Tips - DFS and locked files features/Alternative with PeerSync

DFS is a very interesting Microsoft Server feature that give you the ability to replicate and aggregate shared folders (integrated in Windows domain too) on different sites and with differential approach about bandwidth saving feature.

In case we would like to replicate same data on different location and we would be sure that only a person can modify single file we should, in this case, advice all the other users that would like to modify that file that (on different geographical server with same replica data) it can be opened only in read only mode.

I got notify that this software can do that job, here is relative link (it is not for free)

http://www.peersoftware.com/products/sync-backup/peersync-for-servers.html


2008/2012 - Read-Only Domain Controller (RODC)

From this Veeam article I copy and past some parts that quickly explain 2008/2012 RODC Feature:

http://www.veeam.com/blog/read-only-domain-controller-rodc-configuration-active-directory-best-practices.html

Traditional, old-school, writable domain controllers are deployed at ROBO sites so IT admin can resolve application performance. See Figure 1. This practice prevents authentication traffic from traversing the WAN (wide area network) and delays in response times. As a result, things look and feel just like the customer is seated at the main headquarters location. Unfortunately, this practice creates huge security vulnerabilities! Imagine if an unwanted, mischievous user gains physical or virtual access to the network, bidirectional replication would allow this guest to make changes that could severely impact the ENTIRE AD (active directory) forest.

A good resolution it could be the following:

In Windows Server 2008, Microsoft introduced the concept of a Read-Only Domain Controller (RODC), this allows IT to deploy AD Domain Services remotely at branch offices, without having the security worries that traditional writable domain controllers present. See Figure 2. RODCs offer inbound, *unidirectional replication and maintain a local read-only copy of all AD data and the SYSVOL folder. This benefits IT greatly because:
  • It mitigates and helps remove replication concerns if a mischievous guest user gains physical or virtual access to the infrastructure
  • It prevents accidental deletion of AD objects and/or the SYSVOL by admin within the branch office
  • It prevents rogue applications, such as a virus, malware, spyware, from making changes to the AD schema.
*For more on Read-Only domain controllers, unidirectional replication and their benefits, visit: Microsoft TechNet.
Windows Server 2012 and higher versions simplify the deployment process by leveraging Server Manager instead of the deprecated DCPromo utility. After installing the basic AD domain services, you will immediately be prompted to take additional steps if you require the server (a VM) to become a domain controller.
Once you click Promote this server to a domain controller and choose Add to an existing forest, you'll check the checkbox called Read only domain controller (RODC) to promote the DC to a RODC



Tips - How to find uninstallation string on register and manually uninstall application

If you are facing problems to uninstall an application that is not visible in add remove program, or for any other sort of problems, here is procedure to find register uninstallation string and proceed to uninstall it via .cmd:





Server - Royal TS latest free version to connect via remote Desktop to Servers or mRemote Free RDP Version

Royal Ts is nice tool (it is not free) to have a single point to connect to server in RDP without need to open plenty of windows and overriding user and password insert every time that you connect to servers.

Here is latest free version

Version 1.5.x Downloads (Freeware):
 

All previsious version can be found on this link:


Latest version (you need to pay to use it) is:

Royal TS v Version 3.1.4  


http://www.royalapplications.com/ts/win/features

<-------->

A good alternative it is utilizing mRemote that is free (but if I am not wrong software is no longer updated) but it work excellently in any case

http://www.mremoteng.org/home

mRemoteNG supports the following protocols:
  • RDP (Remote Desktop/Terminal Server)
  • VNC (Virtual Network Computing)
  • ICA (Citrix Independent Computing Architecture)
  • SSH (Secure Shell)
  • Telnet (TELecommunication NETwork)
  • HTTP/HTTPS (Hypertext Transfer Protocol)
  • rlogin
  • Raw Socket Connections

Tips - Split large files with 7Zip

I would like to say that, split large file procedure, is very easy but I take note and mainly I share it in case someone did not know that.

Here they are steps that you should take care:

1. Download and install 7 zip

7-Zip 9.20 (64-bit)
7-Zip 9.20 (32-bit)


2. Right click on file that you would like to split like screenshots and decide destination size.




3. Finally Click Ok

Security - Netwrix Tools auditing, security and monitoring

I would like to highlight these Netwrix tools.

These tools here indicated are free about auditing, security and monitoring.

Here they are with a brief feature summarization:


Change Auditing Tools

Be notified of changes as they occur. Seeing what objects and attributes have been changed is as simple as opening your email.
Free ToolTrack Changes Made to:
Netwrix Change Notifier for Active DirectoryActive Directory users, groups and group membership, computers, organizational units and permissions
Netwrix Change Notifier for ExchangeExchange Server configurations and permissions
Netwrix Change Notifier for Group PolicyGPOs, GPO links, audit policy, password policy, software deployment
Netwrix Change Notifier for File ServersFiles, folders, shares, and permissions on your Windows-based file servers
Netwrix Change Notifier for SQL ServerSQL instance configuration, database creation and deletion, changes to database users, roles and schemas
Netwrix Change Notifier for VMwareVMware host and virtual machine settings, creation and deletion of virtual machines
Netwrix Change Notifier for Windows ServerWindows Server configuration, including installed software and hardware, local security settings, and registry settings


Password and Identity Management Tools

Netwrix Account Lockout Examiner: Alert your help desk staff about lockout events and troubleshoot account lockouts, analyzing potential causes. Accounts can be unlocked within the console, a Web-based interface or via a mobile device.
Netwrix Bulk Password Reset: Change passwords in bulk across a domain, a subset of computers, or your local machine.
Netwrix Inactive User Tracker: Report on accounts that have been inactive for a specified number of days.
Netwrix Password Expiration Notifier: Automatically send email notifications to your users letting them know their password is about to expire.
Netwrix Password Manager: Empower users to reset forgotten passwords and unlock their accounts through a Web-based, self-service portal without calling the IT help desk. Supports up to 100 users!

Systems Management Tools

Netwrix Disk Space Monitor: Be alerted in real-time via email when disk space falls below certain thresholds on one or more of your servers.
Netwrix Event Log Manager: Collect, alert and report on events from the Windows servers across your network.
Netwrix Service Monitor: Monitor services on multiple servers simultaneously and be alerted via email when one or more services stop unexpectedly. Optionally, automatically restart monitored services ensuring maximum uptime.

DigitalOcean Cloud Alternative

I would like to highlight this Cloud service that is particularly good and with nice prices.

An interesting alternative to Azure and any other Cloud services.

https://www.digitalocean.com/

Consider that:

1. All plans are standard with solid state drives (SSD)
2. a flexible API, and the ability to select the nearest data center location
3. About any question and pricing here is FAQ Link https://www.digitalocean.com/help/

2012 Server - DFS and enhancements on windows 2012

About DFS I found this article (that I hope to read completely when I will have some time) that, after a quick read, seems to be very interesting.

It explains DFS Theory and Windows 2012 enhancement on that field, here it is:

http://blogs.technet.com/b/filecab/archive/2012/11/12/dfs-replication-improvements-in-windows-server-2012.aspx

Software - Filehippo App one click program to upgrade old software

On internet there are plenty websites and application that give you opportunity to check new software release and let you download them.

During these years I often browse www.filehippo.com searching for new softwares releases and so I would like to highlight FileHippo App Manager application

http://www.filehippo.com/download_app_manager/

Filehippo App Manager check every day your most critical applications on your pc (and usually utilized from virus and malware using well known vulnerabilities to increase attack surface on your Microsoft O.S.) like Flash Player, Java, Adobe and Foxit Reader....

Every day you are prompted about new software releases and with one click button you will install that smoothly without too many user interaction.

It is simple and useful at the same time.



Antivirus - How To restore Internet connection after Virus/malware action - AdwCleaner

If you had problems, removing Virus/Malware, and internet connection is no more working properly I found that this tool worked fine for me. (against Hijacker problems)

AdwCleaner.


AdwCleaner is a free removal tool for :
  • Adware (ads softwares)
  • PUP/LPI (Potentially Undesirable Program)
  • Toolbars
  • Hijacker (Hijack of the browser's homepage)
It works with a Search and Delete mode. It can be easily uninstalled using the mode "Uninstall".
It's compatible with Windows XP, Vista, 7, 8, 8.1, 10 in 32 & 64 bits.

https://toolslib.net/downloads/finish/1/

Security - Netwrix tool about lockout account and relative alerting

Netwrix Account Lockout Examiner
How many help desk calls do you get from users asking for someone to unlock their accounts? How much time does the administrative staff spend just handling account lockout issues? Loss of productivity, frustrated users, and a huge administrative burden are just some of the inevitable results of implementing a strong password policy, which is required by security and compliance regulations. Should you just give in to user complaints, or is there a better way to keep strong security requirements and effectively resolve account lockouts at the same time?
Native tools lack many features and capabilities that administrators and help desk staff need to effectively resolve account lockouts (downloadSummary: Limitations of Microsoft Account Lockout and Management Tools to learn more).
Netwrix Account Lockout Examiner will help you to:
  • Identify account lockouts in real time: Should an account lockout happen, all operators will receive an email alert with an optional link to a web-based console for quick access to account details and operations. Email alerts can be configured to be triggered only when specified accounts are locked out.
  • Troubleshoot account lockouts: The lockout investigation engine of Netwrix Account Lockout Examiner will do its best to help you find the potential cause of account lockouts, such as mapped network drives, services and scheduled tasks running under stale credentials, disconnected remote desktop sessions, processes running under a locked account, etc.
  • Proactively resolve account lockouts: The product allows you to unlock accounts quickly via a web-based console or even by email from your mobile device.
  • Deal with consequences of Conficker/Downadup virus.
The Freeware Edition has limited functionality but never expires. The table below summarizes features available in each edition.
FeatureFreeware EditionEnterprise Edition
Detect account lockouts in real timeYesYes
Notify administrators about lockoutsYesYes
Analyze the network for possible account lockout reasons, such as system services, scheduled tasks, mapped network drives, and moreYesYes
Unlock accountsYesYes
Reset passwordsYesYes
Role-based security for delegated help desk operator accessNoYes
Help-Desk Portal for web accessNoYes
PriceFree$10,000 site license

Backups - How to backup remote clients part 1/2 - .PST files with Outlook opened or any soft of locked files

There is an interesting command line tool that give the ability to backup .pst files with outlook on, any locked files or opened and finally all pcs files to a different location.

This tool is Hobocopy:

https://github.com/candera/hobocopy/downloads

You should consider that there is a Hobocopy GUI with graphical interface:



At the end of acticle I proceed to copy and paste relative binaries but you must take really care about O.S. version (32 bit, 64 bit and 7/8/10 or XP) and verify that visual C++ is installed in correct versioning on clients.

These are main procedure that we implemented (without too much details) too centralize client .pst backups.

During next weeks I am intending to create a second article and explain (without excessive details) ho to centralize real time backups on client about files that are not locked to remote share.

1. You need to create a .vbs script that memorize on each pcs .pst location and name and user name that utilize that particular pcs/laptop. (it must be executed with local user permissions).
This .vbs could be executed with SCCM 2007/2012 package or with a client scheduled task that can be passed through GPO too.

2. Secondary you need to create a second .vbs that read precedent information on client on .txt file and that execute hobocopy to backing up user's .pst to remote shared folder.

In this specific case you should verify if  in that moment pcs is in correct lan (to avoid bandwidth saturation), utilize BITS in any case, verify with md5 if local pst changed size from the one that is already backup up on remote file server, write verbose logs.

In this case you should create a second SCCM 2007/2012 package and it could run with or without user logged in (with administrative rights), infact hobocopy utilize VSS.

An alternative it could be to remote execute scripts (that you should copy in a particolar folder of each pcs) utilizing psexec from a single location/server and schedule that periodically.

In my opinion SCCM is great about that but you could evaluate pdq too or psexec.

Here they are some useful blogs articles about these arguments.

About .vbs I would prefer to do not share them but they are really easy to be implemented.

<-------->

Software - PDQ Inventory and Deploy

http://www.alessandromazzanti.com/2015/09/software-pdq-inventory-and-deploy.html

Tips - how to migrate PDQ deploy and PDQ inventory to another server


Server - PDQ Deploy utility per monitorare la rete ed installare software


SCCM 2007 all blog's articles


SCCM 2012 all blog's articles


PSexec - How to execute remote commands about .vbs, .exe, microsoft patch installation...


Scripting - Eseguire .vbs ed installazioni programmi su pc remoti in un dominio o un workgroup con PSEXEC


Scripting - Installare patch su client remoti in automatico


Tips - Abilitare il Remote Desktop su un server remoto con psexec


Scripting - Eseguire comandi remoti sui pc in rete con PSEXEC



Hacker - Rendere l'utente SYSTEM super amministratore del sistema anche su Windows Patchati con PSEXEC


<-------->


hobocopy-unstable-32bit-20110505-01.zip — Interim release of hobocopy for 32-bit machines running W2K3, Vista, Win7
627KB · Uploaded 

hobocopy-unstable-XP-32bit-20110505-01.zip — Interim release of hobocopy for 32-bit machines running XP

hobocopy-unstable-64bit-20110505-01.zip — Interim release of hobocopy for 64-bit machines running W2K3, Vista, Win7

vcredist-2010_x86.exe — 32-bit Visual C++ runtime. Needed for 32-bit versions of hobocopy *after* 1.0

vcredist-2008_x86.exe — The Visual C++ runtime redistributable, 32-bit (x86) version. Needed for the 32-bit version of hobocopy 1.0.

vcredist-2008_x64.exe — The Visual C++ runtime redistributable, 64-bit (x64) version. Needed for the 64-bit version of hobocopy 1.0.

Software - PDQ Inventory and Deploy

PDQ inventory and Deploy is a very poor version of SCCM and client-less at the same time.

I warmly prefer SCCM but due to fact that PDQ is easier, cheaper and with less server resources requirements PDQ can be good a choice as alternative. (there is a free version too with less features)

Download:

http://www.adminarsenal.com/download-pdq

Here they are some feature about that:

Software Deployment : Download the latest PDQ Deploy

PDQ Deploy is a software deployment tool that allows admins to silently install almost any application or patch. 
Its features include:
- Integrates with Active Directory, Spiceworks, PDQ Inventory, and more
- Install to multiple computers simultaneously
- Real-time status
- Install just about anything
- Agentless 

Download the latest PDQ Inventory

PDQ Inventory scans and reports software, hardware, and OS configurations for your Windows network. 
Its features include:
- Scanning for installed software and hardware on each computer
- Create reports on what's installed on your network
- Organize computers into collections that make sense to you
- Really cool admin tools allow you to perform tasks on your computers
- Integration with PDQ Deploy

Here they are product comparisation.

PDQ Deploy Comparison

PDQ Deploy Free, Pro, and Enterprise Features

FeaturesFree Mode Pro ModeEnterprise
Deploy Applications and PatchesYes!Yes! Yes!
Works with MSI, EXE, Batch, and more.Yes!Yes!Yes!
Deploy PowerShell & VB ScriptYes!Yes!Yes!
Deploy to PDQ Inventory, Spiceworks, ADYes!Yes!Yes!
Basic level Package Library Access1Yes!Yes!
Schedule DeploymentsYes!Yes!
Create Multiple Step and Chained (Nested) PackagesYes!Yes!
Integrate with Custom Tools & ScriptsYes!Yes!
Set Automatic Inventory Scan After Deployments 2Yes!Yes!
Throttle BandwidthYes!Yes!
Status Email After DeploymentsYes!Yes!
Wake-On-LAN & Heartbeat ScheduleYes!Yes!
Setup Recurring DeploymentsYes!Yes!
Independent SchedulesYes!Yes!
Multi-user capable (package sharing)Yes!
Full access to Package Library (See list)Yes!
Auto Deployment of Library Packages Yes!
Retry QueueYes!

related pdq and sccm articles:

Tips - how to migrate PDQ deploy and PDQ inventory to another server


Server - PDQ Deploy utility per monitorare la rete ed installare software

Tips - Windows 7/8/10 Offline files not removed after Offline folder feature disablinig

On Windows 7/8/10 if you disabled offline folder feature but cached files are allways in this folder:

c:\windows\CMC and take space you can follow this Microsoft Articlet ore download Fix It tool.

https://support.microsoft.com/en-us/kb/942974

or you download it from this link:

http://go.microsoft.com/?linkid=9754190

2008 - Install the Remote Desktop Licensing Role Service

Here is relative article that exploit how to Install rap licensing role Service on Windows 2008 r2

720check