梦想照进现实

使用高级用户账户控制面板

1在运行中执行 netplwiz 命令

2此时将自动打开「高级用户账户控制面板」，在此你可以选中需要自动登录的账户名称 — 取消勾选「要使用本计算机，用户必需输入用户名和密码」选项 — 点击「应用」

3在点击「应用」后会自动弹出「自动登录」窗口，在这里输入账户的密码以便在 Windows 10 自动登录时使用。

当以上配置完成时，下次重启电脑之后便会用配置好的账户自动登录了。 Read more…

Neither the Windows Settings app nor the Control Panel will let you configure multiple time-servers in Windows. You’ll need to execute some commands in the Command Prompt to get this set up. I’ll walk you through the whole process:

1. Open an administrative Command Prompt by searching for “cmd” in the Start menu, right-clicking on the program, and choosing “Run as administrator”.
2. Ensure that the time service is currently running by stopping and starting it by entering following command and pressing Enter:
   

   net stop w32time & net start w32time

3. Configure your list of preferred time-servers by listing their IP or DNS addresses within the quotation marks in the following command; separating multiple servers with spaces:
   

   w32tm /config /update /manualpeerlist:"pool.ntp.org time.windows.com time.apple.com time.cloudflare.com"

The above example configures Windows to use time-servers operated by the NTP Pool Project, Microsoft, Apple, and Cloudflare. Note that there shouldn’t be any line breaks in the command; it’s all on one line.

4. Lastly, we’ll tell Windows to resynchronize its time against the newly configured time-servers and finally show the new configuration to confirm that everything is working:
   

   w32tm /resync
   w32tm /query /peers

Note that these changes won’t show up if you go to inspect your internet time configuration in the Time and Date section of the Control Panel. You shouldn’t make any changes there to avoid overwriting your manual configuration.

$computer = Get-Content "c:\users\path\to\my.csv"
Foreach($computer in $computer){
$NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer |where{$_.IPEnabled -eq “TRUE”}
}
  Foreach($NIC in $NICs) {
$DNSServers = “8.8.8.8",”192.168.40.119" # set dns servers here
 $NIC.SetDNSServerSearchOrder($DNSServers)
 $NIC.SetDynamicDNSRegistration(“TRUE”)
}

$computer = Get-Content "c:\users\path\to\my.csv"
$NICs = Get-WMIObject Win32_NetworkAdapterConfiguration -computername $computer |where{$_.IPEnabled -eq “TRUE”}
  Foreach($NIC in $NICs) {
$DNSServers = “8.8.8.8",”192.168.40.119"
 $NIC.SetDNSServerSearchOrder($DNSServers)
 $NIC.SetDynamicDNSRegistration(“TRUE”)
}

To configure the certificate template

1. On CA1, in Server Manager, click Tools, and then click Certification Authority. The Certification Authority Microsoft Management Console (MMC) opens.
2. In the MMC, double-click the CA name, right-click Certificate Templates, and then click Manage.
3. The Certificate Templates console opens. All of the certificate templates are displayed in the details pane.
4. In the details pane, click the RAS and IAS Server template.
5. Click the Action menu, and then click Duplicate Template. The template Properties dialog box opens.
6. Click the Security tab.
7. On the Security tab, in Group or user names, click RAS and IAS servers.
8. In Permissions for RAS and IAS servers, under Allow, ensure that Enroll is selected, and then select the Autoenroll check box. Click OK, and close the Certificate Templates MMC.
9. In the Certification Authority MMC, click Certificate Templates. On the Action menu, point to New, and then click Certificate Template to Issue. The Enable Certificate Templates dialog box opens.
10. In Enable Certificate Templates, click the name of the certificate template that you just configured, and then click OK. For example, if you did not change the default certificate template name, click Copy of RAS and IAS Server, and then click OK.

Read more…

We need to confirm the following before we go ahead with the Microsoft LAPS configuration.

1. Client operating systems – Windows Server 2019, Windows Server 2016, Windows 10, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows 8, Windows Vista, Windows 8.1
2. Active Directory – Windows Server 2003 SP1 or later
3. Management Tools – PowerShell 2.0 or later, .Net Framework 4.0 or later

Installing Microsoft LAPS

The next step of the configuration is to install Microsoft LAPS. To do that,
Read more…

Server 2019默认远程桌面连接数是2个用户，如果多余两个用户进行远程桌面连接时，系统就会提示超过连接数，可以通过添加远程桌面授权解决：

1.添加远程桌面授权服务

• 第一步：服务器管理 – 添加角色和功能打开添加角色和功能向导窗口，选择基于角色或给予功能安装：
  
• 第二步：添加远程桌面会话主机和远程桌面授权功能：

  

Read more…

操作主机是ActiveDirectory中的特殊对象，具备操作主机角色的域控制器担任着活动目录核心功能，如果操作主机不可用，整个活动目录都会出现异常，甚至崩溃。

操作主机角色的唯一性决定了不是任意一台域控制器都能管理整个域，当一台承担着操作主机角色的域控制器需要停机维护，就需要将主机角色转移到另一台正常运行的域控制器上；但是当承担操作主机角色的域控制器突然崩溃，无法正常运行，就需要使用强制手段占用操作主机，它被称为强制转移。 Read more…

Step 1: Backup Windows Server 2008 R2 certificate authority database and its configuration

1. Log in to Windows 2008 R2 Server as member of local administrator group
2. Go to Start > Administrative Tools > Certificate Authority
3. Right Click on Server Node > All Tasks > Backup CA
   
   Certification Authority Backup CA
4. Click Next on the Certification Authority Backup Wizard screen
5. Click both check boxes to select both items to backup and provide the backup path for the file to be stored
   Certification Authority Backup Wizard Item Selection
6. Click Next
7. Provide a password to protect private key and CA certificate file and click on next to continue
8. Click Finish to complete the process

Read more…

Step 1: Backup Windows Server 2008 R2 certificate authority database and its configuration

1. Log in to Windows 2008 R2 Server as member of local administrator group
2. Go to Start > Administrative Tools > Certificate Authority
3. Right Click on Server Node > All Tasks > Backup CA
   
   Certification Authority Backup CA
4. Click Next on the Certification Authority Backup Wizard screen
5. Click both check boxes to select both items to backup and provide the backup path for the file to be stored
   Certification Authority Backup Wizard Item Selection
6. Click Next
7. Provide a password to protect private key and CA certificate file and click on next to continue
8. Click Finish to complete the process

Read more…