As you know, Windows Server 2016 will have Defender installed by default. Here could be a problem as we have to do some exclusions and we don’t look how the Defender is configured by default.
Microsoft published one great post where you can see what are exceptions in Defender for each server role and of course this is a good start also to configure your own antivirus software. Be careful, because it is true that antivirus software can protect you, but a misconfigured one can make also damages.
Export and import DHCP settings with netsh
Sometimes you will have to transfer DHCP settings via netsh command. This could be useful for a couple of reasons and it is fine to know how to approach it. Anyway, this is the quickest way to do a DHCP migration.
First you have to login to source server (it could be also a failover clustered DHCP service) and open CMD as Administrator. Then you have to enter in netsh mode with typing:
netsh
Now you have to select server with typing:
dns server \\servername
Where servername is the name of the old DHCP server or clustered service name. This will connect you to DHCP server and you are ready to export settings with this command:
export filename all to export the entire configuration or
export filename 192.168.222.0 to export only a scope configuration (in my case 192.168.222.0)
Of course, you have to replace the filename with full path and name of the file where you want to save exported data. This file now must be transferred to target – new server and we are ready to import the configuration. Of course, priory you import the configuration, the new server has to be authorized in AD. To begin an import procedure, we have to do the same steps as on the old server; open command prompt, enter into netsh mode and select DHCP server. After this, we have just a step to import settings with this command:
Import filename all to import all settings or
Import filename 192.168.222.0 to import just a scope
That’s all. Just be sure to double-check if the import did its job, disable and unautorize the old server (you can do it also with netsh: netsh dhcp delete server ServerIP). Of course, don’t forget to uninstall the service on the old computer.
You have finished. Good work!
Empty screen when you login to DC
Recently I took custody over an IT system and unfortunately, the previous admin was not really an expert – I expected some problems with implementation of best practice.
Anyway, I found this problem: after deleting some stupid settings in Default domain policy, I was not able to login to domain controllers. The login (it was the same if I tried to login locally or thru RDS) showed me only clean blue screen, without any icon, without start menu and other content. The first approach was trying with CRTL + ALT + DEL and launch Task manager where I wanted to start Explorer. Well, also Task manager didn’t work.
When I exanimated what I did previously (what could be the cause of this error) I found that I removed some settings form default domain policy (in my case it was the setting that allowed Domain admins to act as a part of OS – I didn’t even try to restore it ). Here, I suspected that it could be a security problem and I run two commands remotely using PSexec:
Net localgroup Users Interactive /add
Net localgroup Users “Authenticated Users” /add
Unexpectedly this solved my problem also if local groups are disabled on DC.
Hope that it will help someone.
RDS personal desktops in Windows Server 2016
Windows server 2016 TP5 is available and there are few new features to try. Personally I was happy to see few new features because they solved some problems to me.
The first feature that I like is Session-based desktops. Practically is a new approach to VDI –we can say that is hybrid deployment between VDI and RD Session host. The result of this deployment will be that any user will have dedicated server to connect – one deployed server is full desktop for one user. This kind of deployment with installed desktop experience will look as Windows 10 and can replace deployment of Windows 10 based VDI. So where is difference? Easy to say. You can use this type of deployment in SPLA environment where VDI scenarios are not allowed, you can use it in Microsoft Azure (here you cannot deploy VDI as you cannot access to host) and similar scenarios. There is also a licensing advantage as you not need Windows 10 licenses and VLS – you can license all instances of “VDI machines” using one Windows server 2016 Datacenter license. This is cheaper!
The second feature I like is SQL database location for RD gateway. Now you can locate this database to Azure. My opinion is that in some cases this will be very positive and the right solution when we talk about hybrid deployments. It just open new possibilities to deploy a RDS farm.
You can read more about what’s new in RDS 2016 here.
Free Microsoft E-Books
Need to learn about Microsoft technologies? If the answer is yes, you can start downloading E-Books from here. They are completely free and very useful.
Try them!
