Archive

Posts Tagged ‘Server 2008 R2’

Remote Share and Storage Management error

July 25, 2011 Leave a comment

On our network we kept running into problems trying to use the remote management tools and we finally found the problem.  The network is locked down pretty hard with DISA security settings and it was one of those settings that caused the problem.  This is seen when you try to use computer management, connect to the server, and try to access the disk management section.  It gives and access denied error.  We just worked around it by using RDP and directly accessing the server.  A couple weeks ago we decided it was time to implement DFS with two file servers for redundancy.  When trying to use the Share and Storage Management RSAT tool we couldn’t connect to the virtual disk service.  Everything I found pointed to the firewall but they were configured properly.  The file servers are running 2008R2 SP1 and the client management workstations are Windows 7 Enterprise with SP1.  We implement all of the DISA security settings via GPO so we were able to create a test OU to play with GPO settings.  It turns out that in a DISA environment, the setting for ‘Access this computer from the network’ was the culprit.  When we added ‘Authenticated User’ everything works again.  It seems that the systems need to be able to ‘talk’ using their computer accounts.  Since these accounts are still authenticated it was no problem getting security to grant an exception.  Hopefully this helps someone else out there.

Advertisements

Cisco RADIUS configuration with Server 2008 R2

November 11, 2010 23 comments

Configuring Cisco devices to authenticate via Active Directory isn’t a common practice. From what I’ve seen, most network admins simply have passwords set on the vty lines and an enable password set. Amazingly it seems most passwords are either cisco or cisco123. I couldn’t find very many resources out there for how to set things up so after much trial and error I finally have it working so I’m posting it here in hopes it will help someone else. Later I’ll be trying to get 802.1x wired authentication going but this is a start. Read more…