Wednesday, May 8, 2024

Cisco Modelling Labs - Virtualized Intel VT-X/EPT is not supported on this platform

Received following error both in VMware:Player and VMWare Workstation Pro:

Virtualized Intel VT-X/EPT is not supported on this platform

This is needed because Cisco Modeling Labs uses nested virtualization if running under VMware.

Solution is to remove Hyper-V from the machine.

Saturday, September 17, 2022

Please use Active Directory Group Managed Service Accounts!

This post handles the justification and design for a gMSA. It is also an appeal to Microsoft to increase the number of their services that support gMSAs. (specifically SharePoint. If you are looking for a quick step by step how to use a gMSA, please click here

What is a gMSA?

We have all noticed that Active Directory automatically synchronizes a password between AD and a Computer. The default is 30 days. 
A Managed Service Account that uses the same system for synchronizing the password of a Service Account.

Why use a gMSA?

 

It rolls the passwords for the service account automatically, thus ensuring that security standards are met.

How does a gMSA work?


 A gmsa is both a user account and a computer account.This enables it to use the same mechanism for rolling passwords as a computer account.Rolling is done according to a 30 day schedule and can be set in the registry, it is not based on the usual domain group policy.
The password is generated by the Key Distribution Service.

What should Microsoft do?

 
At present, for Exchange Server we have to roll the passwords manually. This is because of a depedency on Windows Cluster Services.

 
 




SharePoint has its own "Managed Accounts" where it rolls the password.One can schedule how often the password is rolled, there are also options to make sure it is rolled before password policies are enforced and to have an email notification before a password change.
 

References:

https://community.spiceworks.com/topic/151704-how-often-should-i-change-passwords-for-servers-firewalls-etc

https://www.stigviewer.com/stig/windows_2008_member_server/2018-03-07/finding/V-14271  

https://docs.microsoft.com/en-us/archive/blogs/askds/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting

https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-how-to-work-with-group-managed-service-accounts/ba-p/329864

 

https://itconnect.uw.edu/wares/msinf/ous/guide/gmsa/

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd378925(v=ws.10)?redirectedfrom=MSDN

 

 

www.software-smith.com

 

 


Tuesday, September 13, 2022

Recipe - Using a Managed Service Account with Windows 2019

1. On the domain controller make sure you have installed the AD module feature and then

New-ADServiceAccount -Name msasql -DNSHostName msasql.adatum.com

-PrincipalsAllowedToRetrieveManagedPassword "Domain Computers"

-Enabled $True


If you require a SPN you can also use the -ServicePrincipalName parameter.

Replace "Domain Computers" with the computers that are going to run the service using the managed service account. If you are creating a group MSA then this would be the name of the group.

If you get "access denied" or a missing key message, then try this first:

Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10))





2. On the domain controller add the new service account as the service account for the server where it will be used:

Add-ADComputerServiceAccount -Identity lon-exch -ServiceAccount msasql


The -Identity is the server, the -ServiceAccount is the MSA


 

3. Go to the computer where you will use the managed account. Make sure you have installed the AD Power Shell feature and then

Install-ADServiceAccount -Identity msasql




4. Go to the SQL Configuration and change the appropriate service to use this account.
Make sure you use a dollar sign e.g. adatum\msasql$ and that the password fields are blank.

 


 

 If you need to roll the password use:


Reset-ADServiceAccountPassword msasql



References:


Monday, November 29, 2021

How To change font size in SQL Server Management Studio.

 1. Click Tools, then Options


2. Select Fonts and Colors (under Environment). Under Show settings for: select Text Editor and change the size.

 


3. The font size is changed in the Query window.

 


4. Select Tools, then Options. Select Fonts and Colors (under Environment). Under Show settings for: select Environment and change the font and then the size.


5. The font size is now changed in the Object Explorer.


Note also the Zoom dropdown in the query window.