Homeslice - Just Like a Boss

DCOM FUD Caused by KB5004442 Applies to Windows domain controllers that are setup as "Certification Authority" that are being used from domain connected workstations to perform user self enrollment to generate certificates for PIV smart cards.  PIV smart cards are used to authenticate and logon. While setting up a DCOM application such as certificate enrollment services between workstations and servers, all running modern operating systems such as Windows Server 2022 and Windows 10, you start to see DCOM failures.  And you see error 10036 in the system log. 10036 "The server-side authentication level policy does not allow the user %1\%2 SID (%3) from address %4 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application." (%1 – domain, %2 – user name, %3 – User SID, %4 – Client IP Address) This is a real error message from the test environment. The server-side authentication level policy...

 WMIC says "Invalid Global Switch" Why does it say that when you use the /NODE switch?  It's because WMIC really wants the full IP address of the remote computer, not the name. Here's an example of it: This is the right way to do it, to prevent "Invalid Global Switch" The WMIC Cookbook In these examples, we will write all output to a file called a.out. First one will be written, others will be appended. # --------- CUT HERE ----------------------- # A powershell script by Uncle Joe # To append to the file, use /APPEND instead of /OUTPUT $username="talladega\lets_go_brandon" $password="Nascar22" # Get Computer Name wmic /NODE:192.168.0.143 /OUTPUT:a.out /USER:${username} /PASSWORD:${password} computersystem get model,manufacturer,name,username # Disk Check wmic /NODE:192.168.0.143 /APPEND:a.out  /USER:${username} /PASSWORD:${password}   logicaldisk list full # CPU Check: wmic /NODE:192.168.0.143 /APPEND:a.out  /USER:${username} /PASSWORD...

How to fix this "No suitable default server credential exists on this system" The Fix The fix was done by Dell Server support using Powershell command  New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "ims.local" -FriendlyName "MySiteCertIMS" -NotAfter (Get-Date).AddYears(10) Then finding the newly created certificate using MMC under Console Root, Certificates (Local Computer), personal, certificates and copying to Trusted Root Certification Authorities, Certificates.

How to Check Domain Controller Roles and Change them in a Dual DC Setup - Active Directory - Seize the Roles Using NetDom using the netdom command in a command prompt or dos prompt window to display the assignment of roles.  Herre we have roles split between ADS-01 and DC1 servers.  The text in  red/yellow  is what YOU type in to make it happen. C:\Users\Administrator.HOMESLICE>  netdom query fsmo Schema master               ADS-01.homeslice.local Domain naming master        ADS-01. homeslice .local PDC                         DC1. homeslice .local RID pool manager            DC1. homeslice .local Infrastructure master       DC1. homeslice .local The command completed successfully. Using ntdsutil Using ntdsutil to transfer the schema master and naming master. For t...

Group Policy Replication Errors - How to Fix All of a sudden one of your workstations seems to not be able to update its own group policy objects. It appears that the workstation has failed the trust relationship. For Example C:\Users\Biff> gpupdate /force Updating Policy... User Policy update has completed successfully. Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\homeslice.net\SysVol\homeslice.net\Policies\{2B44EB00-32DD-42E3-8C83-9B6C6CA6D 6D6}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller  has not replicated to the current dom...