IT Questions and Answers :)

Wednesday, May 15, 2019

There are two types of groups recognized by Active Directory: Security and _________

There are two types of groups recognized by Active Directory: Security and _________

  • Peer
  • Domain
  • Global
  • Distribution 

There are two types of groups recognized by Active Directory: Security and _________

EXPLANATION

Group Types

Two types of groups can be created in Active Directory. Each group type is used for a different purpose. A security group is one that is created for security purposes, while a distribution group is one created for purposes other than security purposes. Security groups are typically created to assign permissions, while distribution groups are usually created to distribute bulk e-mail to users. As one may notice, the main difference between the two groups is the manner in which each group type is used. Active Directory allows users to convert a security group into a distribution group and to convert a distribution group into a security group if the domain functional level is raised to Windows 2000 Native or above.

  • Security groups: A security group is a collection of users who have the same permissions to resources and the same rights to perform certain system tasks. These are the groups to which permissions are assigned so that its members can access resources. Security groups therefore remove the need for an Administrator to individually assign permissions to users. Users that need to perform certain tasks can be grouped in a security group then assigned the necessary permissions to perform these tasks. Each user that is a member of the group has the same permissions. In addition to this, each group member receives any e-mail sent to a security group. When a security group is first created, it receives an SID. It is this SID that enables permissions to be assigned to security groups – the SID can be included in a resource’s DACL. An access token is created when a user logs on to the system. The access token contains the user’s SID and the SID of those groups to which the user is a member of. This access token is referenced when the user attempts to access a resource. The access token is compared with the resource’s DACL to determine which permissions the user should receive for the resource.
  • Distribution groups: Distribution groups are created to share information with a group of users through e-mail messages. Thus, a distribution group is not created for security purposes. A distribution does not obtain an SID when it is created. Distribution groups enable the same message to be simultaneously sent to its group members. Messages do not need to be individually sent to each user. Applications such as Microsoft Exchange that work with Active Directory can use distribution groups to send bulk e-mail to groups of users.
Share:

Which tool gives you a real-time graphical look at Microsoft Windows (Vista and later) performance information?

Which tool gives you a real-time graphical look at Microsoft Windows (Vista and later) performance information?

  • Task Monitor
  • Resource Monitor
  • Task Viewer
  • Event Monitor 
Which tool gives you a real-time graphical look at Microsoft Windows (Vista and later) performance information?

EXPLANATION

Resource Monitor, a utility in Windows Vista and later, displays information about the use of hardware and software resources in real time. Users can launch Resource Monitor by executing resmon.exe.

Resource Monitor is a necessary complement to Task Manager, which is too limited (Windows 7 here). For instance, only Resource Monitor will show what discs are currently spinning. 


Share:

Which tool can you use to troubleshoot Active Directory problems?

Which tool can you use to troubleshoot Active Directory problems?

  • Repadmin
  • WSRM
  • Hammer
  • Repmon 
Which tool can you use to troubleshoot Active Directory problems?

EXPLANATION

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2
This document describes how to use the Repadmin.exe tool to monitor, diagnose, and troubleshoot common replication problems in your Active Directory® environment. All the information in this document applies to computers running the Microsoft® Windows® 2000 Server and Windows Server® 2003 operation systems. This document includes the following topics:
To obtain a copy of this guide in .doc file format, see Troubleshooting replication with repadmin on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkID=129020).

 


Share:

What is the name of the shared folder that exists on all domain controllers and stores things like Group Policy objects and login scripts?

What is the name of the shared folder that exists on all domain controllers and stores things like Group Policy objects and login scripts?

  • Builtin
  • Share
  • SYSVOL
  • C$ 
What is the name of the shared folder that exists on all domain controllers and stores things like Group Policy objects and login scripts?

EXPLANATION

The System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain

The System Volume (Sysvol) is a shared directory that stores the server copy of the domain's public files that must be shared for common access and replication throughout a domain. The Sysvol folder on a domain controller contains the following items:

  • Net Logon shares. These typically host logon scripts and policy objects for network client computers.
  • User logon scripts for domains where the administrator uses Active Directory Users and Computers.
  • Windows Group Policy.
  • File replication service (FRS) staging folder and files that must be available and synchronized between domain controllers.
  • File system junctions.
File system junctions are used extensively in the Sysvol structure and are a feature of NTFS file system 3.0. You must be aware of the existence of junction points and how they operate so that you can avoid data loss or corruption that may occur if you modify the Sysvol structure.

 

Share:

What does CPU stand for?

What does CPU stand for?

  • Core Processing Unit
  • Custom Processing Unit
  • Central Processing Unit
  • Computer Processing Unit 
What does CPU stand for?

EXPLANATION

A central processing unit is the electronic circuitry within a computer that carries out the instructions of a computer program by performing the basic arithmetic, logical, control and input/output operations specified by the instructions. The computer industry has used the term "central processing unit" at least since the early 1960s.Wikipedia


Share:

What allows you to deploy GPO settings without restricting users from changing them later?

What allows you to deploy GPO settings without restricting users from changing them later?

  • Group Policy Preferences
  • Group Policy Prerogative
  • Group Policy YesNoMaybe
  • Group Policy Choices 

What allows you to deploy GPO settings without restricting users from changing them later?

EXPLANATION

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A version of Group Policy called Local Group Policy also allows Group Policy Object management on standalone and non-domain computers.

In the beginning of Group Policy evolved out of what was called "System Policies." These were what we now call the Administrative Template extension or registry-based policy settings. These settings are considered to be "true" policy settings as opposed to what was then termed "preference" settings. What is the difference between GP policy settings and preferences?

GP policy settings will:
  1. not tattoo. In other words, when a Group Policy object (GPO) goes out of scope, the policy setting is removed allowing the original configuration value to be used.
  2. supersede an application's configuration setting. In other words, when a GP policy is configured to a value, the application is aware of that value and always uses it over the configurable value.
  3. be recognized by an application. In other words, the display of the configuration item under control of a GP policy setting will be unavailable through the user interface. This is where graying out a configuration item on a menu, not displaying a dialog box, or providing a pop-up message explaining the current feature is under administrator control is used to inform the user they can't configure an option.
Preference settings will:
  1. tattoo. In other words, when a GPO goes out of scope, the preference value will remain in the registry. An administrator is responsible for making sure these values are set to disable, prior to the GPO going out of scope, if the administrator wants the preference setting removed. The preference setting will not be replaced with the original application configuration value.
  2. overwrite an application's configuration setting. This is accomplished by overwriting the original user configured-value for the application. No effort is made to retain the original value before overwriting the value with the preference setting. And, as was noted in 1, the overwritten value will not be removed when the GPO goes out of scope.
  3. not be recognized by an application. In other words, the application's user interface will allow a user to change the configuration item. Most importantly, the Group Policy engine only recognizes when a GPO changes, not when the preference value has been changed. This means the preference setting will be applied once and not automatically reapplied if the user changes the value of the configuration item.
There was a desire to create a registry-based setting that was a melding of the GP policy settings with the preference settings which became the GP preferences. Unlike, preference settings, GP preference settings' behavior is configurable to act differently than a preference setting depending on the options you select.
GP preference settings will:
  1. tattoo, by default. In other words, when a Group Policy object (GPO) goes out of scope, the GP preference setting will be remain in the registry.
    However, you can change the behavior of the GP preference setting by selecting the "Remove this item when it is no longer applied" option for a specific GP preference setting. After selecting this option, the GP preference setting will be removed when the GPO goes out of scope.
  2. overwrite an application's configuration setting. This is accomplished by overwriting the original user configured-value for the application. The original value will not be retained when the application's configuration setting is overwritten by the GP preference setting.
    If the option to "Remove this item when it is no longer applied" has been selected, the GP preference setting will be removed. The application will use the default configuration value, not a previously set user configuration value.
  3. not be recognized by an application. In other words, the application's user interface will allow a user to change the configuration item. By default, the GP preference setting will be automatically reapplied at every GP refresh, not when the application's configuration value has been changed by the user.
    Now the administrator can select the "Apply once and do not reapply" option. This will change the GP preference setting's behavior to only apply the GP preference setting value once and not apply again, even if the user has changed the application's configuration value.
When dealing with registry-based settings the differences between preference settings and GP preferences are subtle. The biggest difference I want to call out here is that while preference settings are always used in connection with registry-based settings, GP preferences can configure more than just registry-based settings. For more information check out the paper providing an overview of Group Policy preferences, http://go.microsoft.com/fwlink/?LinkId=103735.
 
Share:

In Powershell, what does the command "(get-history)[-1].commandLine | clip" do?

In Powershell, what does the command "(get-history)[-1].commandLine | clip" do?

  • Clears the entire command history in the current shell session.
  • Copies the last-issued command in the current shell session to the clipboard.
  • Clears the last-issued command in the command history in the current shell session.
  • Copies the entire command history in the current shell session to the clipboard.

EXPLANATION

Get-History - Get a list of the commands entered during the current session.  Returns a HistoryInfo object for each history item that it gets.
Powershell About Arrays - "Negative numbers count from the end of the array. For example, '-1' refers to the last element of the array."
HistoryInfo.CommandLine Property - Returns the command line string that was issued for that command history item
clip -  Windows Vista included a tiny command line utility called clip. All it does is paste its stdin onto the clipboard.  (Not actually a Powershell command so can be used in Command Prompt as well.

SOURCE

https://ss64.com/ps/get-history.html
Share:

Popular Posts