Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels

Channel Catalog

Channel Description:

Resources for IT Professionals

older | 1 | .... | 857 | 858 | (Page 859) | 860 | 861 | .... | 889 | newer

    0 0

    It's an old story... client meets network, client falls in love obtains IP address from DHCP server, DHCP server registers DNS record on behalf of client...

    Ah, so romantic!

    But.. have you ever wondered how the DHCP server registers the client's DNS record? No? Where's your sense of adventure! 



    Here's the context. As you may have gathered, the DHCP server is able to register PTR and A records on behalf of clients. There are a few ways to achieve this. To perform the DNS updates in a secure manner and to ensure that stale resource records are avoided, we recommend configuring the DHCP server to use a standard Active Directory user account, i.e. non-privileged, to perform the updates. The same account can be used across a number of DHCP servers. In summary, you'll need to create a dedicated account and configure the DHCP server with its credentials in the following circumstances:

    • The DHCP server is configured to perform dynamic updates on behalf of clients (see below)
    • The DNS zones to be update are configured to only allow secure dynamic updates, e.g. Active Directory integrated


    I want to achieve the configuration shown in the following screen-shots...

    Figure 1 - Example DNS Related Settings (IPv4 Properties / DNS)


    Figure 2 - Example DNS Dynamic Update Credentials (IPv4 Properties / Advanced / Credentials)


    Over to PowerShell...



    Here's a hash table of values to be splatted to the Set-DhcpServerv4Setting cmdlet. It reflects the settings in Figure 1.

    #Set up values for Set-DhcpServerv4DnsSetting

    $DnsSettings= @{

    DynamicUpdates ="Always"

    DeleteDnsRROnLeaseExpiry =$true

    UpdateDnsRRForOlderClients =$true

    DisableDnsPtrRRUpdate =$false

    NameProtection =$false



    Now, splat those settings to your DHCP servers.

    #Splat values to Set-DhcpServerv4DnsSetting




    Next, create the low-privileged user account. Make sure the password doesn't expire and set a complex password. Manage the account as per all your other service accounts. With the account created you can add it to each of your DHCP servers. You'll need to use Get-Credential first to temporarily store the credential.

    #Add service account to DHCP





    And, they all lived happily ever after...


    0 0


    Script Download:  
    The script is available for download from You can also use  Microsoft Script Browser for Windows PowerShell ISE to download the sample with one button click from within your scripting environment. 

    This T-SQL script will demonstrate how to find out how many users in the enterprise are running and what version of the client they are using.

    You can find more All-In-One Script Framework script samples at

    0 0


    日本マイクロソフト株式会社 (本社:東京都港区) は、幻想的で美しい世界を舞台にした探索型アクション ゲーム Xbox One 用『Ori and the Blind Forest (オリとくらやみの森)』の拡張版、『Ori and the Blind Forest: Definitive Edition』を Xbox Games ストアで 2016 年 3 月 11 日 (金) に配信価格 2,000 円で配信開始しました。また、『Ori and the Blind Forest』をお持ちのユーザーは、配信価格 500 円 (税抜) で『Ori and the Blind Forest: Definitive Edition』を購入できます。『Ori and the Blind Forest: Definitive Edition』は、『Ori and the Blind Forest』のゲーム内容に加え、新たなストーリー、新たな能力「ダッシュ」や「ライトバースト」、難易度設定などの機能が加わり、ナルの過去が明かされる新しい 2 つの世界を冒険できます。
    なお、Windows 10 PC 用『Ori and the Blind Forest: Definitive Edition』は、後日配信予定です。


    『Ori and the Blind Forest: Definitive Edition』について :

    『Ori and the Blind Forest (オリとくらやみの森)』は、幻想的で美しい世界を舞台にした探索型アクション ゲームです。突然やってきた強力な嵐の影響で、ニブルの森は多くの悲劇にみまわれ、小さなヒーローは故郷を守るため勇気をふりしぼり、暗黒の敵に立ち向かいます。手書き風のタッチと繊細に作りこまれたキャラクター、そしてフルオーケストラ編成の音楽が魅力の愛と犠牲の感動の物語が描かれます。『Ori and the Blind Forest: Definitive Edition』は、『Ori and the Blind Forest』のゲーム内容に加え、新たなストーリー、新たな能力「ダッシュ」や「ライトバースト」、難易度設定などの機能が加わり、ナルの過去が明かされる新しい 2 つの世界を冒険できます。

    (Please visit the site to view this video)


    製品基本情報 :『Ori and the Blind Forest: Definitive Edition』

    タイトル表記 :  Ori and the Blind Forest: Definitive Edition
    読み方 :  オリ アンド ザ ブラインド フォレスト ディフィニティブ エディション
    プラットフォーム :  Xbox One / Windows 10 PC
    発売元 :  Microsoft Studios
    開発元 :  Moon Studios
    国内販売元 :  日本マイクロソフト株式会社
    配信日 :  Xbox One 用 - 2016 年 3 月 11 日 (金) / Windows 10 PC 用 – 未定
    参考価格 :  新規購入 - 2,000 円 (税抜) / Ori and Blind Forest ユーザー – 500 円 (税抜)
    プレイ人数 :  1 人
    言語 :  日本語 (字幕版)
    レーティング :  CERO A (全年齢対象)
    ジャンル :  アクション アドベンチャー
    Web サイト :
    コピーライト :  © 2016 Microsoft
    備考 :  『Ori and the Blind Forest: Definitive Edition』は、『Ori and the Blind Forest』の内容が含まれます。『Ori and the Blind Forest』からのセーブデータの引継はできません。各プラットフォームは別売りです。Xbox One とWindows 10 PC 間でのセーブデータの引継は対応予定です。ストレージに 9.5GB 以上の空き容量が必要です。


    『Ori and the Blind Forest (オリとくらやみの森)』について :

    『Ori and the Blind Forest』は、幻想的で美しい世界を舞台に、パズルのような謎解き要素のある探索型アクション ゲームです。


    Moon Studios について:

    Moon Studios は 2010 年に Thomas Mahler (Blizzard Entertainment の元 Cinematic Artist) と Gennadiy Korol (Animation Lab の元 Senior Graphics Engineer) によって創設された独立系ビデオ ゲーム開発スタジオです。同社は高度に洗練されたゲームプレイ メカニクスを作品に取り入れることを得意としているほか、徹底的にゲームを“洗練”させる技術を誇っています。Moon Studios は“分散型”の開発スタジオです。チームメンバーは世界中に散らばっており、ゲーム業界におけるトップレベルの人材の確保を実現しています。


    0 0


    Las actualizaciones públicas para Project 2010 y Project Server 2010 correspondientes al mes de marzo de 2016 se pueden encontrar en los siguientes enlaces:

    Paquete “rollup” o completo Project Server 2010:

    Paquete individual Project Server 2010:

    No hay paquete individual este mes para Project Server 2010. Como muy bien explica Brian en su post, no hay parches para Project Server 2010 este mes, de ahí que no exista el paquete individual.

    La versión de la base de datos seguirá mostrando el mismo número que en la actualización de septiembre (no ha habido cambios en el esquema desde esa actualización, de ahí que se mantenga…): 14.0.7156.5000

    Paquete cliente Project 2010:

    La versión de Project PRO 2010 para a ser 14.0.7167.5000

    Hemos consultado los siguientes posts antes de escribir éste:

    Esperamos os resulte de interés, un saludo.

    Jorge Puig

    0 0

    昨年リリースしたExchange Serverの最新版、Exchange Server 2016の自習書シリーズを本日Technetで公開しました。

    自習書のダウンロードはこちらからどうぞ ➡







    1のアーキテクチャ編では、 Exchange Server 2016 で強化・変更されたアーキテクチャ、および、他サーバーとの連携 (具体的には Office Online Server) に関して説明しています。

    • 第 1 部 Exchange Server 2016 の新しいアーキテクチャ
    • 第 2 部 Office Online Server との連携


    2の移行・共存編では、、Exchange Server 2016 を社内に導入するために必要な情報を次の章に分けて説明しています。

    • 第 1 部 Exchange Server 2016 の移行共存
    • 第 2 部 既存 Exchange 組織への Exchange Server 2016 の追加インストール
    • 第 3 部 Exchange Server 2016 への移行


    オンプレミスでExchange Server 2016の導入、展開を検討されている方は是非ご覧ください!

    0 0

    Aujourd'hui un épisode court pour un tour rapide de l'actualité, avec Stanislas et Arnaud . Comme toujours, retrouvez cet épisode dans le flux RSS du podcast, sur iTunes , ou directement sur le site : Ouverture, Linux, etc. Announcing SQL Server on Linux Microsoft France recherche un spécialiste Linux OCP 2016: Building...(read more)

    0 0

    Remote Desktop Connection Manager (RDCMan) is a very popular remote administration tool with Microsoft admins.  RDCMan allows us to minimise the number of open windows on the local machine, when connecting to multiple remote systems.  At the time of writing, the latest version is 2.7 which can be downloaded here

    On my Windows 10 1511 laptop, some of my Azure VMs were not correctly rendering the display.  In the below screenshots you can see that the screen is not painted correctly and that there are many artefacts in the output.

    Paint It Black

    The in this example, the screen is black, with patches of grey an other pixelated silliness.  If I wanted pixels, I’d be playing Minecraft….

    More Pixels Than Minecraft

    If you see this issue, some troubleshooting steps that you may unsuccessfully try are:

    • Logging off the remote server
    • Restarting remote server
    • Restarting local machine


    It is most likely an issue with the locally cached bitmaps.  In order to clear the bitmap cache, remove the cache files out of this folder on your local machine (NOT the remote server).

    C:\Users\%UserName%\AppData\Local\Microsoft\Terminal Server Client\Cache


    Bitmap caching places commonly used bitmaps, such as the one that displays the Start button, in a file on the client computer. This improves performance by minimizing the amount of display information that must be passed over a connection.

    The option for bitmap caching is not really exposed in the RDCMan interface, but you can see it below in the standard RDP client.




    0 0

    Today’s Tip…

    Check out the Office 365 roadmap here…

    You can check out features that have recently launched, in progress of being rolled out, in development, and previously released. You can further filter on apps, services, and platforms you are interested in.


    However, not all services are listed in the Filters such as Project. If you find a feature for a service, you can click on the tag to further filter based on tags…


    For example, I clicked on the Project tag above and I get the following Project related features that are getting rolled out…

    Apps for Project Pro for Office 365 will be able to write-back and update the project plan.

    In Project Pro for Office 365, you will be able to create multiple timeline bars within the Timeline view. You will also be able to set a custom date range for each timeline bar in order to just highlight a certain time period of the project in the Timeline view.

    0 0

    Este alerta tem por objetivo fornecer uma visão geral de um novo boletim de segurança disponibilizado pela Microsoft fora do ciclo mensal em10 de março de 2016. A Microsoft disponibiliza novos boletins de segurança para tratar vulnerabilidades que afetam os produtos Microsoft.


    Novo Boletim de Segurança


    A Microsoft está lançando em 10 de março de 2016 o boletim MS16-036 que trata do Adobe Flash Player, fora do ciclo mensal de boletins. Esta atualização de segurança corrige vulnerabilidades no Adobe Flash Player quando instalado em todas as edições suportadas do Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1 e Windows 10.  

    Esta atualização de segurança foi classificada como Crítica. A atualização elimina as vulnerabilidades no Adobe Flash Player ao atualizar as bibliotecas afetadas do Adobe Flash contidas no Internet Explorer 10, Internet Explorer 11 e Microsoft Edge.


    Para obter informações adicionais sobre este lançamento, incluindo detalhes sobre as vulnerabilidades, produtos afetados, ações sugeridas, fatores de mitigação, soluções alternativas e respostas para as perguntas mais frequentes, leia o boletim de segurança publicado aqui:


    Comunicado Adicional Relacionado aos Lançamentos do Boletim de Segurança


    Ajude a proteger seu ambiente de computação mantendo-se atualizado com as últimas informações através das notificações técnicas de segurança da Microsoft. As notificações estão disponíveis em formato de e-mail, RSS ou para dispositivos móveis, além da versão online. Informações sobre as Notificações Técnicas de Segurança Microsoft podem ser encontradas aqui:


    Nota Sobre a Consistência das Informações


    Nos esforçamos para fornecer informações precisas em conteúdo estático (esta correspondência) e dinâmico (baseado na Web). O conteúdo de segurança da Microsoft publicado na Web é atualizado ocasionalmente para refletir informações alteradas. Se isso resultar em inconsistência entre as informações aqui contidas e aquelas no conteúdo de segurança baseado na Web da Microsoft, as informações no conteúdo de segurança baseado na Web da Microsoft é o oficial.


    Se você ainda tiver alguma dúvida sobre este alerta, por favor, entre em contato com seu Gerente de Contas Técnico.




    Equipe de Segurança de CSS Microsoft


    0 0

    Esta alerta es para ofrecerle una descripción general de los nuevos boletines de seguridad publicados por Microsoft fuera de banda el 10 de marzo de 2016. Microsoft publica nuevos boletines de seguridad para hacer frente a las vulnerabilidades que afectan a los productos de Microsoft.



    Microsoft publica MS16-036 para Adobe Flash Player fuera de la banda el10demarzode 2016. Esta actualización de seguridad resuelve vulnerabilidades en Adobe Flash Player cuando está instalado en todas las ediciones compatibles de Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1 y Windows 10.  

    Esta actualización de seguridad se considera Crítica. La actualización soluciona las vulnerabilidades en Adobe Flash Player mediante la actualización de las bibliotecas Adobe Flash afectadas contenidas dentro de Internet Explorer 10, Internet Explorer 11 y Microsoft Edge. 

    Para obtener más información sobre esta publicación con detalles sobre vulnerabilidades, productos afectados, acciones sugeridas, factores atenuantes, soluciones y respuestas a las preguntas más frecuentes, consulte el boletín de seguridad publicado en: .




    Ayude a proteger su entorno informático al mantenerse al día con la información más reciente utilizando las notificaciones de seguridad técnica de Microsoft. Las notificaciones están disponibles en RSS, dispositivo móvil o correo electrónico, así como en línea. La información sobre las Notificaciones de seguridad técnica de Microsoft se puede encontrar aquí:




    Nos esforzamos por proporcionarle información precisa en contenidos estáticos (este correo) y dinámicos (basados en la Web). Ocasionalmente se actualiza el contenido de seguridad de Microsoft colocado en la Web para reflejar la información más reciente. Si esto resulta en una inconsistencia entre la información en este documento y la información en los contenidos de seguridad basados en la Web de Microsoft, éstos últimos prevalecerán.


    Si tiene alguna pregunta sobre esta alerta, póngase en contacto con su Gerente Técnico de la cuenta.




    Equipo de Seguridad CSS Microsoft


    0 0

    Long ago as part of a different post I provided a query to make collections based on status messages.  I have since had several customers asking for this ability, making me aware that the blog post was not very discoverable.  Not surprising since the focus of that post was different.

    My older blog post was done with SCCM 2007 and things have changed slightly with ConfigMgr 2012.  Collections are specifically aimed at user and system resources and thus the resource class is more strictly enforced now than it was in 2007 and older versions.  That requires a slight change to how the statmsg query is written.  Originally I was pulling against the statmsg tables, joined with the system resource table.  That needs to be changed to pull against the system resource table and joined to the other tables.  It will then be allowed in a device collection.

    Lets get to an example, as I think that will make things very clear.  I ran a status message query in the UI for all machines that received a deployed program, which is a 10002 status message.  The status message query has several inputs, one of which is a specific deployment.  For my collection I didn't bother to do that filter.  For my collection I want to get all machines who got any deployment message in the last 30 days.  Here is what that query looks like:

    select SYS.ResourceID,SYS.ResourceType,SYS.Name,SYS.SMSUniqueIdentifier,SYS.ResourceDomainORWorkgroup,SYS.Client from sms_r_system as SYS   join SMS_StatusMessage as stat   on stat.machinename =   where stat.ModuleName = "SMS Client" and stat.MessageID = 10002 and DateDiff(dd,stat.Time, GetDate()) <30

    By creating a collection, creating a query against a system resource, and using the query designer you should be able to cut and paste this in.  You can adjust the MessageID and time span according to your own needs.

    0 0

    Upgrade to Project Server 2016 environment fails with below error message. Migrate-SPProjectDatabase : The project schema has not been provisioned in Content database '2013_ProjectWebApp'. Use the Upgrade-SPContentDatabase command to upgrade the Content database and then retry the migration command At line:1 char:1 + Migrate-SPProjectDatabase + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (Microsoft.Offic...ProjectDatab ase:PSCmdletMigrateSPProjectDatabase...(read more)

    0 0

    This article may be helpful for reference. I have used Skype for business 2015 server, ARR reverse proxy and Skype for business windows mobile client for the testing. Exchange DL name is I have separated DL expansion process in to four sections.


    When a user signed in to Skype for business mobile client, frontend server will provision a web ticket for the mobile user. Normally, this web ticket will be valid for 8 hours. Using this web ticket mobile client can request for the client certificate from skype for business cert provision service. By default, client certificate will be valid for 180 days. Mobile client will present the same web ticket for address book web queries and DL expansion requests if it is valid.


    I have launched SFB mobile client and signed in successfully. Then searched DL name with keyword ‘em’ from address bar.SFB mobile client initiated the web query as below. You can see the webticket header part of the request.

    Log. 1. Search query from mobile

    82005 GET
    82006 Request Id: 065BDBDC
    82007 HttpHeader:Accept application/
    82008 HttpHeader:Content-Type application/
    82009 HttpHeader:X-MS-Namespace internal
    82010 HttpHeader:X-MS-WebTicket XXXXXXX

    Log. 2. Query response from FE servers with XML.

    82020 GET
    82021 Request Id: 065BDBDC
    82022 HttpHeader:Cache-Control no-cache
    82023 HttpHeader:client-request-id ac8511da-29fc-4257-8237-64a0c2bc8bda
    82024 HttpHeader:Content-Type application/; charset=utf-8
    82025 HttpHeader:Date Wed, 09 Mar 2016 22:29:29 GMT
    82026 HttpHeader:Server Microsoft-IIS/7.5
    82027 HttpHeader:StatusCode 200
    82028 HttpHeader:Strict-Transport-Security max-age=31536000; includeSubDomains
    82029 HttpHeader:X-MS-Correlation-Id 2147484647
    82030 HttpHeader:X-Ms-Namespace internal
    82031 HttpHeader:X-MS-Server-Fqdn
    82032 HttpHeader:X-Powered-By ARR/2.5
    82034 <?xml version="1.0" encoding="utf-8"?><resource rel="search" href="/ucwa/v1/applications/212484333169/people/search?query=em&amp;limit=20" revision="2" xmlns=""><property name="moreResultsExtailable">False</property><resource rel="distributionGroup" href="/ucwa/v1/applications/212484333169/people/groups/"><link rel="expandDistributionGroup" href="/ucwa/v1/applications/212484333169/people/groups/" /><link rel="addToContactList" href="/ucwa/v1/applications/212484333169/people/groups/addToContactList?displayName=empl+%26+contra&amp;" /><property name="uri"></property><property name="id"></property><property name="name">empl &amp; contra</property></resource></resource>

    DL expansion

    Mobile client received a 200 OK from server. XML response from FE server has the DL expansion URL.I have selected DL name from search results and clicked on expand. Skype for business mobile client sent a new request to FE server. I got the DL membership information from the response. In my case test user1 is a member of this DL. XML response file will also include all relevant URLs for presence, photo download etc.

     Log. 3. DL expansion request

    82056 GET
    82057 Request Id: 065BF52C
    82058 HttpHeader:Accept application/
    82059 HttpHeader:Content-Type application/
    82060 HttpHeader:X-MS-Namespace internal
    82061 HttpHeader:X-MS-WebTicket XXXXXXX

    Log. 4. DL expansion response from FE server

    82073 GET
    82074 Request Id: 065BF52C
    82075 HttpHeader:Cache-Control no-cache
    82076 HttpHeader:client-request-id 377684b7-dede-49d2-a115-f463cc87be0d
    82077 HttpHeader:Content-Type application/; charset=utf-8
    82078 HttpHeader:Date Wed, 09 Mar 2016 22:29:32 GMT
    82079 HttpHeader:Server Microsoft-IIS/7.5
    82080 HttpHeader:StatusCode 200
    82081 HttpHeader:Strict-Transport-Security max-age=31536000; includeSubDomains
    82082 HttpHeader:X-MS-Correlation-Id 2147485827
    82083 HttpHeader:X-Ms-Namespace internal
    82084 HttpHeader:X-MS-Server-Fqdn SE.DOMAIN.COM
    82085 HttpHeader:X-Powered-By ARR/2.5

    82087 <?xml version="1.0" encoding="utf-8"?><resource rel="distributionGroup" href="/ucwa/v1/applications/212484333169/people/groups/" xmlns=""><property name="uri"></property><property name="id"></property><property name="name">empl &amp; contra</property><resource rel="contact" href="/ucwa/v1/applications/212484333169/people/"><link rel="contactPhoto" href="/ucwa/v1/applications/212484333169/photos/" /><link rel="contactPresence" href="/ucwa/v1/applications/212484333169/people/" /><link rel="contactLocation" href="/ucwa/v1/applications/212484333169/people/" /><link rel="contactNote" href="/ucwa/v1/applications/212484333169/people/" /><link rel="contactSupportedModalities" href="/ucwa/v1/applications/212484333169/people/" /><link rel="contactPrivacyRelationship" href="/ucwa/v1/applications/212484333169/people/" revision="2" /><property name="uri"></property><property name="sourceNetwork">SameEnterprise</property><propertyList name="emailAddresses"><item></item></propertyList><property name="type">User</property><property name="name">test user1</property><property name="etag">1476383057</property></resource></resource>


    Once DL expansion is completed. Mobie client will sent a subscription request to FE server to get the presence status of the DL members. Received a response from server with the presence status. You can also see other requests such as photo download , supported media etc.

     Log. 5. DL member's presence subscription request

    82211 POST
    82212 Request Id: 065BF01C
    82213 HttpHeader:Accept application/
    82214 HttpHeader:Content-Type application/
    82215 HttpHeader:X-MS-Namespace internal
    82216 HttpHeader:X-MS-WebTicket XXXXXXX
    82218 <input xmlns="">
    82219 <property name="duration">30</property>
    82220 <propertyList name="uris">
    82221 <item></item>
    82222 </propertyList>
    82223 </input>

    Log. 6. DL members presence subscription response

    82367 HTTP/1.1 200 OK
    82368 Cache-Control: no-cache
    82369 X-Ms-Namespace: internal
    82370 Content-Type: application/; charset=utf-8
    82372 <?xml version="1.0" encoding="utf-8"?><resource rel="contactPresence" href="/ucwa/v1/applications/212484333169/people/" xmlns=""><property name="extailability">Online</property><property name="deviceType">PC</property></resource>
    82373 --ed58f802-3438-47d1-b646-965f70e2d5f5
    82374 Content-Type: application/http; msgtype=response

    SFB FE Server responses:

    When I sent the address book query, UCWA collaborated with abs service and initiated a search query to find the DL information. Authentication module kicks in and verified webticket from header. Later, provided abs webquery results. UCWA called DLx module to contact AD and find the DL membership information. Dlx returned members list. Lync FE server collated all information in Xml response.

     Log. 7. ABS web query on SFB FE.

    08829 TL_VERBOSE(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:29.479.00013220 (Dlx,AbWebService.SexteSqlQueryResultToAbQueryResult:rtcabwebsvc.cs(1606)) 1/1 contacts added to web query result
    08830 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:29.479.00013221 (UCWA,AddressBookService.GetSearchResultData:addressbookservice.cs(645)) Abs search return 1 results for Query: em

    Log. 8. Webticket verification on FE.

    08856 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.0001323B (WebInfrastructure,OCSAuthModule.BeginRequest:iismodule.cs(459)) [2147485827]Enter - <uri,>
    08857 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.0001323C (WebInfrastructure,OCSAuthModule.BeginRequestImpl:iismodule.cs(512)) [2147485827]<credTypes, WebTicket>, <legacyWinAuth, False>
    08859 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.0001323E (WebInfrastructure,OCSAuthModule.BeginAuthenticateUser:iismodule.cs(653)) [2147485827]<endp, https://~/v1/applications/212484333169/people/groups/>
    08860 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.0001323F (WebInfrastructure,OCSAuthModule.BeginAuthenticateUser:iismodule.cs(700)) [2147485827]<credTypes, WebTicket>, <legacyWinAuth, False>, <maxRequestLength, 102400>, <acceptedRemoteCredentials, SplitDomain>
    08861 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.00013240 (WebInfrastructure,HttpWebticketAuthRequestHandler.ExtractCredentials:httprequestauthhandlerimpl.cs(228)) [2147485827]X-MS-WebTicket header found
    08862 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.00013241 (WebInfrastructure,OCSWebTicketCredentials.ExtractInstance:credentialsimpl.cs(2134)) [2147485827]Exit: CompactWebTicketCredentials found
    08863 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2FD4::03/09/2016-22:29:31.792.00013242 (WebInfrastructure,CompactWebTicketCredentials.ExtractValidWebTicketCallback:credentialsimpl.cs(2756)) [2147485827]Found user compact web ticket.

    Log. 9. Dlx module lookup

    08889 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.823.0001325C (Dlx,Service.GetGlobalCatalogDirectorySearcher:service.cs(786)) GC:DC.DOMAIN.COM[], OS:Windows Server 2012 Datacenter, Domain:DOMAIN.COM, Site:Default-First-Site-Name

    08890 TL_VERBOSE(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.823.0001325D (Dlx,Service.QueryADGetDistributionListInfo:service.cs(3929)) Looking up:

    Log. 10. Dlx AD query response on FE

    08901 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.00013268 (Dlx,Service.QueryADGetDistributionListInfo:service.cs(4033)) Found : empl@domain.com08902 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.00013269 (Dlx,Service.ProcessADRequest:service.cs(3129)) User found. DN is CN=empl & contra,CN=Users,DC=domain,DC=ORG08903 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326A (Dlx,Service.ProcessADRequest:service.cs(3163)) msRTCSIP-TenantId of the dl is 00000000-0000-0000-0000-00000000000008904 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326B (Dlx,Service.ProcessADRequest:service.cs(3178)) msRTCSIP-GroupingId of the dl is 00000000-0000-0000-0000-00000000000008905 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326C(Dlx,Service.GatherAndPopulateMembers:service.cs(3489)) Found : 2 members in CN=empl & contra,CN=Users,DC=domain,DC=ORG08906 TL_VERBOSE(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326D (Dlx,Service.QueryADAndPopulateResults:service.cs(3550)) Requesting AD for properties of : 2 members08907 TL_INFO(TF_COMPONENT) [SE\SE]0B98.2B90::03/09/2016-22:29:31.901.0001326E (Dlx,Service.PopulateGroupMemberResults:service.cs(3812)) Ignoring member because SipUri is not found: CN=Administrator,OU=hybrid,DC=domain,DC=ORG


    This article may be helpful for understanding the DL expansion behavior in Skype for business mobile client and server. I haven't included any troubleshooting steps in this document. If you know the call flow if you would be easy to isolate the issue.

    0 0

    Today's blog post is about the steps required to "Install Dynamics CRM for Outlook without an Internet connection using ConfigMgr".

    [NOTE: CRM 2016 for Outlook, Office 2016, Windows 10-x64 Client and ConfigMgr 2012 R2 SP1(CU2) are the versions used while creating this document.]


    1.     Download Microsoft Dynamics CRM 2016 Client for Outlook from Microsoft Download center.


    2.     Download both x86 and x64 versions.

    3.     Create two folders for each version like below.

    4.     Extract both files in two different folders.

    5.     Create the below folders with the exact name in both x86 and x64











    6.      Download the Prerequisite files corresponding to each folders you created above.


    Microsoft .NET Framework 4 (Offline Installer (64 and 32-bit)) - NDP452-KB2901907-x86-x64-AllOS-ENU.exe


    Microsoft Report Viewer 2012 Runtime - ReportViewer.msi


    Microsoft SQL Server Compact 4.0 SP1 (64-bit) - SSCERuntime_x64-ENU.exe

    Microsoft SQL Server Compact 4.0 SP1 (32-bit) - SSCERuntime_x86-ENU.exe


    SQL Express 2012 Express SP2 x86 (32-bit, used by both 64 and 32-bit versions of Dynamics CRM for Outlook) - SQLEXPR_x86_ENU.exe


    SQL Express 2008 R2 SP3 - SQLEXPR_x86_ENU.exe


    Microsoft Visual C++ 2013 Redistributable (64-bit) - 12.0.21005 - vcredist_x64.exe
    Microsoft Visual C++ 2013 Redistributable (32-bit) - 12.0.21005 - vcredist_x86.exe


    Microsoft Visual C++ Redistributable SP 1 (64-bit) - 10.0.40219 - vcredist_x64.exe

    Microsoft Visual C++ Redistributable SP 1 (32-bit) - 10.0.40219 - vcredist_x86.exe


    Windows Identity Foundation, Windows 7 (64-bit) - 6.1.7600.0 - Windows6.1-KB974405-x64.msu

    Windows Identity Foundation, Windows 7 (32-bit) - 6.1.7600.0 - Windows6.1-KB974405-x86.msu

    (Note: By default, Windows Identity Framework (WIF) is already included with Windows 8)


    SQLSysClrTypes.msi (32-bit) - SQLSysClrTypes
    SQLSysClrTypes.msi (64-bit) - SQLSysClrTypes

    (Important: After downloading the file, you must rename it according to the bitness of the client. Rename SQLSysClrTypes.msi to: SQLSysClrTypes_x86.msi for the 32-bit client; SQLSysClrTypes_x64.msi for the 64-bit client.)


    7.     After downloading all the files, the folder structure will look like below for each x86 and x64 version of CRM 2016 Client.


    8.     Create two Custom Global Condition to confirm the Outlook version installed on the machine. This will be used as a requirement in the Application Deployment Types.



    9.     Create an Application in ConfigMgr.

    10.   Add a deployment type for x64 - CRM2016 Client installation to the Application.


    11.   Deployment Type Properties may look like below for x64-Install-CRM2016Outlook



    Command line used above : SetupClient.exe /Q /l "%SYSTEMDRIVE%\Temp\CRM_2015_Install.log"

    Used MSI Product Code for detection. {0C524D20-1409-0080-8A9E-0C4C490E4E54}


    Used the above created Global Condition x64-Outlook-Office16 for x64 Deployment Type as requirement.


     12.  Deployment Type Properties may look like below for x86-Install-CRM2016Outlook

    Command line used above : SetupClient.exe /Q /l "%SYSTEMDRIVE%\Temp\CRM_2015_Install.log"

    Used MSIProduct Code for detection. {0C524D20-1409-0080-8A9E-0C4C490E4E54}

    Used the above created Global Condition x86-Outlook-Office16 for x86 Deployment Type as requirement.

    13.   After creating the application Distribute the content to the Distribution Points and make sure the Content Distribution Progress shows as "Installed" and deploy the application to a client machine.

    14.   Once the client installed the CRM for Outlook Successfully, it will have the Installation Logs under "%SYSTEMDRIVE%\Temp" as below.

    15.   In case of failures, you can refer the CRM_2015_Install.log for errors.



    Senthilkumar Pandurangan

    Support Escalation Engineer | Microsoft System Center Configuration Manager


    Disclaimer: This posting is provided "AS IS" with no warranties and confers no rights


    0 0

    Today’s Tip…

    The removal of NAP in Windows 10 left no viable Device Compliance mechanism for remote access clients.  The Conditional Access Framework, a cloud-based policy engine built into Azure AD, includes a collection of services that fill this gap.  The Conditional Access Framework and its companion services are ideal for assuring health of devices requesting VPN access to corporate networks, as well as other online services such as SharePoint and Exchange Online.

    What exactly is Conditional Access?

    Because the use of mobile devices to access corporate information continues to rise, some way to evaluate device security or health is required.  An efficient end-to-end security approach should be able to evaluate device health and use the current security state to make a real-time decision about whether to grant access to a high-value asset.

    How Conditional Access Works

    When access to a managed resource (VPN, for example) is requested, the device authenticates the user through a connection to an identity provider, such as Azure Active Directory, in the cloud.   If the managed resource contains highly confidential information, the conditional access engine of the identity provider may elect to verify the security compliance of the mobile device before access is granted. 

    A simple conceptual flow is as follows:


    Figure 1

    The combination of Windows 10-based devices, identity provider, MDM, and remote health attestation creates a robust end-to-end-solution that provides validation of health and compliance of devices that access high-value assets.


    Figure 2


    In summary, Azure Active Directory includes the ability to control access to resources (that use the AAD ID) based on many types of rules of which Device Compliance is one. 

    0 0

    With the release of SharePoint Server 2016 will come SharePoint’s long-time companion, Office Online Server. Office Online Server (previously called Office Web Apps Server 2013) is a separate product, installs on separate servers and can be used by SharePoint, Exchange, Skype for Business, file shares and other web sites. Let’s discuss why it’s essential to your SharePoint Server 2016 deployment.

    Previews and Online Viewing

    This one is an old trick but still, so useful. When you integrate SharePoint Server 2016 and Office Online Server, you get rich online viewing and editing of your Office files. Browser-based viewing and editing is useful in situations where the Office client is not installed but also when you just don’t need to download the entire document. And the “Online” versions are powerful, you can do the most common tasks right there in the browser. Just as an example, with PowerPoint Online I can modify my font, its size, colors, insert shapes, insert pictures, create SmartArt, hyperlinks, insert video, apply a slide design, and even apply the most common transitions and animations.

    In addition, you get previews inside document libraries and with your search results, as shown below.

    Durable Links

    Senior Product Marketing Manager, Bill Baer, wrote an excellent article on Durable Links several months ago. In summary, SharePoint provides an identifier for Office documents rather than using its name. This means you can rename your files and even move them around within your Site Collection, and the link will continue to work.

    This is really useful. Consider you keep “draft” documents in a separate document library or subsite before they’re final. The file could undergo several name changes and versions but the link won’t change. Then, when you move it to a different site or to the “final” document library, the link still works.

    Excel Services

    Excel Services in SharePoint Server 2013 provided a way to interact with workbooks with data models in a browser, refresh them, work with Power View in a browser as well as PivotCharts, PivotTables and calculated fields. But, you could not create or edit a workbook from the browser or view it if it had rights management applied. For that, you needed Excel Web App and you had to make a choice of which to use.

    With SharePoint Server 2016, some of the Excel Services functionality has been moved into Office Online Server. We now have a single service, through Office Online Server, which provides the ability to display and interact with Excel workbooks. So, if you intend on using Excel Services features, including the Excel Web Part, deploying Office Online Server is a must.

    Wrap Up

    Consider Office Online Server when planning for a SharePoint Server 2016 deployment. The previews, browser-based viewing and editing, Durable Links, and Excel Services capabilities offer users a richer experience. In addition, the same set of servers can be used by Exchange Server 2016, Skype for Business, file shares and other web sites to display Office documents.

    We think Office Online Server is essential, that’s why the SharePoint 2016 Product Line Architecture (PLA) includes it as part of the architecture. The PLA takes the best of Microsoft’s learnings from the cloud, projects with customers, Premier and broad support and repeated consulting engagements to come up with a reference architecture. Find out more by contacting your Microsoft representative and by visiting the PLA blog.

    0 0

    Hi, and welcome to another article of TechNet Wiki Blog. In last month, I see a lots of great articles so help you improve your cloud technology knowledge.



    I am proud of some articles are Turkish. Yeah, I am talking about Ezgi Can. You can see Ezgi’s profile here 


    You can see my favorite articles of Ezgi’s


    Whether an enjoyable Sunday


    Turkish Wiki Ninja Davut

    0 0

                雖然新的威脅、攻擊與技術層出不窮,但企業亦可立即採取行動以解決安全疑慮,並提升其資安準備。微軟持續與全球合作夥伴、安全生態系統及各國政府共同合作,確保提供消費者與企業最完整可靠的技術,而針對通訊與雲端趨勢的使用,也更能無後顧之憂地大幅運用,為企業成長發展更進一步。今天要跟各位分享 Windows10 如何以專業的服務阻絕各種新式攻擊。


       隨著摩爾定理的發威,過去原本被認定的安全機制,近期宣佈破解的不計其數,尤其史上最老牌的作業系統 Windows XP 更被發現,只要在破密叢集上面安裝 25 塊的高階顯示卡,加上 10Gbps 的內部交換通道,透過它的 GPU 的平行運算,可以在 6 小時以內被暴力破解成功,這也意味著兩件事情,一、原破密工程所需要的硬體是遙不可及,但現在有機會出現在個人環境中,而非實驗室,其取得成本已大幅降低,二、若你還在使用老舊的作業系統,即使每日辛勤的更換密碼,也是徒然,在你變更完不到 6 小時內即可被破解出正確的密碼。隨著大環境硬體技術的進化,取得成本相對便宜的前提之下,似乎老舊系統已經沒有任何績極的防護作為,可以讓系統安全再次有效的提升防護能力。因此在今日,我們可以知道除了加強驗證機制、提升系統安全,重視實體安全、隔離無法升安全性的敏感主機以外,別無它法。


        上述所提及的密碼被暴力破解的問題只有局限於 Windows XP、Windows server 2003 嗎?很遺憾的,只要你無法變更你的密碼系統或提升安全驗證機制的系統,幾乎都在影響範內,而 Microsoft 的資訊安全專家們也知道離線式破解總有一天會大行其道,例如像 Rainbow Table,透過加密法讓攻擊者可預先在離線的環境中,將所有的明文轉換成為密文,這樣一來破解密碼就有如查表一般的快速。

       早期 LM Hash XP 的環境上,因為限制密碼長度最少 4 個字、最長 14 個字,而利用 LM Hash 的特性,密碼的 1-7 碼存於第一個區段中,8-14 碼存於第二個區段中,當密碼少於 8 碼時,很明確的第二個區段則是 null,因此在這個 hash function 並沒有加入任何混淆,因此第二個區段若為 null 值,其 hash 結果則是 0xAAD3B435B51404EE,因此我們在取得 hash 值時,只要發現第二個區段是 AAD3B435B51404EE 時,我們可以快速的透過 Rainbow table 查表得到明文密碼,而字典檔的產生不費時,因為只需要產生4~7 碼,若密碼又只有使用英文、數字那麼更大幅度的降低了 Rainbow table 的產生時間。

       在 Windows 8 中首度加入了 Microsoft passport Account 登入本機電腦,將驗證及其保護的層級由離線式拉升至線上,配合 Microsoft passport 基本的保護措施,無論是陌生電腦登入要強制執行第二次的驗證,達成多因子驗證的目的,或者是直接就在行動裝置上安裝驗證器,讓智慧型手機變成 OTP 載具,以提供使用者可以直接在第二個裝置上加強安全驗證機制,因此,在原本的驗證機制上要再次提升安全性是困難的,但透過整合至雲端服務,也是一個安全託管的框架,強制提升安全性。



       為了加強地端的安全,而將密碼機制拋上雲端,接踵而來的就是隱私及適規性的問題,也因為將密碼驗證機制拋上了雲端,因此其密碼系統調整的彈性及未來改進的方案會相較於地端解決方案來得快速、更具彈性,那麼除了雲端上的解決方案以外,地端沒有任何一個解決方案嗎?過去所鑄下的錯誤已無法追回,唯一的方法是透過建議作法及更新架構來提升安全性,而更新架構是一個相當大的工程,除了驗證系統的更新,版本的提升以外,組態管理、應用程式佈署、已採購的 AP 如何同步的提升上來,這是個非常損耗營運成本的作法,透過建議作法的提升,可能是短期內可以大幅度降低風險的作法,依據該建議作法提升 NTLM 版本至 V2 ,加入第二種驗證機制(如智慧卡、One Time Password; OTP、生物認證),可以避免相關的威脅,但相對的多一個驗證機制,你也必須投資更多的設備或是軟體。



       Windows 10 在身份竊取的問題提出了非常好的概念「由根而上、層層把關」從一開始開機還在硬體防護時,透過 TPM SecureBoot 機制的防護,讓開機前的啟動受到保護,啟動作業系統時啟用 Device Guard 杜絕了惡意程式越權執行的的行為,登入時可以透過 Windows Hello 結合虹膜或指紋的辨識,無需再安裝第三方的應用程式或其它套件,最後在登入時除了可以使用 Microsoft passport 帳號登入結合雲端認證,也可以透過 Credential Guard 保護內部帳號的認證安全。

       Credential Guard Pass-the-Hash Pass-the-Ticket Attack 最先進的解決方案,不同於過去,Credential Guard 透過硬體在安全開機及虛擬化的平台,讓網域認證的安全性得以提升,除了硬體需要 Intel VT-x AMD-V 加上第二層定址傳輸 ( Second Level Address Translation )64 位元的 Windows 10 EnterpriseTrusted Platform Module ( TPM ) 1.2 2.0,即可啟用,透過虛擬化安全模組保護系統心,加上以安全驗證服務、虛擬TPM及虛擬層核心整合,將資料層層防護著,讓你的認證資訊滴水不漏!


       企業除了升級 Windows 10 Enterprise 配合硬體整合使用 device guard, Credential guard 以外,亦可透過 Azure Active Directory Premium,讓 Multi-Factor Authentication 零壓力的整合防護,Azure Rights Management 快速啟用跨企業的存取管制,讓資料保護得到更完全的防護,更快速的佈署,並可透過註銷功能、閱讀通知及文件軌跡追縱,讓擁有者輕輕鬆鬆看到自已文件的流向,落實身份安全、實體安全及認證安全,讓資訊安全的軍備競爭大幅度提升防護策略。



    Credential Guard -

    Device Guard -

    LM Hash wiki -

    Rainbow table -

    0 0
  • 03/13/16--20:00: Windows 10 Webinar Series
  • Want to learn about Windows 10 deployment, security and management? Well we have just the webinar for you!

    Join us between the 17th of March and 7th of April in four consecutive webinar series where we will walk through the key features that make it easier for IT teams to deploy, manage and secure their environments with Windows 10.

    During each one-hour webinar, and for 30 minutes after, a panel of experts will be on standby to answer your questions and provide technical help via online chat.

    Don't miss out and Register NOW:

    #1. Windows 10 for businesses of any size.

    #2. Preparing your environment and deploying Windows 10.

    #3. Windows 10 for device management. 

    #4. Windows 10 security.

    Thanks! Anika



    0 0

    Sejam muito bem-vindos a mais um Domingo Surpresa.

    Conforme é de conhecimento geral, a Microsoft segue trabalhando na reformulação do SQL Server. A versão 2016 desta plataforma de dados conta com inúmeras melhorias, as quais procuram assegurar uma maior segurança, alta disponibilidade, escalabilidade e um gerenciamento mais eficiente de informações relacionais.

    Além dos recursos já divulgados, o dia 07/03/2016 (uma segunda) trouxe mais uma grande novidade envolvendo o SQL Server 2016. Trata-se do anúncio da possibilidade de uso deste SGBD a partir de servidores Linux, em mais um movimento da Microsoft no sentido de oferecer uma maior interoperabilidade àqueles que optam por seus produtos e serviços.

    Maiores detalhes a respeito do suporte a Linux estão em:

    Quer aprender mais sobre o SQL Server 2016? A Microsoft vem mantendo uma lista de tutoriais no MSDN sobre esta tecnologia, com os conteúdos podendo ser acessados através do link:

    Para obter mais informações sobre o SQL Server 2016 consulte:

    Uma relação com inúmeros artigos do TechNet Wiki relacionados ao SQL Server também pode ser encontrada em:

    E por hoje é isso... Até a próxima!


    Wiki Ninja Renato Groffe (Wiki, Facebook, LinkedIn, MSDN)

older | 1 | .... | 857 | 858 | (Page 859) | 860 | 861 | .... | 889 | newer