Implementing Multiple AGPM Servers

Hi Everyone, Paulo here, a Microsoft Premier Field Engineer (PFE), recently I have had several customers querying about how to deploy multiple AGPM Servers per Forest/Domain. As you know AGPM was designed to centralize change control over Group Policies so not exactly developed for this intended purpose. The configuration of Group Policy in a single… Read more

Cluster Network Name Resources fail to come Online with Error 2114

Hello, my name is Chuck Timon and this is my first blog post as a Premier Field Engineer. Previous to my current position, I posted to the Core Team blog and the System Center: Virtual Machine Manager Engineering Blog. In this post, I examine a customer issue where two cluster network name resources in a… Read more

Replication Hurricanes: Why Restricted Groups are a No-Go for Domain Based Groups

Hi everyone! My name is Tim Medina, Premier Field Engineer, and today we are going to take a brief look at GPOs with a focus on restricted groups. More importantly, we will discuss how, if used in an unsupported manner, you can cause your very own replication hurricane. But, before we get into that let’s… Read more

Windows Backups Failing with Associated VSS 8193 Errors

  Hi, this is Michael Koeppl again. I’m with the Premier Mission Critical (PMC) Team and assisting customers when they hit OS issues in their critical infrastructure, and today I wanted to talk with you about an interesting Windows Backup issue I encountered. My customer realized that his System State Backups (https://technet.microsoft.com/en-us/library/cc938537.aspx) on one of… Read more

Securing RDP with IPSec

Hi Everyone, this is Jerry Devore back with a follow-up topic from my previous post on Privileged Administrative Workstations (PAW) which is a hardened device configuration used to protect privileged credentials. In that post, I mentioned that it is possible to use IPsec to ensure an admin can only make a RDP connection to Tier… Read more

Viewing Memory in PowerShell

Hello there, this is Benjamin Morgan, and I’m a Premier Field Engineer covering Active Directory and Platforms related topics.  This is my first blog post, and I hope you are all as excited about this as I am! Today I want to talk with you about a couple of quick ways for querying system memory (and provide… Read more

Using Computer Name Aliases in place of DNS CNAME Records

Hi everyone. Graeme Bray here with an article around using Computer Name Aliases instead of DNS CName records.  In the past, we used to set the registry key DisableStrictNameChecking to be able to add a DNS alias to connect via a name (such as fileserver.contoso.com).  Starting with Windows Server 2008, we added functionality to be… Read more

Hey Dude, Where’s My Winlogon.log?

Hi this is Michael from the PMC PFE Team, I recently helped a customer during the implementation of their Windows Server 2016 systems. When checking the Event viewer, we spotted a well-known Event ID: Log Name:      Application Source:        SceCli Date:          08.03.2017 17:49:21 Event ID:      1202 Task Category: None Level:         Warning Keywords:      Classic User:          N/A Computer:     … Read more

How to Secure an ARM-based Windows Virtual Machine RDP access in Azure

  Hi, Mark Rowe here, and I am the creator of Augmented Living, a Developer/Architect for Microsoft’s Modern Applications Solution Center as a senior consultant, and a long-time Microsoft fanboy and blogger. One of the most hit aspects of security is RDP on the default ports with poor password governance. People are busy, we all… Read more