Running AGPM with a Managed Service Account (MSA or gMSA)

Hi, Service accounts are dead. Long live MSAs! But where can you actually use MSAs/gMSAs? One place that often pops up is Advanced Group Policy Management (AGPM) from the Microsoft Desktop Optimization Pack (MDOP). The installer for AGPM requires that you create a service account and enter its password manually. In a correctly configured AGPM…


Getting started with Storage Replica in Windows Server Technical Preview

Storage Replica (SR) is a new feature that enables storage-agnostic, block-level, synchronous replication between servers for disaster recovery, as well as stretching of a failover cluster for high availability. Synchronous replication enables mirroring of data in physical sites with crash-consistent volumes ensuring zero data loss at the file system level. Asynchronous replication allows site extension…


Migrating DFS Namespace from Windows 2000 Server mode to Windows Server 2008 mode

Hi,   I recently helped a customer with this tricky little exercise. The idea was to do the upgrade during office hours with as little downtime as possible and to run it remotely from one server.   It’s following the basic guide here:   But this formal guide wasn’t very “real world”. It forgets…


Office 2013 Security Baselines for SCM are live

Hi, Pat Fetty recently blogged about the new SCM baselines for Office 2013 going live. I opened up my local copy of SCM and imported the content: The .cab file contains the security settings. The “att” file contains the attachments which are Word documents describing the security baseline settings. You may get prompted at this…

A backup server flooded by DPCs

Hi, I’ve just finished working on a case with a customer that was so interesting that it deserved a blog post to round it off. These were the symptoms: Often while logged in to the server things would appear to freeze – no screen updates, little mouse responsiveness, if you could start a program (perfmon,…


Low throughput when copying files

Hi, I have been helping a customer with a tricky issue recently regarding slow network performance for SMB file copies over their network. It came about after they took the settings defined in Security Compliance Manager for their member servers and deployed them as a Group Policy to their server OU. After doing this, they…


Removing permission for users to upload their image to AD

Hi,   I recently had the pleasure to help one of our Premier customers with a query they have regarding saving images in Active Directory. Default Permission in AD By default, users have permission to save a jpeg or bmp file to their own AD user account. This file can be up to 100KB in…


Installing DHCP on Windows Server 2012 did not create the local groups

Hi again,   Another interesting case with a nice, easy solution. While working with a Premier customer recently we found that the 2 local groups relating to DHCP, “DHCP Administrators” and “DHCP Users” didn’t get created on their new DHCP servers. Only the role installation steps can do this for us as that will make…


MBAM 2.0 gets released along with Service Packs to most MDOP apps

Hi,   Just a quick note to publicise that MBAM 2.0 is now out, and each of AGPM 4.0, DaRT8.0, App-v 5.0, UE-V 1.0 each received their own updates to Service Pack 1. They are bundled in the new MDOP 2013. Read more about it here at the new home for the MDOP team:

Using SONOS as a “Play To” destination from within Windows RT

Hi,   I recently became the proud owner of the fantastic Sonos PLAYBAR. And while the Sonos team is considering creating a Windows 8 App to control their devices, I found a neat little hack to get the DLNA portion of the Sonos to become a “Play To” device from within Windows 8 music apps….