Archive for Windows Server

Pesquisar e Desabilitar contas de Computador Inativas

Find all computers on the current domain with a name that starts with “wks” :

C:\> dsquery computer -name wks* -desc desktop*

Find all computers in the Aberdeen OU:

C:\> dsquery computer ou=Aberdeen,ou=Workstations,dc=ss64,dc=com

Echo all inactive computer accounts (more than 4 weeks inactive):

C:\> dsquery computer -inactive 4

Disable all inactive computer accounts (more than 4 weeks inactive):

C:\> dsquery computer -inactive 4 | dsmod computer -disabled yes


Remote Desktop over SSL

Installing a RDP SSL Certificate

1. On your Microsoft certificate authority server open the Certificate Templates console.

2. Duplicate the Computer template and use the Windows Server 2003 Enterprise format (Server 2008 v3 templates will NOT work).

3. Change the template display name to RemoteDesktopComputer (no spaces). Verify the Template Name is exactly the same (no spaces). You can use a different name if you want, but both fields must match exactly.

4. Now we need to create an application policy to limit the usage to RDS authentication, then remove the other application uses for the certificate. On the extensions tab click on Application Policies then click on Edit.

5. Click on Add, then click on New.  Set the value of Name to Remote Desktop Authentication. Change the object identifier to

6. From the Application Policies list, select Remote Desktop Authentication.
7. Back on the certificate template properties, remove all other entries. Only Remote Desktop Authentication should be present.
8. If you wish, you can modify the validity period of the certificate, making it say two years instead of the default of one.
9. You probably want to secure your domain controllers as well, so for that we need to modify the security setting on the template. Open the Security tab and add the group Domain Controllersand give the group Read and Enroll (not Autoenroll).
10. Open the MMC snap-in for managing your Certificate Authority and locate the Certificate Templates node. Right click, select New, then Certificate Template to Issue. Choose theRemoteDesktopComputer template.
11. Next up is configuring the GPO to utilize the new template. You can modify any GPO you wish, or create a new one. Obviously the scope of the GPO should cover any servers that you want to secure with TLS. This could be a server baseline GPO, domain GPO, or whatever you want.
12. In the GPO editor locate the node Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session HostSecurity. Modify the Server Authentication Certificate Template setting. Enable the policy and enter the certificate template name that exactly matches what you created in your CA.

13. In the same GPO node, configure the Require use of specific security layer for remote (RDP) connections to use SSL (TLS 1.0).

14. Wait for the GPO to replicate, then refresh the GPO on a test server. Wait a minute, then open the Certificates MMC snap-in for the computer account. Look in the PersonalCertificates store for a certificate that has the Intended Purposes of Remote Desktop Authentication. If it’s not there, wait a minute, and refresh. If it never appears, something is wrong. Look at the gpresult to make sure your GPO is being applied to the server.

15. Once the certificate appears, double click on the certificate to open it. On the Details tab look at the first few characters of the thumbprint value and remember them.

16. To make sure the RDP service is aware of the new certificate, I restart the Remote Desktop Services service.

17. Open an elevated PowerShell prompt and run this command:

Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -Filter “TerminalName=’RDP-tcp’”

Validate that the Security Layer value is 2 and that the thumbprint matches the certificate. If both of those settings are correct, then you are good to go!

As a quick test I attempted to connect to this server from a non-domain joined computer that did not have the root certificate for my CA. I configured the RDP client to warn on any security issues. As expected, the client threw errors about the CRL not being available, and that it didn’t trust the chain. I also viewed the certificate and verified it was the correct one.

It seems Windows 8 has much more stringent certificate checking than Windows 7. The screenshots below are from Windows 7, in case you didn’t recognize the chrome. When using a Windows 7 non-domain joined computer to access the same TLS protected server, I got NO certificate warnings. That was even with the RDP 8 add-on hotfix. I’m glad to see Win8 does thorough certificate validation.

Connecting to the same server from a domain-joined computer that trusted the root CA resulted in no security warnings and a successful connection. If you look at a Wireshark capture you can also validate that CRL information is being exchanged between the computers, which means TLS is being used.


Desabilitar Contas de Computador Antigas

Dsquery is a command-line tool that is built into Windows Server 2008. 
It is available if you have the Active Directory Domain Services (AD DS) server role installed. 
To use dsquery, you must run the dsquery command from an elevated command prompt. 
To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

To find inactive computer accounts (number is inactivity in weeks):
dsquery computer -inactive 2

To find computers with stale passwords (number is stale in days)
dsquery computer -stalepwd 45

There is also a combination to disable / delete the accounts:
combined with dsmod/dsrm

dsquery computer -inactive 4 | dsmod computer -disabled yes
dsquery computer -stalepwd 45 | dsrm computer

You can get additional info on both of these tools with dsquery computer /? ,dsmod computer /?, and dsrm computer /?


.adm Desativar Horário Verão

CATEGORY !!category
CATEGORY !!categoryname
POLICY !!policyhorarioverao
KEYNAME “System\CurrentControlSet\Control\TimeZoneInformation”
EXPLAIN !!explaintextdst
VALUENAME “DisableAutoDaylightTimeSet”

category=”Custom Policy Settings”
categoryname=”Horário de Verão”
policyhorarioverao=”Disable DST”
explaintextdst=”Disable Automatically adjust clock for daylight saving changes”
labeltextdst=”Disable DST”

Fonte :

Parametros de SNR e Atenuação de ADSL

SNR Margin – Relação Sinal ruído:

– 5db ou menos = ruim, impossível sincronia, quedas freqüentes
– 8db-13db = regular – sem problemas com sincronia do modem
– 14db-22db = muito bom
– 23db-28db = excelente
– 29db-35db = raro


– 0 – 19dB = excelente,cabeamento excelente, bem próximo ao DSLAN
– 20-30dB = Muito bom
– 30-40dB = bom
– 40-60dB = regular
– 60-65dB = pobre
– 65dB ou superior terão problemas

Créditos :

Limpeza da Pasta WINSXS

The winsxs folder in c:\windows can be really big, the only way to cleanup is using the microsoft command line tools :

Windows Server 2003 : VSP1CLEAN.exe
Windows Server 2008 : COMPCLN.exe
Windows 7 and Server 2008 R2 : DISM.exe

I will explain the last one here.  Start your command prompt As Administrator.

Usage: dism /online /cleanup-image /spsuperseded

After running this command it won’t be possible to uninstall any service packs!

Before :


So almost 3Gb on my Windows 7 Sp1 machine is released.

You can also run these commands :

Takeown /f %windir%\winsxs\ManifestCache\*
Icacls %windir%\winsxs\ManifestCache\* /GRANT administrators:F
Del /q %windir%\winsxs\ManifestCache\*

In my case this cleanup another 500Mb

Créditos :

.ADM para Ocultar menu Ferramentas Administrativas

Crie um arquivo .adm com o bloco de notas e cole esse codigo dentro!
Após isso caregue na edição da GPO.

CATEGORY “Ferramentas Administrativas”
POLICY “Retirar Ferramentas Administrativas do Menu Iniciar”
KEYNAME Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
VALUENAME “Start_AdminToolsRoot”

ADM_Configure=”Qual configuração você deseja?”

; explains
ADMhelp=”Remove o item Ferramentas Administrativas do Menu Iniciar!”

Créditos :

Script Power Shell :

Neste caso, você pode também (veja qual solução é a mais simples para teu uso) usar este script abaixo;

set oShell = CreateObject(“WScript.Shell”)
oShell.RegWrite “HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_AdminToolsRoot”, “0”, “REG_DWORD”


Blocos IP BlackBerry Service Mail

Script em VB para apagar logs Event Viewer


If WScript.Arguments.Count > 1 Then
WScript.Echo “Usage: cscript “”Clear Event Logs.vbs”” [computer name]”
End If

Dim strComputer ‘ As String

If WScript.Arguments.Count > 0 Then
strComputer= WScript.Arguments(0)
strComputer= “localhost”
End If

ClearEventLogs strComputer

WScript.Echo “Done”

Private Sub ClearEventLogs( _

WScript.Echo “Clearing event logs on ” & strComputer & “…”

Set objWMIService = GetObject( _
“winmgmts:” & “{impersonationLevel=impersonate,(Backup)}!\\” _
& strComputer & “\root\cimv2”)

Set colLogFiles = objWMIService.ExecQuery( _
“Select * from Win32_NTEventLogFile”)

For Each objLogfile in colLogFiles
ClearEventLog strComputer, objLogfile.LogfileName
End Sub

Private Sub ClearEventLog( _
strComputer, _

WScript.Echo “Clearing ‘” & strEventLogName & “‘ event log on ” _
& strComputer & “…”

Set objWMIService = GetObject( _
“winmgmts:” & “{impersonationLevel=impersonate,(Backup)}!\\” _
& strComputer & “\root\cimv2”)

Set colLogFiles = objWMIService.ExecQuery( _
“Select * from Win32_NTEventLogFile where LogFileName='” _
& strEventLogName & “‘”)

For Each objLogfile in colLogFiles
Dim backupFilename
backupFilename= “C:\” & strEventLogName & “_” & GetFormattedTimestamp() _
& “.evt”

errBackupLog = objLogFile.BackupEventLog(backupFilename)
If errBackupLog <> 0 Then
WScript.Echo “The ” & strEventLogName & ” event log on ” _
& strComputer & ” could not be backed up.”
End If
End Sub

Private Function GetFormattedTimestamp()
Dim timestamp
timestamp = Now

GetFormattedTimestamp = Year(timestamp) _
& LPad(Month(timestamp), 2, “0”) _
& LPad(Day(timestamp), 2, “0”) _
& “_” & Replace(FormatDateTime(timestamp, 4), “:”, “”)

End Function

Private Function LPad( _
strValue, _
nLength, _

Dim strPaddedValue

strPaddedValue = strValue

While (Len(strPaddedValue) < nLength)
strPaddedValue = strPadCharacter & strPaddedValue

LPad = strPaddedValue
End Function
Link Download : clean-event-viewer.txt

Descobrir Usuário Logado na Máquina Através do Nome da Máquina

Vamos mostrar uma prática comum no dia a dia. Precisamos verificar se um endereço de IP está sendo usado no momento, para isso executamos o PING no endereço. Exemplo, vamos pingar o endereço IP

Já que respondeu vamos descobrir agora qual o nome DNS desse computador no domínio executando nslookup.

Agora vamos mais a fundo, quem será que está logado nessa estação de trabalho? Para isso vamos utilizar o PSLOGGEDON.

Você vai ter que executar o download da ferramenta, que é bem leve (1.60MB), para isso visite:

Depois é só executa-la uma vez e acessar o cmd para trabalhar com o comando. Estou usando o powershell por costume, mas pode ser o prompt de comando, que alguns chamam de DOS. :)

Baseado no número do computador que queremos descobrir o usuário logado digitamos:

Psloggedon nome_computador -l -x

Vejamos o help do aplicativo para entender melhor.

O que fizemos foi buscar quem está logado localmente sem mostrar a opção logon times (que pode trazer informações desnecessárias).

Esse é o método mais prático, mas se você precisa buscar pelo nome de usuário também é possivel digitando:

Psloggedon nome_usuario -l -x

Note que você tem que ter permissão nas máquinas do domínio para executar essa operação, algumas ele pode não abrir, mas veja que ele conseguiu descobrir a máquina “TIAGO”.

Se você não usar a opção “–l” ele busca logins remotos também.

Crédito :