DHPC klaster, DNSSEC, iSCSI, NLB, DAC, WorkFolders…

Posted on by

DHCP ipv4 scope-advanced-split scope – add server x2 aktivacija scope-a kasnije

ipv4 – new superscope – activate    ipv4 – configure failover

DNSSEC – DNS – SERVERDC->Forward Lookup Zones -> desni klik DNSSEC – Sign the Zone

GPO – Computer-> Policies->Windows Setting->Name Resolution Policy -> Suffix „racunarstvo.edu“ + Enable DNSSEC + Require DNS clients to check that the name and address has been validated by the DNS server

Portovi PS – get-dnsserver + dnscmd /config /socketpoolsize 3000 – restart servisa

Cache  PS – set-dnsservercache –LockingPercent 75 – restart servisa

Izrada GlobalNameZone

PS – Add-DnsServerPrimaryZone –Name Alegebra.edu –ReplicationScope Forest
Set-DnsServerGlobalNameZone –AlwaysQueryServer $true
Add-DnsServerPrimaryZone – Name GlobalNames – ReplicationScope Forest

+host zapis i a zapis

iSCSI – configuration tab (kopirati string), dodati diskove -> add File and Storage Services-> File and iSCSI Services + Multipath I/O

SM konzola -> Task -> iSCSI virtual disk location .. next,next … Select a method to identify the initiator prozor IQN kopirati string + CHAP

Na drugom serveru -> iSCSI initiator Properties -> 1. Configuration – > CHAP, 2. Target server1.racunarstvo.edu“ -> Connect & Advanced: Enable CHAP log on

SM – File and Storage services -> Storage Pools -> New Storage Pool -> Virtual disk -> New virtual disk … next,next … ReFS & finish

DeDuplikacija ->AddRole – iSCSI -> Data Deduplication -> Finish, desni klik na volumen, configure Data DeDuplication. PS – Start-DedupJob –Volume F: -Type Optimization

NetworkLoadBalance – IIS + NLB -> IIS Default web site c:\website + desno providers NTLM move up
NLB klaster->Network Load Balacing Manager -> Cluster -> New, ime, ip, www, multicast. Rule remove, pa add 80, add 443. Desni klik na domenu -> Add host to cluster

DAC

Add role File Server resource Manager. GPO Computer -> Policy -> Admin Templates -> System -> KDC, KDC support for claims… Enable i always. Urediti odjel usera, dodati grupe

AD administrative center -> DAC -> Claim Type-> New -> department & Display name Odjel, niže add Uprava i Prodaja. Resource Properties Department i Confidentiality ENABLE & Department properties add Uprava.

Resource Property Lists, Global Resource Property Lists <- provjerit jesu ovdje Confidentiality i Department

File Server Resource Manager Classification Management-> Classification Properties refresh-> Create Classification rule odabrati folder i string „Tajno“ & Evaluation Type -> Re-evaluate existing property values & uključiti Overwrite the existing value. Run Classification With All Rules Now

Properties na datoteku & Classification confidentiality, properties na folder i Classification Department

DAC – Create Access Rule -> Target Resource Edit, Central Access rule „Odjel“-> Add condition: Resource- Department-Equals-Value-Uprava , zatim dodati Authenticated users u permission. Add condition:

User-Odjel-Equals-Resource-Department

DAC – Create Access Rule -> Target Resource Edit, Central Access rule „Tajno“  Add Condition: Resource-Confidentiality-Equals-Value-High Permission na Authenticated modify, User-Odjel-Equals-Value-Uprava & Device-Group-Member of each-Value & dodati računala uprave

New-> Central Access Policy  „zastita“, Add „Odjel“, Add „Tajno“

GPO -> Computer -> Policies -> Windows Settings -> Security Settings -> File system -> central access policy Manage „Zastita“ Add

Advanced Security Settings for ShareDC. Kliknite na karticu Central Policy i zatim kliknite opciju Change -> Zastita.

Poruka: Computer Configuration-> Policies-> Administrative Templates-> System-> Access Denied Assistance

WorkFolders FileServerResourceManager & WorkFolders feature

PS – New-SelfSignedCertificate –DnsName „Serverdc.racunarstvo.edu“ – CertStoreLocation Cert:Localmachine\My <-kopirati Thumbprint

$cert= Get-Childitem –Path cert:\LocalMachine\My\OVDJE_ZALIJEPITE_OTISAK

Export-Certificate –Cert $cert –Filepath C:\Sharedc\Serverdc.p7b –Type P7B

 

CMD -> netsh http add sslcert ipport=0.0.0.0:443 certhash=OVDJE_ZALIJEPITE_OTISAK_CERTIFIKATA appid={CE66697B-3AA0-49D1-BDBD-A25C8359FD5D} certstorename=MY

WorkFolders -> Task ->  New Sync share, odabrati mapu, Add Svi_korisnici, Isključite opciju Automatically lock screen and require a password, create

GPO: User -> Policies -> Admin Temp-> Windows Components -> Work Folders (Specify WF settings – enabled, url: serverdc.racunarstvo.edu i Force Automatic setup)

Computer Configuration-> Policies-> Windows Settings-> Security Settings-> Public Key Policies – Trusted Root Certification Authorities -> Import „C:\Sahre\serverdc.p7b“ finish

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *