Monday, December 28, 2009

IP arvutamine

Kui soovid saada Windows 7 sertifitseeritud spetsialistiks, peaksid sa oskama IP-d ja IP klasse arvutada. Seda saab teha ka edukalt tavalise windowsi kalkulaatoriga. Näiteks üks test küsimus ja lahendus MCTS: Windows 7 - Configuration Training KITist:

You issue the command netsh interface ipv6 show addresses on a computer running Windows 7. The interface address comes up as fe80::5efe:10.20.30.221. Which of the following IPv4 networks is the adapter with this Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) address located on?

Vastuse variandid:
1. 10.20.30.192 /27
2. 10.20.30.192 /28
3. 10.20.10.192 /27
4. 10.20.10.192 /28

Õige vastus on 10.20.30.192 /27. Kohe seletan ka miks on just see vastuse variant õige. Selleks, et õiget vastust teada saada tuleb IP konventeerida kahendsüsteemi. IPv4-l on 32 bitti ja on jagatud nelja oktetti. nt 10.20.30.192 on kahendsüsteemis 00001010.00010100.00011110.11000000. Selle saab teada kasutades Windowsi kalkulaatorit. Kalkulaatori vaade peab olema „Programmer“. Valite Dec ja trükite 10 ja siis muudate DEC laadi BIN peale ja saate teada milline on 10 kahendsüsteemis. Niimoodi vaja teha iga oktetiga. IP taga olev kaldkriipsuga number aitab arvutada SubNet maski ja näitab IP aadressi klassi. Selleks, et Subnet mask teada saada tuleb 32 - 27= 5. See 5 tähendab seda, et viimased 5 numbrit on nullid. Subnet mask on kahendsüsteemis 11111111.11111111.11111111.11100000.

Kui vaja teada, et palju IP-sid selles võrgus välja jagatakse tuleb subnet mask ringi pöörata, see tähendab, et nullid üheks ja ühed nulliks 00000000.00000000.00000000.00011111. Kui viimase okteti kaheksa numbrit 00011111 sisestada kalkulaatorisse ja konventeerida ringi saame 31. Sellest 31-st tuleb lahutada 31-1=30. Selles võrgus jagatakse välja 30 aadressi. Algus aadress on 10.20.30.192 ja viimane aadress on 10.20.30.222. Nagu näha mahub vastuse variandi üks aadress sinna vahemikku. Edu lahendamisel:)

Mõned lehed mis aitavad asja selgemaks teha:
http://lss.rutgers.edu/index.php?page=tool_subnet_calc
http://kuutorvaja.eenet.ee/wiki/Marsruutimine

Wednesday, December 9, 2009

MCTS: Windows 7, Configuration

Hei,

Alates eilsest oman MCTS: Windows 7, Configuration sertifikaati.

Monday, December 7, 2009

Loetud ja pooleli olev kirjandus

Viimasel ajal olen läbi saanud lugeda:
  • William R. Stanek . 2009. Windows 7 Administrator's Pocket Consultant (Paperback) . Microsoft Press, 702 lk.
  • Ian McLean and Orin Thomas. 2009. MCTS: Configuring Windows 7 - Self-Paced Training Kit. Microsoft Press, 880 lk.

Pooleli hetkel on:

  • Windows 7 Resource Kit
  • Windows Server 2008 Administrators Companion
  • System Center Configuration Manager 2007 Unleashed

Configuring Windows 7 Self-Paced Training Kit

Töötlesin läbi Windows 7 MCTS eksami raamatu. Panin kirja olulisemad asjad mis eksamisse tulevad ja mida on vaja teada mingite asjade seadistamisel.

Eksami TIPid

1. Testitakse ainult Enterprise ja Ultimate funktsionaalsust.
2. Tea milliseid installatsiooni varjante on võimalik kasutada
3. Kõige pealt tuleb installida Windows XP ja siis Windows 7, et asi ilusti dual booti läheks
4. Sa ei saa kasutada USMT, et network drive, local printers, device drivers, passwords, shared folder permissions ja internet connection sharing settings
5. USMT xml failid on MigApp, MigUser, MigDocs ja config
6. USMT ScanState ja LoadState saab käima lasta /v:13 teeb detailse logi faili ja /P näitab vaja minevat ketta pinda
7. When you run sysprep/generalize command, out of box device drivers are removed from the windows image. Kui lisada PersistAllDeviceInstalls seadistus Microsoft-Windows-PnpSysprep feature True vastuste failis.

Wimscript.inf tuvastatakse automaatselt

DISM tööriista saab kasutada, et imaget muuta, mitte et teha uut imaget

Audit Mode boot CTRL+Shift+F3

Sysprep logid asuvad:

Generalize pass - %WINDIR%\System32\Sysprep\Panther
Specialize pass - %WINDIR%\Panther
Unattended Windows setup actions - %WINDIR%\Panther\Unattendedgc

Windows Setup Configuration Passes:

WindowsPE – Configures Windows PE options and basic Windows Setup options. These options can include setting the product key and configuring a disk. You can use this configuration pass to add drivers to the Windows PE driver store and to reflect boot critical drivers required by Windows PE if you require that drivers for Windows PE access the local hard disk drive or a network.

OfflineServicing - Applies updates to a Windows image. Also applies packages, including software fixes, language packs, and other security updates. During this pass, you can add drivers to a Windows image before that image is installed during Windows Setup.

Specialize – Creates and applies system specific information. For Example, you can configure network settings, international settings, and domain information

Generalize – Enables you to minimally configure the sysprep /generalize command and other windows settings that must persist on your reference image. The sysprep / generalize command remove system specific information from the image, for example the unique SID and other hardware-specific settings. The generalize pass runs only if you run the sysprep / generalize command.

AuditSystem – Processes unattended Setup settings while Windows is running in system context before a user logs onto the computer in audit mode. The AuditSystem pass runs only if you boot to Audit Mode

AuditUser – Processes unattended Setup settings after a user logs onto the computer in Audit mode. The auditUser pass runs only if you boot to Audit Mode
OobeSystem – Applies settings to Windows before Windows Welcome starts

VHD to the Boot menu
1. Bcdedit /copy {current} d „MyVHD“
2. Bcdedit /set device vhd=partition w:
3. Bcdedit /set osdevice vhd=c:\vhds\mychd.vhd
4. Bcdedit /vbcdedit /set detecthal on
5. Bcdedit /v

Bcdedit.exe-ga ei saa teha uut VHD-d

Wim2VHD – sellega saab WIM image konverteerida VHD-eks

Offline Virtual Machine Servicing

Tööriist võimaldab üles äratada arvuteid VHD-s, et nad saaksid ennast uuendada SCCM või WSUSI kaudu. See tööriist töötab koos SCVMM-iga.

DISM käsud:

/cleanup-wim – which removes corrupt files
/remount-wim – which retrieves and remounts, orphaned images
/get-apppatches and /get-apppatchinfo – apply only to installed patches (.msp files)
/get-apps and /get-appinfo - apply only to Windows Installer applications (.msi files)
/commit – salvestab kõik muudatused image sisse.

Driver Verifier Monitor - command line tool, which lets you monitor device drivers to detect illegal function calls or actions that might corrupt the system. Verifier /volatile flag lets you start verification of any driver without rebooting.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion siin asub DevicePath võti mida saab muuda vajadusel, et Windows otsiks driverid kuskilt mujalt ka.

Software Restriction Policies are applied in particular order:
1. Hash rule
2. Certificate rules
3. Path rules
4. Zone rules
5. Default rules

AppLocker overrides software restriction policies. Application Identity Service peab töötama, et AppLocker poliitikad töötaksid. Vaikimisi on see teenus MANUAL.

Vaikimisi sa ei saa Windows 7 arvuteid pingida

Ipv6 supports the following types of unicast address:
Global – Global unicast addresses are the Ipv6 equivalent of Ipv4 public addresses and are globally routable and reachable on the Ipv6 internet. The format Prefix (FP) of a global unicast address is held in the three most significant bits, which area always 001. In other words, in theory, they starts with 2-3 – but in practice, they always start with 2. Global unicast addresses are the Ipv6 equivalent of Ipv4 public addresses and are globally routable and

Link-local – You can identify a link local address by an FP or 1111 1110 10, which is followed by 54 zeros (link local address always begin with Fe8). Link-local Ipv6 addresses are equivalent to Ipv4 addresses allocated through APIPA

Site-local – address begin with Fec0. Site-local Ipv6 addresses are equivalent to the Ipv4 private addresses.

Special – Two special Ipv6 addresses exist – the unspecified address and the loopback address. The unspecified address 0:0:0:0:0:0:0:0 (or ::) is used to indicate the absence of an address and is equivalent to the ipv4 unspecified address 0.0.0.0. The loopback address 0:0:0:0:0:0:0:0:1 (or ::1) is used to identify a loopback interface and is equivalent to the Ipv4 address 127.0.0.1

6TO4 Address

A 6to4 address enables Ipv6 packets to be transmitted over an ipv4 network without the need to configure explicit tunnels. 6to4 hosts can communicate with hosts on the Ipv6 internet. A 6to4 address is typically used when a user wants to connect to the ipv6 internet using Ipv4 connection. It takes the form 2002::::/16

Teredo Address

A Teredo address consists of a 32-bit Teredeo prefix. In Windows 7, Vista and Server 2008 this is 2001::/32.

Hosted Cache

1. Install branche Cache feature
2. Install SSL certificate where the subject name is set to the FQDN of the hosted cache server.
3. Ensure that all clients that trust the certificate authority that issued the SSL certificate installed on the hosted cache server.

Command Line Branch Cache

Netsh BranchCache reset – Kustutab kõik seadistused
Netsh BranchCache show status – Väljastab mis moodi konkreetne teenus on seadistatud
Netsh BranchCache set service mode=distributed – Seadistab Distributed mode BranchCachi.
Netsh BranchCache set cachesize size=25 percent=True – määrab ära kui suur on BranchCache puhvri suurus
Netsh BranchCache set localcache – võimalik määrata BranchCache puhvi asukohta
Netsh BranchCache set Service mode=local – Paneb käima BrancCache teenuse, muudab StartUpi Manuali peale. Tulemüüri reegleid ei tee. Teiste kasutajatega faile ei jaga.

Direct Access

To configure a client running Windows 7 to use IP-HTTPS for DirectAccess, you need to issue the command netsh interface httpstunnel add interface client https://servername/IPHTTPS, where server name is the name of the IPHTTPS server.

Direct Access Connection Methods

Public Ipv6 address - Public Ipv6 address
Public Ipv4 address - 6to4
Private (NAT) Ipv4 address - Teredo
Client unable to connect to network due to firewall - IP-HTTPS

Connection Ports

UDP port 3544 Enables Teredo traffic
Ipv4 protocol 41 Enables 6to4 traffic
TCP port 443 Allows IP-HTTPS traffic
ICMPv6 and IPV4 Protocol 50 Required when remote clients have Ipv6 address

VPN IKEv2

IKEv2 supports automatic reconnection. VPN Reconnect uses the IKEv2 VPN protocol. IKEv2 supports two types of authentication, Extensible Authentication Protocol (EAP), which includes the EAP-MSCHAP v2 and Smart Card or Other Certificate options. It is also possible to use X.509 machine certificates for authenticating IKEv2 connections.

Manage-BDE.exe

Is the BitLocker command - line utility. Manage-bde allows you to unlock BitLocker volumes and allows you to modify BitLocker PINs, passwords, and keys.

BitLockeri seadistamine

To meet the goal of having all computers running Windows 7, BitLocker requiring both the 48-digit recovery password and 256-bit recovery key, and having those items archived to AD DS, you need to configure the following Choose How BitLocker-Protected OS Drives Can Be Recovered settings:

* Allow Data Recovery Agent
* Require 48-Digit Recovery Password
* Require 256-Bit Recovery Key
* Save BitLocker Recovery Information To AD DS For Operating System Drives
* Configure Storage Of BitLocker Recovery Information To AD DS To Store Recovery Passwords And Key Packages

Transparent Caching

When you enable transparent caching, Windows 7 keeps a cached copy of all files that a user opens from shared folders on the local volume. Transparent caching is appropriate for WAN scenarios and has several similarities to the BranchCache feature. Transparent Caching töötab ka mitte domeeni keskkonnas.

System Diagnostics Report

Perfmon /rel - käivitab Reliability Monitor
Perfmon /report - System Diagnostics raport

WinRM and Wecutil

Winrm is used to configure WinRM and is typically used on the source computer. WecUtil is used to configure the Windows Event collector service and is typically used on the collector computer.

Windows Easy Transfer

To perform a network transfer using Windows Easy Transfer, the Windows Easy Transfer application needs to be running on both the source and the destination computer.

WDS Capture

To automate the WDS image capture process, you need to create a WDSCapture.inf file and place it in the same folder in the WDS capture image as the WDSCapture.exe utility, and then configure the WDS server to use this new capture image.

WinPE and ImageX
Windows PE (x86) and ImageX (x86) are cross-architecture utilities. You can capture both 32-bit and 64-bit images using the 32-bit version of these utilities.