Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 2

Za prvi deo crtica, videti moj raniji post, za crtice vezane za mrežu videti moj post ovde.

Non-Uniform Memory Access (NUMA) is a computer system architecture that is used with multiprocessor designs in which some regions of memory have greater access latencies. For large multiprocessor systems, this arrangement results in less contention for memory and increased system performance. Windows Server 2012 introduced support for projecting a virtual NUMA topology into Hyper-V virtual machines.

VM-Chimney (TCP Offload) allows the CPU workload associated with TCP/IP traffic to be offloaded to the physical NIC, reducing processor usage and increasing network performance.

Single root input/output virtualization or SR-IOV is a network interface that allows the isolation of the PCI Express resources for manageability and performance reasons. A single physical PCI Express can be shared on a virtual environment using the SR-IOV specification. It is not possible to change a “non SR-IOV mode” external virtual switch into an “SR-IOV mode” switch. The choice must be made at a switch creation time. Thus you should first delete the existing virtual switch and then recreate it. You cannot change the type of vswitch from external to private when SR-IOV is enabled at vswitch creation ->you need to recreate the vswitch.
Single-root I/O virtualization -capable network adapters can be assigned directly to a virtual machine to maximize network throughput while minimizing network latency and the CPU overhead required for processing network traffic.

File system types :
* FAT(16) – File Allocation Table, nije više u upotrebi
* FAT32 – is the version of FAT, 32 bits allocation table, partition up to 32GB, file up to 4GB, this file system type does not allow permissions
* NFS – network file system
* NTFS – New Technology File System, do 256TB, file size up to 16TB (preferred for servers), allows permissions, has SIDs, disk quotas, file system encryption, RAID, dynamic volumes, folder and file level security
* ReFS – Resilient/Robust File System, from WIN 2012, automatic integrity checking and data scrubbing, has SIDs, allows permissions, protection against data degradation, built-in handling of hard disk drive failure and redundancy, integration of the RAID functionality (preferred for servers). Supports dynamic volumes and folder and file level security.
ReFS does not include support for NFS features such as file compression, Encrypted File System (EFS), and disk quotas. ReFS disks also cannot be read by any operating systems older than Windows Server 2012 and Windows 8.

CLI commands :
* dism.exe – Deployment Image Servicing and Management can be used to service a Windows® image or to prepare a Windows Preinstallation Environment (Windows PE) image. Image must be mounted before enabling any features in it.
You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD. DISM commands are used on offline images, but subsets of the DISM commands are also available for servicing a running operating system.
* imagex.exe – enables original equipment manufacturers (OEMs) and corporations to capture, to modify, and to apply file-based disk images for rapid deployment.
* set-item – Changes the value of an item to the value specified in the command.
* Running systempropertiesremote.exe takes you straight to the Remote tab of the system properties.
* slmgr.exe – How to Use Slmgr to Change, Remove, or Extend Your Windows License (switch /ipk is to change your product key)
* ldifde – Creates, modifies, and deletes directory objects
* csvde – Imports and exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format.
* dsadd – Adds a single computer/contact/group/OU/user/quota to the directory.
* net user – Adds or modifies user accounts, or displays user account information. A switch team must have a name for the team and must be created with one or more members, or network adapters.
* dsquery – Queries the directory by using search criteria that you specify. Each of the dsquery commands finds objects of a specific object type
* dism – Deployment Image Servicing and Management (DISM) is a command-line tool that is used to mount and service Windows® images before deployment (“-o” – Specifies the format that dsquery uses to display the search results;
* djoin – command used to join a PC to a domain, when no DC is in reach.
* Winrs.exe – This command line tool enables administrators to remotely execute most Cmd.exe commands using the WS-Management protocol.
* Redircmp.exe – Redirects the default container for newly created computers to a specified, target organizational unit (OU) so that newly created computer objects are created in the specific target OU instead of in CN=Computers.
* sc.exe retrieves and sets control information about services, config parameter sets which user the service is running under
* netsh – command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a currently running computer
* sconfig.exe – In Windows Server 2012, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool.
* dcpromo.exe – Installs and removes Active Directory Domain Services (AD DS).
* Dsadd user “user name” – to add new user
* Netdom renamecomputer %computername% /newname: – rename a computer, netdom komanda služi i za učlanjivanje servera u domen
* route.exe – Displays and modifies the entries in the local IP routing table.
To add a persistent route to the destination 10.41.0.0 with the subnet mask of 255.255.0.0 and the next hop address of 10.27.0.1, type : route -p add 10.41.0.0 mask 255.255.0.0 10.27.0.1
* SLMgr.exe – allows users to query the current installation and see details about Windows installation and its activation and licensing status. /ipk XXXXX – Attempts to install a 5×5 product key.

*****
PortMirroring specifies the port mirroring mode for the network adapter. This can be set to None, Source, and Destination. Port mirroring allows the network traffic of a virtual machine to be monitored by copying the traffic and forwarding it to another virtual machine that is configured for monitoring.
If set to Source, a copy of every network packet it sends or receives is forwarded to a virtual network adapter configured to receive the packets.
If set to Destination, it receives copied packets from the source virtual network adapter.

For NLB to be configured you need to enable MAC address spoofing. In Hyper-V, the VM host prevents dynamic MAC address updates as an extra layer of security in the datacenter.   We need to make sure that one VM cannot cause a DOS or information disclosure attack against another VM.  If a VM is able to spoof its MAC address, then it can spoof the MAC addresses of other VMs and impact other VMs on that host.  The physical switches have similar protections and it is up to the admin to enable that protection or not. If you do not enable spoofing of MAC address prior to configuring NLB on the VM you could potentially have problems with the NLB cluster.
*****
Printer
Windows spools print jobs by default to the following directory as they are processed :
%SystemRoot%\SYSTEM32\SPOOL\PRINTERS.
You can view printer objects in Active Directory by clicking Users, Groups, and Computers.
When a printer pool is created, all the printing tasks are equally distributed among all the participating printers on round-robin basis. All the participating printers must be from the same manufacturer and of the same model.
Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue.
By default, all printers assign the Allow Print permission to the Everyone (by default Everyone can print).
To configure different levels/rights/priorities/times of access to a printer device, create multiple printers and associate them with the same printer device.
When you configure a GPO to deploy a printer, all users or computers in that domain, site, or OU receive the printer connection by default when they log on.
* To use Group Policy for printer deployment you will need to have a Windows Active Directory domain
* Advanced tab will give you access to the scheduling where you can configure the availability  or scheduling of the printer.

In Windows Server 2012 (R2), remote management is enabled by default. You must be a member of the Administrators group on computers that you want to manage by using Server Manager.
Remote management of Win 2008/2012 server from WIN 2012 Server Manager :
1) Configure-SMRemoting.exe –Enable
1a) To enable Server Manager and Windows PowerShell remote management on older operating systems (2008 & 2008 R2) : Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
2) Configure-SMRemoting.ps1 -force –enable

Windows Management Instrumentation (WMI) filters allow you to dynamically determine the scope of Group Policy objects (GPOs), based on attributes of the target computer.
WinRM enables you to manage a computer from a remote location using tools based on Windows Management Instrumentation (WMI) and Windows PowerShell.

Managed settings (policy) are the configuration settings that the organization considers mandatory and that must be strictly enforced.
Unmanaged settings (preference) are the configuration settings that the organization does not consider mandatory but might consider recommended or advisable. A preference can be applied only once if desired; policies are always periodically refreshed.

User Group Policy loopback processing mode – Applies alternate user policies when a user logs on to a computer affected by this policy.
This policy directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this policy. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user policy based on the computer that is being used.

Different default groups :
* Local Administrators – Members of this group have full control of the computer. The Administrator account is a default member of this group. When a computer is joined to a domain, the Domain Admins group is added to this group automatically.
* Domain Admins – automatically added to “Local administrators” group.

Access-based enumeration displays only the files and folders that a user has permissions to access. You can enable it by using Share and Storage Management.

Desired state configuration (DSC) is a management platform in PowerShell that enables you to manage your IT and development infrastructure with configuration as code. It is used for configuration, deployment, and management of systems.

Root hints can be viewd in a cache.dns file.