Professional Documents
Culture Documents
More
Follow Tina
Tina FAVS
Next Blog
Contact
Home
Quick Check Facts for Windows Server 2008, Active Directory Network Infrastructure
Search
IPv6
IPv6 Addressing
IPv6 address space is 128 bits (16 bytes)
SHARE
Large address space. Divided along 16-bit boundaries, converted to 4 digit hexadecimal
numbers, separated by colons - known as colon hexadecimal .
Computer Repair
1
Simpler host configuration. IPv6 supports dynamic client configuration by using DHCPv6 and IPv6
also enables routers to configure hosts dynamically.
Improved routing efficiency. Reduces how many routes the Internet must process by supporting
hierarchical routing.
Built-in security. IPv6 ensures all hosts encrypt data while in transit by including native IPSec
support.
Configure and
Manage
Distributed
File System
(DFS)
Internet
Explorer
encountered a
problem and
needs to close
Tips on How to
Configure DNS
Zones
Windows Hang
and Crash Dump
Analysis
Webcast Review
About Routing
and Remote
Access in
Server 2008
Quick Check
Facts for
Microsoft
Windows Server
2008 Active
Directory,
Configuring
SQL Subqueries
SQL Table
Joins
Access-Based Enumeration
(2)
Active Directory (31)
ActiveX (3)
Address Labels (1)
AOL (1)
Backup (4)
Beep codes (1)
BitLocker (3)
Blogger (4)
cabling (7)
Certificates (6)
CMAK (1)
IPv4
IPv4 address space is 32-bit binary (Base 2)
Divided along 8-bit boundaries called octets, converted to decimal,
separated by periods called a dotted decimal notation
converted by Web2PDFConvert.com
Routing
RIP (Routing Information Protocol)
Used to maintain routing information and routing tables in Windows
Server 2008 R2.
Enables RRAS servers to exchange routing information with other
routers.
RIP needs to be enabled on a RRAS server.
Disadvantage of RIP is its inability to scale to large networks.
Maximum hop count used by RIP routers is 15.
Administer DHCP remotely
Add UDP ports 67 and 2535 and Tcpsvcs.exe to the Windows Firewall exception list.
Netsh add route command
Add IPv6 routing information
route command is used to view and change entries in the local IP routing table (you can administer
routes more quickly using the command line rather than the Routing and Remote Access console).
add to add a route
change to make changes to an existing route
converted by Web2PDFConvert.com
route [-f] [-p] [Command [Destination] [mask Netmask] [Gateway] [metric Metric]]
[if Interface]]
Destination is used to configure the network destination for a route
mask Netmask is used to configure the subnet mask
Gateway is used to configure the next hop address
metric Metric is used to configure an integer cost metric for a route
if Interface is used to configure the interface index on the interface for which the
destination network can be reached
Windows Firewall with Advanced Security
Manage firewall and IPSec configuration settings
Netsh advfirewall
Windows Firewall with Advanced Security Group Policy settings using GPMC
Authenticate IPSec with domain user accounts using Kerberos
Windows Vista or later OS
Windows Server 2008 and later servers
IPSec can be used for both
Authentication and encryption
Authentication bypass rule
Followers (12)
Lets traffic protected by IPSec bypass Windows firewall regardless of incoming rules.
UDP ports 67 and 2535
Support remote administration for DHCP servers
Should be added to the Windows Firewall exceptions list on the target server
Inbound rules
Explicitly allow or block traffic directed to the computer from other hosts that match
the criteria of the rule.
Outbound rules
Explicitly allow or block traffic originating from the computer if it matches the
criteria of the rule.
netsh firewall show state
Displays the current firewall configuration
DNS server
Recursion
DAISY
DANNY
Used to provide a list of names and addresses of DNS servers that are authoritative for
the root zone of the DNS namespace. Root hints can be used for resolving external
names that cannot be resolved from a DNS server or by sending the request to a forwarder.
Root hints are contained in a file named CACHE.DNS that is located in the
\\Windows\System32\DNS folder. It is a text listing of IP addresses with the matching
root DNS servers.
Stub zone
Like
12
A copy of a zone that contains only the resource records that are necessary to identify
the authoritative DNS servers for the zone. A Stub zone consist of:
Start of Authority (SOA) resource record, Name Server (NS) resource records, and
glue A resource records for the zone.
IP address of one or more master servers that can be used to update the zone.
Stub zones help reduce the amount of DNS traffic on your network.
dnscmd /clearcache
Command to clear the DNS server cache. Name resolution problems can occur when a DNS
server has cached a record that has changed. Clearing the cache removes the stale
records.
dnscmd /resetlistenaddresses
NEW WORLD TRADE CENTER
converted by Web2PDFConvert.com
2013 (9)
2012 (18)
12/30/12 - 1/6/13 (1)
DNS zones
GlobalNames zone
Provides single-name resolution for networks without a WINS server.
Provide name resolution even when a WAN link is temporarily unavailable between domains
if there is an authoritative DNS server installed on a domain controller.
Stub zone
A copy of a zone that contains only the resource records that are necessary to identify
the authoritative DNS servers for the zone. This enables the DNS server hosting the
parent zone to be aware of the authoritative servers for the child zones. A stub zone is
kind of like a secondary zone because it obtains its resource records from other name
servers, and a stub zone is read-only like a secondary zone. However, stub zones contain
only three types of resource records: a copy of the SOA record for the zone, copies of NS
records for all name servers that are authoritative for the zone, and copies of A records
for all the name servers authoritative for the zone.
Secondary zone
A read-only copy of a zone that was copied from the master server during zone transfer.
Automatic scavenging
Removes outdated DNS records that can accumulate in the zone over time. Disabled by
default, must be enabled for a zone. DNS records that are manually created by an
Administrator are NEVER scavenged.
dnscmd
2010 (112)
Used to view and change the properties of DNS servers, zones, resource records, and zone
types.
2009 (20)
Primary
Secondary
Stub
SUPPORT WIKIPEDIA
DNS Records
AAAA
IPv6 resource record used to resolve FQDN host names to IPv6
addresses.
CNAME
Sometimes called canonical name, the resource record enables you to
register a different FQDN for a computer already registered with a
host A record.
HINFO (host information) record
Contains recorded information about a host's CPU type and operating system.
Subscribe in a reader
SRV records
DEER VALLEY, UTAH
ITALIAN ALPS
converted by Web2PDFConvert.com
FRENCH ALPS
KILLINGTON, VERMONT
Remote Access
Remote Desktop Gateway (RD Gateway)
Formerly known as Terminal Services
Provides Remote Desktop Services for authorized clients with access to internal
resources.
RD Gateway uses Transport Layer Security (TLS) to encrypt communications.
RD Gateway uses Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted
connection between remote users on the Internet and internal resources. You should get
user certificates from the internal certificate authority and every server must be
configured for Network Level Authentication to only allow Remote Desktop client computers
access.
When the Remote Desktop session is active, RD locks the target computer to prevent
interactive logons for the session.
Use Remote Desktop Services CAP (Connection Authorization Policy) to identify user or
computer groups to secure access to the server resources.
Define a Remote Desktop Services Resource Authorization Policy (RAP) to identify the
resources for which they have access.
Network Policy and Access Services (NPAS) role
Network Policy Server (NPS)
Replacement for Internet Authentication Service (IAS)
Microsoft implementation of the RADIUS server
Must have a server certificate.
Can use either Protected Extensible Authentication Protocol (PEAP) or
Extensible Authentication Protocol (EAP).
NPS performs centralized authentication, authorization, and accounting for
network access, including:
VPN
Wireless. Wireless access points must support 802.1x to be configured
as clients to NPS.
Configure them as RADIUS clients to pass authentication
requests to NPS.
By default, Protected Extensible Authentication Protocol
(PEAP) with Microsoft Challenge Handshake Authentication
Protocol (MS-CHAP) version 2. PEAP helps to prevent rogue
wireless access points on the network. MS-CHAPv2 uses
passwords for authentication.
converted by Web2PDFConvert.com
converted by Web2PDFConvert.com
converted by Web2PDFConvert.com
converted by Web2PDFConvert.com
Event Logs
Wevutil (Windows Event Logs)
Command-line utility lets you view and manage Windows Event Logs
wevutil qe
The ge or query-event command is used to retrieve a list of events in the
Windows Event Logs
wevutil gl
The gl or qet-log command is used to retrieve info about the log, such as its
location
Wecutil (Windows Event Collector)
Command-line utility lets you view and manage info about event subscriptions like
hardware events that are forwarded from a remote computer which support WS-Management
protocol
You can use the wecutil utility to automatically configure a computer to collect events
Audit events
Written to the Windows Security Event Log
Windows Server 2008 R2 Active Directory audit policy (auditpol.exe) supports:
Directory Service Access
Directory Service Changes
Directory Service Replication
Detailed Directory Service Replication
Gather Network Data
Task Manager
Gives a quick overview of total network bandwidth usage.
Network Monitor
Collect and save detailed network usage statistics like individual
packets transmitted across the network (note: log file would be
huge)
Create an address database first to specify address pairs in a
capture filter
Must be an Administrator or member of the netmon users group
Must be downloaded from the Microsoft website (free)
nmcap /? command line
Carefully choose the location to install Network Monitor
To capture all traffic switch on promiscuous mode (p-mode)
SNMP. Simple Network Management Protocol, is supported by Windows Server 2008
SNMP is an Internet standard protocol for managing devices on an IP network
3rd party software required to analyze SNMP data
Netcap
Network Monitor Capture command-line utility can capture network traffic using the
Network Monitor driver
Netcap installs the Network Monitor driver and binds it to all adapters when you first
run the Netcap command
Monitors traffic on a LAN and write the information to a log file
Can consume lots of system resources. Not recommended in a production environment, best
to use netcap.exe command line version to monitor production.
Data Collector Set.
You can create a data collector set with the network performance counters you want to
monitor, and schedule Windows Reliability and Performance Monitor to start automatically
and log counter values at various times during the day.
converted by Web2PDFConvert.com
Related Posts: Access-Based Enumeration, Active Directory, Certificates, DFS, DHCP, DirectAccess, Exam 70-642, IPSec,
IPv4, IPv6, NAP, NPS, Performance, RADIUS, Remote Access, System Restore, VPN, Windows Server 2008, WSUS
1 comment:
Pickme india April 24, 2012 at 6:12 AM
Your thought processing is wonderful. The way you tell the thing is awesome. You are really a master.
Great Blog!! That was amazing
http://www.pickmeindia.com/
Reply
Publish
Preview
"Comment As:" anonymous if you would rather not sign into an account!
Home
Older Post
TOTAL PAGEVIEWS
Like
208,396
12
Computer Repair
Powered by Blogger.
converted by Web2PDFConvert.com