Running Best Practice Analyzer on remote 2008 R2 domain controllers

Similar Messages

• SQL server Best Practice Analyzer output in .CSV

  Hi Team, I ran SQL server Best practice analyzer on our SQL 2008 R2 server. I was trying to export scan result in .csv format but it is only giving me option to save it in .xml format. I have been looking for ways to export output in such a way
  that it can be readable and I can send it to our clients but no luck.
  How can I export SQL BPA output in .csv or any other user friendly format?
  Thanks in Advance.

  Hi MSRS27,
  You can run Best Practices Analyzer (BPA) scans either from Server Manager, by using the BPA GUI, or by using cmdlets in Windows PowerShell. We can view or save BPA results from Windows PowerShell session in different format.
  If you want to export BPA results to a comma-separated values (CSV) text file, run the following cmdlet, where Path represents the path and text file name to which you want to save the CSV results.
   CSV results can be imported into Microsoft® Excel, or other programs that display data in spreadsheets or grids.
  Get-BPAResultModel ID| Export-CSVPath
  For more information, see: Run Best Practices Analyzer Scans and Manage Scan Results
  http://technet.microsoft.com/en-us/library/hh831400.aspx
  Regards,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• Server Core 2008 R2 SP1 - AD DS Best Practice Analyzer Scans Don't Produce Any Output

  Hi,
  This is a re-post moving this discussion to the recommended forum "Server Core" from here:
  http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/cc33d429-88e0-4450-a73c-361e395fd217.
  I am having problems producing any output for any AD DS Best Practice Analyzer Scans on a Windows Server Core 2008 R2 SP1 Domain Controller.
  I have imported the "ServerManager" and "BestPractices" PS modules on that Server by running the following commands:
  Import-Module ServerManager
  Import-Module BestPractices
  I've then run
  get-BPAModel, to find out what best practice scan models are availale, this returns the following output:
  Id                                                       
  LastScanTime
  Microsoft/Windows/DirectoryServices     Never
  Microsoft/Windows/DNSServer               Never
  I then run all the BPA scans on that box:
  Get-BPAModel | Invoke-BPAModel
  This returns the following output:
  ModelId                                          
  Success  Detail
  Microsoft/Windows/DirectoryServices True       (InvokeBpaModelOutputDetail)
  Microsoft/Windows/DNSServer          True       (InvokeBpaModelOutputDetail)
  Since the BPA invocation results weren’t displayed automatically, I entered the following command to see them:
  Get-BPAModel | Get-BPAResult | Out-File "D:\Source\BPA.txt"
  This command will create a text file with the scan results but I only see the results of the DNSServer scan, not the DirectoryServices scan.
  I have also tried to view the results in a HTML format by running the following command but still only see the DNSServer scan results:
  Get-BPAModel | Get-BPAResult | ConvertTo-Html | Set-Content d:\Source\BPA.htm
  I have also tried exeucuting the scan ONLY for the "Microsoft/Windows/DirectoryServices" model but can't get any results to be returned.  I have also connected using server manager from a Full install of Server 2008 R2 SP1 but that
  doesn't seem to show any results under the "Best Practices Analyzer" section when the "Active Directory Domain Services" node is selected, all 4 tabs ("Noncompliant", "Excluded", "Compliant" and "All") show zero (0).  However, the summary text above the
  tabs does show when the last scan was performed. which seems to be correct.
  Is there something special that needs to be done to produce the BPA results for the "Microsoft/Windows/DirectoryServices" BPA model on Server Core 2008 R2 SP1?
  BTW: The Forest/Domain is W2K3R2 Native, this is the first W2K8R2 DC in the environment and I have installed .NET 4 framework (Server Core) to support Powershell 3, also installed.
  Thanks, Paul.
  belpad

  Hi Diana,
  OK, pretty sure I've now found the root cause of the issue I've described above.
  I was also looking into Windows Update Agent issues for these W2K8R2 Server Core DC's, where no updates would be applied via WSUS (configured via GPO) and would fail with "FATAL: CBS called Error with 0x8000ffff windows update agent server
  core". 
  Yesterday, I managed to get one of the W2K8R2 Server Core DC's (WSUS updates) working again by removing one of the .NET 4 Framework security updates (KB2600211) which was manually applied when the server was initially setup.  .NET 4 (Server Core Edition
  http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=22833) was installed as a pre-requisitie for Powershell 3.  Once this update was removed, the affected server core DC was restarted and WSUS updates started to get applied.
  So I followed the same procedure on the other server core DC but this did not resolve the WSUS issue this time.  Next, I did further investigation into the Windows Update Agent problem.  This led me to the following article:
  http://blogs.technet.com/b/brad_rutkowski/archive/2008/07/03/windows-update-fails-with-8000ffff-e-unexpected.aspx which described an issue with NTFS permissions being set incorrectly on C: drive, with the "BUILTIN\Users" group completely
  missing on the C: drive.
  I found the affected Server Core DC also had this issue and when the "BUILTIN\Users" was assigned permissions on the C: drive as described above, and the Windows Update Agent re-started, the Server Core DC started to install all required updates
  configured via WSUS.
  Next, I ran the Directory Service BPA, which now produces the desired output either locally or remotely via Server Manager.
  Therefore, I can only assume that the Directory Service BPA also uses "Network Service" much like WUAUSERV (Windows Update Agent), which requires access to the C: drive via the "BUILTIN\Users" assignment.
  So this has subsequently led me to check the C: drive (%systemdrive%) permissions across multiple W2K8R2 machines, all of which showed differing assigned permissions, as follows:
  1. W2K8R2 Server Core DC - With Directory Services BPA and Windows Update Agent Not Working
  C:\>icacls c:\
  c:\ BUILTIN\Administrators:(OI)(CI)(F)
      CREATOR OWNER:(OI)(CI)(IO)(F)
      NT AUTHORITY\INTERACTIVE:(OI)(CI)(RX)
      NT AUTHORITY\SYSTEM:(OI)(CI)(F)
  2. W2K8R2 Server Core DC - With Directory Services BPA and Windows Update Agent Working OK
  C:\>icacls c:\
  c:\ NT AUTHORITY\SYSTEM:(OI)(CI)(F)
      BUILTIN\Administrators:(OI)(CI)(F)
      BUILTIN\Users:(OI)(CI)(RX)
      BUILTIN\Users:(CI)(AD)
      BUILTIN\Users:(CI)(IO)(WD)
      CREATOR OWNER:(OI)(CI)(IO)(F)
  3. W2K8R2 Full DC - With Directory Services BPA and Windows Update Agent Working OK
  C:\>icacls c:
  c: NT SERVICE\TrustedInstaller:(F)
     NT SERVICE\TrustedInstaller:(CI)(IO)(F)
     NT AUTHORITY\SYSTEM:(M)
     NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
     BUILTIN\Administrators:(M)
     BUILTIN\Administrators:(OI)(CI)(IO)(F)
     BUILTIN\Users:(RX)
     BUILTIN\Users:(OI)(CI)(IO)(GR,GE)
     CREATOR OWNER:(OI)(CI)(IO)(F)
  4. W2K8R2 Server Core DHCP Server (Migrated from W2K3 with Server Migration Tools) - With DHCP BPA and Windows Update Agent Working OK
  C:\>icacls c:
  c: NT AUTHORITY\SYSTEM:(OI)(CI)(F)
     BUILTIN\Administrators:(OI)(CI)(F)
  5. W2K8R2 Server Core DHCP Server (Migrated from W2K3 with netsh) - With DHCP BPA and Windows Update Agent Working OK
  C:\>icacls c:
  c: NT AUTHORITY\SYSTEM:(OI)(CI)(F)
     BUILTIN\Administrators:(OI)(CI)(F)
     BUILTIN\Users:(OI)(CI)(RX)
     BUILTIN\Users:(CI)(AD)
     BUILTIN\Users:(CI)(IO)(WD)
     CREATOR OWNER:(OI)(CI)(IO)(F)
  None of the above servers have a Group Policy or any in-house scripts defined that configure C: drive permissions.  It seems odd that there should be such a variance in the C: (%systemdrive%) drive permissions across the above servers, with only
  scenarios 2 and 5 above have matching permissions.  I can only imagine that maybe some software or software update might be causing this.
  By reviewing the above output, it seems there is also a difference between the C: drive permissions of W2K8R2 Server Core and W2K8R2 Full.  Not sure if this is by design? 
  Is there any Microsoft Documentation describing what the default %systemdrive% NTFS permissions should be for W2K8R2 Server Core and Full.  Furthermore, do these permissions change when the various infrastructure roles are installed and enabled i.e.
  Domain Controller, DHCP etc.  I ask, since I would like to use the correct set of permissions for %systemroot% in each scenario. Please advise if I should be asking this question in a different forum?
  belpad

• SQL Server 2008 - Best Practices Analyzer

  Is there a version of SQL Server 2008 Best Practices Analyzer available for download?   If not, can I use BPA for SQL Server 2005 to run a DB assessment on a SQL Server 2008 database?  Please let me know what your recommendation is?
  Thanks

  Microsoft® SQL Server® 2008 R2 Best Practices Analyzer has been released for few months.
  More details here
  http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=0fd439d7-4bff-4df7-a52f-9a1be8725591

• Exchange Best Practices Analyzer and Event 10009 - DCOM

  We have two Exchange 2010 SP3 RU7 servers on Windows 2008 R2
  In general, they seem to function correctly.
  ExBPA (Best Practices Analyzer) results are fine. Just some entries about drivers being more than two years old (vendor has not supplied newer drivers so we use what we have). Anything else has been verified to be something that can "safely be ignored".
  Test-ServiceHealth, Test-ReplicationHealth and other tests indicate no problems.
  However, when I run the ExBPA, it seems like the server on which I run ExBPA attempts to contact the other using DCOM and this fails.
  Some notes:
  1. Windows Firewall is disabled on both.
  2. Pings in both directions are successful.
  3. DTCPing would not even run so I was not able to test with this.
  4. Connectivity works perfectly otherwise. I can see/manage either server from the other using the EMC or EMS. DAG works fine as far as I can see.
  What's the error message?
  Event 10009, DistributedCOM
  "DCOM was unable to communiate with the computer --- opposite Exchange server of the pair of Exchange servers---  using any of the configured protocols."
  This is in the System Log.
  This happens on both servers and only when I run the ExBPA.
  I understand that ExBPA uses DCOM but cannot see what would be blocking communications.
  I can access the opposite server in MS Management Consoles (MMC).
  Note: the error is NOT in the ExBPA results - but rather in the Event Viewer System Log.
  Yes, it is consistent. Have noticed it for some time now.
  Does anyone have any idea what could be causing this? Since normal Exchange operations are not affected, I'm tempted to ignore it, but I have to do my "due diligence" and inquire. 
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Hi David,
  I recommend you refer the following article to troubleshoot this event:
  How to troubleshoot DCOM 10009 error logged in system event
  Why this happens:
  Totally speaking, the reason why DCOM 10009 is logged is that: local RPCSS service can’t reach the remote RPCSS service of remote target server. There are many possibilities which can cause this issue.
  Scenario 1:
   The remote target server happens to be offline for a short time, for example, just for maintenance.
  Scenario 2:
  Both servers are online. However, there RPC communication issue exists between these two servers, for example:  server name resolvation failure, port resources for RPC communication exhaustion, firewall configuration.
  Scenario 3:
  Even though the TCP connection to remote server has no any problem, but if the communication of RPC authentication gets problem, we may get the error status code like 0x80070721 which means “A security package specific
  error occurred” during the communication of RPC authentication, DCOM 10009 will also be logged on the client side.
  Scenario 4:
  The target DCOM |COM+ service failed to be activated due to permission issue. Under this kind of situation, DCOM 10027 will be logged on the server side at the same time.
  Event ID 10009 — COM Remote Service Availability
  Resolve
  Ensure that the remote computer is available
  There is a problem accessing the COM Service on a remote computer. To resolve this problem:
  Ensure that the remote computer is online.
  This problem may be the result of a firewall blocking the connection. For security, COM+ network access is not enabled by default. Check the system to determine whether the firewall is blocking the remote connection.
  Other reasons for the problem might be found in the Extended Remote Procedure Call (RPC) Error information that is available in Event Viewer.
  To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.
  Ensure that the remote computer is online
  To verify that the remote computer is online and the computers are communicating over the network:
  Open an elevated Command Prompt window. Click Start, point to
  All Programs, click Accessories, right-click
  Command Prompt, and then click Run as administrator. If the
  User Account Control dialog box appears, confirm that the action it displays is what you want, and then click
  Continue.
  At the command prompt, type ping, followed by a space and the remote computer name, and then press ENTER. For example, to check that your server can communicate over the network with a computer named ContosoWS2008, type
  ping ContosoWS2008, and then press ENTER.
  A successful connection results in a set of replies from the other computer and a set of
  ping statistics.
  Check the firewall settings and enable the firewall exception rule
  To check the firewall settings and enable the firewall exception rule:
  Click Start, and then click Run.
  Type wf.msc, and then click OK. If the
  User Account Control dialog box appears, confirm that the action it displays is what you want, and then click
  Continue.
  In the console tree, click Inbound rules.
  In the list of firewall exception rules, look for COM+ Network Access (DCOM In).
  If the firewall exception rule is not enabled, in the details pane click
  Enable rule, and then scroll horizontally to confirm that the protocol is
  TCP and the LocalPort is 135. Close Windows Firewall with Advanced Security.
  Review available Extended RPC Error information for this event in Event Viewer
  To review available Extended RPC Error information for this event in Event Viewer:
  Click Start, and then click Run.
  Type comexp.msc, and then click OK. If the
  User Account Control dialog box appears, confirm that the action it displays is what you want, and then click
  Continue.
  Under Console Root, expand Event Viewer (Local).
  In the details pane, look for your event in the Summary of Administrative Events, and then double-click the event to open it.
  The Extended RPC Error information that is available for this event is located on the
  Details tab. Expand the available items on the Details tab to review all available information. 
  For more information about Extended RPC Error information and how to interpret it, see Obtaining Extended RPC Error Information (http://go.microsoft.com/fwlink/?LinkId=105593).
  Best regards,
  Niko Cheng
  TechNet Community Support

• Best Practice Analyzer database mismatch error

  Hi all,
  I am getting the following critical error when I run the BPA on a couple of our BizTalk servers and wondered if anyone had seen the same?
  "The version of BizTalk Server does not Match the Version of BizTalk Management Database Schemas"
  I am using v1.2 of BPA aagainst a BizTalk 2010 install.
  This has only surfaced since we upgraded from BizTalk 2009 R2 BUT not on all of our environments.
  It does not seem to be causing any runtime issues however as all applications seem to be running fine!!
  Looking at the BizTalkDBVersion tables in SQL everything looks the same on servers which present this error and those that do not i.e. There is an entry for version 3.9.469.0 ... which matches the BizTalk Server version reported in the registry
  at "\HKLM\Software\Microsoft\BizTalk Server\3.0\Product Version\"
  The only thing I can see is that as this was an upgrade there is also an entry in the
  BizTalkDBVersion tables for the 2009R2 version (3.8.368.0), so maybe the BPA is selecting this value and comparing against the regisrty version?]
  However, this doesn't explain why I see this issue on 2 upgraded servers but not the 3rd? 
  Any ideas?
  Regards,
  Dave

  Hi Dave,
  There is no version as BizTalk 2009 R2. v3.8.368.0 refers to BizTalk 2009 (not R2).
  The above error occurred because BizTalk Server Best Practices Analyzer has detected that the version of BizTalk Server does not match the version of the BizTalk Database Schemas. This can happen if the BizTalk database was deleted and then restored
  with an incorrect database.
  Check the version of SQL Server upgraded against the version of BizTalk server.
  Reference BPA Help file:
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Best Practice Analyzer for Exchange 2013

  Greetings,
  I have upgraded the messaging infrastructure from Exchange 2007 to Exchange 2013.
  I want to test the Health of the system through ExBPA for Exchange 2013.
  But i don't find any setup for Exchange 2013 like it was in 2010.
  I went through an article by Office365 community, according to which for In-premises Exchange also we need to have office 365 account (can use trial account also) to get the downloader file for ExBPA 2013.
  http://community.office365.com/en-us/w/deploy/office-365-best-practices-analyzer-for-exchange-server-2013.aspx
  But to run the setup the servers needs to be connected to internet.
  And, i don't want to expose my environment to internet in any condition.
  Somebody, please suggest me if there is any setup available so that i can install directly without exposing to internet.
  Thanks in advance.
  Best Regards,
  K2

  Welcome to Exchange 2013.
  Exchange Server 2013 doesn't come with ExBPA for health check. This might help
  http://exchangeserverpro.com/powershell-script-health-check-report-exchange-2010/
  Apart from that you can run these commands too
  Get-ServerHealth -Identity Exchange2013ServerName
  Test-ServiceHealth
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Best Practice Analyzer Results: Health Report Error EDS AlertValue Unhealthy.

  I ran the Microsoft Office 365 Best Practices Analyzer Beta 1.0 and I get the following error:
  C:\windows\system32>Get-healthreport -rollupgroup
  servername.. then I got lots of results.. I narrow it to the following!
  PSComputerName          : kaneex13.kanecpas.local
  RunspaceId              : 85204a86-04f3-4779-9cad-3092ebfe3435
  PSShowComputerName      : False
  Server                  : kaneex13.kanecpas.local
  CurrentHealthSetState   : NotApplicable
  Name                    : MaintenanceFailureMonitor.EDS
  TargetResource          :
  HealthSetName           : EDS
  HealthGroupName         : ServiceComponents
  AlertValue              : Unhealthy
  FirstAlertObservedTime  : 2/6/2015 9:12:57 AM
  Description             :
  IsHaImpacting           : False
  RecurranceInterval      : 300
  DefinitionCreatedTime   : 2/6/2015 8:58:03 AM
  HealthSetDescription    :
  ServerComponentName     : None
  LastTransitionTime      : 2/6/2015 9:12:57 AM
  LastExecutionTime       : 2/6/2015 12:38:00 PM
  LastExecutionResult     : Succeeded
  ResultId                : 57636932
  WorkItemId              : 94
  IsStale                 : False
  Error                   :
  Exception               :
  IsNotified              : False
  LastFailedProbeId       : -301690410
  LastFailedProbeResultId : 351526122
  ServicePriority         : 0
  Identity                : EDS\MaintenanceFailureMonitor.EDS\
  IsValid                 : True
  ObjectState             : New
  I try to fix it and this is my findings!!
  https://technet.microsoft.com/en-us/library/ms.exch.scom.eds(v=exchg.150).aspx
  I'm running Exchange 2013 on Server 2012

  Hi,
  Based on my research, it’s a known issue that there will be 1006 error in the application log after we install a new Exchange 2013 server:
  http://social.technet.microsoft.com/Forums/en-US/5ab1a91a-ccd4-49fb-a451-159592fc85d4/msexchangediagnostics-error-1006-logical-to-physical-size-ratio-free-megabytes?forum=exchangesvradmin
  And it can be resolved by setting the value of DriveSpaceTrigger to false:
  http://windowsitpro.com/blog/case-erroneous-disk-space-checker
  In your case, we can firstly try to restart the MS Exchange Diagnostics Service.
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  If you have any question, please feel free to let me know.
  Thanks,
  Angela 
  Angela Shi
  TechNet Community Support

• Office 365 Best Practices Analyzer requirements

  Can you install the office 365 BPA from a windows 7 workstation, or do you need to install it on the Exchange Server itself, and run it from there?

  Hi cf090,
  This depends on which BPA you are trying to run. If you are running Office 365 Best Practices Analyzer for Exchange Server 2013 then this needs to be installed on your Exchange server (you can see the requirements here: http://community.office365.com/en-us/w/deploy/office-365-best-practices-analyzer-for-exchange-server-2013-requirements.aspx)
  There are other BPAs for O365 such as Office 365 Best Practices Analyzer for your PC but this is designed to see if your PC supports O365 not Exchange. More details here: http://community.office365.com/en-us/w/deploy/office-365-best-practices-analyzer-for-your-pc.aspx
  Hope this answers your question! 
  Mike 
  Mike Parker | MCSE - Messaging | www.cloudbusiness.com</ a>

• License type of SQL Server 2005 Best Practices Analyzer

  Hi everybody.
  I need to install in my organization the software "SQL Server 2005 Best Practices Analyzer" but I need to know if this application it's free licensing. I have seen on several web sites about this tool it's free but not in official microsoft
  web page. So, where can I find the official microsoft information about the type of licensing of "SQL Server 2005 Best Practices Analyzer" ?
  Thanks of your support

  Hello Erland.
  I followed your advice and I have read the terms of use of this software. I stop at point 3 (which I highlighted). Based on this point, I doubt it is about using this application. Furthermore nowhere says that this software is free to use.
  Would appreciate if someone can clarify this to me.
   =============================================================
  MICROSOFT SOFTWARE LICENSE TERMS
  MICROSOFT SQL SERVER 2005 BEST PRACTICES ANALYZER:
  These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. 
  Please read them.  They apply to the software named above, which includes the media on which you received it, if any. 
  The terms also apply to any Microsoft
  *  updates,
  *  supplements,
  *  Internet-based services, and
  *  support services
  for this software, unless other terms accompany those items. 
  If so, those terms apply.
  BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. 
  IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE.
  If you comply with these license terms, you have the rights below.
  1. 
  INSTALLATION AND USE RIGHTS.  You may install and use any number of copies of the software on your devices.
  2. 
  INTERNET-BASED SERVICES.  Microsoft provides Internet-based services with the software. 
  It may change or cancel them at any time.
  3. 
  SCOPE OF LICENSE.  The software is licensed, not sold. This agreement only gives you some rights to use the software. 
  Microsoft reserves all other rights. 
  Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. 
  In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. 
  You may not
  *  work around any technical limitations in the software;
  *  reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;
  *  make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;
  *  publish the software for others to copy;
  *  rent, lease or lend the software;
  *  transfer the software or this agreement to any third party; or
  *  use the software for commercial software hosting services.
  4. 
  BACKUP COPY.  You may make one backup copy of the software. 
  You may use it only to reinstall the software.
  5. 
  DOCUMENTATION.  Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes.
  6. 
  EXPORT RESTRICTIONS.  The software is subject to United States export laws and regulations. 
  You must comply with all domestic and international export laws and regulations that apply to the software. 
  These laws include restrictions on destinations, end users and end use. 
  For additional information, see www.microsoft.com/exporting.
  7. 
  SUPPORT SERVICES.  Because this software is "as is," we may not provide support services for it.
  8. 
  ENTIRE AGREEMENT.  This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services.
  9. 
  APPLICABLE LAW.
  a.  United States.  If you acquired the software in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. 
  The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
  b.  Outside the United States.  If you acquired the software in any other country, the laws of that country apply.
  10. 
  LEGAL EFFECT.  This agreement describes certain legal rights. 
  You may have other rights under the laws of your country. 
  You may also have rights with respect to the party from whom you acquired the software. 
  This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
  11. 
  DISCLAIMER OF WARRANTY.  THE SOFTWARE IS LICENSED "AS-IS." 
  YOU BEAR THE RISK OF USING IT.  MICROSOFT GIVES NO EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS. 
  YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. 
  TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
  12. 
  LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES.  YOU CAN RECOVER FROM MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. 
  YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
  This limitation applies to
  *  anything related to the software, services, content (including code) on third party Internet sites, or third party programs; and
  *  claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.
  It also applies even if Microsoft knew or should have known about the possibility of the damages. 
  The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.
  Please note: As this software is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French.

• IPS Tech Tips: IPS Best Practices with Cisco Remote Management Services

  Hi Folks -
  Another IPS Tech Tip coming up and this time we will be hearing from some past and current Cisco Remote Services members on their best practice suggestions. As always these are about 30 minutes of content and then Q&A - a low cost high reward event.
  Hope to see you there.
  -Robert
  Cisco invites you to attend a 30-45 minute Web seminar on IPS Best   Practices delivered via WebEx. This event requires registration.
  Topic: Cisco IPS Tech Tips - IPS Best Practices with Cisco Remote Management   Services
  Host: Robert Albach
  Date and Time:
  Wednesday, October 10, 2012 10:00 am, Central Daylight Time (Chicago,   GMT-05:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=203590900&t=a&EA=ralbach%40cisco.com&ET=28f4bc362d7a05aac60acf105143e2bb&ETR=fdb3148ab8c8762602ea8ded5f2e6300&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click   "Submit".
  Once the host approves your registration, you will receive a confirmation   email message with instructions on how to join the event.
  For assistance
  http://www.webex.com
  IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and   any documents and other materials exchanged or viewed during the session to   be recorded. By joining this session, you automatically consent to such   recordings. If you do not consent to the recording, discuss your concerns   with the meeting host prior to the start of the recording or do not join the   session. Please note that any such recordings may be subject to discovery in   the event of litigation. If you wish to be excluded from these invitations   then please let me know!

  Hi Marvin, thanks for the quick reply.
  It appears that we don't have Anyconnect Essentials.
  Licensed features for this platform:
  Maximum Physical Interfaces       : Unlimited      perpetual
  Maximum VLANs                     : 100            perpetual
  Inside Hosts                      : Unlimited      perpetual
  Failover                          : Active/Active  perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 2              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 250            perpetual
  Total VPN Peers                   : 250            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  This platform has an ASA 5510 Security Plus license.
  So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license?

• Lync2013 Best Practices Analyzer can not scan the edge server details

  Hi All,
  I encount one strange question that the Lync 2013 Best Practices Analyzer tool can find there's one edge server in the lync infrastructure when scanning, but the scan result does not display the edge server details as front end server (front end server can
  scan all details like hardware CPU, fqdn and so on. But the edge server has not)
  Anyone can help, much appreciated.
  Elva

  It seems a network issue.
  You should check you have the proper network access to Lync Edge Server as Lync Edge Server is not in the same subnet of Lync Front End Server.
  Lisa Zheng
  TechNet Community Support

• Where is Best Practices Analyzer for SQL Server 2014?

  Hi! Does anyone have a news about new version of BPA for SQL Server?

  Hi,
  The latest version of Best Practices Analyzer for SQL Server is SQL Server 2012 Best Practices Analyzer.
  You can download it from
  http://www.microsoft.com/en-us/download/details.aspx?id=29302
  I will update this thread when there is any update for SQL Server 2014 version.
  Thanks.
  Tracy Cai
  TechNet Community Support

• Windows 2008 R2 domain controllers with Windows 2003 forest functional level Supported after Windows 2003 support ends in July 2015

  Hi
  Anyone knows whether Windows 2008 R2 domain controllers with Windows 2003 forest functional level will still be Supported after Windows 2003 support ends in July 2015 ?
  Thanks

  When Windows Server 2003 support ends, you should not have a Windows Server 2003 Domain Controller running if you would like to be supported by Microsoft. This means that there will be no reason to have a DFL or FFL that is lower than Windows Server 2008.
  So, if you are keeping Windows Server 2003 FFL to keep DCs running Windows Server 2003 then this is not supported.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Best practice for using remote control under limited rights?

  Hi. We are getting ready to take admin rights away from our users and make them standard users. We plan to utilize Zen for most of our in-scope applications so that we can allow users to install supported software. There is usually no problem in that case because Zen can elevate to System access during the install. However, we know that there are applications out there that a user may want to install that is not packaged in Zen. Also, in the event that a system setting needs to be changed, we will have to have a method for supporting this. In either case, the user will call our help desk. Unfortunately, the user will not have enough rights to do the install or system change even if the help desk associate remote control's the PC. What is the best practice to handle this situation in a Netware/Zenworks environment where users only have limited access?
  I was thinking of three possibilities:
  1.) The obivous one is to send a technician over to log in using local admin credentials to install the software or perform the change. (Drawback - not very efficient because a desktop tech would have to get over to the user's PC to perform the work)
  2.) Have the help desk engineer log out of the machine through remote control, log back in as local admin to install the software or perform the change. (Drawback - not very convienant and time consuming.)
  3.) Have the help desk engineer use the "run as" command or even create a Zen application object that could be executed to provide temporary rights for installing software or making system changes. Aaron Margosis of Microsoft writes about this quite a bit in his blog Aaron Margosis' "Non-Admin" WebLog : Table of Contents (Aaron Margosis' Non-Admin WebLog) (Drawback - some software or settings will not work properly using this technique)
  The last one that I didn't list was creating a new application object. I did not factor this one in because this isn't always applicable to system changes and we really don't want to be making app objects for every out of scope app that exists in the user community. We typically only make them for widely used and supported apps.
  Your feedback is appreciated.
  Thanks

  Originally Posted by spond
  Joshbilsky,
  how about
  4) use the remote execute option to remotely launch an app as admin?
  Shaun Pond
  That's probably an option that we will make available. I wasn't sure how some things will work under the SYSTEM context vs local admin.