In IIS 7.5, which is installed on Windows 2008 R2 servers, only SSL 3.0 and TLS 1.0 are enabled for HTTPS encryption by default. To enable TLS 1.1 and TLS 1.2 and disable the insecure SSL 3.0 protocol, add the following keys to the Registry of the server:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS Read more [...]
The Microsoft Windows Malicious Software Removal Tool (MRT) is downloaded and run with the monthly Windows Update cycle on many Windows versions (e.g. Windows 7, 8.1, 10, Windows Server 2012 R2 and others). It always uses the same KB/Patch number:
KB890830
You can disable this in Windows Update by hiding the update, but it will be re-offered next month. To permanantly disable the offering via Windows Update, change this registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontOfferThroughWUAU"=dword:00000001
It's Read more [...]
It can happen that you lose all passwords or that you delete the users in a DB, so you have no access or limited access to the database instance.
There are many articles on the Internet that talk about SQL password crackers or other strange methods (some cost you money) to sort this out, but there is a much better and simpler method.
For this to work, you need access to the server console (for example via RDP). The trick is to activate and reset the password for the sa account, then login with Read more [...]
While it is not recommended (mostly due to security reasons), SQL can be run on a Domain Controller. But the following 2 points have to be considered:
The order is important: SQL can be installed on a DC. But a SQL server cannot be made a DC. So: DC first, then SQL
You cannot use the following 3 accounts for the SQL service:
Local Service, Network Service, MSSQL$SQLEXPRESS
Although I used these guidelines, it did not work for me. Near the end of the install, when the SQL service is started Read more [...]
As I have already written here, Microsoft released a lot of unwanted updates for Windows 7 SP1 and Windows 8.1 recently to promote the update to Windows 10.
Now they want to get more data out of your system. By releasing a couple of "Telemetry" updates, they hope to get the same data from you as they get with Windows 10. In addition, these updates slow down your machine and use disk space. Here is the list you need to uninstall
KB3022345
KB3068708 - Replaces KB3022345
KB3075249
KB3080149
To Read more [...]
On Windows 7 SP1 and Windows 8.1, you might recently have got the update KB3035583. It installs folders and functions to promote the launch of Windows 10 and of course, it calls home to do that.
See more details in this article.
Luckily, you can un-install this update, or, if you have not installed it already, hide it in the "recommended updates" screen.
If you are on Windows 7 and don't plan to upgrade to Windows 8.1 or Windows 10 you can also uninstall:
KB2952664
KB2990214
KB3068708 Read more [...]
All 5 FSMO roles of Active Directory can be moved via script, but lets see how it works via GUI (MMC):
RID Master, Infrastructure Master, and PDC Emulator
Login to the target DC via RDP
Open "AD Users and Computers"
Right-click the Domain and choose "Operations Masters..."
Choose the appropriate tab
Click "Change..."
Click "Yes" to confirm
Schema Master
Make sure you are member of the "Schema Admins" group. Being in the "Enterprise Admins" group is not enough!
Login Read more [...]
Have you ever tried to configure something on a windows system as Administrator and still got a permission denied?
While the Administrator is powerful, he still can't do everything. There is an account that is even more powerful, it is called SYSTEM. So how could you run something as SYSTEM? Here is how:
Start a command prompt as Administrator
From Sysinternals, download psexec.exe and put it on the C: drive
In the command prompt, navigate to the directory with psexec.exe
Run "psexec.exe Read more [...]
How do you restart the terminal services service? In MMC (services.msc), it is greyed out. It would be handy to be able to do it if you don’t want to restart the whole server.
The official word from Microsoft is: “The Terminal Services service is an integrated part of the core OS in Windows, that’s why it can’t be stopped or restarted as most other services (it is grayed out).”
The following procedure does the trick:
Open a command prompt
Type in: tasklist /svc /fi “imagename Read more [...]
Sometimes it is faster to access Control Panel items via command line than clicking and searching in the UI. To use a command, just press <Windows-Key>-R, which will open the Run window. Then just type the command and press <Enter>.
For the .cpl files, the "control" command can even be left out, so that is even less to type.
Control Panel Applet
Command
OS
Accessibility Options
control access.cpl
XP
Action Center
control /name Microsoft.ActionCenter
8, 7
control Read more [...]
