How To Remove The Root Hints from Windows DNS

I ran into a problem while I was locking down a Windows DNS server where I would remove the root hints, but they would keep coming back. I first thought it was because of the "root hints" updates that Microsoft releases every so often. In reality, it was because the root entries were listed in the %windir%\system32\dns\cache.dns file. If you comment out those root hints with a semicolon (including the lines that start with a period (.)), then remove the root hints from your DNS server properties in the DNS Manager MMC snap-in. They should stay away. An example of the cache.dns file after it's been commented out is below.

The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

If you get the following error in the system event logs while trying to start the Distributed Transaction Coordinator service, we can help.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Description: The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

Forceful Demotion of a Dead Domain Controller

If one of your domain controllers dies on you, then you cannot gracefully demote it. So, when this happens there are a few things that you need to do to remove it from the domain and cleanup the mess that this failure created.

The first step is to jump on one of your remaining domain controllers that's running Windows 2003 SP1 or newer.

How to Configure Windows Event Logs as SNMP Traps

There are a lot of different monitoring suites out there that monitor servers by using SNMP traps. If you want to be alerted when a specific error or warning occurs in any of your event logs, you need to configure those events to send an SNMP trap.

To do this, you need to launch %windir%\system32\evntwin.exe to start configuring them. That opens up a window like this.

Powershell Script to Delete Out Temporary Internet Files

If you have a lot of user profiles on a box, the user profiles can start to take up a lot of disk space. This is especially so on a Citrix or terminal services server, but can affect any system where more than a few people logon. I wrote a quick powershell script that can be scheduled to clean these out.

Disable Weak SSL Ciphers and Protocols in Windows, IIS, ISA, TMG & UAG

You should disable the weak SSL ciphers and protocols that are riddled with vulnerabilities and security flaws on any Microsoft Windows server running IIS, ISA, TMG and UAG.

The resolution for this weakness is rather simple. Merge the data below into your registry and reboot. That's it.

The easiest way to do that is to copy the text from the white box below, past it into notepad and save the file with a ".reg" extension (make sure to change the "Save as type" to "All Files". Backup your registry, then right-click the file and select "merge". Click "Yes" and you are done. If you are running UAC, you need to click "yes" twice.