Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 4

First three bytes of every MAC address range usable in the Virtual Switch Manager : 00-15-5D.
Two types of user accounts in Windows Server 2012 : Local Users and Domain Users.
Windows Server 2012 does NOT allow Remote Desktop connections by default.

Windows Server 2012 supports 64 Volume Shadow Copies. Volume Shadow Copies is a Windows Server 2012 feature that enables you to maintain previous versions of files on a server, so that if users accidentally delete or overwrite a file, they can access a copy. You can implement shadow copies only for an entire volume; you
cannot select specific shares, folders, or files.

File Shares may be :
* NFS (network file system) – used by Unix/Linux, needs “Server for NFS” role
* SMB (server message blocks) share – typical for Windows, needs “File Server” role
To manage folder quotas, you must use the File Server Resource Manager (FSRM) Microsoft Management Console (MMC) snap-in.
Share options :
* Enable access-based enumeration prevents users from seeing files and folders they
do not have permission to access.
• Allow caching of share enables offline users to access the contents of the share.
• Enable BranchCache on the file share enables BranchCache servers to cache fi les
accessed from this share.
• Encrypt data access causes the server to encrypt remote file access to this share.

There are 3 group scopes in AD.
AD has 4 partitions : configuration, schema, domain, applications.
AD sadržaj/NTFS resursi se ne repliciraju na DC-ove/objekte van njihovog domena, bez obzira na trust između domena u forest-u.

Cloneable Domain Controllers group (in the Users container). Membership in this group dictates whether a DC can or cannot be cloned.

In Winsxs directory windows stores all of the operating system modules for later install.

Redosled pri kreiranju novog diska :
createvdisk file=”C:\vdisks\disk1.vhd” maximum=16000
attachvdisk
create partition primary
assign letter=g
format

Ako se kriptovan fajl iskopira na fajl sistem FAT ili FAT32, on gubi enkripciju.

Windows Server 2012 supports two types of folder shares :
• Server Message Blocks (SMB) is the standard file-sharing protocol used by all versions of Windows.
• Network File System (NFS) is the standard file-sharing protocol used by most UNIX and Linux distributions.
For network users to be able to see the shares you create on the file server, you must make sure that the Network Discovery and File Sharing settings are turned on in the Network and Sharing Center control panel.

To be able to fully manage remote servers that run Windows Server 2008 (R2 SP 1) operating system, you should install the .NET Framework 4 first followed by the Windows Management Framework 3.0 on them!
Windows Remote Management (WinRM) is enabled by default on Windows Server 2012 (R2), which is not the case in earlier server versions!

When the DHCP role is installed, it appears that the firewall rules are automatically added.

Permissions
In all Windows operating systems, permissions are stored as part of the protected element, not the security principal granted access.
* Allow permissions are cumulative
* Deny permissions override Allow permissions
* Explicit permissions take precedence over inherited permissions
* Share permissions do not combine like NTFS permissions. NTFS and share permission systems are completely separate from each other, and that for network users to access fi les on a shared NTFS drive, they must have both the correct NTFS and the correct share permissions.
*****
Offline Files is a Windows feature that enables client systems to maintain local copies of files they access from server shares.
Configure slow-link mode – Always Offline mode of Offline Files to provide faster access to cached files and redirected folders. Always Offline also provides lower bandwidth usage because users are always working offline, even when they are connected through a high-speed network connection.
*****
The Store password using reversible encryption policy setting provides support for Applications that use protocols that require the user’s password for authentication. Storing encrypted passwords in a way that irreversible means that the encrypted passwords can be decrypted. If you use the Challenge Handshake Authentication Protocol (CHAP) through remote access or Internet Authentication Services (IAS), you must enable this policy setting.

The default execution policy of Windows Server 2012 is RemoteSigned meaning that as long as a valid signature is used on the scripts, they will run. However, the client computers have a default execution policy of restricted meaning that no scripts will run in PowerShell whatsoever.

When edge traversal is enabled, the application, service, or port to which the rule applies is globally addressable and accessible from outside a network address translation (NAT) or edge device.

Security
Main mode negotiation establishes a secure channel between two computers. It can be viewed from : Windows Firewall with Advanced Security/main mode security association. .inf is the windows server 2012 extention in use for security templates.

To configure Server Manager remote management by using Windows PowerShell :
1. On the computer that you want to manage remotely, open a Windows PowerShell session with elevated user rights. To do this, click Start , click All Programs , click Accessories , click Windows PowerShell , right-click the Windows PowerShell shortcut, and then click Run as administrator .
2. In the Windows PowerShell session, type the following, and then press Enter :
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
3. To enable all required firewall rule exceptions :
Configure-SMRemoting.ps1 -force -enable

Active Directory Administrative Center can perform the following AD administrative tasks:
* Create new user accounts or manage existing user accounts
* Create new groups or manage existing groups
* Create new computer accounts or manage existing computer accounts
* Create new organizational units (OUs) and containers or manage existing OUs
* Connect to one or several domains or domain controllers in the same instance of Active Directory Administrative Center, and view or manage the directory information for those domains or domain controllers
* Filter Active Directory data by using query-building search

Named pipe – This option connects the virtual serial port to a Windows named pipe on the host operating system or a computer on the network. A named pipe is a portion of memory that can be used by one process to pass information to another process, so that the output of one is the input of the other.

To install Read-only DC (RODC) the functional level has to be Win 2003 or higher.

Win server 2012 R2 DC may participate in max ONE AD domain at one time.

Performance Counters are under Server Manager, and when started can be set to collect and display data regarding processor usage, memory usage, amongst many other resources like disk-related and security related data, that can be monitored.