SMB Signing and Security

Server Message Block security has two main components: user-level and share-level. The first is for accessing servers, and the second is for accessing files, folders, and printers if share-level authentication has been configured on the server. Most readers of this column already know about these aspects of SMB security, but you may not know about another feature called “SMB signing.” This is a feature that is available in all versions of Windows since NT4.

Read more

Uninstalling and Downgrading SMB 2.x

We’ve been extolling the virtues of SMB 2.x for the past few posts, but sometimes you may want to disable SMB entirely, or perhaps downgrade it from 2.x to 1.x. Here are some suggestions to point you in the right direction. I’ve tried them and they seem to work as advertised, but as always, try these on a test system before going live, and always back up the Registry before making any changes to it.

Read more

SMB and Opportunistic Locking

One of the ways in which Server 2008’s new version of the Server Message Block protocol improves performance over the original version of SMB is through something called “opportunistic locking,” or “oplocks” for short.

Read more

SMB 2.x and Interlocking Technologies

So we’ve been discussing SMB (Server Message Block) 2.x and its various benefits, but so far we haven’t talked about how the new file-sharing protocol works together with other bits and pieces in Server 2008 R2 and Windows 7. It might be worth pointing out some of these points of interoperability. (By the way, as a point of interest, you may also know SMB by its alter-ego, CIFS, which stands for Common Internet File System.)

Read more

SMB 2.1 and Multithreaded Robocopy

The latest and greatest version of Microsoft’s Server Message Block protocol for file sharing in Windows networks is 2.1, which ships with Server 2008 R2 and Windows 7. In previous posts I’ve mentioned some ways in which this new SMB protocol may speed file copies over the network. But here’s a surprising benefit: it has permitted one of our old friends, Robocopy, to work significantly faster in cases where you’re copying a lot of files.

Read more

Server Message Block 2.1

Last time I discussed the (relatively) new SMB 2 protocol supported in Vista, Windows 7, and Server 2008. This protocol update can make communications more efficient between Longhorn operating systems. The question naturally arises whether Server 2008 R2 and Windows 7 improve further on SMB, and the answer is yes. These latest operating systems from Microsoft support SMB version 2.1 (also known as the 2.1 “dialect”).

Read more

SMB 2.0: Addressing the Basics

The Server Message Block (SMB) file sharing protocol has been around since the dawn of time (anybody remember Windows for Workgroups?) With Longhorn operating systems (Server 2008, Vista, Windows 7), we have finally moved from SMB 1.0 to – everybody sitting down? – SMB 2.0.

Wow… 15 years to update a file sharing protocol? This sort of thing certainly makes one cock an eyebrow when Microsoft discusses how innovative it is…

Read more

Windows Server Backup and Server Core

Microsoft’s Windows Server Backup program, which we’ve been discussing lately, wouldn’t be all that great if it didn’t also support the Server Core versions of the server operating system – the ones that don’t include a graphical user interface. Thankfully, it does! Although (as with many things Server Core-related) it’s a tad tricky.

First off, the backup program isn’t installed by default. In “regular” Server 2008, the command is
ocsetup WindowsServerBackup
or, if you prefer,
start /w ocsetup WindowsServerBackup

Read more

WBADMIN and Server 2008 R2

Last time I wrote about the Windows Server Backup tool in Server 2008 and its use in creating systems state backups. Microsoft made some changes to the backup tool in Server 2008 R2, as it pertains to system state backups, that I thought you might like to know about.

Read more

Server 2008 System State Backups

The “system state” of a Windows server can contain a variety of data stores but it always includes the computer settings in the registry, so making sure you have frequent system state backups is generally a good thing. A system state restore can often repair registry corruption (it did for me, recently), although you need to bear in mind that Server 2008 omits user Registry settings from the system state backup, so if you have user profile corruption, that’s not likely to be cured by a system state restore.

Read more

Vista/S2008 Registry Corruption Recovery Trick #1001

The other day I wrote about a power outage in my office that resulted in Server 2008 registry corruption and a no-start condition, requiring the restoration of the system state from a backup. However, what if you don’t have a relatively recent system state backup? First, make a new year’s resolution to learn a little about WBADMIN and put it to work for you. Second, please read on, for here are two related tricks for recovering from registry corruption.

Read more

BranchCache and Content Updates

One of the issues in any caching scheme involves data volatility. When data can change, there is a risk of caches becoming outdated. We’ve seen the potential ramifications of this in technologies from browser caching to DNS caching.

Read more

An Overview of a BranchCache Implementation

Last time, I wrote about the new BranchCache capability in Windows 7 and Server 2008 R2. Today I'll give you an overview on how to go about setting it up. (You’ll find details on these steps online in various TechNet docs on Microsoft’s website, but it’s useful to understand the big picture before you start drilling down to the specifics.)

Read more

Server 2008 R2 and BranchCache

The concept of file caching has been around for many years. In fact, it’s one of the ways that IBM made its PS/2 Model 50 computer perform better than its predecessor, the IBM AT, even though the AT’s hard drive was actually faster than the PS/2’s hard drive. Today’s computing platforms use caching at many different levels. The file system is cached in hardware at the drive controller, then again in memory by the operating system; MAC and DNS addresses are cached; memory is cached on microprocessors; Web files are cached by browsers; and the list goes on and on.

Read more

Registry Corruption and Power Cuts

Winter in Colorado can be brutal, and this past week we’ve seen some low temperatures, high winds, and (partly as a result) some power cuts. In fact there was one at my own office yesterday. The power was out for most of the day. The servers in my office are on battery backup, and I performed an “orderly shutdown” of each of them when the lights went out. Even so, upon reboot of one of my Longhorn systems, I was informed by Windows that the system could not start properly because of Registry damage.

Read more

SRV Records and Active Directory, Part IV

Today we get to take a look at one of the clever advantages of using SRV resource records in DNS to provide locator information for Active Directory domain controllers. Because Windows clients are “wired” to check DNS to find a DC, Windows can manipulate DNS to fool a client into thinking something that isn’t true!

Read more

SRV Records and Active Directory, Part III

In recent posts I’ve written about the SRV resource records in DNS and how they provide location information for domain controllers and global catalog servers. In addition, SRV records point to the one server in each domain that acts as the PDC emulator. The format for this resource record is as follows:

_ldap._tcp.pdc._msdcs.DNSDomainName

…which contains the address of the PDC emulator for the domain DNSDomainName. This record is registered by the PDC emulator.

Read more

SRV Records and Active Directory, Part II

Earlier this month we discussed how special DNS resource records called SRV (service locator) records help Windows systems find domain controllers so they can authenticate to the domain. Interestingly, SRV records also help Windows systems find other kinds of important computers, too.

Read more

SRV Records and Active Directory

Any discussion of DNS and Active Directory must come quickly to a discussion of the AD “signposts” known as the SRV (service locator) records. SRV is just another resource record type, like A and PTR and MX. It is defined in the RFC 2782 document, which states that “The SRV RR allows administrators to use several servers for a single domain, to move services from host to host with little fuss, and to designate some hosts as primary servers for a service and others as backups.”

Read more

Secure Updates in Server 2008 DNS

One of the big benefits of combining AD and DNS on the same system using Active Directory Integrated (ADI) zones is that you can specify that dynamic updates should be “secure.” (This operation is accomplished either through the DNS administrative console or the DNSCMD command line tool. You’re given the choice in the new zone wizard but you can always change it later on.)

Read more