Monthly Archives: September 2014

Software

Migrate DHCP from Windows Server 2003 to Server 2012

This guide will crash course you on migrating DHCP from 2003 to 2012. Basic admin knowledge is advisable.

  1. First install DHCP services on Server2012
  2. Authorize the new DHCP server on the domain
  3. Validate the authorization
    1. On the old server execute this command in prompt:
      netsh dhcp show server
    2. Check that BOTH servers are listed
  4. On the old Server 2003 export the current DHCP configuration
    1. netsh dhcp server <\\servername> export <c:\filename> all
  5. On the new Server 2012, import the DHCP configuration
    1. Shutdown DHCP service
    2. Delete c:\windows\system32\DHCP\dhcp.mdb
    3. Start the DHCP service
    4. netsh dhcp server <\\servername> import <c:\filename>
    5. Restart DHCP service

Now you’re done!

Source: Technet Blogs

Software

Restoring a RAID array on Linux (mdadm)

01. Check the status of the raid:
# sudo mdadm –detail /dev/mdX
OR
# sudo cat /proc/mdstat (locate _ in the UUUU section)

02. Locate the broken disk:
# sudo cat /dev/sdX > nul (check HDD led for flashing/permanent light)
# sudo hdparm -i /dev/sdX | grep -i “serialno”

03. Remove the failed drive
# sudo halt
Replace drive (take note of serial number)

04. Locate the new drive
# sudo hdparm -i /dev/sdX | grep -i “serialno”
ex /dev/sdc

05. OPTIONAL: Partition the drive (GPT)
# sudo parted /dev/sdc
parted> mklabel gpt
parted> mkpart primary KB/GB GB

06. Add drive to broken raid
# sudo mdadm /dev/mdX –add /dev/sdc

07. Check status of RAID rebuild
# sudo mdadm –detail /dev/mdX
OR
# sudo cat /proc/mdstat
OR/AND
nmon (to check disk activity)

Now we are done!

Software

Changing network type Win8/Server2012

Changing the network type on Win8/Server2012 has change since Win7. Now you have to switch this in local group policy intead. Here is a step-by-step how to change it:

  1. Type WinKey+R
  2. Type gpedit.msc, hit enter
  3. Browse down to Computer Configuration > Windows Settings > Security Setting > Network List Manager Policies
  4. Dubbelclick on you desired network
  5. Click on tab “Network Location”
  6. Under “Location Type” set the value that you want.
  7. Close gpedit.msc

Now your all done

1-Local Group Policy Editor 2- Properties

Software

Home Folder Rights

So, I always forget this stuff but setting good home folder rights is THE way of automating home folder creating from AD to a share or allowing users to create backupfolders on any share basically.

Link to the source site: Technet Blog AD Team + my own tweaks

1. Turn off inheritance on the folder and copy the permissions. You do this by:

a. Click the Advanced button found on the Security tab.
b. Clear Allow inheritable permissions to propagate to this object check box in the Advanced Security Settings dialog box.
c. Click Copy when prompted by the Security dialog box.

2. Click OK to return to the Security tab. Ensure we have the following permissions set and remove all others:

Administrators: Full Control (This folder, subfolders and files)
System: Full Control (This folder, subfolders and files)
Creator Owner: Full Control (Subfolders and files only)
Authenticated Users: Special (This folder only)

3. Change permissions for Authenticated Users and Creator Owner to match step 2. Now they cannot access other users’ folders but are allowed to create new ones on the top level. You do this by:

a. Click Advanced on the Security tab.
b. Click Authenticated Users and then click Edit.
On the Applies to dropdown, select This Folder Only and Check the following boxes:
Traverse Folder / Execute File
List Folder / Read Data
Read Attributes
Read Extended Attributes
Create Folder / Append Data
Read Permissions
c. Click OK
d. Now click Creator Owner and then click Edit
On the Applies to dropdown, select Subfolders and Files only and Check the following boxes:
Full Control
e. Click OK twice.

Good security practice would also be to enable ABE (Access Based Enumeration) on Server2003 and later. This will “hide” all shares that a user does not have permission to read. I like ABE, you should to. As a sidenote it seems that Oracle Solaris is also capable of Windows compatible ABE on *nix shares, very cool!

 

Now you are done!