DHCP ipv4 scope-advanced-split scope \u2013 add server x2 aktivacija scope-a kasnije<\/p>\n
ipv4 \u2013 new superscope \u2013 activate\u00a0\u00a0\u00a0 ipv4 \u2013 configure failover<\/p>\n
DNSSEC – DNS \u2013 SERVERDC->Forward Lookup Zones -> desni klik DNSSEC \u2013 Sign the Zone<\/p>\n
GPO \u2013 Computer-> Policies->Windows Setting->Name Resolution Policy -> Suffix \u201eracunarstvo.edu\u201c + Enable DNSSEC + Require DNS clients to check that the name and address has been validated by the DNS server<\/p>\n
Portovi PS \u2013 get-dnsserver + dnscmd \/config \/socketpoolsize 3000 \u2013 restart servisa<\/p>\n
Cache\u00a0 PS \u2013 set-dnsservercache \u2013LockingPercent 75 \u2013 restart servisa<\/p>\n
Izrada GlobalNameZone<\/p>\n
PS \u2013 Add-DnsServerPrimaryZone \u2013Name Alegebra.edu \u2013ReplicationScope Forest
\nSet-DnsServerGlobalNameZone \u2013AlwaysQueryServer $true
\nAdd-DnsServerPrimaryZone \u2013 Name GlobalNames \u2013 ReplicationScope Forest<\/p>\n
+host zapis i a zapis<\/p>\n
iSCSI \u2013 configuration tab (kopirati string), dodati diskove -> add File and Storage Services-> File and iSCSI Services<\/b> + Multipath I\/O <\/b><\/p>\n
SM konzola -> Task -> iSCSI virtual disk location .. next,next … Select a method to identify the initiator<\/b> prozor IQN kopirati string + CHAP<\/p>\n
Na drugom serveru -> iSCSI initiator Properties -> 1. Configuration – > CHAP, 2. Target server1.racunarstvo.edu\u201c -> Connect & Advanced: Enable CHAP log on<\/p>\n
SM \u2013 File and Storage services -> Storage Pools -> New Storage Pool -> Virtual disk -> New virtual disk … next,next … ReFS & finish<\/p>\n
DeDuplikacija ->AddRole \u2013 iSCSI -> Data Deduplication -> Finish, desni klik na volumen, configure Data DeDuplication. PS – Start-DedupJob \u2013Volume F: -Type Optimization <\/b><\/p>\n
NetworkLoadBalance <\/b>\u2013 IIS + NLB -> IIS Default web site c:\\website + desno providers NTLM move up
\nNLB klaster->Network Load Balacing Manager -> Cluster -> New, ime, ip, www, multicast. Rule remove, pa add 80, add 443. Desni klik na domenu -> Add host to cluster<\/p>\n
DAC<\/b><\/p>\n
Add role File Server resource Manager. <\/b>GPO Computer -> Policy -> Admin Templates -> System -> KDC, KDC support for claims… Enable i always. Urediti odjel usera, dodati grupe<\/p>\n
AD administrative center -> DAC -> Claim Type<\/b>-> New -> department & Display name Odjel, ni\u017ee add Uprava i Prodaja. Resource Properties<\/b> Department i Confidentiality ENABLE & Department properties add Uprava.<\/p>\n
Resource Property Lists, Global Resource Property Lists <- provjerit jesu ovdje Confidentiality i Department<\/b><\/p>\n
File Server Resource Manager <\/b>– Classification Management-> Classification Properties <\/b>refresh<\/i>-> Create Classification rule <\/b>odabrati folder i string \u201eTajno\u201c & Evaluation Type<\/b> -> Re-evaluate existing property values <\/b>& uklju\u010diti Overwrite the existing value<\/b>. Run Classification With All Rules Now<\/p>\n
Properties na datoteku & Classification confidentiality, properties na folder i Classification Department<\/p>\n
DAC \u2013 Create Access Rule -> Target Resource<\/b> Edit, Central Access rule \u201eOdjel\u201c-> Add condition: Resource- Department-Equals-Value-Uprava<\/b> , zatim dodati Authenticated users u permission. Add condition:<\/p>\n
User-Odjel-Equals-Resource-Department <\/b><\/p>\n
DAC \u2013 Create Access Rule -> Target Resource<\/b> Edit, Central Access rule \u201eTajno\u201c\u00a0 Add Condition: Resource-Confidentiality-Equals-Value-High<\/b> Permission na Authenticated modify, User-Odjel-Equals-Value-Uprava & Device-Group-Member of each-Value<\/b> & dodati ra\u010dunala uprave<\/p>\n
New-> Central Access Policy\u00a0 <\/b>\u201ezastita\u201c, Add \u201eOdjel\u201c, Add \u201eTajno\u201c<\/p>\n
GPO -> Computer -> Policies -> Windows Settings -> Security Settings -> File system -> central access policy <\/b>Manage \u201eZastita\u201c Add<\/p>\n
Advanced Security Settings<\/b> for ShareDC. Kliknite na karticu Central Policy<\/b> i zatim kliknite opciju Change<\/b> -> Zastita.<\/p>\n
Poruka: Computer Configuration-> Policies-> Administrative Templates-> System-> Access Denied Assistance <\/b><\/p>\n
WorkFolders FileServerResourceManager & WorkFolders feature<\/p>\n
PS – New-SelfSignedCertificate \u2013DnsName \u201eServerdc.racunarstvo.edu\u201c \u2013 CertStoreLocation Cert:Localmachine\\My<\/b> <-kopirati Thumbprint<\/p>\n
$cert= Get-Childitem \u2013Path cert:\\LocalMachine\\My\\OVDJE_ZALIJEPITE_OTISAK <\/b><\/p>\n
Export-Certificate \u2013Cert $cert \u2013Filepath C:\\Sharedc\\Serverdc.p7b \u2013Type P7B <\/b><\/p>\n
<\/p>\n
CMD -> netsh http add sslcert ipport=0.0.0.0:443 certhash=OVDJE_ZALIJEPITE_OTISAK_CERTIFIKATA appid={CE66697B-3AA0-49D1-BDBD-A25C8359FD5D} certstorename=MY <\/b><\/p>\n
WorkFolders -> Task ->\u00a0 New Sync share, odabrati mapu, Add Svi_korisnici, Isklju\u010dite opciju Automatically lock screen and require a password, <\/b>create<\/p>\n
GPO: User -> Policies -> Admin Temp-> Windows Components -> Work Folders (Specify WF settings \u2013 enabled, url: serverdc.racunarstvo.edu i Force Automatic setup)<\/p>\n
Computer Configuration-> Policies-> Windows Settings-> Security Settings-> Public Key Policies \u2013 Trusted Root Certification Authorities -> Import \u201eC:\\Sahre\\serverdc.p7b\u201c finish<\/p>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
DHCP ipv4 scope-advanced-split scope \u2013 add server x2 aktivacija scope-a kasnije ipv4 \u2013 new superscope \u2013 activate\u00a0\u00a0\u00a0 ipv4 \u2013 configure failover DNSSEC – DNS \u2013 SERVERDC->Forward Lookup Zones -> desni klik DNSSEC \u2013 Sign the Zone GPO \u2013 Computer-> Policies->Windows … Continue reading