(Still) Heavy on the Technical

Ref: http://blogs.msdn.com/b/powershell/archive/2009/04/03/setting-network-location-to-private.aspx

Ref: http://social.technet.microsoft.com/Forums/windowsserver/en-US/18437d06-237f-4170-8e82-2a9de67b0bd3/setting-network-locations-in-server-core-2008-r2?forum=winservercore

In my hyper-v lab I use Non-Domain bound Hosts with a wired and wireless network setup - I place wired in private and wireless in public.

This attribute is not a property of the adapter or interface. Adapter or interface can be connected to different networks, this is obvious for Wi-Fi but is also true for wired Ethernet (just plug the cable to the hotel room socket to experience this).

This attribute is a property of the "network signature", which is managed by the Network Location Awareness service. It identifies networks by things like the default gateway's MAC address and the DNS suffix provided by the DHCP server, creates a unique record for each such network and allows the user to set whether it is Public or Private. Then NLA pushes this setting down to the firewall.

Now the solutions

Powershell:

# Skip network location setting for pre-Vista operating systems
 if([environment]::OSVersion.version.Major -lt 6) { return }
 
# Skip network location setting if local machine is joined to a domain.
 if(1,3,4,5 -contains (Get-WmiObject win32_computersystem).DomainRole) { return }
 
# Get network connections
 $networkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
 $connections = $networkListManager.GetNetworkConnections()
 
# Set network location to Private for all networks
 $connections | % {$_.GetNetwork().SetCategory(1)}

Using NetSH

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged

scan all subkeys here, and look at DefaultGatewayMac to find the proper one (Wi-Fi networks can have some other fields there, but I have some doubts in Wi-Fi on Server Core).

In the proper subkey, find ProfileGuid.

Then:

net stop nlasvc

(this also stops netprofm)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{profile guid}

Category REG_DWORD 0 - public, 1 - private, edit this dword

net start netprofm

(this also starts nlasvc)

To check the tweak was actually applied:

netsh adv sh cur

(should be Public before, Private after)

Old fix with new error pop-up.  Disable time sync from guest to host.

On Windows Vista/Win7 when you map a drive under your admin account you will find that your mapped drive is not available after you switch to your full token via a RunAs or Consent dialog. This is by design because there are actually two tokens in play here. What happens is the LSA recognized that you are admin at logon and creates two logons. The first with a "filtered" token or non-admin which is used to render your desktop and the other containing your full token to be available after consent dialogs.

Because there are two separate logons there are separate logon ID's.  When network shares are mapped they are linked to the current logon session for the current process token. Meaning you don't have access to the network drive from the alternate logon. This can come into play with logon scripts and a number of other areas where you may require access to a network share from both tokens.

If you set the following key it will change how SMB shares are mapped. They will be mapped to a token, which means that LSA will check to see if there is a linked token associated with the user session and add the network share to that location as well. Basically all of this means that after setting this drives will be accessible from both tokens no matter which they are mapped under.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLinkedConnections = 1 (DWord)

---------------------------------------------------------------------------------
Logon Script does not run (specificly via GPO)
Looks to also fix via NT4 (profile)

KB Article Number(s): 2550944
Language: All (Global)
Platform: i386
Location: (http://hotfixv4.microsoft.com/Windows%207/Windows%20Server2008%20R2%20SP1/sp2/Fix368060/7600/free/433173_intl_i386_zip.exe)

-----------------------------------------------------------
KB Article Number(s): 2550944
Language: All (Global)
Platform: x64
Location: (http://hotfixv4.microsoft.com/Windows%207/Windows%20Server2008%20R2%20SP1/sp2/Fix368060/7600/free/433183_intl_x64_zip.exe)

---------------------------------------------------------------------------------

ifmember under Vista+  does not work

Two methods to make it work:

1. ifmember.exe can be made to work with Vista+ (Win7). The problem is that when the login script loads, it is unable to find ifmember.exe because it cannot read from a UNC (i.e. \\DC01\NETLOGON). It then tries to read it from c:\windows\system32 and fails unless you have placed a copy there. The work around is to first map a drive to NETLOGON and then prefix your call to ifmember with the drive you mapped.

net use z: \\DC01\Netlogon

z:\ifmember "MY Group"
if errorlevel 1 net use m: \\Server\MYGroup

net use z: /delete

OR

2. Use the following

net user /domain %username% | find "MY Group"
if not errorlevel = 1 (
net use m: \\Server\MYGroup
)

My thanks to my Microsoft contacts for supplying an answer to this.

Situation:  Windows 8 Server Beta:  Hyper-V replication between two servers that are in workgroup mode (non-domain bound).  When configuring using the Understand_and_Troubleshoot_Guide_Hyper-V_Replica_in_Windows_Server_8_Beta documentation I ran into a problem when trying to use the certificate generated in the appendix.

==========================================================================

Error 0x00002F89  which states the corticated chosen was not correct due to: not having a corresponding certificate in the computer personal store, terminating at root certificate, including private key, having the server extended feature, and / or correct CN.

==========================================================================

I tried a lot of things but just could not make this work.  The following is an addition to the guild which basically tells the replication service to ignor checking of the self-signed certificate: 

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

Lab Setup: 

Two Machines in workgroup mode:  Win8Acer and Win8Black

On both systems:

1)      Configure the advanced setting to add a FQDN to the name of the server (I used Test.Lab)

2)      In the hosts file specify the replication network address of the server as the FQDN and add the other servers replication network address as well

Step 1.

Server1 (Win8Acer) – Primary Server

Open a CMD as Admin

: Change locatation to my temp directory where MakeCert.Exe is stored

CD C:\MakeCert\

:

makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryTestRootCA.cer"

:

makecert -pe -n "CN=Win8Acer.Test.Lab" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer

:

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

:

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

:

:Copy the root certificate to the replication server

Copy PrimaryTestCert.cer \\Win8Black\c$\MakeCert\

Step 2.

Server2 (Win8Black) – Replication Server

Open a CMD as Admin

CD C:\MakeCert\

:

makecert -pe -n "CN=RecoveryTestRootCA" -ss root -sr LocalMachine -sky signature -r "RecoveryTestRootCA.cer"

:

makecert -pe -n "CN=Win8Black.Test.Lab" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "RecoveryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 RecoveryTestCert.cer

:

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

:

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

:

:Copy the root certificate to the replication server

Copy RecoveryTestRootCA.cer \\Win8Acer\c$\MakeCert\

:

: Import Root Certificate of the Primary CA - Server 1 (copied in previous step)

certutil -addstore -f Root "PrimaryTestRootCA.cer"

Step 3.

Server1 (Win8Acer) – Primary Server

Open a CMD as Admin

: Change locatation to my temp directory where MakeCert.Exe is stored

CD C:\MakeCert\

: Import Root Certificate of the Recovery CA - Server 2 (copied in previous step)

certutil -addstore -f Root " RecoveryTestRootCA.cer "

Step 4.

On both servers:

Following the Hyper-V Guild configure Hyper-V to use the ROOT CERTIFICATE (Server1 = PrimaryTestRootCA.cer, Server 2 = RecoveryTestRootCA.cer) when configuring the certificate used for the replication service and when you do each replication wizard for the individual vm.

Windows 8 Consumer Preview and Windows Server 8 Beta Compatibility Cookbook

This document provides information about changes to and new features of the Windows® 8 client and server operating systems. It provides guidelines for developers to verify the compatibility of their existing and planned programs with the new operating...

Test Lab Guide: Base Test Lab Guide for Windows Server "8" Beta

This Microsoft Test Lab Guide (TLG) provides you with step-by-step instructions to create the Windows Base Configuration test lab, using computers running Windows 8 Consumer Preview or Windows Server “8” Beta.

Test Lab Guide: Demonstrate Remote Desktop Services in Windows Server "8" Beta

This paper contains an introduction to Windows Server "8" Beta Remote Desktop Services Desktop Virtualization and step-by-step instructions for extending the Windows Server "8" Beta Test Lab Guide Base Configuration to demonstrate...

Windows 8 Consumer Preview Product Guide for Business

Download a detailed guide to the new and improved features in Windows 8 including AppLocker, BitLocker, Windows To Go, measured boot, and Client Hyper-V.

Test Lab Guide: Demonstrate Remote Desktop Services Desktop Virtualization in Windows Server "8" Beta

This paper contains an introduction to Windows Server "8" Beta Remote Desktop Services Desktop Virtualization and step-by-step instructions for extending the Windows Server "8" Beta Test Lab Guide Base Configuration to demonstrate Remote Desktop Services Desktop Virtualization

Understand and Troubleshoot Servicing in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Servicing in Windows Server “8” Beta.

Understand and Troubleshoot BitLocker in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for BitLocker in Windows Server “8” Beta.

Test Lab Guide: Demonstrate High Availability Printing in Windows Server "8" Beta

This paper contains an introduction to Windows Server "8" Beta Printing and step-by-step instructions for extending the Test Lab Guide Base Configuration to demonstrate High Availability Printing.

Test Lab Guide: Demonstrate Virtualized Domain Controller (VDC) in Windows Server "8" Beta

This Microsoft Test Lab Guide (TLG) introduces Active Directory Domain Services Virtualized Domain Controllers and provides step-by-step demonstration of this new feature in Windows Server "8" Beta.

Test Lab Guide: Demonstrate ADDS Simplified Administration in Windows Server "8" Beta

This Microsoft Test Lab Guide (TLG) introduces Active Directory Domain Services Simplified Administration and provides step-by-step demonstration of new AD DS Administration features in Windows Server "8" Beta.

Test Lab Guide: Demonstrate DirectAccess Single Server Setup with Mixed IPv4 and IPv6 in Windows Server "8" Beta

This paper contains an introduction to Unified Remote Access and step-by-step instructions for extending the Windows Server "8" Beta Base Configuration test lab to demonstrate DirectAccess deployment in a single server deployment with a mixed environment of IPv4 and IPv6,

Test Lab Guide: Demonstrate DirectAccess Simplified Setup in an IPv4-only Test Environment in Windows Server "8" Beta

This paper contains an introduction to Windows Server "8" Beta Remote Access and step-by-step instructions for extending the Windows Server "8" Beta Base Configuration test lab to demonstrate Remote Access deployment using the Getting Started Wizard.

Understand and Troubleshoot Remote Desktop Services Desktop Virtualization in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Remote Desktop Services Desktop Virtualization in Windows Server “8” Beta.

Test Lab Guide: Demonstrate Windows Server "8" Beta Print and Document Services

Introduction to Windows Server "8" Beta Printing

Understand and Troubleshoot Scale-out File Servers in Windows Server "8" Beta

This Understanding and Troubleshooting Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Scale-Out File Servers in Windows Server “8” Beta.

Understand and Troubleshoot Printing in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Printing in Windows Server “8” Beta.

Understand and Troubleshoot Remote Access in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Remote Access in Windows Server "8" Beta.

Understand and Troubleshoot Remote Desktop Services in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Remote Desktop Services in Windows Server “8” Beta.

Understand and Troubleshoot High Availability Printing in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for High Availability Printing in Windows Server “8” Beta.

Understand and Troubleshoot Activation Technologies in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Activation Technologies in Windows Server “8” Beta.

Understand and Troubleshoot IP Address Management (IPAM) in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for IP Address Management (IPAM) in Windows Server “8” Beta.

Understand and Troubleshoot Cluster-Aware Updating_(CAU) in Windows Server "8" Beta

This Understanding and Troubleshooting Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Cluster-Aware Updating in Windows Server “8” Beta.

Understand and Troubleshoot Hyper-V Replica in Windows Server "8" Beta

This Understanding and Troubleshooting Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Hyper-V Replica in Windows Server “8” Beta.

Understand and Troubleshoot DHCP Failover in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for DHCP Failover in Windows Server “8” Beta.

Understand and Troubleshoot Dynamic Access Control in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Dynamic Access Control in Windows Server “8” Beta.

Understand and Troubleshoot Microsoft Online Backup Service in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Microsoft Online Backup Service in Windows Server “8” Beta.

Test Lab Guide: Demonstrating DHCP Failover in Windows Server "8" Beta

This paper contains an introduction to Windows Server "8" Beta DHCP Failover, and step-by-step instructions for extending the Windows Server "8" Beta Base Configuration test lab to demonstrate DHCP Failover setup.

Understand and Troubleshoot DNS Security Extensions (DNSSEC) in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for DNS Security Extensions (DNSSEC) in Windows Server “8” Beta.

Understand and Troubleshoot AD DS Simplified Administration in Windows Server "8" Beta

This Understand and Troubleshoot Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for AD DS Simplified Administration in Windows Server “8” Beta.

Test Lab Guide: Demonstrate IP Address Management (IPAM) in Windows Server "8" Beta

This paper contains an introduction to Windows Server "8" Beta IP Address Management (IPAM), and step-by-step instructions for extending the Windows Server "8" Beta Base Configuration test lab to demonstrate IPAM setup.

Test Lab Guide: Demonstrate DNS Security Extensions (DNSSEC) in Windows Server "8" Beta

This paper contains an introduction to Windows Server "8" Beta DNSSEC and step-by-step instructions for extending the Windows Server "8" Beta Base Configuration test lab to demonstrate DNSSEC operation.

Understand and Troubleshoot Virtualized Domain Controller (VDC) in Windows Server "8" Beta

The Understand and Troubleshoot Windows Server "8" Beta Guides support you in developing awareness of key technical concepts, architecture, functionality, and troubleshooting tools and techniques. This understanding enables a successful early...

Understand and Troubleshoot Storage Spaces in Windows Server "8" Beta

This Understanding and Troubleshooting Guide (UTG) enables you to learn technical concepts, functionality, and troubleshooting methods for Storage Spaces in Windows Server “8” Beta.