G->TechLink: G->Pointer's Technology Link

Windows Server 2012/R2 manages the backups itself. It claims to not fill the harddisk and manage itself, which backups to keep and which to replace by others. But maybe there is the need to get rid of more backups than the automatic retention decides. To keep e.g. only 30 backups: Run Cmd as admin WBADMIN DELETE BACKUP -keepVersions:30 Or more general: WBADMIN DELETE BACKUP -keepVersion: -BackupTarget: To delete individual backups see the further examples: WBADMIN DELETE BACKUP -version:03/31/2006-10:00 WBADMIN DELETE BACKUP -backupTarget:f: -deleteOldest Note that the time must be given in UTC. So, while it shows up in the user interface as CEST "16:00" it has to be specified as "14:00" on the command line. Sources: Wbadmin

By default a domain controller is a read/write domain controller. So, it can be used to authenticate against it, but also to e.g. set a new password. That password will then be replicated out to other domain controllers on your network. Why would you need a read-only domain controller now? In short: for security reasons (not performance, availability, ...). The assumption is that remote offices will be less secured than the company headquarters for many reasons (e.g. reducing IT costs on security). As such it is handy to have a local domain controller that clients can use to authenticate on-site. Yet, those should not be allowed to replicate data back to the central system, as they are assumed to be more vulnerable to attacks and breaches than the (hopefully) fortified HQ. Sources: Introduction to Active Directory Infrastructure in Windows Server 2012 @ ~20:00

It can be done with the certutil command line tool or the GUI. Just perform these steps: Go to the Certificate Authority (e.g. through Server Manager / Tools or Administrative Tools) Right-click the CA to backup All tasks Backup... Similar if you want to restore a CA. Sources: Training Guide Configuring Advanced Windows Server 2012 R2 Services (MCSA), page 216f Keywords: Windows Server 2012 R2, Active Directory, Certification Authority

"The root of the trust chain in any PKI is the Root Certification Authority." For security reasons the machine that you will be using is an isolated / standalone / non-domain joined machine. You want to limit access to this machine as much as possible. The function of the Root CA is to "generate the server certificates that will be installed on the subordinate CAs. And those subordinate CAs will actually distribute user and computer certificates." Note that the default hash algorithm SHA-1 has been flagged as weak meanwhile. As this will be the root CA you can and should go for something strong like SHA512 and a key length of 4096 bits. Sources: Installing a Two Tier PKI Hierarchy in Windows Server 2012: Part II, Installing a Root Certification Authority with the GUI Step by Step Install Root Certificate Authority on Windows Server 2012 R2 Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation TechNet ...

In the attempt to combine private cloud (aka on-premise installation), public cloud (e.g. Microsoft Azure) and hosted cloud (servers provided by 3rd parties) Microsoft released a while ago the Azure Service Bus through the additional install for Windows Server 2012 R2 called "Windows Azure Pack". The Service Bus provides unified messaging capabilities across the different deployment scenarios. It addresses 3 core scenarios: 1. Application Messaging Patterns with Service Bus Messaging with the Service Bus allows building loosely coupled applications. "To enable a wide variety of messaging scenarios, Service Bus provides message queues and “Publish/Subscribe” topics. A queue is a message store in which messages are ordered by send date. One or multiple senders can send messages into a queue, and one or multiple receivers can read and remove messages from the queue. Once a receiver has received a message, that message cannot be received by another receiver. T...

This quickly shows how to install the DHCP server role on Windows 2012 R2 and how to quickly configure an IPv4 scope. Sources: Windows Server Administration Fundamentals: Part 5: Essential Services @ 0:22 - 0:28 Keywords: Windows Server 2012 R2, Roles, DHCP

On first glance it might be tempting on smaller networks to put the Windows Server Update Services (WSUS) on the DC; it won't drag that much performance, right? But no, according to MSDN the impact will be "If WSUS is installed a domain controller, this will cause database access issues due to how the database is configured." Sources: WSUS: WSUS should be installed on a non-domain controller Guidance about WSUS on a Domain Controller Step by Step : Installing & Configuring WSUS in Server 2012 R2 Step by Step : Installing & Configuring WSUS in Server 2012 R2, Comment Keywords: Windows Server 2012 R2, Updates, WSUS, Domain Controller

Probably there are many ways to decide on how to purchase server hardware, but a simple approach is (yet another) triangle of parameters: Performance Availability Cost The nice picture the two presenters give: you will allow more cost on an important business-critical server to assure performance and availability, as compared to hosting a website with cat pictures. First you should investigate the minimum and optimal requirements for the application you want to run on the server. Also, you would try to anticipate current and future usage/users on the system. Try to anticipate ahead for 3-5 years. You don't want to just plan for the immediate now, but for the foreseeable future. Furthermore keep in mind that some amount of processor time, memory, storage and network will be already eaten up by Windows itself. Also take a good look at mandatory Windows Server services that are required by your application or service and add them to the list of the required hardware. The...

Share permissions add up (you have permissions from multiple groups, so you get more permissions each). Folder/NTFS permissions add up (you have permissions from multiple groups, so you get more permissions each). BUT share and NTFS permissions added up together, actually limit down to the file permissions. E.g. you have read-write for the share, but only read from NTFS; subsequently you will only be able to read a file or folder, but not write to it. Sources: Security Fundamentals: Part 2 at about 40 min. Keywords: Security, Windows Server 2012 R2

The linked video shows and explains defining a DHCP scope. Sources: Networking Fundamentals: Part 6 at minute 19. Keywords: Windows Server 2012 R2, Networking

To turn a Windows Server into a router (that will serve as a default gateway;) the Routing and Remote Access service is used. Sources: Networking Fundamentals: Part 4 Keywords: Windows Server 2012 R2, Networking

If you want to go back to another complete system state you cannot simply do this via the in-Windows based Server Backup and Restore GUI. Likely it will tell you some message like: "WBADMIN START SYSTEMSTATERECOVERY". How to get into the repair disk: Start/restart the computer, Press F8, Select Repair Your Computer Select Troubleshooting System Image Recovery ... The command line accessible from the repair disk allows you to restore any available restore point. To query available restore points execute " wbadmin get versions ". On the repair disk this first gives you no available resources. If your backup is e.g. on drive D: keep in mind that this is in the repair disk now E:. So, wbadmin get versions -backupTarget:e: This should now give you all the available backups and their suitability to restore a system (bare-metal backup). Backup time: 22.11.2014 16:00 Backup target: Fixed Disk labeled D: Version identifier: 11/22/2014-15:00 Can rec...

If you want to go back to another complete system state you cannot simply do this via the in-Windows based Server Backup and Restore GUI. Likely it will tell you some message like: "WBADMIN START SYSTEMSTATERECOVERY". One fully graphical supported way is to use the so-called repair disk. Start/restart the computer, Press F8, Select Repair Your Computer Select Troubleshooting System Image Recovery ... The big shortcoming of that tool is that it only shows you the latest system restore point, which might be after what you want to recover. If you really want to restore to a very specific point (e.g. one week earlier where a certain issue did not happen yet) you will have to use the command line accessible from the repair disk. Note: The command line in a normal running Windows will can neither execute the respective restore command. Sources: Windows 2008 R2: Recover the Operating System or Full Server How to restore a system image in Windows Server 2012 ...

Sizing discussions can range from exact numbers to the vague statement of "it depends [on the usage/applications/...]". But even an "it depends"-discussion has to start with some bare numbers as a basis. Harddisk (Storage/Database Size) 40KB to 60KB for each user RAM Database Size Base operating system recommendations (SYSVOL) Third-party applications (Anti-Virus, Monitoring, Backup, ...) Storage/Database Size 40KB to 60KB for each user Network 1 Gb CPU 1000 concurrent users for each core It is recommended to size in cycles, such as through "a three step process [that] will be used as part of the capacity planning cycle." Measure the existing environment, determine where the system bottlenecks currently are, and get environmental basics necessary to plan the amount of capacity needed. Determine the hardware needed according to the criteria outlined in step 1. Monitor and validate that...

Networking - allowing your users access to resources Security - keeping people away from resources Sources: Security Fundamentals: Part 1 at about 6 min. Keywords: Security, Windows Server 2012 R2, Microsoft

Quite moderate minimum requirements for the basic hardware requirements, but depending on usage (as always) the more RAM the better. Processor Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core) Memory Minimum: 512 MB RAM Disk Space Requirements Minimum: 32 GB or greater Usually the question also goes hand-in-hand with the other tasks that machine can perform: "There are certain roles that typically get folded in with the domain controller in all but the biggest networks (e.g. DNS/DHCP/WINS/Cert Server) with little harm." "There are some that get folded into a DC and will cause performance issues on all but the smallest networks (e.g. File Server/intranet server/WDS Server) but these issues are probably manageable depending on load. These previous two classes of role are a case of a balancing act, how concerned you are about performance on your DCs vs. the resources you have available to provision your network. It's b...