In Windows Server 2012 shutdown.exe has a new switch, -o, which controls the behaviour of the next boot. “shutdown -o -r -t 0” is now a very easy way to get into the boot menu for safe mode, last known good, etc.
Author: pertorben
CAWeb Enrollment error 403.14
The Certification Authority Web Enrollment is the webpage where you can logon to request certificated or download crls from your CA. One of my challenges today was that a newly installed issuing CA was unable to configure the Web enrollment webpage correctly. No matter what I did I always got the “403.14 – Forbidden” error.
After quite a bit of troubleshooting, including removing and re-adding roles using both Server Manager and powershell and reboots between the steps I was no closer to a solution. One of my Google-searches lead me to http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_26623918.html where he suggests to check that default.asp is located in the path C:\Windows\System32\CertSrv\en-US.
I had the file and everything there was correct, but that lead the to check the path of the website itself. For some reason IIS kept linking the /certsrv site to C:\Windows\System32\CertSrv which is the parent folder, so as soon as I changed the path from C:\Windows\System32\CertSrv to C:\Windows\System32\CertSrv\en-US in IIS everything was ok.
Preparing for Windows 9 with dualboot
Here’s a link to my blogpost which helps you prepare for testing Windows 9 when it is announced in 2 weeks time.
Java security settings
Java 7u51 has been a headache so far with security settings, especially on a terminalserver. I needed to adjust the security setting for Java for all users on the terminalserver and add a website (example.com) to the exception site list in Java.
The solution was to create 3 text files and place them all in the folder C:\Windows\Sun\Java\Deployment
filename: Deployment.config
deployment.system.config=C:\WINDOWS\Sun\Java\Deployment\deployment.properties
deployment.system.config.mandatory=true
filename: deployment.properties
deployment.security.level=MEDIUM
deployment.security.level.locked=
deployment.user.security.exception.sites=C\:\\WINDOWS\\Sun\\Java\\Deployment\\exception.sites
filename: exception.sites
https://www.example.com
After these 3 textfiles are created, the new java settings till take effect at next logon, and you can verify it by looking at the security tab in java control panel.
Copy group membership in AD
To copy member from one group to another you can (of cource) use Powershell. This copies the members of Group1 into members of Group2.
Get-ADGroupMember -Identity “Group1” | ForEach-Object {Add-ADGroupMember -Identity “Group2” -Members $_.SamAccountName}
List installed certificates with Powershell
To list the installed certiifcates in the local computer store I use the following one-liner:
dir Cert:\LocalMachine\My | fl thumbprint, SerialNumber, Subject, NotBefore, NotAfter, Issuer
You can replace “LocalMachine” with “CurrentUser” to list certificates in the current user store.
How to easily boot into safe mode
In Windows Server 2012 the shutdown.exe command has a new switch, -o, which lets you control the behaviour of the next reboot. You can use this to boot straight into the boot menu and then select safe mode, last known good etc