Forum Widgets
Latest Discussions
Advice for replacing a Windows 2012R2 file server
We have a small company network that includes one Windows Server 2012R2 file server necessary to run Sequel for two server hosted business applications, file and print services for the user accounts and is also the Domain Controller for the Active Directory local forest and domain. Six Windows 11 Pro workstations are domain attached to the file server. The workstations all have a local user account and after domain attaching to the file server, a user.Acme user account with Administrator rights to their local computer. Each has its own 192.168.1.x static address and uses their domain user account with mapped drives to access the fileserver. The existing file server name is ACMEWS2012R2, local public static ip 192.168.1.12, DNS Domain Acme.LAN, Netbios name ACME, local accounts are located in \Users\username, and runs SQL Server Express 2012 with default MSSQL database name and mixed security using the SA with password credentials. The new file server will be using Windows Server 2022 (the company apps are not yet certified for 2025) and SQL SVR Express 2022 and I am looking for information about what configuration decisions I can make to hopefully minimize the need to install new user accounts on the workstations, copy all the user folders between users accounts and reinstall applications. My understanding of Domain security is limited, knowing just enough to get workstations attached and properly accessing the file server SQL based applications. My Google results have provided some piecemeal answers, but I would like to better understand the big picture before starting the server upgrade and make some irreversible configuration choices that would cause unnecessary work re-attaching the workstations. I would first ask for recommendations whether and why to keep or change each of the following: The file server machine name The file server 192.168.1.12 IP address The file server Administrator account and password. The Acme.LAN forest and root domain name that was defined after adding the Active Directory Domain Service role that also added File and Print Services and Group Policy Management. The SQL Server Express default MSSQL database name The SQL Server Express SA account name and password I would also ask about the best steps for disconnecting workstations from the old domain then joining the new domain to hopefully retain the existing workstation user account, or if not, to minimize the need to copy users folders between the user accounts and / or uninstall then reinstall the workstation applications to properly authenticate to the new user account. I would greatly appreciate some experienced insights for how to best accomplish these upgrade goals. Thanks, all!
Not able to update the parameter "UserRightsGenerateSecurityAudits" for OSConfigDesiredConfiguration
Hello, I want to add my AD group as part of "UserRightsGenerateSecurityAudits" in order to be able to collect audit logs but when I run the command, the change is not applied (Processed 0 out of 1 settings) : "Set-OSConfigDesiredConfiguration -Scenario SecurityBaseline/WS2025/MemberServer -Setting UserRightsGenerateSecurityAudits -Value @("*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415","*S-1-5-20","*S-1-5-19","*S-1-5-21-2654652530-1219913000-911364509-1603") Warning : Cannot process the settings 'UserRightsGenerateSecurityAudits': 0x82d0000a. Verify the value and try again. Processed 0 out of 1 settings. Using GPO, I'm able to update the value, but OsConfig is overwriting it after some time after because the group is not part of defaut values allowed by OsConfig. Your assitance will be ready appreciated. ThanksAdvice for replacing a Windows 2012R2 file server
We have a small company network that includes one Windows Server 2012R2 file server necessary to run Sequel for two server hosted business applications, file and print services for the user accounts and is also the Domain Controller for the Active Directory local forest and domain. Six Windows 11 Pro workstations are domain attached to the file server. The workstations all have a local user account and after domain attaching to the file server, a user.Acme user account with Administrator rights to their local computer. Each has its own 192.168.1.x static address and uses their domain user account with mapped drives to access the fileserver. The existing file server name is ACMEWS2012R2, local public static ip 192.168.1.12, DNS Domain Acme.LAN, Netbios name ACME, local accounts are located in \Users\username, and runs SQL Server Express 2012 with default MSSQL database name and mixed security using the SA with password credentials. The new file server will be using Windows Server 2022 (the company apps are not yet certified for 2025) and SQL SVR Express 2022 and I am looking for information about what configuration decisions I can make to hopefully minimize the need to install new user accounts on the workstations, copy all the user folders between users accounts and reinstall applications. My understanding of Domain security is limited, knowing just enough to get workstations attached and properly accessing the file server SQL based applications. My Google results have provided some piecemeal answers, but I would like to better understand the big picture before starting the server upgrade and make some irreversible configuration choices that would cause unnecessary work re-attaching the workstations. I would first ask for recommendations whether and why to keep or change each of the following: The file server machine name The file server 192.168.1.12 IP address The file server Administrator account and password. The Acme.LAN forest and root domain name that was defined after adding the Active Directory Domain Service role that also added File and Print Services and Group Policy Management. The SQL Server Express default MSSQL database name The SQL Server Express SA account name and password I would also ask about the best steps for disconnecting workstations from the old domain then joining the new domain to hopefully retain the existing workstation user account, or if not, minimize the need to copy users folders between the user accounts and / or uninstall then reinstall the workstation applications to properly authenticate to the new user account. I would greatly appreciate some experienced insights for how to best accomplish these upgrade goals. Thanks all.Hyper-V live mig failing from 2025 host to 2022 host
I'm having an issue with my one hyper-v cluster. I have 4 Server 2022 hosts, and 1 Server 2025 host. Live migration works INBOUND to the 2025 host, but live migrations fail OUTBOUND from the 2025 host. I have tried everything I can think of to make sure settings are ok. I have tried both setting it to use all networks, and the specific network. I've matched the live migration NIC settings to mirror what the 2022 hosts have. I've made sure the Hyper-V Live Migration settings all match. They use CredSSP and compression. Nothing seems to be working. Is there some really subtle 2025 bug that doesn't allow for live migrations to lower OS version hosts?
Allow to take RDP from Laptop only and not from IP
Hello Experts, We have scenario where , We want to Allow to take RDP from His Laptop only. Which mean user is allowed to take of RDP of Some Server only from his Laptop and not from any other Computers. We have already checked for Windows firewall but it is working for IP based , and We want for Machine based. as user is roaming between Offices. Please suggest if there is any GPO or Policy or Firewall Rule using which If possible to take RDP using Machine based and not IP based. Thanks
Hyper V Orphan Checkpoint
Hi, I have a simple setup as follows: - 2 clustered Hyper-V hosts - 1 clustered VM with its VHDX stored on central shared storage After a network disruption, the VM was improperly shut down. Following that, I noticed a checkpoint was automatically created. However, in Hyper-V Manager, the checkpoint has no “Delete” option to merge it back into the main VHDX file. Here’s what I’ve tried so far: 1. Powered off the VM. 2. Edited the disk and manually merged the AVHDX back into the VHDX. 3. Reconfigured the VM to use the merged VHDX file. The VM can now power on normally without issues. However, the “orphaned” checkpoint still appears, and I am unable to perform a Live Migration between hosts. I’ve also attempted to remove the checkpoint using PowerShell (`Remove-VMCheckpoint`), but it failed. I need assistance on how to properly clean up this orphaned checkpoint so Live Migration will work again.Hyper-v Virtual Switch warning
We have a four nodes Windows 2025 Hyper-v cluster with only one virtual switch of 2 NICS On each node we get this warning repeatedly V-Switch operation IOCTL_SWITCH_GET_INFO_EX (2241648) took too long to complete. Operation Type: IOCTL. Execution time 0 ms. Queued time 0 ms. Expected execution time less than 0 ms. SwitchName: CF06EC90-20EB-460D-9A88-6820BFCCB14D. SwitchFriendlyName: SWPrincipale Searching for it didn't get any useful thread so far, has anyone seen it and found the cause ? thanksWindows Server 2016 Essentials failing to get offered updates via Windows Update since July 2025.
Hi, Dealing with an ongoing issue where Windows Server 2016 Essentials (other SKU's seem fine) not being offered updates via Windows Update anymore, message says "Up to date". Manual updates via Update Catalogue work fine and although WS 2016 is ending support in Jan 2027 this is over a year away and while Server Migrations are happening in earnest end of first quarter next year it is not happening now. This can be replicated on a clean install on different hardware both Physical and Virtual. Any later Service Stacks or Cumulative updates installed manually have not fixed the issue and neither does clearing "Softwaredistribution" or "Catroot2" etc... Any feedback would be appreciated and confirmation of the issue from Microsoft would also help clarify the issue and potential fix. Thankyou.
NPS fails to generate logs
I have a new 2025 domain and am setting up 802.1X to allow access to users/computers using certificate based authentication. I have a CA installed on a new 2025 member server and configured that role and also have Group Policies deployed to enroll users/computers with the certificate needed to connect internal WiFi/wired networks. I've verified clients are receiving all needed certs and the root cert. I have installed NPS (same server has CA), registered to AD, added Radius clients and configured policies. Everything looks good except...nothing works. Clients are not receiving authentication responses (just timeouts) and there are no logs being generated. Also, there are no relevant entries in the Windows Event Logs. I enabled auditing via the cmd line and verified it is enabled. I've also forced auditing via Group Policy. I've verified the NPS log location and have even tried moving it to other folders to see if it was a permission issue. I'm out of ideas. What else can I try?
