Controllers are 2008 R2
We have implemented an AD Rights Management System in our domain. Occassionally, when I send a protected email to someone in my domain or someone sends one to me, I will be prompted with a dialog box that sys
"Select one of the following user accounts to create or open content with restricticted permission. To use an account not listed below, click Add"
The issue is that there is only one account to choose from and when I select it, I am able to open the document.
We have just recently enabled a rights management "Trusted User Domain" with a partner company. I cannot verify whether or not this problem began after that change, but there it is definitely a strong possibility. I think this might be a bug in office 2010, but cannot find any documenation stating this. Can anyone confirm that this is a known issue?
I have an ADFS Farm and 2 ADFS proxy servers. The proxies are NOT members of the domain. This morning the proxy servers stopped being able to serve up FederationMetaData.xml. The FS servers are working fine.
The proxy server event logs are getting filled with errors of Event ID 364 which says "Encountered error during federation passive request" and the details say" An unsecured or incorrectly secured fault was received from the other party."
I have searched and found articles suggesting that if you see this error, you are likely missing an SPN but since they are not domain joined, SPN's don't come into the picture.
The core issue is I am trying to get the Proxies to serve up Federation Metadata again, but I am wondering if the Errors are related. I have gone through the Federation Proxy Configuration wizard successfully and have rebooted (several times) The one other oddity with this server is that when I do an iisreset, it always times out and says the service did not come back in a timely manner, but when I look, IIS is up and running fine.
Are those errors related or should I look elsewhere. If so, where else can I look?
In IIS 6 on Server 2003, I can go to a web site's properties and walk through the wizard to generate a new cert request. Once I complete the request and have the cert installed on the web site, I can go into the cert store and export the certificate with the private key, setting a password and saving it as a PFX file.
When I go through a similar procedure in IIS 7 on 2008R2, I can generate the CSR and complete the request. However, the cert in the cert store cannot be exported with the private key and saved as a PFX file. Is there some option or step I am missing in the process so that the private key can be exported in IIS 7?
I have crated a VM in Hyper-V using the default path, which is C:\ProgramData\Microsoft\Windows\Hyper-V.
Is it possible to change the location of the VM without destroying it or exporting it and importing it?
I have a virtual appliance OVF File and I am trying to figure out how to use it in VMWare Server. I saw this article that describes using the VMWare Converter tool but when I try to select my OVA file as a source, I get an error that says "The file you selected is not a valid source." Is it possible to use an OVA file directly in VMWare Server? If not, is it possible to convert it into something that is usable in VMWare Server?
I just installed VMWare Server on Windows 2008 R2. This is the the free version of VMWare. Are there any management tools I can download and use (that are free) to manage the VM's or am I stuck with the web interface? Ideally, I'd like to be able to use PowerShell but not sure what all I need or what I would need to pay for.
Thanks,
Andy
I am trying to install and update agents using VMM 2008 R2. My VMM Service account has admin access to the VMM server and the host servers. Logged in as the service account, I can copy files from the VMM server to \hostserver\admin$ all day long.
When I try to install or upgrade an agent, I get an error saying "Agent installation could not access the ADMIN$ share on server FOOBAR"
I also enabled tracing for VMM and the trace logs are showing that the copy to admin$ is failing. However, I can manually access admin$ with the same account that I am using to run the job and with the VMM service account, so I don't think its a permissions/access issue.
Any ideas what else I could do?
I am using the Quest AD Cmdlets to pull information about computer accounts and bitlocker recovery information. I am currently using Get-QadComputer to pull the DN and then I am using Get-QADobject with the -searchRoot parameter to find all the child objects of that computer, which will give me the msFVE-RecoveryInformation child objects. What I am wondering is if I can use Get-QadComputer to do the entire query for me in one shot.
How can I use Get-QadComputer to return only computer objects that have msFVE-RecoveryInformation child objects? I was thinking of an LDAP filter, but I'm not sure how that would work for a child object.
I have a Windows 2008 R2 server running RDS. I have installed and configured RemoteApp to publish applications with RDS Web Access. When I browse to https://servernname.domain.local/RDWeb I can log in and get to the RemoteApp Programs tab, but there are no icons or apps to click on. I have added a bunch of apps in Remote App manager and they are all enabled for RD Web Access. Also, I am an administrator on the server.
I am working on a script that will be used to audit some machines. I can check whether or not volumes are encrypted using the Win32_EncryptableVolume class in root\cimv2\Security\EncryptableVolume. What class can I can query for info on BitLockerToGo ? (Encrypting Removable Drives)
How can you check what BitlockerToGo settings are enforced on a computer?
I have two NIC's that have access to my iSCSI network. I want to specify the initiator IP as well as the Target portal IP and create redundant links and use MPIO.
This is easily done using the Advanced settings in the iSCSI initiator GUI. However, I want to be able to specify the initiator IP using iscsicli.
I am pretty sure the answer is in one of the options for iscsicli persistentlogin where there are 15 "*'s" that represent different options. I am just not sure what * to replace with what.