October 15th, 2019 | Tags:

灾备

灾备即灾难备援,它是指利用科学的技术手段和方法,提前建立系统化的数据应急方式,以应对灾难的发生,包括数据备份和系统备份,业务连续规划、人员架构、通信保障、危机公关,灾难恢复规划、灾难恢复预案、业务恢复预案、紧急事件响应、第三方合作机构和供应链危机管理等等。

灾备等级

根据恢复的目标与需要的成本投入,灾备大体可以分为三个等级,如图-1可以用三个嵌套的同心圆表示,从数据级灾备、应用级灾备到业务级灾备,业务恢复等级逐步提高,而需要的投资费用也相应增长。

Read more…

September 24th, 2019 | Tags:

Server 2016 默认远程桌面连接数是 2 个用户,如果多余两个用户进行远程桌面连接时,系统就会提示超过连接数,可以通过添加远程桌面授权解决:

1、添加远程桌面授权服务

第一步:服务器管理 - 添加角色和功能打开添加角色和功能向导窗口,选择基于角色或给予功能安装

Windows Server 2016 远程桌面服务配置和授权激活

第二步:添加远程桌面会话主机和远程桌面授权功能:
Read more…

September 18th, 2019 | Tags:

Sources of Free S/MIME Certificates

Free certificates usable for S/MIME are available from:

  • Actalis
  • CAcert (CAcert is NOT one of the trusted authorities built-in to FireFox and ThunderBird. The connection is also untrusted)
  • Comodo (They’ve changed their name to Sectigo and no longer offer free S/MIME certificates/)
  • GlobalSign (No longer offer free certificates)
  • InstantSSL (free certificate is now a 30 day trial)
  • Secorio (Affiliated Partner of Sectigo (formerly called Comodo) that links to InstantSSL if you want a free certificate)
  • StartCom (StartCom certificates have been revoked by Mozilla) [1]
  • Wosign (WoSign certificates have been revoked by Mozilla)

Currently only Actalis seems to offer a free S/MIME certificate for personal use that is good for one year. Everybody else appears to offer a free certificate for personal use for only 30 days, or require you to buy one. It can also cost money to revoke a free certificate. [2]

Let’s Encrypt does not currently offer S/MIME certificates. See https://community.letsencrypt.org/t/s-mime-certificates/153 for a thread explaining why you can’t use their SSL/TLS certificates for S/MIME.

September 18th, 2019 | Tags:
If you would like to restrict Remote Desktop access to your Dedicated server to an IP address or range of IP addresses, you can do so by following the instructions below.
Edit Existing Firewall Rule

Read more…

September 18th, 2019 | Tags:

https://gallery.technet.microsoft.com/Windows-Backup-wbadmin-2014479e

September 18th, 2019 | Tags:

Block 1: Connect to the WSUS server and set the configuration.
We are first going to set the property “Download update files to this server only when updates are appoved”, turn off all update languages, and then set the only update language to English. At the end, this would all be pointless if we didn’t commit our changes with .Save.

Of course there are a lot more things you can do, just let intellisense go to work for you.

$wsus = Get-WSUSServer -Name wsus.domain.local -PortNumber 8530
$wsusConfig = $wsus.GetConfiguration()
$wsusConfig.DownloadUpdateBinariesAsNeeded = $True
$wsusConfig.AllUpdateLanguagesEnabled = $false
$wsusConfig.SetEnabledUpdateLanguages("en")
$wsusConfig.Save()

Block 2: Verifying an Auto-Approval rule is set and enabled.
In this example, we are simply going to check and see if “My Approval Rule” is created, and enabled. Read more…

September 18th, 2019 | Tags:

This script will look for GPOs which have no settings at all and delete them.

Import-Module GroupPolicy
$GPOs = Get-GPO -All
foreach ($GPO in $GPOs)
{
if (($GPO.Computer.DSVersion -eq 0) -and ($GPO.User.DSVersion -eq 0)) {
    write-host $GPO.DisplayName is an empty GPO.
    $GPO.DisplayName | Remove-GPO
    }
}
September 18th, 2019 | Tags:

These policies generally are meant for just computer or user settings. This script will disable the empty settings (for example, if a GPO has only computer setttings, it will disable user settings). This is important as it does speed up performance by not having to process empty policies.

Import-Module GroupPolicy
$GPOs = Get-GPO -All
foreach ($GPO in $GPOs)
{
if (($GPO.Computer.DSVersion -eq 0) -and ($GPO.GpoStatus -ne "ComputerSettingsDisabled")) {
    write-host $GPO.DisplayName has no computer settings and not disabled.  Disabling...
    $GPO.GpoStatus="ComputerSettingsDisabled"
    }
 
if (($GPO.User.DSVersion -eq 0) -and ($GPO.GpoStatus -ne "UserSettingsDisabled")) {
    write-host $GPO.DisplayName has no user settings and not disabled.  Disabling...
    $GPO.GpoStatus="UserSettingsDisabled"
    }
}
September 18th, 2019 | Tags: , ,

Unlinked GPOs are just simply policies that aren’t applied to any OU or site. These policies aren’t

$BackupPath="C:\temp\GPOBackups"
Get-GPO -All | Sort-Object displayname | 
Where-Object { If ( $_ | Get-GPOReport -ReportType XML | 
Select-String -NotMatch "<LinksTo>" )
{
Backup-GPO -name $_.DisplayName -path $BackupPath
$_.DisplayName | Out-File $BackupPath\unlinked.txt -Append
#Outputting the results to the screen
$_.Displayname | Select-Object DisplayName
#Uncomment this when you're ready to delete all the ones the script finds..
# $_.Displayname | remove-gpo
}
}
September 18th, 2019 | Tags:

System Environment

Read more…