How To Remove The Root Hints from Windows DNS

I ran into a problem while I was locking down a Windows DNS server where I would remove the root hints, but they would keep coming back. I first thought it was because of the "root hints" updates that Microsoft releases every so often. In reality, it was because the root entries were listed in the %windir%\system32\dns\cache.dns file. If you comment out those root hints with a semicolon (including the lines that start with a period (.)), then remove the root hints from your DNS server properties in the DNS Manager MMC snap-in. They should stay away. An example of the cache.dns file after it's been commented out is below.

Configuring a CRM Email Router to Run Under a Domain Service Account

If you tried running the CRM 2011 email router under a domain service account, you probably ran into some issues. Please, do not take the easy way out and make the account an administrator, you can give it the rights it needs without going to that extent.

The first thing it needs is the "log on as service" user right, but it should get that granted when you configure the service to run under your service account in services.msc. So, I'm going to assume that's already taken care of.

Disable Weak SSL Ciphers and Protocols in Windows, IIS, ISA, TMG & UAG

You should disable the weak SSL ciphers and protocols that are riddled with vulnerabilities and security flaws on any Microsoft Windows server running IIS, ISA, TMG and UAG.

The resolution for this weakness is rather simple. Merge the data below into your registry and reboot. That's it.

The easiest way to do that is to copy the text from the white box below, past it into notepad and save the file with a ".reg" extension (make sure to change the "Save as type" to "All Files". Backup your registry, then right-click the file and select "merge". Click "Yes" and you are done. If you are running UAC, you need to click "yes" twice.