TIPS - server
Click Next on the Add Roles and Features Wizard --> Click Role-based or feature-based installation then Next --> The Server Roles section can be skipped -->
On the Select Features page, find User Interfaces and Infrastructure and click Desktop Experience --> Click Add Feature to install these roles-->Once the machine has rebooted,
the Personalize option will appear --> now modify their desktop icons
--OR--
tapping the "Winkey + R"
Copy and paste the line below
"%Systemroot%\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,,0
dsa.msc - Active Directory
gpmc.msc Group polily management
gpedit.msc Local polily management
rsop.msc -> RSoP to check and troubleshoot group policy settings For Client PC
adfs.msc Active Directory Federation Service
compmgmt.msc Computer Management
devmgmt.msc Device Manager
diskmgmt.msc Disk Management
eventvwr.msc Event Viewer
fsmgmt.msc Shared Folders
lusrmgr.msc Local Users and Groups
perfmon.msc Performance Monitor
rsop.msc Resultant Set of Policies
secpol.msc Local Security Policy
services.msc Services Manager
taskschd.msc Task Scheduler
wf.msc Windows Firewall
GPO Result
powerShell--> gpresult /r
Disk Management from Run box
Windows+R to open Run, type “diskmgmt.msc”
Disable control, alt, delete at login window
Computer Configuration>Windows setting>security setting>Local policy>security Option> Interactive login CTRL+ALT+DEL [enable]
Password policy
Group policy manegement->Domain->Defult Domain policy
policies-windows setting - security setting-Account policy-password policy
GPO remote Desktop
Group policy manegement->Domain->Defult Domain policy
1. Computer>Administrative>windows Component> Remote Desktop> Remote Desktop session host > Connection>Allow user to remote Desktop> Enable
2. Computer>Administrative>Network> network connection>windows firewall>Domain profile>Windows firewall: Allow inbound Remote Desktop exception>Enable
Log on Locally
Group policy manegement->Domain->Domain Controler->Defult Domain Controler policy
policies-windows setting - security setting-Local policies-Allow log on locally [ Select user/group]
Computer Configuration > Policies > Security Settings > Local Policies > User Rights Assignment.
Disable/restrict access to USB storage devices by Group Policy Editor
gpedit.msc in Run (Win + R) dialog box.
Step 2: Expand Computer Configuration > Administrative Templates > System, and select Removable Storage Access. On the right-side pane, locate ''Removable Disks: Deny execute access'', ''Removable Disks: Deny read access'', and ''Removable Disks: Deny write access''. Double-click on each of them to configure it.
Step 3: Select Enabled, then click Apply and click OK. This will disable execute, read, and write access to any removable disks including USB storage devices connected to the computer. If you want to enable the use of USB storage devices, set it to ''Not configured'' or ''Disabled''.
Disable the use of USB storage devices by Registry Editor
regedit in the Run dialog box.
Step 2: Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR, and then locate the DWORD value named ''Start'' on the right-side pane. The default value data of Start is ''3''. Double-click on Start, and set its value data to ''4''.
Step 3: Restart Windows 10 for the changes to take effect. This will prevent any USB storage device from connecting to the computer, and thus disable the use of USB storage devices on the computer.
Note: By Registry Editor, you just disable the use of USB storage devices, but it won’t affect the use of USB mouse, keyboard, and printer on the computer.
passwd policy server2012
In the Server Manager click on Tools and from the drop down click Group Policy Management
Expand Forrest >> Domains >> Your Domain Controller.
Right click on the Default Domain Policy and click on the Edit from the context menu.
Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
Double-click on the Passwords Must Meet Complexity Requirements option in the right pane.
Select Disabled under define this policy setting:
Click Apply then OK all the way out and close the GPO window.
In order to refresh the policy type the following command: “gpupdate /force” in the CMD window and click ENTER.
Computer icon on Windows Server 2012 Desktop
Disable all Windows Firewall configurations
CMD command:
netsh advfirewall set allprofiles state off
To disable the Firewall run the cmdlet below--CMD
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled false
To enable the firewall again run--CMD
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled true
Reset Firewall
netsh advfirewall reset
Enable ICMP Ping Responce in Windows FirewallRun as Administrator Command Line (cmd.exe) netsh firewall set icmpsetting 8 enable
Enabling Ping Requests to Clients Using Group Policy
In the Server Manager click on Tools and from the drop down click Group Policy Management
Expand Forrest >> Domains >> Your Domain Controller.
Right click on the Default Domain Policy and click on the Edit from the context menu.
Now Expand Computer Configuration -> Policies -> Administrative -> Network -> Network Connection-> windows Firewall->Domain Profile->Allow ICMP -> enable
### Domain user to user Administrator power on Additional domain Controlar
Computer managements -> groups -> Administartor-> Add [ The user]
if not add run powershell -> type compmgmt and add again the user
----------------------------------------------
--------------
This is how you do it using a command prompt:
To Turn Off:
NetSh Advfirewall set allprofiles state off
To Turn On:
NetSh Advfirewall set allrprofiles state on
To check the status of Windows Firewall:
Netsh Advfirewall show allprofiles
Enable Ping by PowerShell Commands in Windows Servers
Make sure to run the below commands ‘as administrator’ on the command prompt or PowerShell.
Enable IPv4 – This will create an exception in the default Windows firewall rule.
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol="icmpv4:8,any" dir=in action=allow
IPv6:
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol="icmpv6:8,any" dir=in action=allow
disable ping on IPv4 & IPv6
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=block
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=block
Control panel and open ‘Windows Firewall
1) Go to the control panel and open ‘Windows Firewall’. There are plenty of ways to reach the control panel on a Windows server.
2) Click on ‘Advanced Settings.’
3) select ‘Inbound Rules.’
Locate the ‘File and Printer Sharing (Echo Request –ICMPv4-In’), right-click on it and select Enable Rule.
DNS Check
C:\Windows\system32> DCDIAG /TEST:DNS
- Reset the TCP/IP stack settings and update the IP address on your computer:
netsh int ip reset
netsh winsock reset
ipconfig /flushdns
ipconfig /release
ipconfig /renew
Can’t Access Shared Folder
Group Policy Editor (gpedit.msc). Go to the section: Computer Configuration -> Administrative templates -> Network -> Lanman Workstation. Find and enable the policy Enable insecure guest logons. This policy option determines whether the SMB client will allow an unsafe guest logon to the SMB server.
Windows 10 and 11 from the RUN-> optionalfeatures.exe. Expand SMB 1.0/CIFS File Sharing Support and enable the SMB 1.0/CIFS Clien
Windows Defender Firewall l
RUN-> control firewall.cpl
Turning off the Windows Firewall with the NETSH Command
Using netsh advfirewall set c you can disable the Windows Firewall individually on each location or all network profiles.
netsh advfirewall set currentprofile state off – this command will disable the firewall for the current network profile that is active or connected. For example, suppose the currently active network profile is Domain network. In that case, this command will the Firewall for that network profile.
netsh advfirewall set domainprofile state off – disables on the Domain network profile only.
netsh advfirewall set privateprofile state off – disables on the Private network profile only.
netsh advfirewall set publicprofile state off – this command will disable on the Public network profile only.
netsh advfirewall set allprofiles state off – this command will disable on all network profiles at once.
Fix "the Trust Relationship Between This Workstation and the Primary Domain Failed" Issue. Commands Used:RUN->CMD $credential = Get-Credential Reset-ComputerMachinePassword -Credential $credential
-----------