Creating a database in MSSQL using Query

Creating a database with no size limits

CREATE DATABASE <database_name>

Creating a database with size limits

USE master ;
GO
CREATE DATABASE <database name>
ON
( NAME = <mdf_filename>_dat,
FILENAME = ‘<path of mdf file to be saved after creating>’,
SIZE = 10MB,
MAXSIZE = 50MB,
FILEGROWTH = 5 MB)
LOG ON
( NAME = <ldf_filename>_log,
FILENAME = ‘<path of ldf file to be saved after creating>’,
SIZE = 5MB,
MAXSIZE = 25MB,
FILEGROWTH = 5MB ) ;
GO

To create a SQL Server login that uses Windows Authentication using Transact-SQL

In Query Editor, enter the following Transact-SQL command:

CREATE LOGIN <name of Windows User> FROM WINDOWS

GO     

To create a SQL Server login that uses SQL Server Authentication (Transact-SQL)

In Query Editor, enter the following Transact-SQL command:

CREATE USER <new user name> FOR LOGIN <login name>

GO 

Creating User with Password with unchecking Enforce Password Policy 

USE [master]

GO

CREATE LOGIN [<username>] WITH PASSWORD=N'<password>’, DEFAULT_DATABASE=[<database_name>],CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF

GO

Change default database of a login:

alter login <loginname> with default_database = <dbname>;

Create a user in a database for a given login:

use <dbname>;

create user <username> from login <loginname>;

Make an user member of db_owner group:

use <dbname>

exec sp_addrolemember ‘db_owner’, ‘<username>’;

Make a login ‘dbo’ of a database:

alter authorization on database::<dbname> to <loginname>;

Adding db_owner to database roles.

EXEC sp_addrolemember ‘db_owner’,'<username>’

Creating A table:

USE <database_name>;

CREATE TABLE <tablename>

(

XXXX INT NOT NULL PRIMARY KEY,

XXXXX NVARCHAR(30) NOT NULL,

XXXXXX NVARCHAR(30) NOT NULL

);

Enable/Disable Ping Request when firewall is On

Navigate to Start –> Programs -> Administrative Tools –> Windows Firewall with Advanced Security. There you can find one Inbound Rule as “File and Printer Sharing (Echo Request – ICMPv4-In):. Enable this rule to allow ping request or Disable to this rule to deny ping request.

Can’t access ADMIN$ share using a local user account

Method 1: Use Audit mode to edit the registry before you use Sysprep on the image

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

1. Start the computer in Audit mode. To do this, press Ctrl+Shift+F3 at the Windows Welcome screen.
2. Follow these steps to manually edit the registry:
   1. Click Start, type regedit in the Start Search box, and then click regedit.exe in the Programs list.
   2. Locate and then click the following registry subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   3. On the Edit menu, point to New, and then click DWORD Value.
   4. Type LocalAccountTokenFilterPolicy for the name of the DWORD, and then press ENTER.
   5. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
   6. In the Value data box, type 1, and then click OK.
   7. Exit Registry Editor.
3. After you configure the Windows installation, use sysprep /generalize /oobe to reseal the image for deployment.

   Note You may only use Sysprep to reseal an image three times. For more information about how to use images to deploy Windows, see the Windows Automated Installation Kit (WAIK) documentation.

Method 2: Edit the registry automatically during an unattended installation

Create an Unattended answer file (Unattend.xml) for unattended installation. This file uses the REG ADD command to edit the registry during the installation. Add the REG ADD command as a RunSynchronous command in the AuditUser pass or in the oobeSystem pass. Or, add the REG ADD command as a FirstLogonCommand in the oobeSystem pass. For example, the REG ADD command line may resemble the following:

 cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

You can also use the REG IMPORT command. However, the .reg file that is to be imported must be available on the system when the command is run. You can use the $oem$ functionality to put the file on drive C.

The REG IMPORT command line may resemble the following:

Cmd /c reg import c:\test.reg

For more information, see the WAIK documentation.

Note The AuditUser pass, the oobeSystem pass, and the FirstLogonCommand pass run at elevated levels. Commands that are scripted during these sections of the unattended installation are run by using full administrative credentials.

SSL Host Headers in IIS 7

1. Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0).

2. Once the certificate is installed into IIS, bind it to the first site on the IP address.

3. Open the command prompt by clicking the start menu and typing “cmd” and hitting enter.

4. Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line.

5. In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines):

appcmd set site /site.name:”<IISSiteName>” /+bindings.[protocol=’https’,bindingInformation=’*:443:<hostHeaderValue>‘]

Replace <IISSiteName>  with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)

6. Test each website in a browser. It should bring up the correct page and show the lock icon without any errors. If it brings up the web page of the first IIS site, then SSL Host Headers haven’t been set up correctly.

Move or copy an SSL certificate from a Windows server to another Windows server

If you have multiple Windows servers that need to use the same SSL certificate, such as in a load-balancer environment or using a wildcard or UC SSL certificates, you can export the certificate to .pfx file andimport it on a new Windows server. This may also be necessary when you switch hosting companies. We will go over the exact process with step-by-step instructions in this article. If necessary, you can copy the SSL certificate to an Apache or other type of server.

We will assume that you have already successfully installed the SSL certificate on one Windows web server. You will follow these steps to move or copy that working certificate to a new server:

1. Export the SSL certificate from the server with the private key and any intermediate certificates into a .pfx file.
2. Import the SSL certificate and private key on the new server.
3. Configure your web sites to use them in IIS.

On a Windows server you will need to export your certificate from the MMC console to a .pfx file with your private key. You can then copy that .pfx file to the new Windows server and import it. The following screenshots are from a Windows Server 2008 machine but any differences for Windows Server 2003 are noted.

Export the certificate from the Windows MMC Console

Note: These instructions will have you export the certificate using the MMC console. If you have Windows Server 2008 (IIS7) you can also import and export certificates directly in the Server Certificates section in IIS. Click here to hide or show the images

1. Click on the Start menu and click Run.
2. Type in mmc and click OK.
3. Click on the File menu and click Add/Remove Snap-in…
4. If you are using Windows Server 2003, click on the Add button. Double-click on Certificates.
5. Click on Computer Account and click Next.
6. Leave Local Computer selected and click Finish.
7. If you are using Windows Server 2003, click the Close button. Click OK.
8. Click the plus sign next to Certificates in the left pane.
9. Click the plus sign next to the Personal folder and click on the Certificates folder. Right-click on the certificate you would like to export and select All Tasks and then Export…
10. In the Certificate Export Wizard click Next.
11. Choose “Yes, export the private key” and click Next.
12. Click the checkbox next to “Include all certificates in the certification path if possible” and clickNext.
13. Enter and confirm a password. This password will be needed whenever the certificate is imported to another server.
14. Click Browse and find a location to save the .pfx file to. Type in a name such as “mydomain.pfx” and then click Next.
15. Click Finish. The .pfx file containing the certificates and the private key is now saved to the location you specified.

Import the certificate in the Windows MMC Console

After you have exported the certificate from the original server you will need to copy the .pfx file that you created to the new server and follow these import instructions.

1. Click on the Start menu and click Run.
2. Type in mmc and click OK.
3. Click on the File menu and click Add/Remove Snap-in…
4. If you are using Windows Server 2003, click on the Add button. Double-click on Certificates.
5. Click on Computer Account and click Next.
6. Leave Local Computer selected and click Finish.
7. If you are using Windows Server 2003, click the Close button. Click OK.
8. Right-click on the Personal folder and select All Tasks and then Import…
9. In the Certificate Import Wizard click Next.
10. Click the Browse button and change the file type from “X.509…” to “Personal Information Exchange (*.pfx, *.p12)”. find the .pfx file that you copied over and click Open and then Next.
11. Enter the password that you set when you exported the .pfx file and click “Mark this key as exportable” so you can export the certificate from this machine as well as the original. Click Next.
12. Click “Automatically select the certificate store based on the type of certificate” and click Next.
13. Click Finish to complete the wizard.
14. You can now click the Refresh button in the toolbar to refresh and find your certificate in the Certificates folder under Personal. You can verify that it was imported correctly by double-clicking it and looking for “You have a private key that corresponds to this certificate” at the bottom of the certificate dialog.
15. Close the MMC console. You do not need to save any changes.

After you have imported the .pfx file, you will either need to assign the certificate in IIS, enable the certificate for the services you need in Exchange or select the certificate in any other software that you are using. Because IIS is the most common place to use SSL certificates, we have included the instructions for assigning a website to use the new certificate in IIS 6 (Windows Server 2003). If you have Windows Server 2008, just follow the binding part of the IIS 7 SSL Certificate Installation instructions.

1. In IIS, right-click on the website that needs the certificate and click on Properties.
2. Click the Directory Security tab and click on the Server Certificate button to run the server certificate wizard.
3. If you already have a certificate on that website you will need to remove it and then start the wizard again.
4. Click “Assign an existing certificate” and click Next.
5. Select the new certificate that you just imported and click Next.
6. Click Finish. You may need to restart IIS for the certificate to start working with the assigned website.

While there are several steps in the process, moving an SSL certificate from one Windows server to another is an easy task. It involves exporting a working SSL certificate from the MMC console to a .pfx file which contains the certificates and private key and then importing that file in the MMC console of the new or additional server. You will then need to assign or bind the certificate to a website in IIS in order to start using it on a website. If you need to move your SSL certificate to or from a different type of server, select the server type on our main SSL Certificate Import/Export Page

How to Move or Copy an SSL Certificate from one server to Another

Do you have multiple servers that need to use the same SSL certificate? This is very common in an environment where a load-balancer is used to share the load of a website across several different servers. This is also becoming more common as wildcard certificates and UC SSL certificates increase in popularity because they enable a single certificate to work on multiple different domains or subdomains using SSL Host Headers.

What about when you set up a new server or switch hosting companies? How do you move the current SSL certificate to the new server? What if you need to move it to a different type of server? The answers to all of those questions are contained in the following pages. Essentially, you will export SSL certificates from the server that they are currently installed on, move SSL certificates to the new server, and then import SSL certificates on the new server.

Keep in mind that many certificate authorities, require that you purchase a “server license” for each server that you install an SSL certificate to, even if it uses the same private key. And speaking of private keys, it is slightly less secure to copy the SSL certificate and use the same private key on a different server. If an attacker breaks into one server and gets the private key, he will be able to listen in on the connections that other servers are making.

We will assume that you have already successfully installed the SSL certificate on one web server. You will follow these steps to move or copy that working certificate to a new server:

1. Export the SSL certificate from the server with the private key and any intermediate certificates.
2. Convert the certificate to a different format if you are putting it on a different type of server.
3. Import the SSL certificates and private key on the new server and configure your sites to use them.

Now on to the instructions. What would you like to do?

• Move or copy an SSL certificate from a Windows server to another Windows server
• Move or copy an SSL certificate from a Windows server to an Apache server
• Move or copy an SSL certificate from an Apache server to a Windows server
• Move or copy an SSL certificate from an Apache server to another Apache server
• Move or copy an SSL certificate from a Tomcat/Java server to an Apache server

Exporting/Backing Up to a .pfx File

Exporting/Backing Up to a .pfx File

1. On the Start menu click Run and then type mmc.
2. Click File > Add/Remove Snap-in.
3. Click Certificates > Add.
4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
6. Right-click on the certificate you want to backup and select ALL TASKS > Export.
7. Choose Yes, export the private key and include all certificates in certificate path if possible.
   Warning: Do not select the delete private key option.
8. Leave the default settings and then enter your password if required.
9. Choose to save the file and then click Finish. You should receive an “export successful” message. The .pfx file is now saved to the location you selected.

Importing from a .pfx File

1. On the Start menu click Run and then type mmc.
2. Click File > Add/Remove Snap-in.
3. Click Certificates > Add.
4. Select Computer Account and then click Next. Select Local Computer and then click Finish. Then close the add standalone snap-in window and the add/remove snap-in window.
5. Click the + to expand the certificates (local computer) console tree and look for the personal directory/folder. Expand the certificates folder.
6. Right-click on the certificate you want to backup and select ALL TASKS > Import.
7. Follow the certificate import wizard to import your primary certificate from the .pfx file. When prompted, choose to automatically place the certificates in the certificate stores based on the type of the certificate.

Enabling a New Certificate on a Server

1. On the Start menu, click Administrative Tools > Internet Information Services (IIS) Manager.
2. In the IIS Manager, click the server name.
3. Expand the sites folder.
4. Select the site that you want to secure (usually the default website).
5. On the actions menu in the edit site section, click Bindings.
6. In the site bindings window, click Add. If a binding for https already exists, select the https binding and click Edit.
7. Fill out the information in the add site binding window. In the type drop-down choose https. Set the IP address to the IP address of the site or choose all unassigned. The port for SSL traffic is usually 443. Enter the recently imported certificate in the SSL Certificate field.
8. Click OK. Your SSL Certificate is now installed and the website is configured to accept secure connections. You may have to restart IIS or the server for it to recognize the new certificate.

DHCP In Manual IP Allocation

I had faced an issue in some of my Windows 7 PCs. After allocation of manual IP Address also, some of the PCs are getting APIPA and those saying DHCP is enabled. To avoid this I followed the following steps.

1. Open the cmd with Administrative Rights

2. Run the command netsh interface ipv4 show inter at command prompt

It will show the interfaces of your PC. One will be loopback adapter and other will be the NIC card of your PC. Kindly note down the Idx number of the Local Area Connection. In the next step we have to fix this number to the Local area connection.

3. Run the command netsh interface ipv4 set interface <idx number> dadtransmit = 0 store = persistent at command prompt.

4. Go to services.msc and disable the DHCP client service.

5. Restart the machine and now the problem is sovled.

Enabling multiple remote sessions in Windows 2008 and Windows 2012.

Problem

Server 2012/2008 R2 unlike their predecessors, comes with the multiple remote desktop session restriction enabled. If you are only connecting to a server for remote administration purposes that can get a bit annoying, especially if you have a generic administrative account that multiple techs are using, and you keep kicking each other off the server.

Just as with earlier versions of Windows server you CAN have two RDP sessions at any one time, the restriction is one logon for one account. Thankfully you can disable the restriction and there are a number of ways to do so.

Solution

Server 2008 R2 Option 1: Enable Multiple RDP sessions from TSCONFIG

Note: tsconfig.msc does not work on Windows Server 2012

1. On the server, click Start and in the search/run box type tsconfig.msc{enter}. Locate “Restrict each user to a single session” Right click > Properties.

2. Remove the tick from “Restrict each user to a single session” > Apply > OK.

Server 2012 and 2008 R2 Option 2: Enable Multiple RDP sessions via the registry

1. Start > in the search/run box type regedit {enter} > Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

Locate the fSingleSessionPerUservalue>Set it to 0 (Multiple sessions allowed), or 1 (Multiple sessions NOT allowed).

Server 2012 and 2008 R2 Option 3: Enable Multiple RDP sessions via Local Policy

1. Start > in the search/run box type gpedit.msc {enter}.

2. Navigate to:

Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting.

3. To enable multiple sessions set the policy to disabled > Apply > OK.

Server 2012 and 2008 R2 Option 4: Enable Multiple RDP sessions via Group Policy

1. On a domain controller > Start > in the search/run box type gpmc.msc {enter}.

2. Either edit an existing GPO that’s linked to your COMPUTERS, or create a new one and give it a sensible name.

3. Navigate to:

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate the “Restrict Remote Desktop Services users to a single Remote Desktop Services session” setting.

4. To enable multiple sessions set the policy to disabled > Apply > OK.

5. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Another Method we Have:

 Disable Multiple RDP Sessions

1. Log into the server using Remote Desktop.
   • In Windows 2008 R2
     • Click Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
   • In Windows 2008
     • Click Start > Administrative Tools > Terminal Services >Terminal Services Configuration.
2. Double click Restrict Each User to a Single Session.
3. Check Restrict each user to a single session.

Enable Multiple RDP Sessions

1. Log into the server using Remote Desktop.
   • In Windows 2008 R2
     • Click Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
   • In Windows 2008
     • Click Start > Administrative Tools > Terminal Services >Terminal Services Configuration.
2. Double click Restrict Each User to a Single Session.
3. Uncheck Restrict each user to a single session.
4. Click OK.