Some Notes on the Machines

For 10:

netsh advfirewall firewall set rule group="remote desktop" new enable=yes
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

For 7:

netsh firewall Set service REMOTEDESKTOP ENABLE
netsh firewall set service REMOTEAdmin ENABLE
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0

For XP:

netsh firewall set service remotedesktop enable
netsh firewall set service remoteadmin enable
reg ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v  fDenyTSConnections /t REG_DWORD /d 0

When we install new group policy templates from Microsoft, e.g., the Windows 10 set by which we may upgrade existing networks, they now come in the newer ADMX format. Do this on every domain controller:

1. The package is downloaded as a self-installing EXE which requires you to specify a folder. Do not try to manually unpack this, for some reason the contents are in small pieces which the installer assembles. Just run the EXE and give a useful path, e.g., C:\IT.
2. Open an administrative CMD, and CD to the extraction point. Then CD into the folder “admx”, one level down.
3. Run the following. If your language is not en-us, replace it in the last two lines. If your servers have multiple languages, you’ll need to replicate lines with multiple language specifications.

xcopy *.admx \\%userdnsdomain%\sysvol\%userdnsdomain%\Policies\PolicyDefinitions /Y /I
xcopy *.admx %SystemRoot%\PolicyDefinitions /Y /I
xcopy en-US\*.adml \\%userdnsdomain%\sysvol\%userdnsdomain%\Policies\PolicyDefinitions\en-us /Y /I
xcopy en-US\*.adml %SystemRoot%\PolicyDefinitions\en-us /Y /I

Another very common set needing this install, is the Office Administrative Templates.

Multiple versions of Office templates coexist nicely. But the same cannot be said for Windows OS templates. It appears that when a complete refresh of OS templates is required, good results obtain by removing all of the OS templates and then installing new.

There are a few different places to turn this off. To turn two of them off:

1. First log into the tenant, and browse here: aad.portal.azure.com
2. Then click on “Azure Active Directory” on the left pane.
3. Click on “Password reset” on the middle pane (might need to scroll down). The Properties of “Password reset” will be visible. In the right pane, choose None, and click Save.
4. With “Password reset” still visible, click “Registration” in the middle pane.
5. Under “Require users to register when signing in?”, choose No, and click Save.

There are a few others, and there may well be more in the future.

Here’s the page:

www.lenovo.com/us/en/software/vantage

Here are some helpful estimates rewritten, courtesy of Axcient:

Here is a useful guide to HPE RAID model numbers:

medium.com/@ITsolutions/selecting-the-best-hpe-smart-array-controller-for-your-server-da10b7424c8c

There have been a number of attempts at this. Here’s the one I use:

xbrowsersync.org

Desktop and mobile. Sometimes the beta versions, later than the releases, can be helpful:

github.com/xbrowsersync/app/releases

In this space, we used to recommend CloudFlare’s, 1.1.1.1/1.0.0.1. However, a GeoIP lookup shows 1.1.1.1 is Australia, and we found that using the nines (9.9.9.9/149.112.112.112) gave much better routes for large Axcient backup data transfers. So we’re now suggesting either nines or ISP DNS for maximum results. More when we have more.

Cox
Primary 68.1.16.107
East Coast 68.1.16.108
West Cost 68.111.106.68

AT&T
68.94.156.1
68.94.157.1

Something new. quad9.net is doing this, and it appears both very fast and very worthwhile. Same feature space as 1.1.1.1 and 8.8.8.8, adding bad-actor blacklisting in both IPv6 and IPv4 in its default. This is the first real IPv6-enabled security service of which I am aware, I have been watching and waiting for this for quite a while.

Uses primary 9.9.9.9, secondary 149.112.112.112.

There are other features too.