Gallery

Heklanje 65 : broševi (1)

This gallery contains 27 photos.

Nije mi baš bilo dobro, pa sam bila kući par dana, i rezultat toga je gomila broševa (za prodaju su!). Lepi zeleni broš : Brošić sa crvenom ružicom : Broš “šarena ljubičasta hobotnica” : Kako broševi izgledaju od nazad : … Continue reading

Posted in Odmor | Tagged , | Comments Off on Heklanje 65 : broševi (1)

Heklanje 64 : kako produžiti majcu!

Šta mi se desilo sa par majci : posle pranja majca se skrati, a proširi 🙁
Ali ima leka i za to!
Evo kako sam produžila plavu duksericu :

I sličnu zelenu duksericu :


I moju slatku teget majcu :


I svetlo plavu majcu :

A evo isheklanih ukrasa koje ću našiti na moju crvenu haljinu (pošto je malo monotona, pa da je uveselim) :

Posted in Odmor | Tagged , , | Comments Off on Heklanje 64 : kako produžiti majcu!

Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 4

First three bytes of every MAC address range usable in the Virtual Switch Manager : 00-15-5D.
Two types of user accounts in Windows Server 2012 : Local Users and Domain Users.
Windows Server 2012 does NOT allow Remote Desktop connections by default.

Windows Server 2012 supports 64 Volume Shadow Copies. Volume Shadow Copies is a Windows Server 2012 feature that enables you to maintain previous versions of files on a server, so that if users accidentally delete or overwrite a file, they can access a copy. You can implement shadow copies only for an entire volume; you
cannot select specific shares, folders, or files.

File Shares may be :
* NFS (network file system) – used by Unix/Linux, needs “Server for NFS” role
* SMB (server message blocks) share – typical for Windows, needs “File Server” role
To manage folder quotas, you must use the File Server Resource Manager (FSRM) Microsoft Management Console (MMC) snap-in.
Share options :
* Enable access-based enumeration prevents users from seeing files and folders they
do not have permission to access.
• Allow caching of share enables offline users to access the contents of the share.
• Enable BranchCache on the file share enables BranchCache servers to cache fi les
accessed from this share.
• Encrypt data access causes the server to encrypt remote file access to this share.

There are 3 group scopes in AD.
AD has 4 partitions : configuration, schema, domain, applications.
AD sadržaj/NTFS resursi se ne repliciraju na DC-ove/objekte van njihovog domena, bez obzira na trust između domena u forest-u.

Cloneable Domain Controllers group (in the Users container). Membership in this group dictates whether a DC can or cannot be cloned.

In Winsxs directory windows stores all of the operating system modules for later install.

Redosled pri kreiranju novog diska :
createvdisk file=”C:\vdisks\disk1.vhd” maximum=16000
attachvdisk
create partition primary
assign letter=g
format

Ako se kriptovan fajl iskopira na fajl sistem FAT ili FAT32, on gubi enkripciju.

Windows Server 2012 supports two types of folder shares :
• Server Message Blocks (SMB) is the standard file-sharing protocol used by all versions of Windows.
• Network File System (NFS) is the standard file-sharing protocol used by most UNIX and Linux distributions.
For network users to be able to see the shares you create on the file server, you must make sure that the Network Discovery and File Sharing settings are turned on in the Network and Sharing Center control panel.

To be able to fully manage remote servers that run Windows Server 2008 (R2 SP 1) operating system, you should install the .NET Framework 4 first followed by the Windows Management Framework 3.0 on them!
Windows Remote Management (WinRM) is enabled by default on Windows Server 2012 (R2), which is not the case in earlier server versions!

When the DHCP role is installed, it appears that the firewall rules are automatically added.

Permissions
In all Windows operating systems, permissions are stored as part of the protected element, not the security principal granted access.
* Allow permissions are cumulative
* Deny permissions override Allow permissions
* Explicit permissions take precedence over inherited permissions
* Share permissions do not combine like NTFS permissions. NTFS and share permission systems are completely separate from each other, and that for network users to access fi les on a shared NTFS drive, they must have both the correct NTFS and the correct share permissions.
*****
Offline Files is a Windows feature that enables client systems to maintain local copies of files they access from server shares.
Configure slow-link modeAlways Offline mode of Offline Files to provide faster access to cached files and redirected folders. Always Offline also provides lower bandwidth usage because users are always working offline, even when they are connected through a high-speed network connection.
*****
The Store password using reversible encryption policy setting provides support for Applications that use protocols that require the user’s password for authentication. Storing encrypted passwords in a way that irreversible means that the encrypted passwords can be decrypted. If you use the Challenge Handshake Authentication Protocol (CHAP) through remote access or Internet Authentication Services (IAS), you must enable this policy setting.

The default execution policy of Windows Server 2012 is RemoteSigned meaning that as long as a valid signature is used on the scripts, they will run. However, the client computers have a default execution policy of restricted meaning that no scripts will run in PowerShell whatsoever.

When edge traversal is enabled, the application, service, or port to which the rule applies is globally addressable and accessible from outside a network address translation (NAT) or edge device.

Security
Main mode negotiation establishes a secure channel between two computers. It can be viewed from : Windows Firewall with Advanced Security/main mode security association. .inf is the windows server 2012 extention in use for security templates.

To configure Server Manager remote management by using Windows PowerShell :
1. On the computer that you want to manage remotely, open a Windows PowerShell session with elevated user rights. To do this, click Start , click All Programs , click Accessories , click Windows PowerShell , right-click the Windows PowerShell shortcut, and then click Run as administrator .
2. In the Windows PowerShell session, type the following, and then press Enter :
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
3. To enable all required firewall rule exceptions :
Configure-SMRemoting.ps1 -force -enable

Active Directory Administrative Center can perform the following AD administrative tasks:
* Create new user accounts or manage existing user accounts
* Create new groups or manage existing groups
* Create new computer accounts or manage existing computer accounts
* Create new organizational units (OUs) and containers or manage existing OUs
* Connect to one or several domains or domain controllers in the same instance of Active Directory Administrative Center, and view or manage the directory information for those domains or domain controllers
* Filter Active Directory data by using query-building search

Named pipe – This option connects the virtual serial port to a Windows named pipe on the host operating system or a computer on the network. A named pipe is a portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other.

To install Read-only DC (RODC) the functional level has to be Win 2003 or higher.

Win server 2012 R2 DC may participate in max ONE AD domain at one time.

Performance Counters are under Server Manager, and when started can be set to collect and display data regarding processor usage, memory usage, amongst many other resources like disk-related and security related data, that can be monitored.

Posted in Windows | Tagged , , | Comments Off on Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 4

Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 3

Predhodna dva dela : post1, post2, i deo vezan za mreže : post3.

COM port of VM : Named pipe – This option connects the virtual serial port to a Windows named pipe on the host operating system or a computer on the network. A named pipe is a portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other. The second process can be local (on the same computer as the first) or remote (on a networked computer). Named pipes can be used to connect to a virtual machine by configuring COM 1.

DHCP
Scope – a contiguous range of addresses. You cannot change the subnet mask of a DHCP scope without deleting the scope and recreating it with the new subnet mask.
Exclusion – address that you do not want to participate in a DHCP
Reservation – when a client should always get the same IP address
Filter – In order to control which clients can be allowed on a subnet, an administrator can constrain the DHCP server to providing IP addresses to a specific set of known clients

NIC teaming – part of the WIN 2012 Hyper-V, it is the ability to operate multiple NICs as a single interface from the perspective of the system.

Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory Domain Services (AD DS).

WIN 2012 R2 installations
Win Server 2012 R2 Foundation – 15 users, no virtualization
Win Server 2012 R2 Essentials – 25 users, 50 devices, no virtualization
Win Server 2012 R2 Standard – 2 VMs
Win Server 2012 R2 Datacenter – high virtualization, cloud environment

Performance Monitor is a simple yet powerful visualization tool for viewing performance data, both in real time and from log files. With it, you can examine performance data in a graph, histogram, or report. You can also use Performance Monitor to view real-time performance data on a remote computer.
Membership in the target computer’s Performance Log Users group, or equivalent, is the minimum required to complete this procedure.

Hyper-V and vswitches
External – VMs can access the physical network
Internal – VMs can communicate with each other and the host
Private – VMs can communicate ONLY with each other
* Network Load Balancing (NLB) cluster on VMs needs enabled MAC spoofing on guests (VMs).
* Resource Metering is a feature that allows customers to create cost-effective, usage-based billing solutions.
To create a VHD file (virtual hard disk) you use “Computer Management” option. VHD is a HDD image file format, virtual disk is a device that doesn’t exist physically, so an emulated (or virtualised) HDD, CD-ROM or something like that.
* Resource controls provide you with several ways to control the way that Hyper-V allocates resources to virtual machine. Resource control in used in the event where you need to adjust the computing resources of a virtual machine, you can reconfigure the resources to meet the changing needs. You can also specify resource controls to automate how resources are allocated to virtual machines.
* Virtual machine checkpoints (formerly known as VM snapshots) capture the state, data, and hardware configuration of a running virtual machine. If the virtual machine has no checkpoints, you can change where these checkpoint files are stored (if there are already several snapshots in existence, you will need to delete them first because you will not be able to change the location of the snapshot file while there is an existing snapshot). Do not expand a virtual hard disk when it is used in a virtual machine that has checkpoints. Doing so will make the checkpoints unusable. To change a VMs checkpoint location, said VM must be powered down.
* Integration Services settings on virtual machines includes services such as operating system shutdown, time synchronization, data exchange, Heart beat, and Backup
* There are three kinds of physical disks that you can attach to a virtual machine in Windows Server 2012 Hyper-V : Passthrough disks, iSCSI disks, or Fibre Channel disks.
* When changing the location of a VM snapshots you must delete the existing snapshots, and than modify the settings for the VM.

PXE – preboot execution environment, remote WIN installation that requires a PXE-enabled client (witha PXE network adapter) and must be a WDS client (WIN deployment services). Configure the BIOS of the computer to enable PXE boot, and set the boot order so that it is booting from the network is first. It needs a “Legacy Network Adapter”.

Razno
* To be able to fully manage remote servers that run Windows Server 2008 or the R2 Service Pack 1 operating system, you should install the .NET Framework 4 on Server2 first followed by the Windows Management Framework 3.0.
* SAM account name – sAMAccountName — a logon name that supports previous version of Windows.
* From the properties of User1, select Store password using reversible encryption – which is for applications that require user pass for authentication. Storing encrypted passwords in a way that irreversible means that the encrypted passwords can be decrypted.
* Skener spada (za upravljanje) pod “Print and Document Services”
* Windows® Identity Foundation (WIF) is a framework for building identity-aware applications. Starting with the .NET Framework 4.5, WIF has been fully integrated into the .NET Framework.

Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Win Server 2012 (R2), Win Server 2008 (R2) from a computer that is running Win 10, Win 8.1, Win 8, Win Vista, or Win 7.
Remote management of WIN 2008 from WIN 2012 through Server Manager neccecetates a WIN Management Framework 3.0 and Microsoft .NET Framework 4 on WIN 2008 server.

In registry  the LocalAccountTokenFilterPolicy setting affects how administrator credentials are applied to remotely administer the computer.

Group Policy does NOT APPLY TO SECURITY GROUPS, only users and computers in an OU.

AppLocker uses the Application Identity service (AppIDSvc) for rule enforcement. For AppLocker rules to be enforced, this service must be set to start automatically in the GPO. AppLocker policies take precedence over policies generated by SRP (software restriction policies) on computers that are running an operating system that supports AppLocker.

When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested.

All outbound ports are allowed by default.

Posted in Windows | Tagged , , , | Comments Off on Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 3

Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 2

Za prvi deo crtica, videti moj raniji post, za crtice vezane za mrežu videti moj post ovde.

Non-Uniform Memory Access (NUMA) is a computer system architecture that is used with multiprocessor designs in which some regions of memory have greater access latencies. For large multiprocessor systems, this arrangement results in less contention for memory and increased system performance. Windows Server 2012 introduced support for projecting a virtual NUMA topology into Hyper-V virtual machines.

VM-Chimney (TCP Offload) allows the CPU workload associated with TCP/IP traffic to be offloaded to the physical NIC, reducing processor usage and increasing network performance.

Single root input/output virtualization or SR-IOV is a network interface that allows the isolation of the PCI Express resources for manageability and performance reasons. A single physical PCI Express can be shared on a virtual environment using the SR-IOV specification. It is not possible to change a “non SR-IOV mode” external virtual switch into an “SR-IOV mode” switch. The choice must be made at a switch creation time. Thus you should first delete the existing virtual switch and then recreate it. You cannot change the type of vswitch from external to private when SR-IOV is enabled at vswitch creation ->you need to recreate the vswitch.
Single-root I/O virtualization -capable network adapters can be assigned directly to a virtual machine to maximize network throughput while minimizing network latency and the CPU overhead required for processing network traffic.

File system types :
* FAT(16) – File Allocation Table, nije više u upotrebi
* FAT32 – is the version of FAT, 32 bits allocation table, partition up to 32GB, file up to 4GB, this file system type does not allow permissions
* NFS – network file system
* NTFS – New Technology File System, do 256TB, file size up to 16TB (preferred for servers), allows permissions, has SIDs, disk quotas, file system encryption, RAID, dynamic volumes, folder and file level security
* ReFS – Resilient/Robust File System, from WIN 2012, automatic integrity checking and data scrubbing, has SIDs, allows permissions, protection against data degradation, built-in handling of hard disk drive failure and redundancy, integration of the RAID functionality (preferred for servers). Supports dynamic volumes and folder and file level security.
ReFS does not include support for NFS features such as file compression, Encrypted File System (EFS), and disk quotas. ReFS disks also cannot be read by any operating systems older than Windows Server 2012 and Windows 8.

CLI commands :
* dism.exe – Deployment Image Servicing and Management can be used to service a Windows® image or to prepare a Windows Preinstallation Environment (Windows PE) image. Image must be mounted before enabling any features in it.
You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD. DISM commands are used on offline images, but subsets of the DISM commands are also available for servicing a running operating system.
* imagex.exe – enables original equipment manufacturers (OEMs) and corporations to capture, to modify, and to apply file-based disk images for rapid deployment.
* set-item – Changes the value of an item to the value specified in the command.
* Running systempropertiesremote.exe takes you straight to the Remote tab of the system properties.
* slmgr.exe – How to Use Slmgr to Change, Remove, or Extend Your Windows License (switch /ipk is to change your product key)
* ldifde – Creates, modifies, and deletes directory objects
* csvde – Imports and exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format.
* dsadd – Adds a single computer/contact/group/OU/user/quota to the directory.
* net user – Adds or modifies user accounts, or displays user account information. A switch team must have a name for the team and must be created with one or more members, or network adapters.
* dsquery – Queries the directory by using search criteria that you specify. Each of the dsquery commands finds objects of a specific object type
* dism – Deployment Image Servicing and Management (DISM) is a command-line tool that is used to mount and service Windows® images before deployment (“-o” – Specifies the format that dsquery uses to display the search results;
* djoin – command used to join a PC to a domain, when no DC is in reach.
* Winrs.exe – This command line tool enables administrators to remotely execute most Cmd.exe commands using the WS-Management protocol.
* Redircmp.exe – Redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in CN=Computers.
* sc.exe retrieves and sets control information about services, config parameter sets which user the service is running under
* netsh – command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a currently running computer
* sconfig.exe – In Windows Server 2012, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool.
* dcpromo.exe – Installs and removes Active Directory Domain Services (AD DS).
* Dsadd user “user name” – to add new user
* Netdom renamecomputer %computername% /newname: – rename a computer, netdom komanda služi i za učlanjivanje servera u domen
* route.exe – Displays and modifies the entries in the local IP routing table.
To add a persistent route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type : route -p add 10.41.0.0 mask 255.255.0.0 10.27.0.1
* SLMgr.exe – allows users to query the current installation and see details about Windows installation and its activation and licensing status. /ipk XXXXX – Attempts to install a 5×5 product key.

*****
PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination. Port mirroring allows the network traffic of a virtual machine to be monitored by copying the traffic and forwarding it to another virtual machine that is configured for monitoring.
If set to Source, a copy of every network packet it sends or receives is forwarded to a virtual network adapter configured to receive the packets.
If set to Destination, it receives copied packets from the source virtual network adapter.

For NLB to be configured you need to enable MAC address spoofing. In Hyper-V, the VM host prevents dynamic MAC address updates as an extra layer of security in the datacenter.   We need to make sure that one VM cannot cause a DOS or information disclosure attack against another VM.  If a VM is able to spoof its MAC address, then it can spoof the MAC addresses of other VMs and impact other VMs on that host.  The physical switches have similar protections and it is up to the admin to enable that protection or not. If you do not enable spoofing of MAC address prior to configuring NLB on the VM you could potentially have problems with the NLB cluster.
*****
Printer
Windows spools print jobs by default to the following directory as they are processed :
%SystemRoot%\SYSTEM32\SPOOL\PRINTERS.
You can view printer objects in Active Directory by clicking Users, Groups, and Computers.
When a printer pool is created, all the printing tasks are equally distributed among all the participating printers on round-robin basis. All the participating printers must be from the same manufacturer and of the same model.
Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue.
By default, all printers assign the Allow Print permission to the Everyone (by default Everyone can print).
To configure different levels/rights/priorities/times of access to a printer device, create multiple printers and associate them with the same printer device.
When you configure a GPO to deploy a printer, all users or computers in that domain, site, or OU receive the printer connection by default when they log on.
* To use Group Policy for printer deployment you will need to have a Windows Active Directory domain
* Advanced tab will give you access to the scheduling where you can configure the availability  or scheduling of the printer.

In Windows Server 2012 (R2), remote management is enabled by default. You must be a member of the Administrators group on computers that you want to manage by using Server Manager.
Remote management of Win 2008/2012 server from WIN 2012 Server Manager :
1) Configure-SMRemoting.exe –Enable
1a) To enable Server Manager and Windows PowerShell remote management on older operating systems (2008 & 2008 R2) : Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
2) Configure-SMRemoting.ps1 -force –enable

Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs), based on attributes of the target computer.
WinRM enables you to manage a computer from a remote location using tools based on Windows Management Instrumentation (WMI) and Windows PowerShell.

Managed settings (policy) are the configuration settings that the organization considers mandatory and that must be strictly enforced.
Unmanaged settings (preference) are the configuration settings that the organization does not consider mandatory but might consider recommended or advisable. A preference can be applied only once if desired; policies are always periodically refreshed.

User Group Policy loopback processing mode – Applies alternate user policies when a user logs on to a computer affected by this policy.
This policy directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this policy. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user policy based on the computer that is being used.

Different default groups :
* Local Administrators – Members of this group have full control of the computer. The Administrator account is a default member of this group. When a computer is joined to a domain, the Domain Admins group is added to this group automatically.
* Domain Admins – automatically added to “Local administrators” group.

Access-based enumeration displays only the files and folders that a user has permissions to access. You can enable it by using Share and Storage Management.

Desired state configuration (DSC) is a management platform in PowerShell that enables you to manage your IT and development infrastructure with configuration as code. It is used for configuration, deployment, and management of systems.

Root hints can be viewd in a cache.dns file.

Posted in Windows | Tagged , , , | Comments Off on Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 2

Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 1

Domain Controller roles :
Ili FSMO roles (Flexible Single Master Operation), mogu se preneti na bilo koj DC u domenu.
* Schema master – DC responsible for performing updates to the directory schema
* Domain naming master – This DC is the only one that can add or remove a domain from the directory
* RID master – the single DC responsible for processing RID Pool requests from all DCs within a given domain. RID – relative ID vezan za dati server, i svaki server ima dozvoljenu količinu RID-ova. Kada mu ponestane, traži još od RID master DC servera.
* PDC emulator – necessary to synchronize time in an enterprise. The PDC emulator of a domain is authoritative for the domain. Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
Account lockout is processed on the PDC emulator. At any time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
* Infrastructure master – DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC).

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
The global catalog is built and updated automatically by the AD DS replication system.

Security groups
Groups are characterized by a scope that identifies the extent to which the group is applied in the domain tree or forest. The following three group scopes are defined by AD :
* Universal – scope is all the domains in a AD forest
* Global – scope is a single domain
* Domain Local – assign permissions to LOCAL resources.

Neki cmdlets koji se često javljaju u pitanjima :
* Add-AdPrincipalGroupMembership – Adds a member to one or more Active Directory groups, adds a user, group, service account, or computer as a new member to one or more Active Directory groups.
* Install-AddsDomainController – Installs a domain controller in Active Directory
* Install WindowsFeature – Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2.
* Install AddsDomain – Installs a new Active Directory domain configuration.
* Rename-AdObject – Changes the name of an Active Directory object
* Set-AdAccountControl – Modifies user account control (UAC) values for an Active Directory account (user or computer), used to stop user from changing password
* Set-AdGroup – Modifies an Active Directory group properties, may be used to change SAM name of a group, or users who can manage this AD group.
* Set-User – on Exchange 2016, modify user attributes
* Add-NetLbfoTeamMember – Specifies if an account is enabled, Adds a new member (network adapter) to a specified NIC team.
* Send-SmigServerData – Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000. The destination server must be in the same subnet as the source server, and the cmdlet Receive-SmigServerData must be run on the destination server at the same time Send-SmigServerData is running on the source server.
* Add-AppxProvisionedPackage – Adds an app package (.appx) that will install for each new user to a Windows image.
* The Add-DhcpServerv6Reservation cmdlet reserves a specified IPv6 address for the client identified by the specified Dynamic Host Configuration Protocol (DHCP) v6 unique identifier (ID) (DUID) and identity association ID (IAID).
* The Remove-ADComputer cmdlet removes an Active Directory computer.
* Get-ADComputer – (LastLogon) daje podatke o restartu mašine u domenu
* Uninstall-addsdomaincontroller–forceremoval – removal of a DC
* To manage NIC teaming with Windows PowerShell, you use the cmdlets in the NetLbfoTeam module
* Set-AppLockerPolicy – Sets the AppLocker policy for the specified Group Policy object (GPO). When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO.
* Enable-PSRemoting – Configures the computer to receive remote commands.
* Enable-PSSessionConfiguration cmdlet enables registered session configurations that have been disabled
* New-NetSwitchTeam – Creates a new switch team.
* Set-VMNetworkAdapter – Configures features of the virtual network adapter in a virtual machine or the management operating system.
* Install-ADDSDomainController – Installs a domain controller in Active Directory.
* Install-ADDSDomain – Installs a new Active Directory domain configuration.
* Install-ADDSForest – Installs a new Active Directory forest configuration.
* Install-WindowsFeature – Installs one or more Windows Server roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2
* Set-Disk – Takes a Disk object or unique disk identifiers and a set of attributes, and updates the physical disk on the system.
* Remove-WindowsFeature ServerGui-Shell – When you uninstall “Server-GUI-Shell” you are left WITHOUNT File Explorer and IE10, but WITH MMC and Server Manager work.
* Add-DhcpServerv6Reservation – reserves a specified IPv6 address for the client identified by the DHCPv6 unique identifier and a DHCPv6 identity association ID.
* Set-VMNetworkAdapter – Configures features of the virtual network adapter in a virtual machine or the management operating system.
* Set-ExecutionPolicy – Changes the user preference for the Windows PowerShell execution policy.
* Dsget user – Displays the properties of a user in the directory. There are two variations of this command. The first variation displays the properties of multiple users. The second variation displays the group membership information of a single user.
* Set-DnsServerGlobalQueryBlockList – changes settings of a global query block list on a DNS server. If you need the DNS server to resolve names such as ISATAP (Intra-site Automatic Tunnel Addressing Protocol) and WPAD (Web Proxy Automatic Discovery Protocol), remove these names from the list.
* Set-DnsClientServerAddress – sets one or more IP addresses for DNS servers associated with an interface
* Start-DscConfiguration – applies (DSC) configuration to nodes (DSC – desired state configuration)

Hyper-V
* Virtual machine checkpoints (formerly known as virtual machine snapshots) capture the state, data, and hardware configuration of a running virtual machine. If the virtual machine has no checkpoints, you can change where these checkpoint files are stored. Do not expand a virtual hard disk when it is used in a virtual machine that has checkpoints. Doing so will make the checkpoints unusable. To change a VMs checkpoint location, said VM must be powered down.

* Integration Services settings on virtual machines includes services such as operating system shutdown, time synchronization, data exchange, Heart beat, and Backup

Disks
Storage pools – A collection of physical disks that enable you to aggregate disks, expand capacity in a flexible manner, and delegate administration. Storage Pools use unallocated space. Disk removal is ONLY possible all data from it has already been evicted (to other disks in the pool).
Storage spaces – Virtual disks created from free space in a storage pool. Storage spaces have such attributes as resiliency level, storage tiers, fixed provisioning, and precise administrative control. The fault tolerance built into Storage Spaces is provided at the disk level, not at the volume level.
* All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. This can be considered the default pool for devices from which any other pools will be created.

* There are three kinds of physical disks that you can attach to a virtual machine in Windows Server 2012 Hyper-V: Passthrough disks, iSCSI disks, or Fibre Channel disks.

* A storage space with three-way mirroring can tolerate two disk failures but requires a minimum of five disks.

Virtual hard disks are stored as .vhd or .vhdx files and created using “Computer Management”.
Diskpart is a CLI for creating virtual hard discs.
VHD : The original and more compatible format, which supports files up to 2,040 GB.
VHDX : A new version of the format that supports files up to 64 TB, but can be read only by computers running Windows Server 2012 and Windows 8.

Virtual hard disk type options :
Fixed size allocates all disk space for the VHD file at once.
* Thin provisioning (Dynamically expanding) – The system allocates space from the storage pool to the disk as needed, up to the maximum specified size. No space is actually used until data is stored on a volume on the virtual disk, and the amount of space used will grow or shrink as data is written to or deleted from the disk. Enabled by default in Windows Server 2012, thin provisioned Storage Space does not support being clustered.
* A storage space with three-way mirroring can tolerate two disk failures but requires a minimum of five disks.
* The pass-through disk is a physical disk that is connected directly to the VM, and is exlusively used by this VM. It is the fastest disk for a VM. To ensure the Guest has exclusive access to the storage, it must be placed in an “Offline” state from the Hyper-V server perspective. This raw piece of storage is not limited in size.

Disk types/configurations :
Basic disks – have partitions (primary and extended), supports MBR and GPT, must be NTFS file system
Dynamic disks – enhanced disk type, support RAID, have volumes (which may be on multiple disks), supports MBR and GPT, dynamic disks are not generally used to contain system boot volumes, only on Win 2000 and newer.
Changing between a basic/fixed and dynamic disk type does not alter the size of a snapshot much at all. However, since a snapshot is a record of a VMs state at the exact time that the snapshot was taken, shutting down the VM before taking the snapshot prevents the snapshot from having to contain all of the data in RAM.

Disk initialization/partition style :
MBR – the self-database is contained in the last 1 megabyte (MB) of the disk, up to 4 partitions (or 3primary + 1extended) and 2TB in size
GPT – the self-database is contained in a 1-MB redundant primary and backup partition tables, partitions may be larger than 2TB, up to 128 partitions (WIN 2012 limit), do 18EB, Sa njega se ne može boot-ovati OS (sem ako nije EFI).

Disk summary :

DNS
006 DNS servers option – IP Address of your DNS Server, e.g, 10.10.10.1
015 DNS Domain Name – Specifies the connection-specific DNS domain suffix to be used by the DHCP client.
119 DNS Domain Name – that is for example test.local (your AD domain name)

Posted in Windows | Tagged , , | Comments Off on Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 1

Kako kupiti A+ VCE od Microsoft-a

Kada ste u Srbiji, nije jednostavno kupiti nešto od Microsoft-a.
U mom slučaju je u pitanju A+ VCE program.
Šta vam sve treba za isti :
* Microsoft nalog
* Validni način plaćanja (PayPal, kredinta kartica za plaćanje preko Interneta…..) koji unesete pod svoj Microsoft nalog
* WIN 10 mašina (zahtev softvera, i to je ono što sam ja odabrala) ili Android
* Validna licenca za WIN 10
* Pravilno podešen WIN 10 :
Kroz Control Panel/ Regional and Language settings podesiti vremensku zonu i OBAVEZNO zemlju u kojoj ste (ako ovo ne podesite stalno će vam tražiti novi način plaćanja, iako ste ga uneli u svoj Microsoft nalog).

I onda kupite A+ VCE kroz opciju za kupovinu licence unutar samog programa, koji obavezno spustite kroz Microsoft Srbija Prodavnicu!

Posted in Windows | Tagged , , | Comments Off on Kako kupiti A+ VCE od Microsoft-a

WMI servis na Win serveru 2008

SCOM je javio probleme sa WMI servisom.
WMI=Windows Management Instrumentation.
Probala sam restart kroz Server Manager/Services, ali se servis zaglavio “ni na nebu ni na zemlji”.
1) Restart iz CLI-a :
(kao admin) :
>net stop winmgmt
2) Ako to ne fukcioniše, naći PID procesa, i pokušati kill :
C:\Users\velda>sc queryex winmgmt
SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 3 STOP_PENDING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x1
WAIT_HINT : 0x7530
PID : 248
FLAGS :
C:\Users\velda>taskkill /f /pid 248
ERROR: Server execution failed
3) Pošto je i to propalo, iz wmi konzole :
C:\Users\velda>wmic
wmic:root\cli>list status winmgmt
ERROR:
Code = 0x80080005
Description = Server execution failed
Facility = Windows

Zaključak : WMI je u totalno izgubljenom stanju, i treba resetovati ceo server, kada nema korisnika na njemu.
Linkovi : link1, link2, i ODLIČAN link3.

Posted in Windows | Tagged , | Comments Off on WMI servis na Win serveru 2008

IPv4 + IPv6 mreže i MCSA 70-410

Imam malo problem sa ovim, pa mi je lakše da stavim par crtica u vezi sa ovom temom.
IPv4
4x8bita
Moguće mreže :
A – prvi oktet : 1-126, CIDR notacija : /8
B – prvi oktet : 128-191, CIDR notacija : /16
C – prvi oktet : 192-223, CIDR notacija : /24
D – prvi oktet : 224-239, CIDR notacija : N/A
E – prvi oktet : 240-254, CIDR notacija : N/A

Mogući broj podmreža : 2(exp)s, gde je s=broj bitova odvojen za podmrežu
Mogući broj hostova/nodova u mreži : 2(exp)h-2, gde je h=broj bitova odvojen za host deo mreže

Pripomoć pri računanju bitova :
2(exp)7 2(exp)6 2(exp)5 2(exp)4 2(exp)3 2(exp)2 2(exp)1 2(exp)0
128——64——-32——-16———8———-4———2———1

Privatne mreže :
A – 10.0.0.0/8
B – 172.16.0.0/12
C – 192.168.0.0/16

IPv6
Kako izgleda raspored bita u IPv6 adresi :

8x16bita=128bita, ili
8x4hexadecimal digits (hex numbers are not case sensitive)
Napomene :
You can have only one double-colon notation within any IPv6 address.
IPv6 addresses do not employ subnet masks, but rather use the same CIDR notation used with IPv4.
::1 je pandan za 127.0.0.1 = loopback
Unicast 6to4 addresses – 2002::/16
Multicast adrese uvek počinju sa ff00::/8
:: is a unspecified address (0.0.0.0 u IPv4)
When you see the 5efe block within an IPv6 address, this identifies the address as being an ISATAP address.
64 last address bits should always be reserved for host address (necessary for auto configuration). The rest is used for network and (if necessary) subnetting.

IPv6 address scope :
Global unicast – 2000::/3 – globaly routable addresses
Link-local – fe80::/64 – nonroutable addresses (exist inside of the subnet)
Site-local address – fc00::/7 – internaly routable addresses

Tipovi adresa :
*Unicast – packets addressed to this type of address are to be delivered to a single network interface.
By default, all unicast addresses are divided into a 64-bit network component and a 64-bit host component.
*Multicast – Represents multiple interfaces to which packets are delivered to all network interfaces identified by the address. Multicast addresses have the first eight bits set to 1s, so they begin with ff .
*Anycast – represents multiple interfaces. Anycast packets are delivered to a single network interface that represents the nearest (in terms of routing hops) interface identified by the address.

IPv4 to/from IPv6
Adrese za prelazak sa IPv4 na IPv6 :
*Compatibility addresses – address represented by 0:0:0:0:0:0: w.x.y.z , where w.x.y.z is the IPv4 address in dotted-decimal, or ::ffff:w.x.y.z
*Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) addresses – An ISATAP address utilizes the locally administrative interface identifier ::0:5efe: w.x.y.z , where w.x.y.z is any private unicast IPv4 address, or ::200:5efe: w.x.y.z , where w.x.y.z is a public IPv4 unicast address.
*6to4 addresses – 2002: wwxx:yyzz ::/48 in the case of a public IPv4 address w.x.y.z
*Teredo addresses

Network notes
You cannot change the subnet mask of a DHCP scope without deleting the scope and recreating it with the new subnet mask.
You can verify SRV locator resource records by viewing Netlogon.dns.
Edge traversal allows the computer to accept unsolicited inbound packets that have passed through an edge device, such as a network address translation (NAT) router or firewall.
The legacy network adapters do not support bandwidth management.
When the DHCP role is installed, the firewall rules are automatically added.
If its own IP address is not in the list of authorized DHCP servers (“Allow” filter list) , the DHCP Server service does not complete its startup sequence and automatically shuts down.
netsh.exe is used to configure IPv4 from CLI.
Virtual switches may be :
* External – VMs may access the physical network
* Internal – VMs can access each other and host machine, but NOT the physical network
* Private – VMs can access each other but NOT the host machine or physical network

Posted in Windows | Tagged , , , , | Comments Off on IPv4 + IPv6 mreže i MCSA 70-410

PATH variabla pod Win 7

Kako promeniti PATH variablu?
U ovom slučaju, kako dodati Java HOME u PATH variablu :
0. Pronaći gde je Java home, u mom slučaju to je u : C:\Program Files (x86)\Java\jdk1.6.0_29\bin
1. Right click on My Computer on desktop (ili kroz Start dugmence)
2. Select Properties
3. Select Advanced System Settings
4. Select Advanced tab
5. Select Environment Variables
6. Select Path under System Variables
7 .Click on Edit button
8. In Variable value editor paste this at the start of the line
C:\Program Files (x86)\Java\jdk1.6.0_29\bin;
(Da, MORA tačka zarez na kraju!!!)
9. Click Ok then Ok again
10. Restart command prompt otherwise it won’t see the change to the path variable
11. Type java -version in command prompt – tu bi trebalo da se pojavi izlaz za verziju JAVA-e na lokalnoj mašini.

Dobar link.

Posted in Windows | Tagged , , | Comments Off on PATH variabla pod Win 7