Field Notes: The case of buried Active Directory Account Management Security Audit Policy events

Security auditing is one of the most powerful tools that you can use to maintain the integrity of your system.  As part of your overall security strategy, you should determine the level of auditing that is appropriate for your environment.  Auditing should identify attacks (successful or not) that pose a threat to your network, and … Continue reading Field Notes: The case of buried Active Directory Account Management Security Audit Policy events

Field Notes: The case of the failed SQL Server Failover Cluster Instance – Binaries Disks Added to Cluster

I paid a customer a visit a while ago and was requested to assist with a SQL Server Failover Cluster issue they were experiencing.  They had internally transferred the case from the SQL team to folks who look after the Windows Server platform as they could not pick up anything relating to SQL during initial … Continue reading Field Notes: The case of the failed SQL Server Failover Cluster Instance – Binaries Disks Added to Cluster

Understanding Volume Activation Services – Part 1 (KMS and MAK)

Windows Activation and KMS have been around for many years - and still - a lot of people don't understand the basics of Windows activation, what are the differences between KMS and MAK, and how to choose the best Volume Activation method that meets the organization’s needs. In this blog post, we'll shed some light on these … Continue reading Understanding Volume Activation Services – Part 1 (KMS and MAK)

Field Notes: The case of accidentally misconfigured Failover Cluster CSV cache

Introduction In this post, I take you through a process of troubleshooting high pool usage using free tools available in the Windows Sysinternals suite and the Windows Performance Toolkit (WPT).  I also show you how to resolve the issue by properly configuring the Cluster Shared Volume (CSV) cache using PowerShell command-lets available in the Failover … Continue reading Field Notes: The case of accidentally misconfigured Failover Cluster CSV cache

Step by Step: Safely disabling SMB v1 from your production environment.

Introduction: In this blog I will not cover why we have to remove SMB v1 from production network, this have been already covered, probably one of the best articles covering this is https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ I will cover how you can audit the usage of SMB v1 in your network, so you can disable it safely without … Continue reading Step by Step: Safely disabling SMB v1 from your production environment.

Intune Device Management – Renaming Windows 10 Devices

I have come across customers who auto enroll Azure AD domain joined Windows 10 devices in Intune and use the device management capabilities like enforcing compliance polices, configuring certificates, Wi-Fi, VPN, Endpoint and other profiles. These devices are remotely used, and IT team does not have much control. Most frequent ask is to rename the … Continue reading Intune Device Management – Renaming Windows 10 Devices