Add Windows Server 2022 as a Domain Controller

 

Windows Server 2022 doesn’t include any significant changes to Active Directory (AD). But you will want to use it going forwards for your new domain controllers because of the improved security it provides over earlier versions of Windows Server.

There are two ways for system administrators to add Windows Server 2022 as a domain controller (DC). The first is using Server Manager, which has been the standard way to add, or ‘promote’ as is more commonly referred to, Windows Server 2022 as a DC. The second way, and easier way in my opinion, is to use PowerShell.

 

Whichever method you choose, adding Windows Server 2022 as a DC involves two main steps:

1. Installing the Active Directory Domain Services (AD DS) server role binaries.
2. Promoting the server to a domain controller.

But it’s also noting that there are some prerequisites that you should meet before adding Windows Server 2022 as a DC. For instance, the server should be assigned a static IP address. And it’s also worth making sure that the server name is something relevant, like DC1, so that it can easily be identified.

 

Install Active Directory Domain Services on Windows Server 2022 with PowerShell

Before we install AD DS, let’s make sure we meet the basic prerequisites for a DC in Windows Server 2022.

Windows Server 2022 prerequisites

We’ll start by renaming the server.

• Log in to Windows Server 2022 as an administrator.
• Open the Start menu and click the Windows PowerShell
• In the PowerShell window, run the command below and press ENTER. Replace ‘DC1’ with the name that you would like to use for your domain controller.

Rename-Computer -NewName DC1

• Restart the server.

Once the server has rebooted, we can configure the network adapter with a static IP address. On my network, I will assign a static IP address of 192.168.1.10/24 and the default gateway is 192.168.1.1.

• Log in to Windows Server 2022 as an administrator.
• Open the Start menu and click the Windows PowerShell
• In the PowerShell window, run the New-NetIPAddress command below and press ENTER. Replace the values for IPAddress, DefaultGateway, and PrefixLength to those provided by your network administrator.

New-NetIPAddress –IPAddress 192.168.1.10 -DefaultGateway 192.168.1.1 -PrefixLength 24 -InterfaceIndex (Get-NetAdapter).InterfaceIndex

• Now configure the adapter’s DNS settings. We’ll set the preferred DNS server to be our domain controller’s IP address because the domain controller will also perform the function of DNS server for the domain. So, replace 192.168.1.10 with the same IP address you configured for the adapter. Run Set-DNSClientServerAddress as shown, and press ENTER.

Set-DNSClientServerAddress –InterfaceIndex (Get-NetAdapter).InterfaceIndex –ServerAddresses 192.168.1.10

 

Install the Active Directory Domain Services role

The next step is to install the AD DS server role. It’s easy to do using the Install-WindowsFeature cmdlet as shown below.

Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools

Once the AD DS server role is installed, you’ll get a message in the PowerShell window. The Success column should read True.

 

Install Active Directory Domain Services on Windows Server 2022 with Server Manager

If you’d prefer to install AD DS the hard way, here is a step-by-step guide using Server Manager.

Windows Server 2022 prerequisites

Let’s deal with the server’s name and IP address first.

• Log in to Windows Server 2022 with a local administrator account.
• Open Server Manager from the Start menu.
• In Server Manager, click Local Server in the left pane.
• In the Properties section on the right, click your server’s computer name to the right of the Computer name

• In the System Properties dialog, click the Change button on the Computer Name tab.
• In the Computer Name/Domain Changes dialog, type a name for your server in the Computer name field and click OK.

• You’ll be prompted to restart the server. Click OK and then click Close in the System Properties dialog.
• Click Restart Now in the popup dialog.

Now let’s set a static IP address.

• Right click the network icon in the system tray in the bottom right of the taskbar and click Open Network & Internet settings.
• In the left pane of the Settings app, click Ethernet under Network & Internet.
• In the right pane under Related settings, click Change adapter options.

• In the Network Connections window, right click your server’s network adapter and select Properties from the menu.

• In the Ethernet Properties dialog, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

• In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog, check Use the following IP address. You’ll need to fill out the following three fields: IP address, Subnet mask, Default gateway.

On my network, I will assign a static IP address of 192.168.1.10, subnet mask of 255.255.255.0, and the default gateway is 192.168.1.1.

• Check Use the following DNS server addresses. Set Preferred DNS server to the same IP address that you assign Windows Server. So, in my example, I will use 192.168.1.10. Click OK when you’re done.

The first DC in your domain will also be a DNS server. The Active Directory Domain Services Configuration Wizard will automatically configure a DNS server for you.

• Close the Ethernet Properties dialog, Network Connections window, and the Settings app.

 

Install the Active Directory Domain Services role

Now let’s install the AD DS server role.

• Log in to Windows Server 2022 with a local administrator account.
• Server Manager should open by default. If it doesn’t, click the Start menu and find Server Manager in the list of installed apps and click it.
• In Server Manager, click the Manage menu in the top-right corner and select Add Roles and Features from the menu.

• In the Add Roles and Features Wizard, click Next on the Before You Begin screen.
• On the Installation Type screen, make sure that Role-based or feature-based installation is selected and click Next.

• On the Server Selection screen, make sure that your Windows Server is selected in the list and click Next.
• On the Server Roles screen, check Active Directory Domain Services in the list of roles.
• In the Add Roles and Features Wizard popup dialog, make sure that Include management tools (if applicable) is checked and then click Add Features.

• Click Next on the Server Roles screen to continue.
• Click Next on the Features screen.
• Read the information on the AD DS screen and click Next.

• Now click Install on the Confirmation screen.
• When the installation is complete, click Close in the Add Roles and Features Wizard.
  

 

Configure (promote) Windows Server 2022 as a domain controller with PowerShell

In this example, we will add Windows Server 2022 as a domain controller in a new forest and domain. Before you continue, you should decide on a Fully Qualified Domain Name (FQDN) for your domain. I’m going to use ad.contoso.com in this example. Where ‘ad’ is the name of my new domain and contoso.com is the top-level domain (TLD). You should make sure that you own the public TLD. In this example, I should own the contoso.com domain name. AD in the FQDN defines my internal DNS namespace for Active Directory.

To configure Windows Server 2022 as a domain controller, run Install-ADDSForest as shown in the example below. Replace ad.contoso.com with your chosen FQDN. DomainNetBIOSName is usually set to the part of your FQDN that identifies your internal AD DNS namespace. So, the part that comes to the left of the first period. In this case, ‘ad’.

Install-ADDSForest -DomainName ad.contoso.com -DomainNetBIOSName AD -InstallDNS

You should note that Install-ADDSForest is only used when you are installing the first domain controller in a new AD forest. Install-ADDSDomain and Install-ADDSDomainController are used respectively to create a new domain in an existing forest and install a new DC in an existing AD domain.

DomainName and DomainNetBIOSName are the only two compulsory parameters for the Install-ADDSForest cmdlet. If you want to explore what other options you can configure, run the command line below:

Get-Help Install-ADDSForest

When you run the Install-ADDSForest cmdlet, you’ll be prompted to enter a password for Directory Services Restore Mode (DSRM). Or Safe Mode password as it’s sometimes referred to. Enter a password and confirm it when prompted.

You’ll then see a message:

The target server will be configured as a domain controller and restarted when this operation is complete.

Do you want to continue with this operation?

Type y in the PowerShell window and press ENTER to confirm that you want to configure the server as a domain controller.

As AD is configured, you’ll see some yellow warnings appear in the PowerShell window. They are normal and you can safely ignore them. The server will automatically reboot. Once Windows Server has rebooted, you will need to log in with the domain administrator account. The domain administrator account is assigned the same password as the built-in administrator account.

On the sign-in page, type administrator in the User name field. Type the password for the administrator account, which is the same as the password for the previous built-in administrator account, and press ENTER.

And that is it! You are now logged in to your AD domain’s first domain controller. You can access Server Manager from the Start menu. In Server Manager, click the Tools menu and then select Active Directory Users and Computers to start managing your domain.

 

Configure (promote) Windows Server 2022 as a domain controller with Server Manager

Now that the AD DS role is installed in Windows Server 2022, you can configure your first AD domain controller. Let’s go back to Server Manager and start the configuration.

• Back in Server Manager, you should see a yellow exclamation mark by the notifications flag in the top-right corner. Click it and then click Promote this server to a domain controller.

• In the Active Directory Domain Services Configuration Wizard dialog, check Add a new forest under Select the deployment operation.
• In the Root domain name box, type the Fully Qualified Domain Name (FQDN) for your new AD forest. I’m going to use contoso.com for my AD domain name. Click Next to continue.

You should make sure that you own the public top-level domain name (TLD). In this example, I should own the contoso.com domain name. AD in the FQDN defines my internal DNS namespace for Active Directory.

• On the Domain Controller Options screen, type and confirm a Directory Services Restore Mode (DSRM) password. You will need this if you want to restore AD from backup. Click Next to continue.
• On the DNS Options screen, you can safely ignore the delegation warning and click Next.
• On the Additional Options screen, click Next to accept the assigned NetBIOS name.
• Click Next again on the Paths screen to accept the default database, log files, and SYSVOL folder locations.

• Now click Next on the Review Options screen.

The wizard will run some prerequisite checks to make sure AD can be installed on the server. Hopefully your server will pass the checks and you can continue installing AD. It’s normal to get a few warnings as you can see in the image below. You will not be able to proceed with the install if the server fails the prerequisite checks.

• Now click Install to configure AD on the server. The server will automatically reboot to complete the install process.

Once Windows Server has rebooted, you will need to log in with the domain administrator account. The domain administrator account is assigned the same password as the built-in administrator account.

• On the sign-in page, type administrator in the User name Type the password for the administrator account, which is the same as the password for the previous built-in administrator account, and press ENTER.

And that is it! You are now logged in to your AD domain’s first domain controller.

 

 

 

Avamar: VMware image backups fails Error 10056

 

                

VMware client Image backups are failing with Error 10056.

The Snapshot create task fails with one the following errors:
 

avvcbimage Warning <18652>: Too many extra snapshot files (3) were found on this Windows VMs datastore. This can cause a problem for the backup or restore.
avvcbimage Info <18678>: Extracted VMNAME-flat.vmdk base disk from the VMX file
avvcbimage Info <18678>: Extracted VMNAME_1-flat.vmdk base disk from the VMX file
avvcbimage FATAL <0000>: [IMG0002] The datastore information from VMX '[DATASTORENAME01] VMNAME/VMNAME.vmx' will not permit a restore or backup.
avvcbimage Info <9772>: Starting graceful (staged) termination, Too many pre-existing snapshots on the datastore will not permit a restore or backup. (wrap-up stage)
avvcbimage Error <0000>: [IMG0009] Create Snapshot: snapshot creation or pre/post snapshot script failed.
avvcbimage Error <0000>: [IMG0009] Create Snapshot: snapshot creation/pre-script/post-script failed.

 

Cause

There are hidden files, snapshot files in the directory.

Resolution

Pre-requirements:
Before following this procedure be sure there are no Snapshots in vSphere - Snapshot manager and/or Unconsolidated Snapshots.


Look for "avvcbimage Info <14677>" in the logs and verify if there are files like "VMNAME-000002-delta.vmdk", "VMNAME-000002-ctk.vmdk" or "VMNAME-000002-sesparse.vmdk".


In this example it was found just "VMNAME-00000X-ctk.vmdk" and "VMNAME-00000X-sesparse.vmdk" files.
 

avvcbimage Info <14677>: All VM file Info:
  File:'VMNAME-000002-ctk.vmdk                         ' last modified on '29-Mar-2020 21:21'  size=3932672
  File:'VMNAME-000002-sesparse.vmdk                    ' last modified on '29-Mar-2020 21:21'  size=256901120
  File:'VMNAME-000002.vmdk                             ' last modified on '29-Mar-2020 21:21'  size=383
  File:'VMNAME-000005-ctk.vmdk                         ' last modified on '31-Mar-2020 20:58'  size=3932672
  File:'VMNAME-000005-sesparse.vmdk                    ' last modified on '31-Mar-2020 20:58'  size=256901120
  File:'VMNAME-000005.vmdk                             ' last modified on '31-Mar-2020 20:58'  size=390
  File:'VMNAME-000006-ctk.vmdk                         ' last modified on '12-Apr-2020 20:46'  size=3932672
  File:'VMNAME-000006-sesparse.vmdk                    ' last modified on '12-Apr-2020 20:46'  size=256901120
  File:'VMNAME-000006.vmdk                             ' last modified on '12-Apr-2020 20:46'  size=390
  File:'VMNAME-766073b0.hlog                           ' last modified on '05-May-2020 19:41'  size=92
  File:'VMNAME-Snapshot24.vmsn                         ' last modified on '29-Mar-2020 21:21'  size=32094
  File:'VMNAME-Snapshot27.vmsn                         ' last modified on '31-Mar-2020 20:57'  size=32094
  File:'VMNAME-Snapshot41.vmsn                         ' last modified on '12-Apr-2020 20:45'  size=32094
  File:'VMNAME-aux.xml                                 ' last modified on '06-Mar-2020 14:25'  size=31322
  File:'VMNAME-ctk.vmdk                                ' last modified on '27-May-2020 17:16'  size=3932672
  File:'VMNAME-e3a0cf52.vswp                           ' last modified on '27-May-2020 17:16'  size=8589934592
  File:'VMNAME-flat.vmdk                               ' last modified on '03-Jun-2020 15:09'  size=64424509440
  File:'VMNAME.nvram                                   ' last modified on '27-May-2020 14:17'  size=8684
  File:'VMNAME.vmdk                                    ' last modified on '27-May-2020 17:16'  size=588
  File:'VMNAME.vmsd                                    ' last modified on '27-Apr-2020 21:27'  size=44
  File:'VMNAME.vmx                                     ' last modified on '27-May-2020 17:16'  size=3515
  File:'VMNAME.vmx.lck                                 ' last modified on '27-May-2020 17:16'  size=0
  File:'VMNAME.vmxf                                    ' last modified on '20-May-2020 15:05'  size=3641
  File:'VMNAME.vmx~                                    ' last modified on '27-May-2020 17:16'  size=3513
  File:'VMNAME_1-000002-ctk.vmdk                       ' last modified on '29-Mar-2020 21:21'  size=1638912
  File:'VMNAME_1-000002-sesparse.vmdk                  ' last modified on '29-Mar-2020 21:21'  size=109051904
  File:'VMNAME_1-000002.vmdk                           ' last modified on '29-Mar-2020 21:21'  size=388
  File:'VMNAME_1-000005-ctk.vmdk                       ' last modified on '31-Mar-2020 20:58'  size=1638912
  File:'VMNAME_1-000005-sesparse.vmdk                  ' last modified on '31-Mar-2020 20:58'  size=109051904
  File:'VMNAME_1-000005.vmdk                           ' last modified on '31-Mar-2020 20:58'  size=395
  File:'VMNAME_1-000006-ctk.vmdk                       ' last modified on '12-Apr-2020 20:46'  size=1638912
  File:'VMNAME_1-000006-sesparse.vmdk                  ' last modified on '12-Apr-2020 20:46'  size=109051904
  File:'VMNAME_1-000006.vmdk                           ' last modified on '12-Apr-2020 20:46'  size=395
  File:'VMNAME_1-ctk.vmdk                              ' last modified on '27-May-2020 17:16'  size=1638912
  File:'VMNAME_1-flat.vmdk                             ' last modified on '03-Jun-2020 15:06'  size=26843545600
  File:'VMNAME_1.vmdk                                  ' last modified on '27-May-2020 17:16'  size=591
  File:'vmmcores-1.gz                                     ' last modified on '06-Mar-2020 14:25'  size=9794545
  File:'vmware-47.log                                     ' last modified on '03-May-2020 17:56'  size=742753
  File:'vmware-48.log                                     ' last modified on '03-May-2020 19:54'  size=245353
  File:'vmware-49.log                                     ' last modified on '05-May-2020 11:28'  size=662114
  File:'vmware-50.log                                     ' last modified on '05-May-2020 19:41'  size=354154
  File:'vmware-51.log                                     ' last modified on '20-May-2020 15:05'  size=410280
  File:'vmware-52.log                                     ' last modified on '27-May-2020 14:18'  size=332087
  File:'vmware.log                                        ' last modified on '02-Jun-2020 14:20'  size=306251
  File:'vmx-VMNAME-3818966866-1.vswp                   ' last modified on '27-May-2020 17:16'  size=90177536
  File:'vmx-zdump.000                                     ' last modified on '06-Mar-2020 14:25'  size=6721536
avvcbimage Info <19704>: DataStore Storage Info:DATASTORENAME01 capacity=2465042792448  free=349293248512


The easiest and fastest way to fix this issue is doing a Datastore vMotion, request  the customer to do it.


After this activity has been done, try a new backup.


If it still fails please verify if the Datastore has changed, looking for "avvcbimage Info <19704>" in the current and previous log:
 

avvcbimage Info <19704>: DataStore Storage Info:DATASTORENAME01 capacity=2465042792448  free=349293248512



Observe after the Datastore vMotion in the log, the file date modification must be updated for all files and the additional used files were cleaned.
 

avvcbimage Info <14677>: All VM file Info:
  File:'TSPEGASUS-682f3bfa.hlog                           ' last modified on '03-Jun-2020 17:38'  size=1336
  File:'TSPEGASUS-aux.xml                                 ' last modified on '03-Jun-2020 17:28'  size=31220
  File:'TSPEGASUS-ctk.vmdk                                ' last modified on '03-Jun-2020 17:39'  size=3932672
  File:'TSPEGASUS-e40ee848.vswp                           ' last modified on '03-Jun-2020 17:28'  size=8589934592
  File:'TSPEGASUS-flat.vmdk                               ' last modified on '03-Jun-2020 17:42'  size=64424509440
  File:'TSPEGASUS.nvram                                   ' last modified on '03-Jun-2020 17:38'  size=8684
  File:'TSPEGASUS.vmdk                                    ' last modified on '03-Jun-2020 17:38'  size=588
  File:'TSPEGASUS.vmsd                                    ' last modified on '03-Jun-2020 17:28'  size=0
  File:'TSPEGASUS.vmx                                     ' last modified on '03-Jun-2020 17:38'  size=7660
  File:'TSPEGASUS.vmx.lck                                 ' last modified on '03-Jun-2020 17:28'  size=0
  File:'TSPEGASUS.vmxf                                    ' last modified on '03-Jun-2020 17:38'  size=47
  File:'TSPEGASUS.vmx~                                    ' last modified on '03-Jun-2020 17:38'  size=7633
  File:'TSPEGASUS_1-ctk.vmdk                              ' last modified on '03-Jun-2020 17:39'  size=1638912
  File:'TSPEGASUS_1-flat.vmdk                             ' last modified on '03-Jun-2020 17:38'  size=26843545600
  File:'TSPEGASUS_1.vmdk                                  ' last modified on '03-Jun-2020 17:42'  size=591
  File:'vmmcores-1.gz                                     ' last modified on '03-Jun-2020 17:28'  size=9794545
  File:'vmware-0.log                                      ' last modified on '03-Jun-2020 17:38'  size=434108
  File:'vmware-48.log                                     ' last modified on '03-Jun-2020 17:28'  size=245353
  File:'vmware-49.log                                     ' last modified on '03-Jun-2020 17:28'  size=662114
  File:'vmware-50.log                                     ' last modified on '03-Jun-2020 17:28'  size=354154
  File:'vmware-51.log                                     ' last modified on '03-Jun-2020 17:28'  size=410280
  File:'vmware-52.log                                     ' last modified on '03-Jun-2020 17:28'  size=332087
  File:'vmware.log                                        ' last modified on '03-Jun-2020 17:39'  size=214834
  File:'vmx-TSPEGASUS-3826182216-1.vswp                   ' last modified on '03-Jun-2020 17:28'  size=90177536
  File:'vmx-zdump.000                                     ' last modified on '03-Jun-2020 17:28'  size=6721536
avvcbimage Info <19704>: DataStore Storage Info:DATASTORENAME02 capacity=2465042792448  free=13296848512

 
If it still fails, open a support case.

Enable Telnet Client in Windows 11 and Server 2022

 

Telnet is a client/server protocol used for accessing remote servers. As the name might suggest, Telnet was originally used on terminals that only required a keyboard because everything on the screen was displayed in text, usually from a mainframe computer. The terminal used Telnet to remotely log in to a mainframe server or other computer. But in recent years, Telnet has fallen out of favor because it doesn’t provide a secure way to communicate with remote servers.

Nevertheless, Telnet still has its uses today. For example, it can be useful for checking connectivity to a remote server. You can use a Telnet client to try and access a port on a remote server. For example, if you are troubleshooting connectivity issues. Or you can use Telnet to enter some commands and run them on a remote server and the output will be returned in the Telnet client.

You can use Telnet for accessing remote servers if using strong authentication and encryption over the network isn’t critical. One example is connecting to an SMTP server. You might issue some commands to a remote SMTP server to test sending email. The commands below start the Telnet client and then create a connection on SMTP port 25 to a mail server. Then a message is sent before closing the connection. 

 

telnet

set localecho

open mail.contoso.com 25

ehlo contoso.com

mail from: <mahadevtechbytes@contoso.com>

rcpt to: <test@techbytes.com> notify=success,failure

data

subject: test email

This is a test for techbytes.com

.

quit

And while Telnet has never been a critical Windows tool, there is a Telnet client built into Windows 11 and Windows Server 2022, although it isn’t enabled by default. In this article, I will show you how to enable the Telnet client using the GUI and command line.

 

Install the Telnet client using the GUI

Using the GUI to install the Telnet client in Windows 11 and Windows Server 2022 differs a little. Let’s start with Windows Server 2022.

Install the Telnet client in Windows Server 2022

Follow the instructions below to install the Telnet client using Server Manager.

1. Log in to Windows Server 2022 with an administrator account.
2. Open Server Manager from the Start menu.

3. Click the Manage menu in the top right corner and then select Add Roles and Features.

4. In the Add Roles and Features Wizard, click Next on the Before you begin
5. Click Next on the Select installation type
6. On the Select destination server screen, make sure that your local server is selected in the list of servers and then click Next.
7. Click Next on the Select server roles
8. On the Select features screen, scroll down the list of available features, check Telnet Client, and click Next.

9. Click Install on the Confirmation installation selections

10. Close the Add Roles and Features Wizard.

Install the Telnet client in Windows 11

The Telnet client is installed using the legacy Control Panel in Windows 11.

1. Click the Search icon on the taskbar.
2. Type control panel and then select Control Panel from the list of results under Best match.

3. In the Control Panel, click Programs.

4. Click Turn Windows features on or off under Programs and Features.

5. In the Windows Features window, scroll down the list of available features, check Telnet Client, and then click OK.

The Telnet client will now be installed on Windows 11.

Install the Telnet client using the command line

The Telnet client can be installed using PowerShell or the DISM command-line tool. The following methods work in Windows 11 and Windows Server 2022.

Install the Telnet client using DISM

To install the Telnet client using DISM, following the instructions below.

1. Open the Start menu on the taskbar.
2. Type cmd and then make sure that Command Prompt is highlighted in the list of search results.

3. In the panel on the right, click Run as administrator.
4. Give consent or provide an administrator username and password as prompted.
5. In the command prompt window, type the command below and press ENTER.

dism /online /Enable-Feature /FeatureName:TelnetClient

6. In the command prompt window, type y and press ENTER to restart Windows 11.

Install the Telnet client using PowerShell

To install the Telnet client using PowerShell, following the instructions below.

1. Open the Start menu on the taskbar.
2. Type powershell and then make sure that Windows PowerShell is highlighted in the list of search results.
3. In the panel on the right, click Run as administrator.

4. Give consent or provide an administrator username and password as prompted.
5. In the PowerShell window, type the command below and press ENTER.

Enable-WindowsOptionalFeature -Online -FeatureName TelnetClient

6. In the PowerShell window, type y and press ENTER to restart Windows 11.

And that’s it. The Telnet client is now installed.

How to secure Active Directory accounts

 

 

Managing service accounts and service account passwords can become overwhelming even in small environments running a large number of Windows Services controlling business-critical applications.

Insecure practices in dealing with service accounts, such as passwords that do not expire and identical passwords, can create security risks. 

Authentication and password security is more important than ever. This tool audit scans your Active Directory and identifies password-related vulnerabilities. The collected information generates multiple interactive reports containing user and password policy information. Specops Password Auditor is a read-only program.

Specops Password Auditor is a great free tool that helps to gain visibility into Active Directory account security issues in the environment. It can help quickly identify accounts, including service accounts, that may have the password set not to expire flag and configured with identical passwords.

Specops Password Auditor scans your Active Directory and detects security related weaknesses, specifically related to password settings. The collected information is used to display multiple interactive reports containing user and password policy information. The reports include a summary of accounts using leaked passwords, comparisons of the password settings in your organization with industry standards and best practices according to multiple official standards.

Specops Password Auditor will only read information from Active Directory, it will not make any changes. It will read the Default Domain Password Policy, any Fine-Grained Password Policies, as well as any Specops Password Policies (if installed).

Note:
To be able to read Fine-Grained Password Policies, and the password hashes for the Breached Password Protection, Identical Passwords or Blank Password reports, you will need domain administrator privileges in Active Directory.

The following user account attributes will also be read:

    pwdLastSet
    userAccountControl
    lastLogonTimestamp 

Reports 

The following is a list of reports you can view/export from Specops Password Auditor tool.

• Breached Passwords

Use this report to identify user accounts with passwords that are known to be leaked. The accounts in this list should be prompted to change their password.

Note: The Breached Passwords report does not use clear text passwords. The MD4 hashes of the leaked passwords is compared to the hashes of the passwords from the domain. The hashes are not stored, they are read and kept in memory by Specops Password Auditor.

• Identical Passwords

Use this report to identify groups of user accounts that have the same password. Admin users who use the same password for their normal user accounts and their admin accounts increase their attack surface. The accounts in this list should be prompted to change their password.

• Blank Passwords

Use this report to identify user accounts with blank passwords. These accounts are affected by a policy without a password requirement.

• Admin Accounts

Use this report to identify whether admin privileges are used appropriately (granted to users performing tasks that span across Active Directory domains, or activities that require elevated permissions). Delete unnecessary admin accounts and consider a delegated Active Directory security model to follow best practice.

• Stale Admin Accounts

Use this report to audit unused accounts. Dormant accounts should be deleted as they can be leveraged by attackers to access resources without being noticed.

• Password Not Required

Use this report to identify user accounts with the control flag for not requiring a password, or those affected by a password policy without a minimum password length. The accounts in this list indicate serious security holes within your organization.

• Expiring Passwords

Use this report to keep track of password expiration. Anticipating the expiration with a contingency plan can be effective for curbing password reset calls.

• Password never expires

Use this report to keep track of accounts that have their passwords set to never expire. These can be more vulnerable to attack if the user is reusing this password elsewhere.

• Expired Passwords

Use this report to identify user accounts with expired passwords. Password that have been expired for an extended period of time can indicate a stale account.

• Password Policies

Use this report for an overview of your password policies including change interval, dictionary enforcement, as well as relative strength.

            *The following settings are used to determine the maximum strength.

               Minimum length= 16 characters
               At least one of each of the following:
                Lower
                Upper
                Digit
                Special Character

Any policy with as strong, or stronger settings will be displayed as having “maximum” strength.

• Password Policy Usage

Use this report for a graphical overview of users affected by each password policy.

• Password Policy Compliance

Use this report to measure your password policies against industry and compliance recommendations. 

 

Download link - https://specopssoft.com/product/specops-password-auditor/?utm_source=Petri&amp%3Butm_medium=Email&amp%3Butm_campaign=Petri%20SPA%20promo&_hsenc=p2ANqtz-9cOS1s1j1U4NecZ65SxW9zKcT3mu0sbvTtM1rjI9ajG_enrT_f7HRozFZ30-HJqLGlCRAKTaXenr2pua80dHIB7tqiWA

 

 

Windows 11: How to Enable the Classic Start Menu

If you prefer the ‘classic’ Windows 10 Start menu, or if you want Live Tiles back, then Windows 11 gives you the option to revert to the Windows 10 Start menu. Microsoft could remove the ability to switch back to the Windows 10 Start menu in Windows 11. But I expect to appease enterprise users, the setting will remain and that it will also be available to configure in Group Policy. At the time of writing, it’s only possible to switch to the classic start menu by adding a value to the registry.

 

Windows 11 Start menu provides a phone-like experience and cleaner look

But before you rush to change back to the classic Start menu, consider using the new Start menu for a few weeks. In our opinion, it’s a big improvement over the Windows 10 Start menu, which evolved into a bit of a mess. The new Start menu in Windows 11 provides a cleaner experience, disposing of Live Tiles and replacing them with application icons. The app icons can be moved around and arranged as you like, much like you can do on iOS and Android. The icons are arranged in pages, similar to iOS, for a more ‘phone-like’ look and experience.

 

Live Tiles are no great loss because developers didn’t support them. And even Microsoft’s own applications made limited use of Live Tiles. As there was little interest in the feature, Microsoft never invested further in its development.

The ‘Recommended’ section at the bottom of the new Start menu lets you see docs that you’ve been accessing recently, whether locally or from the cloud. The timeline from Task View is gone in Windows 11, but the ‘Recommended’ section on the new Start menu more than makes up for its removal.

Instead of needing to click three times to power down or put a device to sleep, you just need two clicks on the Windows 11 Start menu. Similarly, to sign out or lock a device also requires just two clicks. ‘All apps’ is now tucked away in the top right corner. But you can still type on the Start menu to search for apps and documents. 

 

How to Switch back to the classic Windows 10 Start menu

But if you have decided that the new Start menu is not for you, you can add a value to the registry and go back to the Windows 10 experience.

• Open the Windows 11 Start menu by clicking the Windows key on the taskbar.
• Type regedit and then click Registry Editor in the search results.
• Click Yes in the User Account Control dialog to give Registry Editor permission to run.
• In the Registry Editor application in the left pane, expand HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Explorer > Advanced.

• Make sure the Advanced key is selected on the right.
• In the right pane of Registry Editor, right click some white space and select New > DWORD (32-bit) Value.
• A new value will appear. In the box, type Start_ShowClassicMode.
• Double click Start_ShowClassicMode.
• In the Edit DWORD dialog box, type 1 in the Value data field and click OK.
• Now close the Registry Editor application.
• Open the Start menu, click your username at the bottom of the menu, and click Sign out.
• Sign into Windows again with the user account you just signed out from. The registry change is per user, so you need to sign back into Windows using the account where you added the Start_ShowClassicMode registry value.
  

It may take a minute or so before your user account is switched to the classic Windows 10 Start menu.

 

If you want to use the Windows 11 Start menu again at any point, just delete the Start_ShowClassicMode value from the registry, sign out, and when you sign back into Windows, you will have a restored Windows 11 Start menu experience.

 

Windows 11, What's new in Microsoft release first build.

 

 

Well wait is over for the Windows fans have been waiting for, the first build of Windows 11 is now available to download. While not every new feature is in this release, there are many that are included – don’t forget to check your device compatibility before downloading the update too.

To get started, Microsoft requires that you join the Insider program as that’s where this first release is being distributed. To get the latest release, you will need to be in the Dev channel but builds will eventually move to the Beta channel.

Microsoft has also indicated that they will eventually release ISOs for direct, clean installs, but that download is not available today.

Here’s what’s new in Build 22000.51 that is now rolling out to Windows Insiders:

Windows 11 has a new Start menu design that is centered.

 

In this release, the new Start menu and centered Taskbar icon experience is included. This is one of the biggest updates to the OS but also feels familiar at the same time.

Windows 11 context menus now match theme of the OS.

 

Also included in this release are new context menus that look significantly better than what is available today in Windows 10. You can right-click on the Taskbar to open these items and see the new UI.

Windows 11 action center update with new UI.

 

Microsoft has overhauled the notification center and quick settings in this release. There are the new flyouts with updated designs including rounded corners.

Windows 11 quick settings overhauled.

 

The quick setting controls are easier to understand and have workflows that are more in line with expectations for tapping on icons for toggling the features on and off; easy access sliders provide fine-grained controls for volume and brightness.

First look at the new Windows 11 File Explorer

 

While Microsoft did not show off the new File Explorer at the Windows 11 event, we now have our first look at the updated UI. Featuring a compact ribbon, the UI uses the same icons in Windows 10 21H1 but the interface has been refined.

Windows 11 themes can now be quickly switched.

 

If you are a fan of themes, then this build is for you; changing themes across the entire UI of Windows 11 is now much easier with a single click.

Windows 11 widgets let you customize your feed.

 

Along with the Start menu, Widgets are one of the bigger updates coming to Windows 11 and in this release, Microsoft is pushing out the first iteration of the experience.

The news feed in the widget area will be personalized to your specifications and you can also find weather and traffic information as well.

Windows 11 snap groups make it easier to keep apps together.

 

Snap layouts and Snap groups are new productivity-focused features that make it easier to snap apps to a pre-defined percentage of your display. Snap groups are exactly as the name sounds, it keeps multiple windows snapped together in a group to easily re-launch to a group of applications.

The new Windows 11 store will also come to Windows 10.

 

Microsoft has overhauled the Windows store and in this release, we get our first sample of the updated interface. While the UI is new, this release does not include the ability to install Android apps, which will be coming in a later release.

Windows 11 settings have been overhauled.

 

The settings panel in Windows 11 has also been overhauled. In this release, we get our first look at the updated UI that features faster “quick action” items, new icons, more whitespace, and overall, a theme that matches the rest of Windows 11.

Windows 11 settings make it faster to do common tasks.

 

As an example, Bluetooth settings have been updated to make it much easier to connect or disconnect a device from your PC.

Updated Windows 11 settings makes connecting/disconnecting easier.

 

Another good example is the network connectivity toggles. The layout of all your connection settings is easier to see in one view and displayed in a way that should make connecting or unplugging from the Internet easier.

One other feature coming to Windows for the first time with this release is support for Wi-Fi 6E. This new connectivity standard opens up more bandwidth for connections in your home (or workplace) and is now supported natively in Windows 11.

These are the major updates that are coming to the first build of Windows 11 that is now available. You can download the update via Windows update if you are an Insider but you should not install this release on a device used in a production environment. Also make sure to keep an eye on the Known Issues log as it’s quite extensive.