|
 | | Links |
|
|
 |
|
Windows Server (2008 / 2003 etc.) |
- Windows Server 2003 SP2
- 238131 - How to Disable Socket Pooling in IIS 5.0
Disable Socket Pooling so that IIS does not listen to all the IP addresses and can allow Apache to coexist with IIS
For IIS 6.0, need to configure HTTP.sys, you must use Httpcfg.exe.
See 813368 - IIS 6.0 Setting Metabase Property DisableSocketPooling Has No Effect
- Compare the Editions of Windows Server 2003
- Windows Server 2003 Administration Tools Pack (adminpak.msi)
- Windows WiFi website
- Tools:
- Windows Server 2003 Resource Kit Tools
- Shared Network Fax Service is standard in Windows Server 2003
- Is SBS 2003 Right for You?
Major differnece between SBS 2003 and Windows Server 2003:
Single domain & must be root, cannot join another non-SBS domain (can join SBS domain?), no Terminal Service (has RDP), minimal domain trust function, cannot allow backup DC but can still have member server
Not for novice!!!
- FAQ for SBS 2003
Include information about Windows Server 2003 for SBS
- Fixing Fax Service Access Denied error at a Windows Server 2003 domain controller
Define a policy (maybe above Default Domain Controller Policy) at Windows Settings/Security Settings/Local Policies/User Rights Assignment
Make sure that the following accounts are enterd into the policy "Generate Security Audits"
SYSTEM, Network Services, Administrators
I think Network Services is most important since Fax Service is running under Network Services account.
- Computer Performance - many technical articles about Windows Server
- Firestreamer-DVD or Firestreamer-DV
Software allow you to use ntbackup to write to DVD discs or DV tapes
- Newsgroup discussion on run a scheduled task in low priority
Append this line before the actual command: C:\Windows\System32\cmd.exe /c start /low
- Qsoft's free RAMDisk driver for Windows 2000/XP/2003
Free version has a limit of 64M
- TechNet: Networking and Access Technologies - Technologies and Solutions
Detail guides on every Microsoft technology!
- Windows Server 2003 default local groups explain in details
- Windows 2003 Server evaluation copy expiration behavior
Use winver.exe to check Evaluation Expiry Date
- Windows Server 2003 media volume labels list
- How to convert your Windows Server 2003... to a Workstation!
- Setting Up Bluetooth in Windows Server 2003
- Install Windows Media Player 11 on Windows Server 2003
- Install Photoshop CS3 to Windows Server 2003
- Install SE PC Suite to Windows Server 2003
Remove LaunchCondition
Remove File, msxml4.dll and msxml4r.dll
- Windows Server 2003 Resource Kit
- Include Command Here inf (right click cmdhere.inf to install), same function as Windows XP Command Here Power Toys
- Windows Server 2008 new features
- Read-Only DC (AD and DFS data)
- Restartable AD Service (No need to go into AD Restore mode)
- net stop ntds (Domain Controller Service)
- Password and account lockout policy no longer bind to domain. Different Password Policy Object can link to user/group
- ADAM (Active Directory Application Mode) renamed to AD LDS and is a build-in feature
- Certification Service
- Support OCSP
- Support Device Enrollment for routers
- RMS
- Terminal Service
- TS Easy Print, no need printer driver at server
- Domain SSO (W2k8 server, Vista client), no need to re-enter password for RDP, allow running RemoteApp directly
- All sessions are now equal. /admin option to replace /console option is only use to connect without consume TS CAL
- TS Web Access not only can start a web-based Remote Connection, but can connect to a RemoteApp only
- TS Gateway (RDP over HTTPS)
- TS Licensing can now Revoke per-Device CAL and use on other users, only 20% CAL can be revoked, until they're expired
- TS Session Broker (replaces TS Session Directory), for user to find right server after disconnect
- Failover Cluster
- Quorum enhancement, no longer single point of failure
- Network Loadbalancing
- NDIS 6.0 driver, IPv6 support, multiple virtual IP support
- Manage all the nodes at a single server
- Win2k8 Compare Technical Features and Specifications
- Windows Server 2008 Beta 3 Step-by-Step Guides
- Windows Server 2008 Technical Library
- Performance Tuning Guidelines for Windows Server 2008
- Study Checklist
- Routing Status in sites
- multiple DC enviornment
- full / partial (OU) recovery / non-authorative recovery / restore to another server
- Restore System State to another server for AD recovery, what is the side effect to existing member server?
- Forest / Domain Function Levels
- Universal Group Caching effects
- Forest Trust with selective authentication
- DACL (discretionary ACL)
- PDC Emulator is only needed if there is Windows NT PDC/BDC?
- Windows 2000 Server SP2 or earlier use only NTLM authentication in AD?
- In a Native or 2003 Mode domain, GC is required for users to logon because it keep Universal Group information. In Mixed Mode, GC is not required for normal user to logon.
In some case, Universal Group Caching may not work if the caching is out-dated.
- Unless there is only 1 DC in the domain / all DC are GC, the Infrastructure Master must not be also a GC else it won't work
- TombstoneLifetime
- Locate at: tombStoneLifetime attribute on: cn=Directory Service, cn=Windows NT, cn=Services, cn=Configuration,
- Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
If a domain controller does not replicate for a period of time that is longer than the tombstone lifetime and the domain controller is then reconnected to the replication topology, objects that were deleted from Active Directory while the domain controller was offline can remain on the domain controller as lingering objects.
If backup restored contain deleted objects but the backup is older than the tombstonelifetime, then deleted objects will get added back to AD because the tombstone objects no longer exist.
- 216993: Useful shelf life of a system-state backup of Active Directory
- Forest Trust could not extend over the neighbour forest
- Use ntdsutil to change the password in AD Restore Mode in a Domain Controller
- Create Active Directory for a server from a backup: dcpromo /adv
Further detail can refer to this article from petri.co.il
- Using Scripts to Delegate Active Directory: Working with Property Sets
- Difference between Local Groups, Global Groups and Universal Groups
Universal Groups are useful in multi-domain enviornment only, as it can contain members from any domains
- TechNet: Best Practice Active Directory Design for Managing Windows Networks
Windows 2000 age, but still useful for multi-site AD planning
- 315131: HOW TO: Use Ntdsutil to Manage Active Directory Files from the Command Line in Windows 2000
- When restore a subtree in ntdsutil Authoritative mode, subject need to specify in: OU=OU Name, DC=domain, DC=lan
- Restore an AD using System State will reset the DSRM password, please confirm the password before restore
- Change DSRM Password
- Win2k and Win2k3 are different
- Win2k use setpwd, if use the wizard to create domain, default DSRM password is empty!
- Win2k3 use: ntdsutil
- It seems cannot change DSRM password inside DSRM mode, need to change when AD is running
- Safe Mode password is NOT same as DSRM password, it is same as the AD administrator password!
- Inside Safe Mode, net user administrator password seems will change the AD administrator password?
- Inside DSRM, it is NOT possible to change the AD administrator password. net user administrator password will change the DSRM administrator password
- Can use Linux ntpasswd to reset the DSRM password, but make sure NTFS is clean (boot into Safe Mode and do a reboot) else it will report "read-only filesystem"
- Domain Rename
- Only possible in 2003 Forest Level and 2003 Domain Level, with all DC using 2003 Server
- Use rendom.exe on 2003 CD ValueAdd directory
- DC Rename
- Run by Domain Admins
- Need 2003 Domain Level
- Use netdom.exe in Support Tools
- Rename with Full Computer Name (FQDN)
- Both old and new names are keep to prevent service interruption, unless remove with the netdom.exe command
- Move object between domains
- Do at RID Master role server
- use movetree.exe
- PDC Emulator special function
- If authentication failed at any DC, will forward request to PDC Emulator
- Infrastructure Master
- Contain latest group membership info
- Should not mix role on a GC
- Active Directory Schema Management
- MMC Snap-in not activated to prevent modify wrongly
- Activate with: regsvr32 schmmgmt.dll
- Add Scap-in: Active Directory Schema
- Change Schema Master role inside this MMC
- Check Sync Status (Show USN number to each sync partner)
repadmin / showutdvec dcname dc=domain,dc=tld
- Find FSMO roles
- Use MMC GUI Tools
- replmon
- ntdom
- ntdsutil
- Seize FSMO with ntdsutil
- ntdsutil
- roles
- connections
- connect to server newdcname
- [quit to roles prompt]
- seize schema / domain naming master / RID master / PDC / infrastructure master
- [quit twice to quit]
- Add additional DC do a domain / new domain
- "An Active Directory domain controller for the domain xxx could not be contacted", although DNS was successfully queried
It is *possible* the AD on the DC is corrupted and require other DC to provide the AD service on LDAP port (tested)
- When add a child domain, must have an account as a Domain Admins of the parent domain (tested, seems even need the Domain Admins of root domain!)
- If DNS server point to the parent's DNS IP, there is no delegation and records created at the parent's DNS server instead!
- If DNS server point to new server's own IP, delegation seems NOT setup automatically at parent domain.
And only the initial AD related records are created at the parent's domain (same as point DNS ip to parent domain's DNS)
The _msdcs subdomain seems created at all the child domain new servers!
- AD Directory Service Logging debugging
- HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics\*, default value = 0, recommend increase value upto 3 for verbose logging
- Relogon to update the Event log with new entries
- Only increase the value on debug purpose, keep normal use at level 0
- Study Checklist
- netsh utility usage
- DHCP Relay Agent
- RFC 1542 compliant router
- Superscope
- Repair button on client do
- broadcast renew instead of unicast renew
- Flush ARP cache (arp -d *)
- Flush NBT cache (nbtstat -R)
- Flush DNS cache (ipconfig /flushdns)
- Register to WINS (nbtstat -RR)
- Register to DNS (ipconfig /registerdns)
- 142042: Description of TCP/IP Node-Type Settings
Describe DHCP 046 option node types when using 044 option WINS Server
- DHCP error 14 is "out of address" error
Also contain a brief list of important points on DHCP, RRAS, RIP
- Reconcile database to fix inconsistency database error
- getmac CLI (Support Tools) to get MAC address of a machine, even on remote subnet (I think need to in a same AD)
- "netsh dhcp show server" display all DHCP servers in AD
- dhcploc CLI (Support Tools) to check for DHCP servers on the network
- Should not set DnsUpdateProxy group assign to a DC, else all records updated by DC has no ownership
Alternative solution maybe specify the account to handle dynamic update in 2003 DHCP or specify the DHCP service account in 2000 SP2
- use jetpack.exe to offline compact database if growth above 30M or report db error
- DHCP manual backup include all data except credential for DNS dynamic update
- TechNet detail on Conflict Detection
- Exclusion has higher priority than Reservation
|
Routing and Remote Access (RAS) |
- By default, the username created for demand-dialin is same as the demand dial interface name for site-to-site connection
- Study Checklist
- Orders and relationship of GPO
- Policy Management in Server 2003 No Override is renamed in GPMC, which is called Enforced
- Group Policy Management Console
Group Policy backup/restore, HTML report for policy
- Group Policy Settings Reference for .adm files included with Windows XP Professional Service Pack 2
Excel spreadsheet contain all the policies used in WinXP SP2
- Group Policy Event Log verbose logging
- HKEY_LOCAL_MACHINE/Software/ Microsoft/Windows NT/Current Version/Diagnostics/RunDiagnosticLoggingGroupPolicy, DWORD, value=1
- Relogon to take the effect in Application Log
- Group Policy Diagnostic Log
- HKEY_LOCAL_MACHINE/Software/ Microsoft/Windows NT/Current Version/Winlogon/UserenvDebugLevel, DWORD, value=30002
- Relogon to take the effect
- Log file is at: %Systemroot%\Debug\Usermode\Userenv.log
- 1M file size limit, will create bak file
- Group Policy Software Deployment debugging
- Change at target client computer
- HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows NT\CurrentVersion\Diagnostics\AppMgmtDebugLevel, DWORD, 4b
- Restart the computer / relogon user (depeneds on publish or assign)
- Log file is at: %Systemroot%\debug\usermode\appmgmt.log
- Remove the debugging once finished
- Study Checklist
- WMI, applicable area
- Virtual Tape Drive software? (Testing ARCserve)
- Virtual Cluster with VMware
- Internet printer sharing
- ds* utilities
- csvde utility
- diskpart utility
- wmic utility
- Remote Assistance
- Reset a password for the user by Administrator will make EFS encrypted files inaccessible, need to decrypt with recovery agent!
- Microsoft: Trust between Windows Server 2003 and Windows NT 4.0 domain
- Disable Disable Windows XP's builtin zip support
regsvr32 /u %windir%\system32\zipfldr.dll
Better rename or remove the zipfldr.dll afterward
Then re-associate ZIP extension with your ZIP program such as WinZIP
- Guy's Windows Logon VBScripts
Include printer mapping scripts
- Windows XP Fixes, Tips and Tweaks
Contain a lot of registry fixes for Windows XP registry crashed by virus/malwares
- AppDeploy.com - The Application Deployment Information Center
Contain a lot of examples on how to automate software install!
- Copy User profile to new account
Copy a User Profile:
Open System in Control Panel. On the User Profiles tab, and under Profiles stored on this computer, click the user profile you want to copy, and then click Copy To.
In the Copy To dialog box, under Copy profile to, type the location for the new profile, or click Browse to select the path.
Click Change to open the Choose User dialog box, click a new user from the Names list, and then click Add. The new user name will appear in Add Name. Click OK to add the user as a new user profile on your computer.
Note: You must be logged on as an administrator to the local computer to copy user profiles. To open a Control Panel item, click Start, point to Settings, click Control Panel, and then double-click the appropriate icon.
- AdminScriptEditor
Tool to help admin create scripts, support: Batch, PowerShell, VBScript, AutoIt, KiXtart
|
Windows Rights Management Services |
|
Windows Deployment Services |
|
Software Update Services (SUS) - Obsolete |
|
Windows Server Update Services (WSUS) |
- Study Checklist
- Publish & Assign MSI applications via GPO
- Publish & Assign's differences
- Terminal Server will not accept assigned / published applications from GPO, need manual install
- Published application can be added to "Add/Remove Programs" and let the user choose to install it
|
Wireless Network Management |
- Study Checklist
- Wireless Monitor
- 802.1x and certificates
- Wireless Policy for machines in domain
- Define 802.1X authentication for wireless networks
PEAP fast reconnect allows roaming users to maintain continuous wireless network connectivity when traveling between different wireless access points on the same network
- Microsoft Virtual Wifi
Single Wifi card connect to multiple Wifi network
- Study Checklist
- Terminal Service Session Directory with NLB
- tsshutdn utility
- Study Checklist
- Cluster Service in Enterprise Server (setup and recovery)
- Cluster aware services
- Shared SCSI drive configuration
- Network Load Balancing
- NLB Cluster in unicast/multicast mode
- IGMP effect for NLB
- Use Cluster Administrator GUI or cluster.exe utility to manage all servers inside a cluster (e.g. administrator password)
- Study Checklist
- ASR Backup
- Copy Backup vs Normal Backup
- Emergency Management Services in Recovery Console
- Study Checklist
- secedit
- Security Template INF files
- compatws.inf
- securedc.inf
- syskey utility
- EFS Filesystem Encryption
- Terminal Server Security
Talk about: System Auditing, File System Auditing, Registry Auditing, Connection Auditing
- RDP Slow problem
- Tuning with TcpWindowSize or
- Vista build-in Auto-tuning TCP/IP Receive Window Size
- Follow Citrix client to set it to 64512 (More Info)
- Client cannot join domain
- svchost.exe 100% CPU during Windows Update (apply for Windows XP too)
|
|
