ID do evento 1058" e "ID do evento 1030

As políticas de grupo não são aplicadas da forma esperada; são registados os erros "ID do evento 1058" e "ID do evento 1030" no registo de aplicações

Sintomas

No computador baseado no Microsoft Windows XP, as políticas de grupo podem não ser aplicadas como esperado. Quando visualiza o registo de aplicações do Visualizador de eventos, vê dados de erro semelhantes aos seguintes:

Causa

Este problema pode ocorrer se as duas condições seguintes se verificarem: 

• O computador baseado no Windows XP é membro de um domínio.
• O cliente DFS da Microsoft está desactivado.

Nota: a partilha \\Nome de Domínio do Active Directory\Sysvol é uma partilha especial que requer que o cliente DFS estabeleça uma ligação.

Nota: este problema também pode ocorrer se "Todos" tiver sido removido das permissões do sistema de ficheiros NTFS da unidade raiz. Se "Todos" tiver sido removido das permissões NTFS da unidade raiz, restaure as permissões NTFS do grupo "Todos" na pasta raiz concedendo a este grupo as permissões NTFS especiais de leitura e execução apenas na pasta raiz.

Resolução

Para resolver este problema, active o cliente DFS. Para efectuar este procedimento, siga estes passos.

Aviso: a utilização incorrecta do Editor de registo poderá provocar problemas graves que poderão forçar a reinstalação do sistema operativo. A Microsoft não garante que os problemas resultantes da utilização incorrecta do Editor de registo possam ser resolvidos. Todo e qualquer risco decorrente da utilização do Editor de registo é da responsabilidade do utilizador.

1. Clique em Iniciar e clique em Executar.
2. Na caixa Abrir, escreva regedt32 e clique em OK.
3. Na janela Editor de registo, localize a seguinte chave do registo:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup
4. No painel de detalhes, à direita, faça duplo clique em DisableDFS. 
   
   O cliente DFS está desactivado se o valor na caixa Dados do valor for 1.
   O cliente DFS está activado se o valor na caixa Dados do valor for 0.
5. Na caixa de diálogo Editar valor DWORD apresentada, escreva 0 na caixa Dados do valor e clique em OK.
6. No menu Ficheiro, clique em Sair para sair do Editor de registo.

Além disso, active a Partilha de ficheiros e de impressoras em redes Microsoft na interface. Para o fazer, siga estes passos: 

1. Clique em Iniciar, aponte para Ligar a e clique em Mostrar todas as ligações.
2. Clique com o botão direito do rato na ligação adequada e clique em Propriedades.
3. Clique no separador Geral.
4. Em Esta ligação utiliza os seguintes itens, verifique se a caixa de verificação junto de Partilha de ficheiros e de impressoras em redes Microsoft está seleccionada e clique em OK.

Windows 2003 DFS (Distributed File System)

Introduction

The Distributed File System is used to build a hierarchical view of multiple file servers and shares on the network. Instead of having to think of a specific machine name for each set of files, the user will only have to remember one name; which will be the 'key' to a list of shares found on multiple servers on the network. Think of it as the home of all file shares with links that point to one or more servers that actually host those shares. DFS has the capability of routing a client to the closest available file server by using Active Directory site metrics. It can also be installed on a cluster for even better performance and reliability. Medium to large sized organizations are most likely to benefit from the use of DFS - for smaller companies it is simply not worth setting up since an ordinary file server would be just fine.

Understanding the DFS Terminology
It is important to understand the new concepts that are part of DFS. Below is an definition of each of them.

Dfs root: You can think of this as a share that is visible on the network, and in this share you can have additional files and folders.

Dfs link: A link is another share somewhere on the network that goes under the root. When a user opens this link they will be redirected to a shared folder.

Dfs target (or replica): This can be referred to as either a root or a link. If you have two identical shares, normally stored on different servers, you can group them together as Dfs Targets under the same link.
The image below shows the actual folder structure of what the user sees when using DFS and load balancing.

Figure 1: The actual folder structure of DFS and load balancing

Windows 2003 offers a revamped version of the Distributed File System found in Windows 2000, which has been improved to better performance and add additional fault tolerance, load balancing and reduced use of network bandwidth. It also comes with a powerful set of command-line scripting tools which can be used to make administrative backup and restoration tasks of the DFS namespaces easier. The client windows operating system consists of a DFS client which provides additional features as well as caching.

Setting Up and Configuring DFS

The Distributed File System console is installed by default with Windows 2003 and can be found in the administrative tools folder. To open, press Start > Programs > Administrative Tools > Distributed File System or in the Control Panel, open the Administrative Tools folder and click on the Distributed File System icon. This will open the management console where all the configuration takes place.
The first thing you need to do is create a root. To do this, right click the node and select New Root.
Press next on the first window to be brought to the screen where you will have to make the choice of creating either a stand alone or domain root. A domain root will publish itself in Active Directory and supports replication, whereas a stand alone root does not. If you have an AD Domain Controller set up on your machine, I recommend choosing the domain root.
Note: The root would be the top level of the hierarchy. It is the main Active Directory container that holds Dfs links to shared folders in a domain. Windows 2003 allows your server to have more than one root - which wasn't the case in Windows 2000. 

The next screen is the one where you have to select which trusted domains will be hosted. Since I only have one domain in my network, only domain.com is visible.
Once this is done you have to select a server on that domain - in my example it is netserv. The FQDN (Fully Qualified Domain Name) of this host server is netserv.domain.com.

Figure 2: inputting the host server name

The following screen allows you to specify the root name of your primary DFS root. You should give it something which will accurately define the contents of that share.
In my example I have called this root "Company" - which would be a real name of an ogranization. You can change this to anything you want. You might wish to have a root called "Documents" - which would clearly state that one can expect to find anything related or specific to documents, and documentation in that root. 

Figure 3: entering the dfs root name

You will now have to select the location of a folder in which all the files will be stored.

Figure 4: selecting the root share

Tip: for added security, when selecting a folder, try to choose one that is located on a partition other than that of the operating system.
Your DFS root is now configured and visible in the configuration console. Right click the root target and press Status to check if it is online or not.
A green check mark verifies that everything is working properly and that the node is online, whereas a red X means that there is a problem.

To add a new link, right click the root for which you want the link to be created, and select New Link.
In the "New Link" screen, enter a name and path for the link and click OK. Repeat this for as many links as you need to create.

Figure 5: creating a new link

Links are visible right under the node. Below is a screenshot displaying the three links I have created for the COMPANY root.

Figure 6: dfs root and three links in the DFS mmc console

Publishing the root in Active DirectoryBy publishing dfs roots in AD as volume objects, network users will be able to search for shares more easily and administration can be delegated.

To do this right click the desired dfs root, select Properties and go to the Publish tab. Enter the appropriate details in each box and press OK.
In the keywords section you can specify certain words that will help locate the dfs root when it is being searched for.

Figure 7: publish tab in the dfs properties window

The dfs root will now be published in Active Directory.

File Replication Services

There are two types of replication:
* Automatic - which is only available for Domain DFS
* Manual - which is available for stand alone DFS and requires all files to be replicated manually.
The four ways in which replication can be achieved between two or more servers are:
- Ring
- Hub and Spoke
- Mesh
- Custom
The first three refer to network topologies and the last allows you to specify an advanced method of replication, which can be tuned to your needs.

The advantages and disadvantages of replication are as follows:
Advantages - client caching, integration with IIS, easy to administer and setup.

Disadvantages - limited configuration options, there is no method of programmatically initiating a replication session.

Conclusion

We have seen how with the use of the Windows 2003 Distributed File System, one is able to manage data more efficiently. The new and improved features make data management and distribution faster and more effecient because users are able to find what they need when they need it. Having highly available and reliable file services means that the total cost of ownership is kept low - making the life of an administrator much easier when it comes to managing data!

How to disable SMB 1 on Windows 7 via Group Policy

In case you have not got the message yet SMB 1 protocol Bad and that according to Microsoft you should “Stop using SMB1”. Not that I should have to explain, but in case you need a refresher it is old (30 years old); it is slow (especially over high-latency links); and its was superseded over a decade ago with the release of Windows Vista, that’s right… VISTA!!!! So, by now you should be convinced that SMB 1 is really bad and that you need to banish the protocol from your network.

If you want any more convincing we are now 30 years in the future from the release of the original SMB 1 protocol (and the Back to the Future movie). While we still don’t have flying cars, at least we can get rid of SMB 1…. right!

Before you start it is always a good idea to check that all your servers in your environment support SMB 2.0 or later. For Windows server this is easy as any OS more recent that Windows Vista or Windows Server 2008 natively support SMB 2 and have it enabled by default. What might take a little more time is testing all the non-windows server in your environment. In this case what i recommend you do is just disabled SMB 1 manually on a few test computers and just see what breaks. This is a sure fire way to ensure if the server is running SMB 2+ as if the SMB 1 client is disabled then the file share almost certainly has to be SMB 2 or later.

To manually disable SMB 1 on your test workstations simple running the following commands from an elevated command prompt:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

Now that you have done your testing and you are confident that you want to disable SMB 1 you now need a way to make this change to all your Windows 7 clients quickly and easily. Unfortunately, there is no Group Policy setting or registry key that you can apply to Windows 7 to disable SMB1. So, even thought I can’t believe I am saying this, I recommend that you create a logon script to run the command that disables the protocol. While even the very mention of logon scripts for a Group Policy guy like my self it total blasphemy in this case, I would certainly consider it the lesser of two evils.

As always to begin you need to create a Group Policy object to the computer that you want to apply the settings. Then you need to edit the policy and navigate to Computer Configuration > Windows Settings > Scripts. Then double click on “Startup” and then click the “Show Files…” button.

Windows Explorer will now open up to the Scripts folder in the GPO you have created and here you can just right click and create a New “Text Document”.

Here just create a text file with the two command line as per above and save the file as disablesmb1.cmd (or something like that).

Now go back to the “Startup Properties” windows and click “Add” then click “Browse” and select the file you just created and then click “ok”.

The policy will now run a logon script then next time the computer reboots. It will disable the SMB 1 protocol the next reboot after that and you will will very quickly have disabled it on all you Windows 7 computers.

Note: This will work on Windows 8.1 or later as well but in that case it would be far better to just run the one line Powershell command that just simple removes the feature from the OS.

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Note: This will work on Windows 8.1 or later as well but in that case it would be far better to just run the one line Powershell command that just simple removes the feature from the OS.

Additional References:

• https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
• https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

Script de mapeamento de unidades do perfil em um Domínio

1 Antes iremos criar um arquivo .bat chamando o arquivo .vbs Iremos também criar um arquivo de exclusão dos mapeamentos antigos.

Arquivo .vbs de exclusão dos mapeamentos antigos: exclui.vbs

Set oFs = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network")
For Each drv in oFs.Drives
   if drv.DriveLetter <> "A" and drv.DriveLetter <> "B" and drv.DriveLetter <> "C" and drv.DriveLetter <> "D" and drv.DriveLetter <> "E" then
      letra = cstr(drv.DriveLetter) & ":"
      objNetwork.RemoveNetworkDrive letra , true ,true
   end if
Next

2 Arquivo .vbs de criação dos mapeamentos dos diretórios: map.vbs

set net = createobject("wscript.network")
Set FSODrive= CreateObject("Scripting.FileSystemObject")
    Set NW = CreateObject("WScript.Network")
If not FSODrive.DriveExists("H:") Then
NW.MapNetworkDrive "DIRETÓRIO:", "\\CAMINHO DO DIRETÓRIO", True
wscript.quit

3 Agora iremos correr este .bat que ira efetuar a exclusão e mapeamento dos arquivos, este arquivo colocamos no AD de cada perfil do Domínio em Script Logon: map.bat

echo off
echo.
echo .....
echo.
echo O Windows esta  Mapeando as Unidades...
echo Aguarde por favor!
echo.
echo Esta tela fechar  automaticamente em poucos segundos.
echo.
echo wscript \\CAMINHO DOMINIO\NETLOGON\scripts\exclui.vbs
wscript \\CAMINHO DOMINIO\NETLOGON\scripts\map.vbs

[Fix] SQLAgent is not allowed to run error

SQLAgent is not allowed to run.

Para mais informações, consulte o 'Centro de ajuda e suporte' em http://go.microsoft.com/fwlink/events.asp.

Abrir o Registo

HKEY_LOCAL_MACHINE/ SOFTWARE/ MICROSOFT/ MICROSOFT SQL SERVER/ SHAREPOINT/ SQLSERVERAGENT

procurar a chave GUID  e apagar.

Kill TS sessions remotely

Problema clássico: é tentar conectar remotamente em um servidor via TS e não existe conexões disponíveis…
Uma das formas possíveis para a shutdown dessas sessões, é através de um executável chamado RESET.EXE incluso no Windows 2003 e posteriores (pelo menos até o Windows Server 2012R2 o mesmo ainda existe…lembrando que este EXE também é encontrados nas versões clientes do Windows).
Abaixo segue o exemplo da sintaxe do comando:
Para listar as sessões da maquina remota, execute o seguinte comando:

query session /server:NomeDoServidor_ou_IP

É necessário a listagem das sessões, para que se tenha acesso ao ID da sessão.
Para “derrubar” a sessão, execute o seguinte comando:

reset session IDdasessão /server:NomeDoServidor_ou_IP

sharepoint

Erro do servidor na aplicação '/'.
u, se a funcionalidade CustomErrors estiver activada, recebe a seguinte mensagem de erro:

Atributo 'processRequestInApplicationTrust' não reconhecido.

Origem do erro:

Linha 66:      
Linha 67:      
Linha 68:      
Linha 69:      
Linha 70:   

Ficheiro de origem: c:\inetpub\wwwroot\web.config Linha: 68

Causa

O ASP.NET 2.0 implementa uma nova alteração de segurança que ajuda a efectuar um bloqueio de segurança num servidor virtual do IIS 6.0. Nas versões anteriores de ASP.NET, o código é executado no nível de fidedignidade atribuído ao mesmo. O nível de fidedignidade é determinado pelo ficheiro de políticas de segurança de acesso a código. O ficheiro Wss_minimaltrust.config é um exemplo de um ficheiro de políticas de segurança de acesso a código especificado no ficheiro Web.config.

A nova alteração de segurança no ASP.NET 2.0 restringe as permissões de páginas Web, de peças Web e controla a intersecção entre o PermissionSet de ASP.NET e o nível de fidedignidade de execução do código. Nesta configuração, o PermissionSet de ASP.NET é uma representação declarativa de uma instância PermissionSet. Por predefinição, o Windows SharePoint Services atribui apenas privilégios mínimos ao PermissionSet de ASP.NET. A alteração de segurança que é implementada no ASP.NET 2.0 faz com que seja executado algum código com privilégios reduzidos. Por exemplo, foi executado anteriormente código de assemblagens na cache de assemblagem global com um nível de fidedignidade total. Quando configura o servidor virtual no IIS 6.0 para utilizar o ASP.NET 2.0, o código é executado com os privilégios atribuídos ao PermissionSet de ASP.NET. O bloqueio é incompatível com o Windows SharePoint Services. Por conseguinte, o bloqueio tem de ser desactivado no ficheiro Web.config.

O ASP.NET 2.0 também inclui uma nova funcionalidade denominada validação de eventos. A validação de eventos monitoriza chamadas de retorno para a infra-estrutura ASP.NET para garantir que a origem de uma chamada de retorno é a mesma que o destino de controlo. Algumas páginas do Windows SharePoint Services utilizam chamadas de retorno que não estão associadas a um controlo em particular. As chamadas de retorno que não estão associadas a um controlo em particular podem causar erros de execução de páginas. Por conseguinte, o Windows SharePoint Services 2.0 não é compatível com a funcionalidade de validação de eventos do ASP.NET 2.0. Quando configurar uma aplicação Web expandida do Windows SharePoint Services num servidor com o ASP.NET 2.0 instalado, tem de desactivar a validação de eventos do ASP.NET 2.0.

 

 

Utilize a ferramenta da linha de comandos Stsadm.exe do Windows SharePoint Services para actualizar as definições no ficheiro Web.config. Para o fazer, utilize o seguinte comando:

stsadm -o upgrade -forceupgrade -url http://URLDoServidorVirtual

 

 

 

neste caso 

 

C:\Programas\Ficheiros comuns\Microsoft Shared\web server extensions\60\BIN

 

stsadm -o upgrade -forceupgrade -url http://localhost

 

 

Services Pack

Windows 7

Get the latest service pack for free

The latest service pack for Windows 7 is Service Pack 1 (SP1).

• Learn how to get the right service pack for Windows 7 installed automatically today with Windows Update (recommended)
• Download SP1 from the Download Center (advanced)

Support for Windows 7 RTM (without SP1) ends on April 9, 2013. Learn more.

What's included

• What's included in Windows 7 Service Pack 1 (SP1)

Troubleshooting

• Troubleshoot problems installing a service pack for Windows 7

 

windows Vista

 

Get the latest service pack for free

The latest service pack for Windows Vista is Service Pack 2 (SP2). To install Windows Vista SP2, you must first have SP1 installed.

• Learn how to get the right service pack for Windows Vista installed automatically today with Windows Update (recommended)
• Download SP2 32-bit from the Download Center (advanced)
• Download SP2 64-bit from the Download Center (advanced)

Get older service packs for free

Support for Windows Vista Service Pack 1 (SP1) ended on July 12, 2011. Learn more.

• Download SP1 32-bit from the Download Center (advanced)
• Download SP1 64-bit from the Download Center (advanced)

What's included

What's included in Windows Vista Service Pack 2 (SP2)

What's included in Windows Vista Service Pack 1 (SP1)

Troubleshoot Windows Vista service pack installation issues

• Why won't my hardware device work after installing a Windows Vista service pack?
• Why can't my computer play sound after installing a Windows Vista service pack?
• Why am I prompted to activate Windows after installing a Windows Vista service pack?
• Why do I get a "missing system component" error when installing Windows Vista Service Pack 2 (SP2)?

 

 

 

Windows Xp

 

Get the latest service pack for free

The latest service pack for Windows XP is Service Pack 3 (SP3). To install Windows XP SP3, you must first have SP1a or SP2 installed.

• Learn how to get the right service pack for Windows XP installed automatically today with Automatic Updating (recommended)
• Download SP3 from the Download Center (advanced)

Get older service packs for free

Support for Windows XP Service Pack 2 (SP2) ended on July 13, 2010. Learn more.

• Windows XP Service Pack 2 Network Installation Package
• Windows XP Service Pack 1a Express Install

Troubleshoot Windows XP service pack installation issues

• How to troubleshoot an unsuccessful installation of Windows XP Service Pack 3
• List of fixes that are included in Windows XP Service Pack 3
• When you try to install Windows XP Service Pack, you receive the error message "Access is denied" or "Service Pack installation did not complete"
• Windows XP Service Pack 3 installation fails with an error message, and the following error is logged in the service pack installation log: "8007F0F4 - STATUS_PREREQUISITE_FAILED"

 

 

Windows

• Windows XP
• Windows 2000
• Windows 98
• Windows 95
• Windows NT 4.0 Includes Windows NT 4.0 Server, Workstation, Enterprise Edition, and Terminal Server Edition
• Windows NT 3.51 Includes Windows NT 3.51 Server and Workstation
• Services for NetWare 5.0

Internet Explorer

• Internet Explorer 6
• Internet Explorer 5.5
• Internet Explorer 5.01

Office

• Office XP
• Office 2000
• Office 97

Server products

• Windows 2003
• Windows 2000
• BizTalk Server 2002
• BizTalk Server 2000
• BizTalk Accelerator for HIPAA 1.0
• Commerce Server 2002
• Commerce Server 2000
• Content Management Server 2001
• Exchange 2003 Server Exchange 2000 Server Includes Exchange 2000 Conferencing Server
• Exchange Server 5.5
• Exchange Server 5.0
• Internet Security and Acceleration Server 2000
• Microsoft Operations Manager 2000
• Proxy Server 2.0
• SharePoint Portal Server 2001
• Site Server 3.0 Includes Site Server and Commerce Edition
• SNA Server 4.0
• SNA Server 3.0
• SQL Server 2000
• SQL Server 2000 Windows CE Edition 1.1
• SQL Server 7.0
• SQL Server 6.5
• Systems Management Server 2.0
• Windows NT 4.0 Includes Windows NT 4.0 Server, Workstation, Enterprise Edition, and Terminal Server Edition

Developer tools

• .NET Framework
• Microsoft Data Access Components (MDAC) 2.6
• Microsoft Data Access Components (MDAC) 2.5
• Microsoft XML Core Services 4.0 SP2
• Microsoft XML Parser 3.0 Service Pack 2 Release
• Office 2000 Developer
• Visio 2002 includes Standard and Professional
• Visio for Enterprise Architects 2002
• Visual FoxPro 7.0
• Visual Studio 6.0
• Visual Studio 97
  
  
  
  

 Fica aqui a compilação de todos os links