Archive for the ‘Windows Server 2016’ Category

Microsoft Windows Server Remote Desktop Services (RDS) with Citrix Hypervisor (XenServer) – opted for 15 user per VM with a max of 18-20 in case of outage (hardware failure etc.) with specs of 6 vCPUs and 48 GB RAM

Donnerstag, September 23rd, 2021

Microsoft Windows Print Spooler – remote code execution vulnerability

Freitag, Juli 2nd, 2021

   Microsoft Windows Print Spooler – remote code execution vulnerability

Determine if the Print Spooler service is running (run as a Domain Admin)

Run the following as a Domain Admin:

Get-Service -Name Spooler

If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy:

Option 1 – Disable the Print Spooler service

If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

Option 2 – Disable inbound remote printing through Group Policy

You can also configure the settings via Group Policy as follows:

Computer Configuration / Administrative Templates / Printers

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.

Microsoft Windows Server 2008 R2 – how to in-place upgrade to Windows Server 2019

Donnerstag, Juni 17th, 2021

Microsoft Native Image Generator (NGen) – on some machines NGen did use all of the computers memory

Montag, Mai 17th, 2021

  When NGen did go crazy like this Microsoft Support suggested to delete the registry key

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \.NETFramework\v2.0.50727\NGenService\Roots

and its decendants

That fixed the issue but it remained mysterious why this was happening and what exactly did break when you delete the registry key NGen will build up its Ngen root dll cache automatically and inside the registry keys was no obvious garbage data visible and the issue remained mysterious

Microsoft Windows – ein Lösungsweg für den Windows Fehlercode ‚0xc0000005‘

Mittwoch, April 14th, 2021

   Fehlercode ‚0xc0000005‘ – zählt zu den bekannteren Windows Fehlern und er betrifft nicht nur Nutzer von Windows 10 sondern auch Nutzer älterer Versionen wie Windows 8 und Windows 7 plus deren Windows Server Versionen. Mit der Data Execution Prevention (oder „Datenausführungsverhinderung“) hat Windows eine Funktion zum Schutz des Arbeitsspeichers integriert die unfreiwillig für Zugriffsprobleme wie 0xc0000005 verantwortlich sein kann. Einige Programme sind mit diesem Sicherheitsfeature nämlich nicht kompatibel sodass bestimmte Aktionen zwangsläufig zu dem Fehler führen. Die einfachste Lösung besteht in diesem Fall darin den Schutzmechanismus für die jeweilige Anwendung zu deaktivieren

Microsoft Windows Server 2016 – how to install Remote Desktop Services (RDS)

Mittwoch, November 11th, 2020

   Microsoft Windows Server 2016 – how to install Remote Desktop Services (RDS)

Microsoft Windows Server 2008 R2 and above – released a patch for the ZeroLogon vulnerability that needs to be applied to your domain controllers if you haven’t done this already do this asap

Mittwoch, Oktober 21st, 2020

Download the patch here … https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

Microsoft Windows Server 2008 R2 and above – ‚Zerologon‘ unauthenticated domain controller compromise by subverting Netlogon cryptography (CVE-2020-1472)

Montag, September 28th, 2020

ZeroLogon – testing script

Microsoft Windows Server 2019 versus 2016 – which to choose?

Samstag, Dezember 7th, 2019

Microsoft Windows Server 2019 versus 2016 – which to choose?

Connected Devices Platform Service (CDPSvc) – der Dienst für Synchronisationsaufgaben Mail-Abruf, Live-Kacheln, OneDrive-Synchronisierung etc. verantwortlich

Freitag, Dezember 6th, 2019

Microsoft Windows 10 / Microsoft Windows Server 2016 – CDPUserSvc Probleme

Der Befehl weist Windows an den Dienst in einem eigenen Prozess auszuführen

C:\> sc config cdpusersvc type=own

Microsoft Server 2016 Windows Update – kann beschleunigt werden

Samstag, Oktober 19th, 2019

Microsoft Server 2016 Windows Update – langsam kann aber beschleunigt werden

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
„DoNotConnectToWindowsUpdateInternetLocations“=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
„NoAutoUpdate“=dword:00000001
„UseWUServer“=dword:00000001

Microsoft Windows Client / Microsoft Windows Server – how to determine which .NET Framework versions are installed

Freitag, Oktober 11th, 2019

Users can install and run multiple versions of the .NET Framework on their computers. When you develop or deploy your app, you might need to know which .NET Framework versions are installed on the user’s computer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full

Microsoft Windows Server 2008 R2 & 2012 R2 – applications may crash or become unresponsive if another user logs off Remote Desktop session

Montag, Oktober 7th, 2019

To resolve this issue upgrade to Windows Server 2016 the issue is fixed in this version of Windows Server

Microsoft Windows 7/8 & Windows Server W2k8/W2k12/W2k16/W2k19 – CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability Security Vulnerability

Mittwoch, August 14th, 2019

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights

Microsoft Windows Server 2016 & 2019 – Windows Search is disabled by default

Samstag, August 3rd, 2019

Microsoft Windows Server 2016 & 2019 – this is because indexing of the volumes can cause problems in certain scenarios such as with Cluster Shared Volumes (CSV) and in running Remote Desktop Session Host (RDSH) with multiple simultaneous sessions

c:\services.msc