Domain Controller Archives

Winsage

December 21, 2024

How to setup IPAM on Windows Server

IP Address Management (IPAM) in Windows Server automates and centralizes the management of IP address infrastructure, allowing administrators to monitor, manage, and audit DHCP and DNS servers. Setting up IPAM involves several steps: verifying prerequisites (supported Windows Server version, active directory domain, and operational DHCP/DNS roles), installing IPAM through Server Manager or command prompt, configuring IPAM for file sharing and access settings, configuring server discovery, and managing servers and settings. To add an IP address to IPAM, users access the IPAM console, navigate to the IP Address Space section, select the desired IP Address block, and provide necessary details before saving the changes.

Winsage

December 16, 2024

The Windows Concept Journey

Active Directory (AD) is a hierarchical database that stores information about network objects such as users, computers, printers, and shared resources. Key components of AD include the schema, global catalog, query and index mechanism, and replication service. Management is typically done through the "Active Directory Users and Computers" snap-in, which enhances security and supports authentication federation. The AD database is stored in a file called "ntds.dit" on the Domain Controller (DC). Best practices for securing AD include patching, monitoring, and recovery planning. Remote access to the AD database is enabled through the Lightweight Directory Access Protocol (LDAP) over TCP port 389 or port 636 for secure LDAP (LDAPS).

Winsage

October 31, 2024

Microsoft fixes Windows 10 bug causing apps to stop working

Microsoft has addressed an issue affecting the launch of certain applications on Windows 10 22H2 systems for non-administrative users, which arose after the September 2024 preview cumulative update (KB5043131). The problem involved child processes of applications running at low Integrity levels instead of the required medium levels, impacting applications like Quick Assist, Microsoft Teams, and Windows Narrator. This issue occurs when applications with UIAccess=true attempt to run under non-admin accounts. Affected applications are typically launched from secure directories, including ProgramFiles, %systemroot%system32, and %systemroot%syswow64. Microsoft is rolling out a Known Issue Rollback (KIR) to resolve the problem, which will automatically propagate to home and non-managed enterprise devices within 24 hours. For enterprise-managed devices, administrators must apply the KIR Group Policy via the Group Policy Editor and restart affected devices. Microsoft has previously used KIR to address issues on Windows Server 2019 and Windows 11 systems.

Winsage

October 25, 2024

Windows Server 2025 Insider Preview build 26311 is now available

Microsoft has released Windows Server build 26311 for the Windows Server Insider Program, branding it as Windows Server 2025. The change log for build 26311 is similar to build 26304 and includes the Windows Defender Application Control for Business (WDAC), which enhances security by enforcing a list of authorized software. The Windows Server 2025 Security Baseline Preview allows users to apply over 350 preconfigured security settings categorized by server roles: Domain Controller, Member Server, and Workgroup Member. Known issues include incorrect labeling for the flight, problems with WinPE PowerShell scripts, intermittent upgrade failures from Windows Server 2019 or 2022, issues with archiving event logs, and installation recommendations related to Secure Launch/DRTM. Downloads are available in various formats, but may not be accessible in certain regions due to Microsoft's sales suspension in Russia. The preview is set to expire on September 15, 2025.

Winsage

October 16, 2024

Iranian hackers use Windows holes to attack critical Gulf and Emirates systems

A cyberattack exploited a vulnerable web server targeting public-facing applications using a web shell that allowed execution of PowerShell code and file transfers. Attackers deployed the remote management tool ngrok to navigate laterally within the network, focusing on the Domain Controller by exploiting the CVE-2024-30088 vulnerability, a Windows Kernel Elevation of Privilege flaw. They used an exploit binary introduced through the open-source RunPE-In-Memory tool to escalate their privileges.

Winsage

October 12, 2024

Windows Server 2025 Insider Preview build 26304 adds Windows Defender Application Control

Microsoft has released build 26304 of Windows Server for the Windows Server Insider Program, transitioning to the Windows Server 2025 branding. The key feature introduced is Windows Defender Application Control for Business (WDAC), which enforces a strict list of approved software and includes a predefined default policy for implementation via PowerShell cmdlets. The Windows Server 2025 Security Baseline Preview is also available, featuring over 350 preconfigured settings based on Microsoft’s best practices, categorized by server roles such as Domain Controller, Member Server, and Workgroup Member. Users are advised to preview the security baseline only on test systems due to potential irreversible configurations. The new build will be automatically delivered to Server Flighting participants, and the updated Feedback Hub app is available for Server Desktop users. Known issues include mislabeling in flight references, PowerShell script malfunctions in WinPE, intermittent upgrade failures from previous Windows Server versions, potential crashes when archiving event logs, and restrictions for those with Secure Launch/DRTM code path enabled. Downloads are available in limited regions, with previews for Windows Server Long-Term Servicing Channel and Datacenter Azure Edition in various formats. The preview keys are valid only for preview builds, and the preview is set to expire on September 15, 2025.

Winsage

October 1, 2024

Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues

Microsoft has addressed issues caused by the Windows KB5043145 preview update, which led to reboot loops, system freezes, and failures in USB and Bluetooth device connectivity. Users reported their systems either loading the Automatic Repair tool or entering BitLocker recovery mode after repeated reboots. The update caused hardware connected via USB and Bluetooth, such as keyboards and printers, to malfunction, indicated by a yellow exclamation mark under the USB Host Controller in Device Manager. To resolve these issues, Microsoft implemented a Known Issue Rollback (KIR) to reverse the problematic update and is working on integrating this fix into an upcoming Windows update. Administrators managing affected Windows enterprise devices can resolve the issue by installing the Windows 11 22H2 KB5043145 240904_041021 KIR Group Policy, which requires a system restart to apply. Microsoft has previously addressed similar issues with updates affecting Windows Server 2019 and other versions.

Winsage

September 25, 2024

Will Windows Server 2025 release spark VMware migrations? | TechTarget

Microsoft is positioning itself to attract VMware customers following VMware's acquisition by Broadcom. The upcoming release of Windows Server 2025 will include enhanced features for Hyper-V, such as revised GPU partitioning, dynamic compatibility for live migrations between hosts with different CPU architectures, improved virtualization-based security, and simplified deployment for smaller organizations. Broadcom's history of selling off underperforming products raises concerns about VMware's stability, prompting customers to reconsider their options. Microsoft is offering solutions like the Azure VMware Solution and the VMware Rapid Migration program to facilitate transitions away from VMware. The enhancements in Windows Server 2025 aim to address enterprise needs and may encourage users to switch from VMware.

Winsage

September 2, 2024

For Windows 11 setup, which user account type should you choose? How to decide

Users setting up a Windows PC for the first time are prompted to create a user account, typically as an administrator. Depending on the Windows edition and network configuration, users may have up to four account types, but often only two options are available: a local account or a Microsoft account. In business editions (Pro, Pro for Workstations, Enterprise, Education), users can choose to set up the PC for personal use or for an organization-managed network, requiring assistance from a network administrator for the latter. Windows Home edition users are limited to a local or Microsoft account. The Microsoft account is necessary for accessing various consumer services and offers advantages such as full-disk encryption, simplified activation restoration, settings synchronization, and automatic sign-in to Microsoft services. A local account does not require an internet connection or email and is stored locally on the device, but lacks significant security benefits. Windows 11 Home requires a Microsoft account for initial setup, while Windows 11 Pro has a similar requirement since version 22H2. Users can create a local account after entering a fictitious Microsoft account. In corporate environments, users can join a domain using an Active Directory account created by a domain administrator. Microsoft Entra ID, which does not require a local server, is another account type that allows for settings synchronization across devices and is managed in the Azure cloud. To add additional accounts after setup, users can go to Settings > Accounts > Other users and select "Add account," with new accounts defaulting to Standard users but able to be upgraded to local administrators.

Winsage

August 25, 2024

Windows 11 24H2 Insider Release Preview channel build 26100.1586 is revised [Update]

Microsoft has updated its blog regarding the Windows 11 24H2 Release Preview build 26100.1586, introducing new features and enhancements that will be gradually rolled out to users. Key changes include: - Taskbar: The "End task" option now terminates tasks without showing a "not responding" dialog, accessible via Settings > System > For Developers. - File Explorer: - Users can duplicate a tab by right-clicking on it. - A memory leak issue occurs when interacting with archive folders. - File Explorer may become unresponsive during navigation. - Initial searches from Home may yield no results. - The address bar dropdown menu may appear unexpectedly. - Saving a file to Gallery may redirect to the Pictures library due to an error. - The search box may fail to display the correct folder name in Gallery. - A blank area may be visible at the top of File Explorer. - Back and forward mouse buttons may not function over the Recommended Files section of Home. - Images may flicker when viewed in the Gallery. Additionally, the update includes: - The browser disregards the "FrameShutdownDelay" value in the registry. - A deadlock issue occurs in the DNS client during domain controller startup. - A new prompt confirms activation of OpenSSH via the Server Manager UI. Recent updates have also improved the Windows recovery environment and enhanced Windows setup binaries and files for feature updates in Windows 11, version 24H2. Previous updates introduced support for Emoji 15.1, a revamped account manager for the Start menu, drag-and-drop functionality for apps, new backup options for sound settings, and fresh Lock screen content.