Refresh Hosts file without rebooting

Tried this with Windows 8.1 and it is easier than you would think as it a command you should be very familiar with.

IPCONFIG /FLUSHDNS

User Template increase attributes copied

When you create a user template and copy it to create a new user only a limited number of attributes are copied

Example: Copy Office From the General tab

Suppose you have a user template and want the Office value from the general tab to remain when you create a new user by copying the template.

You can use ADSI Edit to make the attribute copy.

• Open ADSI Edit
• In the left pane right click ADSI Edit and Connect To the Schema Naming Context

• Locate the attribute name in this case Office is:
  Physical-Delivery-Office-Name
• Right Click and open Properties

• Attribute Editor Tab … locate searchFlags
• Edit and add 16 to the value
• To prevent it from copying remove 16 from the value.

I have tested with Windows 2008 R2 as shown but certain it should work with previous version as I learned from a Windows 2000 KB Article.

Where do you get the attribute names … I found some here.

http://www.jigsolving.com/ad/user-account-attributes-part-3

http://www.kouti.com/tables/userattributes.htm

Ultrasound - File Replication Service

Ultrasound - Monitoring and Troubleshooting Tool for File Replication Service (FRS)

Ultrasound is a monitoring and troubleshooting tool for the File Replication Service (FRS). FRS is a legacy technology that replicates files and folders that are stored in Distributed File System (DFS) folders or in the System Volume (SYSVOL) folder on domain controllers.

Microsoft: download

Search Active Directory from the Desktop

To quickly get the AD search box up on a domain joined PC create a shortcut on the desktop with item location set to.

%SystemRoot%\SYSTEM32\rundll32.exe dsquery,OpenQueryWindow

Domain joined PC only, try to do it from a workgroup you will get:

TechNet Group Policy processing and precedence

Okay so you have local group policies on your PCs and several policies that have been setup by colleagues over time at various levels within active directory. What takes precedence, Local, Site, Domain or OU?

Order of precedence of policy types

The Local machine policies are applied first then Site, Domain and OU Polices are executed from the topmost OU down through the various child OUs until finally you execute any Policy attached to the OU that contains the computer. The Policy applied last has the greatest precedence.

What if multiple Policies are Linked to an OU, Site or Domain ? 

There is only one Local Policy on an individual PC however their can be multiple policies linked to a Site, Domain and OU levels.

Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the site in Group Policy Management Console (GPMC). The last to process has the highest precedence.

For further information:

TechNet: Group Policy processing and precedence

Other Relevant TechNet Documents:

Deployment considerations for Group Policy
Controlling the Scope of Group Policy Objects using GPMC

AD RMS Client Requirements

The Active Directory Rights Management Services (AD RMS) client is included with the Windows Vista®, Windows® 7, Windows Server® 2008, and Windows Server® 2008 R2 operating systems. If you are using Windows XP, Windows 2000, or Windows Server 2003 as your client operating system, a compatible version of the AD RMS client is available for download from the Microsoft Download Center Web site.

The AD RMS client can be used with the AD RMS server role included in Windows Server 2008 and Windows Server 2008 R2 or with previous versions of RMS running on Windows Server 2003.

Microsoft Windows Rights Management Services Client with Service Pack 2 – x86

The client support almost everything for Windows 2000 server/workstation SP4 onwards and includes 32/64 bit support.

Access-Based Enumeration in Windows Server 2003 R2

Implementing Access-Based Enumeration in Windows Server 2003 R2
Windows Server 2003 Access-based Enumeration

Locked Down Workstations and User Accounts

Create a Password Setting Object (PSO), assign users to the global security group associated with the PSO.

For complexity set
"msDS-PasswordComplexityEnable" to false
"msDS-MaximumPasswordAge" to the maximum password age period required.

Restrict accounts to logon to locked down workstations.