Search This Blog

Wednesday, February 10, 2010

Windows 2008 File Server Resource Manager

As part of the file services for Windows Server 2008, File Server Resource Manager provides a concise, user-friendly and functional console for administrator to govern their file server.



As seen here, the FSRM consists a few functions
1. Quota Management


To easily control users' storage quota. Quota is assigned to folders (not users), hence I guess you cannot define different quota for individuals within the same folder. Probably will need to do it the 2003 way, Disk managment > Drive properties > quota.
A good thing here is you can set notification to be sent when a certain threshold is met.

2. File Screening Management
This tool allows you to do file filtering for your file servers. You might want to control users from storing media files on the file server, this tool provides an easy way to do that.



and this tool goes by folder location as well, so we are not able to set individual screening here.

When the file type is being screened, users will receive an alert when they want to store the file, a notification can be set to send to a particular admin (it's good to set it to folder owners for their own discretion)

3. Storage Report Management


Storage Report Management allows you to generate reports for your file server.

4. Classification Management
This allows you to set a certain properties and rules on your files, for advance file management I guess. Not quite sure how to use this yet.

5. File Management Task
This allows you to generate a certain task when condition is met, and can be combined with Classification Management. Not quite sure how to use this yet.


Related Link:
File Server Resource Manager Step-by-Step Guide for Windows Server 2008
Posted by at No comments:

Tuesday, February 9, 2010

Windows Time Service

Because AD is using kerberos authentication, there is a limit of 5 minutes in time difference between client and the DC (this is to prevent a certain type of authentication attacks). The time is checked during the generation of the authentication package.

Following AD design, member servers and computers will sync time with their target logon server. Use "Set Logonserver" to see the target logon server.

Domain controllers will sync time with the PDC of the domain. and the PDC of the domain will sync its time with the parent domain PDC and so on. and the forest root PDC should sync with a reliable external/internal time source.

To check PDC : netdom query fsmo
To check time sync server : w32tm /monitor
To sync with reliable time source:

w32tm /config /manualpeerlist:192.5.41.41 /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time

**Note : "net time" command is not accurate to determine the time sync server.


Ace Fekay's Active Directory, Exchange and Windows Infrastructure Services Blog gives a very detailed explanation on the time services and the command to reset some of the problems.
My discussion with Ace on the time service matter
Posted by at No comments:

Thursday, February 4, 2010

Server 2008 Terminal Server / Remote Desktop

Trying to implement a Terminal server on server 2008 with 5 user CAL.
Apparently the terminal server has now been renamed to remote desktop Host... :P
(My guess the change is in 2008 R2)

Anyway, got the role installed, however stuck at creating connections. It keeps giving me the error
"New connection needs to has unique connection type, transport type and network protocol"

Not sure how to solve this as the connection is the first connection, so it should be unique.

And the server is not joined to domain yet, so registering the license in AD DS seems to be not an option now.

============
Guess will have to join the server to domain first. then work from there. FML.

============
OK. Got the TS server up.

1. Add remote desktop server role on the server. Select remote desktop Host and Remote Destkop licensing server (if you haven't got any licensing server in the environment).

2. Restart is part of the adding role process

3. Once server is up, you can choose to join the server to the domain (depending on your network design). The licensing server will be added into AD DS service records as one of the TS licensing server for the domain.

4. Navigate to the Administrator tools > TS licensing server, you should see that the TS license server is not activated. Right click select "activate server"

5. Go thru the activation process by contacting microsoft via web/phone/automatic. (I used web)

6. You will need the server ID which is provided in the console, as well as your company details to complete the registration

7. Once registration is completed, a license key will be given to activate the server

8. Once server is activated, you can proceed to install the user/device CAL on the TS licensing server.

9. Follow the options to install user/device CAL, go thru the same web page for activation and select install user/device CAL.

10. You will need the agreement type and agreement number to complete the installation.

11. Once complete you will get a license number which needs to be keyed in at the activation console to install the CALs.

12. Once keyed in, registration is completed and you can navigate into the TS licensing server console to see the configured user/device CALs.

13. To configure the RDP connections, go to Remote Session Host Configuration.

14. The RDP-Tcp is created by default. You may edit the properties to allow more users per session.

15. Only administrators/users/user groups under Remote Desktop Users will be able to login onto the server. Check the Remote Desktop Users group under server manager > Configuration > Local Users and Groups > Groups

For some screenshots:
Installing the Terminal Services License Server
Posted by at No comments:

Tuesday, February 2, 2010

Exchange 2003 : Sender Filtering

Got to know that exchange 2003 actually has an built-in spam filter feature.

It is located under global settings > message delivery > properties

Under here you can find a few options to help anti-spam.

Tried out the sender filtering today and it actually helps you to block email from specific sender email address or domain.

1. Specify the email in the filter
2. apply
3. go to email server > protocol > smtp properties
4. click on advanced
5. edit the port 25
6. apply sender filtering.
7. OK

The filter will apply for incoming emails.

Helpful link:
http://www.msexchange.org/tutorials/Sender-Recipient-Filtering.html
Posted by at No comments:
Subscribe to: Posts (Atom)