Back up your NTFS security permissions

Subinacl.exe

http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en

Here is example syntax that you can use to proactively back up your NTFS permissions:

Subinacl /noverbose /output=c:\ntfs_perms.txt /subdirectories “Path to the Folder whose NTFS permissions we have to Backup”

To backup the permissions of the folder, subfolders and files on folder called Data on the G: drive:

subinacl /noverbose /output=c:\ntfs_perms.txt /subdirectories G:\data\

If you wanted to just backup the NTFS permissions for the entire drive, the command would look like this:

subinacl /noverbose /output=c:\ntfs_G_drive_perms.txt /subdirectories G:\*.*

Most of you will probably not be concerned with backing up down to the file level, and are satisfied with just backing up the permissions at the directory level.  Backing up the permissions for just the directories can be achieved with the following syntax:

subinacl /noverbose /output=c:\G_driveNTFSperms.txt /subdirectories=directoriesonly G:\*.*

image

The contents of the file created by subinacl are viewable in your favorite text editor:

image

To restore the permissions on the drive using the file that you backed them up to:

Subinacl /playfile c:\G_driveNTFSperms.txt

image

 

Test it out thoroughly in your lab environment before rolling it out to production.

DFS Error error ID: 9032 (The connection is shutting down). Event ID: 5002

1.DFS Replication cannot replicate with partner <server> due to a communication error. The DFS Replication service used partner DNS name <server.domain>, IP address x.x.x.x, and WINS address <server> but failed with error ID: 9032 (The connection is shutting down). Event ID: 5002.

The problematic replicated folder is “waiting for initial replication”, this could be due to not setting the primary member

Please run the following command to find if you have any primary server already for that RG name (IsPrimary=Yes)
Dfsradmin Membership List /RGname:<replication group name> /attr:MemName,RFName,IsPrimary

If the result shows the value for IsPramary attribute is “No”, that means you don’t have any primary server. In this situation, you may set the primary server using the following command
Dfsradmin Membership Set /RGName:<replication group name> /RFName:<replicated folder name> /MemName:<computer name of the member you want to set> /IsPrimary:True

Example : dfsradmin membership set /RGname:contoso.com\namespace\source /RFName:source /memname:Server1 /isPrimary:True

2. Increase the staging folder size to double for the problematic replicated folder if space is available.

 

Linux file system hierarchy

What is a file in Linux? What is file system in Linux? Where are all the configuration files? Where do I keep my downloaded applications? Is there really a filesystem standard structure in Linux? Well, the above image explains Linux file system hierarchy in a very simple and non-complex way. It’s very useful when you’re looking for a configuration file or a binary file. I’ve added some explanation and examples below, but that’s TLDR.
What is a file in Linux?

A simple description of the UNIX system, also applicable to Linux, is this:

On a UNIX system, everything is a file; if something is not a file, it is a process.

This statement is true because there are special files that are more than just files (named pipes and sockets, for instance), but to keep things simple, saying that everything is a file is an acceptable generalization. A Linux system, just like UNIX, makes no difference between a file and a directory, since a directory is just a file containing names of other files. Programs, services, texts, images, and so forth, are all files. Input and output devices, and generally all devices, are considered to be files, according to the system.

linux-file-system-hierarchy-linux-file-structure-optimized

 

 

In order to manage all those files in an orderly fashion, man likes to think of them in an ordered tree-like structure on the hard disk, as we know from MS-DOS (Disk Operating System) for instance. The large branches contain more branches, and the branches at the end contain the tree’s leaves or normal files. For now we will use this image of the tree, but we will find out later why this is not a fully accurate image.

 

DIRECTORY DESCRIPTION
/ Primary hierarchy root and root directory of the entire file system hierarchy.
/bin Essential command binaries that need to be available in single user mode; for all users, e.g., cat, ls, cp.
/boot Boot loader files, e.g., kernels, initrd.
/dev Essential devices, e.g., /dev/null.
/etc Host-specific system-wide configuration filesThere has been controversy over the meaning of the name itself. In early versions of the UNIX Implementation Document from Bell labs, /etc is referred to as the etcetera directory, as this directory historically held everything that did not belong elsewhere (however, the FHS restricts /etc to static configuration files and may not contain binaries). Since the publication of early documentation, the directory name has been re-designated in various ways. Recent interpretations include backronyms such as “Editable Text Configuration” or “Extended Tool Chest”.
/opt Configuration files for add-on packages that are stored in /opt/.
/sgml Configuration files, such as catalogs, for software that processes SGML.
/X11 Configuration files for the X Window System, version 11.
/xml Configuration files, such as catalogs, for software that processes XML.
/home Users’ home directories, containing saved files, personal settings, etc.
/lib Libraries essential for the binaries in /bin/ and /sbin/.
/lib Alternate format essential libraries. Such directories are optional, but if they exist, they have some requirements.
/media Mount points for removable media such as CD-ROMs (appeared in FHS-2.3).
/mnt Temporarily mounted filesystems.
/opt Optional application software packages.
/proc Virtual filesystem providing process and kernel information as files. In Linux, corresponds to a procfs mount.
/root Home directory for the root user.
/sbin Essential system binaries, e.g., init, ip, mount.
/srv Site-specific data which are served by the system.
/tmp Temporary files (see also /var/tmp). Often not preserved between system reboots.
/usr Secondary hierarchy for read-only user data; contains the majority of (multi-)user utilities and applications.
/bin Non-essential command binaries (not needed in single user mode); for all users.
/include Standard include files.
/lib Libraries for the binaries in /usr/bin/ and /usr/sbin/.
lib Alternate format libraries (optional).
/local Tertiary hierarchy for local data, specific to this host. Typically has further subdirectories, e.g., bin/, lib/, share/.
/sbin Non-essential system binaries, e.g., daemons for various network-services.
/share Architecture-independent (shared) data.
/src Source code, e.g., the kernel source code with its header files.
/X11R6 X Window System, Version 11, Release 6.
/var Variable files—files whose content is expected to continually change during normal operation of the system—such as logs, spool files, and temporary e-mail files.
/cache Application cache data. Such data are locally generated as a result of time-consuming I/O or calculation. The application must be able to regenerate or restore the data. The cached files can be deleted without loss of data.
/lib State information. Persistent data modified by programs as they run, e.g., databases, packaging system metadata, etc.
/lock Lock files. Files keeping track of resources currently in use.
/log Log files. Various logs.
/mail Users’ mailboxes.
/opt Variable data from add-on packages that are stored in /opt/.
/run Information about the running system since last boot, e.g., currently logged-in users and running daemons.
/spool Spool for tasks waiting to be processed, e.g., print queues and outgoing mail queue.
/mail Deprecated location for users’ mailboxes.
/tmp Temporary files to be preserved between reboots.

Types of files in Linux

Most files are just files, called regular files; they contain normal data, for example text files, executable files or programs, input for or output from a program and so on.

While it is reasonably safe to suppose that everything you encounter on a Linux system is a file, there are some exceptions.

  • Directories: files that are lists of other files.
  • Special files: the mechanism used for input and output. Most special files are in /dev, we will discuss them later.
  • Links: a system to make a file or directory visible in multiple parts of the system’s file tree. We will talk about links in detail.
  • (Domain) sockets: a special file type, similar to TCP/IP sockets, providing inter-process networking protected by the file system’s access control.
  • Named pipes: act more or less like sockets and form a way for processes to communicate with each other, without using network socket semantics.

 

File system in reality

For most users and for most common system administration tasks, it is enough to accept that files and directories are ordered in a tree-like structure. The computer, however, doesn’t understand a thing about trees or tree-structures.

Every partition has its own file system. By imagining all those file systems together, we can form an idea of the tree-structure of the entire system, but it is not as simple as that. In a file system, a file is represented by an inode, a kind of serial number containing information about the actual data that makes up the file: to whom this file belongs, and where is it located on the hard disk.

Every partition has its own set of inodes; throughout a system with multiple partitions, files with the same inode number can exist.

Each inode describes a data structure on the hard disk, storing the properties of a file, including the physical location of the file data. When a hard disk is initialized to accept data storage, usually during the initial system installation process or when adding extra disks to an existing system, a fixed number of inodes per partition is created. This number will be the maximum amount of files, of all types (including directories, special files, links etc.) that can exist at the same time on the partition. We typically count on having 1 inode per 2 to 8 kilobytes of storage.

At the time a new file is created, it gets a free inode. In that inode is the following information:

  • Owner and group owner of the file.
  • File type (regular, directory, …)
  • Permissions on the file
  • Date and time of creation, last read and change.
  • Date and time this information has been changed in the inode.
  • Number of links to this file (see later in this chapter).
  • File size
  • An address defining the actual location of the file data.

The only information not included in an inode, is the file name and directory. These are stored in the special directory files. By comparing file names and inode numbers, the system can make up a tree-structure that the user understands. Users can display inode numbers using the -i option to ls. The inodes have their own separate space on the disk.

Exchange 2010 Server – Authentication Requirements to confirm ActiveSync, EWS, OWA, and RPC over HTTPs functions

Settings required once Outlook Anywhere, ActiveSync and EWS have already been configured and enabled within the Exchange 2010 Console or Shell.  To make sure that the services are operational for the end user client stations / devices, IIS Authentication for the Default Web Site’s subsites/virtual directories are to be matched to the below:

Autodiscover
Anonymous Authentication Enabled
ASP.NET Impersonation Disabled
Basic Authentication Enabled
Digest Authentication Disabled
Forms Authentication Disabled
Windows Authentication Enabled

ecp
Anonymous Authentication Enabled
ASP.NET Impersonation Disabled
Basic Authentication Enabled
Digest Authentication Disabled
Forms Authentication Disabled
Windows Authentication Enabled

EWS
Anonymous Authentication Enabled
ASP.NET Impersonation Disabled
Basic Authentication Enabled
Digest Authentication Disabled
Forms Authentication Disabled
Windows Authentication Enabled

Microsoft-Server-ActiveSync
Anonymous Authentication Disabled
ASP.NET Impersonation Disabled
Basic Authentication Enabled
Digest Authentication Disabled
Forms Authentication Disabled
Windows Authentication Disabled

owa
Anonymous Authentication Disabled
ASP.NET Impersonation Disabled
Basic Authentication Enabled
Digest Authentication Disabled
Forms Authentication Disabled
Windows Authentication Enabled

Rpc
Anonymous Authentication Disabled
ASP.NET Impersonation Disabled
Basic Authentication Enabled
Digest Authentication Disabled
Forms Authentication Disabled
Windows Authentication Disabled

RpcWithCert
Anonymous Authentication Disabled
ASP.NET Impersonation Disabled
Basic Authentication Disabled
Digest Authentication Disabled
Forms Authentication Disabled
Windows Authentication Disabled

Make sure that the Default Web Site’s bindings do NOT have a hostname or hostname.domainname assigned to a port and IP address.  All configurations for hostname to be used internally and externally are now configured within the Exchange 2010 Console or Shell.  It is not dependent on IIS any longer like that of the Exchange 2003 services.

On the IIS Exchange Server, at the command prompt, run iisreset to restart the web services so that it can pick up the new configurations.

Installing .NET Framework 3.5 in Windows 8.1 or in Windows Server 2012

Mount the Windows 2012 R2 or Windows 8.1 ISO image / installation media:

At an elevated command prompt, run the following command:

Dism /online /enable-feature /featurename:NetFx3 /All /Source:<drive>:\sources\sxs /LimitAccess

Note In this command, <drive> is a placeholder for the drive letter for the DVD drive or for the Windows 8 installation media. For example, you run the following command: