സ്ത്രീകള്‍ എങ്ങിനെ വസ്ത്രം ധരിക്കണം എന്ന് പുരുഷന്‍ നിഷ്ക്കര്‍ഷിക്കുന്നത് ശരിയോ? അല്ലെങ്കില്‍ തിരിച്ചും?

Showing posts with label Windows Server. Show all posts
Showing posts with label Windows Server. Show all posts

Sunday, August 18, 2013

Configuring Password Policy Settings in an Active Directory


Implementing Password Policy Settings Step-by-Step
  • Credentials: You must be logged on as a member of the Domain Admins group.
  • Tools: Active Directory Users and Computers.
  • To implement password policy on computer systems that belong to an Active Directory domain
    1. Click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
    2. Right-click the root container for the domain:
      Active Directory Users and Computers

      Note: Screen shots in this document reflect a test environment and the information might differ from the information displayed on your screen.
    3. Select Properties from the menu that appears:
      Active Directory Users and Computers
    4. In the properties dialog box for your domain, click the Group Policy tab, and then click New to create a new Group Policy object in the root container. Type "Domain Policy" for the name of the new policy and then click Close.
      Note: Microsoft recommends that you create a new Group Policy object rather than editing the built-in one called Default Domain Policy because doing so makes it much easier to recover from serious problems with security settings. If the new security settings create problems, you can temporarily disable the new Group Policy object until you isolate the settings that caused the problems.
    5. Right-click the root container for the domain, and then click Properties.
    6. In the properties dialog box, click the Group Policy tab, and then select Domain Policy.
    7. Click Up to move the new GPO to the top of the list, and then click Edit to open the Group Policy Object Editor for the GPO you just created.
    8. Under Computer Configuration, navigate to the Windows Settings\Security Settings\Account Policies\Password Policy folder.
      Group Policy Object Editor
    9. In the details pane, double-click Enforce password history, select the Define this policy setting check box, set the value of Keep password history to 24, and then click OK.
      Enforce password history Prperties
    10. In the details pane, double-click Maximum password age, select the Define this policy setting check box, set the value of Password will expire in to 42, clickOK, and then click OK to close the Suggested Value Changes window that appears.
      Maximum password age Prperties
    11. In the details pane, double-click Minimum Password Age, select the Define this policy setting check box, set the value of Password can be changed after to 2, and then click OK.
      Minimum password age Prperties
    12. In the details pane, double-click Minimum Password Length, select the Define this policy setting check box, set the value of Password must be at least to 8, and then click OK.
      Minimum Password Length Prperties
    13. In the details pane, double-click Password must meet complexity requirements, select the Define this policy setting in the template check box, selectEnabled, and then click OK.
      Password must meet complexity requirements Prperties
    14. Close the Group Policy Object Editor, click OK to close your domain's properties dialog box, and then exit Active Directory Users and Computers.

Verifying New Settings

Use the following procedure to verify that the appropriate password policy settings are applied and effective in the Domain Policy GPO. Verifying the settings and their operation ensures that the correct password policies will be applied to all users in the domain.
Requirements
  • Credentials: You must be logged on as a member of the Domain Admins group.
  • Tools: Active Directory Users and Computers.
  • To verify password policy settings for an Active Directory domain
    1. Open Active Directory Users and Computers, right-click your domain, and then click Properties.
    2. In your properties dialog box for your domain, click the Group Policy tab, select the Domain Policy GPO, and then click Edit to open the Group Policy Object Editor.
    3. Under Computer Configuration, go to the Windows Settings\Security Settings\Account Policies\Password Policy folder, and verify that your settings match the settings shown here:
      Group Policy Object Editor
    4. Close the Group Policy Object Editor, click OK to close the properties dialog box for your domain, and then exit Active Directory Users and Computers.
    5. Verify that users cannot specify passwords that are shorter than 8 characters, that they cannot create non-complex passwords, and that they cannot immediately change their new passwords.
Courtesy :  http://potools.blogspot.in/

Wednesday, February 06, 2013

Windows 2003 Server Domain & Group Policy Configutaion Overview


Installing and setting up Windows Server 2003:


Minimum System Requirements
Processor: 400MHz
RAM: 128 MB
Hard drive: 2 GB
Resolution: 800x600 / Higher


Installation:
  • Insert windows 2003 server CD into your CD/DVD Drive.
  • Run through the installer, it's almost exactly the same as a Windows XP instal
  • On your first login you'll be prompted to update and to configure automatic updates
LAN Settings:
Before moving to active directory creation LAN IP address should be assign as static ip address. ie: 192.168.1.1 etc.,

Active Directory:
  1. To give you server roles, go to Start > Manage Your Server. 
  • You'll then be presented with the Server management page.
  • Click "Add or remove a roll". You're going to see a box come up with a list of all the roles that you can assign, there are 12 in total. 
  • Select "Domain Controller (Active Directory)" and click next.it shows "Run the Active Directory Installation Wizard to set up this server as a domain controller."
  • Next all of that until you get to "Domain Controller Type"
(or)
Goto Run > type "DCPROMO" > Press Enter.
Domain in a new forest
Select this option if this is the first domain in your organisation of if you want the new domain to be completely independent of your current forest.
Full DNS name for the new domain: dop
Domain NetBIOS name: dopserver
Database and Log Folders: Default locations
Shared System Volume: Default Location
then follow the installer configuration.
Restart Now.
When you reboot you should receive a nice message. "This Server is Now a Domain Controller"
Creating Users and Groups:
  • Start > All Programs > Administrative tools > Active Directory Users and Computers.
  • Within your domain, mine being "dop" right click and create a new "Organization Unit". This is where we're storing our groups and users.In an organisation you will have multiple departments, it is wise to create groups for each department for this example i am creating a Managers group.
  • Within your new Managers Organization Unit, create a new group. You can do this by right clicking then New or by clicking the icon on the task bar .
I named my group Managers.
Group scope: dopscope
Group type: Security
Still inside your organizational unit, create a new user.
Add the user to the group.
Right click the group, then go to Properties then the members tab.
Group Policy:

  1. Start > All Programs > Administrative tools > Active Directory Users and Computers
  2. Right click the Organizational unit that you created then click Properties.
  3. Under the Group Policy tab, click New.
  4. To edit, enabled or disabled group poilcy objects click the edit button and it'll bring up a new window.
Enable the following settings:

1) User Configuration > Administrative Templates > Windows Components > Windows Explorer
a) Remove Map Network Drive and Disconnect Network Drive
Prevents users from using Windows Explorer or My Network Places to map or disconnect network drives.
b) Hide these specified drives in My Computer (I enabled for C only)
Removes the icons representing selected hard drives from My Computer and Windows Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.
c) Prevent access to drives from My Computer
If you enable this setting, users can browse the directory structure of the selected drives in My Computer or Windows Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.
2) User Configuration > Administrative Templates > Windows Components > Internet Explorer
a) Disable changing home page settings
Prevents users from changing the home page of the browser. The home page is the first page that appears when users start the browser.
3) User Configuration > Administrative Templates > Start Menu and Taskbar
a) Remove Search menu from Start Menu
Removes the Search item from the Start menu, and disables some Windows Explorer search elements.
b) Remove Help menu from Start Menu
Removes the Help command from the Start menu.
c) Remove Run menu from Start Menu
Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
d) Lock the Taskbar
If you enable this setting, it prevents the user from moving or resizing the taskbar.
4) User Configuration > Administrative Templates > Control Panel
a) Prohibit access to the Control Panel
This setting prevents Control.exe, the program file for Control Panel, from starting. As a result, users cannot start Control Panel or run any Control Panel items.
5) User Configuration > Administrative Templates > Control Panel > Display
a) Prevent changing wallpaper
Prevents users from adding or changing the background design of the desktop.
6) User Configuration > Administrative Templates > System > Ctrl+Alt+Del Options
a) Remove Task Manager
Prevents users from starting Task Manager (Taskmgr.exe)
7) User Configuration > Administrative Templates > Control Panel > Desktop
a) Prohibit user from changing My Documents path
Prevents users from changing the path to the My Documents folder.
8) User Configuration > Administrative Templates > Control Panel > System
a) Prevent access to the command prompt
Disable the command prompt script processing also? No
Prevents users from running the interactive command prompt, Cmd.exe. This setting also determines whether batch files (.cmd and .bat) can run on the computer.
b) Prevent access to the registry editing tools
Disable regedit from running silently? Yes
Disables the Windows registry editor Regedit.exe.
Courtesy : http://potools.blogspot.in

Wednesday, January 23, 2013

Windows System32 config system is corrupt in Windows Server 2003



1. Insert your Windows Server 2003 CD and reboot from the CD drive
[To boot from CD, go to BIOS Setup option on startup and select your CD/DVD drive as the first boot drive, save the present settings and exit]
Your computer will reboot & will boot from Windows Server 2003
2. Press ‘R’ when offered the option of using the Windows Recovery Console
Recovery Console will prompt at the command prompt type the following:
C:\WINDOWS >cd system32\
this changes the current directory to C:\Windows\System32
ren config configold
This renames the config folder to configold
mkdir config
this makes a new directory called config
cd config
changes the current directory to c:\Windows\System32\Config
then type the following lines pressing enter after each one
copy c:\windows\repair\system
copy c:\windows\repair\software
copy c:\windows\repair\sam
copy c:\windows\repair\security
copy c:windows\repair\default
after each line it should say:
1 file copied
type: exit
Now Server will reboot
[To boot from Hard Drive, go to BIOS Setup option on startup and select your Hard drive as the first boot drive, save the present settings and exit]
Courtesy : http://satirur.blogspot.in/

Thursday, March 01, 2012

Installing Active Directory(Domain) in Windows Server 2008

Installing Active Directory Domain Services (AD-DS)


In Windows Server 2008, unlike previous server operating Systems, there is an additional step that needs to be taken before running DCPROMO to promote the server to Domain Controller and installing Active Directory on it. This step is the installation of Active Directory Domain Services (AD-DS) role on the server. In fact, the AD-DS role is what enables the server to act as a Domain Controller, but you will still need to run DCPROMO the regular way.
AD-DS can be installed in one of 3 methods:
Method 1 – Server Manager/Initial Configuration Tasks

Roles can and should be added from Server Manager (but they can also be initiated from the Initial Configuration Tasks wizard that auto-opens the first time you log on to the server).
  1. Open Server Manager by clicking the icon in the Quick Launch toolbar, or from the Administrative Tools folder.
  2. Wait till it finishes loading, then click on Roles > Add Roles link.
  3. In the Before you begin window, click Next.
  4. In the Select Server Roles window, click to select Active Directory Domain Services, and then click Next.
  5. In the Active Directory Domain Services window read the provided information if you want to, and then click Next.
  6. In the Confirm Installation Selections, read the provided information if you want to, and then click Next.
  7. Wait till the process completes.
  8. When it ends, click Close.
  9. Going back to Server Manager, click on the Active Directory Domain Services link, and note that there's no information linked to it, because the DCPROMO command has not been run yet.
  10. Now you can click on the DCPROMO link, or read on.
    1. To run DCPROMO, enter the command in the Run command, or click on the DCPROMO link from Server Manager > Roles > Active Directory Domain Services.
    2. Depending upon the question if AD-DS was previously installed or not, the Active Directory Domain Services Installation Wizard will appear immediately or after a short while. Click Next.
      1. In the Operating System Compatibility window, read the provided information and click Next.
      2. In the Choosing Deployment Configuration window, click on "Create a new domain in a new forest" and click Next.
      3. Enter an appropriate name for the new domain. Make sure you pick the right domain name, as renaming domains is a task you will not wish to perform on a daily basis. Click Next.
      4. Note: Do NOT use single label domain names such as "mydomain" or similar. You MUST pick a full domain name such as "mydomain.local" or "mydomain.com" and so on.
        The wizard will perform checks to see if the domain name is not already in use on the local network.
      5. Pick the right forest function level. Windows 2000 mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the forest you're creating. Read my "Understanding Windows Server 2008 Active Directory Domain and Forest Functional Levels" article for more information on that.
      6. Pick the right domain function level. Windows 2000 Native mode is the default, and it allows the addition of Windows 2000, Windows Server 2003 and Windows Server 2008 Domain Controllers to the domain you're creating.
      7. Note: If you select "Windows Server 2008" for the forest function level, you will Not be prompted to pick a domain function level. Read more about domain and forest function levels on my "Understanding Windows Server 2008 Active Directory Domain and Forest Functional Levels" article.
      8. The wizard will perform checks to see if DNS is properly configured on the local network. In this case, no DNS server has been configured, therefore, the wizard will offer to automatically install DNS on this server.
      9. Note: The first DCs must also be a Global Catalog. Also, the first DCs in a forest cannot be a Read Only Domain controller.
      10. It's most likely that you'll get a warning telling you that the server has one or more dynamic IP Addresses. Running IPCONFIG /all will show that this is not the case, because as you can clearly see, I have given the server a static IP Address. So, where did this come from? The answer is IPv6. I did not manually configure the IPv6 Address, hence the warning. In a network where IPv6 is not used, you can safely ignore this warning.
      11. You'll probably get a warning about DNS delegation. Since no DNS has been configured yet, you can ignore the message and click Yes.
      12. Next, change the paths for the AD database, log files and SYSVOL folder. For large deployments, carefully plan your DC configuration to get the maximum performance. When satisfied, click Next.
      13. Enter the password for the Active Directory Recovery Mode. This password must be kept confidential, and because it stays constant while regular domain user passwords expire (based upon the password policy configured for the domain, the default is 42 days), it does not. This password should be complex and at least 7 characters long. I strongly suggest that you do NOT use the regular administrator's password, and that you write it down and securely store it. Click Next.
      14. In the Summary window review your selections, and if required, save them to an unattend answer file. When satisfied, click Next.
      15. The wizard will begin creating the Active Directory domain, and when finished, you will need to press Finish and reboot your computer.
      Ok Click to restart. There you installed the new active directory
      source:www.petri.co.il
      via- sa paravur

Monday, August 22, 2011

Windows Server - Groups and Rights


Windows Server - Groups and Rights

Group
Description
Default user rights
Account Operators
Members of this group can create, modify, and delete accounts for users, groups, and computers located in the Users or Computers containers and organizational units in the domain, except the Domain Controllers organizational unit. Members of this group do not have permission to modify the Administrators or the Domain Admins groups, nor do they have permission to modify the accounts for members of those groups. Members of this group can log on locally to domain controllers in the domain and shut them down. Because this group has significant power in the domain, add users with caution.
Allow log on locally; Shut down the system.
Administrators
Members of this group have full control of all domain controllers in the domain. By default, the Domain Admins and Enterprise Admins groups are members of the Administrators group. The Administrator account is also a default member. Because this group has full control in the domain, add users with caution.
Access this computer from the network; Adjust memory quotas for a process; Back up files and directories; Bypass traverse checking; Change the system time; Create a pagefile; Debug programs; Enable computer and user accounts to be trusted for delegation; Force a shutdown from a remote system; Increase scheduling priority; Load and unload device drivers; Allow log on locally; Manage auditing and security log; Modify firmware environment values; Profile single process; Profile system performance; Remove computer from docking station; Restore files and directories; Shut down the system; Take ownership of files or other objects.
For more User Rights : Download