TIPS - server

dsa.msc    -   Active Directory 

gpmc.msc        Group polily management

 gpedit.msc          Local polily management

 rsop.msc        ->     RSoP to check and troubleshoot group policy settings For Client PC

adfs.msc              Active Directory Federation Service

compmgmt.msc    Computer Management

devmgmt.msc       Device Manager

diskmgmt.msc      Disk Management

eventvwr.msc        Event Viewer

fsmgmt.msc          Shared Folders

lusrmgr.msc          Local Users and Groups

perfmon.msc         Performance Monitor

rsop.msc               Resultant Set of Policies

secpol.msc            Local Security Policy

services.msc         Services Manager

taskschd.msc        Task Scheduler

wf.msc                  Windows Firewall

GPO Result

powerShell--> gpresult /r

Disk Management from Run box

Windows+R to open Run, type “diskmgmt.msc”

Disable control, alt, delete at login window

  Computer Configuration>Windows setting>security setting>Local policy>security Option> Interactive login CTRL+ALT+DEL   [enable]

Password policy

Group policy manegement->Domain->Defult Domain policy

policies-windows setting - security setting-Account policy-password policy

GPO remote Desktop

Group policy manegement->Domain->Defult Domain policy

1. Computer>Administrative>windows Component> Remote Desktop> Remote Desktop session host > Connection>Allow user to remote Desktop> Enable

2. Computer>Administrative>Network> network connection>windows firewall>Domain profile>Windows firewall: Allow inbound Remote Desktop exception>Enable

Log on Locally

Group policy manegement->Domain->Domain Controler->Defult Domain Controler policy

policies-windows setting - security setting-Local policies-Allow log on locally [ Select user/group]

Computer Configuration > Policies > Security Settings > Local Policies > User Rights Assignment.

Disable/restrict access to USB storage devices by Group Policy Editor

 gpedit.msc in Run (Win + R) dialog box.

Step 2: Expand Computer Configuration > Administrative Templates > System, and select Removable Storage Access. On the right-side pane, locate ''Removable Disks: Deny execute access'', ''Removable Disks: Deny read access'', and ''Removable Disks: Deny write access''. Double-click on each of them to configure it.

Step 3: Select Enabled, then click Apply and click OK. This will disable execute, read, and write access to any removable disks including USB storage devices connected to the computer. If you want to enable the use of USB storage devices, set it to ''Not configured'' or ''Disabled''.

Disable the use of USB storage devices by Registry Editor

regedit in the Run dialog box.

Step 2: Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR, and then locate the DWORD value named ''Start'' on the right-side pane. The default value data of Start is ''3''. Double-click on Start, and set its value data to ''4''.

Step 3: Restart Windows 10 for the changes to take effect. This will prevent any USB storage device from connecting to the computer, and thus disable the use of USB storage devices on the computer.

Note: By Registry Editor, you just disable the use of USB storage devices, but it won’t affect the use of USB mouse, keyboard, and printer on the computer.

passwd policy  server2012

• • In the Server Manager click on Tools and from the drop down click Group Policy Management

  • Expand Forrest >> Domains >> Your Domain Controller.

  • Right click on the Default Domain Policy and click on the Edit from the context menu.

  • Now Expand Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy

  • Double-click on the Passwords Must Meet Complexity Requirements option in the right pane.

  • Select Disabled  under define this policy setting:

  • Click Apply then OK all the way out and close the GPO window.

  • In order to refresh the policy type the following command: “gpupdate /force”  in the CMD window and click ENTER.

Computer icon on Windows Server 2012 Desktop

This is how you do it using a command prompt:

To Turn Off: 

NetSh Advfirewall set allprofiles state off

To Turn On: 

NetSh Advfirewall set allrprofiles state on

To check the status of Windows Firewall: 

Netsh Advfirewall show allprofiles

Enable Ping by PowerShell Commands in Windows Servers

Make sure to run the below commands ‘as administrator’ on the command prompt or PowerShell.

Enable IPv4  – This will create an exception in the default Windows firewall rule.

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol="icmpv4:8,any" dir=in action=allow

IPv6: 

netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol="icmpv6:8,any" dir=in action=allow

disable ping on IPv4 & IPv6

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=block

netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=block

Control panel and open ‘Windows Firewall 

1) Go to the control panel and open ‘Windows Firewall’. There are plenty of ways to reach the control panel on a Windows server. 

2) Click on ‘Advanced Settings.’

3) select ‘Inbound Rules.’

Locate the ‘File and Printer Sharing (Echo Request –ICMPv4-In’), right-click on it and select Enable Rule.

DNS Check

C:\Windows\system32> DCDIAG /TEST:DNS

• Reset the TCP/IP stack settings and update the IP address on your computer:
  netsh int ip reset
  netsh winsock reset
  ipconfig /flushdns
  ipconfig /release
  ipconfig /renew

Group Policy Editor (gpedit.msc). Go to the section: Computer Configuration -> Administrative templates -> Network -> Lanman Workstation. Find and enable the policy Enable insecure guest logons. This policy option determines whether the SMB client will allow an unsafe guest logon to the SMB server. 

Windows 10 and 11 from the RUN->  optionalfeatures.exe.    Expand SMB 1.0/CIFS File Sharing Support and enable the SMB 1.0/CIFS Clien 

Windows Defender Firewall l 

RUN->   control firewall.cpl 

Turning off the Windows Firewall with the NETSH Command

Using netsh advfirewall set c you can disable the Windows Firewall individually on each location or all network profiles.

• netsh advfirewall set currentprofile state off – this command will disable the firewall for the current network profile that is active or connected. For example, suppose the currently active network profile is Domain network. In that case, this command will the Firewall for that network profile.

• netsh advfirewall set domainprofile state off – disables on the Domain network profile only.

• netsh advfirewall set privateprofile state off – disables on the Private network profile only.

• netsh advfirewall set publicprofile state off – this command will disable on the Public network profile only.

• netsh advfirewall set allprofiles state off – this command will disable on all network profiles at once.

-----------