Category Archives: UNBLOG Tutorials (EN)

THINK UNBLOG Knowledge Network for Tutorials, Howto’s, Workaround, DevOps Code for Professionals. The posts are made on demand contributed by professionals

UNBLOG Tutorials (EN)

Server 2012 Enhanced Security Configuration

Home  »  UNBLOG Tutorials (EN)
Leave a comment

Disable enhanced security configuration for Internet Explorer

Newly installed Windows Server 2012 uses the so-called enhanced security configuration for Internet Explorer by default. This blocks the functions of the browser in such a way that it can no longer be used for websites from the Internet security zone. If you actually need a browser on a server, e.B. for MS software components of the required services for further installations, then this feature can of course be switched off.

how to do it

If you visit only a manageable number of sites, you can include them in the trusted sites group, where they are exempt from the strict restrictions of enhanced security configuration.

However, if you are annoyed by the constant security warnings, the restrictive setting can be deactivated.

Server Manager 2012
Server Manager 2012

Disable enhanced security configuration.

Enhanced security configuration for IE
Enhanced security configuration for IE Off

Internet Explorer security alerts no longer appear, but protection no longer exists. The new browser Microsoft Edge provides better protection against web pages with malicious code.

UNBLOG Tutorials (EN)

Exchange ActiveSync Event ID: 1053

Home  »  UNBLOG Tutorials (EN)
Leave a comment

Exchange Inbox remains empty after Add Account on Mobile

Symptom

Exchange administrators experience that the inbox on the smartphone remains empty, the folders are not synchronized. The Exchange account has been successfully added, but the inbox remains empty, even new mails do not appear.

Cause

Starting with Exchange 2003 SP1, inheritable permissions of the parent object have been disabled by default for members of protected groups, such as domain admins. In fact, every hour the DACL for members of protected groups is reset and inheritable permissions are removed. This process is called AdminSDHolder to avoid improper changes to protected groups.

Event viewer
Event viewer

Solution

Go to Active Directory Users and Computers and go to the user in question, go to Properties and Security, select the Advanced button and set the hack for Include inheritable permissions of the parent object, click Apply and close with OK. Permission is now granted for one hour to create the MsExchActiveSync object for the mobile device.

Enable inheritable permission
Inheritable permission

For Windows Server 2012 R2 and 2016, Active Directory Users and Computers must have Advanced Features enabled in the menu bar under View.

Under User Properties, go to the Security and Advanced tab.

Under User Properties, go to the Security and Advanced tab.

Click the button Activate inheritance, now AdminSDHolder will be active for one hour, in this time window the admin has the possibility to register the smartphone with the Exchange as a device. After that, the mailbox items are synchronized.