I thing i see at many client’s where i come is. Enable Automatic scavenging of stale records is forget to enable. This is a best practise. See: https://technet.microsoft.com/nl-nl/library/ff807390(v=ws.10).aspx
Use the Microsoft Best Practice Analyzer
Set-DnsServerScavenging –ScavengingState $True –RefreshInterval 7:00:00:00 –NoRefreshInterval 7:00:00:00 –ScavengingInterval 7:00:00:00 –ApplyOnAllZones –Verbose
This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section.
The update addresses the bypass by adding an additional authentication check that will run prior to a password change. For more information about the vulnerability, see theVulnerability Information section.
For more information about this update, see Microsoft Knowledge Base Article 3105256.
I have Windows 8.1 with installed Hyper-V and virtual machines connected via Hyper-V Switch – External. 802.1x wired authentication is not working in host or in guest machine (computer is not responding to switch requests).
If I will change switch mode to Internal/Private it will start working.
Windows 8.1 with a Hyper-V external switch with 802.1x will not work!!!
From https://social.technet.microsoft.com/forums/windows/en-US/341cbe70-3fa7-4991-a7e4-4f1af63df4d0/windows-8-hyperv-8021x-eapol-request-missing i read that “official” statement from Microsoft is that 802.1x with Hyper-V on Windows 8.1 is not working by design. #Fail Microsoft.
Windows 10 will be available on July 29th 2015. Microsoft has prepared for this by already making an Update(KB3058168) that enables Windows 8.1, Windows Server 2012 R2, Windows 8, and Windows Server 2012 Key Management Service (KMS) hosts to activate a “later version of Windows”. This must means Windows 10. I do not know if this means that is even for Windows Server 2016. Windows 10 will be activated by a KMS server running this update but it might.
Select the version you need for the KMS server or servers you use and install them.
All drivers are stored in the so called DriverStore, which is located under %SYSTEMDRIVE%\Windows\System32\DriverStore.
With the built-in command line tool pnputil you can add or remove drivers.
How does it work?
- Start an elevated command prompt (Start, type CMD, hit Ctrl+Shift+Enter)
- Adding a driver:
- Pnputil.exe -a c:\LOCATION_OF_DRIVER\DRIVER_NAME.inf
The location can be either local or remote
- Pnputil.exe -a C:\LOCATION_OF_DRIVER\*.inf
Copy all drivers from that folder
- Deleting a driver:
- Pnputil.exe -d DRIVER_NAME.inf
There is a known issue which causes some PCs updated with the Windows 8.1 Update (KB 2919355) to stop scanning against Windows Server Update Services 3.0 Service Pack 2 (WSUS 3.0 SP2 or WSUS 3.2) servers which are configured to use SSL and have not enabled TLS 1.2.
The problem is specific to the following scenario when all of the following are true
- Client PC has installed Windows 8.1 Update KB 2919355
- Windows 8.1 with Windows 8.1 Update KB 2919355 attempts to scan against WSUS 3.2 running on any affected platform:
- Windows Server 2003 SP2, or
- Windows Server 2003 R2 SP2, or
- Windows Server 2008 SP2, or
- Windows Server 2008 R2 SP1
- HTTPS and Secure Sockets Layer (SSL) are enabled on the WSUS server
- TLS 1.2 is not enabled on the server
Only users who have enabled HTTPS and have not enabled TLS 1.2 on their WSUS 3.2 servers and who are also using these WSUS 3.2 servers to manage PCs running the Windows 8.1 Update KB 2919355 are affected by this issue. Please note, while we do recommend the use of HTTPS on WSUS servers, HTTPS and TLS 1.2 are not enabled by default.
If you are using WSUS 3.2 on Windows Server 2008 R2, you may perform either of the following steps to restore the scan functionality if you have deployed the Windows 8.1 Update KB2919355.
- Enable TLS 1.2 (follow the instructions under More Information > SCHANNEL\Protocols subkey), or
- Disable HTTPS on WSUS
If you are using WSUS 3.2 on an operating system other than Windows Server 2008 R2, you may perform the following step to restore the scan functionality.
When Microsoft releases an update that resolves the issue, you may re-enable HTTPS on WSUS.
Microsoft plans to issue an update as soon as possible that will correct the issue and restore the proper behavior for Windows 8.1 Update KB 2919355 scanning against all supported WSUS configurations. Until that time, we are delaying the distribution of the Windows 8.1 Update KB 2919355 to WSUS servers.
You may still obtain the Windows 8.1 Update (KB 2919355) from the Windows Update Catalog or MSDN. However, we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue. You may also find the workarounds discussed in this article to be useful for testing this Windows 8.1 Update for your organization. Thank you for your patience during this time.
The Windows ADK 8.1 update (for Windows 8.1 Update) is available for download:
Windows ADK 8.1 update (direct download only: http://www.microsoft.com/en-us/download/details.aspx?id=39982
You still run adksetup.exe to install or download the updated ADK, but you do see that the new ADK is slightly bigger than the previous kit. The Patches folder content also have a higher version number. The October 18, 2013 release of Windows 8.1 ADK had a folder named 8.100.26020, but the April 2, 2014 release of Windows 8.1 ADK have 8.100.26629.
New features in ADK 8.1 are the WIMBoot option, updates to dism, updates to WinRE and a new WinPE version (5.1). There are also fixes for USMT.
DISM: Does not support Windows Vista or Windows Server 2008 images.
More info about the changes here: http://msdn.microsoft.com/en-us/library/windows/hardware/dn247001.aspx
Info on updating WinPE 5.0 to WinPE 5.1: http://technet.microsoft.com/en-us/library/dn613859.aspx
Windows Server 2012’s System Preparation Tool (sysprep.exe) contains a new switch that allows system administrators to generalize the OS (remove any installation specific configuration) faster than previous versions of the tool that were designed for use on physical hardware.
What’s New in Sysprep for Windows Server 2012?
The new VM-mode method for generalizing a Windows 8 or Server 2012 installation only works from inside a virtual machine. Once sysprep has completed the generalization and shutdown the VM, you can copy the VM’s .vhd file and attach it to a new VM in any system that uses the same hypervisor technology.
Use Sysprep to Generalize Windows Server 2012 Running in a VM
You will need to use sysprep from the command line, as there is no option to enable VM mode in the GUI.
- Install Windows 8 or Windows Server 2012 (or later editions) in a virtual machine.
- Customize the operating system as required.
- Switch to the Start screen and type cmd. Make sure that Command Prompt is highlighted in the search results and press CTRL+SHIFT+ENTER to launch the process with administrative privileges. Give consent or enter credentials if prompted.
- Change the working directory to System32 by typing cd c:\windows\system32\sysprep and pressing Enter.
- To run sysprep with the standard GUI options, but also the /mode:vm switch, type sysprep.exe /oobe /generalize /shutdown /mode:vm and press Enter.