Archive for the ‘System Information’ Category

Intrasite and Intersite Replication

Posted: August 1, 2011 in Active Directory, Server 2008, System Information
Tags: , , , ,
4

The description of how AD DS replication works applies to both intrasite and intersite replication. In both cases, the domain controllers use the same processes to optimize the replication process. However, one of the main reasons to create additional sites in AD DS is to manage replication traffic. Because all of the domain controllers within a site are assumed to be connected with fast network connections, replication between these domain controllers is optimized for maximum speed and reduced latency. However, if the replication traffic has to cross a slow network link, conserving network bandwidth is a much more significant issue. Creating multiple sites allows for this conservation of network bandwidth by enabling features such as data compression and scheduled AD DS replication.

 

Intrasite Replication

 

The primary goal for replication within a site is to reduce replication latency, that is, to make sure that all domain controllers in a site are updated as quickly as possible. To accomplish this goal, intrasite replication traffic has the following characteristics:

 

  • The replication process is initiated by a notification from the sending domain controller. When a change is made to the database, the sending computer notifies a destination domain controller that changes are available. The changes are then pulled from the sending domain controller by the destination domain controller using a remote procedure call (RPC) connection. After this replication is complete, the domain controller notifies another destination domain controller, which then pulls the changes. This process continues until all the replication partners have been updated.
  • Replication occurs almost immediately after a change has been made to the AD DS information. By default, a domain controller will wait for 15 seconds after a change has been made and then begin replicating the changes to other domain controllers in the same site. The domain controller will complete replication with one partner, wait 3 seconds, and then initiate replication with another partner. The reason the domain controller waits 15 seconds after a change is to increase the efficiency of the replication in case additional changes are made to the partition information.
  • The replication traffic is not compressed. Because all the computers within a site are connected with fast network connections, the data is sent without compression. Compressing the replication data adds an additional load on the domain controller server. Uncompressed replication traffic preserves server performance at the expense of network utilization.
  • Replication traffic is sent to multiple replication partners during each replication cycle. Whenever a change is made to the directory, the domain controller will replicate the information to all direct replication partners, which might be all or some of the other domain controllers in the site.

 

Intersite Replication

 

The primary goal of replication between sites is to reduce the amount of bandwidth used for replication traffic. This means that intersite replication traffic has the following characteristics:

 

  • Replication is initiated according to a schedule rather than when changes are made. To manage replication between sites, you must configure a site link connecting the two sites. One of the configuration options on the site link is a schedule for when replication will occur. Another is the replication interval setting for how often replication will occur during the scheduled time. If the bandwidth between company locations is limited, the replication can be scheduled to happen during nonworking hours.
  • Replication traffic is compressed down to about 40 percent of the noncompressed size when replication traffic is more than 32 KB in size. To save bandwidth on the network connection, the bridgehead servers in each site compress the traffic at the expense of additional CPU usage.
  • Notifications are not used to alert a domain controller in another site that changes to the directory are available. Instead, the schedule determines when to replicate. Note You can disable compression for intersite replication and enable notifications.
  • Intersite replication connections can use either an Internet Protocol (IP) or a Simple Mail Transfer Protocol (SMTP) transport. SMTP can be used as a transport protocol only for the configuration, schema, and application directory partitions, not for the domain partition. The connection protocol you use is determined by the available bandwidth and the reliability of the network that connects company locations.
  • Replication traffic is sent through bridgehead servers rather than to multiple replication partners. When changes are made to the directory in one site, the changes are replicated to a single bridgehead server (per directory partition) in that site, and the changes are then replicated to a bridgehead server in the other site. The changes are replicated from the bridgehead server in the second site to all the domain controllers in that site.
  • You can easily modify the flow of replication between sites. Almost every component of intersite replication can be changed.

Encrypting File System in Server 2008

Posted: August 1, 2011 in Active Directory, Server 2008, System Information
Tags: , ,
2

The Encrypting File System (EFS) is one feature made possible by reparse points in Windows Server 2008 that enhances security for local files on NTFS volumes. EFS is useful for securing files on any system, but it is most useful on systems that can easily be stolen or physically compromised, such as notebook and tablet PCs. EFS is integrated within NTFS and therefore is applicable only to files on NTFS volumes. FAT16 and FAT32 volumes do not support EFS. Only files can be encrypted; folders cannot, even on NTFS volumes. However, folders are marked to indicate that they contain encrypted data. EFS are designed to protect files locally, and therefore don’t support sharing of encrypted files. You can store your own encrypted files on a remote server and access those files yourself. The data is not encrypted during transmission across the network, however, unless you use Internet Protocol Security (IPsec) to encrypt IP traffic (assuming you are using TCP/IP as the network protocol for transferring the file).

Exchange Internet Protocol Access Components

Posted: July 19, 2011 in Exchange Server, System Information
Tags:
0

Exchange Server 2003 comes with a set of four Internet protocol services. These let you extend the reach of Exchange users beyond Microsoft’s very good, but proprietary, electronic messaging protocol MAPI. The four services are Hypertext Transmission Protocol (HTTP), which supports Outlook Web Access (OWA); Post Office Protocol (POP3); Internet Message Access Protocol (IMAP4); and Network News Transfer Protocol (NNTP):

 

HTTP:  HTTP is the core protocol that supports web access. OWA uses the HTTP protocol to give users access to everything in their Exchange mailboxes, as well as items in public folders, using a web browser such as Microsoft Internet Explorer. On the server side, OWA is supported by Windows Server 2003s Internet Information Server.

 

POP3 Server:  Exchange Servers POP3 server gives users with standard POP3 e−mail clients, such as Eudora or Outlook Express, limited access to their Exchange mailboxes. Users can download mail from their Exchange Inboxes, but that’s all. Users have no direct access to other personal or public information stores or to their schedules. This is due to limitations in the POP3 protocol itself, not in Microsoft’s implementation of the protocol.

 

IMAP4 Server:  The Exchange IMAP4 server goes one better than POP3, adding access to folders in addition to the Exchange Inbox. With IMAP4, folders and their contents can remain on the Exchange server, be downloaded to the computer running your IMAP4 client, or both. You can keep Exchange Server based folders and their contents in sync with the folders on an IMAP4 client.

 

NNTP Server:  The NNTP server lets you bring all those exciting Usenet newsgroups into your Exchange servers public folders, where your users can read and respond to them with the same e− mail clients that they use to read other public folders.

How to Restore the System State on a Domain Controller

Posted: July 11, 2011 in Active Directory, Server, Server 2003, Server 2008, System Information
Tags: , , ,
0

1. To restore the system state on a domain controller, first start the computer in Directory Services Restore Mode. To do so, restart the computer and press the F8 key when you see the Boot menu.

2. Choose Directory Services Restore Mode.

3. Choose the Windows 2000 installation you are going to recover, and then press ENTER.

4. At the logon prompt, supply the Directory Services Restore mode credentials you supplied during the Dcpromo.exe process.

5. Click OK to acknowledge that you are using Safe mode.

6. Click Start, point to Programs, point to Accessories, point to System Tools, and then click Backup.

7. Click the Restore tab.

8. Click the appropriate backup media and the system state to restore.

NOTE: During the restore operation, the Winnt\Sysvol folder must also be selected to be restored to have a working sysvol after the recovery process. Be sure that the advanced option to restore “junction points and data” is also selected prior to the restore. This ensures that sysvol junction points are re-created.

9. In the Restore Files to box, click Original Location.

NOTE: When you choose to restore a file to an alternative location or to a single file, not all system state data is restored. These options are used mostly for boot files or registry keys.

10. Click Start Restore.

11. After the restore process is finished, restart the computer.

Supported Upgrade Paths for Server 2008

Posted: June 30, 2011 in Server, Server 2008, System Information
Tags: ,
1

Before performing an upgrade, you should make sure the server’s installed software and hardware support Windows Server 2008. You can download tools for testing compatibility and documentation at the Windows Server Catalog Web site (http://www.windowsservercatalog.com/).

 

Microsoft Server operating systems from Windows 2000 and later can be upgraded to Windows Server 2008. In general, servers can be upgraded to a product with equal or greater capabilities, thus:

 

  • Windows Server 2003 Standard or Enterprise editions can be upgraded to Standard or Enterprise editions of Windows Server 2008.
  • Windows Server 2003, Datacenter Edition, can be upgraded to Windows Server 2008 Datacenter.
  • Windows Server 2003, Web Edition, can be upgraded Windows Web Server 2008.
  • Windows Server 2008 Standard can be upgraded to Enterprise or Datacenter editions of Windows Server 2008.
  • Windows Server 2008 Enterprise can be upgraded to Windows Server 2008 Datacenter.

Core Function of DHCP

Posted: June 29, 2011 in Active Directory, Internet Protocol, Server 2008, System Basics, System Information
Tags: , ,
0

The core function of DHCP is to assign addresses. DHCP functions at the Application Layer of the Open System Interconnection (OSI) reference model, as defined by the International Organization for Standardization (ISO) and the Telecommunication Standards Section of the International Telecommunications Union (ITU-T).

The OSI model is used for reference and teaching purposes; it divides computer networking functions into seven layers. From top to bottom, the seven layers are application, presentation,

session, transport, network, data-link, and physical

 

In brief, DHCP provides four key benefits to those managing and maintaining a TCP/IP network:

 

  • Centralized administration of IP configuration—DHCP IP configuration information can be stored in a single location and enables the administrator to centrally manage all IP configuration information. A DHCP server tracks all leased and reserved IP addresses and lists them in the DHCP console. You can use the DHCP console to determine the IP addresses of all DHCP-enabled devices on your network. Without DHCP, not only would you need to manually assign addresses, you would also need to devise a method of tracking and updating them.
  • Dynamic host configuration—DHCP automates the host configuration process for key configuration parameters. This eliminates the need to manually configure individual hosts when TCP/IP is first deployed or when IP infrastructure changes are required.
  • Seamless IP host configuration—the use of DHCP ensures that DHCP clients get accurate and timely IP configuration parameters, such as the IP address, subnet mask, default gateway, IP address of the DNS server, and so on, without user intervention. Because the configuration is automatic, troubleshooting of misconfigurations, such as mistyped numbers, is largely eliminated.
  • Flexibility and scalability—Using DHCP gives the administrator increased flexibility, allowing the administrator to more easily change IP configurations when the infrastructure changes. DHCP also scales from small to large networks. DHCP can service networks with ten clients as well as networks with thousands of clients. For very small, isolated networks, Automatic Private IP Addressing (APIPA) can be used.

Firewall Details in Win 7

Posted: June 29, 2011 in Firewall, Networking, System Information, Windows 7
Tags: ,
0

A firewall is an important component of a larger overall security strategy. Windows 7 comes with a built-in firewall that’s turned on and working from the moment you first start your computer.

 

The firewall is automatically configured to prevent unsolicited Internet traffic from getting into your computer, thereby protecting you from worms and other hack attempts. The 7 firewall also provides advanced options for professional network and security administrators who need more granular control over its behavior. In Detail:

 

  • Exceptions in Windows Firewall are programs that are allowed to work through the firewall.
  • A firewall will not protect your computer from viruses, pop-up ads, or junk e-mail.
  • A firewall protects your computer from unsolicited network traffic, which is a major cause of worms and other hack attempts.
  • When you start an Internet program that needs access to the Internet through a closed port, you’ll be given a security alert with options to Unblock, or Keep Blocking, the port. You must choose Unblock to use that program.
  • Windows Firewall is one of the programs in the Security Center. To open Security Center, click the Start button and choose Control Panel ➪ Security ➪ Security Center.
  • You don’t need to configure the firewall to use standard Internet services such as the Web and e-mail. Those will work through the firewall automatically.
  • Professional network and security administrators can configure Windows Firewall through the Windows Firewall with Advanced Security console in Administrative Tools.
  • From the Start menu, you can search on the keyword fire to get to Windows Firewall configuration options.

What a firewall doesn’t protect against

Posted: June 29, 2011 in Firewall, Networking, System Information
Tags: ,
0

It’s important to understand that a firewall alone is not sufficient protection against all Internet threats.

A firewall is just one component in a larger defense system. Specifically:

 

  • Windows firewall doesn’t protect you from spyware and viruses. See Chapter 8 for more information on that protection.
  • Windows firewall doesn’t protect you from attacks based on exploits. Automatic updates provide that protection.
  • A firewall doesn’t protect you from pop-up ads.
  • A firewall doesn’t protect you from phishing scams.
  • Windows firewall doesn’t protect you from spam (junk e-mail).

 

So, a firewall isn’t a complete solution. Rather, it’s an important component of a larger security strategy.

How Firewalls Work (Win 7)

Posted: June 29, 2011 in Firewall, Networking, System Information, Windows 7
Tags: ,
1

To understand what a firewall is, you need to first understand what a network connection is. Even though you have only one skinny set of wires connecting your computer to the Internet (through a phone line or cable outlet), that connection actually consists of 65,535 ports. Each port can simultaneously carry on its own conversation with the outside world. So, theoretically, you could have 65,535 things going on at a time. Of course, nobody ever has that much going on all at one time. A handful of ports are more like it.

The ports are divided into two categories: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP is generally used to send text and pictures (Web pages and e-mail), and includes some error checking to make sure all the information that’s received by a computer matches what the sending computer sent. UDP works more like broadcast TV or radio, where the information is just sent out and there is no error checking. UDP is generally used for real-time communications, such as voice conversations and radio broadcasts sent over the Internet.

Each port has two directions: incoming and outgoing. The direction is in relation to stuff coming into your computer from the outside: namely the Internet. It’s the stuff coming into your computer that you have to watch out for. But you can’t close all ports to all incoming traffic. If you did, there’d be no way to get the good stuff in. But you don’t want to let everything in.

Antispyware and antivirus software are good tools for keeping out viruses and other bad things that are attached to files coming into your computer. But hackers can actually sneak worms and other bad things in through unprotected ports without involving a file in the process. That’s where the firewall comes into play. A stateful firewall, such as the one that comes with Windows 7, keeps track of everything you request. When traffic from the Internet wants to come in through a port, the firewall checks to make sure the traffic is something you requested. If it isn’t, the firewall assumes this is a hacker trying to sneak something in without your knowing it, and therefore prevents the traffic from entering your computer.

Screen turns blue during startup in WIN 7

Posted: June 28, 2011 in Bios, System Information, Windows 7
Tags: , ,
0


This is commonly referred to as the Blue Screen of Death (BSOD). It doesn’t mean your computer is permanently broken. A frequent cause of this problem is a device driver that doesn’t work with Windows 7.

 

If you recently connected or installed a new hardware device, disconnect or uninstall it. Then start the computer again. That’s your best bet. If you still get the Blue Screen of Death, you’ll likely have to boot to Safe Mode and disable the device through Device Manager. This is not the sort of thing the average user normally does. This is more the kind of thing that a professional would handle.

 

If the error persists, look for an error number on the Blue Screen of Death page. It will most likely start with the characters 0x. Jot that number down on a sheet of paper. Then, if you can get online through another computer, go to Microsoft’s sites (http://search.microsoft.com or http://search.microsoft.com) or your favorite online search site (such as Google) and search for that number. You might find a page that offers an exact solution to that problem.

 

If you can get online through another computer, you might also consider posting a question at the Windows Communities site. Be sure to include the error number in your post. You might find someone who has already experienced and solved that very problem.

Older Entries
Newer Entries