Selective Authentication – protected by authentication firewall

The computer you are signing into is protected by an authentication firewallThe specified account is not allowed to authenticate to the computer. 
1. Login to local domain controller where the resource (workstation) resides.  Open AD Users and computers – switch to Advanced Features view.
Find the workstation you are trying to login to – right click – properties – security tab. 
2. Under group or Usernames – click Add. 
3. Select Locations – select domain that contains the user account trying to login. 
4. Enter username – click OK – authenticate with account that has access. 
5. Select user – then in permissions for user select “allow” for allowed to authenticate.  Finished! 

How to make a password reset website for AD users Windows Server 2012r2

In the past, you could use the IISADMPWD to make a website for your Active Directory users to change passwords.  That functionally is no more with Server 2012 and higher.  At the time – we didn’t have the funds to buy a password reset solution for our department so I found another way.  Using remote desktop services – RD Web Access you can accomplish the same thing for free.  Below is my tutorial on how to do this.

Windows Server Active Directory users password change website:

DPM recover system drive disk space

How to recover space on your SCCM DPM 2012 server system C drive.

Open file explorer and browse to
C:\Program Files\Microsoft System Center 2012 R2\DPM\DPM\Temp
Here you might see many .errlog files.

You can safely delete these .errlog files but first you need to investigate the most recent ones and take the appropriate actions.  If you need to recover space immediately then copy the most recent few logs to an alternate location and then you delete all of them on the DPM server.

How to setup password reset website Server 2012

If you want to have a password reset website for your users but don’t want to purchase a 3rd party solution – you can still do this using Microsoft 2012 Server.

How to setup a password reset website using Server 2012 RD Web

Choose a server to install this role. For my environment, I chose to use the print server.

1. Install RD Web Access from the Remote Desktop Services. Remote desktop to your server (I’m installing this on my print server) and open Server Manager.  Add Roles and Features – Next – Remote Desktop Services installation – Next.

2. Choose Standard deployment – Next.
Choose Session-based desktop deployment – Next.
On Role Services – Choose Next.

3. On Specify RD Connection Broker server – select your server – add it and choose Next.

4. On Specify RD Web Access server – Place a checkmark in the Install the RD Web Access role service and click Next.

5. On Specify RD Session Host servers – select your server – add it and choose Next.

6. Confirm your selections – place check mark in Restart the server and click Deploy.

 

7. When the server finishes restarting – Launch Server Manager and wait for it to complete. Once it completes, you will see a pop up regarding licensing mode.

 

In my experience, as long as you do not install the RD Licensing then the RD password reset website that we are going to configure next will continue to work after the 119 days.

Setting up the website and related configurations for domain password reset

8. Launch Server Manager – Tools – IIS Manager
Expand Sites – Default Website – RDWeb – Pages – then in the middle pane – open Application Settings.

9. Double click PasswordChangeEnabled and switch the value to true and click OK.


10.
Now your Password reset website is enabled and you can test it by going to this address on your server: https://yourservername.domain.com/RDWeb/Pages/en-US/password.aspx

When someone needs to change their password I now send them this link and they can do it remotely.

 

Install Server 2016 Domain Controller

From Server Manager – click Manage – Add Roles and Features.
Click Next and Next on Select installation type for Role-based installation.
Select the server you want to install your first domain controller – click next.  Place a check in Active Directory Domain Services.
Click Add Features on the box that pops up for ADDS.

 

 

 

 

 

 

 

 

Click Next – Next on Features page.
Click Next on AD DS.
Review the settings on the Confirmation Page and place a check mark in the Restart automatically box and then click Install.

Wait for installation to complete and then click close.  Return to Server Manager and click the yellow triangle with the exclamation mark.

In Post-deployment Configuration – click Promote this server to a domain controller.

 

 

 

 

 

Make your choice in deployment operation, type your desired root domain (example.com) and click Next.

Domain Controller Options – choose your forest and domain functional level.  In this example, I am going with Windows Server 2016 because I don’t need to add any older DCs.  Specify domain controller capabilities – Select DNS and GC is already added if this is your first DC.  Choose and enter a DSRM password and click Next.

Additional Options – Leave default or change the NetBIOS name if necessary and click Next.

Verify and click Next on the Paths page.  Review your options and click Next.  Prerequisites Check – review the results and click Install.

Install 1st domain controller server 2012 R2

For the purpose of this tutorial we will be using Hyper-V but you can just as easily use VMware.  *Note* you should have basic familiarity with creating VM’s for this tutorial.

1. Create your new virtual machine using Hyper-V.

2. Once the new VM is installed, make all the necessary changes and updates for your environment:   Time zone, machine name (example dc01) run windows updates, etc.  Add Roles to VM to install Domain Controller.
3. From Server Manager – Go to Manage – Add Roles and Features.

4. Click next – next on role based – select your server and click next.
5. Select Active Directory Domain Services.

6. Click “Add Features” on the box that pops up.

7. Click next – click next on features page – click next on AD DS – click install on confirmation page.
8. Click Close after installation has succeeded.

9.  You will now notice a yellow triangle at the top right of the Server Manager

Click it to view the Post-deployment Configuration Options and click Promote this server to a domain controller.

10.  In deployment configuration – Choose Add a new forest if this is your first DC in a new domain and specify your root domain.


Click Next.

11.  Choose your Forest and Domain functional levels, Add DNS and choose your DSRM password.


Click Next.
12.  This is being done in a test environment so that’s why you see the DNS error.  Click next to continue.

13.  Verify or enter your NetBIOS domain name (in this example it was “steveshoemake”).  Click next.
14.  Verify your Paths for the AD DS database, log files, and SYSVOL – click next.
15.  Review your selections and then click next if they are correct for your environment.
16.  After the Prerequisite checks pass – click Install.  Wait for it to complete and reboot the server.
17.  Login to the new domain controller – open Active Directory Users and Computers and begin setting up your domain users etc.