Account Management Event ID 642 Anonymous Logon

There are more one one DCs (DC1 and DC2, DC1 is the PDC Emulator) in a domain.  An administrator changes an AD user account attribute, e.g. changing password/unlocking account, on DC2.

On DC2, two security events (628 (for password reset) and 642) are logged with the administrator user id.  On DC1 (the PDC emulator), only one event (642) is logged with NT Authority\Anonymous Logon.

I agree the event ID 642 on DC1 is created by the replication of the changes to the DC holding the PDC Emulator role.  Sometimes, I also see this happened on a non PDC Emulator DC.

Research:
http://social.technet.microsoft.com/Forums/en/winserverDS/thread/bf847f47-5637-453a-8752-9b985f8118f7

http://social.technet.microsoft.com/Forums/en/winserverDS/thread/65703372-53a6-434a-a9fb-0ad03ab9132c

Microsoft Remote Desktop Connection Manager (RDCMan)

http://msexchangeteam.com/archive/2010/06/11/455115.aspx

or Remote Desktop Manager: http://remotedesktopmanager.com/

Delete File Name Includes An Invalid Name

http://support.microsoft.com/kb/320081
del "\\?\c:\path_to_file_that contains a trailing space.txt "

subinacl /onlyfile "\\?\c:\path_to_problem_file" /setowner=domain\administrator /grant=domain\administrator=F

Or

rmdir /s <drive:><path>

Reset Windows Password

• Change or Reset Windows Password from a Ubuntu Live CD
• Ophcrack

Install SQL 2008 RTM on Windows Server 2008 R2

1. Install SQL 2008 SP1 (this will only install the SQL setup support file)
2. Install .NET Framework 3.5.1 feature through Server Manager, Features, Add Features
3. Install SQL 2008
4. Install SQL 2008 SP1