Step-by-Step Guide to Fine-Grained Passwords in Windows Server 2008

I find it’s best to work with an example to demonstrate a solution, so in this case we will assume that you have a number of users who are Special Administrators and require a stronger password group policy than the standard user.  We will refer to these users as SpecialAdmins

In the following steps, we will configure a fine-grained password policy in Windows Server 2008 with the following settings:

Policy Name Policy Setting
Enforce password history 24 passwords remembered
Maximum password age 30 days
Minimum password age 1 day
Minimum password length 12 characters
Passwords must meet complexity requirements Disabled
Account lockout duration 0
Account lockout threshold 3
Reset account lockout counter after 30 minutes

Table 1: Password Policy

Note: yourdomainname in the following steps should be replaced with the NETBIOS name of your domain.

  1. Logon to a Windows Server 2008 domain controller using an account that has membership in the Domain Admins group, or equivalent permissions.
  2. Go to Start, Administrative Tools, and then select Active Directory Users and ComputersActive Directory Users and Computers
  3. Expand yourdomainname.com, right-click on the Users container, select New, and then select Group.
  4. On the New Object – Group window, enter SpecialAdmins into the Group Name field, and then click OKNew Object - Group
  5. Close Active Directory Users and Computers
  6. Click Start, click RUN, type ADSIEDIT.MSC, and then click OK 

    adsiedit.msc

  7. In the ADSI Edit snap-in, right-click ADSI Edit, and then click Connect to
  8. In the Name field, enter yourdomainname.com, and then click OK
  9. Double-click yourdomainname.com in the console tree, double-click DC=yourdomainname,DC=com, double-click CN=System, and then click CN=Password Settings Container 

    CN=Password Settings Container

  10. Right-click CN=Password Settings Container in the console tree, click New, and then click ObjectPassword Settings Container - New Object
  11. In the Create Object dialog box, under Select a class, click msDC-PasswordSettings, and then click Next.Create Object - msDS-PasswordSettings
  12. In the Create Object dialog box, enter SpecialAdmins in the Value field, and then click Next.Create Object - msDS-PasswordSettings Value
  13. For the msDS-PasswordSettingsPrecedence value, enter 1, and then click NextmsDS-PasswordSettingsPrecedence
  14. For the msDS-PasswordReversibleEncryptionEnabled value, enter false, and then click NextmsDS-PasswordReversibleEncryptionEnabled
  15. For the msDS-PasswordHistoryLength value, enter 24, and then click NextmsDS-PasswordHistoryLength
  16. For the msDS-PasswordComplexityEnabled value, enter false, and then click NextmsDS-PasswordComplexityEnabled
  17. For the msDS-MinimumPasswordLength value, enter 12, and then click NextmsDS-MinimumPasswordLength
  18. For the msDS-MinimumPasswordAge, enter 1:00:00:00, and then click NextmsDS-MinimumPasswordAge
  19. For the msDS-MaximumPasswordAge, enter 30:00:00:00, and then click NextmsDS-MaximumPasswordAge
  20. For the msDS-LockoutThreshold, enter 3, and then click NextmsDS-LockoutThreshold
  21. For the msDS-LockoutObservationWindow, enter 0:00:30:00, and then click NextmsDS-LockoutObservationWindow
  22. For the msDS-LockoutDuration, enter (never), and then click Next, then click FinishmsDS-LockoutDuration
  23. Right-click on CN=SpecialAdmins in the console tree, and then select PropertiesmsDS-PasswordSettings Properties
  24. On the CN=SpecialAdmins Properties window, select the msDS-PSOAppliesTo attribute, and then click the Edit buttonmsDS-PSOAppliesTo
  25. On the Multi-valued Distinguished Name With Security Principal Editor window, click on the Add Windows Account buttonMulti-valued Distinguished Name With Security Principal Editor
  26. On the Select Users, Computers, or Groups window, enter SpecialAdmins in the Enter the object names to select field, and then click OKSelect Users, Computers, or Groups
  27. Click OK on the Multi-valued Distinguished Name With Security Principal Editor window
  28. Click OK on the CN=SpecialAdmins Properties windowmsDS-PSOAppliesToSetting

For More Reference:-

http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx

Advertisements

Exchange returns #550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ##

Exchange 2007 and 2010 have the ability to block access from outside to your distribution list. If someone sends a message, that person will receive the NDR :

Received-SPF: None (servername: sender@xs4all.nl does not designate permitted sender hosts)

Exchange returns #550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ## 

If you see the error the first thing you want to check is your antispam logs, but the problem can be found somewhere else… In your Exchange server itself!!

Fix it using the Exchange Management Console:

  1. Click the Distribution Group name as you want to set
  2. Click the “Properties
  3. Click the “Mail Flow Settings” Tab
  4. Click the “Message Delivery Restrictions” item
  5. Click the “Properties…” button
  6. Uncheck the “Require that all senders are authenticated” check-box
  7. Click “OK” button
  8. Click “OK” button again

 

SQL Mirroring Remove How TO

To remove database mirroring

  1. During a database mirroring session, connect to the principal server instance, in Object Explorer, click the server name to expand the server tree.
  2. Expand Databases, and select the database.
  3. Right-click the database, select Tasks, and then click Mirror. This opens the Mirroring page of the Database Properties dialog box.
  4. In the Select a Page pane, click Mirroring.
  5. To remove mirroring, click Remove Mirroring. A prompt asks for confirmation. If you click Yes, the session is stopped and mirroring is removed from the database.

 

To remove database mirroring, use the Database Properties. use the Mirroring page of the Database Properties dialog box.

To remove database mirroring

  1. Connect to the Database Engine of either mirroring partner.
  2. From the Standard bar, click New Query.
  3. Issue the following Transact-SQL statement:
                    ALTER DATABASE database_name SET PARTNER OFF

    where database_name is the mirrored database whose session you want to remove.

    The following example removes database mirroring from the AdventureWorks2012 sample database.

    ALTER DATABASE AdventureWorks2012 SET PARTNER OFF;
  • If you intend to restart mirroring on the database

    Any log backups taken on the principal database after mirroring was removed must all be applied to the mirror database before you can restart mirroring.

  • If you do not intent to restart mirroring

    Optionally, you can recover the former mirror database. On the server instance that was the mirror server, you can use the following Transact-SQL statement:

                  RESTORE DATABASE database_name WITH RECOVERY;

SQL Database Mirroring Steps

1. Delete if any endpoint exist for mirroring from principal and Mirror server
a. Select endpoint
i. SELECT * FROM sys.tcp_endpoints
b. Delete Endpoint
i. Drop endpoint <endpoint name>
2. Create Firewall rule
a. Principal database server
i. Create outbound rule for that particular port
1. Rule type: Port
2. Protocol type: TCP, Specific remote port: <Port number>
3. All The connection
4. Enable all (Domain, private, public)
5. Name the rule.
ii. Create Inbound rule for that particular port
b. Mirror database server
i. Inbound Rule
ii. Outbound Rule
3. Create endpoint in both server
CREATE ENDPOINT <Endpoint Name>
STATE = STARTED
AS TCP (LISTENER_PORT = 5555)
FOR DATABASE_MIRRORING (ROLE=PARTNER);
4. All port number must be same and confirm that no any port is in use.
5. Set recovery model to Full in principal database
a. Property – > option -> Recovery model -> Full.
6. Generate full backup from Principal database.
7. Restore database from backup in Mirror server.
a. Make sure that database name and path will be same.
8. Create mirror from principal database
a. Principal database -> property -> mirror -> Configure security -> next -> Service account (Leave it blank). -> start mirr