There are quite a few schedules for Active Directory replication – some of which we are very aware and some of which are better hidden and oft forgotten.  Let’s start by looking at the connection object schedules. Connection Objects Connection objects are created for replication partners with schedules which vary by whether the partner is intrasite or intersite.  Schedules for intersite partners are generated from the site link on the transport – a mix of the schedu... [More]

Kinda by accident I came across an interesting behavior in Windows Server 2003 Remote Desktop. By default, on a Windows 2003 workgroup server, regardless of the user account rights or security group membership, remote desktop does not allow a user with a blank password to logon through Terminal Services.  This is because of a policy setting called Accounts: Limit local account use of blank passwords to console logon only.  However, via an odd series of steps, you can still logon with a... [More]

When runas was introduced, it took all of us a little bit of time to figure out how to do the things the way we were used to. Though it didn’t seem we could perform a runas on explorer, many of us found that we could use Internet Explorer to browse our folders like it was explorer. Then came IE7 and that ability went away. By default, if we tried to run explorer out of runas we'd find that the shell would open with the same account we already had running. Though Microsoft has taken away t... [More]

This is intended to be part of a larger series on the registry.  I have always loved the registry because there is just so much potential there.  Group policy has really made that evident and now more than ever with group policy preferences.  However, there is a lot that is misunderstood in the registry – and much of it by me.  So, this will be an exercise in my own education as much as an exposition.  Let’s start with the staples of the registry.  The ... [More]

Did you know that there are really six (6) FSMO roles?  I didn’t either until I was interviewing a candidate at Microsoft one day and I made the same request I make of every candidate – name the FSMO roles.  The only two that he knew were the PDC and Schema Master but he also named another role that made me think – the ISTG.  It’s the reason I love to do interviews.  I almost always learn something – even if it is just a glimpse at a fresh perspe... [More]

One of my all-time favorite group policy settings is DNS Servers in the Network / DNS Client node under Administrative Templates. Now this policy setting only applies to XP and while I don't know the exact reason, I can speculate. While I was doing a migration I was presented with a challenge. I needed to migrate some workstations by business unit rather than by subnet or DHCP scope. So, I may have two machines sitting right next to each other that each used the same DHCP server and were part o... [More]

I was creating a secure baseline build for our organization’s Windows Server 2003 member and application servers and at the time I was working on locking down unneeded services.  Messenger service?  Yea, let’s disable that.  Alerter service?  Disable.  DHCP Client service?  These are member servers which are statically configured so no need for that.  Disable it.  Oops…guess we do need that service after all.  As you know - better ... [More]