Tutti gli articoli di Andrea Gallazzi

Determine Windows License Type

Facebooktwittergoogle_plusredditlinkedin

#Note
How to Determine if Windows License Type is OEM, Retail, or Volume

Most common license types:
– KMS Client and Volume MAK
– OEM SLP and COA SLP
– OEM System Builder
– Retail

Explanations:
– KMS Client and Volume MAK product keys, are volume license keys that are not-for-resale.  They are issued by organizations for use on client computers associated in some way with the organization.  Volume license keys may not be transferred with the computer if the computer changes ownership.  Consult your organization or the Volume Licensing Service Center for help with volume license keys.
https://www.microsoft.com/licensing/servicecenter/Help/FAQDetails.aspx?id=127

– OEM SLP and COA SLP product keys, are issued by large computer manufacturers and use SLP (System Locked Pre-installation) technology to bind the license to the original motherboard via the BIOS and software. 
The OEM SLP keys self-activate if the corresponding data in the BIOS is correct.  OEM SLP keys, which the user can read in the MGADiag report or software like KeyFinder, cannot be used by the end user to manually activate Windows.  The COA SLP key is printed on a sticker affixed to the side of the computer case (desktops), or on the bottom of the case (laptops), or in the battery compartment (newer laptops).  This is the key for the user to enter manually should he need to activate Windows himself.

– OEM System Builder, product keys are for use by smaller system builders, computer shops, consultants, and others who provide computers and services to their customers.  A system builder is defined by the System Builder license as “an original equipment manufacturer, an assembler, a refurbisher, or a software pre-installer that sells the Customer System(s) to a third party.”  A person who builds a  computer for his own use or for friends and family is not a system builder as defined by the System Builder license.  The correct license for these cases is Retail. 
OEM keys are not-for-resale and may not be transferred to another computer.  They may, however, be transferred with the computer if the computer is transferred to new ownership.

– Retail, product keys are what the customer gets when he buys a Full Packaged Product (FPP), commonly known as a “boxed copy”, of Windows from a retail merchant or purchases Windows online from the Microsoft Store. 
The term “retail” used in licensing has nothing to do with how the user purchases Windows, however, but refers to certain rights granted by retail licenses.  A retail license may be transferred to another computer so long as the number of computers licensed does not exceed the licensing limit.  In most cases, the limit is one.
Some retail licenses are not-for-resale.  Licenses obtained from a subscription such as MSDN, TechNet, BizSpark, and complimentary copies are not-for-resale.  Subscription and complimentary licenses are transferrable to a new computer by the subscriber/recipient only.  They may not be transferred with a computer that changes ownership.  Such licenses are classified as “retail” because, unlike OEM licenses, they are transferrable to a different computer. 
Retail licenses may be either Upgrade licenses or Full Rights licenses.  Microsoft uses “upgrade” to mean both an installation methodology and a licensing right.  Don’t confuse the two meanings.  As a licensing right “upgrade” means that the customer is given credit (residual value) for the old Windows license because it is being superseded by the new upgrade license.  Upgrade licenses are sold at a reduced price compared to the Full Rights license for this reason.  However, the user must own a previous Windows license qualifying for the upgrade in order to take advantage of the reduced price.  Further, the user may not re-use the old, superseded license. 
Full Rights retail licenses do not supersede a preceding license regardless of how the software is installed.

#Product Affected / Related
Windows all versions

#Solution 
Type the command below into the command prompt or PowerShell, and press Enter.
slmgr -dli

Office 365: Archiviazione Illimitata ed Auto Espansione

Facebooktwittergoogle_plusredditlinkedin

 

In Office 365, con alcuni piani o acquistando il servizio separatamente, è possibile attribuire uno spazio di archiviazione illimitato che comprende 100 GB iniziali ad ogni mailbox utente. Successivamente l’archivio in-place si auto-espanderà a tagli predefiniti.

Auto-espansione

Si tratta di una featureche conferisce all’archivio in-placedella mailbox principale la possibilità di crescere oltre la quota limite di default 100GB (Figura 1)
 


Office 365: Customize the maximum message size to 150MB

Facebooktwittergoogle_plusredditlinkedin

#Note
The default maximum message size for Office 365 mailboxes is still 25 MB but you can choose the size setting that’s right with a maximum size of 150MB

#Product Affected
Office 365, Exchange Online

#Solution
For your convenience use PowerShell to do it

Update a single mailbox
Set-Mailbox -Identity alias@domain.com -MaxSendSize 150MB -MaxReceiveSize 150MB


Update multiple mailboxes 

(“alias”, “alias2”, “alias3”) | % {Set-Mailbox –Identity $_ -MaxSendSize 150MB -MaxReceiveSize 150MB}


Update all mailboxes
Get-Mailbox | Set-Mailbox -MaxSendSize 150MB -MaxReceiveSize 150MB
Update the default settings (For mailboxes you create in the future.)
Get-MailboxPlan | Set-MailboxPlan -MaxSendSize 150MB -MaxReceiveSize 150MB



Migrate DHCP from different Windows Server versions

Facebooktwittergoogle_plusredditlinkedin

#Note
How to migrate DHCP server configuration from different versions

#Product Affected
Windows Server – All versions

#Solution

1. On the source DCHP server run the following cmdlet (wh administrative privilege)

Export-DhcpServer -File C:\yourpath\DHCPdata.xml -Leases -Force -ComputerName sourcedhcp.domain.ext –Verbose

2. On the source DCHP server run the following cmdlet (wh administrative privilege)

Import-DhcpServer -File C:\yourpath\DHCPdata.xml -BackupPath C:\yourpath\ -Leases -ScopeOverwrite -Force -ComputerName destinationdhcp.domain.ext –Verbose

Windows Server 2016: Recently added DC do not work, inexistent SYSVOL

Facebooktwittergoogle_plusredditlinkedin

#Note
Recently added DC do not work, do not replicate and it’s affected by inexistent SYSVOL and NETLOGON .
The SYSVOL share and NETLOGON share are not showing shared on the new DC Windows Server 2016 and it cause GPO issue.

In the DCDIAG you’ll find this:
   SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.


#Product Affected
Windows Server 2016, 2012 R2, 2012, 2008 R2, 2008
#Solution
On the new DC:
1.Click Start, click Run, type regedit, and then click OK.
2.Locate the following subkey in Registry Editor:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
3.In the details pane, right-click the SysvolReady flag, and then click Modify.
4.In the Value data box, type 0, and then click OK.
5.Again in the details pane, right-click the SysvolReady flag, and then click Modify.
5.In the Value data box, type 1, and then click OK.
6. Restart the Netlogon service and use “net share” to check if the both folders are shared and if the GPO information start replicating.
7. Copy all files in the SYSVOL from the primary DC
8. Manually share C:\Windows\SYSVOL\sysvol\iqd.local\SCRIPTS. We can set the share the same as primary DC.
9. Restart DFSR e NETLOGON services 

Mitigations for speculative execution side-channel vulnerabilities in CPU Microcode from Microsoft side

Facebooktwittergoogle_plusredditlinkedin

#Note

Mitigations for speculative execution side-channel vulnerabilities in CPU Microcode  “speculative execution side-channel attacks”
•CVE-2017-5715 – Bounds check bypass
•CVE-2017-5753 – Branch target injection
•CVE-2017-5754 – Rogue data cache load
This class of vulnerabilities will affect many modern processors and operating systems, including hardware (Intel, AMD, and ARM), software(Windows, Linux, Android, Chrome, iOS, Mac OS). Both physical and virtual machine will be affected. At the time of publication, Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time.

#Product Affected
All versions, client and server
#Solution
To be fully protected, updates are required at many layers of the computing stack and include software and hardware/firmware updates. Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. Meanwhile, since the issue affect hardware, we may also need to install firmware updates from device manufacturer for increased protection. Please check with device manufacturer for relevant updates.
Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure, for more detailed information please check the following link:
https://azure.microsoft.com/en-us/blog/securing-azure-customers-from-cpu-vulnerability/
For customers using Windows client operating systems including Windows 7 Service Pack 1, Windows 8.1, and Windows 10, we suggest:
-Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.
-Apply all available Windows operating system updates, including the January 2018 Windows security updates.
– Apply the applicable firmware update that is provided by the device manufacturer
https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in  
For customers using Windows server operating systems including Windows Server 2008 R2 Service Pack 1, Windows Server 2012 R2, and Windows Server 2016, we suggest:
– Apply the Windows operating system update.
– Make necessary configuration changes to enable protection.
– Apply an applicable firmware update from the OEM device manufacturer.

For Windows Server 2008, Windows Server 2012, please make the system up-to-date and pay close attention to the official article for latest updates.
https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution
Microsoft will continue to work closely with industry partners to improve mitigations against this class of vulnerabilities. If any further information, we will update as soon as possible, your patience is much appreciated.
Please check the link below for more detailed information:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002