Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 3

Predhodna dva dela : post1, post2, i deo vezan za mreže : post3.

COM port of VM : Named pipe – This option connects the virtual serial port to a Windows named pipe on the host operating system or a computer on the network. A named pipe is a portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other. The second process can be local (on the same computer as the first) or remote (on a networked computer). Named pipes can be used to connect to a virtual machine by configuring COM 1.

Scope – a contiguous range of addresses. You cannot change the subnet mask of a DHCP scope without deleting the scope and recreating it with the new subnet mask.
Exclusion – address that you do not want to participate in a DHCP
Reservation – when a client should always get the same IP address
Filter – In order to control which clients can be allowed on a subnet, an administrator can constrain the DHCP server to providing IP addresses to a specific set of known clients

NIC teaming – part of the WIN 2012 Hyper-V, it is the ability to operate multiple NICs as a single interface from the perspective of the system.

Active Directory Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory Domain Services (AD DS).

WIN 2012 R2 installations
Win Server 2012 R2 Foundation – 15 users, no virtualization
Win Server 2012 R2 Essentials – 25 users, 50 devices, no virtualization
Win Server 2012 R2 Standard – 2 VMs
Win Server 2012 R2 Datacenter – high virtualization, cloud environment

Performance Monitor is a simple yet powerful visualization tool for viewing performance data, both in real time and from log files. With it, you can examine performance data in a graph, histogram, or report. You can also use Performance Monitor to view real-time performance data on a remote computer.
Membership in the target computer’s Performance Log Users group, or equivalent, is the minimum required to complete this procedure.

Hyper-V and vswitches
External – VMs can access the physical network
Internal – VMs can communicate with each other and the host
Private – VMs can communicate ONLY with each other
* Network Load Balancing (NLB) cluster on VMs needs enabled MAC spoofing on guests (VMs).
* Resource Metering is a feature that allows customers to create cost-effective, usage-based billing solutions.
To create a VHD file (virtual hard disk) you use “Computer Management” option. VHD is a HDD image file format, virtual disk is a device that doesn’t exist physically, so an emulated (or virtualised) HDD, CD-ROM or something like that.
* Resource controls provide you with several ways to control the way that Hyper-V allocates resources to virtual machine. Resource control in used in the event where you need to adjust the computing resources of a virtual machine, you can reconfigure the resources to meet the changing needs. You can also specify resource controls to automate how resources are allocated to virtual machines.
* Virtual machine checkpoints (formerly known as VM snapshots) capture the state, data, and hardware configuration of a running virtual machine. If the virtual machine has no checkpoints, you can change where these checkpoint files are stored (if there are already several snapshots in existence, you will need to delete them first because you will not be able to change the location of the snapshot file while there is an existing snapshot). Do not expand a virtual hard disk when it is used in a virtual machine that has checkpoints. Doing so will make the checkpoints unusable. To change a VMs checkpoint location, said VM must be powered down.
* Integration Services settings on virtual machines includes services such as operating system shutdown, time synchronization, data exchange, Heart beat, and Backup
* There are three kinds of physical disks that you can attach to a virtual machine in Windows Server 2012 Hyper-V : Passthrough disks, iSCSI disks, or Fibre Channel disks.
* When changing the location of a VM snapshots you must delete the existing snapshots, and than modify the settings for the VM.

PXE – preboot execution environment, remote WIN installation that requires a PXE-enabled client (witha PXE network adapter) and must be a WDS client (WIN deployment services). Configure the BIOS of the computer to enable PXE boot, and set the boot order so that it is booting from the network is first. It needs a “Legacy Network Adapter”.

* To be able to fully manage remote servers that run Windows Server 2008 or the R2 Service Pack 1 operating system, you should install the .NET Framework 4 on Server2 first followed by the Windows Management Framework 3.0.
* SAM account name – sAMAccountName — a logon name that supports previous version of Windows.
* From the properties of User1, select Store password using reversible encryption – which is for applications that require user pass for authentication. Storing encrypted passwords in a way that irreversible means that the encrypted passwords can be decrypted.
* Skener spada (za upravljanje) pod “Print and Document Services”
* Windows® Identity Foundation (WIF) is a framework for building identity-aware applications. Starting with the .NET Framework 4.5, WIF has been fully integrated into the .NET Framework.

Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Win Server 2012 (R2), Win Server 2008 (R2) from a computer that is running Win 10, Win 8.1, Win 8, Win Vista, or Win 7.
Remote management of WIN 2008 from WIN 2012 through Server Manager neccecetates a WIN Management Framework 3.0 and Microsoft .NET Framework 4 on WIN 2008 server.

In registry  the LocalAccountTokenFilterPolicy setting affects how administrator credentials are applied to remotely administer the computer.

Group Policy does NOT APPLY TO SECURITY GROUPS, only users and computers in an OU.

AppLocker uses the Application Identity service (AppIDSvc) for rule enforcement. For AppLocker rules to be enforced, this service must be set to start automatically in the GPO. AppLocker policies take precedence over policies generated by SRP (software restriction policies) on computers that are running an operating system that supports AppLocker.

When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested.

All outbound ports are allowed by default.