How to Access Windows 8 Action Center

Hello everyone!! Today i will show you one more tips for user using Windows 8!

Windows 8 was release in 2012 as Windows preview and bring new exxperience go into New Technologies today. In this tips i will show how to use Windows 8 Action Center. There two ways to access Windows 8 action center:

1. Access Windows 8 action centers through Control Penal.

2. Access Windows 8 action center through Flag on the tast bar Icon.

Ok i will show you step by step from the first until second ways, now let do it.

1. Access Windows 8 action centers through Control Penal:

Go to => Control Panel by click on windows Key + c to open Charm Bar panel then => Setting​​( show pic1)

then on the top of Setting panel Click on Control Panel to Open Control Panel Setting Windows Box​(show pic 2)

On the Control Panel Windows Click on System and Security then System and Security open up and on

the top of System and Security click on Action Center (show pic 3 & pic 4).

In Action Center click on Maintenance it will show up you many setting for you to chose and change 

what ever you think it best for your windows 8 ( show pic 5).

2.  Access Windows 8 action centers through Flag on the tast bar Icon.

The Second ways just easy to Access Windows 8 action centers then First way, but setting are follow

 the first Method because all setting are the same to each other. See Screen bellow for Access

 Windows 8 action centers through Flag on the task bar Icon. (Show pic 6). 

Enjoy my Tips, thank you. :)

4 ways useful in Windows 8.

Microsoft has been release New Windows with New Interface and Features,call windows 8. Windows 8 was born with many new features one of them is Metro style. Windows 8 was build in 3 ways to clean your hard drive in deep and effective and 1 ways search bar.

The three ways to clean your hard drive is the best tools for windows 8 and it come with windows 8 ready when your Computers install windows 8 on your hard drive. It

call drive tools. Drive Tools was provides three sub tools to user use to optimize , clean up, and format your hard drive. As show in the pictures: 

1. Optimize: When user click on optimize the pop up windows will appear and show with new windows (see picture), in the new windows will show you about all your hard drive was install on your computer. In the status box they are three type of your hard disk and they show 4 type of the information on your hard drive as drives, Media type, Last run, and Current status. Under the status box you will see Analyze and Optimize, now let me tell one-by-one:

-Analyze: before you can optimize your hard drive you need your computer to do an analyze your size of the Hard drive first, so now let click on analyze (see picture) the result will show in different it depend on how your drive has fragment  the picture show the result of my drive is 10% of fragment so mean that the windows has 10% fragment need to optimize, than let click on the Optimize and watch your Windows work and wait until your windows finish it, and you also can make it to fragment your drive daily, weekly, or Monthly just click on Change setting, (see picture)

2. Clean up: Now let me show you one more tools, clean up is the powerful and useful, with Clean up tools will let all user to clean up any files that you want to delete it from your computers such as Download files, Temporary internet files, Recycle Bin, Temporary files, Thumbnails, Per user achieved windows report., you can  clean up these files whatever you can by click and tick on the files you want and than click on Clean up files system and click ok. (see picture)

3. Format tools: Format Tools will let all user can format their hard drives except Drive C, because the windows can not format itself. You can format like memory cards or Flash drives and any externals Hard disk with those tools because it provide you a completed features. (Please see picture)

4. Search Tools: Microsoft was build new feature Search tools with kind of windows, but for Windows 8 the Search tools was up to date like windows 8 too. Now let watch what new with new windows search tools. They was provide 4 type also,such as Date Modified, Kinds, Size, and Others Properties. I will describe one by one in the follow:

- Date Modified: Date Modified it can use when you want to search your files and make a specific on the date of your files, so just click on the date that you think it was create on the specific date or the date that u use to copy from your friends than hit. (See picture bellow).

- Kind search: It refer to kind of files (extension) or document like Words document files type (exe, cap,.etc,), Music and Movies (mp3, mp4, avi, Dat, etc,) you just types the kinds of files and extension you want to search in search bar, for example i use kind of movie and extension.mp4 than hit search all files which has extension .mp4 will show up. (See Picture for the result of your search).

- Size of Search: You can use specific size of file for your search result, for example if you want to search one file and it contain file size large (1MB-16MB) than just click on the size of the search tools and the files will show up in the windows Search result, (see picture bellow)

- Others Properties Search: In Others Properties Search you can use like Folder path, Name, Tag, and extension, so in this types you can use one that you like and than hit search so all the files will show up follow your method you use, (see picture).

I hope you Enjoy my tips. :)

Password Replication Policy in Windows Server 2008.

In the previous lesson we installed an RODC, to continue we will create a branchofficeusers security group and populate it with users. We will then create a password replication policy, monitor credential caching, and prepopulate credentials on the RODC.In this scenario we will create 3 users Jim Bean, Paul Gray and Mike Stand.

Jim and Paul will become members of the branchofficeusers group, Mike Stand will not be added to the group;his credentials will be prepopulated later. All three users will be added to the print operators group in order to allow them to logon to the Domain controller locally. This action is not recommended in production environments and is only used for testing purposes.

On DC1 open Active directory Users and computers. Right click Builtin and select New>Group. Group name branchofficeusers, click OK. On DC1 open Active directory Users and computers. Right click Users and select New>User. Fill in User’s details and click Next. Type in password and confirm password and click Next. Repeat process for other users, Paul Gray and Mike Stand. Click finish to complete.

Select users Jim Bean and Paul Gray – Right click and select add to a group. Specify branchofficeusers and click OK.

Add to group

All three users will be added to the print operators group in order to allow them to logon to the Domain controller locally. This action is not recommended in production environments and is only used for testing purposes.

Right click branchofficeusers group and select Add to a group. Specify the Print Operators group and click OK.

Configure RODC-Specific Password Replication Policy

To facilitate the management of PRP, Windows Server 2008 creates two domain local security groups in the Users container of Active Directory. The first, named Allowed RODC Password Replication Group, is added to the Allowed List of each new RODC. By default, the group has no members. Therefore, by default, a new RODC will not cache any user’s credentials. If there are users whose credentials you want to be cached by all domain RODCs, add those users to the Allowed RODC Password Replication Group.

The second group is named Denied RODC Password Replication Group. It is added to the Denied List of each new RODC. If there are users whose credentials you want to ensure are never cached by domain RODCs, add those users to the Denied RODC Password Replication Group. By default, this group contains security-sensitive accounts that are members of groups including Domain Admins, Enterprise Admins, and Group Policy Creator Owners.

The two groups described in the previous section provide a method to manage PRP on all RODCs. However, to support a branch office scenario most efficiently, you need to allow the RODC in each branch office to cache user and computer credentials in that specific location. Therefore, you need to configure the Allowed List and the Denied List of each RODC.

In the Domain Controllers OU, right click branchrodc, Select Properties. Select Password Replication Policy. Click Allowed RODC Password Replication Group. Select Members. By Default the group is empty. Click Denied RODC Password Replication Group. Select Members. By default, this group contains security sensitive accounts that are members of groups including Domain Admins, Enterprise Admins, and Group Policy Creator Owners. In the Allowed Password Replication Group Properties Members Tab click Add. Specify branchofficeusers and click OK. Branch office user’s credentials will be cached by the server.

Monitor Credential Caching

The 3 users we created previously will logon to the RODC so we can monitor the caching. Remember Mike Stand was not a member of the branchofficeusers group, his credentials should not be cached by the RODC. We will use his account to prepopulate his password to the RODC.

After the users have logged on and off, on DC1 open the Domain controllers OU. Right click the RODC and select Properties. Select Password Replication Policy. Click Advanced. Note the two members of the branchofficeusers group, passwords are stored in Accounts whose passwords are stored on this read-only domain controller. Mike Stand’s password has not been stored. Mike Stand’s password  is in the Accounts that have been authenticated to this read-only domain controller. Mike Stand’s password can be prepopulated to this RODC. Click Prepopulate Passwords. Specify Mike Stand’s account and click OK. Click Yes. Mike Stand’s password cannot be prepopulated because we did not add him to the allowed list. Return to the Password Replication Policy box and select Add. . Then select Allow passwords for the account to replicate to the RODC. Click OK. Specify Mike Stand’s account and click OK. Mike Stand’s password can be prepopulated to this RODC. Click Prepopulate Passwords. Specify Mike Stand’s account and click OK. Click Yes. Click OK. Mike Stand’s password is now stored on the RODC. Click Close. Click OK.

Remember in order for a user to logon when no Writeable domain controller is available, both the User’s and the Computer’s passwords must be stored on the RODC. Enjoy your reading.

Configuring a Read-Only Domain Controller in window Server 2008.

Consider an enterprise that is characterized by a main site and  branch offices. The branch offices connect to the main site over WAN links that might be congested, expensive, slow, or unreliable. Users in the branch office must be authenticated by Active Directory to access resources in the domain. Should a DC be placed in the branch office?

If a DC is not placed in the branch office, authentication and service ticket activities will be directed to the main site over the WAN link. Authentication occurs when a user first logs on to his or her computer in the morning. Service tickets are a component of the Kerberos authentication mechanism used by Windows Server 2008 domains.

If a DC is placed in the branch office, authentication is much more efficient, but there are several potentially significant risks.

A DC maintains a copy of all attributes of all objects in its domain, including secrets such as information related to user passwords. If a DC is accessed or stolen, it becomes possible for a determined expert to identify valid user names and passwords, at which point the entire domain is compromised. At a minimum, you must reset the passwords of every user account in the domain. Because the security of servers at branch offices is often less than ideal, a branch office DC poses a considerable security risk.

A second concern is that the changes to the Active Directory database on a branch office DC replicate to the hub site and to all other DCs in the environment. Therefore, corruption to the

branch office DC poses a risk to the integrity of the enterprise directory service. For example, if a branch office administrator performs a restore of the DC from an outdated backup, there

can be significant repercussions for the entire domain.

The third concern relates to administration. A branch office domain controller might require maintenance, for example, a new device driver. To perform maintenance on a standard domain controller, you must log on as a member of the Administrators group on the domain controller, which means you are effectively an administrator of the domain. It might not be appropriate to grant that level of capability to a support team at a branch office.

Read-Only Domain Controllers

The RODC is designed specifically to address the branch office scenario. An RODC is a domain controller, typically placed in the branch office, that maintains a copy of all objects in the domain and all attributes except secrets such as password-related properties. When a user in the branch office logs on, the RODC receives the request and forwards it to a domain controller in the main site for authentication.

You are able to configure a password replication policy (PRP) for the RODC that specifies user accounts the RODC is allowed to cache. If the user logging on is included in the PRP, the RODC caches that user’s credentials, so the next time authentication is requested, the RODC can perform the task locally. As users who are included in the PRP log on, the RODC builds its cache of credentials so that it can perform authentication locally for those users.

Because the RODC maintains only a subset of user credentials, if the RODC is compromised or stolen, the effect of the security exposure is limited; only the user accounts that had been

cached on the RODC must have their passwords changed. Writable domain controllers maintain a list of all cached credentials on individual RODCs. When you delete the account of the stolen or compromised RODC from Active Directory, you are given the option to reset the passwords of all user accounts that were cached on the RODC.

The RODC replicates changes to Active Directory from DCs in the main site. Replication is one way (from a writable domain controller to a RODC); no changes to the RODC are replicated to any other domain controller. This eliminates the exposure of the directory service to corruption resulting from changes made to a compromised branch office DC. Finally, RODCs, unlike writable DCs, have a local Administrators group. You can give one or more local support personnel the ability to maintain an RODC fully, without granting them the equivalence of domain administrators.

Installing an RODC

An RODC must replicate domain updates from a writable domain controller running Windows Server 2008. It is critical that an RODC is able to establish a replication connection with a writable Windows Server 2008 domain controller. Ideally, the writable Windows Server 2008 domain controller should be in the closest site to the main site. In the following lesson we will create an RODC called Branchrodc attached to the Es-net domain. We will create a branch office security group and users, then configure a Password Replication Policy (PRP)

Type dcpromo in the run box and click OK. Check if Active Directory binaries are installed. Active Directory installation wizard starts. Click Next to continue. Operating System compatibility page click Next. Ensure add a domain controller to an existing domain is checked and click Next.

Enter domain you wish to join and specify credentials, then click Next. Select domain then click Next. Select site for new domain controller and click Next. Ensure Global Catalog and Read-only domain controller (RODC) are checked and click Next. Click Next. Type in and confirm restore mode password and click Next. Review selections and click Next. Installation of Active Directory begins. Installation completed. Click Finish. To complete the install click Restart Now. Enjoy your reading :)

Auditing Authentication in Windows Serve 2008

When a user logs on to any computer in the domain using his or her domain user account, a domain controller authenticates the attempt to log on to the domain account. This generates an account logon event on the domain controller.

The computer to which the user logs on for example, the user’s desktop generates a logon event. The computer did not authenticate the user against his or her account; it passed the account to a domain controller for validation. The computer did, however, allow the user to log on interactively to the computer. Therefore, the event is a logon event. When the user connects to a folder on a server in the domain, that server authorizes the user for a type of logon called a network logon. Again, the server does not authenticate the user; it relies on the ticket given to the user by the domain controller. But the connection by the user generates a logon event on the server.

Open Group Policy Management. Expand Domain Controllers OU. Right Click the Default Domain Controllers Policy. Select Edit. Expand Computer Configuration>Windows Settings>Security Settings. Click Audit Policies. Right click Audit account logon events and select Properties. Select Define these policy settings and select Success and Failure. Click OK. Right click Audit logon events and select Properties. Select Define these policy settings and select Success and Failure. Click OK. Both audit policies are enabled. Close the dialogue box. In order to test the audit policy the Administrator will attempt to log on with an incorrect password. Close Group Policy Management and try it.

After some failed logons check event viewer security log. Note the Audit Failures. Double click an event for more detail. These are the event’s details. You can also access Microsoft’s online database for more information about any event. Close all open dialogue boxes to return to the desktop. Enjoy your reading :)

Configuring Password and Lockout Policies in windows Server 2008

In a Windows Server 2008 domain, users are required to change their password every 42 days, and a password must be at least seven characters long and meet complexity requirements including the use of three of four character types: uppercase, lowercase, numeric, and non alphanumeric.

hree password policies—maximum password age, password length, and password complexity—are among the first policies encountered by administrators and users alike in an Active Directory domain. Rarely do these default settings align precisely with the password security requirements of an organization. Your organization might require passwords to be changed more or less frequently or to be longer.
There are exceptions to every rule, and you likely have exceptions to your password policies.
To enhance the security of your domain, you can set more restrictive password requirements for accounts assigned to administrators, for accounts used by services such as Microsoft SQL Server, or for a backup utility. In earlier versions of Windows, this was not possible; a single password policy applied to all accounts in the domain.In this lesson, you will learn to configure fine-grained password policies, a new feature in Windows Server 2008 that enables you to assign different password policies to users and groups in your domain.

If the new password meets requirements, Active Directory puts the password through a mathematical algorithm that produces a representation of the password called the hash code. The hash code is unique; no two passwords can create the same hash code. The algorithm used to create the hash code is called a one-way function. You cannot put the hash code through a reverse function to derive the password. The fact that a hash code, and not the password itself, is stored in Active Directory helps increase the security of the user account.

The password settings configured in the Default Domain Policy affect all user accounts in the domain. The settings can be overridden, however, by the password-related properties of the individual user accounts. On the Account tab of a user’s Properties dialog box, you can specify settings such as Password Never Expires or Store Passwords Using Reversible Encryption. For example, if five users have an application that requires direct access to their passwords, you can configure the accounts for those users to store their passwords, using reversible encryption.

In this lesson, you will learn how to implement your enterprise’s password and lockout policies by modifying the Default Domain Policy Group Policy object (GPO).

Click Group Policy Management. Expand the domain. Right Click Default Domain policy and click Edit. Expand – Computer Configuration>Policies>Windows Settings>Security Settings. Expand Account Policies. Select Password Policies. Right Click Maximum password age and select Properties. Change Password will expire in: to 30 days. Click OK. Maximum password age is now set to 30 days. Next select Account lockout policy and right click Account lockout threshold and select Properties. Set invalid logon attempts to 3. When you Click OK Windows will suggest values for the remaining policies, Click OK to accept these. The suggested values can be changed later. Click OK. The Account lockout policy is now configured. All open dialogue boxes can now be closed.

Fine-Grained Password and Lockout Policy

You can also override the domain password and lockout policy by using a new feature of Windows Server 2008 called fine-grained password and lockout policy, often shortened to simply fine-grained password policy.
Fine-grained password policy enables you to configure a policy that applies to one or more groups or users in your domain. To use fine-grained password policy, your domain must be at the Windows Server 2008 domain functional level. To raise the domain functional level open Active Directory Users and Computers.

Right click the domain and select Raise domain functional level. Select Windows Server 2008 and click Raise. Warning Raising the domain functional level cannot be reversed. Click OK to continue. Click Close to complete.

Fine-Grained Password and Lockout Policy

The settings managed by fine-grained password policy are identical to those in the Password Policy and Accounts Policy nodes of a GPO.
However, fine-grained password policies are not implemented as part of Group Policy, nor are they applied as part of a GPO. Instead, there is a separate class of object in Active Directory that maintains the settings for fine-grained password policy: the password settings object (PSO).

Most Active Directory objects can be managed with user-friendly graphical user interface (GUI) tools such as the Active Directory Users and Computers snap-in. You manage PSOs, however, with low-level tools, including ADSI Edit.

In this exercise, you will create a PSO that applies a restrictive, fine-grained password policy to users in the Domain Admins group. Before you proceed with this exercise, confirm that the Domain Admins group is in the Users container. If it is not, move it to the Users container.

Click Administrative tools>ADSI Edit. Expand the domain. Expand CN=System. Select CN=Password Settings Container. Right click and select New>Object. Click Next to continue. Type a name for the new object and click Next.

PSO Precedence and Resultant PSO

A PSO (Password Settings Object) can be linked to more than one group or user, an individual group or user can have more than one PSO linked to it, and a user can belong to multiple groups. So which fine grained password and lockout policy settings apply to a user? One and only one PSO determines the password and lockout settings for a user; this PSO is called the resultant PSO. Each PSO has an attribute that determines the precedence of the PSO. The precedence value is any number greater than 0, where the number 1 indicates highest precedence. If multiple PSOs apply to a user, the PSO with the highest precedence (closest to 1) takes effect.

Set the Precedence value to 1 and click Next. Type False The password is not stored using reversible encryption and click Next. Type 30 The user cannot reuse any of the last 30 passwords and click Next. Type True Password complexity rules are enforced and click Next. Type 10 Password must be at least 10 characters in length and click Next. Type 1:00:00:00. A user cannot change his or her password within one day of a previous change. The format is d:hh:mm:ss (days, hours, minutes, seconds) and click Next. Type 45:00:00:00. The password must be changed every 45 days and click Next. Type 5. Five invalid logons within the time frame specified by (the next attribute) will result in account lockout and click Next. Type 0:01:00:00. Five invalid logons (specified by the previous attribute) within one hour will result in account lockout and click Next. Type 0:01:00:00. An account, if locked out, will remain locked for one hour or until it is unlocked manually. A value of zero will result in the account remaining locked out until an administrator unlocks it and click Next. The attributes listed are required. After clicking Next on the msDS-LockoutDuration attribute page, you will be able to configure the optional attribute. Click the More Attributes button.

In the Edit Attributes box, type CN=DomainAdmins,CN=Users,DC=es-net,DC=co,DC=uk
and click Set. Click OK. The new PSO is now active.

Resultant PSO

To identify the PSO that controls the password and lockout policies for an individual user.

Open the Active Directory Users And Computers snap-in.
Click the View menu and make sure that Advanced Features is selected.
Expand the domain and click the Users container in the console tree.
Right-click the Administrator account and choose Properties.
Click the Attribute Editor tab.
Click the Filter button and make sure that Constructed is selected. The attribute you will locate in the next step is a constructed attribute, meaning that the resultant PSO is not a hard-coded attribute of a user; rather, it is calculated by examining the PSOs linked to a user in real time.
In the Attributes list, locate msDS-ResultantPSO.
Identify the PSO that affects the user.
The Domain Admins PSO that you created is the resultant PSO for the Administrator account. Enjoy your reading.

Facebook Apps Money Change (July 2013 Breaking Changes)

Start from this morning untill July 2013 facebook will announce new feature for all user who use one of their social plug in to chaange their notification.

All users need to fix it on time for their use of Apps. Please see the screen shoot for an example to change your apps: 

 Screen 1: 

Screen 2: 

Enjoy your Breaking Changes  From FaceBook. :D