Category: Windows Server 2022

  • How To Setup Remote Desktop Gateway on Windows Server

    How To Setup Remote Desktop Gateway on Windows Server

    This blog will help you to setup remote desktop gateway on Windows server. How to understand remote desktop gateway, provide an overview of security issues, and discuss how best to address common problems. Remote Desktop Gateway is a Remote Desktop Services role on Windows Server that is utilized to provide secure access to remote desktops and published Remote Apps from the Internet through an HTTPS gateway. A server with the RD Gateway role is an intermediary between external RDP clients and internal RD services. When using RDGW, users don’t need to install a VPN to connect to RDS in a corporate network. The Remote Desktop Connection client (mstsc.exe) is used to connect.

    Setup Remote Desktop Gateway in Server

    Install the Remote Desktop Role

    Connect to the host server using RDP with admin credentials.

    Remote desktop connection

    Open the Server Manager and select Add Roles and Features.

    Server manager

    Click Next.

    Add roles and features wizard

    Select “Role-based or feature-based installation” and click Next.

    Select installation type

    Choose a server from the server pool and click Next.

    Select a sever from the server pool

    Select Remote Desktop Services and click Next.

    Install remote desktop services roles

    In the Features role, click next.
    On the Remote Desktop Services, click next.
    In the Select roles service page, select Remote Desktop Gateway.

    Setup remote desktop gateway on Windows server

    Click Add Features when prompted. Click Next.

    Features are required for remote desktop gateway

    In Network Policy and Access Services, click Next.
    Network Policy and Access Services, click next.
    Web Server Role (IIS), click next.
    Role services, click next.
    In the Confirm installation selections, click Install and wait for the installation to complete.

    Install remote desktop gateway tool

    Installation successful.

    Remote desktop gateway installation progress

    You must now implement the Connection Authorization Policy.

    Create Connection Authorization Policy and Remote Authorization Policy

    Connection Authorization Policy (CAP): you can specify which groups can access resources behind the Remote Desktop Gateway. You can also use Active Directory Users or Active Directory Computer Objects groups.
    Resource Authorization Policy (RAP): This policy allows you to restrict server access based on group members. You will need to create Active Directory groups and add servers to these groups.

    Search Remote Desktop Gateway Manager and open it.

    Search Remote Desktop Gateway Manager

    Expand Policies and select Connection Authorization Policies.
    Right-click on it, select Create New Policy, and choose Wizard.

    Create new policy RD Gateway manager

    Select “Create an RD CAP and an RD RAP (recommended)” and click Next.

    Create authorization policies for RD gateway

    Create a Connection Authentication Policy

    Type a name (Policy-Allowed-for-RDGateway) for your Connection Authentication Policy and click Next.

    Create an RD CAP

    Click Add Group… To create one or more user groups associated with this RD CAP. Users who belong to these groups can access this RD Gateway server.
    The most effective approach is to create a separate user group in Active Directory to which you add users you want to enable using Remote Desktop Gateway. For this example, we created a group in Active Directory named RDGW.

    Click on add group.

    New authorization policies requirements

    Type group name (RDGW), click check names, and choose ok.

    Enter the object names to select

    Click Next.

    Configure remote desktop gateway

    In Device Redirection, you can determine if RD Gateway should transfer local resources, such as printers and ports, to the remote desktop machine for someone who accesses a computer remotely. You do not have to alter anything unless you specifically want to. Click Next.

    Enable or disable device redirection

    Check the box “Enable idle timeout” and “Enable session timeout” and then click next.

    RD gateway session timeout

    In RD CAP settings summary, click next.

    RD CAP settings summary

    Create a Resource Authorization Policy

    Type a name (Servers-Available-Via-RDGateway) for your Resource Authentication Policy and click next.

    Create a Resource Authentication policy

    Click Add Group… to add one or more user groups that will be allowed to access network resources. Users in these groups will be able to access servers on the network via the remote desktop.
    For this purpose, we selected the same RDGW group when constructing the Connection Authorization Policy. Click next

    Resource authorization policy user groups

    Click Browse and select a group that contains the servers you want the above user groups to access the desktop.

    Resource authentication policy network resource

    For this guide, we chose the built-in group called Domain Controllers. However, you can create one or more groups of servers, one for each department. This allows you to assign groups based on department users, enabling them to access only certain servers.

    Type domain controller, hit check name, and click ok.

    Enter the object name to select

    Select next.

    Select “Allow connections to these ports” and specify the port. Otherwise, select “Allow connections only to port 3389”. Click next

    Setup remote desktop gateway allowed ports

    In RD RAP settings summary, click Finish.

    RD RAP settings summary

    The new authorization policy wizard will create your CAP and RAP policies.
    Click close

    Confirm creation of authorization policies

    We have installed the Remote Desktop Gateway and created CAP and RAP policies. You now have to install an SSL certificate on RD Gateway.

    Install an SSL Certificate on RD Gateway

    The Remote Desktop Gateway requires a valid SSL certification. For this guide, we utilized a self-signed certificate. We strongly suggest you purchase an SSL certificate for your server (using a fully qualified domain name) from a commercial Certificate Authority (CA) or a wildcard SSL certificate for the domain.

    We already have your SSL certificate; you can follow these instructions to install the SSL certificate on Remote Desktop Gateway.
    In the Remote Desktop Gateway Manager, click the name of your gateway server and then click Properties.

    RD Gateway Manager

    Navigate to the SSL Certificate tab and select or import an existing certificate.

    install SSL certificate on Remote Desktop Gateway

    Select your pfx certificate file from the file system and type the password for the certificate when prompted.
    You have successfully installed the certificate on the default SSL port (TCP Port 443) so that you can import the certificate.

    How to Test Remote Desktop Gateway Connection

    The easiest way to test your Remote Desktop Gateway connection is to configure your Remote Desktop Client to access the Gateway server.
    If your host computer and Remote Desktop Gateway are ready, follow the steps.
    Launch the Remote Desktop Connection app (Start, type “remote desktop connection”), and launch Remote Desktop Connection.

    Search remote desktop connection

    Select the Advanced tab.
    Under the Connect from anywhere section, select Settings.

    Remote desktop connection advanced tab

    Select the RD Gateway server settings, enter your hostname or IP, and click OK.

    RD Gateway server settings

    Select the General tab and click Connect.

    Remote desktop connection

    Provide your Remote Desktop Gateway Server credentials, and after you have been authenticated onto the Gateway server, provide your credentials to be authenticated onto the Remote Desktop server.

  • How to Change Time Zone on Windows Server 2022

    How to Change Time Zone on Windows Server 2022

    This blog explains how to change time zone on Windows Server 2024. How can I set the time zone and configure NTP on a Windows Server? The time zone on the Windows device must be aligned with the geographical location of your computer. This guide provides instructions on configuring the time zone in Windows Server and desktop versions (Windows 10 or 11) using Control Panel, command prompt, PowerShell, or Group Policy.

    Change Time Zone on Windows Server 2022

    Change the Time Zone in Windows using the Control Panel

    Run the command ms-settings:dateandtime or search date & time settings or click the clock icon in the system tray and choose to Adjust date/time.

    Search date & time settings

    By default, Windows automatically synchronizes the time and selects the correct time zone for your computer (the Set time zone automatically option is enabled).
    To manually set a time zone, use this option and select a time zone from the drop-down list.

    Change time zone on Windows server

    You can utilize the classic “Date and Time” Control Panel applet to manage time zone on Windows. Run the command timedate.cpl
    If you received any error message, follow the instructions below for administrator permissions.

    Run command timedate.cpl

    Click on change time zone.

    Change date and time zone in Windows server

    Set the time zone according to your requirements and click ok.

    Time zone settings on Windows server

    Allow Change Time Zone permission via Group Policy

    In this case, ensure that your account has permission to alter the time zone settings in Windows.
    Open the local Group Policy editor (gpedit.msc).
    Navigate to:

    Computer Configuration\Windows Settings\Security Settings\Local Policiers\User Rights Assignment

    Open Change the time zone policy.

    Local group policy editor

    Verify administrators.

    Change the time zone policy

    After resetting your GPO settings, run the command prompt as an administrator and run the timedate.cpl command, and you can now alter your current time zone. You can change the time zone from the command prompt as a solution.

    Change Time Zone Using Command Prompt

    Search for Command Prompt, and click Run as administrator option.

    Search command prompt

    To confirm the current time zone, type the following command.

    tzutil /g

    Type the below command to note the time zone you want and hit Enter.

    tzutil /l
    Change time zone with command prompt

    Type the below command and press Enter to set.

    tzutil /s “Arab Standard Time”
    Change time zone command

    Enter the following command to verify if the time zone was updated successfully.

    tzutil /g

    Setup Time Zone using PowerShell

    Search for PowerShell, and Run as administrator.

    Search PowerShell

    To confirm the current time zone, type the following command.

    Get-TimeZone

    To get the time zone, type the following command.

    Get-TimeZone -ListAvailable
    Get-timezone PowerShell command

    Enter the following command to set the new time zone.

    Set-TimeZone -Name “Arab Standard Time”

    To verify the time zone was updated successfully, type the following command.

    Get-TimeZone
    Change time zone PowerShell

    Set up Time Zone via Registry

    Type regedit in the run command to open the registry editor.

    Go to:

    HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Control\TimeZoneInformation

    The time zone settings have multiple values, as seen in the screenshot below.

    Set up time zone via registry

    To determine the exact value for each of the ten registry entries, first select the time zone in the local Date & Time configuration. Afterward, simply examine the registry values.
    Note: all the available time zones are also listed in the registry in the key.
    Open your Group Policy Management Console via search.

    Search group policy management

    Go to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
    Time zones in registry

    Right-click on your local domain and choose.
    Create a GPO to this domain and link it here…

    Group policy management

    Type a name and click ok.

    Create new group policy

    Edit group policy.

    Edit group policy

    Navigate to:

    Computer Configuration\Preferences\Windows Settings\Registry

    Right-click, click on Registry, select New, and then Registry Wizard.
    Now that we have all the information we need, we can set the precise time zone for the local machine.

    GPO new registry item

    On the wizard’s first page, ensure that Local Computer is selected and click Next.

    Registry browser local computer

    On the second tab, the Registry Browser, locate the registry key.

    HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

    Select the box of each registry value. Use the scroll bar on the right to scroll down in the list. Click Finish.

    Registry browser time zone information

    The registry values have been imported.

    Import time zone information in registry

    First, we need to create a new collection. Right-mouse, click on Registry, select New, and then Collection Item.

    Create new collection item

    Type a name (TimeZone) for the collection item.
    Now, you can move all individual registry items to this (TimeZone) per drag-and-drop.

    Group policy management editor

    Afterward, you can delete the Registry Wizard Values collection item (all underlying folders are automatically deleted).
    The registry item has been created and will be distributed to all machines to which the Group Policy applies.

    Change time zone via GPO

    After configuring the time zone, restart your system to allow the changes to take effect.

  • How to Configure Folder Redirection with Group Policy

    How to Configure Folder Redirection with Group Policy

    This blog shows you how to configure folder redirection with group policy. How can you redirect a folder on the Windows Server with a group policy? Folder redirection is the method of keeping a profile folder from a network location or other location on the local computer. Most user profiles and settings are stored in a local profile. By redirecting folders, you can access data regardless of which computers you are logged in.

    Requirements

    Domain Controller Server (SRV2022)
    Client PC running Windows 11 (Windows11)

    Create a Shared Folder

    In the C drive, click on the Home tab and click New folder.
    Enter Redirection, and then press enter.

    Create a new folder

    Right-click the Redirection folder, and then click Properties.

    right-click folder

    Click on the Sharing tab and click on Share.

    Folder properties sharing tab

    Click the drop-down arrow, type Everyone, and click Add.

    Share a folder

    For Everyone, select the Permission Level Read/Write and click share.

    Shared folder read/write permission

    The folder is shared; click Done.

    Folder is shared

    Click close.

    Folder properties sharing tab

    Create a Group Policy to Redirect the Documents Folder

    Search Group Policy Management and open it.

    Search group policy management

    Right-click on your local domain, click Create a GPO in this domain and link it here.

    Create a gpo

    In the New GPO dialog box, in the Name box, type Folder Redirection, and click ok.

    Configure folder redirection with group policy

    Now, right-click on the Folder Redirection and select Edit to Configure Folder Redirection with Group Policy.

    Edit group policy

    In the Group Policy Management Editor, Go to:

    User Configuration\Policies\Windows Settings\Folder Redirection

    Right-click on Documents and select Properties.

    Folder redirection with group policy

    In the Document Properties, on the Target tab, click the setting drop-down arrow.
    Settings: Select Basic-Redirect everyone’s folder to the same location.
    From the Target folder location, select Create a folder for each user under the root path.
    In the Root Path, type \DC2022\Redirection, and select ok.

    Configure Folder Redirection with Group Policy

    In the Warning dialog box, select Yes.

    Folder redirection warning

    Close the Group Policy Management Editor.

    How to Test Folder Redirection

    Sign in to Windows11 as Windows11\Administrator with the password.

    Open the command prompt, enter the following command, and hit Enter:

    Gpupdate /force

    Type Y and press Enter.

    gpupdate /force command

    Login again
    Right-click on Documents and select Properties.

    Right-click on documents

    Verify that on the General tab, the Location field has a value of.
    \SRV2022\Redirection\user.

    Verify folder redirection
  • How to Setup Local Administrator Password Solution

    How to Setup Local Administrator Password Solution

    This blog will explain how to setup local administrator password solution. This guide is for creating, configuring, and deploying LAPS, Microsoft’s Local Administrator Password Solution.

    Microsoft LAPS can be utilized to manage local administrator passwords on your domain-joined devices. LAPS (Local Administrator Password Solution) creates a unique and random password for each device client in your network and stores it in the Active Directory.

    Microsoft Local Administrator Password Solution resolves this issue by establishing a unique, complex password for the local administrator account in all domain-joined devices. This password, set by Microsoft LAPS, will automatically change the password policy. The new passwords will be saved in the Active Directory, and authorized administrators can retrieve them from the Active Directory server when necessary.

    Install Microsoft LAPS Software on Management Computers

    The LAPS software should be installed on both management computers and client computers. The management features will be used to set up, configure, and manage LAPS.
    You can install the LAPS management software on the domain controller or another domain-joined computer, such as Windows 10/11.

    Download the local administrator password solution download LAPS from Microsoft.

    Select a language and click on download.

    Download local administrator password solution

    Choose the download you want and click on download.

    Download laps.x64.msi

    Double-click the file LAPS.x64.msi to begin the installation.

    LAPSx64 installer file

    Click on the setup wizard screen.

    Local administrator password solution setup

    Accept the license agreement and click next.

    LAPS end user license agreement

    Click on Management Tools, select “Entire feature will be installed on local hard drive,” and select the next option.

    LAPS custom setup

    Click Install.

    Install Microsoft LAPS

    When the installation is complete, click Finish.

    Completed the LAPS setup wizard

    Open LAPS UI.

    LAPS UI

    Create Security Groups for Local Administrator Password Solution

    I have already created an OU named Organization and inside two more OU (Workstations,
    Organization).
    To create security groups, right-click on security groups (OU).
    Select new and then group.

    Active directory users and computers

    Type a security group name (LAPSAdmins) and click ok.

    Create security group

    To assign security group permission, right-click on the security group and choose properties.

    Active directory users and computers

    Select the Members tab and click on the Add button.

    Security group properties members tab

    Type domain admins and click ok.

    Enter the object name to

    Verify security group permissions and click ok.

    Security group properties mermbers

    The LAPS software installation for the management computer is complete. The next step is to return to the management system to complete the LAPS setup.
    In the above sample, “Workstations” is the OU I created for the PC components.

    Assign Permissions to the Group for Password Access

    In my demo environment, I possess a security group called “LAPSAdmins”. I require users in this group to verify the local administrators’ passwords. Before we assign permissions, let’s see who had the privilege to view the passwords by default.

    Extend the Active Directory Schema

    You must log in with an account member of the Scheme admins group in Active Directory.
    Run the two commands below:

    Import-module AdmPwd.PS
    Update-AdmPwdADSchema
    Update-AdmPwdADSchema command

    Set Permissions in the Active Directory

    With the PowerShell window still open (e.g., Import the AdmPwd.ps again), we will set the required permissions for LAPS. We will need to provide the SELF built-in account on the computer with write access so it can update the password in the Active Directory. We must also permit the administrators to read the stored LAPS password. Type the following command.

    Set-AdmPwdComputerSelfPermission -OrgUnit Workstations
    Set-AdmPwdComputerSelfPermission -OrgUnit
    Set-AdmPwdReadPasswordPermission -Identity Workstations -AllowedPrincipals "LAPSAdmins"
    Setup local administrator password solution

    Setting up the LAPS GPO

    Go to:

    \\Srv2022\sysvol\xpertstec.local\scripts

    Srv2022 is an active directory server name.
    Create a new folder.

    create new folder

    Type a name LAPS

    active directory script folder

    in the LAPS folder, and paste the LAPSx64 exe file.

    Active directory script folder LAPS

    copy the path.

    Active directory script folder LAPS folder

    Configure Group Policy Settings for LAPS

    The final configuration process is to create a group policy for the LAPS settings.
    Open the group policy management console.

    Search group policy management

    Create a new GPO on the OU that has your computers.
    Right-click on group policy objects and choose new.

    Group policy management

    Give the GPO a name (LAPS) and select ok.

    Create a new policy

    Edit the GPO

    Edit group policy

    Go to:

    Computer configuration\policies\software installation

    Right-click, choose new, and then package.

    Group policy management editor

    Go to:

    \\active directory server\sysvol\xpertstec.local\scripts\LAPS

    Select the LAPSx64.exe file and select open.

    Active directory server scripts location

    Click ok

    Select deployment method assigned

    Now, you can see the local administrator password solutions that have been assigned.

    Group policy software installation

    Configure Windows Local Administrator Password Solution

    Browse to the following policy settings:

    Computer Configuration\Policies\Administrative Templates\LAPS

    Open enable local admin password management.

    Group policy management editor

    Click on Enable and then OK.

    enable local admin password management

    Click on the Policy Password Settings.
    Select Enable. Then select the password complexity settings and click OK.

    Setup local administrator passwords solution

    Enable “do not allow password expiration time longer than required by policy”.

    Se tup local administrator password solution

    If you have a custom local administrator account that you want to manage, you can enable the administrator account name to be managed.
    Note:
    Even if you changed the built-in admin account, you do not need to configure this policy. This policy is only applicable for custom local admin accounts.

    Right-click on workstations and choose link an existing GPO.

    Link an existing GOP

    Select LAPS and click ok.

    Assing group policy

    That completes the configuration process of Microsoft Laps.

    How to View the Local Administrator Password with LAPS

    Open the LAPS UI program on your management computer.
    Enter a computer name and click the search.
    No password is found.

    LAPS UI

    Login to your client’s computer and update the group policy.
    Open the command prompt and type the following command.

    Gpupdate /force

    You need to restart your client’s computer.

    Gpupdate /force command

    After restarting, update the group policy again.

    Gpupdate /force updating policy

    Go back to your active directory computer and click on search again.

    Local administrator passwords solutions

    Now, you can select expiration time.

    Select expiration time LAPS

    Above, you can see the local administrator password for Windows11 and when the password expires.
    Using PowerShell.

    Get-AdmPwdPassword Windows11

    Or right-click on the Windows11 client computer and select properties.

    Active directory users and computers

    You can also view the password in Active Directory by opening the computer and selecting the Attribute Editor.

    LAPS Attribute editor
  • How to Fix Remote Desktop Session Freezes Disconnects on Windows

    How to Fix Remote Desktop Session Freezes Disconnects on Windows

    In this blog, we will provide the different methods to fix Microsoft Remote Desktop session freezes and demonstrate the possible reasons. Remote Desktop appears to freeze constantly if your experience is anything like mine. Mouse clicks seem to work, but the remote screen stops redrawing. The only resolution is to disconnect your Remote Desktop session and establish a new one, only to freeze up again a few minutes later.

    There is a solution to this freezing issue. Since I made this change to my computers, remote desktop sessions have stopped responding once on any of them. I work remotely every day, so there are a few hours behind this test. I hope this solution works for you.

    Fix Remote Desktop Session Freezes

    Remote desktop session freezes

    The connection to the remote computer is excellent, and UDP is enabled.
    Microsoft says that using the UDP protocol can speed up the Remote Desktop session by reducing the number of retransmissions and enabling work over unstable, high-latency links.

    Fix RDP Sessions Freezing Randomly by Running CMD

    Search the command prompt in the search box and choose “Run as Administrator.”

    Search command prompt

    Type the following command line:

    reg add "HKLM\software\policies\microsoft\windows nt\Terminal Services\Client" /v fClientDisableUDP /d 1 /t REG_DWORD
    Fix remote desktop freezing issue via CMD

    Reboot the computer and check whether the RDP still freezes.

    Fix Remote Desktop Freezing over VPN by using Group Policy Editor

    Press the Win + R key and then enter gpedit.msc to open the local group policy editor.

    Run command gpedit.msc

    Go to:

    Computer Configuration\Administrative templates\Windows components\Remote Desktop Services\Remote Desktop Connection client

    Right-click on Turn Off UDP On Client and choose to edit.

    Remote desktop connection client

    Select Enabled to fix the error RDP session disconnects.

    Turn Off UDP On Client

    Unfreeze the Remote Desktop by using the Registry Editor

    Press the the Win + R key, type regedit, and click ok.

    Regedit run command

    Select yes

    User account control

    Go to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client

    Right-click on the Terminal Server Client, select New and then choose the DWORD(32-bit) value.

    Fix rdp sessions freezing via Registry editor

    Name it “fClientDisableUDP”, the new DWORD Value.
    Right-click on it and choose to modify to fix the remote desktop freezes after the login issue.

    Registry editor

    Set the value data to 1, choose Decimal, and click ok.

    Edit dword value

    Restart the computer and check whether the RDP connection is smooth.

  • How to Disable Server Manager At Startup on Windows Server

    How to Disable Server Manager At Startup on Windows Server

    In this blog, we will examine the steps to disable Server Manager dashboard at logon on Windows Server 2022. You can prevent Server Manager from opening at startup using different methods. Server Manager is a tool that guides system administrators through the installation, configuring, and management of server roles and features that are part of Windows Server.

    Let’s examine how to disable the automatic start of the Server Manager dashboard in Windows Server 2022 and other versions.

    Disable Server Manager at Startup

    Using the Manage and Server Manager Properties menu, you can disable the automatic start of the Server Manager console for the current user.

    Server manager dashboard manage

    Tick the box “Do not start Server Manager automatically at logon”.

    Disable server manager at startup

    You can use PowerShell to disable the server manager.
    Type the below command to disable Server Manager at startup.

    Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask
    turn off server manager on login powershell

    There are several ways to disable Server Manager auto-launch for all administrators.

    Disable Server Manager AutoStart Using Group Policy

    A separate Group Policy option allows disabling server manager on startup GPO.

    You can use the local gpedit.msc editor to enable this setting on a single computer. To apply this policy to all servers in the AD domain, create a GPO via the gpmc.msc console and link the policy to the organizational unit containing the Windows Server computers or the domain root.

    Gpedit.msc run command

    Go to

    Computer Configuration\Policies\Administrative Templates\System\Server Manager

    open “Do not display server manager automatically at logon”.

    stop server manager from starting GPO

    Enable the “Do not display Server Manager automatically at logon” policy and click ok.

    disable server manager startup group policy

    Disable Server Manager at Logon via Registry

    Type regedit in the run box to open the Windows register editor.

    Regedit run command

    Go to

    HKLM\SOFTWARE\Microsoft\ServerManager

    Open DoNotOpenServerManagerAtLogon

    disable server manager startup via registry

    You can alter the value of this parameter from 0 to 1 to prevent the Server Manager from starting automatically.

    disable startup server manager in registry

    Disable the Server Manager with the scheduled task

    A separate scheduled task is utilized to disable the Server Manager automatically when the user logs on. Open the taskschd.msc console.

    Run command taskschd.msc

    Navigate to Microsoft\Windows\Server Manager. Right-click on the ServerManager and choose disable.

    stop server manager from starting at login via Task Scheduler
  • How to Map Network Drives via Group Policy

    How to Map Network Drives via Group Policy

    In this blog, you will learn how to map network drives via Group Policy in Windows Server 2022. How can I configure a GPO for mapping shared drives and automatically provide users with access when they log on? Providing users with access to shared folders can be beneficial. It allows you to control your IT infrastructure while allowing people to share the necessary resources.

    Map Network Drives via Group Policy

    Map a Department Network Drive

    I will map network drives with group policy for the Accounts department. I will use item-level targeting, so it only maps this drive for users in the Accounts organization unit.
    You could also use a Security Group to target a certain group of users. This will be mapped to a network share that only the HR department has access to.
    I have created two shared folders (Shared for Accounts department and Users for individuals).

    Open the users’ folder.

    Windows explorer new volume

    Right-click on a user, select properties and verify the permissions.

    Folder properties in Windows

    Active Directory Users and Computers

    We have created organization units (Account, etc.….) in the Active Directory users and computers. I am going to map a network drive for accounts departments. I have moved a user named user2 to the accounts organization unit.

    Active directory users and computers

    Open the Group Policy Management Console by searching in Windows.

    Search group policy management

    In the Group Policy Management Console, click on the group policy object and select Create a new GPO.

    Create new group policy object

    You can name the new GPO whatever you like; I’ve created a map network drive for all computer users.
    I can also add additional drive mappings to this GPO.

    New GPO name

    The new GPO is now created and linked, so it is time to configure the settings.

    Configure GPO Settings

    Right-click on the GPO (Map Network Drives) and select edit.

    Edit group policy objects

    Access User Configuration/Preferences/Windows Settings/Drive Mappings.
    Right-click Drive Maps, Select New and then Mapped Drive.

    Map network drives via GPO

    Configure Drive Mapping Properties

    General Tab Settings
    Action updates
    Locate the path to the shared/folder you want to map a drive.
    Select a drive letter
    Label as: This is optional, but may be beneficial for users.

    Configure map network drive via GPO

    Click on the Common Tab
    Select Run in the logged-on user’s security context.
    Select Item-level Targeting
    Click on the Targeting Button

    Map network drive targeting

    Select New Item
    Select Organization Unit

    targeting Map network drive

    Click on the three dots buttons.

    Map network drive targeting editor

    Select your OU, the one you want to use for this network drive mapping.

    Find custom search

    Click ok.

    Map network drive targeting

    Click the ok button to close the new drive properties.

    New map drive properties

    This completes the GPO settings.

    Group policy management editor

    This will be a user-based GPO, so make sure you link it to a location that will attract users. I have all my users separated into an OU called Accounts so that I can create and link the GPO there.

    Right-click on an Organization Unit and select the existing GPO.

    Group policy management

    Select a group policy object (Map Network Drives) and click ok.

    Link existing group policy objects

    Now you can see the GPO successfully linked.

    Group policy objects link enabled

    Log in with a user’s PC, and you can see the map drive not displayed.

    This PC

    Reboot User’s Computer to Process GPO

    I must reboot the user’s PC or run gpupdate /force.

    Gpupdate /force

    The next time a user from the accounts users logs in, they should be able to see a mapped drive.

    This PC mapped network drives

    In the active directory users and computers, now, any user I put in the HR folder can access this drive. If you don’t want to use an organizational unit, you can also target a group of users by using a Security group.

    Active directory users and computers

    Map a Network Drive Using Group Policy for Individual Users

    This example maps a drive for individuals, providing each user with a personal folder to save files.
    You can create a new GPO or add to an existing one, I have all my drive mappings available in one GPO.

    This example requires a folder to be created on a network share that matches the user’s login name. You will need to modify the NTFS permissions so that only the individual user has permission to access it.

    Create Roaming Profiles

    Roaming profiles allow users to log on to any computer in their organization and have all their personal files and settings available to that computer. This is a powerful feature that is easy to configure.
    Create a folder on your server’s local hard drive.
    Click the folder you created, scroll down, and click Properties.

    Select folder properties

    Open the sharing tab and click Advanced Sharing.
    Check the Share this Folder and click on Permissions.
    Select Everyone from Group or usernames and click Remove.
    Click Add and add a user to who you want to provide access.
    Click on the security tab and select edit.

    Folder properties security tab

    Select add

    Permissions for shared folder

    Enter a user and select click ok.

    Enter the object name to select

    Allow full control by checking the checkboxes and clicking OK.

    Permissions for share folder

    Active Directory Users and Computers

    Select all users who would like their roaming profile to be created. Right-click and click Properties.

    active directory users and computers

    Check the connect under the home folder and use a letter to map the network drive. Provide the network path of the folder you copied. It should be in the format \ServerName\FolderName\%username%. Click OK. You are creating a roaming profile for Active Directory users.

    Map network drive for user

    Click ok.

    Active directory domain services warning

    Now login with the user’s PC.

    Map network drive

    Please visit Microsoft to learn more about GPO.

    #MapNetworkDrive #GroupPolicy #WindowsServer2022 #gpo

  • A Free Course Windows Server 2022 Administration

    A Free Course Windows Server 2022 Administration

    This free course Windows Server 2022 Administrators will train you from zero to hero. This free Windows server training course will teach you how to use Windows Server 2022. You will learn how to set up, configure, and manage Windows Server 2022. This free training will teach you how to troubleshoot problems, make your servers fault-tolerant, and more.

    Windows server administrators are responsible for installing, configuring, managing, and upgrading Windows servers and systems within an organization, configuring user access, managing data security, and more. In this practical learning path, learn everything you want to get started with Windows Server 2022.

    This course is for anyone who wants to improve their skills in Windows system administration. This course will guide you from the basics to the advanced topics of installing, configuring, and managing a Windows server. Many of the tasks in server administration consist of configuring clients, server applications, and services.

    To gain competence as a Systems administrator, you must practice installing, configuring, and managing different services and set up an office client computer to communicate with the server.

    Most of the calls you will make when supporting servers and user’s computers will involve that scenario, where there’s a client computer communicating with an application or service running on the server.

    A Free Course Windows Server 2022 Administration

    Install Windows Server 2022

    Rename Windows Server 2022

    Implement active directory domain service

    Create a User in Active Directory 2022

    Join Windows to Active Directory 2022

    Reset User Password in Domain Controller 2022

    Create PTR Records Server 2022

    Create Reverse Lookup Zone Server 2022

    Implementing and Configuring Additional Domain Controller Server 2022

    Backup Active Directory Windows Server 2022

    Setup and Configure File Server in Server 2022

    Install and Configure Windows Admin Center

    Install Windows Server 2022 Core

    Enable Hyper-V Role Windows Server

    Implement and Manage Windows Server 2022 Failover Clustering

    Implement and Configure Network Load Balancing Windows Server 2022

    Setup and Configure iSCSI Target on Windows Server 2022

    Install Web Server IIS in Windows Server

    Enable Network Discovery in Server 2022

    Install Windows Server Update Services

    Configure Windows Server Update Services (WSUS)

    Upgrade Windows Server 2019 to 2022

    Upgrade Active Directory 2019 to 2022

    Migrate Active Directory Server 2012 to 2022

    Active Directory Migration Server 2019 to Server 2022

    Bare Metal Backup Windows Server 2022

    Bare Metal Recovery Windows Server 2022

    Schedule Windows Server Reboot Automatically

    By the end of this free course, you will be able to perform the essential task of Windows System Administration.

    Learn More: A Free Course Microsoft Exchange Server 2019

  • How to Configure Disk Quota with File Server Resource Manager

    How to Configure Disk Quota with File Server Resource Manager

    In this article, you will learn how to configure disk quota with File Server Resource Manager (FSRM) on Windows Server 2022.

    A file server resource manager is a Windows server role that helps IT administrators manage data stored on file servers. File servers are usually crowded with needless files that take up too much space. While IT professionals know how to manage file servers, they aren’t conscious of what files are or are not useful to users. The file server resource manager manages these issues by allowing professionals to limit folder space, classify and screen what type of data is stored, and view storage analytics.

    What is the File Server Resource Manager?

    FSRM (File Server Resource Manager) is a role Windows Server service that enables management and control of the quantity and type of data stored on a file server. Using File Server Resource Manager, you can automatically classify files, achieve tasks based on these classifications, set quotas on folders, and create reports monitoring storage usage.

    File Server Resource Manager has the following features:

    Quota management
    File Classification Infrastructure
    File screening management
    Storage reports

    Create a Quota Template

    Open the server manager.

    Select the Tools tab and then select File Server Resource Manager.

    Server manager tools

    In the File Server Resource Manager window, expand the quota management option. Right-click on it and then select Create Quota Template.

    Create Quota template

    In the Template name console, enter a name for a new quota template, and then Add a description if you need it.

    Create quotas template with file server

    Under the Limit text box, enter a number and choose a unit (KB, MB, GB, or TB) to specify the space limit for the quota.

    Select the hard quota or soft quota option.

    Configure quotas template

    Click on the Add button to set up a notification threshold.

    Create quotas template

    Under the Generate notifications, when usage reaches the (%) box, choose a percentage of the quota limit for the notification threshold.

    Select the Event Log tab, and then choose the Send warning to the Event Log checkbox.
    Click on the OK button to save your notification threshold.

    Create quotas add threshold

    Choose the ok button to close the Create Quota Template dialog box.

    Create quota template File server

    Now you can Verify the new quota template in the File Server Resource Manager console.

    Quota Templates File server

    How to Create a Quota using an Existing Quota Template

    Right-click on the Quota option and then select Create Quota.

    Configure quota file server resource manager

    Click the Browse button to select the Quota path.

    Create Quotas with file server

    Select the folder and then click ok.

    Browse for folders

    Under Derive properties from this quota template option, choose the template that we created earlier and then click Create.

    Configure Quotas with file server

    Verify quota entry in the FSRM console.

    File server resource manager

    How do I test Quota with FSRM?

    On a Windows client machine, access the shared folder. Copy the data to this folder for testing purposes.

    Folder properties

    Launch your file server and open the event viewer.

    Click on the administrator event and search for event ID 12325 (SRMSVC). Warning about the user exceeding the disk quota threshold.

    Event Viewer

    If a user tries to save more data then the user will receive the following error.

    This is not enough space on the folder

    In this article, we have learned how to configure disk quota using the file server resource manager in Windows Server 2022.

    Please visit Microsoft to learn more.

  • How to Install File Server in Server 2022

    How to Install File Server in Server 2022

    Let’s look at this article on how to install file server on Windows Server 2022. I am talking about a file server. I mean that the server can offer a central location in your local network to store files and folders and share them with domain users. Assisting this type of work, logically, we can go with certain permissions based on the information’s criteria and level of privacy.

    Let’s see how to setup and configure a file server in Windows Server 2022

    Create a Shared Folder in Server 2022

    First, we need to create a shared folder inside the server. This folder will be utilized as a file server. Once created, right-click on it and then enter its properties.

    Select folder properties

    Select the Sharing tab and select the Advanced Sharing button.

    Share folder properties

    Under the advanced sharing, select the Share this folder box and then click on the permissions menu.

    Share the folder

    First, select everyone, select remove and then click the Add button.

    Permission for shared Add a user group

    Select the group of users you wish to have access to the folder and click ok. I have selected the Domain Users.

    Adding domain users

    Then, select read and write permission in the folder. After applying the changes, select ok.

    Permission for shared

    Ensuring access to the users of the domain.

    The folder for the file server has been configured successfully. To view its functionality, simply click on any client system. Then, view the newly created folder.

    Windows network folders

    Accessing the shared folder from a client computer.

    Configuring the file server in Windows Server 2022

    Launch the server manager, in the dashboard, click on add roles and features.

    Server Manager

    Select next.

    Before You Begin

    Click next.

    Select installation type

    Choose next.

    Select destination server

    Expand the File and Storage Services category and select the file server checkbox.

    Enable File Server Resource Manager

    Now tick the box “File Server Resource Manager feature”.

    File Server Resource Manager roles

    Click on the Add Features button to install the necessary features.

    Add Features that are required

    Select next.

    Install file server roles

    Click next

    Confirm installation selections

    Click on the Install button to set up the file server in Windows Server 2022.

    Confirm installation selections

    File Server Installation is in progress.

    File server roles Installation progress

    File server roles setup is complete, click on close button.

    Feature installation results file server

    Click on the tools tab and then open File Server Resource Manager.

    Server Manager

    Start File Server Resource Manager.

    File Server Resource Manager Console

    Right-click on the File server resource manager console and then select Configure Options to configure our main settings.

    File server Configure Options

    Configure email notifications.

    File Server Resource Manager Options

    Click on the Notifications Limits tab and then edit the values or leave them as is.

    File server notification limits

    Notifications Limits

    Click on the Reports Locations tab, and you can change the area where the reports are stored or leave them as is.

    File server resource manager options

    Reports Locations

    First, click on the QUOTA Templates option, You can see ready-prepared templates in MB, GB and TB.

    Quota Templates file server

    Please visit Microsoft to learn more.

  • How to Connect iSCSI Target Server 2022

    How to Connect iSCSI Target Server 2022

    This section describes how to connect iSCSI Target Server to Windows Server 2022. Windows Server includes a built-in tool called the iSCSI initiator that we can use to connect to an iSCSI target server. In order to attach an iSCSI target, you need to enable and configure the initiator.

    To read more about it, please click iSCSI Target Server Overview.

    To start, launch the Server Manager and select the iSCSI Initiator option from the Tools menu.

    Server Manager

    Now, you can see that Microsoft iSCSI indicates that the Microsoft iSCSI service is not running. The iSCSI service must be initiated if the iSCSI initiator is to function correctly. Click the Yes button to enable the service, and it will ensure that it starts automatically every time Windows is restarted.

    iSCSI service is not running

    The iSCSI Service Must be Enabled

    The iSCSI service is running now, and we will have to collect a little information before we can finish configuring the iSCSI initiator.

    The first thing in establishing connectivity to the iSCSI target server is to select the Discovery tab on the iSCSI Initiator Properties window. Click on the Discover Portal button.

    Connect iSCSI initiator properties discovery

    In the discovery target portal, type IP address (default port is 3260). Click on the Advanced button.

    Discovery target portal iSCSI

    Please ensure the Local Adapter settings are Microsoft iSCSI Initiator and the Initiator is Target IPs. Click ok twice

    Discover target portal iSCSI advanced

    Select the iSCSI initiator and then select the Connect button.

    Connect iSCSI initiator properties

    The iSCSI Initiator should discover the iSCSI target and click ok.

    Connect to target name iSCSI

    Now, the iSCSI target is connected.

    Connect iSCSI initiator properties

    How to Enable iSCSI Initiator with PowerShell

    We can also enable the iSCSI initiator by using the PowerShell command to start the Microsoft iSCSI Service and then change the service startup type to Automatic by running the below commands:

    Start-Service msiscsi
    Set-Service msiscsi -startuptype "automatic"

    Now, open the Disk Management console by clicking Tools and then Computer Management.
    Or you can type the DISKMGMT.MSC in run command to open it.

    Server manager tools

    Click on Disk Management from the left panel. Right-click on the disk whose size equals that of your LUN, and then select Online.

    Disk management disk online

    Again, right-click on the disk and then select Initialize Disk.

    Disk management initialize disk

    Click OK, and the disk status will become Online.

    Initialize disk

    Right-click on the disk and then click on New Simple Volume.

    Disk management create partition

    Click next.

    Welcome to new simple volume

    Click next

    New simple volume size

    Assign the drive letter and then click next.

    New simple volume assign letter

    Type a volume label and click next.

    New simple volume format partition

    Click finish.

    New simple volume wizard

    Now, your Windows has an additional drive with the drive letter as extra storage.

    Computer management

    Related: How to install and configure iSCSI target on Server 2022.

  • How to Install and Configure iSCSI Target on Windows Server 2022

    How to Install and Configure iSCSI Target on Windows Server 2022

    In this article, we will discover how to install and configure iSCSI Target on Windows Server 2022. The Internet Small Computer System Interface (iSCSI) and iSCSI Target Server allow you to boot multiple systems from a single operating system image. It allows block-level access to storage appliances by carrying SCSI commands over a TCP/IP network. The iSCSI target is the storage on a remote location, which seems to be the host computer (iSCSI initiator) as a local drive.

    I have created 2 virtual machines on my VMware workstation to disclose the deployment process. I have installed Windows Server 2022 on the virtual machines. Below is the configuration of the virtual machines.

    NameRoleOperating SystemIP Address
    WS2022-DCiSCSI initiatorWindows Server 2022192.168.241.100
    SAN.xpertstec.localiSCSI Target Server192.168.241.102

    To create an iSCSI server, we need to install the iSCSI server role.

    Create and Configure iSCSI Target Server Role

    To configure the iSCSI target server, we must install the File and iSCSI Services roles on our Windows Server. Open Server Manager and click on the Add Roles and Features link.

    Server Manager

    Click next

    Add roles and features wizard

    We need to install the iSCSI service on our virtual machine. Therefore, select role-based or feature-based installation, and then click on Next.

    Role based or feature based

    We need to install the iSCSI services on SAN.xpertstec.local. Click next.

    Select destination server

    Here, we need to install File and iSCSI Services. Expand the File and Storage Services option and then expand File and iSCSI Services.
    Tick iSCSI Target Server

    iSCSI target server features

    Click on Add Features.

    Add features that are required

    After selecting the iSCSI target role, click next.

    iSCSI target server features

    Click next

    Select server features

    Click install

    iSCSI target server confirmation

    iSCSI installation is complete; click on Close.

    iSCSI target server installation progress

    The iSCSI target server role has been installed successfully.
    Click on File and Storage Services.

    Server Manager

    Creating iSCSI Virtual Disks

    The iSCSI target server has been created; let us create an iSCSI virtual disk.
    Click on iSCSI, and then on the right side, select Start the new iSCSI virtual disk wizard

    iSCSI virtual disks

    In the new iSCSI disk wizard, click on the Select iSCSI virtual disk location; select the location of the virtual disk. If you have already installed the iSCSI Target Server role on multiple servers, you can select the server from the list. The record of servers with the iSCSI target role installed will remain automatically under the Servers box. Select the volume checkbox and select the custom path under the Type a custom path option. I will construct a virtual disk on the C drive of SAN.xpertstec.local. Click next

    iSCSI virtual disk location

    On the iSCSI virtual disk name screen, enter a unique name and click Next.

    Specify iSCSI virtual disk name

    On the iSCSI virtual disk size screen, we can specify the size of the virtual disk.
    Enter the disk size, select Dynamically expanding, and then click next.

    Specify iSCSI virtual disk size

    iSCSI target screen, select the New iSCSI target checkbox, then click Next.

    Assign iSCSI target

    For the target name and access screen, type a name and click next.

    Specify target name, iSCSI

    Specify Access Servers

    Click the Add button on the Specify Server Access screen to add the iSCSI initiators.

    iSCSI virtual disks access servers

    By default, the iSCSI initiator can’t connect to the target server. We need to install/enable iSCSI initiators. To connect to the iSCSI target server, click on the browse button.

    Add initiator ID

    Type the name of the system where you want to connect the iSCSI target, and then click OK.

    Enter the object name

    Click ok.

    Select a methods to identify the initiator

    Now that the initiator has successfully added to the list, click on next.

    iSCSI virtual disks access servers

    You can enable CHAP or reverse CHAP if required; click on Next.

    iSCSI virtual disks enable authentication

    Select Create to create an iSCSI virtual disk.

    iSCSI virtual disks confirmation

    The disk has been created successfully. Click close

    iSCSI virtual disks successfully created

    We can now see the list of iSCSI virtual disks in the server manager.

    iSCSI virtual disks

    Summary

    In this blog, I have explained how to install and configure the iSCSI Target Server on Windows Server 2022. In my next blog, I will describe how to connect the iSCSI initiator and use it to connect to the iSCSI virtual disk.

    Please visit Microsoft for more information.

    Related: How to Connect iSCSI Target to Server 2022.