Patching ESX Server
At the time of writing, patch version 27728 was the latest update for ESX Server 2.5.3. The patch process is generally similar for 2.5.x patches.
Proceed as follows:
1. Determine the Patch Revision from the Host SW Manifest tab of the PID.
2. Obtain the TAR archive containing the update from the Vmware website.
3. Power off all virtual machines and shutdown your server.
4. Restart your system.
5. At the LILO Boot Menu, select linux UP (linux Uniprocessor.)
6. Allow the system start procedure to complete.
7. Log in as root into the ESX Server service console, in Linux mode. Make sure your path variable contains /usr/bin:/bin.
8. Download the tar file into the temporary directory /tmp on the service console.
9. Change directories to /tmp.
10. Extract the compressed tar archive:
# tar -xvzf esx-2.5.3-27728-upgrade.tar.gz
11. Change directories to the newly created directory /tmp/esx-2.5.3-27728-upgrade:
# cd esx-2.5.3-27728-upgrade
12. Run the installer:
# /usr/bin/perl ./upgrade.pl
13. The system updates have now been installed. A reboot prompt displays:
Reboot the server now [y/n]?
Wednesday, September 19, 2007
Wednesday, August 8, 2007
For Loop to Process Multiple Files in a Folder
To register all the files in the System32 folder, type the following command and press ENTER:
for %m in (*.dll) do regsvr32 /s %m
for %m in (*.dll) do regsvr32 /s %m
Friday, April 20, 2007
Name Resolution
If all of these name resolution methods are used, an h-node host computer implements them in the following order:
NetBIOS name cache
WINS server
B-node broadcast
LMHOSTS file
HOSTS file
DNS server
NetBIOS name cache
WINS server
B-node broadcast
LMHOSTS file
HOSTS file
DNS server
Saturday, March 31, 2007
SUBST
Allows you to substitute a folder on your computer for another drive letter.
SYNTAX
Associates a path with a drive letter.
SUBST [drive1: [drive2:]path]SUBST drive1: /D
drive1: Specifies a virtual drive to which you want to assign a path. [drive2:]path Specifies a physical drive and path you want to assign to a virtual drive. /D Deletes a substituted (virtual) drive.
Type SUBST with no parameters to display a list of current virtual drives.
EXAMPLES
SUBST a: . Sets the directory you are in and subdirectories thereafter into the A: drive. So if you were to type A: after doing this command you would see everything in the directory that you typed this command in.
If you were to reboot your computer this will clear the SUBST command and put your drives back to original letters (unless command placed into the autoexec.bat).
You cannot subst network drives.
SYNTAX
Associates a path with a drive letter.
SUBST [drive1: [drive2:]path]SUBST drive1: /D
drive1: Specifies a virtual drive to which you want to assign a path. [drive2:]path Specifies a physical drive and path you want to assign to a virtual drive. /D Deletes a substituted (virtual) drive.
Type SUBST with no parameters to display a list of current virtual drives.
EXAMPLES
SUBST a: . Sets the directory you are in and subdirectories thereafter into the A: drive. So if you were to type A: after doing this command you would see everything in the directory that you typed this command in.
If you were to reboot your computer this will clear the SUBST command and put your drives back to original letters (unless command placed into the autoexec.bat).
You cannot subst network drives.
Sunday, January 21, 2007
Stub Zone , Delegation and Conditional Forwarding
Stub Zones:
Stub Zones are rather like DNS Secondary zones. The similarity is that both Zones have a read only copy of the server that is authoritative for a child DNS domain. The difference is that Stub Zones have only 3 records, SOA, NS and A, whereas Secondary zones have a full set of A records. Finally, the logic is that you create the Stub Zone only in the Root domain and the Stub Zone then has three records for each child domain.A copy of the SOA record for the zone.Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone
Incidentally, the A (Host) records in the Stub zone are referred to as 'glue' records.
The point of Stub Zones is to streamline administration, improve name resolution and possibly, reduce network traffic. Needless to say, Stub Zones are only needed in large complicated Forests, and are unnecessary if you only have one domain.
Delegation :The DNS infrastructure can be defined by its points of delegation. Beginning with the root of the DNS ("."), each zone administrator has the authority to delegate sub-zones to other responsible parties. Each sub-zone becomes another delegation point in the DNS infrastructure tree. In Essence Delegation Simply means that you have Delegated a Particular Zone.All the records for that Zone will be Maintained by the DNS Server you have Delegated to .The DNS Server you have Delegated to will be Autoritative for the Zone and will contain all the records for that Zone.
Conditional ForwardingConditional DNS forwarding is rather like taking a short cut. If I am in guybay.com and I am running DNS and I want to contact quickgear.org, then I could go via the root ' . ' domain, then the org server, then quckgear.org. Or, provided I knew the server IP address in quickgear.org, I could set up conditional forwarding and so take a shortcut.
Stub Zones are rather like DNS Secondary zones. The similarity is that both Zones have a read only copy of the server that is authoritative for a child DNS domain. The difference is that Stub Zones have only 3 records, SOA, NS and A, whereas Secondary zones have a full set of A records. Finally, the logic is that you create the Stub Zone only in the Root domain and the Stub Zone then has three records for each child domain.A copy of the SOA record for the zone.Copies of NS records for all name servers authoritative for the zone. Copies of A records for all name servers authoritative for the zone
Incidentally, the A (Host) records in the Stub zone are referred to as 'glue' records.
The point of Stub Zones is to streamline administration, improve name resolution and possibly, reduce network traffic. Needless to say, Stub Zones are only needed in large complicated Forests, and are unnecessary if you only have one domain.
Delegation :The DNS infrastructure can be defined by its points of delegation. Beginning with the root of the DNS ("."), each zone administrator has the authority to delegate sub-zones to other responsible parties. Each sub-zone becomes another delegation point in the DNS infrastructure tree. In Essence Delegation Simply means that you have Delegated a Particular Zone.All the records for that Zone will be Maintained by the DNS Server you have Delegated to .The DNS Server you have Delegated to will be Autoritative for the Zone and will contain all the records for that Zone.
Conditional ForwardingConditional DNS forwarding is rather like taking a short cut. If I am in guybay.com and I am running DNS and I want to contact quickgear.org, then I could go via the root ' . ' domain, then the org server, then quckgear.org. Or, provided I knew the server IP address in quickgear.org, I could set up conditional forwarding and so take a shortcut.
Saturday, January 20, 2007
Cached credentials
After a user has successfully logged into the domain, the logon information is cached. The next time a user logs on to the computer using the domain account, they can be authenticated even if the domain controller that authenticated the user is unavailable. This is because the user has already been authenticated, and Windows can uses the cached credentials to log the user on locally. This is common with road warriors who log into the domain on their laptops, however, when they are away from the office and no DC is available, Windows will use the cached credentials from the previous logon to log the user on locally and to allow access to local computer resources.
Cached Domain credentials are used by the OS and are authenticated by the Local Security Authority (LSA). The Domain credential is normally created when the user logs into the domain and a Kerberos ticket is registered . . .
Cached Domain credentials provide additonal functionality including Single Sign-On (SSO) and Access to resources when no DC is available. SSO uses the credentials that the OS obtains during an interactive domain logon to let the user authenticate to the domain once. After this authentication, the user will have access to all the network resources they have permissions to without the need to provide their credentials again. These resources can be located throughout an enterprise, and in different domains.
Works for Windows 2000/XP and 2003 . If you want to enable the Message for User when no DC is available http://support.microsoft.com/default.aspx?scid=kb;en-us;242536
When you logon to Windows NT using cached logon information, if the domain controller is unavailable to validate your account, you cannot access network resources that require domain validation. However, you can access network resources that do not require domain validation.
Through the registry and a resource kit utility (Regkey.exe), you can change the number of previous logon attempts that a server will cache. By default, Windows NT will remember the 10 most recent logon attempts. The valid range of values for this parameter is 0 to 50. A value of 0 turns off logon caching and any value above 50 will only cache 50 logon attempts.
Cached logon information is controlled by the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\
ValueName: CachedLogonsCount Data Type: REG_SZ Values: 0 - 50
Also SeeAn Attacker with Physical Access to Your Computer May Be Able to Access Your Files and Other Datahttp://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;818200
Cached Domain credentials are used by the OS and are authenticated by the Local Security Authority (LSA). The Domain credential is normally created when the user logs into the domain and a Kerberos ticket is registered . . .
Cached Domain credentials provide additonal functionality including Single Sign-On (SSO) and Access to resources when no DC is available. SSO uses the credentials that the OS obtains during an interactive domain logon to let the user authenticate to the domain once. After this authentication, the user will have access to all the network resources they have permissions to without the need to provide their credentials again. These resources can be located throughout an enterprise, and in different domains.
Works for Windows 2000/XP and 2003 . If you want to enable the Message for User when no DC is available http://support.microsoft.com/default.aspx?scid=kb;en-us;242536
When you logon to Windows NT using cached logon information, if the domain controller is unavailable to validate your account, you cannot access network resources that require domain validation. However, you can access network resources that do not require domain validation.
Through the registry and a resource kit utility (Regkey.exe), you can change the number of previous logon attempts that a server will cache. By default, Windows NT will remember the 10 most recent logon attempts. The valid range of values for this parameter is 0 to 50. A value of 0 turns off logon caching and any value above 50 will only cache 50 logon attempts.
Cached logon information is controlled by the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\
ValueName: CachedLogonsCount Data Type: REG_SZ Values: 0 - 50
Also SeeAn Attacker with Physical Access to Your Computer May Be Able to Access Your Files and Other Datahttp://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;818200
Friday, January 12, 2007
Windows 2003 supports six types of trusts
although the OS doesn't support all types for all forest modes
Tree-root trust--Windows 2003 automatically creates a transitive, two-way trust when you add a new tree-root domain to an existing forest. Tree-root trusts let every domain in different trees in the same forest implicitly trust one another.
Parent-child trust--Windows 2003 automatically creates a transitive, two-way trust when you add a child domain to an existing domain. This trust lets every domain in a particular tree implicitly trust one another.
Shortcut trust--When domains that authenticate users are logically distant from one another, the process of logging on to the network can take a long time. You can manually add a shortcut trust between two domains in the same forest to speed authentication. Shortcut trusts are transitive and can either be one way or two way.
External trust--Administrators can manually create an external trust between domains in different forests or from a Windows 2003 domain to a Windows NT 4.0 or earlier domain controller (DC). External trusts are nontransitive and can be one way or two way.
Forest trust--When two forests have a functional level of Windows 2003, you can use a forest trust to join the forests at the root. An administrator can manually create a two-way forest trust that lets all domains in both forests transitively trust each other. Forest trusts can also be one way, in which case the domains in only one of the forests would trust the domains in the other forest. Multiple forest trusts aren't transitive. Therefore, if forest A has a forest trust to forest B and forest B has a forest trust to forest C, forest A does not implicitly trust forest C.
Realm trust--An administrator can manually create a realm trust between a Windows 2003 domain and a non-Windows Kerberos 5 realm. Realm trusts can be transitive or nontransitive and one way or two way.
Tree-root trust--Windows 2003 automatically creates a transitive, two-way trust when you add a new tree-root domain to an existing forest. Tree-root trusts let every domain in different trees in the same forest implicitly trust one another.
Parent-child trust--Windows 2003 automatically creates a transitive, two-way trust when you add a child domain to an existing domain. This trust lets every domain in a particular tree implicitly trust one another.
Shortcut trust--When domains that authenticate users are logically distant from one another, the process of logging on to the network can take a long time. You can manually add a shortcut trust between two domains in the same forest to speed authentication. Shortcut trusts are transitive and can either be one way or two way.
External trust--Administrators can manually create an external trust between domains in different forests or from a Windows 2003 domain to a Windows NT 4.0 or earlier domain controller (DC). External trusts are nontransitive and can be one way or two way.
Forest trust--When two forests have a functional level of Windows 2003, you can use a forest trust to join the forests at the root. An administrator can manually create a two-way forest trust that lets all domains in both forests transitively trust each other. Forest trusts can also be one way, in which case the domains in only one of the forests would trust the domains in the other forest. Multiple forest trusts aren't transitive. Therefore, if forest A has a forest trust to forest B and forest B has a forest trust to forest C, forest A does not implicitly trust forest C.
Realm trust--An administrator can manually create a realm trust between a Windows 2003 domain and a non-Windows Kerberos 5 realm. Realm trusts can be transitive or nontransitive and one way or two way.
Monday, January 1, 2007
Change NTFS Permissions on Folders
The Process which need to be Followed to Change the Permissions on the Folders in the of Server is as Follows:
1) Log on to the Server with Admin ID.2) Go to this Link : http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.aspOrhttp://support.microsoft.com/kb/318754
and download and Install the Xcacls Utility from the Microsoft Website.
3) Go to the Command prompt of Server and go to C:\program files\resource kit Folder.
4)Run the following Command on the Command prompt.
xcacls /T /E /G :FO /Y
(/T: Recursively walk through the current directory and all its subdirectories, applying the chosen access rights to the matching files or directories.)]
(/E: Edit the ACL instead of replacing it.)(/G: Grant access to user to the matching file or directory. )
(/Y: Disables confirmation when replacing user access rights. Using this option, XcAcls can be used in batch scripts unlike CACLS.)
(F : Full Contolr and O: Take Ownership)
1) Log on to the Server with Admin ID.2) Go to this Link : http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.aspOrhttp://support.microsoft.com/kb/318754
and download and Install the Xcacls Utility from the Microsoft Website.
3) Go to the Command prompt of Server and go to C:\program files\resource kit Folder.
4)Run the following Command on the Command prompt.
xcacls
(/T: Recursively walk through the current directory and all its subdirectories, applying the chosen access rights to the matching files or directories.)]
(/E: Edit the ACL instead of replacing it.)(/G: Grant access to user to the matching file or directory. )
(/Y: Disables confirmation when replacing user access rights. Using this option, XcAcls can be used in batch scripts unlike CACLS.)
(F : Full Contolr and O: Take Ownership)
Subscribe to:
Posts (Atom)