Thursday 23 October 2014

DNS Server: Network Devices getting wrong (old) DNS server

Witgh Windows 7, if it will keep the current DHCP lease it had prior to reboot as long as the gateway can be pinged, so it won't look for a renewal. Here's more on this:
If the DHCP client obtained a lease from a DHCP server on a previous occasion, and the lease is still valid (not expired) at system startup, the client tries to renew its lease.  If, during the renewal attempt, the client fails to locate any DHCP server, it attempts to ping the default gateway listed in the lease, and proceeds in one of the following ways:
•If the ping is successful, the DHCP client assumes that it is still located on the same network where it obtained its current lease, and continues to use the lease as long as the lease is still valid.  By default the client then attempts, in the background, to renew its lease when 50 percent of its assigned lease time has expired.
•If the ping fails, the DHCP client assumes that it has been moved to a network where a DHCP server is not available.  The client then auto-configures its IP address by using the settings on the Alternate Configuration tab.  When the client is auto-configured, it attempts to locate a DHCP server and obtain a lease.
As a workaround, you can force a Windows Vista or Windows 7 DHCP client to keep the old DHCP lease by adding registry key “DontPingGateway” if connectivity fails, see the resolution in the KB article below:
Windows Vista does not keep its DHCP IP address if a DHCP server is not available (works for Windows 7, too):
http://support.microsoft.com/kb/958336
.
So that wouldn't be a good method to test it, but as you said, simply manually run a renewal.
.
As for the GPO, this link shows where to look:
Use DNS Servers GPO Setting:
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/kb/294785

Wednesday 8 October 2014

Command prompt: How to Change a Computer Password Using Command Prompt

  • 591,878 views
  • 41 Editors
  • Edited 5 weeks ago
A command prompt is a command you issue to your computer using a built-in program. To change a computer password using Microsoft Command Prompt, follow these instructions. 1. Open command prompt: To do this just click or press the windows start button on your pc and type in command prompt...then click the command prompt icon when it shows or hold the windows start button and press R to open the windows run menu then type in cmd to open command prompt 2.To change a user's password at the command prompt, log on as an administrator and type: net user user_name * /domain When you are prompted to type a password for the user, type the new password, not the existing password. After you type the new password, the system prompts you to retype the password to confirm. The password is now changed.

Alternatively, you can type the following command: net user user_name new_password When you do so, the password changes without prompting you again. This command also enables you to change passwords in a batch file.

Non-administrators receive a "System error 5 has occurred. Access is denied" error message when they attempt to change the password

Steps

  1. Change a Computer Password Using Command Prompt Step 1.jpg
    1
    O#Reboot the computer
    Ad
  2. Change a Computer Password Using Command Prompt Step 2.jpg
    2
    Right after the bios is finished, hit F8 (or F2,F10,F12)
  3. Change a Computer Password Using Command Prompt Step 3.jpg
    3
    Select 'Safe mode' or 'Safe mode with networking support'
  4. Change a Computer Password Using Command Prompt Step 4.jpg
    4
    Windows will boot up to the logon screen. Click administrator, 9/10 there is no password.
  5. Change a Computer Password Using Command Prompt Step 5.jpg
    5
    Open Command Prompt. You can go to Start > Run and type cmd.exe or simply search for cmd using the Windows search function.
  6. Change a Computer Password Using Command Prompt Step 6.jpg
    6
    Type net user and press Enter. This will bring up a list of user accounts. Look here for the name and exact spelling of the account whose password you wish to change.
  7. Change a Computer Password Using Command Prompt Step 7.jpg
    7
    Type net user name goes here *. Do not neglect any of the spaces (particularly the one before the *) or the command won’t work.
  8. Change a Computer Password Using Command Prompt Step 8.jpg
    8
    Press Enter. Once submitted, the command will give you the option of typing a new password for the user.
  9. Change a Computer Password Using Command Prompt Step 9.jpg
    9
    Carefully type the desired password and press Enter. The characters will not display as you type, so make sure the Caps Lock isn’t on and be very thorough with the spelling and punctuation.
  10. Change a Computer Password Using Command Prompt Step 10.jpg
    10
    Retype the password to confirm. This should weed out any typos.
  11. Change a Computer Password Using Command Prompt Step 11.jpg
    11
    Press Enter. The new password should go into effect immediately. If you get an error message or your access is denied, the account you’re working on doesn’t have high enough authorization to change any passwords. See Tips for possible solutions.

Tuesday 7 October 2014

GPO: How to show or hide Control Panel items in Windows 7 using Group Policy

How to show or hide Control Panel items in Windows 7 using Group Policy

One of the common lock down’s that administrator apply to Remote Desktop Services Servers (a.k.a. Terminal Services (a.k.a. Citrix)) is to remove all but the essential control panel items.
Previous to Windows 7 you had to specify the .cpl (e.g. timedate.cpl) file name of the control panel item you wanted to show or hide however this has changed in Windows 7 and you now need to use the Canonical Name when hiding or showing specific items.
Below I will explain the new way of configuring control panel items for Windows 7 and show you the affect that this has on the control panel.
Before you begin I recommend that you take a look at http://msdn.microsoft.com/en-us/library/ee330741(VS.85).aspx which lists all the Canonical names for the control panel items for Windows 7. You will need to know what CN of the item you want to restrict or allow.
Note: In this example we are only going to show the control panel items we want to see (white list) however if you use the Hide specified Control Panel items policy setting you can black list only the items you don’t want listed.
Step 1. Edit the Group Policy object that is applied to the users that you want to apply the Control Panel configuration.
Step 2. Navigate to User Configuration > Policies > Administrative Templates > Control Panel
Step 3. Double click on the Show only specified Control Panel items setting then check Enabled and then click then Show button.
image
Step 4. Now you have the Show Contents dialog box open  you need to visit the web site that list the names at Canonical Names of Control Panel Items and copy the Canonical name for the control panel item you want to display.
Paste the name into the value field enter the canonical name of the control panel item you want to show in the Value field and click OK.
image
You will now see that the only available control panel item is the Region and Language options (see below).
image
However this view is somewhat confusing for users as they can still click on the category but there are not items to display (see below).
image
To get around this problem also enable the Always open All Control Panel Items (a.k.a Force classic Control Panel) when opening Control Panel setting in the same GPO.
Note: This option is probably not needed if you used the Show only specified Control Panel setting instead.
image
Now when the users open control panel they will only see the specific control panel items you have allowed without the empty categories.
image