Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 3

Predhodna dva dela : post1, post2, i deo vezan za mreže : post3.

Disks :
Fixed provisioning – The size of the virtual disk is the actual amount of physical storage space allocated from the pool.
Thin provisioning – The size of the virtual disk represents the maximum amount of physical storage space that can be allocated from the pool. No space is actually used until data is stored on a volume on the virtual disk, and the amount of space used will grow or shrink as data is written to or deleted from the disk.
A storage space with three-way mirroring can tolerate two disk failures but requires a minimum of five disks.

COM port of VM : Named pipe – This option connects the virtual serial port to a Windows named pipe on the host operating system or a computer on the network. A named pipe is a portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other. The second process can be local (on the same computer as the first) or remote (on a networked computer). Named pipes can be used to connect to a virtual machine by configuring COM 1.

Posted in Windows | Tagged , , , | Leave a comment

Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 2

Za prvi deo crtica, videti moj raniji post, za crtice vezane za mrežu videti moj post ovde.

Non-Uniform Memory Access (NUMA) is a computer system architecture that is used with multiprocessor designs in which some regions of memory have greater access latencies. For large multiprocessor systems, this arrangement results in less contention for memory and increased system performance.

VM-Chimney (TCP Offload) allows the CPU workload associated with TCP/IP traffic to be offloaded to the physical NIC, reducing processor usage and increasing network performance.

To create a VHD file (virtual hard disk) you use “Computer Management” option.
VHD is a HDD image file format, virtual disk is a device that doesn’t exist physically, so an emulated (or virtualised) HDD, CD-ROM or something like that.

File system types :
* FAT – File Allocation Table, nije više u upotrebi
* FAT32 – is the version of FAT, 32 bits allocation table, up to 32GB
* NFS – network file system
* NTFS – New Technology File System, do 256TB, file size up to 16TB
* ReFS – Resilient/Robust File System, from WIN 2012, automatic integrity checking and data scrubbing, protection against data degradation, built-in handling of hard disk drive failure and redundancy, integration of the RAID functionality

CLI commands :
* dism.exe – Deployment Image Servicing and Management can be used to service a Windows® image or to prepare a Windows Preinstallation Environment (Windows PE) image.
* imagex.exe – enables original equipment manufacturers (OEMs) and corporations to capture, to modify, and to apply file-based disk images for rapid deployment.
* set-item – Changes the value of an item to the value specified in the command.
* Running systempropertiesremote.exe takes you straight to the Remote tab of the system properties.
* slmgr.exe – How to Use Slmgr to Change, Remove, or Extend Your Windows License (switch /ipk is to change your product key)
* ldifde – Creates, modifies, and deletes directory objects
* csvde – Imports and exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format.
* dsadd – Adds a single computer/contact/group/OU/user/quota to the directory.
* net user – Adds or modifies user accounts, or displays user account information. A switch team must have a name for the team and must be created with one or more members, or network adapters.

CMDLETS :
* Set-AppLockerPolicy – Sets the AppLocker policy for the specified Group Policy object (GPO).
* enable-psremoting – Configures the computer to receive remote commands.
* Enable-PSRemoting – Configures the computer to receive remote commands.
* New-NetSwitchTeam – Creates a new switch team.

When a printer pool is created, all the printing tasks are equally distributed among all the participating printers on round-robin basis. All the participating printers must be from the same manufacturer and of the same model.

In Windows Server 2012 (R2), remote management is enabled by default. You must be a member of the Administrators group on computers that you want to manage by using Server Manager.
Remote management of Win 2008/2012 server from WIN 2012 Server Manager :
1) Configure-SMRemoting.exe –Enable
1a) To enable Server Manager and Windows PowerShell remote management on older operating systems (2008 & 2008 R2) : Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
2) Configure-SMRemoting.ps1 -force –enable

Single root input/output virtualization or SR-IOV is a network interface that allows the isolation of the PCI Express resources for manageability and performance reasons. A single physical PCI Express can be shared on a virtual environment using the SR-IOV specification. It is not possible to change a “non SR-IOV mode” external virtual switch into an “SR-IOV mode” switch. The choice must be made a switch creation time. Thus you should first delete the existing virtual switch and then recreate it.

Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs), based on attributes of the target computer.

Managed settings (policy) are the configuration settings that the organization considers mandatory and that must be strictly enforced.
Unmanaged settings (preference) are the configuration settings that the organization does not consider mandatory but might consider recommended or advisable. A preference can be applied only once if desired; policies are always periodically refreshed.

User Group Policy loopback processing mode – Applies alternate user policies when a user logs on to a computer affected by this policy.
This policy directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this policy. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user policy based on the computer that is being used.

Different default groups :
* Local Administrators – Members of this group have full control of the computer. The Administrator account is a default member of this group. When a computer is joined to a domain, the Domain Admins group is added to this group automatically.
* Domain Admins – automatically added to “Local administrators” group.

Hyper-V
Resource Metering is a feature that allows customers to create cost-effective, usage-based billing solutions.

Access-based enumeration displays only the files and folders that a user has permissions to access. You can enable it by using Share and Storage Management.

Desired state configuration (DSC) is a management platform in PowerShell that enables you to manage your IT and development infrastructure with configuration as code. It is used for configuration, deployment, and management of systems.

Posted in Windows | Tagged , , , | Leave a comment

Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 1

Domain Controller roles
Ili FSMO roles (Flexible Single Master Operation), mogu se preneti na bilo koj DC u domenu.
* Schema master – DC responsible for performing updates to the directory schema
* Domain naming master – This DC is the only one that can add or remove a domain from the directory
* RID master – the single DC responsible for processing RID Pool requests from all DCs within a given domain. RID – relative ID vezan za dati server, i svaki server ima dozvoljenu količinu RID-ova. Kada mu ponestane, traži još od RID master DC servera.
* PDC emulator – necessary to synchronize time in an enterprise. The PDC emulator of a domain is authoritative for the domain. Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
Account lockout is processed on the PDC emulator.
* Infrastructure master – DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC).

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
The global catalog is built and updated automatically by the AD DS replication system.

Security groups
Groups are characterized by a scope that identifies the extent to which the group is applied in the domain tree or forest. The following three group scopes are defined by AD :
* Universal – Use groups with universal scope to consolidate groups that span domains. Groups with domain local scope help you define and manage access to resources within a single domain.
* Global – groups with global scope are not replicated outside their own domain
* Domain Local – Members of these groups can be assigned permissions only within a domain.
We strongly recommend that you use global groups or universal groups instead of domain local groups when you specify permissions on domain directory objects that are replicated to the global catalog.

Neki cmdlets koji se često javljaju u pitanjima :
* Add-AdPrincipalGroupMembership – Adds a member to one or more Active Directory groups
* Install-AddsDomainController – Installs a domain controller in Active Directory
* Install WindowsFeature – Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2.
* Install AddsDomain – Installs a new Active Directory domain configuration.
* Rename-AdObject – Changes the name of an Active Directory object
* Set-AdAccountControl – Modifies user account control (UAC) values for an Active Directory account.
* Set-AdGroup – Modifies an Active Directory group.
* Set-User – on Exchange 2016, modify user attributes
* Add-NetLbfoTeamMember – Specifies if an account is enabled, Adds a new member (network adapter) to a specified NIC team.
* Send-SmigServerData – Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000. The destination server must be in the same subnet as the source server, and the cmdlet Receive-SmigServerData must be run on the destination server at the same time Send-SmigServerData is running on the source server.
* Add-AppxProvisionedPackage – Adds an app package (.appx) that will install for each new user to a Windows image.
* The Add-DhcpServerv6Reservation cmdlet reserves a specified IPv6 address for the client identified by the specified Dynamic Host Configuration Protocol (DHCP) v6 unique identifier (ID) (DUID) and identity association ID (IAID).

Hyper-V
* Virtual machine checkpoints (formerly known as virtual machine snapshots) capture the state, data, and hardware configuration of a running virtual machine. If the virtual machine has no checkpoints, you can change where these checkpoint files are stored. Do not expand a virtual hard disk when it is used in a virtual machine that has checkpoints. Doing so will make the checkpoints unusable. To change a VMs checkpoint location, said VM must be powered down.
* Integration Services settings on virtual machines includes services such as operating system shutdown, time synchronization, data exchange, Heart beat, and Backup
* There are three kinds of physical disks that you can attach to a virtual machine in Windows Server 2012 Hyper-V: Passthrough disks, iSCSI disks, or Fibre Channel disks.

Storage pools – A collection of physical disks that enable you to aggregate disks, expand capacity in a flexible manner, and delegate administration. Storage Pools use unallocated space
Storage spaces – Virtual disks created from free space in a storage pool. Storage spaces have such attributes as resiliency level, storage tiers, fixed provisioning, and precise administrative control.
* All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. This can be considered the default pool for devices from which any other pools will be created.

Network notes
Za neke ranije mrežne crtice, videti moj raniji post.
You cannot change the subnet mask of a DHCP scope without deleting the scope and recreating it with the new subnet mask.
You can verify SRV locator resource records by viewing Netlogon.dns.
Edge traversal allows the computer to accept unsolicited inbound packets that have passed through an edge device, such as a network address translation (NAT) router or firewall.
The legacy network adapters do not support bandwidth management.
When the DHCP role is installed, the firewall rules are automatically added.
If its own IP address is not in the list of authorized DHCP servers (“Allow” filter list) , the DHCP Server service does not complete its startup sequence and automatically shuts down.
netsh.exe is used to configure IPv4 from CLI.

Disks
Virtual hard disks are stored as .vhd files. Diskpart is a CLI for creating virtual hard discs.
Thin provisioning – it is a disk type, just-in-time allocation, thin provisioning and trim are enabled by default in Windows Server 2012, thin provisioned Storage Space does not support being clustered. It is a method of optimizing the efficiency with which the available disk space is utilized and the ability to reclaim storage that is no longer needed (also known as trim).
Types/configurations :
Basic disks – have partitions (primary and extended), supports MBR and GPT, must be NTFS file system
Dynamic disks – enhanced disk type, support RAID, have volumes (which may be on multiple disks), supports MBR and GPT, dynamic disks are not generally used to contain system boot volumes, only on Win 2000 and newer
Disk initialization/partition style :
MBR – the database is contained in the last 1 megabyte (MB) of the disk, up to 4 partitions
GPT – the database is contained in a 1-MB reserved (hidden) partition, partitions may be larger than 2TB, up to 128 partitions
The pass-through disk is a LUN that is connected directly to the controller of a virtual machine, located in the settings of that virtual machine’s virtual hardware. Passthrough disks were designed for the case when you need a large data disk.

Command line commands
* Winrs.exe – This command line tool enables administrators to remotely execute most Cmd.exe commands using the WS-Management protocol.
* Redircmp.exe – Redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in CN=Computers.
* sc.exe retrieves and sets control information about services.

DNS
006 DNS servers option – IP Address of your DNS Server, e.g, 10.10.10.1
015 DNS Domain Name – Specifies the connection-specific DNS domain suffix to be used by the DHCP client.
119 DNS Domain Name – that is for example test.local (your AD domain name)

PowerShell
* The default execution policy of Windows Server 2012 is RemoteSigned meaning that as long as a valid signature is used on the scripts, they will run. However, the client computers have a default execution policy of restricted meaning that no scripts will run in PowerShell whatsoever

Razno
* To be able to fully manage remote servers that run Windows Server 2008 or the R2 Service Pack 1 operating system, you should install the .NET Framework 4 on Server2 first followed by the Windows Management Framework 3.0.
* SAM account name – sAMAccountName — a logon name that supports previous version of Windows.
* From the properties of User1, select Store password using reversible encryption – which is for applications that require user pass for authentication. Storing encrypted passwords in a way that irreversible means that the encrypted passwords can be decrypted.
* Skener spada (za upravljanje) pod “Print and Document Services”
* Windows® Identity Foundation (WIF) is a framework for building identity-aware applications. Starting with the .NET Framework 4.5, WIF has been fully integrated into the .NET Framework.

Posted in Windows | Tagged , , | Leave a comment

Kako kupiti A+ VCE od Microsoft-a

Kada ste u Srbiji, nije jednostavno kupiti nešto od Microsoft-a.
U mom slučaju je u pitanju A+ VCE program.
Šta vam sve treba za isti :
* Microsoft nalog
* Validni način plaćanja (PayPal, kredinta kartica za plaćanje preko Interneta…..) koji unesete pod svoj Microsoft nalog
* WIN 10 mašina (zahtev softvera, i to je ono što sam ja odabrala) ili Android
* Validna licenca za WIN 10
* Pravilno podešen WIN 10 :
Kroz Control Panel/ Regional and Language settings podesiti vremensku zonu i OBAVEZNO zemlju u kojoj ste (ako ovo ne podesite stalno će vam tražiti novi način plaćanja, iako ste ga uneli u svoj Microsoft nalog).

I onda kupite A+ VCE kroz opciju za kupovinu licence unutar samog programa, koji obavezno spustite kroz Microsoft Srbija Prodavnicu!

Posted in Windows | Tagged , , | Leave a comment

WMI servis na Win serveru 2008

SCOM je javio probleme sa WMI servisom.
WMI=Windows Management Instrumentation.
Probala sam restart kroz Server Manager/Services, ali se servis zaglavio “ni na nebu ni na zemlji”.
1) Restart iz CLI-a :
(kao admin) :
>net stop winmgmt
2) Ako to ne fukcioniše, naći PID procesa, i pokušati kill :
C:\Users\velda>sc queryex winmgmt
SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 3 STOP_PENDING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x1
WAIT_HINT : 0x7530
PID : 248
FLAGS :
C:\Users\velda>taskkill /f /pid 248
ERROR: Server execution failed
3) Pošto je i to propalo, iz wmi konzole :
C:\Users\velda>wmic
wmic:root\cli>list status winmgmt
ERROR:
Code = 0x80080005
Description = Server execution failed
Facility = Windows

Zaključak : WMI je u totalno izgubljenom stanju, i treba resetovati ceo server, kada nema korisnika na njemu.
Linkovi : link1, link2, i ODLIČAN link3.

Posted in Windows | Tagged , | Leave a comment

IPv4 + IPv6 mreže i MCSA 70-410

Imam malo problem sa ovim, pa mi je lakše da stavim par crtica u vezi sa ovom temom.
IPv4
4x8bita
Moguće mreže :
A – prvi oktet : 1-126, CIDR notacija : /8
B – prvi oktet : 128-191, CIDR notacija : /16
C – prvi oktet : 192-223, CIDR notacija : /24
D – prvi oktet : 224-239, CIDR notacija : N/A
E – prvi oktet : 240-254, CIDR notacija : N/A

Mogući broj podmreža : 2(exp)s, gde je s=broj bitova odvojen za podmrežu
Mogući broj hostova/nodova u mreži : 2(exp)h-2, gde je h=broj bitova odvojen za host deo mreže

Pripomoć pri računanju bitova :
2(exp)7 2(exp)6 2(exp)5 2(exp)4 2(exp)3 2(exp)2 2(exp)1 2(exp)0
128——64——-32——-16———8———-4———2———1

Privatne mreže :
A – 10.0.0.0/8
B – 172.16.0.0/12
C – 192.168.0.0/16

IPv6
8x16bita
Napomene :
You can have only one double-colon notation within any IPv6 address.
IPv6 addresses do not employ subnet masks, but rather use the same CIDR notation used with IPv4.
::1 je pandan za 127.0.0.1 = loopback
global unicast – 2000::/3 – globaly routable addresses
link-local – fe80::/64 – nonroutable addresses (exist inside of the subnet)
unique local address – fc00::/7 – internaly routable addresses
Unicast 6to4 addresses – 2002::/16
Multicast adrese uvek počinju sa ff00::/8
:: is a unspecified address
When you see the 5efe block within an IPv6 address, this identifies the address as being an ISATAP address.
64 last address bits should always be reserved for host address (necessary for auto configuration). The rest is used for network and (if necessary) subnetting.

Tipovi adresa :
*Unicast – packets addressed to this type of address are to be delivered to a single network interface. Unicast IPv6 addresses include :
global unicast – 2000::/3 – globaly routable
link-local – fe80::/64 – nonroutable
unique local address – fc00::/7 – internaly routable
Two special addresses are also included—unspecified addresses (all zeros or ::, equivalent to the IPv4 address of 0.0.0.0) and the loopback address, which is 0:0:0:0:0:0:0:1 or ::1 (which is equivalent to the IPv4 address of 127.0.0.1). By default, all unicast addresses are divided into a 64-bit network component and a 64-bit host component.
*Multicast – Represents multiple interfaces to which packets are delivered to all network interfaces identified by the address. Multicast addresses have the first eight bits set to 1s, so they begin with ff .
*Anycast – represents multiple interfaces. Anycast packets are delivered to a single network interface that represents the nearest (in terms of routing hops) interface identified by the address.

IPv4 to/from IPv6
Adrese za prelazak sa IPv4 na IPv6 :
*Compatibility addresses – address represented by 0:0:0:0:0:0: w.x.y.z , where w.x.y.z is the IPv4 address in dotted-decimal, or ::ffff:w.x.y.z
*Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) addresses – An ISATAP address utilizes the locally administrative interface identifier ::0:5efe: w.x.y.z , where w.x.y.z is any private unicast IPv4 address, or ::200:5efe: w.x.y.z , where w.x.y.z is a public IPv4 unicast address.
*6to4 addresses – 2002: wwxx:yyzz ::/48 in the case of a public IPv4 address w.x.y.z
*Teredo addresses

Posted in Windows | Tagged , , | Leave a comment

PATH variabla pod Win 7

Kako promeniti PATH variablu?
U ovom slučaju, kako dodati Java HOME u PATH variablu :
0. Pronaći gde je Java home, u mom slučaju to je u : C:\Program Files (x86)\Java\jdk1.6.0_29\bin
1. Right click on My Computer on desktop (ili kroz Start dugmence)
2. Select Properties
3. Select Advanced System Settings
4. Select Advanced tab
5. Select Environment Variables
6. Select Path under System Variables
7 .Click on Edit button
8. In Variable value editor paste this at the start of the line
C:\Program Files (x86)\Java\jdk1.6.0_29\bin;
(Da, MORA tačka zarez na kraju!!!)
9. Click Ok then Ok again
10. Restart command prompt otherwise it won’t see the change to the path variable
11. Type java -version in command prompt – tu bi trebalo da se pojavi izlaz za verziju JAVA-e na lokalnoj mašini.

Dobar link.

Posted in Windows | Tagged , , | Leave a comment

VCE player

Probala sam par VCE player-a…..
1) VCE exam simulator (-)
Link
Symantec smatra ovaj fajl kao neprihvatljiv i automatski ga je obrisao, dakle neću sa njim ni probati.
2) Avanset VCE exam simulator (-)
Link
Symantec ga je proverio, i kaže da je OK.
Traži mail adresu, i daje samo trial verziju.
Otvara moje VCE fajlove, ali samo prvih 5 pitanja!!! Jer je trial verzija 🙁
Košta 16USD/mesečno, što mi je malo mnogo (osnovna verzija, znači samo da otvara već postojeće VCE fajlove).
3) Open Exam Suite 3.1.2 (-)
Link
Otvara samo OEF fajlove, dakle za mene je neupotrebljiv.
4) JQuestions (-)
Link
Mator – 2013, ali meni treba samo player, tako da to i nije toliki faktor.
Plus je pod GNU-om!
Radi tako što se iz CLI-a pokrene JQuestions.bat fajl, koji onda pokreće JQuestions.jar fajl. Traži da postoji JVM instaliran.
Na žalost ne otvara moje VCE fajlove…..
5) Virtual Collaborative Environment (-)
Link
Malo je mator (2015), ali ne previše.
Cvrc – ovo uopšte nije player za VCE fajlove…..
6) Softpedia VCE Exam Simulator (-)
Link
Kupuje se, ali ima 30 dana free trial (full version je 16USD/mesečno, odnosno 66USD/mesečno!!!).
Daje samo prvih 5 pitanja iz testa…..
7) A+ VCE (+/-)
Link
Microsoft-ova aplikacija, treba da imate legalni Win 10, i Microsoft account. Radi i na Androidu i Win 10 (morala sam da podignem Win 10 kao virtuelnu mašinu).
Imam velikih problema da skinem ovu aplikaciju na moju Win 10 virtuelnu mašinu…..
Ovaj problem (greška 0x8004804E) se rešava tako što iz komandne linije (kao administrator) ukucate :
> netsh winhttp import proxy source=ie
Free je (teoretski) ali onda otvara samo prvih 10 pitanja iz VCE fajla. Inače full verzija je 20USD kao trajna licenca.
Evo link kako ga kupiti.
8) QueLang (-)
Link
Služi za dizajn upita, dakle ne.
9) BlueStack+VCE player A+ (videti stavku 8) za Android (-)
Link1 ili link2 za uputstvo.
Bluestack softver imitira Android na PC platformi, a za Android postoji priličan broj besplatnih VCE plejera 🙂
Paziti jer Blue Stack ide na Win 10, neće na Win 7 (bar ne kada je iza proxy servera, pa sam morala da podignem Win 10 kao virtuelnu mašinu).
Paziti, instalacija za BlueStack traje prilično dugo!
Takođe, BlueStack može da pravi problem ako se računar nalazi iza proxy servera, može se desiti da ne proradi….. E u tom slučaju se instalira dodatna aplikacijica : ProxyCap (link), pa da vidimo (pokušala sam sa Proxyfier, ali to nije pomoglo!).
Šta je još potrebno : Google nalog, .NET Framework 3.5 (to bi trebalo sam da spusti kad “shvati” da mu fali, i to traaajeeeee)
Problem je ako BlueStacks koristi UDP, to neće raditi, jer naš FW to ne pušta…..
A+ VCE ima free varijantu (prikazuje samo prvih 10 pitanja), a doplata na punu verziju je 20USD (lifetime), i onda dozvoljava da se vide sva pitanja iz VCE fajla.
10) GMAT AWA Sim (-)
Link
Prilično je star, 2013, pa je pitanje da li će umeti da otvori moje VCE fajlove…..
Ne mogu da pokrenem xxx.jar
11) JPilotExam (-)
Link
Isto JAR fajl…..
Ne otvara moje VCE fajlove.
12) VCE Exam Simulator 2.3 (-)
Link
Symantec je zabrinut pa neću ni probati
13) VCE Converter (-)
Link
Neće ni da se download-uje
14) Exam formatter (-)
Link
To nije ono što mi treba. jer pretvara PDF i TXT u (verovatno) VCE…..

Posted in Windows | Tagged , | Leave a comment

AD i videti koja je delegirana kontrola nad OU-ovima i drugim stvarčicama ;-)

E da. Jednom kada ovako nešto uradite, cvrc ćete to moći lepo i da vidite!
Iz misterioznih razloga Microsoft nigde jasno i lepo ne prikazuje šta je kome delegirano i koje su dozvole (permissions) na kojim objektima u AD-u.
*****
Dakle kako videti delegated control :
Prva opcija
Server Manager/Tools/Active Directory Users and Computers
Otići na tab “View” i uključiti opciju “Advanced Features” :

Otići na problematični OU/desni klik/Properties/tab Security/Advanced/tab Permissions
Odavde se vidi nešto, ali zbilja ne baš jasno!
Druga opcija – A +/-/-
3rd party SW, u ovom slučaju LEX koji je LDAP browser.
Na žalost ima delove koji su blokirani u free verziji.
Druga opcija – B +/+/
3rd party SW – Softerra LDAP browser (v 4.45/64) (link)
Obavezno pri logovanju na AD, kao “Principal” staviti CN username@AD domain!
Free je RO verzija, ali to je OK.

Treća opcija -/-/-
MS CLI alatka DSREVOKE
“Dsrevoke is a new command-line tool that can be used on domain controllers that are running Windows Server 2003 or Windows 2000 Server to report the existence of all permissions for a specific user or group on a set of OUs in a domain”.
You should be able to run dsrevoke on any machine that can access the DC.
Može i da ih ukloni, ali nas to ne zanima.
I pored VELIKOG truda nisam uspela da ovaj alat nateram da radi!!!!

Zgodni linkovi :
Link1

Posted in Windows | Tagged , , | Leave a comment

Heklanje 62 : moj prvi milje!

Moj prvi milje!
Ispao je super.
Istina pred karj mi je ponestalo belog konca, pa sam dodala sivog :

I mustra po kojoj sam radila :

Posted in Odmor | Tagged | Leave a comment