Showing posts with label Windows Server. Show all posts
Showing posts with label Windows Server. Show all posts

July 2, 2020

Installing & Enabling Data Deduplication on Windows Server 2019

What is Data Deduplication?

https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/overview
Model deployment:

Install Data Deduplication
Install Data Deduplication by using Server Manager
1.In the Add Roles and Feature wizard, select Server Roles, and then select Data Deduplication.
2. Click Next until the Install button is active, and then click Install.
Enable Data Deduplication
Before enabling Data Deduplication, you must choose the Usage Type that most closely resembles your workload. There are three Usage Types included with Data Deduplication.
Default - tuned specifically for general purpose file servers
Hyper-V - tuned specifically for VDI servers
Backup - tuned specifically for virtualized backup applications, such as Microsoft DPM

1. Select Volumes from File and Storage Services in Server Manager
2. Right-click the desired volume and select Configure Data Deduplication.
3. Select the desired Usage Type from the drop-down box
- Deduplicate files older than
- Custom file extensions
- Add exclude folders
- Set Deduplication Schedule
4. Click Apply to finish

August 16, 2017

Anti-Ransomware File System Resource Manager Lists using Power Shell Script

FSRM actively monitors your Windows Server shares and files and could alert you of any malicious activity you specify.


How-to Use

1. Installs FSRM using Power Shell or Server Manager
2. Run Power Shell Script as Administrator to update rawlist ransomware
Remove-FsrmFileGroup -name "Anti-Ransomware File Groups"
new-FsrmFileGroup -name "Anti-Ransomware File Groups" -IncludePattern @((Invoke-WebRequest -Uri "https://fsrm.experiant.ca/api/v1/get" -UseBasicParsing).content | convertfrom-json | % {$_.filters})

 3. Navigate to Server Manager => Tool => File Resource Manager will see Anti-Ransomware File Groups in File Group


4. File Screen Templates select file group to block : Anti-ransomware file group above
Screening type : Active screening



5. File Screen => Create File Screen
File Screen path: D:\
Screening type : Active screnning
Select file group to block: Anti-ransomware File Group




*** UPDATE RAWLIST RANSOMWARE
Rerun Script below and remmember change -name file group to avoid conflicts old file group

new-FsrmFileGroup -name "Anti-Ransomware File Groups 2 " -IncludePattern @((Invoke-WebRequest -Uri
"https://fsrm.experiant.ca/api/v1/get" -UseBasicParsing).content | convertfrom-json | % {$_.filters})


Video:



DONE

Reference:
https://github.com/nexxai/CryptoBlocker
Check script for windows server 2016: FSRM_NoCrypto_2016.ps1
https://github.com/davidande/FSRM-ANTICRYPTO
You will find what You need


June 29, 2017

How to Backup Active Directory Domain Services Database in Windows Server 2012 R2


You can back up AD DS by using Windows Server Backup, Wbadmin.exe or PowerShell. Depending on the roles installed on the computer running Windows Server 2012 R2, the System State Data on a Domain Controller includes the following components:
  • Active Directory Database (Ntds.dit)
  • The SYSVOL shared folder
  • The registry
  • System startup files
  • The COM+ Class Registration database
  • Active Directory Certificate Services (AD CS) database
  • Cluster service information
  • Microsoft Internet Information Services (IIS) metadirectory
  • System files under Windows Resource Protection
Backing up the System State in Windows Server 2012 R2 creates a point-in-time snapshot that you can use to restore a server to a previous working state. It does this using the Volume Shadow Copy Service (VSS). VSS helps to prevent inadvertent data loss.
To back up the System State Backup using the Graphical User Interface (GUI), perform the following steps:
1. Log on to the domain controller with an account that is a member of the Domain Admins group and Open Server Manager from the Taskbar.
1
2. In the Server Manager, click the Tools Menu and select Windows Server Backup.
2
3. In the Wbadmin (Windows Server Backup) Local console, Click Backup Once in the Actions pane.
3
4. On the Backup Once Wizard page, click the Different Options, and then click Next.
4
5. On the Select Backup Configuration page, click the Custom button, and then click Next.
5
6. On the Select Items for Backup page, click the Add Items button. In the Select Items Windows, check System statecheck box, and then click OK.
6
6i
7. Back on the Select Items for Backup page, click Advanced Settings, and then click VSS Settings and select VSS full backup click Next.
7
7i
7ii
8. On the Specify Destination Type page, select either the Local drives or Remote shared folder button and click Next.
8
9. On the Select Backup Destination page, select the backup destination and then click Next.
9
10. On the Confirmation page review the Backup items, and then click Backup to continue..
10
11. On the Backup Progress page, System state backup status is completed and then clicks Close.
11
To back up System State through the Wbadmin.exe:
1. Open Command Prompt (Admin).
2. In the Administrator: Command Prompt, type wbadmin.exe Start SystemStateBackup
–backuptarget:E:
This will back up the System State from volume(s) from Local Disk (C:) to E:.
Do you want to start the backup operation?
Type Y for Yes and Press Enter.
wbadmin Systemstate backup
Next, Wbadmin.exe creates the shadow copy of the C drive. After it does this it identifies the system state files to back up. Once it has completed its search for system state files, it begins the back up.
Figure shows that back up of system state completed successfully.
Backup completed
Once the backup is complete, wbadmin.exe creates a log with a naming convention of System State Backup-14-08-2014_07-52-55.log.
Backup log


Summary:
Backing of Active Directory is essential to maintain an AD DS database. You can back up AD DS by using Graphical User Interface (GUI), Wbadmin.exe or PowerShell. I hope this article helps during Backing up AD DS Database in Windows Server 2012 R2 Domain Controller.
source: http://www.msserverpro.com/backup-ad-ds-database-windows-server-2012-r2/
https://www.slideshare.net/laonap166/how-to-backup-active-directory-domain-services-database-in-windows-server-2012-r2

DNS Backup and Recovery in Windows Server 2012 R2

Here, we create scenario like this:
  • First, we backup DNS zones using DNSCMD command line tool.
  • Second ,we delete msserverpro.com DNS zones from server for creating the disaster.
  • Finally, we restore msserverpro.com zone from a file created with DNSCMD command.
Take a backup of msservepro.com zone to a text file using DNSCMD command line tool:
1. Logon to Domain Controller, Open Windows PowerShell and type the following commands to backup DNS zones.
Open Powershell




dnscmd KTM-DC01-2K12 /ZoneExport  msserverpro.com backup\msserverpro.com.dns.bkp
dnscmd KTM-DC01-2K12 /ZoneExport  _msdcs.msserverpro.com backup\_msdcs.msserverpro.com.dns.bkp
where KTM-DC01-2K12 is dnsserver name. The backup copy (text file) of the DNS Zone will be saved to
C:\Windows\System32\dns\backup folder
dnscmd Command
2. Open explorer and navigate to the C:\Windows\System32\dns\backup folder to verify its contents.
Verify backup contents

Deleting DNS zones from our server for disaster:
1. Open DNS Manager Console.
2. Expand the KTM-DC01-2K12 node, then expand Forward Lookup Zones, select the msserverpro.com zone, right Click and Click Delete.
delete zone

3
. On the DNS dialog box, Click Yes twice to remove the zone from both Active Directory and the DNS Server.
delete zone Yes
Waring to remove the zone

Use DNSCMD command line tool to restore the domain DNS zone:
1. Open DNS Manager Console.
2. Expand the Server, KTM-DC01-2K12, then right click Forward Lookup Zone and Click New Zone..
2

3
. On the New Zone Wizard, Click Next.
3

4
. On the Zone Type Wizard, select Primary zone  and Uncheck the Store the zone in Active Directory (available only if DNS server is a writeable domain controller)
4

5. 
On the Zone Name Wizard, type the name of the zone being restored, msserverpro.com and click Next.
5

6. 
On the Zone File Wizard, select the option Use this existing file and Click Next.
6
Make sure the current backup of the msservepro.com is present in the following path,C:\Windows\System32\dns\backup .
6i
Copy the msserverpro.com.dns.bkp file to the parent folder (C:\Windows\System32\dns). Rename the file from msserverpro.com.dns.bkp to msserverpro.com (remove the .bkp extension). Click Yes.
6ii
6iii
6iv
6v
7.  Now go back to the Zone File Wizard, and click Next.
7

8. 
On the Dynamic Update wizard page, select Allow both nonsecure and secure dynamic updates and Click Next.
8

9. 
On the Completing the New Zone Wizard page, Click Finish.
9

10. 
Make sure the msserverpro.com is created. Then right Click the msservepro.com zone and select Properties.

10
11. On the msserverpro.com Properties dialog page, Click the Change.. button at Type: Primary field.
11
12. On the Change Zone Type page, make sure Primary zone is selected and select the option Store the zone in Active Directory (available only if DNS server is a domain controller) and click OK.
12

13. 
On the DNS dialog box, Click Yes to accept the change.
13

14. 
On the msserverpro.com zone Properties page, select Secure only at Dynamic updates field.
14

15
Finally, we should have our DNS Zone up and running..

Summary:
AD DS relies heavily on DNS name resolution. The above article outlines how to carry out DNS backup and recovery operations. I hope this can be largely beneficial to the users. It was my field experience during my career.
source: http://www.msserverpro.com/configuring-dns-backup-and-recovery-in-windows-server-2012-r2/
https://www.slideshare.net/laonap166/dns-backup-and-recovery-in-windows-server-2012-r2