Download Administering Windows Server 2012.70-411.TestKing.2018-12-02.181q.vcex

Source-initiated subscriptions allow you to define a subscription on an event collector computer without defining the event source computers, and then multiple remote event source computers can be set up (using a group policy setting) to forward events to the event collector computer. This differs from a collector initiated subscription because in the collector initiated subscription model, the event collector must define all the event sources in the event subscription. Run the following command from an elevated privilege command prompt on the Windows Server domain controller to configure Windows Remote Management: winrm qc -q.Start group policy by running the following command: %SYSTEMROOT%\System32\gpedit.msc.Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event Forwarding node. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force.If you want to configure a source computer-initiated subscription, you need to configure the following group policies on the computers that will act as the event forwarders:(A) Configure Target Subscription Manager This policy enables you to set the location of the collector computer.

Hyper-V Performance Monitoring Tool Know which resource is consuming more CPU. Find out if CPUs are running at full capacity or if they are being underutilized. Metrics tracked include Total CPU utilization, Guest CPU utilization, Hypervisor CPU utilization, idle CPU utilization, etc. WSRM is deprecated starting with Windows Server 2012   

In the simplest way of thinking the virtual processor time is cycled across the available logical processors in a round-robin type of fashion. Thus all the processing power gets used over time, and technically nothing ever sits idle. To accurately measure the processor utilization of a guest operating system, use the "\Hyper-V Hypervisor Logical Processor (Total)\% Total Run Time" performance monitor counter on the Hyper-V host operating system.

Access-based enumeration is only supported on a Domain-based Namespace in Windows Server 2008 Mode. This type of Namespace requires a minimum Windows Server 2003 forest functional level and a minimum Windows Server 2008 domain functional level. The exhibit indicates that the current namespace is a Domain-based Namespace in Windows Server 2000 Mode. To migrate a domain-based namespace from Windows 2000 Server mode to Windows Server 2008 mode, you must export the namespace to a file, delete the namespace, recreate it in Windows Server 2008 mode, and then import the namespace settings. Reference:http://msdn.microsoft.com/en-us/library/cc770287.aspxhttp://msdn.microsoft.com/en-us/library/cc753875.aspx

To set a global resource SACL to audit successful and failed attempts by a user to perform generic read and write functions on files or folders:auditpol /resourceSACL /set /type: File /user:MYDOMAINmyuser /success /failure /access: FRFWSyntax auditpol /resourceSACL [/set /type: <resource> [/success] [/failure] /user: <user> [/access: <access flags>]][/remove/type: <resource>/user: <user> [/type: <resource>]][/clear [/type: <resource>]][/view [/user: <user>] [/type: <resource>]]References:http://technet.microsoft.com/en-us/library/ff625687(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/ff625687.aspx

In Quota Management, click the Quota Templates node. In the Results pane, select the template on which you will base your new quota. Right-click the template and click Create Quota from Template (or select Create Quota from Template from the Actions pane). This opens the Create Quota dialog box with the summary properties of the quota template displayed. Under Quota path, type or browse to the folder that the quota will apply to. Click the Create quota on path option. Note that the quota properties will apply to the entire folder. Note: To create an auto apply quota, click the Auto apply template and create quotas on existing and new subfolders option. For more information about auto apply quotas, see Create an Auto Apply Quota.Under Drive properties from this quota template, the template you used in step 2 to create your new quota is preselected (or you can select another template from the list). Note that the template's properties are displayed under Summary of quota properties. Click Create. Create a new Quota on path, without using the auto apply template and create quota on existing and new subfolders.       Reference: http://technet.microsoft.com/en-us/library/cc755603(v=ws.10).aspx

  A: The Bridge all site links option in Active Directory must be enabled. (This option is available in the Active Directory Sites and Services snap-in.) Turning off Bridge all site links can affect the ability of DFS to refer client computers to target computers that have the least expensive connection cost. An Intersite Topology Generator that is running Windows Server 2003 relies on the Bridge all site links option being enabled to generate the intersite cost matrix that DFS requires for its site-costing functionality. If you turn off this option, you must create site links between the Active Directory sites for which you want DFS to calculate accurate site costs.Any sites that are not connected by site links will have the maximum possible cost.   References: http://faultbucket.ca/2012/08/fixing-a-dfsr-connection-problem/http://technet.microsoft.com/en-us/library/cc771941.aspx

Access-Denied Assistance is a new role service of the File Server role in Windows Server 2012.   We need to install the prerequisites for Access-Denied Assistance. Because Access-Denied Assistance relies up on e-mail notifications, we also need to configure each relevant file server with a Simple Mail Transfer Protocol (SMTP) server address. Let's do that quickly with Windows PowerShell:Set-FSRMSetting -SMTPServer mailserver. nuggetlab.com -AdminEmailAddress [email protected] -FromEmailAddress [email protected] You can enable Access-Denied Assistance either on a per-server basis or centrally via Group Policy. To my mind, the latter approach is infinitely preferable from an administration standpoint. Create a new GPO and make sure to target the GPO at your file servers' Active Directory computer accounts as well as those of your AD client computers. In the Group Policy Object Editor, we are looking for the following path to configure Access-Denied Assistance:\Computer Configuration\Policies\Administrative Templates\System\Access-Denied Assistance   The Customize message for Access Denied errors policy, shown in the screenshot below, enables us to create the actual message box shown to users when they access a shared file to which their user account has no access.   What's cool about this policy is that we can "personalize" the e-mail notifications to give us administrators (and, optionally, file owners) the details they need to resolve the permissions issue quickly and easily. For instance, we can insert pre-defined macros to swap in the full path to the target file, the administrator e-mail address, and so forth. See this example:Whoops! It looks like you're having trouble accessing [Original File Path]. Please click Request Assistance to send [Admin Email] a help request e-mail message. Thanks! You should find that your users prefer these human-readable, informative error messages to the cryptic, non-descript error dialogs they are accustomed to dealing with. The Enable access-denied assistance on client for all file types policy should be enabled to force client computers to participate in Access-Denied Assistance. Again, you must make sure to target your GPO scope accordingly to "hit" your domain workstations as well as your Windows Server 2012 file servers. Testing the configuration This should come as no surprise to you, but Access-Denied Assistance works only with Windows Server 2012 and Windows 8 computers. More specifically, you must enable the Desktop Experience feature on your servers to see Access-Denied Assistance messages on server computers. When a Windows 8 client computer attempts to open a file to which the user has no access, the custom Access-Denied Assistance message should appear:  If the user clicks Request Assistance in the Network Access dialog box, they see a secondary message:  At the end of this process, the administrator(s) will receive an e-mail message that contains the key information they need in order to resolve the access problem:The user's Active Directory identity The full path to the problematic file A user-generated explanation of the problem So that's it, friends! Access-Denied Assistance presents Windows systems administrators with an easy-to-manage method for more efficiently resolving user access problems on shared file system resources. Of course, the key caveat is that your file servers must run Windows Server 2012 and your client devices must run Windows 8, but other than that, this is a great technology that should save admins extra work and end-users extra headaches. Reference: http://4sysops.com/archives/access-denied-assistance-in-windows-server-2012/

When using the email model each of the file shares, you can determine whether access requests to each file share will be received by the administrator, a distribution list that represents the file share owners, or both. The owner distribution list is configured by using the SMB Share – Advanced file share profile in the New Share Wizard in Server Manager. References:http://technet.microsoft.com/en-us/library/jj574182.aspx#BKMK_12

By default, only members of the Domain Admins group and the Enterprise Admins group are allowed to view the snapshots because they contain sensitive AD DS data. If you want to access snapshot data from an old domain or forest that has been deleted, you can allow nonadministrators to access the data when you run Dsamain.exe. If you plan to view the snapshot data on a domain controller, specify ports that are different from the ports that the domain controller will use. A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP port and UDP [7] port 389. The client then sends an operation request to the server, and the server sends responses in return. With some exceptions, the client does not need to wait for a response before sending the next request, and the server may send the responses in any order. All information is transmitted using Basic Encoding Rules (BER).   References:http://technet.microsoft.com/en-us/library/cc753609(v=ws.10).aspx