Skip to main content

Posts

Showing posts with the label Active Directory

Symantec endpoint protection deployment fails

Deploying Symantec Endpoint Protection or SEP 14 on remote computers will fail if Firewall or services on remote computer is not properly set.

Deploying SEP version 14 to computers running Windows 8.1 will not install successfully.

If ICMPV4 is not allowed on the firewall will also cause fail deployment.

Even though ICMPV4 is enabled and allowed on the firewall and the deployment still fails.

If unable to deploy SEP 14 to remote computers running Windows 8.1, either do manual installation, send a link to user and ask them to install if user has a local admin password.

Of course, if trying to install to multiple computers remote deployment is the best way to do.

It's efficient, faster and user productivity is not disturbed.

One solution for this issue, is to enable "remoteregistry" service on the remote computers.

To enable "remoteregistry" on remote computers, open an elevated command prompt and enter the domain credentials.

Type:
C:\>sc \\James_PC_001 confi…

How to insert landscape orientation in Word?

If you are writing a thesis, a report or an article that you need to insert a landscape layout in a specific page in Word document but your orientation all long is portrait and changing the orientation causes the whole layout to change.
Inserting landscape in a specific page in a word document can be done by inserting section breaks. Let’s just make a basic example.
Let’s say you have 3 page document and you want that first page in Portrait mode, second page in landscape and third page in portrait layout also.
First, click on “home” tab, click the “show/hide paragraph marks” option or see the icon below. Enabling this option the section breaks, spaces and tabs will be visible. But what we are interested is to see the “section breaks”.


In the first page position the cursor on the last area at the bottom of the page.
In Word 2010, click on “page layout” in the ribbon tab. Click on “breaks” and select “next page”. In the second page, position also the cursor at the middle or bottom of t…

Windows 7 black screen after windows logo

Windows 7 just show a black screen, after showing the windows logo on startup.
On Windows startup with the black screen, try pressing caps lock key. If caps lock key respond normally, then there’s a chance that windows boot up properly. Press the power button for 3 seconds and release it.
If windows shutdown properly, turn on the computer again. This time, try pressing F8 to go to safe mode.
In safe mode, open device manager. Open windows explorer, right click on “This Computer” or “My Computer” and select properties, this will open device manager.  Or alternatively, go to control panel and select device manager.
In Device Manager, select the Display Adapter, right click on it and click properties. From the properties, uninstall the driver. Don’t worry windows will install its standard or default display driver.
Restart or shutdown the computer, if the problem is just the corrupted display driver then startup should be working  fine and the black screen issue is not present anymore.

Folder redirection very slow

Folder redirection is good and bad, well if everything is working as expected then it's definitely good and sometimes it's bad if it causes some unexpected issues such as very slow login.
So you have a folder redirection working  smoothly over the years, users can always change their password whenever they want it and of course, System Administrator can also change user password anytime whenever they want it or whenever they just felt like changing it (just kidding), or when situations demand it.
If folder redirection suddenly becomes problematic or causes some issue such as slow login, one issue could be that the user changes the password or the Sys Ad change the user password.
One issue I encountered if the folder redirection suddenly becomes slow, if the client or the user has a mapped drive that is set manually and set to persistent, persistent mapped drives uses the Vault Credential Manager to store the password.
If the password is not updated in the vault credential man…

Active Directory GPO apply to forest

How to apply GPO to whole forest?

1. Open GPMC (Group Policy Management Console) and create a GPO for a single domain.

2. Link the GPO to other domains in the forest.
   Right click each domain and select "Link an Existing GPO Here" then select the GPO that will be applied to all domains in the forest.

3. If everything works fine, then you're a lucky man.


Before rolling out a GPO create a test Organizational Unit and create Active Directory user accounts for test purposes.

Then apply the GPO to the OU.

If it works properly then there's a good chance that it will work smoothly to all users but it's not a guarantee that it will work correctly to all users.

If the GPO is critically needed to be applied to all users and testing works okay, roll out the GPO and troubleshoot issues that may occur.

If no problem arises, then drink a cup of coffee and consider yourself "lucky".

If the GPO is not yet tested and you are not sure whether it will havoc the Active Directory …

Check setting for local group policies

Local group policies define policies for a particular windows system; Set restriction policies, such as limiting number of connection for a remote desktop and other numerous settings that can be set by the system administrator.
The local group policy has a lot of settings to configure and is quite tough to remember those settings unless you have an extraordinary super memory.
Keeping track of the changes in local group policy is important for troubleshooting purposes or if there are some issues that will arise due to policy change.
A proper documentation such as screenshots or other methods is necessary to ease the pain of why and how the problem started.
Windows provided an RSOP tool  to view the list of enabled configuration in group policy settings.
RSOP.msc (resultant set of policy) shows which policy is enabled on the system. So the System Admin can just set and forget which of course not a good practice. But if need to reconfigure but don't know which settings; then run the …

Force replication of Sysvol contents

In Active Directory domain, in Windows world sysvol folder needs to be consistent all through the domain. If the sysvol is inconsistent a lot of problems will happen. So for a smooth domain operation with less grumpy users "sysvol" folder has to be the same in all DC's.