vlan for guest wifi on zyxel usg router with engenius access points

fonte: vlan-for-guest-wifi-on-zyxel-usg-router-with-engenius-access-points

The goal here is to add a second SSID from the Engenius access point for guest internet access that does not have access to the network resources on the private wifi network. First of all I am using the Zyxel USG20 and an Engenius ECB600. Other similar hardware will be… similar. Here’s how to make this work.

Log into your access point. Add another SSID. Make sure you check the box for Station Separation. After adding it, go to the Management category and click on Management VLAN. Set your VID (VLAN ID) for your second SSID. I’d leave it as “2” and check the Isolation and Enable box. Click Accept at the bottom then click the Save/Reload link under status in the top left. This is all you’ll have to do on the access point.

Log into your router. Click Interface then click the VLAN tab. Click Add. Then set it up this way:
Interface Type: general
Interface Name: vlan2
Zone: LAN1 (This needs to match the zone that your access point is connected to.)
Base Port: lan1
VLAN ID: 2 (This needs to match the ID that you set in your access point)
Description: Make it descriptive!
IP Assignment: Use Fixed IP Address
IP Address: Choose something outside of your main subnet. I want my VLAN to use 192.168.10.x so I’ll set this to 192.168.10.1 (Make sure you select a range that is not in use by your router. Keep in mind that LAN2 may be assigned 192.168.2.x, and DMZ may be 192.168.3.x)
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1 (IP address of router. This may not be necessary.)
Under DHCP Setting:
DHCP: DHCP Server
IP Pool Start Address: 192.168.10.10 pool size 100 (or whatever you need it to be)
Set your DNS servers to something outside your network. Google DNS will work
Set default router to vlan2 IP
Save the settings

Next go to Object->Address and Add a new address. Call it something like VLAN_Subnet. Address type is INTERFACE SUBNET and Interface is vlan2.

Next, click on Network -> Routing. Add a Policy Route.
Description: VLAN
Incoming: Interface
Please select one member: vlan2
Next-hop:
Type: Trunk
Trunk: SYSTEM_DEFAULT_WAN_….
Click OK.

At this point your Guest SSID should be working. You will get IP addresses in the range specified in your VLAN interface. The only problem is that your guest network can see your main network. Block this using your Firewall.

Click Network -> Firewall
Click Add
From: Any
To: Any (Excluding Zywall)
Source: VLAN_Subnet
Destination: LAN1_SUBNET
ACCESS: deny

Add one more rule that blocks router administration:

Click Network -> Firewall
Click Add
From: Any
To: Zywall
Source: VLAN_Subnet
Destination: any
ACCESS: deny

If you have more than one subnet, you’ll need to create other rules that block access to that subnet too.

That’s it!

How To Migrate Windows Server 2008 R2 Active Directory Domain Services To Windows Server 2012

fonte:http://www.elmajdal.net/WindowsServer/How_To_Migrate_Windows_Server_2008_Active_Directory_Domain_Services_To_Windows_Server_2012.aspx

 

To perform the below steps, you will need to use a domain account which is member member of Domain Admins and Enterprise Admins Groups and member of the Schema Admins group. I will be using the domain Administrator account which is already a member of all these groups.

Migrating your Domain Controller from Windows Server 2008 to Windows Server 2012 undergoes a few major steps, which are discussed in details below :

Step 1 : Check Forest and Domain Functional Level

  1. The Forest Functional level and Domain Functional Level must be at least Windows Server 2003

  2. To Check The Functional Levels, read my article : How to Raise the Forest and Domain Functional Levels in Windows Server 2008/R2

Step 2 : Preparing Active Directory Schema

The schema has to be upgraded and prepared for Windows Server 2012. To do this you have to run the adprep command.

  1. Insert the Windows Server 2012 /R2 DVD into the DVD drive of the Windows Server 2008 / R2 Domain Controller

  2. Open command prompt in administrative mode, and type adprep /forestprep and press enter.

  3. Open the Directory of the DVD drive and navigate to adprep directory and then type : adprep /forestprep

    You will receive a warning that all active directory domain controllers in the forest must be running at least windows server 2003. click c  andEnter to confirm and continue.

    Adprep will successfully update the forest

  4. Then type adprep /domainprep and press enter

Step 3 : Install Windows Server 2012 and join it to the Windows Server 2008 Domain

  1. For Installing Windows Server 2012, read this article :  How To Install Windows Server 2012

  2. For Joining Windows Server 2012 to the domain of Windows Server 2008, read this article : How To Join Windows Server 2012 to a Domain

Step 4 : Setting Up Additional Active Directory Domain Controller With Windows Server 2012

By now you already have your Windows Server 2008 Domain Controller, and you have installed Windows Server 2012 and is now a domain member. Now we need to introduce our first Windows Server 2012 domain controller in our network. This has been discussed in a previous article, read it here :Setting Up Additional Active Directory Domain Controller With Windows Server 2012

Step 5 : Transferring the Flexible Single Master Operations (FSMO) Role

You have your Windows Server 2008 Domain Controller ( in my lab its called : ELMAJDAL-DC ) and have an additional Windows Server 2012 domain controller ( in my lab its called : ELMAJDAL-DC13). To complete the migration , we need to transfer 5 FSMO roles to the new domain controller.

The five FSMO roles are:

  • Schema Master

  • Domain Naming Master

  • Infrastructure Master

  • Relative ID (RID) Master

  • PDC Emulator

To check who is currently holding FSMO, run the following command : netdom query fsmo

The FSMO roles are currently with the Windows Server 2008 R2 domain controller : ELMAJDAL-DC

The FSMO roles are going to be transferred, using the following three MMC snap-ins :

  • Active Directory Schema snap-in : Will be used to transfer the Schema Master role

  • Active Directory Domains and Trusts snap-in : Will be used to transfer the Domain Naming Master role

  • Active Directory Users and Computers snap-in : Will be used to transfer the RID Master, PDC Emulator, and Infrastructure Master roles

Lets start transferring the FSMO roles.

  • Using Active Directory Schema snap-in to transfer the Schema Master role

You have to register schmmgmt.dll in order to be able to use the Active Directory Schema snap-in

  1. Open Command Prompt in administrative mode and type regsvr32 schmmgmt.dll

  2. Open Microsoft Management Console , mmc

  3. Click File > then click Add/Remove Snap-in…


  4. From the left side, under Available Snap-ins, click on Active Directory Schema, then click Add > and then click OK

  5. Right click Active Directory Schema, then click Change Active Directory Domain Controller…


  6. From the listed Domain Controllers, click on the domain controller that you want to be the schema master role holder and then click on OK

    You will receive a message box stating that the schema snap-in is not connected to a schema operations master. That is for sure, as we have not yet set this Windows Server 2012 domain controller as a Schema Master role holder. This will be done in the next step. Click OK


  7. In the console tree, right click Active Directory Schema [DomainController.DomainName], and then click Operations Master…


  8. On the Change Schema Master page, the current schema master role holder will be displayed ( ex. ELMAJDAL-DC.ELMAJDAL.COM) and the targeted schema holder as well (ex. ELMAJDAL-DC13.ELMAJDAL.COM). Once you click Change, the schema master holder will become
    ELMAJDAL-DC13.ELMAJDAL.COM
    , click Change

    Click Yes to confirm the role transfer

    The role will be transferred and a confirmation message will be displayed. Click OK

    Then click Close, as you can see in the below snapshot, the current schema master is ELMAJDAL-DC13.ELMAJDAL.COM which is the Windows Server 2012 DC


  • Using Active Directory Domains and Trusts snap-in to transfer the Domain Naming Master Role

  1. From the Start Screen, open the Active Directory Domains and Trusts

  2. Right click Active Directory Domains and Trusts, then click Change Active Directory Domain Controller…


  3. From the listed Domain Controllers, click on the domain controller that you want to be the Domain Naming master role holder and then click onOK


  4. Right click Active Directory Domains and Trusts, then click Operations Master…


  5. On the Operations Master page, we are going to change the Domain Naming role holder from ELMAJDAL-DC.ELMAJDAL.COM toELMAJDAL-DC13.ELMAJDAL.COM, Click Change

    Click YES to confirm the transfer of the Domain Naming role. The role will be transferred and a confirmation message will be displayed. ClickOK , then click Close


  • Using Active Directory Users and Computers snap-in to transfer the RID Master, PDC Emulator, and Infrastructure Master Roles

  1. From the Start Screen, open the Active Directory Users and Computers console

  2. Right click your domain and select Operations Masters

  3. In the Operations Masters window, ensure the RID tab is selected.

    Click the Change button. Select Yes when asked about transferring the operations master role. Once the operations master role has successfully transferred, click OK to continue.

  4. Ensure the Operations Master box now shows your new Windows Server 2012

  5. Repeat steps 4 to 6 for the PDC and Infrastructure tabs.

    >>
    >>

    Once completed, click Close to close the Operations Masters window.

If you would like to check if the roles were properly transferred, open command prompt and type: netdom query fsmo. If you see your new server listed in each role, you have successfully transferred all of your FSMO roles to the new server

Related Articles

How To Join Windows Server 2012 to a Domain

How to Raise the Forest and Domain Functional Levels in Windows Server 2008/R2

Setting Up Additional Active Directory Domain Controller With Windows Server 2012  

Reinstall and Reset TCP/IP (Internet Protocol) in Windows with NetShell

fonte:https://techjourney.net/reinstall-and-reset-tcpip-internet-protocol-in-windows-with-netshell/

If you facing network connection issue, or more accurately unable to access or connect to Internet or network problem in Windows operating system such as Windows 2003, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server and etc, you can try to reinstall and reset TCP/IP stack or Internet Protocol, one of the core component of the operating system, which cannot be uninstalled.

Again, with a corrupt TCP/IP stack, the same woes may happen – unable to establish a connection to the server, unable to load a web page, unable to browse and surf the Internet, even though network connection to broadband router or wireless router appear to be OK.

When all means run out, try to reinstall the IP stack with NetShell utility. NetShell utility (netsh) is a command-line scripting interface for the configuring and monitoring of Windows networking service.

To reinstall and reset the TCP/IP stack (Internet Protocol) to its original state as same as when the operating system was first installed, simply use the following command in a Command Prompt (Cmd) shell. In Windows Vista or newer, open an elevated Command Prompt with Administrator privileges instead. A log file name must be specified where actions taken by netsh will be recorded on newly created or appended if already existed file..

netsh int ip reset [ log_file_name ]

Example:

netsh int ip reset c:\resetlog.txt

Restart the computer once the command completed.

The command will remove all user configured settings on TCP/IP stack and return it to original default state by rewriting pertinent registry keys that are used by the Internet Protocol (TCP/IP) stack to achieve the same result as the removal and the reinstallation of the protocol. The registry keys affected are:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\

and

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP\Parameters\

It’s also possible to use the Easy Fix wizard provided by Microsoft to reset TCP/IP automatically.For Windows 8.1, Windows 8, Windows RT, Windows 7, Windows Server 2012R2, Windows Server 2012, Windows Server 2008 R2: MicrosoftEasyFix20140.mini.diagcab

For Windows Vista, Windows XP, Windows Server 2008 or Windows Server 2003: MicrosoftFixit50199.msi

altri riferimenti:

Repair and Reset Windows Vista TCP/IP Winsock Catalog Corruption

How to Enable / Disable Multiple RDP Sessions in Windows 2012

fonte:https://support.managed.com/kb/a1816/how-to-enable-disable-multiple-rdp-sessions-in-windows-2012.aspx

How to Enable/Disable Multiple RDP Sessions in Windows 2012By default, Windows 2012 servers allow a single Remote Desktop session. If only one session is available and you take over another person’s live session, you may choose to enable multiple RDP sessions. This article describes the process for enabling and disabling multiple sessions.

Enable Multiple RDP Sessions

  1. Log into the server using Remote Desktop.
  2. Open the start screen (press the Windows key) and type gpedit.msc and open it
  3. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
  4. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Disabled.
  5. Double click Limit number of connections and set the RD Maximum Connections allowed to 999999.

Disable Multiple RDP Sessions

  1. Log into the server using Remote Desktop.
  2. Open the start menu and type ‘gpedit.msc’ and open it
  3. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
  4. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Enabled.

Windows Server 2012 and 2008 R2 – Enable Multiple RDP sessions

fonte:http://www.petenetlive.com/KB/Article/0000471.htm

Windows Server 2012 and 2008 R2 – Enable Multiple RDP sessions

KB ID 0000471 Dtd 28/08/13

Problem

Server 2012/2008 R2 unlike their predecessors, comes with the multiple remote desktop session restriction enabled. If you are only connecting to a server for remote administration purposes that can get a bit annoying, especially if you have a generic administrative account that multiple techs are using, and you keep kicking each other off the server.

Just as with earlier versions of Windows server you CAN have two RDP sessions at any one time, the restriction is one logon for one account. Thankfully you can disable the restriction and there are a number of ways to do so.

Solution

Server 2008 R2 Option 1: Enable Multiple RDP sessions from TSCONFIG

Note: tsconfig.msc does not work on Windows Server 2012

1. On the server, click Start and in the search/run box type tsconfig.msc{enter}. Locate “Restrict each user to a single session” Right click > Properties.

TSCONFIG

2. Remove the tick from “Restrict each user to a single session” > Apply > OK.

Restric each logon to a single session

Server 2012 and 2008 R2 Option 2: Enable Multiple RDP sessions via the registry

1. Start > in the search/run box type regedit {enter} > Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

Locate the fSingleSessionPerUser value > Set it to 0 (Multiple sessions allowed), or 1 (Multiple sessions NOT allowed).

multiple rdp

Server 2012 and 2008 R2 Option 3: Enable Multiple RDP sessions via Local Policy

1. Start > in the search/run box type gpedit.msc {enter}.

GPO multiple RDP

2. Navigate to:

Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting.

Remote Desktop multiple logons group policy

3. To enable multiple sessions set the policy to disabled > Apply > OK.

RDP GPO

Server 2012 and 2008 R2 Option 4: Enable Multiple RDP sessions via Group Policy

1. On a domain controller > Start > in the search/run box type gpmc.msc {enter}.

local policy RDP

2. Either edit an existing GPO that’s linked to your COMPUTERS, or create a new one and give it a sensible name.

group policy multiple logons

3. Navigate to:

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting.

GPO 3389

4. To enable multiple sessions set the policy to disabled > Apply > OK.

more than one login

5. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Force GPO

 

Related Articles, References, Credits, or External Links

Original Article Written 27/06/11

How To Fix ERROR_NOT_FOUND 0x80070490 During Windows 7 SP1 Installation

fonte: http://beerpla.net/2011/05/06/how-to-fix-error_not_found-0x80070490-during-windows-7-sp1-installation/

imageWell, this one took ages. And whenever something takes me ages, rather than write it down in my personal notes, I prefer to put it out online for everyone with the same problem to easily find and benefit from.

The problem I’m talking about today is trying to upgrade your Windows 7 installation to SP1 by applying Microsoft’s update KB976932, called “Windows 7 Service Pack 1 for x64-based Systems” and getting nothing but a failure every time. The same problem may affect 32-bit systems as well, and I’m not sure what the update number for that would be, but the solution should work for either one.

SNAGHTML3837080

The update starts just fine, chugs along for 10 minutes or so, then reboots the system and starts performing more operations, when suddenly one of them fails about 10% down the road, reboots, and reverts the whole process. You end up with this message (code 80070490) and a failure for which there are a lot of useless “solutions” on the web that just don’t work.

Except for one. I can’t take credit for it – all I did was spend a month weeding through the crap, retrying, and getting nowhere, until a genius by the name Ben-IS came up with exactly the right diagnosis and provided exactly the right solution. This solution, in my own interpretation, is below.

Step 1

We are going to use a utility called SFC (System File Checker or Windows Resource Checker), which is part of the Windows installation. It will help diagnose the problem.

Open up a command prompt (cmd) as administrator and run

sfc /scannow

This will run for a while and produce a file called CBS.log which you can find in %WINDIR%\Logs\CBS (usually C:\Windows\Logs\CBS). See this KB929833 for more info on SFC and CBS (Component Based Servicing).

sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

Even though there are no integrity violations, we should have enough info in the log to diagnose the problem.

Step 2

Unfortunately, Windows overwrote my CBS.log, so I’ll go by the one Ben-IS provided.

Open up CBS.log and look for something like Failed uninstalling driver updates or0x80070490 – ERROR_NOT_FOUND.

If you have this line, which you should if you’re reading this post, you should also see lines similar to these a few lines above:

2011-04-14 12:02:33, Info CBS Doqe: q-uninstall: Inf: usbvideo.inf, Ranking: 2, Device-Install: 0, Key: 598, Identity: usbvideo.inf, Culture=neutral, Type=driverUpdate, Version=6.1.7600.16543, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=amd64, versionScope=NonSxS

2011-04-14 12:02:33, Info CBS Doqe: q-uninstall: Inf: sffdisk.inf, Ranking: 2, Device-Install: 0, Key: 599, Identity: sffdisk.inf, Culture=neutral, Type=driverUpdate, Version=6.1.7600.16438, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=amd64, versionScope=NonSxS

2011-04-14 12:02:33, Info CBS Doqe: q-uninstall: Inf: sdbus.inf, Ranking: 2, Device-Install: 0, Key: 600, Identity: sdbus.inf, Culture=neutral, Type=driverUpdate, Version=6.1.7600.16438, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=amd64, versionScope=NonSxS

One of these .inf files is the culprit, and we’re going to find out which one in the next step.

Step 3

Now open up a different log file located at %WINDIR%\inf\setupapi.dev.log (normally c:\Windows\inf\setupapi.dev.log).

Look for a line that contains Failed to find driver update or FAILURE(0x00000490).

Note the exact path to the .inf file that failed. In my case, it was:

sto: Failed to find driver update ‘C:\Windows\WinSxS\amd64_usbvideo.inf_31bf3856ad364e35_6.1.7600.16543_none_8a1a2513d42628c3\usbvideo.inf‘ in Driver Store. Error = 0x00000490

Step 4

This is the key to the whole operation. Open up the command prompt again (cmd) as administrator and run

pnputil -a INSERT_FILE_NAME_FROM_STEP_3

For example, I ran

pnputil -a C:\Windows\WinSxS\amd64_usbvideo.inf_31bf3856ad364e35_6.1.7600.16543_none_8a1a2513d42628c3\usbvideo.inf

You should see the following dialog:

SNAGHTML3a03ec7

Choose Install this driver software anyway.

The end result should be something like this:

pnputil -a C:\Windows\WinSxS\amd64_usbvideo.inf_31bf3856ad364e35_6.1.7600.16543_none_8a1a2513d42628c3\usbvideo.inf
Microsoft PnP Utility

Processing inf :            usbvideo.inf
Driver package added successfully.
Published name :            oem69.inf

Total attempted:              1
Number successfully imported: 1

Repeat this step for any failures found in step 3.

Step 5

Apply the SP1 Windows Update again – it should now install successfully.

And voila – enjoy your SP1!

Microsoft has failed to fix this incredibly cryptic problem, leaving it up to the users to figure out why their SP1 updates are not installing. Thanks to people like Ben-IS, solutions no longer involve head-banging, postal rage, and f7u12.

Configurare Intel vPro per la gestione remota

fonte: http://www.windowserver.it/Articoli/Networking/ConfigurareIntelvProperlaGestioneRemota.aspx

Autore: Andrea Garattini – Data Pubblicazione: 26 Febbraio 2015

Introduzione
Negli ultimi tempi sono usciti sul mercato alcuni modelli di server low cost molto interessanti: CPU XEON, 32GB RAM, 4 dischi ecc. Sfortunatamente… non hanno funzionalità di gestione remota tipo ILO o DRAC, giusto per fare due nomi.

Questo non è completamente vero, anzi! Tutti i sistemi con tecnologia Intel vPro (quindi anche i client) possono sfruttare la tecnologia Intel MEB (Management Engine BIOS). In pratica, all’interno del chip è stato integrato un server VNC, consentendo molte delle operazioni ottenibili attraverso i classici sistemi Out of Band: Console remota Out of Band, Reboot remoto, Power on e off remoti, Image mounting.

In questo articolo andiamo a vedere come attivare tutte le funzioni di Remote Management per il Dell T20 (ma come detto… vale per qualsiasi sistema!). Il tutto a costo ZERO!

Attivare il MEB

La prima operazione consiste nell’attivazione del MEB. Per farlo è necessario premere CTRL+P all’avvio, figura 1, proprio appena compare lo splash screen (compare in alto a destra la scritta gialla preparing MEBX Menu)

NB: in questa fase non è possibile usare KVM over Network!


Figura 1 – Main Menu MEB

La prima cosa da fare è il login; scegliamo quindi MEBx Login, inseriamo la password di default (admin) e la cambiamo immediatamente con qualcosa lungo almeno 8 caratteri, con almeno un carattere minuscolo, un carattere maiuscolo, un numero e un carattere speciale. Questo è necessario dato che in seguito la password che utilizzeremo per l’accesso in console remota dovrà essere esattamente di otto cifre e con le stesse caratteristiche… tanto vale impostarle uguali!

Dopo l’inserimento della nuova password siamo nel menù del MEB, dove dobbiamo configurare i parametri di accesso remoto.

La prima voce del menù principale, Intel ® ME General Settings – figura 2, consente esclusivamente di cambiare la password di accesso (Change ME Password). La seconda, Intel ® AMT Configuration, figura 3, è invece quella che ci interessa!


Figura 2 – General Settings


Figura 3 – AMT Configuration

Intel ME Network Name Settings – figura 4) e impostiamo Host  Name, Domain Name, dedichiamo il FQDN al solo MEB (Dedicated FQDN) e lasciamo disabilitato il Dynamic DNS Update (è molto meglio configurarla a mano nel DNS).


Figura 4 – Network Name Settings

Torniamo indietro e scegliamo la seconda voce (TCP/IP Settings) quindi Wired LAN IPV4 Configuration. Disabilitiamo il DHCP e andiamo a inserire i valori corretti nei diversi campi. Torniamo alla videata della AMT Configuration e scegliamo la voce Activate Network Access confermando poi al pop-up.

Ok! La parte “BIOS” è terminata… avviamo tranquillamente la macchina e proseguiamo la configurazione.

MEB Tools

Il prossimo passo prevede due strategie: una a pagamento ed una gratuita.

La prima consiste nel procurarsi il VNC Viewer Plus (http://www.realvnc.com/products/viewerplus/index.html), una versione evoluta del solito VNC che contiene al suo interno tutti i componenti necessari per la gestione del MBE (essendo in pratica sviluppato in partnership con Intel proprio a questo scopo).

Se invece vogliamo proseguire a costo zero, dobbiamo scaricare ed installare i tool di Open Manageability dell’Open Software Projects (http://opentools.homeip.net/open-manageability).

Dopo averli installati (su una macchina diversa da quella da amministrare!) lanciamo il Manageability Commander Tool ME. Con il bottone Add Known Coputer  aggiungiamo l’indirizzo IP assegnato in precedenza nelle opzioni MEB, figura 5.


Figura 5 – Nuovo Device da Gestire

A questo punto possiamo selezionarlo dal menù network e con il pulsante Connect ci connettiamo. Se la connessione ha successo il pulsante cambia scritta in Discconnect ma soprattutto di fianco al sistema compare il simbolo di un menù espandibile.

Posizionandoci sopra ed espandendo le voci la prima sorpresa comoda che abbiamo è la lista delle componenti hardware dei sistema, figura 6.


Figura 6 – Elenco Hardware

Andiamo nel tab Remote Control, quindi nell’area Remote Desktop selezioniamo la freccia a destra del Disable in corrispondenza della voce Remote Desktop Settings. Nel menù che compare, figura 7, modifichiamo i valori di State, Standard Port, Redirection Portin Enabled e Local User Consent in Disabled e dopo aver impostato la password (8 caratteri, una maiuscola, una minuscola, un numero e un carattere  speciale) confermiamo con OK.


Figura 7 – Personalizzazione Valori

Lanciamo VNC e… buon management!

NB: sulla macchina “controllata”, per segnalare che un amministratore ha preso il controllo compare una cornice giallo/rossa sul monitor!

NB: almeno sui Dell T20… il gioco funziona se sente un monitor connesso. Spento o acceso non fa differenza. Basta anche solo un KVM, ma vuole qualcosa connesso alla porta monitor.

Windows XP client and Windows server 2012 R2

fonte: http://northtech.co/microsoft/windows-xp-client-and-windows-server-2012-r2/

If you are still running a combination of Windows XP and Windows 7 client machines you may come across an issue when introducing your first Windows 2012 R2 Domain Controller server into your environment that your Windows XP clients no longer run login scripts.  The problem is to do with the versions of SMB which is supported between client and server communication which can cause issues with connecting to shares via UNC or executing login scripts on the DC.

The following image will give you an idea of the versions of SMB between different clients and server.

smb

As you can see Windows XP will only communicate using SMB 1.  Now lets look at the “Server” service property settings of a Windows 2012 (non R2)

smb1-2

You can see that SMB1 and 2 driver is allowed. Now let’s have a look at the “Server” service property settings of a Windows 2012 R2 server.

smb5 (2)

You can see that the server is only allowing SMB 2 and not 1 and this is why you will get issues mentioned above.  There is a workaround until you can upgrade your Windows XP clients and that is to amend the following registry key:-

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerDependOnService

This is how it is by default

smb_1and we need to amend to

smb_2

Once amended reboot the server and if you then check the “Server” service property settings again you will see that it’s changed

smb1-2

Your Windows XP clients will now be able to UNC and successfully run login scripts.  You will need to do this on any additional Windows 2012 R2 Domain Controllers until you have removed these old clients.

I would recommend replacing these legacy clients as it is now end of life and Microsoft will no longer be providing security updates and hotfixes.