Pages

Tuesday, August 21, 2012

Audit Logon Times with Windows Server 2003 Group Policy

You can use Windows Group Policy to track employee log in times. Here I will show you how to enable log in auditing using a Windows Domain and Group Policy Objects (GPO).

For this you need follow me in the steps below:

* First: we need create a new Policy and Configure Enable auditing in your Policy.
  1. Click Start > Administrative Tools > Active Directory Users and Computers.
  2. In  "Active Directory Users and Computers" open window, right click on name of you Domain, and click on Properties.
  3. In the new open window, click Group Policy tab, click on Open.. button.
  4. In the "Group Policy Management", click to expand your domain.
  5. Right click in "Group Policy Objects", and click on New.
  6. In "New GPO" open window type the name of the new Policy, and click OK.
  7. Expand "Group Policy Objects", right click on the new created policy, and click to Edit.
  8. Click to expand Computer Configuration > Windows Settings > Security Settings > Local policy.
  9. Click to select Audit Policy.
  10. In the right panel double click on "Audit account logon events".
  11. In the "Audit account logon events" open windows click to check boxes "Success" and "Failure", then click OK.
  12. Now double click on "Audit logon events".
  13. In the "Audit logon events" open windows click to check boxes "Success" and "Failure", then click OK.
  14. Close The Group Policy Object Editor window.
* Audit account logon events: This secutity setting determines whether to audit each instance of a user logging on to or logging off from another computer in wich this computer is used to validate the account.

* Audit logon events: this security setting determines whether to audit each instance of a user logging on to or logging off from a computer.

Now you need will be assigning the policy to an Organizational Unit (OU) containing the computers we wish to have under the policy. For this follow the steps below.
  1.  Click Start > Administrative Tools > Active Directory Users and Computers.
  2. In  "Active Directory Users and Computers" open window, right click on (OU) what do you want to apply the security setting, and click in Properties.
  3. In the new open window, click Group Policy tab, click on Open.. button.
  4. In the "Group Policy Managenet" open window is select the (OU), right click in it and select "Link an Existing GPO...".
  5. Now in "Group Policy objects:" select the new policy created in the first step in this tutorial, and click OK.
  6. Now in "Group policy Management" open window in the right panel we can see the new policy linked in GPO for this Organizational Unit.
* In a few hours  it depend of the size of your network you are ready to see the Audity Log Success in the Log Name: Security at Event Viewer.

Use Nslookup To Test MX Record

The Nslookup is a tool to verify that your MX records are configured correctly by querying an external or Internet DNS server.

For use Nslookup to test MX Records following the steps below:
  1. Click Start, in "Search programs and files..." type <cmd /k nslookup>, and press Enter.
  2. In Command Prompt open window type [server <ip address>], and prees Enter.
  3. Now type <set q= mx>, and press Enter.
  4. Finally type <domain name>, and then press Enter.
* If the MX record for the domain you entered is show, everything is Ok

* If the MX record is no displayed, and you recive a error like this "xxx-xxxxx.domain can't find domain: No response from server. Then DNS is not configured properly.

Friday, August 17, 2012

Using Windows Server 2008 R2 Group Policy to enable Auditing User Accounts

Is very important consider authentication in a Windows Security Audit. Collecting data generated by user activity for analizing the security of information, verifing system integrity, and detecting sings of suspicius behivior are really important for all Network System Administrators today. You can monitor and audit log files using Event Viewer, but before you need activate some rules in the Group Policy. Follow the below step for configure this policy :
  1. Click Start, in the "Search programs and files..." type "gpedit.msc"
  2. In "Local Group Policy Editor" window, locate Computer Configuration.
  3. Click to expand Windows Settings > Security Settings > Advance Audit Policy > Sistem Audit Policies.
  4. Click to select Account Management.
  5. In the right panel, right click in "Audit User Account Management", then click in Properties.
  6. In the "Audit User Account Management Properties" window, click to check "Configure the following audit events", and then click to check "Success" and "Failure" events.
When you configure this Policy and audit event is generate when an attempt to change a user account is made. You can see it in Event Viewer > Security. e.g <A user account is created, changed, deleted, remove, disable, enable, locked out, etc.

Also you can audit evenst generated by user account successful logon attempts, failed logon attemps, and closing of a logon session. For this continue reading below:

Steps 1 to 3 are the same steps described above.

      4.  Click to select "Logon/Logoff".
      5.  In the right panel, right click in "Audit Logoff" policy, then click in Properties.
      6.  In the "Audit User Account Management Properties" window, click to check "Configure  
           the following audit events", and then click to check "Success" and "Failure" events.

Repeat steps 5 and 6 for "Audit Logon" policy.

Now in Event Viewer > Security do you have a report about who is logon and logoff.

Tuesday, August 14, 2012

Extend or Increase "Exchange 2007 or 2010" OWA Automatic Log off time



When you trying log in to OWA you can select "This is a public or share computer" or "This is a private computer" options.
  • Public: is the default option. If you use this option your username will no saved and your session will terminate after 15 minutes.
  • Private: is intended for private computers. If you use this option your username to be remember automatically, however you need to retype your password each time, and your session will terminate after 8 hours.
For you modify  this values you need create one or both of above key. For this task following the below steps:
  1. Click Start, in "Search programs and files" type "regedit" to open the Registry Editor.
  2. Locate the following registry subkey: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/MSExchange OWA.
  3. In the right panel, right click New and select DWORD value if your system is 32 bit or select QWORD value if your system is 64 bit.
  4. Rename "New Value #1" for PublicTimeout.
  5. Right click in PublicTimeout REG-DWORD created and select Modify...
  6. In the Value data type 30, and in Base panel click to select Decimal.
  7. Click Ok.
* For create PrivateTimeout key follows the same steps used above. After That close the  Registry Editor.

Finally restart IIS Admin Service to take effect the change. Now OWA Timeout in Exchange is restricted and working

Monday, August 13, 2012

Event Id: 8193 Vss Error in Windows Server 2008 R2



If you receive an error in your event viewer like this "Error: Vss, Event Id: 8193" all do you have to do is follow the steps below describe.

  1. Click Start.
  2. In Run type "dcomcnfg.exe".
  3. When the Component Services window is open. Click to expand Component Services > Computers > My Computer.
  4. Right click in my Computer, and click in Properties.
  5. In the new window click COM Security tab.
  6. Under Access Permission, click Edit Default.
  7. From the Access Permissions window,  click Add button, then add "NETWORK SERVICE" with a Local Access allowed.
  8. Click Ok button to close all opened  windows.

Now you can restart the Server or waiting for the changes to take effect.

Your Mailbox has been temporary move on Microsoft Exchange Server


If you're trying to open Microsoft Outlook, and It  show you an error message like this "Your Mailbox has been temporary move on Microsoft Exchange Server". Do not worry, follow the instructions belove and you'll be working with the outlook very soon.

  1. Close all Outlook application.
  2. Click Start > Control Panel > Mail (32 bit) or (64 bit).
  3. In Mail Setup-outlook window, click Show Profiles.
  4. In Mail window select the followings profile, click in the Remove Button, and then click Yes.
  5. On  Mail window,  in the bottom click to select "Always use this profile", then click OK button.
  6. In Mail Setup-outlook window, click E-mail Accounts button.
  7. Click E-mail tab and select the E-mail Account in the middle panel, then click in Change.
  8. In Microsoft Exchange Server type the correct Exchange IP address, click to check "Used Cache Exchange Mode", type the User Name, and click  in Check Name button. 
  9. After it finished click Next button, click Ok in the next windows, and finally click Finish button.
Now you can open Microsoft Outlook and working in it.

Monday, August 6, 2012

Remove schedule backup create by Windows Server Backup

Sometimes we need to removeconfigured backup in Windows Server Backup. We can not accomplish this task through the Windows Server Backup interface. But is very simple if you use from Windows Power Shell wbadmin command.
  1. Click Start.
  2. In Search program and files, type PowerShell.
  3. Right click in Windows Power Shell, and click Run as administrator.
  4. In the Windows Power Shell  type "wbadmin disable backup", then press Enter.
  5. Type "Y" to select yes, and press Enter.
If you goin to Windows Server Backup, you will see that you do not have any backup schedule.

Remove messages created by Windows Server Backup

If you use Windows Server Backup and you want  delete all messages that have been created in the Windows Server Backup interface. So, you need to Following this guide.
  1. Click Start.
  2. In Search programs and files type "eventvwr", and then click Enter.
  3. Click to expand Application and Services Logs > Microsoft > Windows > Backup.
  4. Click to select Operational file.
  5. In the middle panel, click to select the event do you want delete.
  6. In the right panel, click Clear Log...
  7. In the pop up windows, click Clear.
  8. Close Event Viewer windows and restart Windows Server Backup.
Now you are ready to begin configuring new backups.