Tuesday, August 9, 2011

How to block UltraSurf in squid -Resolved


How to block UltraSurk in squid -Resolved
Ultrasoft is one among the proxy bypass software which cannot be blocked since the IP address of the server changed frequently and also it encrypts the traffic through the secured pipe.
I think the only way to block it in the squid is to block IP based browsing in the squid proxy
TO achieve this you should add the below lines in the squid.conf file

vi /etc/squid/squid.conf

add the below lines in the top of all access lists

acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
http_access deny ipacl
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
http_access deny  numeric_IPs


after this Ultrasurf will not be able to connect to their server since it initiate IP based request for that

Thursday, March 31, 2011

How to enable Windows 2008 R2 Active directory Recycle bin


Firstly though the Active Directory Recycle Bin is not enabled by default and has certain domain and forest wide requirements before it can be enabled.
  • Firstly, all domain controllers within the Active Directory forest must be running Windows Server 2008 R2.
  • Secondly, the functional level of the Active Directory forest must be Windows Server 2008 R2.

For the ease of installation ,make sure that you are in Schema master or Domain naming master domain controller(Any or one among them will work)
Check this by using
C:\ netdom query fsmo

Errors

Enable-ADOptionalFeature : A referral was returned from the server
At line:1 char:25
+ Enable-ADOptionalFeature <<<<  -Identity `CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows
 NT,CN=Services,CN=Configuration,DC=mydomain,DC=com' -Scope ForestOrConfigurationSet -Target `mydomain.com'
    + CategoryInfo          : NotSpecified: (CN=Recycle Bin ...domain,DC=com:ADOptionalFeature) [Enable-ADOptionalFe
   ature], ADException
    + FullyQualifiedErrorId : A referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.En
   ableADOptionalFeature

Solution :
Just import the AD cmdlets into powershell first:
PS C:\Users\Sysadmin> import-module activedirectory

And then try


PS C:\Users\Sysadmin> Enable-ADOptionalFeature –Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=mydomain,DC=com’ –Scope ForestOrConfigurationSet –Target ‘mydomain.com’ 








Friday, March 18, 2011

FSMO transfer operation failed

By using the operations manager i get the following message:
"The transfer of the operations master role cannot be performed because:
The requested FSMO operation failed. The current FSMO holder could not be
contacted"

Solution :
I have restarted Netlogon and  it worked for me

Friday, February 18, 2011

Group policy -Points

  • Group Policies can be applied at multiple levels  Sites->domains-> organizational Units.To stop or control this flow we can use two options as below
  •  No Override - This prevents child containers from overriding policies set at higher levels
  • Block Inheritance - Stops containers inheriting policies from parent containers
  • No Override takes precedence over Block Inheritance so if a child container has Block Inheritance set but on the parent a group policy has No Override set then it will get applied. Also the highest No Override takes precedence over lower No Override's set.
  • There are two default GPOs in every Active Directory domain:
    • Default Domain Policy
    • Default Domain Controllers Policy
    • You change the group policies, and now the computer and user settings are in conflict. Which one has the highest priority?
  • Ans:The computer settings take priority.

GPO,GPT and GPC

GPO - Group Policy Object - Refers to the policy that is configured at the Active Directory level and is inherited by the domain member computers. You can configure a GPO – Group Policy Object - at the site level, domain level or OU level.
GPC – Group Policy Container:
This is the AD portion of group policy .The containers can be viewable using ADSI edit . It stores version information, status information, and other policy information. When you create a new GPO, an AD object of class groupPolicyContainer gets created under the System\Policies container within your AD domain
GPT - Group Policy Templates: The GPT is used for file-based data and stores software policy script, and deployment information. The GPT is located on the system volume folder of the domain controller. A GPO can be associated with one or more Active Directory containers such as a site, domain, or organizational.

Difference between Windows 2003 and 2008

      
·         Read Only Domain Controllers (RODC)
·         Role-based installation
·         2008 is combination of vista and windows 2003r2. Some new services are introduced in it
·         WDS (windows deployment services) instead of RIS in 2003 server
·         Group policy editor is a separate option in ads
·         The main difference between 2003 and 2008 is Virtualization, management.
·         Server core installation which will install a minimal  environment that avoids extra overhead

Important Records

1) A-Record : A records directly resolve a host to an IP address.
2) CNAME: stand for Canonical Name, or alias, where the hostname listed resolves to another hostname
3) MX: provide Mail Exchanger (E-mail) resolution for which server to use for a specific domain
4) NS
5) PTR: that provides reverse DNS resolution or IP address to Fully Qualified Domain Name.
7) SOA: Start of Authority (or SOA) is declared. This states what DNS server has the master copy of the domain and the e-mail address of the person to contact if there are any problems

8) SPF: Send Policy Framework
9) TXT:This is also important to authenticate a mail server for a specific domain

How aging and scavenging works.

When ever a new system or entry added to a DNS server ,then the DNS server will keep a time stamp for that entry .then for then next 7 days (No-refresh interval )the server will not cross check this entry .after 7 days the dns server will try to get update from the client (Refresh time)for the next 7 days. The process of no-refresh +refresh interval is called aging  .If it does not get any response from the so called client, then it starts scavenge, means it will remove the entry from its database
DNS Monitoring tool

Ponits in DNS

Auhoritative DNS Server: it is responsible of a specific name space and it know there is an entry or ther is no such entry
Non Authorititive DNS Server: they use either the cache or forwarder for DNS resoluton
Forwarders: A forwarder is a DNS Server to which other DNS Servers forward queries
2 types of forwardes
1) Standard: all the queries will forward to an another dns server and that server will resolve the domain name on behalf of this dns server
2)Conditional: in this type of forwarding, all the dns query other than 1 or more domain names will be forwarded to another DNS server
DIffernet types of DNS Zones
1)Standard primary :which is the master zone and it is read/write option
2)Secondary : Which is the read only copy of primary zone
3)Stub zone : only have information about other DNS Server. It only have the below entries.
A copy of the SOA record for the zone.
Copies of NS records for all name servers authoritative for the zone.
Copies of A records for all name servers authoritative for the zone.
That's it--no CNAME records, MX records, SRV records, or A records for other hosts in the zone
Aging and scavenging : it uses to keep DNS database updated by removing outdated records
Aging : Determids when a stale record should removed from a DNS database
Scavenging : removes outdated or extinct names from a database
Parameter

 DNS -Parameters :
1) No-Refresh Interval -default is 7 days
refresh interval -default is 7 days

Types of DNS Query

2 types of DNS query :
iterative querry : This query will be the correct DNS name or the possible next step for a server to contact for the resolution.The server will try to find the actual DNS name by doing the trial and error till it gets the result or an error
Recursive querry : usually client ask the server or a server ask to its Forwarder. Here the only option is to give the resolved IP address or showing an error if it doesn’t find an answer .It will not try an another step to get the result

How to take backup of DHCP

Since the dhcp.mdb is always in use we will not be able to take a backup of this. Otherwise we may need to stop the service. But there is a backup folder on dhcp folder in the system root which will sync every 60 Minutes

Global Catalog Server

A global catalog server is a domain controller it is a master searchable database that contains information about every object in every domain in a forest. The global catalog contains a complete replica of all objects in Active Directory for its host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest. It has two important functions:
Provides group membership information during logon and authentication
Helps users locate resources in Active Directory

Bridgehead Server


A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For interstice replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.

Important tools in Active Directory


Adsiedit.msc: Used to add, move and delete objects; and to change or delete object attributes.
Dcdiag.exe: Used to determine the state of domain controllers in the forest/enterprise.
Netdom.exe: Can be used to manage domains and trust relationships.
Repadmin.exe: Used to monitor, diagnose, and manage replication issues.
Esentutil.exe: This is to repair ntds.dit file which is the database of AD
Netdom : This is used to rename a domain controller,remove a member server/computer from domain ,And netdom query is to view details of computers in an OU etc

Replmon.exe: Used to monitor and manage replication through a graphical user interface (GUI).
Ntdsutil :
·         To manage FSMO roles like listing the FSMO Holders,Transfering and seiezing FSMO roles
·         Doing metadata cleanup
·         To reset Directory service restore password

Directory Services Restore Mode

Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. It is used to log on to the computer when Active Directory has failed or needs to be restored.
To access Directory Services Restore Mode, you typically press F8 prior to the machine booting into Windows, then select the Directory Services Restore Mode option from the menu that appears.
For Remote Machine access the machine using  MSTSC and Edit  boot.ini file in Notepad.
Add the following line to the end of the boot.ini file:
/SAFEBOOT:DSREPAIR
Save and close the boot.ini file.
Reboot the server.

sysvol replication and AD Replication


The system volume contains scripts and group policies.Changes to SYSVOL are replicated to domain controllers within the same domain via File Replication System (FRS) replication. With FRS replication, the full file is replicated and not just the actual changes that were made to the file. This differs to Active Directory replication. With Active Directory only the changes that were made to Active Directory objects are replicated.

Active Directory Intrasite and Intersite Replication

Intrasite replication in Active Directory takes place between domain controllers within the same site. This makes intrasite replication an uncomplicated process. When changes are made to the replica of Active Directory on one particular domain controller, the domain controller contacts the remainder of the domain controllers within the site. The domain controller checks the information it contains against information hosted by the other domain controllers. To perform this analysis, the domain controller utilizes logical sequence numbers. Intrasite replication utilizes the Remote Procedure Call (RPC) protocol to convey replication data over fast, reliable network connections. With intrasite replication, replication data is not compressed.
Intersite replication takes place between sites. Intersite replication can utilize either RPC over IP or SMTP to convey replication data. This type of replication has to be manually configured. Intersite replication occurs between two domain controllers that are called bridgeheads or bridgehead servers. The role of a bridgehead server (BS) is assigned to at least one domain controller in a site. A BS in one site deals with replicating changes with other BSs in different sites. You can configure multiple bridgehead servers in a site. It is only these BSs that replicate data with domain controllers in different domains by performing intersite replication with its BS partners. With intersite replication, packets are compressed to save bandwidth. This places additional CPU load on domain controllers assigned the BS role. BSs should therefore be machines that have enough speed and processors to perform replication. Intersite replication takes place over site links by a polling method which is every 180 minutes by default.

What Is a Tombstone?


When Active Directory deletes an object from the directory, it does not physically remove the object from the database. Instead, Active Directory marks the object as deleted by setting the object’s isDeleted attribute to TRUE, stripping most of the attributes from the object, renaming the object, and then moving the object to a special container in the object’s naming context (NC) named CN=Deleted Objects. The object, now called a tombstone, is invisible to normal directory operations.
Obviously, objects don’t remain in the CN=Deleted Objects container forever. The default tombstone lifetime is 60 days for forests initially built using Windows® 2000 and Windows Server 2003, and 180 days for forests that were initially built with Windows Server 2003 SP1. Every 12 hours, each domain controller starts a garbage collection process. (This can be changed by setting a new value for the garbageCollPeriod attribute of the CN=Directory Service,CN=Windows NT, CN=Services,CN=Configuration,DC= object.) This garbage collection scans all of the tombstones on the DC and physically deletes any that are older than the tombstone lifetime.
The Deleted Objects container is hidden and cannot be viewed by using Active Directory Users and Computers and ADSIEDIT.MSC. But you can use LDP.EXE.

Note:There is another tool names ADRestore.exe which will do the same as LDP.exe

Authoritative and Non-Authoritative restore of an active directory

Non Authoritative  The default method of restoring an active directory is Non-Authoritative. This method will restore an active directory to the server in question and will then receive all of the recent updates from its replication partners in the domain. For example, a server that has a System State backup from two days ago goes down. A restore of the two-day old active directory would be performed and it would then be updated from the other domain controllers when the next replication takes place. No other steps would be required

Authoritative: This method restores the DC directory to the state that it was in when the backup was made, then overwrites all the other DC's to match the restored DC, thereby removing any changes made since backup. Authoritative restores do not have to be made of the entire directory, to restore only parts of the directory. When only parts of the active directory are restored, say an organizational unit, this information is pushed out to the remaining DC's and they are overwritten. However, the rest of the directory's information is then replicated to the restored DC's directory and it is updated

Thursday, February 10, 2011

How to change Time in Linux

Set timezone using /etc/localtime configuration file [any Linux distro]
Often /etc/localtime is a symlink to the file localtime or to the correct time zone file in the system time zone directory.

Create a symlink to file localtime:
# ln -sf /usr/share/zoneinfo/EST /etc/localtime