Pages

How to Reset Windows Password Without an Install CD

image

If you’ve forgotten your Windows password and you don’t have an install CD laying around, there’s no need to worry. Not only are there half a dozen complicated ways to reset the password, you can do it easily with the Offline Windows Password editor.
Of course, if you do have a Windows CD, you can reset your password the easy way with a simple trick.
Note: this should work on all versions of Windows, but if you are running Windows 8 or 8.1 andalso using a Microsoft Account to login to your computer, you’ll need to reset your Microsoft Account password using a web browser on their web site.

Create the Boot Disk.

You will need to create a boot disk using another PC. First, you’ll need to download the boot disk from here:
image
Then download and launch ImgBurn, which is a really simple piece of software that helps you burn an ISO image to a disk.
 Note: if you have some other application for burning an ISO image, you can use that instead.
Choose the Source, click the burn button, and create the boot disk.
image
You could also create a bootable USB drive instead if you’d like, the instructions are on the Offline NT download site.

Resetting Your Windows Password.

Boot your PC from the boot disk (you might have to adjust the BIOS to allow booting from the CD). You’ll be prompted at a couple of screens, which you can generally just hit the Enter key at. For

Steps to Create a Self Signed Security (SSL) Certificate and Deploy it to Client Machines.

Developers and IT administrators have, no doubt, the need the deploy some website throughHTTPS using an SSL certificate. While this process is pretty straightforward for a production site, for the purposes of development and testing you may find the need to use an SSL certificate here as well.
As an alternate to purchasing and renewing a yearly certificate, you can leverage your WindowsServer’s ability to generate a self signed certificate which is convenient, easy and should meet these types of needs perfectly.

Creating a Self Signed Certificate on IIS

While there are several ways to accomplish the task of creating a self signed certificate, we will use the SelfSSL utility from Microsoft. Unfortunately, this doesn’t ship with IIS but it is freely available as part of the IIS 6.0 Resource Toolkit (link provided at the bottom of this article). Despite the name “IIS 6.0″ this utility works just fine in IIS 7.
All that is required is to extract the IIS6RT to get the selfssl.exe utility. From here you can copy it to your Windows directory or a network path/USB drive for future use on another machine (so you don’t have to download and extract the full IIS6RT).
Once you have the SelfSSL utility in place, run the following command (as the Administrator) replacing the values in <> as appropriate:
selfssl /N:CN=<your.domain.com> /V:<number of valid days>
The example below produces a self signed wildcard certificate against “mydomain.com” and sets it to be valid for 9,999 days. Additionally, by answering yes to the prompt, this certificate is automatically configured to bind to port 443 inside the Default Web Site of IIS.
image
While at this point the certificate is ready to use, it is stored only in the personal certificate store on the server. It is a best practice to also have this certificate set in the trusted root as well.

Import a Trusted Root Certification Authority In Windows 7/Vista/XP.

1. Start Microsoft Management Console (MMC) Tool

Click Start -> Run -> Enter 'MMC' and click 'OK'













 2. Click File -> Add/Remove Snap-In...
















3. Add Certificate.

Select 'Certificates' in left panel and click 'Add' to move to right panel , Then Click 'OK'




4. Select 'Computer Account' option and click 'Next'

HOW TO RESTORE OFF A MOUNTED SLAVE DISK ON REDHAT + CPANEL (CRASH/HACK/BAD KERNEL)

How to Restore off a mounted slave disk on Redhat + Cpanel (crash/hack/bad kernel)

Warning: This is not to be done by the unexperienced admins bad things could happen. Hire someone.
Sometimes if you get hacked or boot with a bad kernel you need to have the datacenter mount your old drive, and install a new one with a fresh installation of redhat. First things first lets make sure you have an updated kernel, we will do it with up2date for ease of use:

up2date -f kerne
l
check the grub.conf /or lilo config to ensure the settings are right. (if using lilo run this command aswell /sbin/lilo -v -v and check for errors)
Now reboot the server
shutdown -r now
I. Mount the backup Drive
First check to see if there are any drives mounted.
df -h
You should get something simular to this if it isent mounted yet:
[root@localhost root]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 37G 1.4G 33G 4% /
/dev/hda1 101M 7.7M 88M 9% /boot
none 125M 0 125M 0% /dev/shm
[root@localhost root]#
if it is mounted you will see something like this:
-bash-2.05b# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 53G 31G 20G 62% /
/dev/hda1 99M 14M 80M 15% /boot
none 248M 0 248M 0% /dev/shm
/dev/hdc3 53G 31G 20G 61% /mnt/old
-bash-2.05b#

HOW TO INSTALL CACTI ON LINUX

Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices. For More information http://www.cacti.net/what_is_cacti.php

  • first login as root to the server. please note this should have "yum" install already. my recommendation is to use standalone server or virtual server for monitoring . its depend on your network size.
# yum install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd
  • Configure MySQL server
# mysqladmin -u root password NEWPASSWORD
  • Create cacti MySQL database

WHY READ-ONLY DOMAIN CONTROLLERS (RODC) ?

In enterprise level network its common to have HQ(Head Quarters)-Branch Office network. These branch offices may required  to connected with HQ resources for its operations. Most of the time this kind of setup uses WAN links to connect branch  Offices with HQ network. Let's assume we have company called ABC and its HQ is located in Canada Toronto. Due to the  Expansion its need branch office open in London, UK. So the requirement is more complicated as its 2 different countries.  

The users in London office still need to authenticate the company domain environment and access the resources. Let's Look in  
to some of the difficulties, challenges faces with typical this kind of setup.

Lack of Resources
To connect HQ with branch site its required secure, reliable connection. But these connections typically comes with high $$$$ cost. Even though its cost mostly these links will be with speed of 128kb, 256kb, 512kb etc. If users in branch site is authenticating company AD it will use WAN link for the all the authentication, resources access etc. if the number of  users increase in branch site the link utilization just for the AD activities will increased. Also since its between  different geographical locations, different ISP, many facts will affect the reliability of the link as well. what happen if  the WAN link went down on critical business day ? so solution is to deploy AD in branch site and it will be opening whole different range of concerns, problems.

PASSWORD REPLICATION IN RODC

In RODC environment one of the great feature is the password replication. in RODC environment we can determine which passwords need to be cache in RODC and which accounts still need to be authenticate via writable domain controller. As example domain administrator accounts do not need to be cached on RODC. its always safe if it can be authaticate via routable DC for security purposes. so if a domain administrator login from a RODC enviornment, we can set system to forward the authtication request or service ticket to the writable domain controller.

Microsoft made this easy by introducing password replication policy (PRP) to RODC environment. by default system create domain-wide password replication policy two domain local security groups.
Allowed RODC Password Replication Group : Members of this group will allow to cache passwords in RODC. by default this group do not have any members.
Denied RODC Password Replication Group: Members of this group are deny to cache passwords in RODC. Some of the groups which are security critical are member of this group by default such as Administrators, Server Operators, Backup Operators, Account  Operators.
One of the biggest mistakes administrator do is only allow/deny user accounts. But computers it self also uses authatication and service tickets requests. so make sure you add computer accounts also in to these lists.
How to configure RODC password replication policy(PRP) ?
1) Login to a writable domain controller with domain administrator account
2) Open "Active Directory Users and Computers" snap in by Server Manager > Tools > Active Directory Users and Computers
3) Go to "Domain Controllers" OU
prp1
4) Click to select the RODC you need to configure PRP. Then right click and click on properties.
prp2
5) In the properties window click on "Password Replication Policy" tab

Guide To Install Read-Only Domain Controller (RODC)

Before install a RODC in a domain environment it need to meet the following requirements,

  • Forest function level should be windows 2003 server or higher
  • Needs at least one writable domain controller running windows server 2008 or higher
If forest have any DC running windows server 2003 we need to adjust permissions on DNS application directory partition to allow them to replicate to RODC. It can be done by running adprep /RODCprep from windows 2012 server installation disk \support\adprep folder.
In my demo setup i do have a domain called contoso. Before start lets check the forest function level.
  • To do that, log in to the DC as domain admin and open "Server Manager"
  • Then from tools click on "Active Directory Domains and Trust"
rodc1
  • Right click on domain and select "Properties"
rodc2
As we can see here its runs with windows server 2012 R2 so we do not need to prepare domain

How to Configure VPN? Part 3

This is the part 3 of the series of articles which explains complete setup of VPN in windows serverenvironment.

Configure Logs
To maintain the security and the monitor the issues involve with the remote access it’s important to configure proper logs. NPS keeps separate logs for this process. In below I will demonstrate how to configure these logs.
1.    Open the network policy server mmc.
2.    In the console click accounting.
c1
3.    In the detail panel click configure local file logging. Then local file logging box will open.
c2
c3
4.    On the log file tab, it is possible to define the directory the log files should store. Also by selecting “database-compatibility” the files will be save on IAS format which allow to open it from database level.

GUIDE TO MIGRATE FSMO ROLES FROM WINDOWS 2003 SERVER TO WINDOWS 2012 R2 SERVER



Even its been over decade after windows server 2003 release , It’s no wonder that still organizations using windows server 2003 / windows server 2003 R2 as their domain controllers. Microsoft has announced that windows server 2003 / windows server 2003 R2 supports ends on 2015, July 14th (http://support2.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=Microsoft+Windows+Server+2003&Filter=FilterNO). So the day has come to plan out for the upgrades if you still running those versions in infrastructure.


This guide will explain how we can transfer DC FSMO roles from windows server 2003 to windows server 2012 R2 which is latest. In Windows DC environment FSMO roles holds all the information about DC and its necessary to have all this 5 roles working correctly to maintain proper DC environment. The 5 FSMO roles as following,
•    Schema master
•    Domain naming master
•    RID master
•    PDC emulator
•    Infrastructure master
You can find more information about this roles from http://support.microsoft.com/kb/197132
For the demonstration I am using the following setup


Server Name
Operating System
Server Roles
canitpro-dc2k3.canitpro.local
Windows server 2003 SP2 x86
Active Directory FSMO roles, DNS
CANITPRO-DC2K12.canitpro.local
Windows server 2012 R2 x64
Additional Domain Controller, DNS
So in here I already added windows 2012 r2 server to domain and make it additional domain controller. Currently it do not hold any FSMO roles. My plan is to migrate all the FSMO roles in to windows 2012 r2 server.
role1
Note : In before if we adding windows 2008 server to windows 2003 environment, first we need to prepare the forest and domain schema by running adprep \forestprep and adprep \domainprep  from windows 2008 source files \ support \ adprep. But in windows 2012 you do not need to worry about it when adding 2012 as additional domain controller. When you run the dcpromo it will automatically update it in windows 2003 remotely.

GUIDE TO MIGRATE ACTIVE DIRECTORY CERTIFICATE SERVICE FROM WINDOWS SERVER 2003 TO WINDOWS SERVER 2012 R2.


Microsoft has already announced that windows server 2003 / windows server 2003 R2 versions support is coming to end in 14th July 2015 (http://support2.microsoft.com/lifecycle/search/default.aspx?sort=PN&alpha=Microsoft+Windows+Server+2003&Filter=FilterNO). It’s no wonder that some organizations still uses windows server 2003 versions in production environment.


If you still not plan for migration from legacy windows server versions, well time has come!!
This guide will explain how we can migrate AD CS from windows server 2003 to windows server 2012 R2.
In this demonstration I am using following setup.
Server Name
Operating System
Server Roles
canitpro-casrv.canitpro.local
Windows Server 2003 R2 Enterprise x86
AD CS ( Enterprise Certificate Authority )
CANITPRO-DC2K12.canitpro.local
Windows Server 2012 R2 x64
-
Backup windows server 2003 certificate authority database and its configuration
•    Log in to Windows 2003 Server as member of local administrator group
•    Go to Start > Administrative Tools > Certificate Authority
adcs1
•    Right Click on Server Node > All Tasks > Backup CA
adcs2
•    Then it will open the “Certification Authority Backup Wizard” and click “Next” to continue
adcs3
•    In next window click on check boxes to select options as highlighted and click on “Brows” to provide the backup file path location where it will save the backup file. Then click on “Next” to continue

GUIDE TO MIGRATE DHCP FROM WINDOWS SERVER 2003 TO WINDOWS SERVER 2012 R2 USING WINDOWS SERVER MIGRATION TOOLS

Microsoft has already announced that windows server 2003 / windows server 2003 R2 versions support is coming to end in 14th July 2015 

It’s no wonder that still organizations using windows server 2003 / windows server 2003 R2 in their infrastructure with different server roles.
With windows server 2008 R2 Microsoft has introduce new great feature called “Windows Server Migration Tools” which will  allow administrators to migrate server roles, features, configuration settings seamlessly from one system to another(ex- windows server 2003). Windows server 2012 also includes this feature and in this article I will demonstrate how we can use it to migrate DHCProle to windows server 2012 r2.
Please note, To use this method we need to install this feature in both source and destination servers.
For the demonstration I am using following setup

Server Name
Operating System
Server Roles
Networks
dhcp-2k3.canitpro.local
Windows Server 2003 R2 Enterprise x86
DHCP
Network A – 10.10.10.0
Network B – 172.16.25.0
Network C – 192.168.148.0
CANITPRO-DC2K12.canitpro.local
Windows Server 2012 R2 x64
-
-
Before start the migration process it’s important to consider on following.
1)    To migrate the roles you need to log in to source and destination servers as “Domain Administrators”. 
2)    Before start the migration process make sure source and destination servers’ runs with latest updates and service packs. 
3)    If the source server runs with multiple network, multiple NIC make sure the destination server also have same number of NIC so it can be server with same network setup.
dhcp-2k3.canitpro.local server currently setup with 3 additional NIC to represent network A,B and C. those have configured with static ip addresses to match with relevant network it belongs to. The DHCP server host different DHCP scopes for each network.
Before we start the process we need to install the following software in windows server 2003(dhcp-2k3.canitpro.local) if it’s not there already.
Install Windows Server Migration Tools in windows server 2012
1)    Log in to the Windows server 2012 as Domain Administrator
2)    Go to Server Manager > Add Roles and Features
dmig1
3)    It will open the Add roles and features Wizard and click next to start the process
4)    In next window, for the installation type select “Role-based or feature-based installation”  then click next to continue
dmig2
 

RECENT ARTICLES

Recent Articles

BLOG CONTENTS