WIN 2012 R2 AD

Crtice :
Na jednom AD DC može jednovremeno biti samo jedan domen.
Da bi AD radio mora imati DNS koji podržava SRV zapise u sebi.
Any server on which you have installed Active Directory is a domain controller (DC)
The global catalog is a subset of domain information created for the purpose of enabling domain controllers in other domains in the same forest to locate resources in any domain.
First domain in the entire forest is not only a root domain, but is also the forest root
Klijentska mašina može jednovremeno biti u samo jednom domenu.
Ako se nad deljenim folderom stavi “Everybody” to idalje podrazumeva nalog pod datim domenom, da bi se deljenom folderu prišlo.

Komponente AD-a :
Logičke

  • OU – organisational unit
  • Domain
  • Tree
  • Forest

————————————

  • Namespace (flat or hierarchical)
  • Object (may be of different classes)
  • Container
  • Schema – a set of rules that define the classes of objects and their attributes that can be created in Active Directory
  • Global catalog – a central information database
  • Partition

Fizičke : folderi, štampači, sites (komponente međusobno povezane brzom mrežom), DCs …..

Posted in Windows | Tagged , | Leave a comment

Heklanje 61 : uski crveni ukrasni šalić sa staklićima

Uheklala sam crvene stakliće na krajevima šala 🙂


I šema po kojoj sam heklala :

Krajeve sam radila “iz glave”.

Posted in Odmor | Tagged , , , | Leave a comment

Heklanje 60 : veliki topli zeleni trougaoni šal

Mnogo volim zelenu boju, dakle jedan veliki tooopli zeleni trougaoni šal :

I njegova mustra :

Posted in Odmor | Tagged , , , | Leave a comment

WIN i PATH promenljiva

Definicija :
The system path is a list of folders, separated by a semicolon, that identifies the folders that the system should search when looking for files that are called from the Run dialog box, command line, or other processes. Normal program installation changes this path to include the program’s installation path.
PATH may be set on a system and user level.
An alternative to setting the path at system level is to change it at user level; however, doing so will affect only your logon session and not other users who might use the computer or system processes, which might cause confusion and unexpected behavior.

Kako se menja PATH promenljiva :
1. Go to : Start – Settings – Control Panel – System
2. Select the Advanced tab.
3. Click the Environment Variables button.
4. Under System Variables, select Path, then click Edit.
You’ll see a list of folders, as this example shows: C:\Program Files\Windows Resource Kits\Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Support Tools\;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Intel\DMIX;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\Bonjour\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Misc
You can add additional folders that you want to include in searches, with “;” at the beggining and at the end. Click OK.
You’ll need to restart the processes (e.g., command prompt) that use the system path to see the added folders.

Napomena1 : ako u Start/”Run” ukucate “Environment” (bez navodnika), dobićete spisak svih promenljivih okoliša u kojem radite.
Napomena2 : WIN 2012 NEMA PATH varijablu, pa se samo ona doda na istom mestu kao što je gore navedeno.

Odakle sam uzela (i testirala) gore navedeno : link1. Još jedan dobar link2.

Posted in Windows | Tagged , | Leave a comment

WIN 2012 R2 i DNS

E ovde ima gomila zvrčki.
Kada se instalira DNS servis, treba proveriti da li radi.
Pre svega, i da ne bi bilo zbunjivanja, isključiti IPv6.
To se radi pod Control Panel/Network/Ethernet/Properties, pa odkliknuti stavku “Internet Protocol Version 6”.
Da bi se IPv6 potpuno uklonio, potrebno je izmeniti stavku u registry-ju servera, ili kroz regedit, ili iz komandne linije (kao Administrator) (link) :
C:\>reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 0xFFFFFFFF
The operation completed successfully.
Ovo posle traži restart da bi proradilo.

Početne stavke :
1. Podesiti izlaz na internet (proxy i port), kroz Control Panel/Network and Internet/Internet options
2. Proveriti pristup ROOT serverima. Iz komandne linije (kao Administrator) :
C:\>nslookup -type=ns . l.root-servers.net
“.” označava ROOT Interneta
l.root-servers.net je jedan od 13 root servera Interneta
Ako ovaj upit ne prođe, to može značiti da mreža ne dozvoljava DNS upite na napolje.
3. Provera ROOT hints servera (spisak gorepomenutih Internet root servera)
Prizvati DNS manager (dnsmgmt.msc ili Server Manager/DNS manager), stati na ime servera, desni klik/Properties/Root hints tab

4. Proveriti da li je workgroup podešena da bude ista kao i domen, i kao i “DNS Primary Suffix”. Ako AD nije podignut, to je neophodno.

Testiranje DNS-a :
0. Pre svega, obrisati stare DNS zapise, koji eventualno postoje u memoriji :
C:\>ipconfig /flushdns
1. Telnet
Ako ne postoji instaliran, može se instalirati iz komandne linije (ne mora se biti Administrator) sa komandom :
C:\>pkgmgr /iu:”TelnetClient”
Posle donje komande treba da se pojavi blanko komandna linije :
C:\>telnet localhost 53
(izlazi se sa ctrl+đ)
2. Ipconfig, proveriti da li su sve stavke kako treba, vezano za sam DNS server :
C:\>ipconfig /all
3. Nslookup
C:\>nslookup 10.10.10.140 10.10.10.140
(gde je 10.10.10.140 ona mašina na kojoj je podignuta zona)
3. DNSlint (može se koristiti i za testiranje AD zapisa)
DNSLint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues.
Dnslint se razvija na lokalnom disku, i onda se koristi kao komanda iz foldera u kojem je komanda razvijena (ako se taj folder ne doda u PATH promenljivu (link)) :
C:\dnslint>dnslint /d aspirin.com /s 10.10.10.140
DNSLint will attempt to verify the DNS entries for:
aspirin.com
Ovo znači da server 10.10.10.140 pitamo za domen po imenu aspirin.com. Posle završene obrade se pojavljuje novi prozor sa kompletnim izveštajem (crveno obeleženim je greška, žuto obeleženim je upozorenje).
5. Dnscmd – ne daje baš pregledne podatke

Moguće greške :
1. C:\>nslookup
Default Server: dc.moj.domen
Address: 10.10.10.19
> ls -t moj.domen
[dc.moj.domen]
*** Can’t list domain moj.domen.rs: Query refused
Ovo se javlja jer za “moj.domen” nije dozvoljen zone transfer!
2. Ako se u izveštaju dobijenom pomoću komande DNSlint javlja greška :
Answering authoritatively for domain: NO
ovo se ispravlja unošenjem pravilnog upisa za DNS server i PTR zapis u reverznoj zoni (OBAVEZNO kao FQDN, znači ime+domen!!!).

Crtice :
* Fajlovi sa podacima o zoni uvek imaju ekstenziju “.dns”, a obično se zovu kao i sama zona (aspirin.com.dns npr)
* DNS ne loguje NIŠTA po pitanju upita, po default-u! Logovanje za upite se mora posebno podesiti, i ide u fajl : C:\Windows\System32\dns\Dns.log. OS loguje do max veličine fajla posle čega počinje da prepisuje već postojeće zapise.

Posted in Windows | Tagged , | Leave a comment

VMWare Workstation Player 12 crtice

Ovo koristim na svojoj radnoj mašini da bih podigla VM WIN 2012 R2 dok spremam MCSA.

Crtice :
1. Ne može se promeniti povezanost network adaptera za VM dok je u “Suspended” stanju (a to stanje se zadržava i ako se VmWWP ugasi, pa ponovo upali). “Suspended” stanje je i dalje upaljeno (mada ne skroz svesno) stanje.
2. Da bi VM mogla da izađe na mrežu, njen Network Adapter treba da je u stanju “Bridged”, što se može uraditi SAMO dok je VM u stanju “Off”
3. Ako postoji DHCP u mreži, čim izađe na mrežu VM će da odatle zgrabi adresu. Ako je VM server, mora se IP fiksirati.
4. Paziti jer kada se podigne WIN 2012R2 njegov FW je po default-u ON, i to tako da je čak i ping blokiran!

Posted in Windows | Tagged , , | Leave a comment

PoSh ili Power Shell

Korišćenje PoSh je prilično slično sa Linux CLI-om, pa se nadam da će mi dobro ići 😉
Windows PowerShell is an evolution of the command line – a combination of a DOS shell and scripting environment.
PowerShell is based on Microsoft’s .NET framework
PoSh koristi pipe (|) na isti način kao i Linux CLI, za prosleđivanje rezultata jedne komande kao ulaz u drugu komandu.
Scripts are text files that contain sequences of calls to cmdlets, and these files have the extension .ps1. BUT Windows is not configured to allow the execution of unsigned scripts because they can be used to damage the system, so that may be a problem.
Skripta se pokreće tako što se ispred njenog imena stavi :
PS D:\PoSh-skripte> .\test1.ps1

Kako gledati event logs preko PoSh
UVEK OTVORITI PoSh KAO ADMINISTRATOR!!! (inače se pored ostalog ne vide security logovi)
1. This command gets the event logs on the local computer :
PS C:\> get-eventlog -list
Max(K) Retain OverflowAction Entries Log
—— —— ————– ——- —
20,480 0 OverwriteAsNeeded 31,160 Application
20,480 0 OverwriteAsNeeded 0 HardwareEvents
512 7 OverwriteOlder 0 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
8,192 0 OverwriteAsNeeded 0 Media Center
128 0 OverwriteAsNeeded 892 OAlerts
512 7 OverwriteOlder 0 Operations Manager
512 7 OverwriteOlder 0 PreEmptive
…4,240 0 OverwriteAsNeeded 485,748 Security
8,192 0 OverwriteAsNeeded 4,316 Symantec Endpoint Protection Client
20,480 0 OverwriteAsNeeded 57,358 System
15,360 0 OverwriteAsNeeded 323 Windows PowerShell
2. This command gets the five most recent entries from the Security event log :
PS C:\> Get-EventLog -newest 5 security
Index Time EntryType Source InstanceID Message
—– —- ——— —— ———- ——-
757652 Mar 01 14:27 SuccessA… Microsoft-Windows… 4648 A logon was attempted using explicit credentials….
757651 Mar 01 14:11 SuccessA… Microsoft-Windows… 4648 A logon was attempted using explicit credentials….
757650 Mar 01 13:11 SuccessA… Microsoft-Windows… 4634 An account was logged off….
757649 Mar 01 13:11 SuccessA… Microsoft-Windows… 4624 An account was successfully logged on….
757648 Mar 01 13:11 SuccessA… Microsoft-Windows… 4672 Special privileges assigned to new logon….
3. Kako videti jedan specifičan upis u log, u čitljivom formatu :
PS C:\> Get-EventLog -logname security -InstanceID 4672 -index 757648|format-list -property *
EventID : 4672
MachineName : ime-moje-mašine
Data : {}
Index : 757648
Category : (12548)
…..

Dobar link sa primerima.

Posted in Windows | Leave a comment

WIN server 2012 R2 skraćenice

O čemu ja to ovde?
Pa treba da spremam MSCA, pa je prvi deo (70-410) upravo vezan za instalaciju ovog servera.
Pošto ja o WIN serverima ne znam baš mnogo, počinjem iz početka, što uključuje GOMILE raznih skraćenica!
Skraćenice :
ABE – access based enumeration, prikazuje samo resurse kojima korisnik ima pravo da pristupi
ACL – access control lists
AD CS – active directory certificate services
AD DS – active directory domain services
AD FS – active directory federated services (Trustbridge)
AD LDS – active directory lightweight directory services
AD RMS – active directory rights management services
ADSI – active directory service interfaces
API – application programming interfaces
APIPA – automatic IP addressing, automatsko samododeljivanje IP adrese klijentu, ako ne postoji DHCP u mreži
AXFR – full (DNS) zone transfer (all the data in the DNS database)
BIND – Berkley internet name domain, SW for DNS servers
BOOTP – bootstrap protocol, for DHCP
CHAP – challenge handshake authentication protocol, for iSCSI
CNAME – alias record, or a canonical name, DNS record entry
DISM – deployment image servicing and management
DDNS – dynamic DNS standard, DNS DB is automatically build and may be updated by DNS clients
DHCP – dynamic host configuration protocol
DN – distinguished names, unique name under the AD (defines the complete path from the top of the tree to the object)
DNS – domain name system, resolves a name to a IP address, RFC 1034+1035, do NOT map directly to AD domains
DNSSEC – DNS security extensions
DORA – discover, offer, request, acknowledge – DHCP process list
EFI – extensible firmware interface
EFS – encrypted file system
FQDN – fully qualified domain name (computer name + domain name)
FSMO – flexible single-master operations, posebni AD DC-i sa kojih se mogu vršiti radnje rezervisane samo za njih
GPMC – group policy management console
GPO – group policy objects
GPT – GUID partition table (newer partition style for HDDs)
GUID – globally unique identifiers, under AD
HBA – host bus adapter, HW uređaj za spoj hosta sa mrežom
IANA – Internet Network Information Center
ICANN – internet corporation for assigned names and numbers
ICMP – internet control message protocol, ping command
IETF – Internet engineering task force
IFM – install from media
IIS – Microsoft web server (internet information services)
IHV – independent HW vendor
IN – Internet class, zone class in a DNS record
IPAM – IP address management
IPsec – internet protocol security
iSCSI – internet small computer system interface (port 3260), block level storage access
iSNS – internet storage service name, finds iSCSI storages on a network
IXFR – incremental (DNS) zone transfer
JET – joint engine technology, database technology used in DHCP servers
KCC – knowledge consistency checkers, part of the AD for application data replication
KDC – Kerberos distribution center
LBFO – load balancing and failover
LDAP – lightweight directory access protocol
LUN – logical unit number, used in storages
MADCAP – multicast address dynamic client allocation protocol, protocol that controls multicasting
MBR – master boot record (older partition style for HDDs, bootable)
MMC – Microsoft management console
MPIO – multipath I/O
MSA – managed service accounts
MX – mail exchange record, part of a DNS record
NAP – network access point
NAP – network access protection
NAS – network attached storage, file level access, NFS, CIFS, HTTP protocols
NDDNS – non-dynamic DNS does not automatically populate the DNS database
NIC – network interface controller
NLB – network load balancing
NOS – network operating systems
NPIV – N port identification virtualization, FC facility, omogućava da više n-potova koristi jedan fizički N-port
NS – name server
NTFS – Windows NT (new technology) file system
PDC – primary domain controller, vezan za legacy servere pod AD-om
PIN – personal identification number
PKI – public key infrastructure
PTR – pointer record, a DNS entry for a reverse DNS zone (mapping IP address to a hostname)
PXE – preboot execution environment
RAID – redundant array of independent discs
RDN – relative distinguished name, part of a AD
ReFS – resilient file system
RFC – request for comments, documents that regulate IT
RODC – read-only domain controller, a full copy of a Active Directory DB, without the write ability to write in AD
RR – resource record, information about a DNS zone
RRSIG – digital signature
SOA – start of authority, part of a DNS record, defines general zone parameters
SID – security identifier, a value that uniquely identifies a security principal in AD
SPN – service principal name
SRV – service record, part of a DNS record
SSL – secure socket layer
SSO – single sign-on
SSP – security support provider
SSPI – security support provider interface
TCP/IP – transmission control protocol/internet protocol
TLD – top level domain(s), directly under a root “.” domain
TLS – transport layer security
TTL – time-to-live, how long the record is valid (how long it may be cached, before making another query)
UDP – user datagram protocol, mnogo manji saobraćaj nego TCP protokol, jer nema potvrde prijema paketa
UPN – user principal name, under AD
VDI – virtual desktop infrastructure
VDS – virtual disk service, application for managing all storage devices
VID – virtual infrastructure driver
VHD – virtual hard disc
VLSM – variable length subnet masking
VM – virtual machine
VPN – virtual private network
VSP – virtual service provider
VSS – volume shadow copy service
WAN – wide area network
WBF – windows biometric framework
WDS – Windows deployment services
WINS – Windows internet name service, MS TCP/IP name resolving, old and now abandoned (Win 2000 onward)
WSUS – windows server update services
WWN – world wide name, ime fiber channel storidža

Posted in Windows | Tagged , , , | Leave a comment

ITIL Service Strategy and/or Service Offerings and Agreements

Pošto sam položila ITIL CSI (!!!!!), prelazim na sledeću oblast.
Nove skraćenice :
ASP – application service provider
BIA – business impact analysis
BMP – best management practice
BPO – business process outsorcing
BU – business unit
DIY – do it yourself
FMEA – failure modes and effect analysis
IRR – internal rate of return, a discounted cash flow method
KPO – knowledge process outsorcing
MoP – management of portfolios
MoR – management of risks
MoV – management of value
MSP – management successful programmes
NPV – net present value
ROI – return on investment, financial benefits
ROIC – return on invested capital
SIP – service improvement plan
SPI – service provider interface
SSU – shared business unit
TCO – total cost of ownership
VOI – value on investment VOI=financial value+intangible benefits

Neke definicije :
Effective – conforms to a set norm, repeatable, measurable, managable, achieves the required outcome
Efficient – activities can be carried out with a minimum use of resources
Output – refers to a specific level of service, NOT a business objective.
Outcome – when business is able to perform activities which meet business objectives.
Economic value – total value that the customer perceives the service to deliver.
*****
Aggregation – centralized services resulting in a single type II service provider
Insourcing – going to a type I or II of a IT service provider
*****
Disaggregation – decentralization resulting in a number of type I IT service providers
Outsourcing – IT services sourced from outside (type III provider)
*****
Service archetype – basic building blocks for services
*****
Discounted cach flow – the fluctuation in the value of income and expenditure over a period of time.

Posted in ITIL | Tagged , , , , | Leave a comment

SNMP konektivnost

Imam problem sa mašinom na kojoj je WIN Vista, pa ne mogu da koristim WinRM, nego je ispitujem sa SNMP-om.
Problem je što mi nije dotupna kroz RD, i pokušavam da provalim da li je port otvoren, i sl.
Provere :
Kako dobiti koji su sve portovi otvoreni (paziti ovo je samo za TCP portove!) :
# nmap -sT -O 10.10.10.7
Ako hoćemo raspon UDP portova :
# nmap -sU -p 161 10.10.10.7

Kako ispitati direktno SNMP konektivnost (sa Linux mašine) :
# snmpwalk -v2c -c SNMP-community 10.10.10.7
Paralelno sa ovim se može pratiti i :
# tcpdump -vv -n -tttt -i eth3 |grep 10.10.10.7

Kako ispitivati SNMP konektivnost sa WIN 7 mašine.
Koje sam sve alate isprobala :
(Mora da se stavi : Start > Run > services.msc, then look into the properties of “SNMP service”, Navigate to “Security” tab, and try to set to “Accept SNMP packets from any host” da bi mogao da npr pita samog sebe)
1. Net-SNMP – malo stariji, radi
2. iReasoning MIB browser (free verzija) – radi
3. PowerSNMP – ne uspeva da se instalira
4. Snmpwalk.exe (link) – ovo je samo fajl, koji se smesti na WIN 7 i koristi se iz komandne linije, i to mi je nekako najzgodnije :
>SnmpWalk.exe -c:SNMP-community -r:10.10.10.7

Posted in Linux, Windows | Tagged , | Leave a comment