How To remotely manage IIS from Client Computers

Several months ago we had one IIS server, and connecting to it over RDP was not a problem.

But now, since we got 4 IIS server on F5 NLB, Its quite problematic to connect to 4 IIS servers over RDP.
So I managed to install IIS administration, and I’m about to show you how.

First of all when installing IIS on the server, also check Management Service

When Installed


open IIS console, navigate to Management Service and open it.

Check Enable remote connections
If you plan to have local IIS managers, check Windows credentials or IIS Manager credentials
If you plan to manage IIS only with domain users, then check Windows credentials only

Leave IP address All Unassigned with manage port 8172 (IF YOU HAVE FIREWALL ENABLED, YOU MUST CREATE INBOUND RULE FOR THE PORT 8172)
For SSL certificate choose Server certificate (FQDN of the server)

And for more security, you can configure if you want to allow or deny some IP address on your LAN or WAN network. Depends from where are you planning to mange IIS.

When you completed the configuration, on the right side, press Apply ,and then Start.
One more step is to allow users to remotely connect to IIS server. Open IIS Manager Users.

For remote local admin users on IIS
On the right side press Add User.
User name: username
Password: Password from domain

This was configuration on the server, for more servers, repeat these steps on all of them. If you have NLB, you must do this on all of them!

Now, on the client side:
Go to Add Programs and Features and click on Turn Windows Features on or off
Click under Internet Information Services – Web Management Tools – IIS Management Console

After installation, download IIS Manager for Remote Administration 1.2, this gives you option to connect to remote server or site.
After installation, open your local IIS Manager, and connect to remote server:
Username must be entered with suffix, or else it will return an error Unauthorised.
Enter domain password for that user.

Enter the name of connection

When done, you will have a list of remotely managed IIS servers.

Good Luck

Pair your PC or Notebook with YouTube on smart TV

I have an IPhone, and when I watch YouTube on it, I can stream the video directly to my Smart TV. Since playing YouTube videos directly on Smart TV YouTube app is unpractical, I wondered If I could connect my Laptop with my Smart TV.
And I did it with a help of Google Chrome. I knew that Google Chrome has developer option, in which you can set the rendering of the web page for some mobile and tablet devices.

So in Google Chrome go to Tools – Developer Tools.

press image

Press Emulate

Restart Chrome, open YouTube and in the upper right corner of video press Stream to TV.image

Good Luck

Active Directory User Auditing – SCOM 2012

In my last chapter I was talking about User AD account audit with power shell scripting and Task Scheduler. I also provided an list of Event IDs.
This time I will show you how to create those notification through System Center Operations Manager.

In OM  Console open Authoring,

the next thing is to go to rules and create new one.

These events are Security Events in NT Events, so we choose Alert Generating Rules, then Event Based, then NT Event Log

My suggestion is to create an Custom AD User Events Management pack in which to store those rules. It is easier to edit, or change some things if you have your own packs.

Now select Default Management Pack, or newly created AD Custom Pack,

After this, name your Rule, set Category and target.
Targets are Domain Controllers, which you defined when

Next, set logon type as security, because it is a security based rule.

Create expression for Event ID 4740 from Security Auditing

On the next screen, you have an option the design your own alert description, with Priority and Severity. I suggest you set for locked account to Low Warning.
Now in description you have an option to use already configured placeholders, or you can create your own.
When you create it, then you can test it by locking some account.

As you see, I have two Domain controllers, and account is locked on both, which is ok, since the DCs are synced.

Now you can create these rules for all the event IDs you like.

Good Luck

Active Directory User Auditing – Simple

For my Audit report, I had to create an audit list about creating,deleting,disabling,enabling,locking, unlocking my AD users.

Since we haven’t had a SCOM on our premises, I hade to come up with something that will trigger an e-mail to me with an event.
First of all you have to enable user auditing on Default GPO.


After that, I connected to my primary domain controller and created an Powershell script (with a little help from which sends an e-mail in HTML form to me, with some parameters.
First of all, it creates HTML file with a table, which then populates from Security Event under Event ID 4740. After it populates HTML file, this table sets as an body, and sends it to email addresses.

   1: #$DC = "DCServerName" 
   2: $Report= "C:\Admin\lockedaccount\locked.html" 

   3: $HTML=@" 

   4: <title>Account locked out Report</title> 

   5: <style> 

   6: BODY{background-color :#FFFFF} 

   7: TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;} 

   8: TH{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color: ThreeDShadow} 

   9: TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color: Transparent} 

  10: H2{color: #457dcf;font-family: Arial, Helvetica, sans-serif;font-size: medium; margin-left: 40px; 

  11: </style> 

  12: "@ 

  13: $Account_Name = @{n='Account name';e={$_.ReplacementStrings[-1]}} 

  14: $Account_domain = @{n='Account Domain';e={$_.ReplacementStrings[-2]}} 

  15: $Caller_Computer_Name = @{n='Caller Computer Name';e={$_.ReplacementStrings[-1]}} 

  16: $event= Get-EventLog -LogName Security -ComputerName $DC -InstanceId 4740 -Newest 1 | 

  17:    Select TimeGenerated,ReplacementStrings,"Account name","Account Domain","Caller Computer Name" | 

  18:    % { 

  19:      New-Object PSObject -Property @{ 

  20:       "Account name" = $_.ReplacementStrings[-7] 

  21:       "Account Domain" = $_.ReplacementStrings[5] 

  22:       "Caller Computer Name" = $_.ReplacementStrings[1] 

  23:       Date = $_.TimeGenerated 

  24:     } 

  25:    } 

  26:   $event | ConvertTo-Html -Property "Account name","Account Domain","Caller Computer Name",Date -head $HTML -body  "<H2> User is locked in the Active Directory</H2>"| 

  27:      Out-File $Report -Append 

  28: $MailBody= Get-Content $Report 

  29: $MailSubject= "User Account locked out" 

  30: $SmtpClient = New-Object 

  31: $ = "" 

  32: $MailMessage = New-Object 

  33: $MailMessage.from = “” 

  34: $MailMessage.To.add(“ 

  35: $MailMessage.Subject = $MailSubject 

  36: $MailMessage.IsBodyHtml = 1 

  37: $MailMessage.Body = $MailBody 

  38: $SmtpClient.Send($MailMessage) 

  39: del C:\Admin\lockedaccount\locked.html 

After creating this powershell script, the next step is to create an Event Trigger which will send this e-mail.
This is done through Task Scheduler.


This trigger works when Event with 4740 ID is generated in Security Event Viewer.


-command "& 'C:\Admin\lockedaccount\account_locked_out.ps1' "

The final result is this:



Now, you can do this with Unlock account 4767, or Disable account 4725 or deleted 4726etc.
I found out this site with lists of Event IDs : link

Good Luck

Windows Server NIC address error

We virtualized one of our servers with VMM2012 P2V. Conversion went like a charm, but there was some IP problems.
So, the VMM2012 converted NIC adapters, but he transferred addresses to Hyper-V Virtual Network adapter, because his physical adapters are no longer present.
The server was up and running in virtual environment, but I hade to make some modifications to NIC.
then I received an error:

“The IP address X.X.X.X you have entered for this network adapter is already assigned to another adapter……”

So that means that no longer present adapter has the same address as the new virtual one.
Now, first of all we must go to device manager, but we must be able to see also nonpresnet adapters.
Open CMD as admin on that machine:
set devmgr_show_nonpresnet_devices=1
start devmgmt.msc

On View menu select Show hidden devices.

Expand Network adapters, and uninstall old/no presented adapters.

I suggest restart the machine

Good Luck

Server – prevent registration of multiple IP to DNS from one server


I have a server with two IP addresses, one for internal network, one for external. But my server registers both IP addresses to DNS, and computers on internal network, sometimes get connection timeout.
The problem was solved when I disabled the DNS registration on the other NIC.

Go to TCP/IP v4 properties on NIC

Hit button Advanced

In DNS tab remove check mark on Register this connection’s addresses in DNS

now delete the A record, from DNS, with secondary IP and flushdns on computer with connection problem.


Good Luck

Uninistall of SC agents from Core OS

I deinstalled VMM 2012 from one server. But its agents remained on my Hyper-V core installation servers. How to uninstall them if no Add/Remove programs exist, or you dont have original agent.msi package?

On Core OS (2008 or 2012) run regedit
Go to HKLM\Software\Microsoft\Windows\Current Version\Uninstall
Expand Uninstall, then search in subfolders for string in DisplayName =”System Center Virtual Machine Manager Agent (x64)”, then you know this is a folder for VMM agent.
Now from that same folder copy entire string (example: MsiExec.exe /I{5142AB0B-73E3-4AD3-9D0F-65B3D9026769}) from UninstallString to CMD window in CoreOS and press Enter.

Good Luck

Windows: RPC server unavailable

Today I had some problem of connecting to some of Windows 7 machines. The error I recieved was: The RPC server is unavailable.
After searching some articles on the net, I found out that I need to enable RemoteAdmin firewall rule, and add DCOM TCP port 135 to Inbound rules.

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135

For port 135 there is a firewall rule Windows Management Instrumentation (DCOM-In) which needs to be enabled.

Good Luck