雲無定,難為知己難為敵

mail enalbed + user only + account enabled (&(mail=*)(!(objectclass=contact))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

If your deploy Windows 7 SP1 + VMware Instant clone, you have to install microsoft hotfix to avoid deploy failed.   https://support.microsoft.com/kb/2550978

Append Red high light in end <QueryList> <Query Id="0" Path="Security"> <Select Path="Security">*[System[(EventID=4663)]]and *[EventData[Data[@Name='AccessList'] and (Data='%%1537 &#xD;&#xA;&#x09;&#x09;&#x09;&#x09; ')]]and *[EventData[Data[@Name='AccessMask'] and (Data='0x10000')]] </Select> </Query> </QueryList>

微軟KB ( http://support.microsoft.com/kb/244380/en-us) By default, a Microsoft Distributed File System Namespace (DFSN) root referral reply to a DFS root referral query is in NetBIOS name format (\\< Server >\< Share >). This is necessary in certain environments that rely on NetBIOS and makes it possible for clients that support NetBIOS-only name resolution to locate and connect to targets in the DFS namespace. By default, Windows clients work fine with this.  However, some clients do not use NetBIOS. Two examples are clients that are not running Windows and clients that operate in an environment without WINS or that use DNS name suffixes. Those clients are incompatible with the default DFSN behavior.  In these cases, the client may be unable to resolve the server name that is returned from the root referral query. However, this problem can be addressed easily, because DFSN can be configured to operate in a DNS-only environment. This article describes how to configu...

14天內可以在exchange上restore mail box 1. Exchange powershell Get-MailboxDatabase -Server server1 | Clean-MailboxDatabase 如果知道哪一台就這樣下比較快 不然會跑好久 2. Exchange management tool disconneted mailbox 建立連接 3. Add X500 cn後面是帶工號

在 P2V 之後，需要確認網卡與網路組態設定，可能會發現 IP 已經在使用中， 可以在 CMD 下指令： set devmgr_show_nonpresent_devices=1 (顯示隱藏裝置) start devmgmt.msc (開啟裝置管理員) 再點選『顯示隱藏裝置』，在隱藏裝置中找到原有的實體網卡後移除既可(或解除安裝)。

You need to configure the KMS host (Server)so that it has the credentials needed to create and update SRV, A, and AAAA resource records on your DDNS servers, or you need to manually create these records. The recommended solution for giving the KMS host the needed credentials is to create a security group in Active Directory® and add all KMS hosts to that group. In the Microsoft DNS server, ensure that this security group is given full control permission over the _VLMCS._TCP record on each DNS domain that will contain the KMS SRV records. This is the nslookup command to check if the correct record is in the DNS Server : nslookup -q = SRV  _VLMCS . _TCP

net user john /domain

1. FTP7.5 access remote share folder and set as home directory 2. user access as personal permission need to do below To check the permissions on the physical folder, right click on the home directory for the site, select Properties and then Security and ensure that their are, at least, read permissions for the "Users" security group, this will ensure that all inbuilt users on the system should have read access to the folder. Then check to see what account the site's Application Pool is running as. To do this, open the IIS management console, find the Application Pools entry, right-click on "DefaultAppPool" and then select "Advanced Properties". The account the App Pool is running as is listed under "Identity". It'll probably be set to NetworkService. Make sure this account also has read permissions on the home directory. If that doesn't work, try changing the Identity entry from NetworkService to one of the user accounts on t...

dsquery group domainroot -name groupname | dsget group -members |  dsget user -samid

If the computer is connected to the Internet, you can go to Windows Update Online at http://windowsupdate.microsoft.com. After scanning your system, the website will tell you what hot fixes you do not have. In the %windir%, you can find a number of log files with names beginning with “KB” and followed by six digits, e.g. KB870764.log, KBxxxxxxUninst.log. KBxxxxxx.log – Contain installation information of the hot fix. If you can find this file and there are no errors in the log, then the hot fix in the file name has been installed. KBxxxxxxuninst.log – Contain uninstallation information of this hotfix. If you can find this file and there are no errors in the log, then the hot fix KBxxxxxx has been uninstalled from your system. In addition, you also can find uninstall folders of the hotfix in %windir% (with names like $NtUninstallKBxxxxxx$) and %windir%\$hf_mig$ (with names like KBxxxxxx). Generally you can uninstall the hot fix from that folder by running spuninst.exe. Cmd ...

Program/Utility command Accessibility Controls access.cpl Add Hardware Wizard hdwwiz.cpl Add/Remove Programs appwiz.cpl Administrative Tools control admintools Automatic Updates wuaucpl.cpl Bluetooth Transfer Wizard fsquirt Calculator calc Certificate Manager certmgr.msc Character Map charmap Check Disk Utility chkdsk Clipboard Viewer clipbrd Command Prompt cmd Component Services dcomcnfg Computer Management compmgmt.msc Device Manager devmgmt.msc Direct X Control Panel (If Installed) directx.cpl Direct X Troubleshooter dxdiag Disk Cleanup Utility cleanmgr Disk Defragment dfrg.msc Disk Management diskmgmt.msc Disk Partition Manager diskpart Display Properties control desktop Display Properties desk.cpl Display Properties (w/Appearance Tab Preselected) control color Dr. Watson System Troubleshooting Utility drwtsn32 Driver Verifier Utility verifier Event Viewer eventvwr.msc File Signature Verification Tool sigverif Findfast findfast.cpl Folders Properties...

1.Open the Control Panel 2.Open Internet Options 3.Click the Security Tab 4.Click on Local Intranet 5.Click on Sties 6.Click Advanced 7.Type the drive letter of your file server where the application is located in the “Add this website to this zone” box. 8.Click Add 9.Click Close 10.Click OK 11.Close Internet Options by clicking OK 12.Close the Control Panel You should no longer get the “Open File Security Warning” when you run an application from the file server.

Q. I got this as below screen, after I enter password (it's difficult , but possible), everything is ok.... A. A similar issue happened to me when the system disk filled up. For some reason it zero out settings in the registry You'll have to free up some space and perform registry edits remotely. Remember to backup your registry before performing any task like this. this is the edit required to get the screen back or close to standard. [HKEY_USERS\.DEFAULT\Control Panel\Colors] "ActiveBorder"="212 208 200" "ActiveTitle"="10 36 106" "AppWorkSpace"="128 128 128" "Background"="102 111 116" "ButtonAlternateFace"="181 181 181" "ButtonDkShadow"="64 64 64" "ButtonFace"="212 208 200" "ButtonHilight"="255 255 255" "ButtonLight"="212 208 200" "ButtonShadow"="128 128 128" "ButtonTex...

這個主題以中央標準局的時間校時軟體 NTP 為例 最新版 NTP 校時軟體 中文版: http://www.stdtime.gov.tw/chinese/EXE/NTPClock.exe 英文版: http://www.stdtime.gov.tw/chinese/EXE/NTPClock_eng.exe 下載微軟官方網站的 Windows Server 2003 Resource Kit Tools: http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en 安裝好Windows Server 2003 Resource Kit Tools, 將這下面二個檔案複製到D:\service目錄下 C:\Program Files\Windows Resource Kits\Tools\instsrv.exe C:\Program Files\Windows Resource Kits\Tools\srvany.exe PS. 另外一個可下載 instsry.exe 和 srvayn.exe 檔案的網址如下, 不過還是建議至微軟官方網站下載較好 http://www.electrasoft.com/srvany/srvany.htm ====================================================================== 新增一個名稱為AClock的服務 名字可以自行更改為其他的如NTClock, 只不過服務名稱排在越前面越早執行越好 ====================================================================== 代碼: D:\ cd service instsrv.exe AClock D:\service\srvany.exe ====================================================================== 執行regedit修改機碼 到以下機碼所...

Event Type: Error Event Source: Winlogon Event Category: None Event ID: 1219 Date: 8/13/2007 Time: 12:07:11 PM User: N/A Computer: CITRIXNET Description: Logon rejected for LIP\administrator. Unable to obtain Terminal Server User Configuration. Error: The RPC server is unavailable. Workground: changes made to the registry Registry update for 2003 Server: 1.) Open up regedit on the server (Start-Run-Regedit) 2.) Follow this string: HLM\System\CCS\Control\Terminal Server 3.) Go to Edit/New Dword 4.) Name the new Dword the following: IgnoreRegUserConfigErrors 5.) Right click on IgnoreRegUserConfigErrors and choose modify 6.) Make the value data=1 Root cause: check domain controller is availabe....

Locate the key [HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D} Rename the value named “LocalizedString” to “LocalizedString.old”. Create a new REG_EXPAND_SZ value named “LocalizedString”, and set the value to “%USERNAME% or %COMPUTERNAME%”. Exit the registry editor, click on your desktop and press F5 (for refresh). The “My Computer” icon should now be rename to “Username on Computername”. On Windows 2008 you do not have enough permissions to change the key. Take ownership of the key and you can change it.

Open the register editor and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ Add the following DWORD: MTU and set the Decimal setting to 1492. After a restart the machine can reach Microsoft websites