How To Connect Remotely From a WORKGROUP-Server Core (Server Manager)

ERROR:  The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts configuration setting.

When the local computer is not in a domain, the following procedure is required for remoting.

    1. Configure the computer for HTTPS transport or add the names of the

       remote computers to the TrustedHosts list on the local computer.

       For instructions, see "How to Add a Computer to the TrustedHosts

       List" below.

    2. Verify that a password is set on the workgroup-based computer. If a

       password is not set or the password value is empty, you cannot run

       remote commands.

       To set password for your user account, use User Accounts in Control

       Panel.

    3. Use the Credential parameter in all remote commands.

 

       This is required even when you are submitting the credentials

       of the current user.

HOW TO ADD A COMPUTER TO THE TRUSTED HOSTS LIST

**Note: You need to add on both Server E.g. Full Windows 2008 R2 (Management Server) and Server Core 

 Caution: The value that you set for the TrustedHosts item affects all users of the computer.      

To view the list of trusted hosts, use the following command:          

get-item wsman:\localhost\Client\TrustedHosts      

You can also use the Set-Location cmdlet (alias = cd) to navigate though the WSMan: drive to the location. For example: "cd WSMan:\localhost\Client; dir".     

 To add all computers to the list of trusted hosts, use the following command, which places a value of * (all) in the ComputerName          

 set-item wsman:localhost\client\trustedhosts -value *      

You can also use a wildcard character (*) to add all computers in a particular domain to the list of trusted hosts. For example, the following command adds all of the computers in the Fabrikam domain to the list of  trusted hosts.          

set-item wsman:localhost\client\trustedhosts *.fabrikam.com  

To add the IP addresses of particular computers to the list of trusted hosts, use the following command format:         

 set-item wsman:\localhost\Client\TrustedHosts -value       

For example: set-item wsman:\localhost\Client\TrustedHosts -value 172.16.0.0

DNS - SRV records for Active Directory

SRV records are the important elements for Active Directory to function properly. In this session, just a quick share on What SRV records used for Active Directory:

_msdcs
This is a Microsoft-specific subdomain that stores SRV records for domain controllers with roles in AD. These roles include domain controllers, global catalog servers, and primary domain controller emulators.

_sitesThis contains records for domain controllers based on site. Microsoft Clients like Windows 2000/XP/Vista can use this record to locate domain controllers and global catalog servers that are in their site, so that they can avoid using services across the WAN.

_tcp
This contains domain controllers in the AD domain. If windows clients need to find a DC in a specific site, they will look here. The TCP protocol will be used to request the information.

_udp
Kerberos clients can use UDP port 88 to request tickets and port 464 for password changes.

DomainDnsZones
Zone information that should be replicated to all DCs in the domain that have the DNS service installed.

ForestDnsZones
Zone information that should be replicated to all DCs in the forest that have the DNS service installed.

Use nslookup to query for SRV service location records, you should:

NOTE: you will need to have reverse lookup zone setup

Type nslookup and then press Enter.
Type set type=all and then press Enter.
Type ldap.tcp.dc._msdcs.domainname and then press Enter.
Repeat this process for as many SRV records as you want to confirm.

Your current security settings do not allow this file to be downloaded

After upgrade to IE7/8, or when you install Windows 2008 by default, when you download files from the internet, you will see the following error:

"Your current security settings do not allow this file to be downloaded"
Microsoft do so is to fight unwanted program to be download to the PCs. However, if you would like to enable the mentioned settings:

On your IE, click Tools -> Internet Options.
Click on Security tab, on Internet, click Custom Level. On settings, find a section that shows download. On File download, put it Enable.

Adding picture into Exchange 2010 and Outlook 2010

One picture is max 10k, will not really add size to AD Database.

1) Get ready your picture, ours in jpg format, less than 10k, remember.
2) In Exchange 2010, launch Exchange management shell and type this command:
import-RecipientDataProperty -Identity poo -Picture -FileData (Byte[]] $(Get-content -path "C:\Photos\poo.jpg" -Encoding Byte -ReadCount 0))
3) Launch your Outlook 2010 and mouse over the account in your e-mail

How To Create Bootable Windows 7, Vista, or XP USB Flash/Pen Drive Quickly

Let’s begin the guide without wasting time. Just make sure that you have a pen drive with 4GB + capacity if you are making a bootable USB flash drive.

Requirements to create bootable Windows USB:

# Windows 7 or Vista ISO

# Pen drive with 4GB+ (2 GB is sufficient for XP)

# 15 Minutes of free time

Procedure:

1. Insert your USB flash/pen drive to your system and backup all the data from the USB as your USB drive will be formatted during the process.

2. Now download WinToFlash tool (free) from here.

3. Run the tool, and browse to your Windows 7, Vista, or XP DVD files (make sure that your USB drive letter is correct).

4. Click Create button to begin the bootable USB process. Wait for few minutes to see the bootable USB.

5. That’s all!