TechOnTip Weblog

Run book for Technocrats

Archive for the ‘WindowsServer’ Category

Microsoft DirectAccess Group Policy WMI Filter Explained

Posted by Jason Heisley on June 18, 2013

Click here for other Direct Access related articles.

So when you setup DirectAccess by default it applies to only Laptops. In the documentation it states that this is done by a WMI filter but that’s it. So digging a bit deeper I found that it creates a WMI filter in Group Policy called “DirectAccess – Laptop only WMI filter” and adds the “DirectAccess Client Settings” GPO to that filter. Below I break down what the filter is and give some information on how you can create your own WMI filter for Group Policies.

This is the WMI Group policy created by DirectAcess:

The first Part selects only laptops.

Namespace: root\CIMV2

select * from Win32_ComputerSystem where PCSystemType = 2

The second part filters OS Types and Product SKUs.

Namespace: root\CIMV2

Select * from Win32_OperatingSystem WHERE (ProductType = 3) OR (Version LIKE ‘6.2%’ AND (OperatingSystemSKU = 4 OR OperatingSystemSKU = 27 OR OperatingSystemSKU = 72 OR OperatingSystemSKU = 84)) OR (Version LIKE ‘6.1%’ AND (OperatingSystemSKU = 4 OR OperatingSystemSKU = 27 OR OperatingSystemSKU = 70 OR OperatingSystemSKU = 1 OR OperatingSystemSKU = 28 OR OperatingSystemSKU = 71))

So the filter evaluates to: laptops “PCSystemType = 2” and server “ProductType = 3″ or
Windows 2012, Windows 8 “Version LIKE ‘6.2%’” and Enterprise Edition “OperatingSystemSKU = 4″ or Enterprise N or Server Enterprise (evaluation installation) or Enterprise N (evaluation installation) or Windows 2008 R2, Windows 7 “Version LIKE ‘6.1%'” and Enterprise Edition or Enterprise N or Enterprise E or Ultimate or Ultimate N or Ultimate E.

So I am not sure why they are including server maybe just in case we have it installed on a laptop and want to use DirectAccess but never the less this is how it evaluates out.

How I got this information:

Below is where I found this info. I have put it here mainly for my own reference because I have not found another blog site where all this is all in the same place.


Source link

Windows Server 2003, Windows XP, Windows 2000, Windows NT 4.0, and Windows Me/98/95: This property is not available.

Value Meaning
0 (0x0) Unspecified
1 (0x1) Desktop
2 (0x2) Mobile
3 (0x3) Workstation
4 (0x4) Enterprise Server
5 (0x5) Small Office and Home Office (SOHO) Server
6 (0x6) Appliance PC
7 (0x7) Performance Server
8 (0x8) Maximum


Source post

Value Meaning
1 Work Station
2 Domain Controller
3 Server


This was pieced together from various sources on the internet.

Windows 10 Insider Preview  = 10.0%
Windows Server Technical Preview = 10.0%
Windows 8.1 = 6.3%
Windows Server 2012 R2 = 6.3%

Windows Server 2012 or Windows 8 = 6.2%

Windows Server 2008 R2 or Windows 7 = 6.1%

Windows Server 2008 or Windows Vista = 6.0%

Windows Server 2003 = 5.2%

Windows XP = 5.1%

Windows 2000 = 5.0%


So I pieced this together from this MSDN post and this incomplete post by converting the Hex numbers to decimal.

Stock Keeping Unit (SKU) number for the operating system.

Windows Server 2003, Windows XP, Windows 2000, and Windows NT 4.0: This property is not available.



An unknown product




Home Basic


Home Premium




Home Basic N




Server Standard


Server Datacenter (full installation)


Windows Small Business Server


Server Enterprise (full installation)




Server Datacenter (core installation)


Server Standard (core installation)


Server Enterprise (core installation)


Server Enterprise for Itanium-based Systems


Business N


Web Server (full installation)


HPC Edition


Windows Storage Server 2008 R2 Essentials


Storage Server Express


Storage Server Standard


Storage Server Workgroup


Storage Server Enterprise


Windows Server 2008 for Windows Essential Server Solutions


Small Business Server Premium


Home Premium N


Enterprise N


Ultimate N


Web Server (core installation)


Windows Essential Business Server Management Server


Windows Essential Business Server Security Server


Windows Essential Business Server Messaging Server


Server Foundation


Windows Home Server 2011


Windows Server 2008 without Hyper-V for Windows Essential Server Solutions


Server Standard without Hyper-V


Server Datacenter without Hyper-V (full installation)


Server Enterprise without Hyper-V (full installation)


Server Datacenter without Hyper-V (core installation)


Server Standard without Hyper-V (core installation)


Server Enterprise without Hyper-V (core installation)


Microsoft Hyper-V Server


Storage Server Express (core installation)


Storage Server Standard (core installation)


Storage Server Workgroup (core installation)


Storage Server Enterprise (core installation)


Starter N




Professional N


Windows Small Business Server 2011 Essentials


Server For SB Solutions


Server Solutions Premium


Server Solutions Premium (core installation)


Server For SB Solutions EM


Server For SB Solutions EM


Windows MultiPoint Server


Windows Essential Server Solution Management


Windows Essential Server Solution Additional


Windows Essential Server Solution Management SVC


Windows Essential Server Solution Additional SVC


Small Business Server Premium (core installation)


Server Hyper Core V


Starter E


Home Basic E


Home Premium E


Professional E


Enterprise E


Ultimate E


Server Enterprise (evaluation installation)


Windows MultiPoint Server Standard (full installation)


Windows MultiPoint Server Premium (full installation)


Server Standard (evaluation installation)


Server Datacenter (evaluation installation)


Enterprise N (evaluation installation)


Storage Server Workgroup (evaluation installation)


Storage Server Standard (evaluation installation)


Windows 8 N


Windows 8 China


Windows 8 Single Language


Windows 8


Professional with Media Center


What the letters mean at the end of Windows products:

Source link

Windows 7 N:

Meant for European market, and includes the same functionality as Windows 7, except that it does not include Windows Media Player and related technologies such as Windows Movie Maker.

Windows 7 K:

Meant for Korean market, and includes the same functionality as ordinary Windows 7, except that it includes links to a Media Player Center Web site and a Messenger Center Web site.

Windows 7 KN:

Meant for Korean market, and includes the same functionality as Windows 7 K, except that it does not include Windows Media Player and related technologies such as Windows Movie Maker, links to download Windows Live Messenger, or links to a Media Player Center Web Site and a Messenger Center Web site.

Windows 7 E:

Meant for European Commission countries, including UK, and includes the same functionality as ordinary standard flavor of Windows 7, except that it does not include Internet Explorer 8 (IE8)


Posted in Direct Access, Windows 2012, WindowsServer | Tagged: , , | 6 Comments »

RDP failed after Windows 2008 R2 SP1 and OS Hotfix Installation

Posted by Brajesh Panda on April 10, 2012

Recently I have upgraded one of our servers with Windows 2008 R2 SP1 & other patches. And observed I can’t connect to this server using RDP. As it is a Hyper-v virtual machine, logged in to the server using hyper-v console & found RDP service is failing in this virtual machine.

Googled & found it is related to KB2667402. I have other servers with this hotfix & they are working fine. In that discussion thread I read somebody saying if you install this patch before SP1 it is causing this issue! I am not sure!!

Posted in WindowsServer | 5 Comments »

Windows failed to start. Error 0xc000000e. The boot selection failed because a required device is inaccessible

Posted by Brajesh Panda on October 19, 2011

Here is how the Windows screen looks in a failed environment.

Here is how boot manager & loaders looks in a good machine

Reboot the corrupted machine using respective OS media & select Repair Option & then open command prompt. From command prompt run bcdedit. Here it is how the corrupted things look like. It might have lost all the partition information’s.

To fix this let run “STARTREP.EXE” from X:\sources\recovery
directory. After this reboot the server. It will fix boot loader stuff & computer will come up correctly.

Here is another promising command “bootrec.exe”.

Posted in WindowsServer | Tagged: | 17 Comments »

Application Crash due to “Data Execution Prevention” – COM Surrogate

Posted by Brajesh Panda on October 18, 2011

Today one of the application administrator complained me that below error popped-up in the server & application crashed.

After doing little bit research found there is a setting called Data Execution Prevention (well I never used this thing). Switched it to the 1st Option that is “Turn on DEP for essential Windows Programs and services only” and application started working

Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP, Windows 2003, DEP is enforced by hardware and by software.

The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows.

Here is a nice MSDN article about DEP

Data Execution Prevention (DEP) is a system-level memory protection feature that is built into the operating system starting with Windows XP and Windows Server 2003. DEP enables the system to mark one or more pages of memory as non-executable. Marking memory regions as non-executable means that code cannot be run from that region of memory, which makes it harder for the exploitation of buffer overruns.

DEP prevents code from being run from data pages such as the default heap, stacks, and memory pools. If an application attempts to run code from a data page that is protected, a memory access violation exception occurs, and if the exception is not handled, the calling process is terminated.

DEP is not intended to be a comprehensive defense against all exploits; it is intended to be another tool that you can use to secure your application.

How Data Execution Prevention Works

If an application attempts to run code from a protected page, the application receives an exception with the status codeSTATUS_ACCESS_VIOLATION. If your application must run code from a memory page, it must allocate and set the proper virtual memory protection attributes. The allocated memory must be marked PAGE_EXECUTE, PAGE_EXECUTE_READ, PAGE_EXECUTE_READWRITE, orPAGE_EXECUTE_WRITECOPY when allocating memory. Heap allocations made by calling the malloc and HeapAlloc functions are non-executable.

Applications cannot run code from the default process heap or the stack.

DEP is configured at system boot according to the no-execute page protection policy setting in the boot configuration data. An application can get the current policy setting by calling the GetSystemDEPPolicy function. Depending on the policy setting, an application can change the DEP setting for the current process by calling the SetProcessDEPPolicy function.

Programming Considerations

An application can use the VirtualAlloc function to allocate executable memory with the appropriate memory protection options. It is suggested that an application set, at a minimum, the PAGE_EXECUTE memory protection option. After the executable code is generated, it is recommended that the application set memory protections to disallow write access to the allocated memory. Applications can disallow write access to allocated memory by using the VirtualProtect function. Disallowing write access ensures maximum protection for executable regions of process address space. You should attempt to create applications that use the smallest executable address space possible, which minimizes the amount of memory that is exposed to memory exploitation.

You should also attempt to control the layout of your application’s virtual memory and create executable regions. These executable regions should be located in a lower memory space than non-executable regions. By locating executable regions below non-executable regions, you can help prevent a buffer overflow from overflowing into the executable area of memory.

Application Compatibility

Some application functionality is incompatible with DEP. Applications that perform dynamic code generation (such as Just-In-Time code generation) and do not explicitly mark generated code with execute permission may have compatibility issues on computers that are using DEP. Applications written to the Active Template Library (ATL) version 7.1 and earlier can attempt to execute code on pages marked as non-executable, which triggers an NX fault and terminates the application; for more information, see SetProcessDEPPolicy. Most applications that perform actions incompatible with DEP must be updated to function properly.

A small number of executable files and libraries may contain executable code in the data section of an image file. In some cases, applications may place small segments of code (commonly referred to as thunks) in the data sections. However, DEP marks sections of the image file that is loaded in memory as non-executable unless the section has the executable attribute applied.

Therefore, executable code in data sections should be migrated to a code section, or the data section that contains the executable code should be explicitly marked as executable. The executable attribute, IMAGE_SCN_MEM_EXECUTE, should be added to the Characteristics field of the corresponding section header for sections that contain executable code. For more information about adding attributes to a section, see the documentation included with your linker.

Posted in WindowsServer | 1 Comment »

Addtional DHCP Options in Windows 2003 – 150 Option for Cisco VOIP Phones

Posted by Brajesh Panda on November 16, 2010

Define Other DHCP Scope Options in Windows 2003 DHCP server.

Example: Configure TFTP Server for Cisco Phones

In Windows 2003 Server right-click the server node on the DHCP MMC and choose Set Predefined Options 2.

In Windows 2008 (R2) server right click the IPv4 icon and choose Set Predefined Options 2

When the Predefined Options and Values window comes up, click Add;

3. When the Options Type window comes up, type a name for the option such as “TFTP Server for Cisco IP Phones”. 4. On the Data Type drop-down menu, select IP Address.
5. On the Code text field, enter 150.
6. On the Description text field, type a description for the scope, such as “Used by Cisco IP Phones”. 7. Check the box next to Array
8. Click OK twice.

Posted in CISCO VOIP, WindowsServer | Tagged: | 3 Comments »

Hyper-V: How to Find the Host of a VM

Posted by Brajesh Panda on October 15, 2010

Look for


$[HKLM\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters]

Posted in MsHyper-V, WindowsServer | Tagged: | 2 Comments »

Turn off User Account Control in Windows 2008 (R2)

Posted by Brajesh Panda on June 2, 2010

In Windows 2008

1. Click Start, and then click Control Panel.

2. In Control Panel, click User Accounts.

3. In the User Accounts window, click User Accounts.

4. In the User Accounts tasks window, click Turn User Account Control on or off.

5. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.

6. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK.

7. Click Restart Now to apply the change right away, or click Restart Later and close the User Accounts tasks window.

Here is the Microsoft Office Article:

In Windows 2008 R2 or Windows 7

Using Registry:  Click here

Using GUI:  Follow below steps or in windows explorer bar just type “Control Panel\User Accounts\User Accounts” & press enter – it will take you there. Even in Windows 7 old Vista command works “UserAccountControlSettings.exe

Posted in WindowsServer | 24 Comments »

Windows 2008 Active Directory Backup & Restore

Posted by Brajesh Panda on May 8, 2010

Mr. Gil Kirkpatrick got a nice article about Windows 2008 AD backup & restore 😉

Posted in WindowsServer | 1 Comment »

Fine tune Windows 2008 (R2) Networking Config

Posted by Brajesh Panda on March 11, 2010

In a vanilla installation of Windows 2008 (R2) you will able to see lots of configuration like ISATAP adapters, Topology Discovery stuff… Personally I don’t like them ;-). Specially if your organisation is not going to migrate the internal network to IPv6. Microsoft ISATAP  stands for inter site automatic tunneling address protocol. And ISATAP adapter helps to encapsulate IPv6 packets inside IPv4 header. This helps in IPv4 to v6 transition easily. Either you can use below command line to disable ISATAP or you may like to disable IPv6 completely using registry key, which will disable all related stuff in your machine.

Here are some steps to clean them up…

Disable Tunnel adapter isatap virtual adapters

Use “netsh int isa set state disabled” command to disable ISATAP adapters

After you run this command check with ipconfig command

Disable Link-Layer Topology*

Link-layer topology discovery Mapper I\O Driver

Link-layer topology discovery Responder


– Link-layer topology discovery Mapper I\O Driver: Show network map showing all devices which are using this protocol. To me it is like Cisco Discovery Protocol

– Link-layer topology discovery Responder:- While above driver shows all devices, responder pulls out device informations in detail

Disable All IpV6 components using Registry (

Under [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters] create new Hexadecimal DWORD key as “DisabledComponents”=dword:ffffffff

Posted in WindowsServer | Tagged: , , , | 8 Comments »

Windows Remote Desktop Services (RDS) Architecture

Posted by Brajesh Panda on February 26, 2010

As per my understanding to run this exercise you need Windows RDS CALs. Windows RDS CALs includes Terminal Services (TS) CAL, VDI CAL & App-V for TS CAL

For Client Virtual Machines you need CALs under Microsoft VECD Program.

You can purchase licenses in below methods;

– Windows 2008 R2 + RDS CAL

– Windows 2008 R2 + RDS CAL + Specific Management Software like SCCM, SCOM, SCVMM

– Windows 2008 R2 Remote Desktop Services Standard Suite

– Windows 2008 R2 Remote Desktop Services Enterprise Suite

Due to integrated Terminal Services this offering looks me pretty interesting. Would like to see how it works? Specially the performance of RDP 6.1/7 over WAN

If you have already started doing POC please post me with your findings!!


Posted in Microsoft VDI, Virtual Desktop Solution, WindowsServer | Tagged: , , | 3 Comments »

Change Product Key on Windows 2008 R2 Server

Posted by Brajesh Panda on February 22, 2010

Save below contents in a batch file. Open command prompt as Administrator & execute the same.

‘Remove All KMS keys

C:\>slmgr.vbs -ckms

‘Remove All Installed keys

C:\>slmgr.vbs -upk

‘Install New Serial Key

C:\>slmgr.vbs -ipk <serial key>

‘Activate new serial key

C:\>slmgr.vbs -ato

Posted in WindowsServer | Tagged: | 11 Comments »

How to Extend a System Disk in Windows 2008 R2 Server?

Posted by Brajesh Panda on January 13, 2010

Do you remember cumbersome process in Windows 2003 to extend your partitions using “Diskpart” especially C: Drives i.e. System Partitions??

Windows 2008 R2 has a fantastic solution around that. You can use Disk Management console and do that. Let’s do a small lab around this.

I am using a virtual machine, where I have C: is 20GB and D:10GB & have unallocated space around 100GB.

I have right click on system volume i.e. C:, found Extend Volume has been grayed out but when I right click on D: I can see it is active. What the heck is this?

Ah! Now I understood I can only extend my partition if there is some adjacent free unallocated space.

I don’t have any data on D:, so I can delete that and create some space for my testing.

D: partition has been deleted, now I can see Extend option for my system partition.

Let me provide another 5000GB in extend wizard. Wow now it is 24 GB! Just wondering why can’t we extend our partition to a unallocated place located in a different physical location in the same HDD at least? Can anybody buzz me a link around that?

In past I have tried one Linux based tool for disk re-alignment called “GParted”. If I am not wrong that is one of my best bootable media to extend partitions when Windows 2008 R2 was not there & for non-windows machines. If you like to try that, you can download from the community portal

Hope you like this!

Posted in Storage, WindowsServer | Tagged: , | 2 Comments »

Step by Step Guide to Windows 2008 R2 Installation

Posted by Brajesh Panda on December 31, 2009

Let me take you through a basic installation guide for Windows 2008 R2. For this documentation I have used a full blown Windows 2008 R2 Hyper-V box. In this Hyper-V box I have some other couple of test machines. Now I have created a Hyper-V Virtual Machine with 2GB of RAM & 127GB Expandable Virtual IDE Hard Drive.

If you are thinking to install Windows 2008 R2 Server on a physical machine like Dell, HP & IBM you can ignore Hyper-V stuff. However you may have to use OEM Server Build DVD to boot up your server to kick off the installation. OEM DVD software usually asks you to insert the OS DVD at the right time.

Okay… Let’s start our virtual machine. I am booting up my virtual machine from a Windows 2008 R2 ISO file. Here is the VM Booting Screen!

Read the rest of this entry »

Posted in WindowsServer | Tagged: , , | 2 Comments »

%d bloggers like this: