Deploying Multiple NPS Servers
I have been working on ditching our password-based WiFi with WPA2-Enterprise. On DC1 I deployed internal CA, NPS, and group policies that auto-request certs and deploy wireless network settings. Cisco AP is pointed to DC1 as the radius server. NPS has been registered in AD and wireless network policy has been created. Test laptops get their cert and connect just fine. It's working. For redundancy, I installed NPS on DC2. This NPS instance has also been registered in AD, and I imported the NPS config from DC1 to DC2 NPS. Cisco AP has DC1 as first radius server and DC2 as second radius server. If I stop NPS on DC1 to force the Cisco AP to authenticate against DC2, test laptops won't authenticate and connect. What am I missing? They're configured exactly the same (except DC1 hosts the CA...I was under the assumption the CA is AD integrated).
Advice for replacing a Windows 2012R2 file server
We have a small company network that includes one Windows Server 2012R2 file server necessary to run Sequel for two server hosted business applications, file and print services for the user accounts and is also the Domain Controller for the Active Directory local forest and domain. Six Windows 11 Pro workstations are domain attached to the file server. The workstations all have a local user account and after domain attaching to the file server, a user.Acme user account with Administrator rights to their local computer. Each has its own 192.168.1.x static address and uses their domain user account with mapped drives to access the fileserver. The existing file server name is ACMEWS2012R2, local public static ip 192.168.1.12, DNS Domain Acme.LAN, Netbios name ACME, local accounts are located in \Users\username, and runs SQL Server Express 2012 with default MSSQL database name and mixed security using the SA with password credentials. The new file server will be using Windows Server 2022 (the company apps are not yet certified for 2025) and SQL SVR Express 2022 and I am looking for information about what configuration decisions I can make to hopefully minimize the need to install new user accounts on the workstations, copy all the user folders between users accounts and reinstall applications. My understanding of Domain security is limited, knowing just enough to get workstations attached and properly accessing the file server SQL based applications. My Google results have provided some piecemeal answers, but I would like to better understand the big picture before starting the server upgrade and make some irreversible configuration choices that would cause unnecessary work re-attaching the workstations. I would first ask for recommendations whether and why to keep or change each of the following: The file server machine name The file server 192.168.1.12 IP address The file server Administrator account and password. The Acme.LAN forest and root domain name that was defined after adding the Active Directory Domain Service role that also added File and Print Services and Group Policy Management. The SQL Server Express default MSSQL database name The SQL Server Express SA account name and password I would also ask about the best steps for disconnecting workstations from the old domain then joining the new domain to hopefully retain the existing workstation user account, or if not, to minimize the need to copy users folders between the user accounts and / or uninstall then reinstall the workstation applications to properly authenticate to the new user account. I would greatly appreciate some experienced insights for how to best accomplish these upgrade goals. Thanks, all!
π Strengthening Azure DNS Zone Security with RBAC and Resource Locks
π DNS security is more than just configuration itβs about protecting critical assets against unauthorized changes and accidental deletions. π Managing DNS zones effectively requires a layered security approach. π Two powerful mechanisms in Azure : Role-Based Access Control (RBAC) and Resource Locks π Role-Based Access Control (RBAC) π * Granular DNS Access Control * RBAC ensures controlled access management at both the DNS zone and record set levels. * Instead of assigning broad permissions, RBAC enables precise delegation using built-in roles such as: πΉ Owner β Full control over the DNS zone, including configurations and deletions. πΉ Contributor β Can modify DNS settings but cannot change access permissions. πΉ Network Contributor β Can manage networking configurations related to DNS, but not modify records. πΉ DNS Zone Contributor β Dedicated role for managing DNS zones without broader networking privileges. β Key Advantages of RBAC in DNS Security: β Prevent unauthorized modifications by restricting access to only necessary roles. β Ensure operational integrity by limiting exposure to critical configurations. β Improve governance by aligning roles with organizational security policies. π Resource Locks π * Guardrails for DNS Protection * Even with well-defined RBAC settings, accidental deletions can still occur. * Azure Resource Locks add an additional safeguard by preventing changes to a DNS zone or specific record sets. πΉ Zone Lock ----> Protects an entire DNS zone from being deleted, preserving all associated record sets. πΉ SOA Lock ----> Prevents unintentional zone deletions while allowing record modifications within the zone. β How Resource Locks Enhance Security: β Shields DNS zones from accidental or malicious deletions. β Maintains continuity by ensuring record sets remain intact. β Strengthens compliance controls for critical infrastructure. π Best Practices for Securing DNS with RBAC & Resource Locks πΈ Assign least privilege rolesβnever give unnecessary access. πΈ Implement locks on essential zones to prevent configuration errors. πΈ Regularly audit access permissions using Azure Policy & Activity Logs. πΈ Use Automation & Alerts to track modifications for enhanced security. πΉ Implementing RBAC & Resource Locks ensures your cloud environment remains secure, operational, and fault-tolerant.Windows Server 2016 and internet issues
Hello everyone, I'm relatively new here and hoping for some help. I'm IT at a school in Manhattan that has an old Dell tower running Windows Server 2016 in the basement that is not in use any more with the school as they have transferred over everything to digital. This was set up before my time working here and the person who set it up unfortunately did not leave any notes. We are ready to disconnect the machine as all of it's functions have been moved elsewhere. But, every time it is turned off or disconnected from our network patch, the internet in the entire building goes dead. I do not have previous experience with these kinds of servers and am trying to figure out what could possibly be causing this. I am concerned because the machine is old and feels like it's being held together by duct tape, and if it goes down, I hoping internet doesn't go with it. Looking for any advice or knowledge about these servers and what I can try to do to disconnect it.
Domain Controller showing network connection as Public
Notice for quite awhile now with the vnext server builds that when you promote it to domain controller it shows the network connections as public or private instead of DomainAuthenticated. Is there a networking piece that I am missing that needs to be configured
Allow Β to take RDP from Laptop only and not from IP
Hello Experts, We have scenario where , We want to Allow to take RDP from His Laptop only. Which mean user is allowed to take of RDP of Some Server only from his Laptop and not from any other Computers. We have already checked for Windows firewall but it is working for IP based , and We want for Machine based. as user is roaming between Offices. Please suggest if there is any GPO or Policy or Firewall Rule using which If possible to take RDP using Machine based and not IP based. ThanksHow to convert from a GoDaddy Office 365 Email Essentials account to a full M365 Business Standard?
I am currently supporting a client who is using a GoDaddy Office 365 Email Essentials account, that they purchased along with their domain registration. They now have need of the full suite of services offered with a Microsoft 365 Business Standard account. However, it's my understanding that the GoDaddy tenants are a specialized product that isn't truly a native Microsoft 365 account. Is this true? If so what would the requirements be to migrate the user's account to a full Microsoft 365 Business Standard account?
Office 365 Business Premium + GoDaddy Hosting
Hi, Does office 365 + godaddy give you office 365 app hosting? I was hoping to have a public sharepoint, delve, and yammer website connected to different subdomains e.g. http://www.mydomain.com, blog.mydomain.com, social.mydomain.com etc. What apps on office 365 are linked to godaddy hosting? Or is it just completely separate hosting that has no link to office 365 apps and just bundles email support? Also what is the discount offered to office 365 subscribers on godaddy? Ideally I would to have Windows unlimited website hosting. Thanks, JebbHyper-v Virtual Switch warning
We have a four nodes Windows 2025 Hyper-v cluster with only one virtual switch of 2 NICS On each node we get this warning repeatedly V-Switch operation IOCTL_SWITCH_GET_INFO_EX (2241648) took too long to complete. Operation Type: IOCTL. Execution time 0 ms. Queued time 0 ms. Expected execution time less than 0 ms. SwitchName: CF06EC90-20EB-460D-9A88-6820BFCCB14D. SwitchFriendlyName: SWPrincipale Searching for it didn't get any useful thread so far, has anyone seen it and found the cause ? thanksπβ¨ Get ready for a power-packed November with the Microsoft Zero to Hero Community! β¨π
From modernizing legacy applications to building intelligent AI agents, this month is all about innovation, security, and smarter cloud solutions. Whether youβre exploring Azure Service Bus, learning AI on AKS, or discovering how Copilot Studio can extend your AI capabilities, weβve got something for everyone. ππͺ Our incredible lineup of global speakers will help you modernize, automate, and innovate with real-world insights across Azure, AI, and app development. π π‘ November Highlights: π’ Matthew Hess π Get on the Bus! - The Azure Service Bus π November 8, 2025 β 06:00 PM CET π https://streamyard.com/watch/jTD8RpCcrvAD?wt.mc_id=MVP_350258 π’ Jonathan "J." Tower π Old to Gold: How to Modernize Your Legacy ASP.NET Apps Gradually π November 15, 2025 β 06:00 PM CET π https://streamyard.com/watch/9cwXWNSeCW8R?wt.mc_id=MVP_350258 π’ Dharanidharan Balasubramaniam π Build and Extend AI Agents with Microsoft Copilot Studio π November 17, 2025 β 09:00 AM CET / 07:00 PM AEDT π https://streamyard.com/watch/bfcqHQsYQjNz?wt.mc_id=MVP_350258 π’ Lee Markum π Modern SQL Server Features That Make Life Better π November 22, 2025 β 06:00 PM CET π https://streamyard.com/watch/D4kqAMh83PUq?wt.mc_id=MVP_350258 π’ Thiago Shimada Ramos π Building Intelligent Applications: Quick Guide to AI on AKS π November 25, 2025 β 09:00 AM CET / 07:00 PM AEDT π https://streamyard.com/watch/D8mhvsJFEqCS?wt.mc_id=MVP_350258 π’ Wim Matthyssen π Azure Bastion: One does (still) not simply walk into my VNet! v4.00 π November 29, 2025 β 06:00 PM CET π https://streamyard.com/watch/t6VZxDndvSkA?wt.mc_id=MVP_350258 π With sessions across multiple time zones, from Europe to Australia, thereβs always an opportunity to learn, connect, and grow. β¨ Donβt miss out on this monthβs journey to modernization, intelligence, and security in the Microsoft ecosystem.
