I hope U will enjoy this post
Step by step: Installing CRM 2011 On-premise and Migrating from Dynamics CRM 4.0 (32 bits, on-premise). - Pablo Peralta’s blog - CRM Technical Blogs - Microsoft Dynamics Community
if U have any queries mail me
Tuesday, October 18, 2011
Friday, October 14, 2011
Technical Tips - Tips for IT Professionals: How to install System Center Configuration Manager...
Technical Tips - Tips for IT Professionals: How to install System Center Configuration Manager...: Make sure that IIS and SQL Server full version is installed. Installation of the necessary components can be verified by clicking "Run the P...
Thursday, October 13, 2011
Wednesday, August 24, 2011
New Technology Phase Change Memory
Introduction
My Dear friends this article discussed molecular memory, phase change memory, holographic memory, and magneto-resistive RAM. In this article I thought I’d revisit that article and expand a bit on the section discussing phase change memory. This will also give me a chance to introduce some advances in the technology recently announced by IBM.Background
To understand the new advances made by IBM researchers you’ll need to know the basic science behind phase change memory and the challenges associated with it. Phase change memory is really very similar to the technology used in CD-R and DVD-R technologies.In optical disc writing, a laser changes the opacity of small regions on the disc. The laser can make the small region more opaque or less opaque. It does this by changing the material from an amorphous state to a crystalline state or from a crystalline state to an amorphous state. When a disc reader then reads the reflection from the disc the reader will be able to determine if the region is in an amorphous or a crystalline state thus reading either a logical ‘1’ or a logical ‘0’.
Likewise, phase change memory also changes a small region from an amorphous state to a crystalline state and back again. In phase change memory implementations though, this change is done via an electrical current instead of a laser. More precisely, it is the heat that can change the state the optical disc and phase change memory implementations merely change how that heat is created/distributed. In my previous article Memory Storage, I highlighted the scientific similarities of resistivity to opacity, which even includes reflection!
Phase change memory systems can determine whether a region, often called a cell, is in an amorphous or crystalline state by measuring its electrical resistivity. This leads to one of the major advantages of a phase change memory system; the resistivity levels of amorphous and crystalline states are drastically different. This allows us to implement different levels of crystallization so that each region can have not just two states but potentially several states. This type of storage where one region can have multiple states is referred to as MultiLevel Cell (MLC) storage.
Advantages
Since phase change memory implementations are quite expensive to produce it is believed that a significant implementation of MLC storage will allow for very large amounts of storage and justify the high price of the technology in a competitive market. Of course, MLC storage isn’t unique to phase change memory implementations; it’s also seen in flash based memory. In flash based memory storage solutions it’s common to see four states supported per cell. This provides two bits of storage for each cell - as opposed to one bit per sell for Single Level Cell (SLC) storage.
Figure 1: attributes of phase change memory (PCM) compared to other types (Courtesty of hothardware.com)
Challenges
There are some drawbacks to MLC storage. Since there are more states stored in a single cell there is less of a difference between these states which can result in a higher bit error rate (BER). In flash based memory storage solutions this can be adequately handled via an increased role for error correction modules. The increased error correcting could potentially slow down an application, but this is the trade off for getting basically double the storage in the physical area.In phase change memory the effect of having four states per cell is even more dramatic than in the flash based implementations. This is due to the cells having what’s known as a resistance drift. A resistance drift describe the effect of the resistance level of the different states chaning - or drifting - over time.
So you may be asking - what’s the big deal about this resistance drift? Can’t we just store a known value in some cells and measure the drift over time, then compensate for the drift when reading from the other cells? Yes, we could, if the drift was uniform across the cells. It’s not. The resistance drift is somewhat erratic and cannot be compensated for in this manner.
Group Policy Design principle
Active Directory Group Policy Design Principles
Group Policy processing rules of thumb
These are my 5 rules of thumb I tried to remember when I was taking up the Active Directory Implementation and Active Directory Design exams, and in my subsequent Group Policy design exercises.
Rule 1 – Execution Order: L > S > D > OU. Local policies are procesed first. Then follows the Site GPO’s, then Domain GPO’s, then OU GPO’s from top level OU until the direct container of the user or computer object. Any conflicting settings and the last processed GPO will prevail.
Rule 2 – Inheritance. GPO setings are inherited from the top level containers containers to the direct container of the user or computer object. If we need to remove the Run Menu from all users in our domain, we simply need to create the GPO for this and link it to our domain, instead of linking it on all OU’s where there are user accounts. There are of course, exceptions to the rule.
Rule 3 – Block Inheritance. Block Inheritance is applied to the container and ensures that any policy in the upper level containers are not applied to the container that it is applied to and the downstream containers. This is intended as an exception to Rule # 2 on Inheritance. The proper application to this is a downstream container.
Rule 4 – Link Enforced. Enforcing the link ensures that the GPO will be executed no matter what downstream GPO’s are applied to downstream containers. This provides an exception to Rule # 1 on Execution Order. The proper application to this is an upstream link. Note that Enforced is applied to the link, meaning the should GPO may be linked to more than one container, only those that we applied Enforced are those that will be enforced. Enforcing the link is a powerful exception that overrides the Block Inheritance exception
Rule 5 – GPO Access Control. If, for example, one would intend to enforce a specific GPO only to a subset of user accounts in an OU, we only need to change the default Access Control List of the GPO to allow both Read and Apply Group Policy to those user accounts that need to be enforced with the policy (we need to remove Authenticated Users from this ACL in the process). On the other hand, if we wish that a specific subset of users, say for example, Administrators SHOULD NOT be enforced with, say for example, a restrictive GPO, then we can just grant them Deny permissions on Apply Group Policy. Note that the Enterprise Admins, Domain Admins and Administrators groups are not subject to Group Policies because these group accounts are not given the Allow permission in Apply Group Policy permission by default, but they are also not explicitly given a Deny permission. This means that, making a user account a member of these groups does not necessarily liberate that user account from restrictive Group Policies. For really restrictive policies that endanger an administrative account being locked out, it is best to explicitly give the said group accounts the Deny permission on the Apply Group Policy access control entry.
Key pointers in designing and implementing Group Policies
- Although one can link a GPO to the Site container, it is not adviseable, given the fact that a site can contain multiple Domain Controllers from different domains.
- As mentioned in the OU Design document, implementing a wide but shallow OU structure is better than a narrow but deep structure for performance purposes. The deeper the OU, the more Group Policies that need to be processed and the longer it takes to start up the machine and/or log on the user. Although a wide but deep structure would eventually mean more GPO’s and more links, less GPO’s need to be enforced during the startup or logon process.
- Ensure that the Distributed File System (DFS) is working properly between domain controllers in the same domain. DFS is the means for the Group Policy files to be transferred between domain controllers. If DFS is malfunctioning, it is possible that multiple, copies of the same GPO get propagated and enforced on the client machines. Depending on the nature of the GPO, this can pose a serious security threat to the network.
- Download and install the Group Policy Management Console (GPMC)
- Learn the proper usage of Block Policy Inheritance and Link Enforced. Refrain from using these exceptions if you can get away with it. Remember: Block Policy Inheritance is applied to a downstream container, while Link Enforced is applied to an upstream Link.
Auditing a DNS Zone
1. Introduction
One of the main aspects of security is the maintenance and to do that correctly the administrator needs to be able to track changes that are done in the environment. There are a lot of challenges on this area and one of the biggest challenge is to log what needs to be logged without overwhelm the server.
When I was working in the platforms team I remember that I received a call from a customer saying that he wants to know who deleted a record on his DNS Zone. First question was: do you have an audit policy for DNS enable? He was like: what is that? After review his environment I saw that the auditing was enabled, but not for the Active Directory Objects (his DNS Zone was integrated to AD).
This post will walk through the Auditing configuration of a DNS Zone (AD Integrated) on Windows Server 2003.
2. Preparing the Environment
There are three steps to prepare the environment:
· Verify if the Audit Policy called Audit Directory Service Access is enabled and what is the setting.
· Enabled the Auditing on the DNZ Zone that you want to audit.
· Use the Event Viewer to find out which object of modified (in this case the example will be an object deletion).
3. Configuring the Audit Policy
Open the Default Domain Controllers Policy, and check if the policy highlighted below is selected just like that:
Figure 1 – Configuring Upload and Download Policy.
In my case I changed to audit Success and Failure, but the final configuration will be according to your needs.
4. Configuring the DNS Zone
Now that we have enabled the Audit Policy to all Domain Controller in the domain, we need to change the DNS Zone. To do that follow the steps below:
1) Open ADSIEdit (Start / Run / ADSIEDIT.msc)
2) Right click in the ADSI Edit and click in Connect To…
3) In the Connection Settings window, configure just like show below:
Figure 2 – Connection Setting.
Note: Change the dc= to reflect your domain name.
4) After that click OK.
5) Now expand the container until you get to the same node as show below:
Figure 3 – Configuring the Zone.
5) Right click in the name of the zone located under CN=MicrosoftDNS and click in Properties.
6) Click in Security and then Advanced.
7) Click in Auditing and click in Add.
8) Type Everyone and click OK. Add the following type of access:
· Write All Properties
· Delete
· Delete Subtree
9) Click OK on all three windows.
Now we are ready to log !!
5. Testing
For testing purpose I delete the record called work01 and here what you should see on the security event log:
Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 566
Date: 3/5/2008
Time: 7:33:51 PM
User: CONTOSO\Administrator
Computer: DCCONT
Description:
Object Operation:
Object Server: DS
Operation Type: Object Access
Object Type: dnsNode
Object Name: DC=work01,DC=contoso.msft,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=msft
Handle ID: -
Primary User Name: DCCONT$
Primary Domain: CONTOSO
Primary Logon ID: (0x0,0x3E7)
Client User Name: Administrator
Client Domain: CONTOSO
Client Logon ID: (0x0,0x19062D)
Accesses: Write Property
Properties:
Write Property
Default property set
dnsRecord
dNSTombstoned
dnsNode
Additional Info:
Additional Info2:
Access Mask: 0x20
Note the following points in red (from top to down):
· The event type: the user was able to successfully perform this operation.
· Category: the object was categorized as a DS Object.
· User: the name of the user that performed this operation.
· Object Name: the complete path from where the object was located.
· dNSTombstoned: this is probably the only one that is not friendly. This attribute is logged whenever an object is deleted. For more information review the DNS-Tombstoned Attribute at MSDN.
Subscribe to:
Posts (Atom)