Pages

Sunday, January 31, 2010

VBScript to Move Files

You can use schedule this script to move files on a server daily from on location to another.

Simple copy the script to a text file using notepad.exe and save as .vbs or download
here.

' Use at your own risk
' Customize as you wish


Const cFROM = "E:\Source"
Const cDEST_ROOT = "E:\Destination"
Const cDAYS_OLD = 5
Const cFROM_EMAIL = "[email protected]"
Const cTO_EMAIL = "[email protected]"
Const cCC_EMAIL = "[email protected]"

Dim objFSO
Set objFSO = CreateObject("Scripting.FileSystemObject")

' Check directory existence
If Not objFSO.FolderExists(cFROM) Then
strMessage = "Either soure or destination folder does not exists." & vbCrLf & _
"Source Folder:" & vbTab & cFROM & vbCrLf & _
"Please make sure that source path is correct and exists before running the " & _
"script again." & vbCrLf & vbCrLf & _
"Thanks."
Call SendEmail("Error:Move Script", strMessage)
Call Destroy()
WScript.Quit
End If

strDest = cDEST_ROOT & Month(Now) & "-" & Year(Now) & "\"

' Create destination directory if doesn not exists
If Not objFSO.FolderExists(strDest) Then
objFSO.CreateFolder(strDest)
End If

Dim objGFO
Set objGFO = objFSO.GetFolder(cFROM)

Dim objGFI
Set objGFI = objGFO.Files

strMessage = "This summary report contains the total number of files that were moved to " & _
strDest & " from " & cFROM & vbCrLf & vbCrLf
intGFI = 0
Dim strGFI
For Each strGFI in objGFI
If DateDiff("d", strGFI.DateLastModified, Date) >= cDAYS_OLD Then
strFileName = strGFI.Name

If objFSO.FileExists(strDest & strFileName) Then
objFSO.DeleteFile strDest & strFileName, True
End If

objFSO.MoveFile cFROM & strFileName, strDest
intGFI = intGFI + 1
'strMessage = strMessage & intGFI & ". " & cFROM & strFileName & " was moved successfully." & vbCrLf
'Exit For
End If
Next

strMessage = strMessage & vbCrLf & "Successfully archived " & intGFI & " file(s) to " & strDest & vbCrLf

Call SendEmail("Move Script Daily Summary Report", strMessage)
Call Destroy()

Sub SendEmail(strSubject, strMessage)

Dim strEmailBody

Dim objEmail
Set objEmail = CreateObject("CDO.Message")

'Email fields
objEmail.From = cFROM_EMAIL
objEmail.To = cTO_EMAIL
objEmail.Cc = cCC_EMAIL
objEmail.Subject = strSubject & vbTab & "***Timestamp*** " & Now()
objEmail.Textbody = strMessage

'Smtp configurations
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = _
"smtp.usadata.com"
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60

objEmail.Configuration.Fields.Update
objEmail.Send

End Sub


Sub Destroy()

Set objGFI = Nothing
Set objGFO = Nothing
Set objFSO = Nothing

End Sub

Restart Windows services on remote computers

You can use the following script to restart services on a windows machine. Copy the script to a text file using notepad.exe and save the file as .vbs or download here.

' Restarts services on remote machines using WMI.
' Use at your own risk.
' Customize as you wish.
'------------------------------------------------

Option Explicit
Dim objWMIService, objItem, objService
Dim colListOfServices, strComputer, strService, intSleep

Dim strComputers(2)
' specify you servers here
strComputers(0) = "Server01"
strComputers(1) = "Server02"
strComputers(2) = "Server03"

intSleep = 15000

Dim i
For i = 0 to UBound(strComputers)

'On Error Resume Next
' NB strService is case sensitive.
strService = " 'Alerter' "

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputers(i) & "\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery _
("Select * from Win32_Service Where Name ="_
& strService & " ")

For Each objService in colListOfServices
objService.StopService()
WSCript.Sleep intSleep
objService.StartService()
Next
Next

WScript.Quit
' End of Example WMI script to Start / Stop services

Batch File To Turn Power On and Off Monitor or LCD

Here are two simple batch files that you can use to power on and off monitor or LCD. This is very useful to turn off Kiosks during off-hours and power back on during business hours using Windows scheduler.

You can use it as you like. You can download both source and binaries.

System Requirements: x86, .NET 1.x or above, Window OS

Power Off -
Turnning LCD and Monitor Off Batch File.bat
Power On - Turnning LCD and Monitor On Batch File.bat

Disclaimer: The software provided is as-is. Use it at your own risk. You are free to modify the code as you like.

Get notify about TrendMicro OfficeScan anti-virus pattern updates

This tool will alert you via email when latest version of TrendMicro OfficeScan 7.x antivirus pattern file is available so you can update your antivirus server and clients with the latest antivirus definitions. The pattern file update feature is not available in TrendMicro 7.x and administrators need to manually check for pattern version update 2-3 times a week.

You can use it as you like. You can download both source and binaries.

System Requirements: x86, .NET 1.x or above, Window OS

Binaries -
TrendMicro Anti-Virus Pattern File Update Alerter 7x Binaries.zipSource - TrendMicro Anti-Virus Pattern File Update Alerter 7x Source.zip
Disclaimer: The software provided is as-is. Use it at your own risk. You are free to modify the code as you like.

Update timestamp on multiple files in multiple folders at once

This simple free utility allows you to update the timestamp on many files at once. The files can be of any type. It is very useful when you want update the timestamp on a number of files for any reason. Specially useful for updating timestamp for search engine spiders to index up to date files.

You can use it as you like. You can download both source and binaries.

System Requirements: x86, .NET 1.x or above, Window OS

Binaries -
Multi Bulk File Timestamp Updater Utility Binaries.zipSource - Multi Bulk File Timestamp Updater Utility Source.zip

Disclaimer: The software provided is as-is. Use it at your own risk. You are free to modify the code as you like.

A tool to archive old IIS logs.

You can use this free utility to archive IIS logs for multiple websites. This is a very useful tool when you want to keep your web servers disk free of old IIS logs.

You can use it as you like. You can download both source and binaries.

System Requirements: x86, .NET 1.x or above, Window OS

Binaries -
IIS Logs Archiving Utility Binaries.zip
Source -
IIS Logs Archiving Utility Source.zip

Disclaimer: The software provided is as-is. Use it at your own risk. You are free to modify the code as you like.

Replace file extensions for multiple files in a folder tree

Here is a very useful utility that can replace file extensions for multiple files at once in a folder tree. It can be used in large software development projects where you need to convert files from one language type to another (i.e. C# to JAVA).


You can use it as you like. You can download both source and binaries.

System Requirements: x86, .NET 1.x or above, Window OS

Binaries -
File Extension Rename Replace Utility Binaries.zip
Source -
File Extension Rename Replace Utility Source.zip

Disclaimer: The software provided is as-is. Use it at your own risk. You are free to modify the code as you like.

Creational Design Patterns Quick Reference

Here is a quick reference for those interested in the 5 creational design patterns that are very useful in developing code. The include Abstract Factory, Builder, Factory Method, Prototype, and Singleton.

PDF -
Creational Design Patterns Quick Reference

Change name for multiple files in a folder in a batch

Here is a utility I wrote a while back for changing more than one file names at a time in a single folder. It's a very useful tool and I use it from time to time when I need to change part of the file for more than a single file.

You can use it as you like. You can download both source and binaries.

System Requirements: x86, .NET 1.x or above, Window OS

Binaries - Bulk File Name Editor Binaries.zip
Source - Bulk File Name Editor Source.zip

Disclaimer: The software provided is as-is. Use it at your own risk. You are free to modify the code as you like.

A Quick Reference & Tutorial for ASP.NET

A few years back I had created this quick tutorial for ASP.NET. It is kind of outdated but can still be used for those learning ASP.NET web development.

Word - Quick ASP.NET Reference Tutorial
PDF - Quick ASP.NET Reference TutorialHTML - Quick ASP.NET Reference Tutorial

How to calculate SQL table sizes?

Number of rows in the table = Num_Rows
Number of columns = Num_Cols
Sum of bytes in all fixed-length columns = Fixed_Data_Size
Number of variable-length columns = Num_Variable_Cols
Maximum size of all variable-length columns = Max_Var_Size

Null Bitmap (Null_Bitmap) = 2 + (( Num_Cols + 7) / 8 )

Total size of variable-length columns (Variable_Data_Size) = 2 + (Num_Variable_Cols x 2) + Max_Var_Size

Total row size (Row_Size) = Fixed_Data_Size + Variable_Data_Size + Null_Bitmap + 4

Number of rows per page (Rows_Per_Page) = ( 8096 ) / (Row_Size + 2)

Number of free rows per page (Free_Rows_Per_Page) = 8096 x ((100 - Fill_Factor) / 100) / (Row_Size + 2)

Number of pages (Num_Pages) = Num_Rows / (Rows_Per_Page - Free_Rows_Per_Page)

Table size (bytes) = 8192 x Num_Pages

A Quick Reference for T-SQL

Here is a quick reference for T-SQL. You can use this reference if you are not full-time developer like myself. I use it from time to time to remind myself of SQL concepts when I am working on development projects.

Download Links

HTML - T-SQL-Quick-ReferenceWord - T-SQL-Quick-Reference
PDF - T-SQL-Quick-Reference

A Quick C# Programming Language Reference

Here is quick reference for those who are interested in learning C#.
Word - C# Programming Language Reference With Examples

PDF - C# Programming Language Reference With Examples
HTML -
C# Programming Language Reference With Examples

Please remember that this quick reference is not for beginners. It assumes you are already familiar with another programming language like C++ or JAVA.

This C# reference contains simple examples to explain topics and C# syntax and semantics.

Saturday, January 30, 2010

Nslookup & Service Records ( SRV Records )

You can use to query SRV records in DNS. Here is an example:

> nslookup

Server: dns01.domain.com
Address: 1.1.1.1
> set type=srv
> _ldap._tcp.dc._msdcs.domain.com
Server: dns01.domain.com
Address: 1.1.1.1

_ldap._tcp.dc._msdcs.domain.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = dns01.domain.com
_ldap._tcp.dc._msdcs.domain.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = dns02.domain.com
_ldap._tcp.dc._msdcs.domain.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = dns03.domain.com
dns01.domain.com internet address = 1.1.1.1
dns02.domain.com internet address = 2.2.2.2
dns03.domain.com internet address = 3.3.3.3
>

How to locate authorized and non-authorized (rouge) DHCP servers in Windows 2003?

You can locate authorized dhcp server in Windows domain by running the follwoing command on any Windows 2003 server that is a memeber of the domain.

>netsh dhcp show server

To locate unauthorized (rouge) dhcp servers on the network type

>dhcploc , etc.

example: >dhcploc 1.1.1.1 2.2.2.2

Get the MAC address of remote desktop or server in Windows

Ever wonder how to remotely get a mac address of a remote Windows machine without logging in.

1. Start command prompt with an account that has admin rights on the remote machine
2. type getmac /S machinename.domain.com

Here is an example:

C:\WINDOWS\system32>getmac /S Robin01.domain.com

Physical Address Transport Name
=================== ==========================================================
00-50-56-AA-56-2D \Device\Tcpip_{00B3A1D6-AE6F-4879-9588-BA3989521384}

Windows 2008 Disk Resize Fix - Error 0xc0000225

If you increased the size of Windows 2008 system disk using a third party tool such as gparted. You will get an error similar to,

Windows failed to start...

File: \Windows\system32\winload.exe
Status: 0xc0000225
Info: The selected entry could not be loaded...


To fix the issue follow these steps.
1.Boot the windows server 2008 cd
2.Select your language
3.Select repair your computer
4.Run following commands
c:\> cd \windows\system32
> bcdedit /set {bootmgr} device boot
> bcdedit /set {default} device boot
> bcdedit /set {default} osdevice boot
5.Restart

NOTE: You can just use shrink volume from within the storage manager to change the disk rather than using third-party tools.

How to change SRV records priorities and weight for Active Directory services?

You have a failed domain controller (i.e. replication failure) in your Active Directory domain that has some special services like DHCP, DNS, WINS, and probably some other important applications that are used in your organization. There are applications and clients that needs these services but you don't want users to use this failed DC even though it has to be online to serve other services. You can move these services to other servers but that will involve more work and more time. Here is a quick of turning the bad DC into backup domain controller.

In order to quickly recover and prevent users from going to this faulty DC. You can change the priority and weight for SRV records of the faulty Domain Controller (DC) in DNS so it becomes a backup domain controller. This will prevent desktops and users using this DC to authenticate against AD since it won't be advertising AD services in DNS.

Here are the steps to perform this operation.

On A Good DC:
1. Log in to DNS
2. Go to your domain's zone
3. Change _ldap, _kerberos, _gc (if this is also a Global Catalog server), _kpasswd reocrds' priority (higher value lower priority) and weight (higher value higher weight) to a value of 1 anywhere you find it under _msdcs, _sites, _tcp, _upd folders.

Perform the 3 steps above if replication is failing on faulty Domain Controller.

MTU Maximums (Jumbo Frames) for ESX 4.0, Windows 2003/2008, and EMC CLARiiON CX 3-10c

Here is the maximum MTU sizes supported by ESX, Windows, and EMC. Jumbo Frames are useful for better performance on hosts and storage since large frames result in less CPU cycles.

- ESX 4.0 Jumbo Frames up to 9KB (9000 Bytes)
- Windows 2008,windows 2003 - limited by network card/application. For more information, refer to http://support.microsoft.com/kb/314496 and http://msdn.microsoft.com/en-us/library/ms817967.aspx.
- CLARiiON CX 3-10c (9000 bytes)

Windows 2008 License Activation Quick Overview - KMS & MAK

Microsoft has made a lot of changes to their license activation of new Windows versions, Windows 2008, Vista, and Windows 7. Here is a quick overview of what and how to activate Windows using this new activation method.

There are two types of license activation methods that Windows 2008, Vista, and Windows 7 clients can use, Multiple Activation Key - MAK and Key Management Services - KMS. MAK is very simple but can also be confusing and problematic if not implemented correctly. KMS involves a little more work on Systems Administrators' side. But regardless of which method is used, overall process can be automated and no product keys are necessary to enter when activating Windows. Volume Activation Management Tool - VAMT is provided by Microsoft for managing Windows licensing and is included in Windows 7 Deployment Services.

MAK Activation:
- Clients can be activated by installing individual MAK keys or by using a MAK Proxy Activation Server provided by VAMT.
- There are no minimum requirements for clients on the LAN.

KMS Activation:
- A machine running Windows 7,Vista,2008 must act as a KMS Host on the LAN.
- A host must be activated using KMS key
- A host cannot be activated more than 10 times with the same KMS keys.
- Host publishes _VLMCS._tcp.domain.com SRV record in DNS listening on Port 1688
- A minimum of 5 Windows 2008 KMS client should always be on the LAN
- A minimum of 25 Windows Vista or Windows 7 (exclusive) should be on the LAN
- Can be installed on a DC

Note: You can use VAMT to remotely change type of keys used by Windows 2008, Vista, and Windows 7 client. You can also use VAMT to activate clients in batches. This is very important and useful when you want start out small with MAK keys and then switch everyone to KMS when you have reached the minimum client requirements for KMS.

Here are generic KMS Client Setup Keys:

Windows Vista Business
YFKBB-PQJJV-G996G-VWGXY-2V3X8
Windows Vista Business N
HMBQG-8H2RH-C77VX-27R82-VMQBT
Windows Vista Enterprise
VKK3X-68KWM-X2YGT-QR4M6-4BWMV
Windows Vista Enterprise N
VTC42-BM838-43QHV-84HX6-XJXKV
Windows Server 2008 Datacenter
7M67G-PC374-GR742-YH8V4-TCBY3
Windows Server 2008 Datacenter without Hyper-V
22XQ2-VRXRG-P8D42-K34TD-G3QQC
Windows Server 2008 for Itanium-Based Systems
4DWFP-JF3DJ-B7DTH-78FJB-PDRHK
Windows Server 2008 Enterprise
YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 Enterprise without Hyper-V
39BXF-X8Q23-P2WWT-38T2F-G3FPG
Windows Server 2008 Standard
TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Standard without Hyper-V
W7VD6-7JFBR-RX26B-YKQ3Y-6FFFJ
Windows Web Server 2008
WYR28-R7TFJ-3X2YQ-YCY4H-M249D

Exchange 2007 OWA Address Book Search Bug

I recently came across a very odd situation with Exchange 2007 OWA search when troubleshooting a user issue. Exchange 2007 OWA search returned different results for name containing apostrophe ( ' ) character. Here is the screenshot of what happened. I am not sure sure if others have come across similar issues. So please share if you have seen this behaviour. It looks like a bug in Exchange 2007 OWA search.

Friday, January 29, 2010

iSCSI SAN & Multihoming

Here is the quick view of how to configure Networking on iSCSI SANs to be used with hosts that are multihomed. This applies to all Windows, Linux, and ESX environments.

How to reset system folders in Outlook?

Here are few quick steps on resetting Outlook Systems folders such as Calendars, Contacts, etc.

1. Restart Outlook with following switch: outlook /resetfolders. This causes all folders to be set to default.
2. Move all items from previously moved folder to newly created default folder using outlook Move To operation
3. Delete the moved folder.
4. Restart Outlook normally.


Hope this was helpful.

A Quick Guide to Windows Terminal Server Setup

Here is quick guide for setting up a Windows 2003 Terminal Server environment. It contains the best pratices that are needed to sucessfully deploy your terminal services server on the fly. Please remember, these changes will be made after you have installed terminal services by going to Control Panel--> Add/Remove Windows Features.

You will need Windows 2003 EE version to use TS.
Important Group Policy/TS Changes For Better Experience:
- Configure "keep a live session" policy settings to the time you think users will be active on Terminal Server to efficiently use resources.
- Configure Terminal Services Profiles so users can log into any server without recreating new profile if a session directory server is used.
- Configure "Local Home Directory" (C:\AppHome) for Application Configuration Data
- Depending your security policy allow users to reconnect
- You should change theme to Windows XP LUNA to make Terminal Server more user friendly
Configuration/Administrative Templates/Control Panel/Display/Desktop Themes/Load a specific visual style file or force Windows Classic,
%windir%\resources\Themes\Luna\Luna.msstyles
- Disable screen savers
- Do not change wallpaper for users
- Remove and prevent access to the Shut Down command for users
- Remove links and access to Windows Update
- Remove Favorites menu from Start Menu

For detailed information you can refer to, http://technet.microsoft.com/en-us/library/cc78206

Group Policy Order (top to bottom):
Computer Policies
User Policies
Terminal Services Policies as defined in Terminal Services Configuration
User Account Policy
Remote Desktop Client settings

Terminal Services Client Location:%systemroot%\system32\clients\tsclient\win32

Clustering (Optional):
- You can create a terminal services cluster but should separate licensing server
- You can also have session directory server which keeps track of sessions for users

Licensing:
- Place License Server on a different machine or Domain Controller.
- Licensing is activated by Microsoft clearing house online or offline.
- Licenses are permanent on the second connection of users or desktops depending on whether you have per user or per desktop licensing.

Useful TS commands:Current Users: quser/query user
Stop Logons: change logon /disable
Allow Logons: change logon /enable
Shutdown/Reboot: tsshutdn /reboot, /powerdown /delay /v
Install Application: change user /install
Run Application: change user /execute

NOTE: Before deploying applications with Terminal Server, you must determine which applications are ideal candidates for hosting in your organization, and determine if those applications will work well in a Terminal Server environment.

LAN Switch Build Guideline Document Checklist for PCI DSS Compliance (Cisco or Juniper)

Here is a LAN switch configuration or build document that can be used to satisfy PCI compliance requirements for your organization's LAN environment.

Download the Word & PDF versions here:

MS Word - PCI Compliance Cisco / Juniper Switch Build Document Checklist
PDF -
PCI Compliance Cisco / Juniper Switch Build Document Checklist
Web -
PCI Compliance Cisco / Juniper Switch Build Document Checklist

Notice: Please use it at your own risk and before use please have your PCI auditors validate the document.


PCI Access Switch Configuration Guideline
This text is to be used and followed when configuring a new Juniper/Cisco switch for PCI environment running the latest version of JUNOS/Cisco supported by the switch model in use.
The intended audience is only for [Team Name] personnel.
Please follow the guidelines in this document when configuring a switch for PCI environment.
For every step that is completed, please tick the box in the last column. Once done, please fill out your information and have your manager or supervisor sign the document.

Access Switch Configuration (Juniper/Cisco)

Item No.
Description of Task
Done
1
Change default management VLAN0 to VLAN249 called mmamgmt. Make last 2 ports (47, 48) and any uplinks members of mmamgmt VLAN.
2
Enable only HTTPs and SSH via management ports. Disable all unsecured protocols such as HTTP, Telnet, SNMP v1, etc.
3
Identify the port roles for each port in use. Roles include VOIP, Desktop, Switch, Router, WAP, etc.
4
Disable LLDP-MED/CDP on all access ports except uplinks and management ports including OAB management port.
5
Disable PoE on all ports except those that need it and set PoE priority to HIGH and max power to 15.4 Watts
6
Enable DHCP snooping for DHCP client ports
7
Enable 802.1x if required and configure profile to authenticate against RADIUS
8
Disable ability to reset to factory default from LCD
9
If using SNMP, use SNMP v2 or higher to send traps only to internal SNMP via secure link or channel. Configure SNMP as follow:
SNMPv2 or higher with Read-Only community string called "mma-snmp-private" preferably on separate monitoring VLAN
Create and send these traps to designated targets only:
snmp-access: authentication, remote operations, startup, configuration
snmp-data: link, routing, VRRP event
romon: RMON alarm
physical: Chassis
10
Specify the domain name for switch
11
Configure Split-Permission model for switch authentication as follows:
  1. Remotely Authenticate users against AD via RADIUS.
  2. Upon failures, authenticate locally
Local Users - Create following local users on the switch
Username
UID
Description
Password
Role/Privilege
admin
1024
Administrator
AskYourManager
Super-User
opera
512
Operator
AskYourManager
Operator
user
256
User
AskYourManager
Read-Only
monitor
128
Monitor
AskYourManager
Read-Only
JUNOS Only - Do not use root unless absolutely necessary!!!
12
Time & NTP
Configure local clock as following:
Runtime: ntp.inernalsource.com (Primary)
ntp.externalsource.com (Secondary)
Boot & Runtime: UTC
13
Create a rescue configuration which should be set to default configuration.
14
Create and display a Message of the Day (MoD) banner that notifies anyone who connects to a switch that it is for authorized use only and any use of it will be monitored.
Example:
This is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system may be subject to one or more of the following actions: interception, monitoring, recording, auditing, inspection and disclosing to security personnel and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to these actions. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By accessing this system you indicate your awareness of and consent to these terms and conditions of use. Discontinue access immediately if you do not agree to the conditions stated in this notice.
15
If possible, Configure and Layer 3 built-in out of band management port (JUNOS only)
16
Disable any unnecessary services such as bootp server, finger, proxy-arp, etc.
17
Scheduled remote configuration backups whenever changes are made to existing configuration.
witch IP
Engineer
Date Completed
Manager’s Signature / Initials
------------------------------------------------------------
[Team Name], [Department]
[Company Name]

Windows 2008 RADIUS Server - NPS/NPAS Checklist & Usage Recommendations

Here is a quick fact checklist and usage guidelines from our experience of implementing new Windows 2008 RADIUS server called NPS which is part of NPAS role

- Windows 2008 Standards (50 clients only), Windows 2008 EE/DC (unlimited).
- You can backup config using 'netsh nps export' commands
- It support multiple EAP types adn SHVs but there are certain limitations.
- You can configure clients using GPs (Same to W2k3)
- Support for EAP-TLS and PEAP-TLS, MS-CHAPv2 but using Certificates only.
- NPS Microsoft Management Console (MMC)
- Event logging for NPS, Logging user authentication and accounting requests.Logging can be sent to log files, db files, stored procedures on SQL2k, SQL2k5, or SQL2k8.
- Should turn on logging (initially) for both authentication and accounting records.
- Install NPS on either a global catalog server or a server that is on the same subnet.
- Disable NAS Notification Forwarding
- Create several universal group for all users if too many.
- Use a user principal name in network policies to refer to users whenever possible
- Increasing the number of concurrent authentications between NPS and the domain controller
- To effectively balance the load of either a large number of authorizations or a large volume of RADIUS authentication traffic (such as a large wireless implementation using certificate-based authentication), install NPS as a RADIUS server on all of your domain controllers. Next, configure two or more NPS proxies to forward the authentication requests between the access servers and the RADIUS servers. Next, configure your access servers to use the NPS proxies as RADIUS servers.
- Use NPS and NPS Accounting for complete AAA services.

This information is based on following Technet articles:

http://technet.microsoft.com/en-us/library/cc732875(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc732875(WS.10).aspx

Windows 2008 NFS & ESX 4.0 - Best Practices & Quick Setup Guidelines

Setting up Windows 2008 NFS (Network File Storage) to be used with ESX 4.0 was fun. We discovered many new things about NFS and came across both best practices and advantages of using NFS. Here is a quick overview of how to setup NFS in Windows 2008 without extending Active Directory schema for Unix extension.

Best Practices & Advantages for NFS:
- In ESX, you get thin provisioning by default with NFS.
- You can expand AND decrease NFS volumes on the fly
- You don’t have to deal with VMFS or RDMs
- You don’t have to deal with FC switches, zones, lun sizing, HBAs, and identical LUN IDs
- You can restore multiple VMs, individual VMs, or files within VMs.
- You can instantaneously clone, a single VM, or multiple VMs
- ESX server I/O is small block and extremely random which means that bandwidth matters little
- No single disk I/O queue, so your performance is strictly dependent upon the size of the pipe and the disk array
- You can clone a single VM or create 100’s of VMs from a template in seconds
- VMware Data store sizing — easy datastore growth (possible with VMFS) and shrinking (not possible with VMFS)
- Larger data stores – no need to keep datastores smaller like with VMFS
- VMDK Thin Provisioning
- For thousands of virtual machines, NAS NFS is a much more efficient network storage methodology.

Network Requirements:- Designated VLAN or LAN (Private Switches) with separate subnet
- Jumbo Frames enabled end-to-end

Windows 2008 NFS Requirements & Setup:
- Install NFS in File Server Roles
- Install User Name Mapping Service - UNM server (using Unix Services for Windows) on same machine or separate machine
- Allow the Windows 2008 server
- Export /etc/passwords and /etc/groups files from ESX to Windows host
- Import /etc/passwords and /etc/groups files into UNM server
- Map the root account to an admin account in AD or locally
- Got Services for NFS snap-in from Administrative tools on NFS server, Right clikc Services for NFS and click properties, check User Name Mapping and fill in UNM server FQDN name.
- Add the NFS server to config file to allow connection on UNM server.
- Right click on the folder you want to be NFS share and click NFS sharing.
- Allow root full access on NFS tab
- Allow mapped active directory or local admin account full access on NTFS Security tab

ESX Requirements & Setup:
- Create a new vSwitch
- Attach newly created vSwitch to separate physical NIC
- Create a vmkernel port group for NFS traffic on newly created switch
- Recommended to not allow routing of data between these VM and NFS networks. In other word, do not define a default gateway for the NFS storage network.
- Create a second service console (SC) port be defined on the VMkernel storage vSwitch created above
- Verify IP storage network, or VMkernel, connectivity by running vmkping command.
- In vCenter (Virtual Center)
1. Select an ESX host.
2. In the right pane, select the Configuration tab.
3. In the Software box, select Advanced Configuration.
4. In the pop-up window, left pane, select NFS.
5. Change the value of NFS.HeartbeatFrequency to 12.
6. Change the value of NFS.HeartbeatMaxFailures to 10.
7. Repeat for each ESX Server.
- Add the NFS datastore in VC

Windows 2008 Failover Cluster & iSCSI - Quick Fact Checklist

Here is a quick check list you may need to setup a Windows 2008 failover cluster. Please remember you still need to gather information on application that you are trying to cluster i.e. SQL Server, etc.

iSCSI:
- The network you use for iSCSI cannot be used for network communication
- You cannot use teamed network adapters, because they are not supported with iSCSI

Storage:
- 2 separate LUNs: 1 Witness/1 Data
- Basic
- NTFS
- MBR or GPT

Quorum:
- Node & Disk Majority + Witness Disk: default for cluster with even nodes
***Node and Disk Majority means that the nodes and the witness disk each contain copies of the cluster configuration,
and the cluster has quorum as long as a majority (two out of three) of these copies are available.

SAN:
- SCSI Primary Commands-3 (SPC-3)
- Persistent Reservations
- miniport driver --> Microsoft Storport storage driver
- Use LUN masking or zoning to separate volumes from other clusters
- Microsoft Multipath I/O (MPIO): DSMs are included in W2k8

Cluster Requirments:
- In Windows Server 2008, there is no Cluster service account.
- Microsoft Storage Manager for SANs

Server Build Document & Guidelines - Windows & ESX

Here is a very good document that we use for deploying and building Windows and ESX boxes. It helps us follow the best practices and serve as a checklist of things to do when putting new boxes out there. You can use it for your use and customize it as you wish.
The guide includes best practices for Windows 2008, Windows 2003, ESX 4.0 and Dell servers.

Word - Windows & ESX Server Build Guidelines Document

Test Plan Template

Here is a simple test plan template that you can customize and use for executing systems designs and engineering IT projects or day to day changes to your IT infrastructure. You can download it here,

Word - Test Plan Template