DFS is a very interesting Microsoft Server feature that give you the ability to replicate and aggregate shared folders (integrated in Windows domain too) on different sites and with differential approach about bandwidth saving feature.
In case we would like to replicate same data on different location and we would be sure that only a person can modify single file we should, in this case, advice all the other users that would like to modify that file that (on different geographical server with same replica data) it can be opened only in read only mode.
I got notify that this software can do that job, here is relative link (it is not for free)
http://www.peersoftware.com/products/sync-backup/peersync-for-servers.html
2008/2012 - Read-Only Domain Controller (RODC)
From this Veeam article I copy and past some parts that quickly explain 2008/2012 RODC Feature:
http://www.veeam.com/blog/read-only-domain-controller-rodc-configuration-active-directory-best-practices.html
Traditional, old-school, writable domain controllers are deployed at ROBO sites so IT admin can resolve application performance. See Figure 1. This practice prevents authentication traffic from traversing the WAN (wide area network) and delays in response times. As a result, things look and feel just like the customer is seated at the main headquarters location. Unfortunately, this practice creates huge security vulnerabilities! Imagine if an unwanted, mischievous user gains physical or virtual access to the network, bidirectional replication would allow this guest to make changes that could severely impact the ENTIRE AD (active directory) forest.
A good resolution it could be the following:
http://www.veeam.com/blog/read-only-domain-controller-rodc-configuration-active-directory-best-practices.html
Traditional, old-school, writable domain controllers are deployed at ROBO sites so IT admin can resolve application performance. See Figure 1. This practice prevents authentication traffic from traversing the WAN (wide area network) and delays in response times. As a result, things look and feel just like the customer is seated at the main headquarters location. Unfortunately, this practice creates huge security vulnerabilities! Imagine if an unwanted, mischievous user gains physical or virtual access to the network, bidirectional replication would allow this guest to make changes that could severely impact the ENTIRE AD (active directory) forest.
A good resolution it could be the following:
In Windows Server 2008, Microsoft introduced the concept of a Read-Only Domain Controller (RODC), this allows IT to deploy AD Domain Services remotely at branch offices, without having the security worries that traditional writable domain controllers present. See Figure 2. RODCs offer inbound, *unidirectional replication and maintain a local read-only copy of all AD data and the SYSVOL folder. This benefits IT greatly because:
- It mitigates and helps remove replication concerns if a mischievous guest user gains physical or virtual access to the infrastructure
- It prevents accidental deletion of AD objects and/or the SYSVOL by admin within the branch office
- It prevents rogue applications, such as a virus, malware, spyware, from making changes to the AD schema.
*For more on Read-Only domain controllers, unidirectional replication and their benefits, visit: Microsoft TechNet.
Windows Server 2012 and higher versions simplify the deployment process by leveraging Server Manager instead of the deprecated DCPromo utility. After installing the basic AD domain services, you will immediately be prompted to take additional steps if you require the server (a VM) to become a domain controller.
Once you click Promote this server to a domain controller and choose Add to an existing forest, you'll check the checkbox called Read only domain controller (RODC) to promote the DC to a RODC
Tips - How to find uninstallation string on register and manually uninstall application
If you are facing problems to uninstall an application that is not visible in add remove program, or for any other sort of problems, here is procedure to find register uninstallation string and proceed to uninstall it via .cmd:
Server - Royal TS latest free version to connect via remote Desktop to Servers or mRemote Free RDP Version
Royal Ts is nice tool (it is not free) to have a single point to connect to server in RDP without need to open plenty of windows and overriding user and password insert every time that you connect to servers.
Here is latest free version
Here is latest free version
Version 1.5.x Downloads (Freeware):
All previsious version can be found on this link:
Latest version (you need to pay to use it) is:
Royal TS v Version 3.1.4
http://www.royalapplications.com/ts/win/features
<-------->
A good alternative it is utilizing mRemote that is free (but if I am not wrong software is no longer updated) but it work excellently in any case
http://www.mremoteng.org/home
mRemoteNG supports the following protocols:
- RDP (Remote Desktop/Terminal Server)
- VNC (Virtual Network Computing)
- ICA (Citrix Independent Computing Architecture)
- SSH (Secure Shell)
- Telnet (TELecommunication NETwork)
- HTTP/HTTPS (Hypertext Transfer Protocol)
- rlogin
- Raw Socket Connections
Tips - Split large files with 7Zip
I would like to say that, split large file procedure, is very easy but I take note and mainly I share it in case someone did not know that.
Here they are steps that you should take care:
1. Download and install 7 zip
7-Zip 9.20 (64-bit)
7-Zip 9.20 (32-bit)
2. Right click on file that you would like to split like screenshots and decide destination size.
Here they are steps that you should take care:
1. Download and install 7 zip
7-Zip 9.20 (64-bit)
7-Zip 9.20 (32-bit)
2. Right click on file that you would like to split like screenshots and decide destination size.
3. Finally Click Ok
Security - Netwrix Tools auditing, security and monitoring
I would like to highlight these Netwrix tools.
These tools here indicated are free about auditing, security and monitoring.
Here they are with a brief feature summarization:
These tools here indicated are free about auditing, security and monitoring.
Here they are with a brief feature summarization:
Change Auditing Tools
Be notified of changes as they occur. Seeing what objects and attributes have been changed is as simple as opening your email.
| Free Tool | Track Changes Made to: |
|---|---|
| Netwrix Change Notifier for Active Directory | Active Directory users, groups and group membership, computers, organizational units and permissions |
| Netwrix Change Notifier for Exchange | Exchange Server configurations and permissions |
| Netwrix Change Notifier for Group Policy | GPOs, GPO links, audit policy, password policy, software deployment |
| Netwrix Change Notifier for File Servers | Files, folders, shares, and permissions on your Windows-based file servers |
| Netwrix Change Notifier for SQL Server | SQL instance configuration, database creation and deletion, changes to database users, roles and schemas |
| Netwrix Change Notifier for VMware | VMware host and virtual machine settings, creation and deletion of virtual machines |
| Netwrix Change Notifier for Windows Server | Windows Server configuration, including installed software and hardware, local security settings, and registry settings |
Password and Identity Management Tools
Netwrix Account Lockout Examiner: Alert your help desk staff about lockout events and troubleshoot account lockouts, analyzing potential causes. Accounts can be unlocked within the console, a Web-based interface or via a mobile device.
Netwrix Bulk Password Reset: Change passwords in bulk across a domain, a subset of computers, or your local machine.
Netwrix Inactive User Tracker: Report on accounts that have been inactive for a specified number of days.
Netwrix Password Expiration Notifier: Automatically send email notifications to your users letting them know their password is about to expire.
Netwrix Password Manager: Empower users to reset forgotten passwords and unlock their accounts through a Web-based, self-service portal without calling the IT help desk. Supports up to 100 users!
Systems Management Tools
Netwrix Disk Space Monitor: Be alerted in real-time via email when disk space falls below certain thresholds on one or more of your servers.
Netwrix Event Log Manager: Collect, alert and report on events from the Windows servers across your network.
Netwrix Service Monitor: Monitor services on multiple servers simultaneously and be alerted via email when one or more services stop unexpectedly. Optionally, automatically restart monitored services ensuring maximum uptime.
DigitalOcean Cloud Alternative
I would like to highlight this Cloud service that is particularly good and with nice prices.
An interesting alternative to Azure and any other Cloud services.
https://www.digitalocean.com/
Consider that:
1. All plans are standard with solid state drives (SSD)
2. a flexible API, and the ability to select the nearest data center location
3. About any question and pricing here is FAQ Link https://www.digitalocean.com/help/
An interesting alternative to Azure and any other Cloud services.
https://www.digitalocean.com/
Consider that:
1. All plans are standard with solid state drives (SSD)
2. a flexible API, and the ability to select the nearest data center location
3. About any question and pricing here is FAQ Link https://www.digitalocean.com/help/
2012 Server - DFS and enhancements on windows 2012
About DFS I found this article (that I hope to read completely when I will have some time) that, after a quick read, seems to be very interesting.
It explains DFS Theory and Windows 2012 enhancement on that field, here it is:
http://blogs.technet.com/b/filecab/archive/2012/11/12/dfs-replication-improvements-in-windows-server-2012.aspx
It explains DFS Theory and Windows 2012 enhancement on that field, here it is:
http://blogs.technet.com/b/filecab/archive/2012/11/12/dfs-replication-improvements-in-windows-server-2012.aspx
Software - Filehippo App one click program to upgrade old software
On internet there are plenty websites and application that give you opportunity to check new software release and let you download them.
During these years I often browse www.filehippo.com searching for new softwares releases and so I would like to highlight FileHippo App Manager application
http://www.filehippo.com/download_app_manager/
Filehippo App Manager check every day your most critical applications on your pc (and usually utilized from virus and malware using well known vulnerabilities to increase attack surface on your Microsoft O.S.) like Flash Player, Java, Adobe and Foxit Reader....
Every day you are prompted about new software releases and with one click button you will install that smoothly without too many user interaction.
It is simple and useful at the same time.
During these years I often browse www.filehippo.com searching for new softwares releases and so I would like to highlight FileHippo App Manager application
http://www.filehippo.com/download_app_manager/
Filehippo App Manager check every day your most critical applications on your pc (and usually utilized from virus and malware using well known vulnerabilities to increase attack surface on your Microsoft O.S.) like Flash Player, Java, Adobe and Foxit Reader....
Every day you are prompted about new software releases and with one click button you will install that smoothly without too many user interaction.
It is simple and useful at the same time.
Antivirus - How To restore Internet connection after Virus/malware action - AdwCleaner
If you had problems, removing Virus/Malware, and internet connection is no more working properly I found that this tool worked fine for me. (against Hijacker problems)
AdwCleaner.
AdwCleaner.
AdwCleaner is a free removal tool for :
- Adware (ads softwares)
- PUP/LPI (Potentially Undesirable Program)
- Toolbars
- Hijacker (Hijack of the browser's homepage)
It works with a Search and Delete mode. It can be easily uninstalled using the mode "Uninstall".
It's compatible with Windows XP, Vista, 7, 8, 8.1, 10 in 32 & 64 bits.
https://toolslib.net/downloads/finish/1/
https://toolslib.net/downloads/finish/1/
Security - Netwrix tool about lockout account and relative alerting
Netwrix Account Lockout Examiner
How many help desk calls do you get from users asking for someone to unlock their accounts? How much time does the administrative staff spend just handling account lockout issues? Loss of productivity, frustrated users, and a huge administrative burden are just some of the inevitable results of implementing a strong password policy, which is required by security and compliance regulations. Should you just give in to user complaints, or is there a better way to keep strong security requirements and effectively resolve account lockouts at the same time?
Native tools lack many features and capabilities that administrators and help desk staff need to effectively resolve account lockouts (downloadSummary: Limitations of Microsoft Account Lockout and Management Tools to learn more).
Netwrix Account Lockout Examiner will help you to:
- Identify account lockouts in real time: Should an account lockout happen, all operators will receive an email alert with an optional link to a web-based console for quick access to account details and operations. Email alerts can be configured to be triggered only when specified accounts are locked out.
- Troubleshoot account lockouts: The lockout investigation engine of Netwrix Account Lockout Examiner will do its best to help you find the potential cause of account lockouts, such as mapped network drives, services and scheduled tasks running under stale credentials, disconnected remote desktop sessions, processes running under a locked account, etc.
- Proactively resolve account lockouts: The product allows you to unlock accounts quickly via a web-based console or even by email from your mobile device.
- Deal with consequences of Conficker/Downadup virus.
The Freeware Edition has limited functionality but never expires. The table below summarizes features available in each edition.
| Feature | Freeware Edition | Enterprise Edition |
| Detect account lockouts in real time | Yes | Yes |
| Notify administrators about lockouts | Yes | Yes |
| Analyze the network for possible account lockout reasons, such as system services, scheduled tasks, mapped network drives, and more | Yes | Yes |
| Unlock accounts | Yes | Yes |
| Reset passwords | Yes | Yes |
| Role-based security for delegated help desk operator access | No | Yes |
| Help-Desk Portal for web access | No | Yes |
| Price | Free | $10,000 site license |
Backups - How to backup remote clients part 1/2 - .PST files with Outlook opened or any soft of locked files
There is an interesting command line tool that give the ability to backup .pst files with outlook on, any locked files or opened and finally all pcs files to a different location.
This tool is Hobocopy:
https://github.com/candera/hobocopy/downloads
You should consider that there is a Hobocopy GUI with graphical interface:
At the end of acticle I proceed to copy and paste relative binaries but you must take really care about O.S. version (32 bit, 64 bit and 7/8/10 or XP) and verify that visual C++ is installed in correct versioning on clients.
These are main procedure that we implemented (without too much details) too centralize client .pst backups.
During next weeks I am intending to create a second article and explain (without excessive details) ho to centralize real time backups on client about files that are not locked to remote share.
1. You need to create a .vbs script that memorize on each pcs .pst location and name and user name that utilize that particular pcs/laptop. (it must be executed with local user permissions).
This .vbs could be executed with SCCM 2007/2012 package or with a client scheduled task that can be passed through GPO too.
2. Secondary you need to create a second .vbs that read precedent information on client on .txt file and that execute hobocopy to backing up user's .pst to remote shared folder.
In this specific case you should verify if in that moment pcs is in correct lan (to avoid bandwidth saturation), utilize BITS in any case, verify with md5 if local pst changed size from the one that is already backup up on remote file server, write verbose logs.
In this case you should create a second SCCM 2007/2012 package and it could run with or without user logged in (with administrative rights), infact hobocopy utilize VSS.
An alternative it could be to remote execute scripts (that you should copy in a particolar folder of each pcs) utilizing psexec from a single location/server and schedule that periodically.
In my opinion SCCM is great about that but you could evaluate pdq too or psexec.
Here they are some useful blogs articles about these arguments.
About .vbs I would prefer to do not share them but they are really easy to be implemented.
Software - PDQ Inventory and Deploy
http://www.alessandromazzanti.com/2015/09/software-pdq-inventory-and-deploy.html
hobocopy-unstable-32bit-20110505-01.zip — Interim release of hobocopy for 32-bit machines running W2K3, Vista, Win7
This tool is Hobocopy:
https://github.com/candera/hobocopy/downloads
You should consider that there is a Hobocopy GUI with graphical interface:
At the end of acticle I proceed to copy and paste relative binaries but you must take really care about O.S. version (32 bit, 64 bit and 7/8/10 or XP) and verify that visual C++ is installed in correct versioning on clients.
These are main procedure that we implemented (without too much details) too centralize client .pst backups.
During next weeks I am intending to create a second article and explain (without excessive details) ho to centralize real time backups on client about files that are not locked to remote share.
1. You need to create a .vbs script that memorize on each pcs .pst location and name and user name that utilize that particular pcs/laptop. (it must be executed with local user permissions).
This .vbs could be executed with SCCM 2007/2012 package or with a client scheduled task that can be passed through GPO too.
2. Secondary you need to create a second .vbs that read precedent information on client on .txt file and that execute hobocopy to backing up user's .pst to remote shared folder.
In this specific case you should verify if in that moment pcs is in correct lan (to avoid bandwidth saturation), utilize BITS in any case, verify with md5 if local pst changed size from the one that is already backup up on remote file server, write verbose logs.
In this case you should create a second SCCM 2007/2012 package and it could run with or without user logged in (with administrative rights), infact hobocopy utilize VSS.
An alternative it could be to remote execute scripts (that you should copy in a particolar folder of each pcs) utilizing psexec from a single location/server and schedule that periodically.
In my opinion SCCM is great about that but you could evaluate pdq too or psexec.
Here they are some useful blogs articles about these arguments.
About .vbs I would prefer to do not share them but they are really easy to be implemented.
<-------->
Software - PDQ Inventory and Deploy
http://www.alessandromazzanti.com/2015/09/software-pdq-inventory-and-deploy.html
Tips - how to migrate PDQ deploy and PDQ inventory to another server
Server - PDQ Deploy utility per monitorare la rete ed installare software
SCCM 2007 all blog's articles
SCCM 2012 all blog's articles
PSexec - How to execute remote commands about .vbs, .exe, microsoft patch installation...
Scripting - Eseguire .vbs ed installazioni programmi su pc remoti in un dominio o un workgroup con PSEXEC
Scripting - Installare patch su client remoti in automatico
Tips - Abilitare il Remote Desktop su un server remoto con psexec
Scripting - Eseguire comandi remoti sui pc in rete con PSEXEC
Hacker - Rendere l'utente SYSTEM super amministratore del sistema anche su Windows Patchati con PSEXEC
<-------->
hobocopy-unstable-32bit-20110505-01.zip — Interim release of hobocopy for 32-bit machines running W2K3, Vista, Win7
627KB · Uploaded
hobocopy-unstable-XP-32bit-20110505-01.zip — Interim release of hobocopy for 32-bit machines running XP
hobocopy-unstable-64bit-20110505-01.zip — Interim release of hobocopy for 64-bit machines running W2K3, Vista, Win7
vcredist-2010_x86.exe — 32-bit Visual C++ runtime. Needed for 32-bit versions of hobocopy *after* 1.0
vcredist-2008_x86.exe — The Visual C++ runtime redistributable, 32-bit (x86) version. Needed for the 32-bit version of hobocopy 1.0.
vcredist-2008_x64.exe — The Visual C++ runtime redistributable, 64-bit (x64) version. Needed for the 64-bit version of hobocopy 1.0.
Software - PDQ Inventory and Deploy
PDQ inventory and Deploy is a very poor version of SCCM and client-less at the same time.
I warmly prefer SCCM but due to fact that PDQ is easier, cheaper and with less server resources requirements PDQ can be good a choice as alternative. (there is a free version too with less features)
Download:
http://www.adminarsenal.com/download-pdq
Here they are some feature about that:
PDQ Deploy is a software deployment tool that allows admins to silently install almost any application or patch.
Its features include:
- Integrates with Active Directory, Spiceworks, PDQ Inventory, and more
- Install to multiple computers simultaneously
- Real-time status
- Install just about anything
- Agentless
PDQ Inventory scans and reports software, hardware, and OS configurations for your Windows network.
Its features include:
- Scanning for installed software and hardware on each computer
- Create reports on what's installed on your network
- Organize computers into collections that make sense to you
- Really cool admin tools allow you to perform tasks on your computers
- Integration with PDQ Deploy
Here they are product comparisation.
I warmly prefer SCCM but due to fact that PDQ is easier, cheaper and with less server resources requirements PDQ can be good a choice as alternative. (there is a free version too with less features)
Download:
http://www.adminarsenal.com/download-pdq
Here they are some feature about that:
PDQ Deploy is a software deployment tool that allows admins to silently install almost any application or patch.
Its features include:
- Integrates with Active Directory, Spiceworks, PDQ Inventory, and more
- Install to multiple computers simultaneously
- Real-time status
- Install just about anything
- Agentless
PDQ Inventory scans and reports software, hardware, and OS configurations for your Windows network.
Its features include:
- Scanning for installed software and hardware on each computer
- Create reports on what's installed on your network
- Organize computers into collections that make sense to you
- Really cool admin tools allow you to perform tasks on your computers
- Integration with PDQ Deploy
Here they are product comparisation.
PDQ Deploy Comparison
PDQ Deploy Free, Pro, and Enterprise Features
| Features | Free Mode | Pro Mode | Enterprise |
| Deploy Applications and Patches |  | | |
| Works with MSI, EXE, Batch, and more. | | | |
| Deploy PowerShell & VB Script | | | |
| Deploy to PDQ Inventory, Spiceworks, AD | | | |
| Basic level Package Library Access1 | | | |
| Schedule Deployments | | | |
| Create Multiple Step and Chained (Nested) Packages | | | |
| Integrate with Custom Tools & Scripts | | | |
| Set Automatic Inventory Scan After Deployments 2 | | | |
| Throttle Bandwidth | | | |
| Status Email After Deployments | | | |
| Wake-On-LAN & Heartbeat Schedule | | | |
| Setup Recurring Deployments | | | |
| Independent Schedules | | | |
| Multi-user capable (package sharing) | | ||
| Full access to Package Library (See list) | | ||
| Auto Deployment of Library Packages | | ||
| Retry Queue | |
related pdq and sccm articles:
Tips - how to migrate PDQ deploy and PDQ inventory to another server
Server - PDQ Deploy utility per monitorare la rete ed installare software
Tips - Windows 7/8/10 Offline files not removed after Offline folder feature disablinig
On Windows 7/8/10 if you disabled offline folder feature but cached files are allways in this folder:
c:\windows\CMC and take space you can follow this Microsoft Articlet ore download Fix It tool.
https://support.microsoft.com/en-us/kb/942974
or you download it from this link:
http://go.microsoft.com/?linkid=9754190
c:\windows\CMC and take space you can follow this Microsoft Articlet ore download Fix It tool.
https://support.microsoft.com/en-us/kb/942974
or you download it from this link:
http://go.microsoft.com/?linkid=9754190
Subscribe to:
Posts (Atom)