Tro inte på allt du tror!
Sigh this isnt the best solution but … it works…
When installing RDSH on the domain controller 2016 it uses the Windows Internal Database (a small SQL)
It does not allow it to run properly due to missing credentials…
add the following security identity to the ”log on as a service” rigths on the default domain controller policy.
https://support.microsoft.com/kb/274443
1. Set Share Permissions for the the correct group to full access (Sudgestionname: RDS_access_all_user)
2. Use the following settings for NTFS Permissions:
CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only)
System – Full Control (Apply onto: This Folder, Subfolders and Files)
Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files)
RDS_access_all_user – Modify (Apply onto: This folder only)
RDS_access_all_user – Read & Execute (Apply onto: This folder only)
RDS_access_all_user – List fodler content (Apply onto: This folder only)
RDS_access_all_user – read (Apply onto: This folder only)
RDS_access_all_user – write(Apply onto: This folder only)
Detta skript gör så man inte får fel i RDGW när man nyttjar det externa namnet från SSL certet.
# Kör detta på på 2016 ConnectionBrokermaskinen eleverat
Import-Module RemoteDesktop
get-rdserver
$clientAccessName = "remote.Kundnamn.se" # SSL namn...
$ConnectionBroker = "vrds04.hr.local"
# Ange nu brokern nedan
set-RDWorkspace -Name "Remote Deskop" -ConnectionBroker $ConnectionBroker
# Gör en backup av RD WEB
$Source = "C:\windows\Web\RDWeb"
$BackupDest = "c:\windows\web\backup\rdweb"
copy-item -Recurse $Source ($BackupDest +"\"+(Get-Date -format "yyyMMdhhmmss"))
# Branding av RDWEB
copy-item *.png ($Source + "\Pages\images")
#Fixa Cert namnen! 2 lägen finns Normal samt HA URL: -> https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
# I HA läge använder man sig av en sql för all last balansera... och då har man en connectionstring... kolla om vi har det ... null = nope och vi kör troligen inte i HA...
if ((iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "GetStringProperty" -ArgumentList @("DatabaseConnectionString") -ComputerName $ConnectionBroker -Authentication PacketPrivacy) -eq $null)
{
# Broker runns probably in HA mode Use Powershell
Set-RDClientAccessName -ConnectionBroker $ConnectionBroker -ClientAccessName $ClientAccessName
}
else
{
# Broker runns probably not i HA mode Use WMI!
#Kollar befintligt namn....
iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "GetStringProperty" -ArgumentList @("DeploymentRedirectorServer") -ComputerName $ConnectionBroker -Authentication PacketPrivacy
#Skriv in det nya namnet som sakll nyttjas (Samma som Certet man nyttjar tex remote.kundnamn.se; returnerar 0
iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "SetStringProperty" -ArgumentList @("DeploymentRedirectorServer",$ClientAccessName) -ComputerName $ConnectionBroker -Authentication PacketPrivacy -ErrorAction Stop
# kollar igen så vi lyckades ändrad namnet...
iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "GetStringProperty" -ArgumentList @("DeploymentRedirectorServer") -ComputerName $ConnectionBroker -Authentication PacketPrivacy
}
To gain a local admin password is rather simple on any machine that is not bitlocked or some how protected offline.
Setup:
Have/Make a bootable windows 10 USB stick…
#1 Boot windows media Press Shift+F10 to gain Commandprompt
#2 Change dir to local windows drive c:\windows\system32
#3 copy utilman.exe utilman.old
#4 copy cmd.exe utilman.exe
# ALT is to use sethc.exe… activates with Shift 5 times…
#5 reboot computer and boot into windows
#6 Press Windows + U and now a command prompt will appear outside windows logon. (Or shift 5 times…)
#7 Change current admin password with
Net user administrator newpassword
net user administrator /active:yes
If needed make a new account with
net user NewAdmin /add
net localgroup administrator NewAdmin /add
#8 Reboot and login with the new/changed account
Cleanup:
This probably needs a bit of extra high rights – installer etc..
Reset it the same way you setit up above will always work.
# Start a commandprompt as admin.
#Change dir to local windows drive c:\windows\system32
delete utilman.exe
Copy utilman.old utilman.exe
Press Windows + U to se controll comming upp ok
Or Shift 5 times if you are using Sethc.exe
Tested and works on:
Windows Server 2016 Technical Preview 5
Windows 7
Windows 10 1909
Windows Server 2012 R2