What are the differences between Windows Event Log, Event Tracing for Windows (ETW), and Windows Software Tracing Pre-Processor March 2, 2018, 11:39 a.m.

Event Tracing for Windows (ETW) is a high-speed tracing facility provided by the Windows Operating System. ETW is the core tracing facility in Windows on top of which both the Event Log and WPP are built.

Windows Event Log is a management-focused event system, designed for system administrators and IT professionals to easily consume events. Tools such as the Event Viewer and Windows PowerShell interact with the Event Log to receive and display events to users.

Windows Software Trace Pre-Processing (WPP) events are primarily for debugging applications and drivers. WPP does not use the same APIs to log events as ETW and Windows Event Log providers.

Windows Server DNS Logging and Diagnostics Feb. 27, 2018, 3:11 p.m.

Enhanced DNS logging and diagnostics in Windows Server 2012 R2 and later includes DNS Audit events and DNS Analytic events. DNS audit logs are enabled by default, and do not significantly affect DNS server performance. DNS analytical logs are not enabled by default, and typically will only affect DNS server performance at very high DNS query rates.

User Rights Assignment Oct. 31, 2017, 8:19 a.m.

User rights govern the methods by which a user can log on to a system. User rights are applied at the local computer level, and they allow users to perform tasks on a computer or in a domain. User rights include logon rights and permissions. Logon rights control who is authorized to log on to a computer and how they can log on. User rights permissions control access to computer and domain resources, and they can override permissions that have been set on specific objects. User rights are managed in Group Policy under the User Rights Assignment item.

TechNet Library Home Oct. 30, 2017, 4:13 p.m.

The TechNet Library contains technical documentation for IT professionals using Microsoft products, tools, and technologies.

Per-user services in Windows 10 and Windows Server Oct. 19, 2017, 4:47 p.m.

Per-user services are services that are created when a user signs into Windows or Windows Server and are stopped and deleted when that user signs out. These services run in the security context of the user account - this provides better resource management than the previous approach of running these kinds of services in Explorer, associated with a preconfigured account, or as tasks.

Understanding the GPO version number Oct. 17, 2017, 7:38 p.m.

If you've ever poked around to look at the raw GPO version number, you've probably wondered why is the number so huge and how does it get displayed as a much smaller value when you view the version number using GPMC.

[MS-GPAC]: Group Policy: Audit Configuration Extension Oct. 16, 2017, 1:56 p.m.

Documentation for Group Policy: Audit Configuration Extension, which provides a mechanism for an administrator to control audit policies on clients.

Group Policy: Inside ADM and ADMX Templates for Group Policy Sept. 27, 2017, 4:33 p.m.

The Administrative Templates node appears on both the User and Computer sides, but where do all these magical settings within Administrative Templates come from That's where ADM files come into play.

Active Directory FSMO roles in Windows Sept. 26, 2017, 1:53 p.m.

Because Active Directory is a multi-master database, changes can be processed at any given domain controller (DC) in the enterprise regardless of whether the DC is connected or disconnected from the network.

For certain types of changes, Windows incorporates methods to prevent conflicting updates by extending the single-master model found in earlier versions of Windows to include multiple roles. Because an Active Directory role is not bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role. Currently in Windows there are five FSMO roles:

• Schema master
• Domain naming master
• RID master
• PDC emulator
• Infrastructure master.

Advanced security auditing FAQ Sept. 19, 2017, 8:31 a.m.

If permissions are configured for an object, its security descriptor contains a DACL with security identifiers for the users and groups that are allowed or denied access. If auditing is configured for the object, its security descriptor also contains a SACL that controls how the security subsystem audits attempts to access the object. However, auditing is not completely configured unless a SACL has been configured for an object and a corresponding Object Access audit policy setting has been configured and applied.

Get Rid Of UAC Prompts With Microsoft's Application Compatibility Toolkit Sept. 5, 2017, 8:16 a.m.

There are quite a few ways to limit UAC prompts further in Windows. One of the easiest ways for instance is to change a program's properties to always run with administrative privileges. Another option, less commonly known, is to use the Microsoft Application Compatibility Toolkit to whitelist applications so that they do not display an UAC prompt when they are run.

How to find a Group Policy Object Aug. 24, 2017, 4:07 p.m.

You can search for GPO’s that have been linked or not, that contain settings under User or Computer Configuration including Deployed Printer Connections, Group Policy Folder Options, Group Policy Network Shares, Registry, Internet Protocol Security Policies, Scripts, and a lot more.

Configure Automatic Updates in a Non–Active Directory Environment Aug. 21, 2017, 12:20 p.m.

In a non-Active Directory environment, you can configure Automatic Updates by using any of the following methods:

• Using Group Policy Object Editor and editing the Local Group Policy object
• Editing the registry directly by using the registry editor (Regedit.exe)
• Centrally deploying these registry entries by using System Policy in Windows NT 4.0 style.

Windows Server 2016 Update settings Aug. 21, 2017, 11:59 a.m.

In Windows Server 2016 there are no GUI options available to change the update behaviour. In this blog I was outline the different ways to change the Windows Server 2016 Update settings.

Windows Server 2016 Unattended Setup Reference July 27, 2017, 9:11 a.m.

The topics in this section describe all of the unattended settings that can be set in Windows 10 and Windows Server 2016.

Carl Webster - Scripts and Other Utilities July 20, 2017, 10:05 a.m.

Library of admin scripts for Active Directory.

Poking Around DNS Scavenging Settings with PowerShell June 21, 2017, 4:55 p.m.

DNS scavenging, as you may know, takes a good deal of patience and forethought. It's not something you want to just blindly enable without doing any reconnaissance first.

Infrastructure Planning and Design Guides for Windows Server 2008 May 29, 2017, 10:18 a.m.

The Infrastructure Planning and Design Guide Series provides concise planning guidance for Microsoft infrastructure products, helping to streamline and clarify design processes for unique infrastructure technologies and scenarios.

Configuring your PDCE with Alternate Time Sources May 23, 2017, 4:21 p.m.

By making the primary NTP server flag 0x9, we made it Client 0x08 + SpecialInterval 0x01 and as for the second NTP time server. By making the secondary NTP peer flag 0xa, we made it 0x08 Client + 0x02 UseAsFallbackOnly. On initial sync during service startup the polling interval time is zero which will not match the special polling interval that our 0x01 flag requires. This being the case w32time will use the Fallback server as its primary choice until the special polling interval arrives then it will use the intended primary server.

Windows 10 and Windows Server 2016 update history May 23, 2017, 12:20 p.m.

List of historical updates for Windows Server 2016. Updates are cumulative and include all previous updates.