Microsoft has published a free Windows Server 2008 R2 E-book. Download it now…..

A new nice feature in Windows Server 2008 R2 is the Active Directory Recycle Bin. Deleted items can be restored without rebooting the Domain Controller(s), restarting the Active Directory Services and even without any backuptapes!! Let’s have a look on that.

The first step is to enable the Recycle Bin feature. Make sure your functional level is Windows Server 2008 R2 and keep in mind that when you enable this feature, you can’t disable this feature anymore!!

1.) Start the  Active Directory Module for Windows PowerShell
Import-Module ActiveDirectory

2.) View the actual settings of the Recycle Bin feature 
Get-ADOptionalFeature -Filter { name -like “Recycle*” }

3.) Enable the feature for your Active Directory environment 
Enable-ADOptionalFeature “Recycle Bin Feature” -Scope ForestOrConfigurationSet -Target E2K7SP2.LOCAL

4.) View all the deleted Active Directory objects 
Get-ADObject -SearchScope subtree -SearchBase “cn=Deleted Objects,dc=E2K7SP2,dc=LOCAL” -includeDeletedObjects -filter { name -notlike “Deleted*” }

5.) Restore the user objects you want 
Restore-ADObject -Identity “CN=User01\0ADEL:cc40dfd4-f671-4e90-90cc-3c8a33b18391,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User02\0ADEL:394ec482-5bb2-4131-bdb4-7c92d7193987,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User03\0ADEL:19f1bf8b-0227-486a-bc8d-ca72a342e116,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User04\0ADEL:1b00b1c9-1f1f-4b74-b027-fa88feb4069d,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”
Restore-ADObject -Identity “CN=User05\0ADEL:970b2597-4cf3-4971-87ea-9ada827e376d,CN=Deleted Objects,DC=E2K7SP2,DC=LOCAL”

6.) With this command you restore all the deleted items (Not Recommended!!)
Get-ADObject -SearchScope subtree -SearchBase “cn=Deleted Objects,dc=E2K7SP2,dc=LOCAL” -IncludeDeletedObjects -filter { name -notlike “Deleted*” } | Restore-ADObject

7.) All deleted Active Directory objects are restored now. Even the group membership of the users are restored!! Cool

In this article I’m going to set up a Read Only Domain Controller in a Windows 2008 environment. There’s already a writable Domain Controller available in the domain GPO.LOCAL. The first step is to Install a new Windows 2008 Server, in my example it’s a Core Edition. After the installation, you can begin configuring your new server.

– Enter the productkey:
slmgr.vbs -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

– Activate Windows:
slmgr.vbs -ato

– Rename the computer:
Netdom renamecomputer “%computername%” /newname:SRV-RODC01 /reboot:15

– Show all network interfaces:
Netsh interface ipv4 show interface

– Set a static IP address:
Netsh interface ipv4 set address name=2 source=static address=172.16.1.11 mask=255.255.0.0 gateway=172.16.1.1
(make sure that you’re choosing the right network interface. In this example it’s 2, so name=2 it means interface 2)

– Set a static DNS server:
Netsh interface ipv4 add dnsserver name=2 address=172.16.1.10 index=1

– Turn Remote Desktop (RDP) on:
Cscript %windir%\system32\SCRegEdit.wsf /ar 0

– Enable Remote Desktop (RDP) in the Windows Firewall:
netsh advfirewall firewall set rule group=”remote desktop” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)

– Enable Remote Management (RemoteCMD) in the Windows Firewall:
netsh advfirewall firewall set rule group=”Remote Administration” new enable=yes
(Note: type this rule in by your self, copy past will give an error!)Making the unattended.txt:
Copy and past the following test into the new textfile and save this file on the C: drive of the Core Server.
==================================================
[DCInstall]
InstallDNS=Yes
ConfirmGc=Yes
CriticalReplicationOnly=No
DisableCancelForDnsInstall=No
Password=********
RebootOnCompletion=No
ReplicaDomainDNSName=GPO.local
ReplicaOrNewDomain=ReadOnlyReplica
ReplicationSourceDC=srv-w2k8dc01.gpo.local
SafeModeAdminPassword=********
SiteName=Default-First-Site-Name
UserDomain=GPO.local
UserName=Administrator
==================================================

 – Run the DCPROMO
dcpromo /unattend:c:\unattend.txt15)

– Reboot the Domain Controller
shutdown -r -t 0

As you can see, when you make a connection to the RODC, you’re not be able to make any changes to existing users or groups and the option “New” is hidden when you right-click in your environment.

In the next post i’m going to delete a RODC from the environment. (for example if your server is stolen or something like that).

If you are like me, you were both excited and surprised to see Windows Storage Server 2008 available for download from the MSDN Subscriber Site. Unlike other Windows 2008 Server installations, Storage Server never asks you to create an Administrator password, so you are stuck at a login prompt with no idea on how to login.

Well, I’ve done the scouring for you and the default password is wSS2008!

Hopefully that helps someone out!

A cool new feature in Windows Server 2008 are the User Preferences. With this user preferences you’re able to create a lot of things, such as:

- Drive Maps
- Environment variables
- Files
- Folders
- Ini files
- Registry keys
- Shortcuts

In my testenvironment I’ve build a custom start menu for the user in my environment. You can do this by using the User Preferences. When you’re using Item-Level targeting, you can manage what users are getting some shortcuts. In this example I’m using Item-Level targeting with Security Groups, so when a user is member of a specific security group, he’ll receive the shortcut in his start menu.

1.) First make a new Group Polciy
2.) Go to User Configuration, Preferences, Windows Settings, Shortcuts
3.) Create a new shortcut
4.) Fill in the right path’s **picture 3**
5.) Go to the Common tab
6.) Enable “Remove this item when it is no longer applied” (note: this will change the “Action” to Replace)
7.) Enable “Item-level targeting” and click “Targeting”
8.) Select the way off targeting (note: in this example I’m using Security Group)
9.) Make the right users members of the security group
10.) Logon to your workstation and check your start menu

As you can see, based on the group membership, User01 get’s his shorcuts to the different applications. This can also be configured on the other User Preferences.

After a default installation of a Windows 2008 Server Core Edition, the screen is locked in 600 seconds. You can change this with a registry key.

Hive: HKEY_CURRENT_USER
Key: Control Panel\Desktop
Name: ScreenSaveTimeOut
Type: REG_SZ
Value: 3600
(default is 600, 10 minutes)

Use the following registry keys to prevent Windows from auto logon.

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: AutoAdminLogon
Type: REG_SZ
Value: 1 enable auto logon
Value: 0 disable auto logon

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: DefaultUserName
Type: REG_SZ
Value: account to logon automatically (for example: Administrator)

Today i’ve installed two Windows 2008 Terminal Servers in my testenvironment. After configuring the group policy and installing the applications, the first testuser was logging in.

Everything looks fine, but there was a problem with Adobe Reader 9.0. The application wasn’t able to start and I received a EventID 1000 in the event viewer of my Terminal Servers.

—————————————————-
 ”Faulting application AcroRd32.exe, version 9.0.0.332, time stamp 0x4850f0a3, faulting module Annots.api, version 9.0.0.332, time stamp 0x4850e57f, exception code 0xc0000005, fault offset 0x001bd9e0, process id 0xb9c, application start time 0x01c99438e39a6ea2.”
—————————————————- 

So I started to trouble shoot and I found the following solution. This action must be configured on every Terminal Server.

Set the compatibility mode of AcroRd32.exe to Windows XP (Service Pack 2). After this modification, everything works fine!

1) Browse the executable AcroRd32.exe on your Terminal Servers
2) Right-click on the executable and choose properties
3) Go to the Compatibility tab
4) Choose Show settings for all users
5) Enable the compatibility mode Windows XP (Service Pack 2)