Windows 2008 ve Windows 2008 R2 Security Event IDs – Audit Category

Audit account logon events

Event ID Description

4776 – The domain controller attempted to validate the credentials for an account

4777 – The domain controller failed to validate the credentials for an account

4768 – A Kerberos authentication ticket (TGT) was requested

4769 – A Kerberos service ticket was requested

4770 – A Kerberos service ticket was renewed

Audit account management

Event ID Description

4741 – A computer account was created.

4742 – A computer account was changed.

4743 – A computer account was deleted.

4739 – Domain Policy was changed.

4782 – The password hash an account was accessed.

4727 – A security-enabled global group was created.

4728 – A member was added to a security-enabled global group.

4729 – A member was removed from a security-enabled global group.

4730 – A security-enabled global group was deleted.

4731 – A security-enabled local group was created.

4732 – A member was added to a security-enabled local group.

4733 – A member was removed from a security-enabled local group.

4734 – A security-enabled local group was deleted.

4735 – A security-enabled local group was changed.

4737 – A security-enabled global group was changed.

4754 – A security-enabled universal group was created.

4755 – A security-enabled universal group was changed.

4756 – A member was added to a security-enabled universal group.

4757 – A member was removed from a security-enabled universal group.

4758 – A security-enabled universal group was deleted.

4720 – A user account was created.

4722 – A user account was enabled.

4723 – An attempt was made to change an account’s password.

4724 – An attempt was made to reset an account’s password.

4725 – A user account was disabled.

4726 – A user account was deleted.

4738 – A user account was changed.

4740 – A user account was locked out.

4765 – SID History was added to an account.

4766 – An attempt to add SID History to an account failed.

4767 – A user account was unlocked.

4780 – The ACL was set on accounts which are members of administrators groups.

4781 – The name of an account was changed: Continue reading →

RODC Adprep Problem : Adprep could not contact a replica for partition DC=ForestDnsZones,DC=Domain,DC=com

If you are trying to run ADPrep /RODCPrep and have the error similar to:

Adprep could not contact a replica for partition DC=ForestDnsZones,DC=Domain,DC=com
Adprep encountered an LDAP error. Error code: 0×0. Server extended error code: 0×0, Server error message: (null).

You may have invalid entries for the fsmoRole owner of DomainDNSZones and ForestDNSZones.  Have you decomissioned a domain controller recently or upgraded from 2003 to a 2008 domain?  If so, check the following:

  1. Open ADSIEdit
  2. Click Connect and type in the value DC=DomainDnsZones,DC=domain,DC=com
  3. Expand it and check the properties for the “Infrastructure” object
  4. Under the attribute “fsmoRoleOwner” you may see a corrupt value for an OLD domain controller which is no longer in existence.  If you see a value such as 0ADEL:4da956af-53f1-4962-a100-5ee4c8477c88 then this is the problem
  5. The value should be CN=NTDS Settings,CN=DCSERVERNAME,CN=Servers,CN=SITENAME,CN=Sites,CN=Configuration,DC=domain,DC=com
  6. To obtain the correct string for stage 5, under ADSIEdit expand CN=Sites, CN=<site where Infrastructure Master server is located>, CN=<server name> and go to properties of CN=NTDS Settings
  7. Copy the distibguishedName attribute
  8. Replace the value in stage 5 with the correct value
  9. Perform the above AGAIN for the value DC=ForestDnsZones,DC=domain,DC=com

Deploying a MSI through GPO

This tutorial will describe how to deploy a MSI on multiple machines by using Group Policy.

1. Methods of deployment

Group Policy supports two methods of deploying a MSI package:

Windows Server 2008: Allow multiple Remote Desktop sessions per user

In Windows Server 2003 you could have multiple Remote Desktop session with the same user. In Windows Server 2008 this is not possible by default. If you login with the same user account the first session will be taken over by second session.

But you can allow multiple Remote Desktop sessions per user by changing a registry key.

1- Start regedit
2- Check out the follwoing registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer
3- If the fSingleSessionPerUser value doesn’t exist, create a new DWORD value named fSingleSessionPerUser
4- Open the fSingleSessionPerUser value. The possible values for this setting are as follows:
0×0 Allow multiple sessions per user
0×1 Force each user to a single session
5- save this