IT-Windows Server & TS

Top 10 things you don’t know about Windows Server 2008 R2

Posted on Updated on

Let’s take a brief look at 10 of them you might not have heard much about:

  1. Out of the box, Windows Server 2008 R2 uses less power on the same hardware than Windows Server 2003 and Windows Server 2008 – with no additional configuration. This isn’t a gimmick, but a proven 10% to 15% reduction on identical boxes, just with a different operating system.
  2. Internet Information Services (IIS) 7.5, included with Windows Server 2008 R2, supports .NET on Server Core installations. The big shortcoming in the original Server 2008 edition was the lack of support for running managed code on Server Core-based Web servers. This is now resolved.
  3. Microsoft’s new BranchCache feature can speed up perceived access to files for users at branch offices while allowing you to save on data line and bandwidth costs. In this environment, your users might be clamoring for increased speeds on your data lines that you can’t afford. Caching in their branch will help increase productivity and remove user frustrations without bailing out a telco.
  4. The Remote Desktop Protocol (RDP) has been enhanced in Windows Server 2008 R2 and Windows 7, allowing for far smoother media playback, multi-monitor support and more. It makes remoting into virtual machines a lot more palatable as the experience is barely distinguishable from using a real machine at your current location.
  5. The Agile VPN feature in Windows Server 2008 R2 allows a virtual private network connection to generate multiple paths between discrete points in the VPN tunnel. If a problem occurs, the Agile VPN feature uses other network paths to maintain the tunnel without interruption.
  6. You can use BitLocker on removable drives to eliminate easy information leakage. This isn’t just a Windows 7/Windows Server 2008 R2 feature either. If you protect a removable drive with BitLocker, the BitLocker to Go reader is also copied to the drive. This provides backward compatibility so that machines running Windows XP Service Pack 2 and higher can read the encrypted contents if the user enters the correct password.
  7. Offline Files, a feature that helps mobile users maintain access to their network share files when disconnected, is now enabled on slow network connections. This reduces network traffic while not degrading the user experience too much.
  8. IIS 7.5 now has a Best Practices Analyzer (BPA). Microsoft Exchange Server, Windows Small Business Serve, and other server products have had these BPAs for a while now. The BPA itself scans your environment and compares a number of different elements against known best-practice states, delivering the results in a very consumable format—an instant quick-check for your configuration.
  9. Windows Server 2008 R2 also contains enhancements to PowerShell. Windows PowerShell 2.0, includes more than 240 new pre-built cmdlets along with a new graphical user interface with colored syntaxing, new production script debugging capabilities, and testing tools.
  10. You don’t need new client access licenses, or CALs, specifically for Windows Server 2008 R2.  — Windows Server 2008 CALs are still valid.



Change Volume ID of Hard Disk

Posted on Updated on


Untuk apa? Mungkin hal tersebut yang pertama kita pikirkan. Pada saat saya melakukan converting dari Physical ke Virtual (VMware Implementation) kemudian completed dan melakukan testing application kemudian tampil error yang mengatakan Serial Number Invalid. Ternyata application tersebut membaca Volume ID sebagai acuan untuk Serial Number. Dan ketika kita melakukan converting, maka VMware akan generate Volume ID baru yang berbeda dengan Volume ID Physical Server.

Dengan mengganti Volume ID di Virtual Machine maka application tersebut berjalan normal.

Microsoft menyediakan tools untuk hal ini, berikut link-nya:


Volumeid c: xxxx-xxxx


Kemudian restart server/virtual machine.

Windows 2003 TS and TrendMicro OfficeScan 8.5

Posted on

On a Windows Server 2003 Terminal server, if TrendMicro OfficeScan is installed, the following symptoms occur:

1. When users try to log onto the Windows 2003 Terminal Services, the system slows down or becomes unresponsive. Sometimes it hangs or times out. The logon or logoff can take an unexpected long time.

2. However, on the server, if we stop the Trend Micro Service, the system goes back to normal.  


Trend Micro has released a patch Scan Engine 8.510-1003, which resolves the issue.For more information, you may cilck the link below from TrendMicro Web site.

Enable the clock in the Taskbar for all remote sessions

Posted on Updated on

The Terminal Server Client (whether 16-bit or 32-bit) does not show the clock by default. The clock is turned off because screen updates occur every minute, resulting in network traffic.

If the clock is enabled on the Client, the Terminal Server computer will push a total frame of 113 bytes to the client. The client will acknowledge with a total frame of 60 bytes. Administrators wanting to enable the Taskbar clock function should factor an additional bandwidth usage of 173 bytes (1384 bits) for each minute for each client.

There’s a GPO setting:

User configuration – Administrative templates – Start Menu and Taskbar

“Remove Clock from the system notification area”

But disabling this setting will not force the clock to display in the system tray, it will only allow users to enable the clock if they have access to the system tray on the Terminal Server. And in most situations, they haven’t. To force the display of the clock in the taskbar, you will need to modify a setting in the registry.

Start regedit and go to


You’ll see a “Settings” value, which contains something like this:

28 00 00 00 ff ff ff ff 02 00 00 00 03 00 00 00 6d 00 00 00 20 00 00 00 00 00 00 00 e0 03 00 00 00 05 00 00 00 04 00 00

The nineth pair of digits determines the Taskbar properties. Possible values are:
Always on top= 0x02  
Auto hide= 0x01
Show small icons in Start menu= 0x04
Hide clock= 0x08 

Combine the properties you want and set the byte. For example:
Always on top + Show small icons + Show clock = 06  
Always on top + Show small icons + Hide clock = 0e 

Note that the changes do not take effect immediately, you have to restart Explorer, or logoff and logon again to see the changes. 

If you want to set this for all users, you’ll have to export the registry key into a .reg file and import it into the user profile in a logon script. Start the logon script in your GPO to make sure that it runs (and imports the registry file) before Explorer is started.

Server Configuration with Global Policies (GPO’s)

Posted on Updated on

When configuring a Citrix/Terminal Server, Group Policies should be your first choice (I always use GPO’s for all customers), rather than using the Terminal Services Configuration tool. The main advantage is that the settings will be applied to all servers in your farm/forest. 

How to use GPO to configure a Terminal Server/Citrix:

  1. Create the Terminal Server in a separate OU (Machine Account not a users)
  2. Create a TS-specific GPO
  3. Configure the GPO to use “loopback processing” with the “Replace” option (see KB231287)
  4. Apply GPO to the OU which contains the Terminal Server machine account
  5. Add the Terminal Server machine account to the security list of the GPO
  6. Add a User group to the security list of the GPO (or keep the default entry for “Authenticated Users” if you want the settings in the GPO to apply to all users)
  7. Modify the rights for Administrators on the GPO: select “Deny” for the right to “Apply this policy” (see KB816100)

White papers: For Windows Server 2008 / Vista

  1. Download the Managing Group Policy ADMX Files Step-by-Step Guide
  2. 929841 – How to create a Central Store for Group Policy Administrative Templates in Window Vista
  3. Download the ADMX Migrator – utility to convert your existing Group Policy ADM Templates to the new ADMX format
  4. Download the Group Policy Settings Reference for Windows Server 2008 Beta 3

Windows Server 2003 / 2000 / XP

  1. Step-by-Step Guide for Configuring Group Policy for Terminal Services
  2. Download the Windows Server 2003 Group Policy Infrastructure White Paper
  3. Download the Group Policy Management Console – 2003
  4. Download the Group Policy ADM Files for each OS / SP combination of W2K, XP and 2003
  5. 260370 – How to Apply Group Policy Objects to Terminal Services Servers
  6. 231287 – Loopback Processing of Group Policy
  7. 816100 – How To Prevent Domain Group Policies from Applying to Administrator Accounts and Selected Users in Windows Server 2003
  8. 250842 – Troubleshooting Group Policy Application Problems
  9. 940122 – How to use the Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA) tool to collect and to analyze data

Windows 2008 TS: Web Access

Posted on Updated on

Seperti yang telah saya tulis sebelumnya ( bahwa salah satu features Windows 2008 TS adalah Web Access. 

Di Windows 2003, features ini disebut Remote Desktop Web Connection. Cara kerja Web Access di Windows 2008 bisa dikatakan adalah kombinasi dari TS Web Access dan TS RemoteApp. 

Intinya adalah kita dapat menjalankan semua aplikasi yang berjalan di Windows 2008 dari Web Browser. Contohnya jika kita ingin menjalankan Excel 2007 melalui Web Browser adalah: Tinggal klik di Web Link dan automatis langsung menjalankan Excel 2007, seakan-akan kita menjalankan aplikasi Excel 2007 tersebut di local PC.  

Di Vista, kita tidak perlu lagi mendownload RDP ActiveX Control karena RDC 6 Client sudah support TS Web Access. Di XP, kita harus install RDP 6 Client terlebih dahulu. 

Lalu bagaimana kita membuat TS Web Access?
Tahap Pertama:

  1.  Install TS Web Access Role Services. Ini merupakan sub-komponent dari TS Role. Pastikan IIS sudah terinstall terlebih dahulu.
  2.  Tambahkan computer account dari TS Web Access Server ke dalam TS Web Access Computer Security Group di Terminal Server. Jika anda mengunakan single Terminal Server, maka selesai sudah. Jangan lupa, anda harus melakukan refreshing “Distribution with TS Web Access”  Jika anda mempunya multiple Terminal Servers, jangan lupa untuk publish RemoteApp informasi ke Active Directory untuk digunakan oleh multiple TS Web Access Servers. 

Tahap Kedua:

  1.  Associate file name extension ke RemoteApp.
  2. Create and install via MSI File3.     Create and deploy RDP Files4.     Publish ke Web melalui TS Web Access. 

Setelah semuanya selesai, user dapat mengakses web access melalui http://{servername}/ts/Default.aspx. Applikasi anda siap untuk beraksi.

Reset Domain Admin Password under Windows 2003 Server

Posted on

Requirements (These are compulsory!)

1.        Local access to the Domain Controller (DC).

2.        The Local Administrator password.

3.        Two tools provided by Microsoft in their Resource Kit: SRVANY and INSTSRV. Download them from

The Local Administrator account is also called Directory Restore Administrator or Machine Account. The password is set at Windows installation. It is possible to reset this password using some (free) recovery tools.

Step 1 

Restart Windows 2003 in Directory Restory Service Mode.

Note: At startup, press F8 and choose Directory Restore Service Mode. It disables Active Directory.

When the login screen appears, log on as Local Administrator. You now have full access to the computer resources, but you cannot make any changes to Active Directory.

 Step 2 

You are now going to install SRVANY. This utility can virtually run any programs as an NT Service. The interesting point is that the program will have SYSTEM privileges (as it inherits SRVANY security descriptor), i.e. it will have full access on the system. That is more than enough to reset a Domain Admin password. You will configure SRVANY to start the command prompt (which will run the ‘net user’ command).

Copy SRVANY and INSTSRV to a temporary folder, mine is called d:\temp. Copy cmd.exe to this folder too (cmd.exe is the command prompt, usually located at %WINDIR%\System32).

Start a command prompt, point to d:\temp (or whatever you call it), and type:

instsrv PassRecovery “d:\temp\srvany.exe”

It is now time to configure SRVANY.

Start regedit, and open the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery.

Create a new subkey called Parameters and add two new values:

name: Application
type: REG_SZ (string)
value: d:\temp\cmd.exe  
name: AppParameters
type: REG_SZ (string)

value: /k net user administrator new_password

‘net user username password’ is the command line utility to set a new password.

Replace new_password with the password you want. Keep in my mind that some domain policies require complex passwords (including digits, respecting a minimal length etc.)

Now open the Services applet (Control Panel\Administrative Tools\Services) and open the PassRecovery property tab. Check the starting mode is set to Automatic.

Show the Log On tab and enable the option Allow service to interact with desktop.

From now on, anytime you restart Windows, SRVANY will run the netuser command and reset the domain admin password.

Step 3 

Restart Windows in normal mode and wait for the login screen. You will not see the command prompt running the net user command as it is displayed on another desktop. But no worries, the command is still executed in the background.

Log on as Administrator on your domain by using the password you set above. The system should grant you access. If not, go back to Step 2 and check you did not mistype any commands or values.

When the desktop is displayed, you should see a command prompt. This is the one started by SRVANY.

Use this command prompt to uninstall SRVANY (do not forget to do it!) by typing:


net stop PassRecovery (, then:)

sc delete PassRecovery

Now delete d:\temp and change the admin password if you fancy.