Microsoft released a new tool for analyzing and comparing sets of Group Policy Objects (GPOs). The tool is is deliverd in a .zip file and requires no installation.
http://blogs.technet.com/b/secguide/archive/2016/01/22/new-tool-policy-analyzer.aspx
Troubleshooting Windows Update Agent
A short guide for troubleshooting Windows Update Agent:
1. Download and execute//install “System Update Readiness Tool (CheckSur)” from https://support.microsoft.com/en-us/kb/947821.
Check the following log for errors C:WindowsLogsCBSCheckSUR.log
2. For any updates that could not be repaired by CheckSur, download the msu-package manually from Microsoft Catalog, http://catalog.update.microsoft.com/v7/site/Home.aspx or from Microsoft Download Center, http://www.microsoft.com/download
3. Create the folder C:WindowsCheckSurpackages if it doesnt already exists and move the downloaded updates there.
4. Execute “System Update Readiness Tool (CheckSur)” again.
5. Install updates from Windows Update.
How to Clean up the WinSxS Directory
I would like to recommend this really good blog-post that describes how to clean up the WinSxS Directory and free up diskspace on Windows 2008 R2:
http://blogs.technet.com/b/askpfeplat/archive/2014/05/13/how-to-clean-up-the-winsxs-directory-and-free-up-disk-space-on-windows-server-2008-r2-with-new-update.aspx
Remove the BDEDrive partition
MDT creates a partition named BDEDrive when it installs Windows OS. This drive is used with Bitlocker to boot the OS. If Bitlocker never will be used the BDEDrive can be removed using the following procedure:
1. Start an elevated command promt and execute the following command to copy startup files to the C-drive:
bcdboot C:Windows /s C:
2. Set partition C: as active:
diskpart
list disk
select disk 0
list part
select part 1
active part
3. Reboot the computer:
shutdown -r -t 0
4. Delete the BCD Drive:
diskpart
list disk
select disk 0
list part
select part 2
delete part
There is a more indepth explanation at the following site:
http://aikitsupport.com/bde-drive-removal/
FREE Microsoft eBooks
Microsoft Senior Sales Excellence Manager – Eric Ligman posted a list of almost 300 FREE Microsoft eBooks. You can download them all from hos blog at the following address:
http://blogs.msdn.com/b/mssmallbiz/archive/2014/07/07/largest-collection-of-free-microsoft-ebooks-ever-including-windows-8-1-windows-8-windows-7-office-2013-office-365-office-2010-sharepoint-2013-dynamics-crm-powershell-exchange-server-lync-2013-system-center-azure-cloud-sql.aspx
Recover From An USN Rollback
Very interesting article about a possible way to recover from an USN rollback:
http://thoughtsonopsmgr.blogspot.se/2014/03/solving-domain-controller-issues.html
Pass the hash solved or not?
Microsoft released KB2871997 to address the “Pass the hash” vulnerability, but according to the following blog post pass the hash is still possible using the local Administrator account (SID 500):
http://www.pwnag3.com/2014/05/what-did-microsoft-just-break-with.html
Event 1500, The SNMP Service encountered an error
We are seeing the following errormessage in the systemlog on servers that has the SNMP features activated:
Log Name: System
Source: SNMP
Date: 2012-08-16 03:05:19
Event ID: 1500
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: server.domain.tld
Description: The SNMP Service encountered an error while accessing the registry key SYSTEMCurrentControlSetServicesSNMPParametersTrapConfiguration.
The solution (acatually a workaround) is to create the registry key mentioned above as it is missing. More information can be found in Microsoft KB Article 2002303, http://support.microsoft.com/kb/2002303
Use PowerShell to Find Service Accounts
I was looking for a way to find service accounts using PowerShell and found the following post on the “Hey, Scripting Guy! Blog”:
To summarize, you can use the Get-WmiObject cmdlet to retrieve information about service accounts as in the following example:
Get-WmiObject win32_service | format-table Name, StartName
ern.nu 