GPO

Migrating from FRS to DFSR

By Joseph Yedid Recently I noticed that there were some errors in my OpsMan environment that needed my attention. After further inspection, it looked like I was having some GPO replication problems. What was going on? First, I had to check to see which GPO or GPOs were being affected. In reviewing the Group Policy Management console, I discovered that some of the GPOs were not replicating because File Replication Service (FRS) was being used. Since I no longer have any Windows 2003 DCs, the best course of action to resolve the replication issue was to migrate to the new Distributed File System Replication (DFSR), which by the way was introduced in Windows 2008. Subsequently, after the migration was complete the GPO issue was resolved. Full instructions can be found here. Although the docum...

Supporting Windows 10 in Your Environment

Now that Windows 10 has been released to the public, it’s time to update your environment to support management and deployment of the new operating system.¬† Below are some of the common toolsets to consider updating, along with links to the relevant updates at release time and some notes. Shameless NinjaCat T-Rex Wallpaper Screenshot (A few ot these items are still pending release as of the Windows 10 public release, but they are expected in short order and I will update the post with the links as they become available.)   Group Policy Admin Templates¬†– While the Windows 8.1 group policy templates contain a lot of the updated settings you might want for managing Windows 10, particularly if you’re moving from Windows 7, there are still some new settings specific to Wi...

Domain Controller SceCli event 1202

Greetings Humans! It is Sunday morning and I had to work very early to do some testing after a migration. There is also a lot of waiting involved so i resolved to run some checks on the health of our domain controllers. We had a lot of SceCli event 1202 warnings on every single DC. Those errors are potentially caused by an account that was deleted or not replicated correctly. That account is also part of the User Rights Assignment policy, most commonly on the “Logon as a service” settings. To figure out the account that is causing the error browse to: %SYSTEMROOT%SecurityLogswinlogon.log Search for “Cannot find” In my case I found the following: Error 1332: No mapping between account names and security IDs was done. Cannot find postgres_eip. That means that the acco...

Windows Azure Pack in a FIPS compliant environment

I am just about to deploy a Windows Azure Pack (WAP) express installation in an environment where they have to turn on FIPS compliancy. There are companies that turn everything in GPOs on that have “security” in the name or description field, but actually don’t really need it, and then there are companies that actually need it. Windows Azure Pack configuration fails Usually installation and configuration of a Windows Azure Pack installation is really easy and straight forward, especially when using the Express install, which puts every feature on one server (only for really small / limited PoCs!). I’ve done that multiple times already, but this time the configuration failed. […]

Configuring Group Policies for your ConfigMgr Servers

Disclaimer: Please test and validate this in your test environment, don’t take the information i provide for granted. This article describes a method to determine correct settings and doesn’t supply the answer to your specific environment ! When you are installing System Center Configuration Manager (ConfigMgr) in environments where group policies are used to control […]

  • 1
  • 3
  • 4