Learn With Sam

Script for Individual Install of IIS (Windows 2012) The following script can be used for installation on the local server: Open a Powershell window as Admin and run the following: Install-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Static-Content,Web-Http-Redirect,Web-Health,Web-Http-Logging,Web-Request-Monitor,Web-Performance,Web-Stat-Compression,Web-Security,Web-Filtering,Web-CertProvider,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-ASP,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Mgmt-Tools,Web-Mgmt-Console,Web-Mgmt-Compat,Web-Lgcy-Scripting,Web-Lgcy-Mgmt-Console,Web-Metabase,Web-WMI,Web-Scripting-Tools Script for Individual Install on a remote server of IIS (Windows 2012) The following script can be used for installation on the remote server (the –ComputerName switch at the end) Install-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web

PS C:\Users\sam> Get-WmiObject Win32_PageFileSetting  -ComputerName 'samcomputer' MaximumSize Name             Caption ----------- ----             -------        4096 d:\pagefile.sys d:\ 'pagefile.sys ' PS C:\Users\sam>

This doesn't require restart since SQL 2014 EXEC sp_configure'max server memory (MB)',209714; GO RECONFIGURE; GO Configuration option 'max server memory (MB)' changed from 25600 to 209714. Run the RECONFIGURE statement to install.

Execute below script in PowerShell window with elevated permissions to check for the disk space of a single server $ServerName = 'SEVERNAME' -- ##Replace the server name here Get-WmiObject -Class Win32_LogicalDisk -Filter "DriveType=3" -ComputerName $ServerName | Select-Object -Property @{n='DriveLetter';e={$PSItem.DeviceID}}, @{n='FreeSpace(GB)';e={"{0:N1}" -f ($PSItem.FreeSpace / 1GB)}}, @{n='TotalSize(GB)';e={"{0:N1}" -f ($PSItem.Size / 1GB)}}, @{n='FreeSpace%';e={"{0:N1}%" -f ($PSItem.FreeSpace / $PSItem.Size * 100)}} | ft -AutoSize  Execute below script in PowerShell window with elevated permissions to check for the disk space of a single server for multiple servers $file = get-Content C:\Users\sam\Documents\computers.txt foreach ( $args in $file) {  Get-WmiObject -Class Win32_LogicalDisk -Filter "DriveType=3" -ComputerName $file | Select-Object -Property @{n = &

BIOS : PERFORMS POWER ON SELF TEST (POST) BIOS : LOADS MBR FROM THE BOOT DEVICE SPECIFIED/SELECTED BY THE BIOS MBR : CONTAINS A SMALL AMOUNT OF CODE THAT READS THE PARTITION TABLE, THE FIRST PARTITION MARKED AS ACTIVE IS DETERMINED TO BE THE SYSTEM VOLUME MBR : LOADS THE BOOT SECTOR FROM THE SYSTEM VOLUME BOOT SECTOR : READS THE ROOT DIRECTORY OF THE SYSTEM VOLUME AT LOADS NTLDR NTLDR : READS BOOT.INI FROM THE SYSTEM VOLUME TO DETERMINE THE BOOT DRIVE (PRESENTING A MENU IF MORE THAN 1 ENTRY IS DEFINED) NTLDR : LOADS AND EXECUTES NTDETECT.COM FROM THE SYSTEM VOLUME TO PERFORM BIOS HARDWARE DETECTION NTLDR : LOADS NTOSKRNL.EXE, HAL.DLL, BOOTVID.DLL (AND KDCOM.DLL FOR XP UPWARDS) FROM THE BOOT (WINDOWS) VOLUME NTLDR : LOADS \WINDOWS\SYSTEM32\CONFIG\SYSTEM WHICH BECOMES THE SYSTEM HIVE HKEY_LOCAL_MACHINE\SYSTEM NTLDR : LOADS DRIVERS FLAGGED AS “BOOT” DEFINED IN THE SYSTEM HIVE, THEN PASSES CONTROL TO NTOSKRNL.EXE NTOSKRNL.EX E: BRINGS UP THE LOADING SPLASH SCREEN AND INITIALIZES THE KERN

If we apply the policy on Site level on (Microsoft.com) forest, it is going to effect on the users of the forest. Let’s see how this is done. Note: No GPO can be created but it can only be linked. Right Click GP Objects, create new Policy. Now that the GPO is created for ‘Removing Run Dialog from Start Menu’ let us try linking it to the Sites. Login as a Domain user (E.g. U1) and hit Ctrl + R you will be thrown with below error.

Secure communication paths that allow objects in one domain to be authenticated and accepted in other domain. Some trusts are automatically created. Parent and child domains trusts each other. Tree root domain trusts forest root domain. Other trusts are manually created. Forest – to – Forest transitive trust relationships can be created in Windows Server 2003, 2008 and Windows 2012 Forests only. TRUST RELATIONSHIPS Trust Category: Transitive and, Non – Transitive Trust Domain A trusting on Domain B and, Domain B trusting on Domain C and, if Domain A automatically trusts Domain C then, it is called Transitive Trust. Domain A trusting on Domain B and, Domain B trusting on Domain C and, if Domain A does not automatically trusts Domain C then, it is called Non - Transitive Trust. Trust Directions: One way incoming  – MICROSOFT users can login in HDFC domain but, HDFC user cannot login into MICROSOFT domain. One way outgoing  – HDFC users can

Group Policy modeling is a great security tool for troubleshooting Group Policy settings and testing GPOs before they are applied with Windows Server 2008. When a user logs in, Windows combines all of the different Group Policies that apply to the user account with those that apply to the computer that the user is logging in from. While this might not sound so bad at first, each level of the Group Policy hierarchy contains many of the same settings. That means there is a potential for the administrative staff to implement contradictory Group Policy settings. In smaller companies, administrators might be able to avoid Group Policy contradictions by using a single GPO, but this usually isn't practical in larger organizations. The problem isn't really the contradictory settings themselves. Windows uses a set of rules to determine which policy setting takes precedence in the event of a contradiction. What can be a problem is figuring out what the effective policy is going t

Flexible single master operation (FSMO) is a Microsoft Active Directory feature that is a specialized domain controller task used when standard data transfer and update methods are inadequate. Tasks that do not suit multimaster replication are only viable as flexible single-master operations. Multimaster models have a number of operators, which are held by a single master. This problem is solved by applying a number of operations to a single domain controller. A single domain controller holds the role for a particular operation and is the single master for that operation. These operation masters are called flexible single-master operations. -  (Source ) For more information, please go through Microsoft' KB on FSMO Multi-Master and Single Master Roles.  (Source) ROLES OF ACTIVE DIRECTORY Transfer of Roles Seize of Roles TRANSFER OF ROLES We recommend that you transfer FSMO roles in the following scenarios: The current role holder is operational and can be accessed on

DFS Replication is a role service in File and Storage Services. It enables you to efficiently replicate folders (including those referred to by a DFS namespace path) across multiple servers and sites. DFS Replication uses a compression algorithm known as remote differential compression (RDC). RDC detects changes to the data in a file, and it enables DFS Replication to replicate only the changed file blocks instead of the entire file. DFS Namespaces enables you to group shared folders that are located on different servers into one or more logically structured namespaces. SCENARIO Let’s assume, in your organization you have 2 departments called Finance and Sales and you have created 2 share folders on 2 different servers. So, users have to access the shares with 2 different UNC paths ( \\sys1\finance\dfs1  and  \\sys2\sales\dfs4  ). It’s very easy to remember 2 shares names but, let’s consider if you have 100 shared folders and users have to remember them or probably would make a n

Active directory recycle bin provides a way to restore deleted objects without ADDS downtime. Uses Power Shell with active directory module or the Active Directory Administrative Center to restore objects. By default it is in DISABLED mode but, once enabled you cannot disable it again unless it is rebuilt or formatted. ENABLING ACTIVE DIRECTORY RECYCLE BIN Login DC and open ADAC console. At left hand side, click on the domain name (E.g. Microsoft.com) and raise the Forest and Domain functional level to WIN 2008 R2 or WIN 2012. Refresh ADAC console and you will find an additional option at your right hand side of the screen called “Enable Recycle Bin” and the click on it. Note: By default it is in DISABLED mode but, once enabled you cannot disable it again unless it is rebuilt or formatted. VERIFICATION After refreshing ADAC console, you’ll find a new folder created called “Deleted Objects”. Now, open AD Users and Computers and try deleting some user

The process of decentralizing management tasks of OU. Assigning management task of an OU to another user or groups. Eases the load of a system administrator by dividing the administration jobs. APPLYING DELEGATION RIGHTS TO OU USERS Login DC as an admin and open ADUC console. Select any OU to which you want to delegate the control to (E.g. MARKETING) and select the user to whom you want to give the control and hit Next. Give him some task you think that he\she can manage and is required in your absence. We will check ‘Create, Delete and manage user accounts’ and finish the wizard. VERIFICATION Login domain controller with M1 account. The reason to login into DC is we get the ADUC console (use CMDLET dsa.msc) only on the DC and not on the client computers. Now, try creating some AD users in MARKETING OU, you will now be able to do that since, you have been given delegation control by system administrator to manage only that particular

If we enable this feature, then you will be able to create a report as a System Administrator to check which users have saved what types of files and how many time did the user attempt to save the restricted files (E.g. Image Files). Basically, this can be used for auditing purpose in your organization so that, you can maintain security and integrity. Now, we will try generating report to check which users have tried to save the restricted file (Image Files) despite you as an Administrator have explicitly asked not to save it. And also, let’s see how many times the user attempted for the same. Open, FSRM services right click on it and select Configure option. Select, File Screen Audit and check Record File Screen. Now that you have check Record File Screen, select Storage Report Management and click Generate Report Now. Check File Screening Audit and move on to the Scope Tab. Click on Add button and chose the HOME folder path (E:\HOME) and select Wait for reports t

File Screening Management is used basically to restrict users from storing any kinds of file type in the drives. For example, if you want users not to save any Bitmap files then, you can make use of this functionality and achieve it. Open FSRM Services and select File Screening Management Select File Screen Template and create template. Chose your template name as "Block Image Files" and check Image File. Now create a File Screen and chose the HOME folder path and select the template which you had created sometime past and click Create. VERIFICATION Login with U1 account from any client machine and open Network Drive (Z$ i.e., your HOME folder) and try to save any Bitmap Files. Since we have applied File Screening, it will not allow you to save any image file indeed, throw you with an error message.

You can use this particular feature to limit the HOME folder size which we created in our previous post. In this post, I'll teach you how to restrict users to use only 150 MB of space on HOME folder. Note: Please ensure that, the drive in which you had created the HOME folder is formatted with NTFS File System otherwise, the cannot apply quotas. Open, File Server Resource Manager Select, Quota Management and then select Quota Template. Create new Quota Template with name "150 MB Limit" and press OK. Now, Select Quotas then, select Create Quota and provide Quota path (E:\HOME) Select Quota template as "150 MB Limit" and click create. VERIFICATION

FSRM is intended to act as a capacity management solution for your Windows Server 2012. It provides a robust set of tools and capabilities that allow you to effectively manage and monitor your servers storage management. FSRM contains 3 components that work together to provide a capacity management solution. FSRM FUNCTIONALITY Storage Quota Management File Screening Management Storage Reports Management INSTALLING FSRM SERVICES Login DC, with domain Administrator and open Server Manager Console. Click, Add roles and features and check File Server Resource Manager. Install and close.

WHAT IT IS ? Home folder is the centralized location for the user files or data. Home folder makes it easier for an administrator to back up user files by collecting all users files in one location. Whenever the user logs on to any computer in a domain, Home folder will be available in the form of Network drive or Network Location. CONFIGURING HOME FOLDER  Login as domain administrator in DC. Create a new shared folder in any drive with name HOME and share it with everyone with read\write permission. Ensure the drive is formatted with NTFS File System. In Active Directory User and Computers, open the properties of U1 users and click on Profile tab. In Home Folder, select Connect and select any drive letter and enter the UNC path  ( \\SYS1\HOME\U1 ) VERIFICATION Login with U1 account in any client machine. Open My Computer and you will see a new network drive with Z$ and try creating some folders and files and logoff. Try the same the next time on some oth

WHAT IS ROAMING PROFILE A roaming profile can only be created by your Domain Administrator and is stored on a server. This profile is available every time you log on to any computer on your network. Changes made to your roaming user profile are updated on the server. CREATING ROAMING PROFILE In your Domain Controller, login as domain administrator. Create a folder with any name (Eg. ROAM) and share it with everyone. Ensure the drives in which you are creating the shared folder is formatted with NTFS File System. Open, Active Directory Users and Computers Create a user with name U1 and open the Properties of U1 account. Click on PROFILE tab. In Profile Path type, \\servername\ROAM\U1 and click OK. VERIFICATION Login with U1 account in any of the client machine (Client 1) and try to save some files and folders on desktop and log off from that machine. Next time, login with U1 account from another client machine (Client 2) and you can see all the data sa