Making Windows Behave Well

Granting Temporary Admin Rights to Users

SYNERGIX AD Client Extensions software allows domain users to have elevated privileges for specific duration ( default is 60 minutes ). This is particularly useful when the user must install legacy applications or install local printer drivers. The software includes Group Policy Administrative Template file that makes it easy to configure the feature. Once the GPO is configured, the Systems …

Read More

Making Drive Maps work over VPN connection

Group Policy preferences expand the range of configurable settings within a Group Policy object (GPO). These new extensions are included in the Group Policy Management Editor window under the new Preferences item. Examples of the new Group Policy preference extensions include folder options, mapped drives, printers, scheduled tasks, services, and Start menu settings.   Some of the Group Policy Preference …

Read More

Refresh Kerberos Tickets without logon or restart

Kerberos Tickets refresh soon after the Kerberos Tickets expires ( generally in 10 hours ) or when the user logs in interactively or computer boots up connected to the corporate network.   Kerberos authentication protocol is more secure and efficient when compared to the legacy NTLM authentication protocol. However, when the administrator updates the group membership of the Active Directory …

Read More

How to Synchronize Expired Active Directory Credentials

Expired Active Directory user credentials that were changed by the administrator through Active Directory management console or by the user through Citrix Access Gateway Advanced Access Control and the VPN tunnel are not updated on the client Windows XP computer.   Locally cached credentials of the Active Directory are not changed through the Access Gateway Advanced Access Control VPN tunnel. …

Read More

Integrating Truecrypt with Active Directory

Not claiming any subject matter expertise in crytography but merely looking at Truecrypt as a potential candidate for enterprise use and the challenges faced by systems administrators managing such a tool.

Asking users to change the truecrypt ( full disk encryption ) password when they change their domain account password every 60 or 90 days. Ideally, if it is the same password for both the Active Directory domain account and for Truecrypt, it can potentially reduce support calls.

Read More

From zero to boot in 0 seconds !

Simply leave your Microsoft(R) Windows(TM) based computer powered on, like you would leave your SmartPhone on all the time. That’s going from zero to boot in 0 seconds ! But that comes with a catch or problems (lots of them) that your systems administrators don’t want to deal with. If your computer could probe a network connection to your corporate …

Read More

Changing domain password over VPN

In Active Directory environment, the default domain policy, specifically the password expiration policy, can cause resource access issues to VPN users who typically login with cached credentials. When their password is about to expire, they do not receive password change notification, which ultimately results in their account being locked out. This issue gets resolved by the users having to call …

Read More

Group Policy Updates

Group Policies apply when the computer starts up or when the user logs in. And after that event, every 90 minutes on a domain computer. This may work very well for LAN connected computers, however, for remote computers that generally start up without being connected to corporate network and the user logs in with cached credentials, the event based Group …

Read More

Duplicate DNS records

DNS Scavenging is a feature that must be enabled so the stale DNS records get deleted. However, it comes with its own set of challenges. Administrators managing desktops and laptops have to work with DHCP Lease period and DNS Scavenging No-Refresh and Refresh period in order for the systems to work optimally. For example, an administrator may configure the DHCP …

Read More

Practical IT Solutions