Windows | danejeffrey.com

Archive for the ‘Windows’ Category

netsh – Set Multiple DNS Servers

Wednesday, October 5th, 2011

So to set a single DNS server using netsh at the Windows command prompt you can do as follows:

netsh> interface ip
netsh interface ip>set dns "Local Area Connection" static addr=10.0.0.1

The first command changes to the interface ip context. The second command sets a single DNS server. That’s great when you have one server but many networks will have alternate addresses as well. To add those, use this:

netsh interface ip>add dns "Local Area Connection" addr=10.0.0.2

You can also put index=X at the end of the command to put the server in the right place in the ordered list.

Finally, to get DNS servers via DHCP instead of static, do this:

netsh interface ip>set dns "Local Area Connection" dhcp

The same syntax as above can be used for WINS servers as well, just replace dns with wins.

For Windows 7, the commands are basically the same but some syntax has changed, for example, replace dns with dnsservers and wins with winsservers. The context has also changed when you switch to the interface ip context it will be labelled netsh interface ipv4. Do a “set/add dns ?” for command help.

Popularity: 6% [?]

Tags: microsoft, windows
Posted in Windows | No Comments »

Windows 8 Developer Preview – Virtual Machine Install

Tuesday, September 20th, 2011

Since Windows 8 Developer Preview / Pre-Beta is now available, thought I’d give it a test running as a virtual machine in VMware Workstation.

Initially tried the 32-bit version of Windows 8 under VMware Workstation 7.0.1 but it failed to start with a HAL_INITIALIZATION_FAILED error, with the fancy new sad face BSOD.

Tried multiple different CPU, Memory and HDD configurations but would always end up with the same result. So, to be sure it wasn’t going to run in Workstation 7, I downloaded the latest build version 7.1.4 and gave that a try. Same result.

As is documented in numerous places online, the Windows 8 Developer Preview will work in VMware Workstation 8 and in the latest build of VirtualBox (v4.1.2). It is not supported in most older virtualization software including Virtual PC. If you’re just intending to run up a Windows 8 virtual machine for testing purposes, VirtualBox is probably the way to go. You can run VMware Workstation as a trial for 30 days but you will then need to purchase whereas VirtualBox is freely available under the GNU GPL v2.

As for Windows 8 on VMware ESX or ESXi (any version), subscribe to this KB for updates: http://kb.vmware.com/kb/2006859 Note: Although there are Windows 8 options in the Guest Operating System drop down in vSphere / ESXi 5 (though only when editing the VM, not creating it), VMware is not currently supporting Windows 8 in that environment. I ended up getting the same HAL_INITIALIZATION_FAILED sad face BSOD as above in Workstation when trying to get Windows 8 to start under ESXi 5.

Popularity: 10% [?]

Tags: microsoft, windows
Posted in Windows | 1 Comment »

Getting Windows 7 BitLocker To Backup Recovery Info To Active Directory In A Windows Server 2003 Domain

Wednesday, June 1st, 2011

Long title but pretty much explains it all. Thread about this here [social.technet.microsoft.com]

So you’ve got Windows 7 clients and a Windows Server 2003 domain. All the domain preparation has been completed (schema extensions for Vista, etc) and all your Group Policy settings in place to require a machine to backup its recovery keys / recovery passwords to Active Directory before enabling BitLocker, but it isn’t working.

First, try running:

manage-bde -protectors -adbackup c: -id <numerical_id>

I was getting a group policy permission denied error which matched the situation in this thread [social.technet.microsoft.com]

I initially tried setting the necessary GPO options via local policy, see here [blogs.technet.com] – refers to Group Policy, but use local policy (gpedit.msc) on the target Windows 7 machine. This will work, but because you have Windows Server 2003 domain controllers and even trying to set Group Policy on a Windows 7 machine with RSAT installed, the Windows 7 group policy options are not available (i.e. the Fixed Data drive, Operating System drive, etc options). They are only available in the ADMX templates which Windows 2003 can’t read. So, you need to set them using Extra Registry Settings instead.

Also, it turns out that the backup to AD registry settings that get applied have changed from Windows Vista to Windows 7 (because Windows 7 extends upon BitLocker beyond what Vista offered). In Vista the policy created keys called:

ActiveDirectoryBackup, REG_DWORD (1)
ActiveDirectoryInfoToStore, REG_DWORD (1)
RequireActiveDirectoryBackup, REG_DWORD (1)

Windows 7 does not recognise these as they are now on a drive type basis. So, create in your GPO Extra Registry Settings as follows (this is for enabling FVE on an OS drive):

OSActiveDirectoryBackup, REG_DWORD (1)
OSActiveDirectoryInfoToStore, REG_DWORD (1)
OSRequireActiveDirectoryBackup, REG_DWORD (1)

These registry settings should be created in HKLM\SOFTWARE\Policies\Microsoft\FVE

Remove the local settings (if you chose to test that way) and once Group Policy is updated, the correct settings will be applied and AD backup of BitLocker recovery info will work. Note that backup of recovery info is only ever attempted once during the BitLocker enable process. It can be retried with the manage-bde command as shown above though.

Popularity: 18% [?]

Tags: 7, microsoft, windows
Posted in Windows | 2 Comments »

Windows NTFS Permissions To Allow Create File Access But Not Modify Files

Wednesday, February 23rd, 2011

Generally speaking, NTFS permissions for creating files and modifying data are one and the same, that is, Create files / write data are a single item in the Advanced Security Settings -> Permissions Entry dialog.

However, it is possible to grant create file access separately to write data access. This is done by granting the following permissions (assume the group to apply this to is called CreateOnlyGroup):

Name	Permission	Apply To
CreateOnlyGroup	Read & Execute	This folder, subfolders and files
CreateOnlyGroup	Create files / write data	This folder and subfolders
CREATER OWNER	Read & Execute	Files only

If you wanted to allow the CreateOnlyGroup to then be able to modify the files that they created but not ones that they didn’t, just change the CREATER OWNER permissions to allow that.

Popularity: 27% [?]

Tags: windows
Posted in Windows | No Comments »

Internet Explorer 8 (IE8) Security Warning after DivX Plus Web Player Install

Tuesday, December 14th, 2010

As the title suggests, after installing the DivX codec and then also installing the DivX Plus Web Player component which is an Add-On for IE, I began to receive the IE Security Warning about mixing secure (https) and non-secure (http) content on the same page for every https page that was loaded.

The reason is because the add-on seems to add a whole bunch of CSS content to the browser rendered page when it is enabled. Checked this using the IE8 Developer Tools (in IE: Tools -> Developer Tools). The following screen shot shows some of the content added, there is more.

To stop the security warning from constantly popping up, in IE go to Tools -> Manage Add-Ons. Select the DivX Plus Web Player HTML5 item and hit Disable. This will also disale the DivX HiQ helper object as well.

Close and re-open the browser and try the https page again, you should no longer see the Security Warning.

Popularity: 50% [?]

Tags: divx, ie, microsoft, security
Posted in Windows | 3 Comments »

Home | Blog | Gallery | Contact | Music | About |