Skip Links

Network World

Glenn Weadock

DFS: Not a Distributed Database

Distributed File System replication does not offer file locking
Submitted by Glenn Weadock on Fri, 10/30/09 - 5:32pm.

You may have read something about DFS replication in Server 2008. (DFS stands for Distributed File System or Distributed File Service.) Or perhaps you've been using this feature, which (among other capabilities) lets you create multiple redundant targets for file shares that you want to make available to network users. The DFS replication service (also known as DFS-R) is responsible for synchronizing updates to files that exist in more than one DFS target location.

Read more

AppLocker in Server 2008 R2

An update to Software Restriction Policies
Submitted by Glenn Weadock on Wed, 10/28/09 - 11:34pm.

Among many other new goodies, Windows Server 2008 R2 brings us “AppLocker,” which is a re-branding of the Software Restriction Policies feature that’s been around for a few years now. This technology lets you restrict specific applications from being executed by Windows clients – either by creating a blacklist of prohibited apps, or a whitelist of allowed ones. AppLocker still lets you create path rules (which can consist of nothing more than a filename) and hash rules (which restrict apps based on a hash of the binary executable). So what’s different about AppLocker?

Read more

The Quality of Airport Information Systems

With so many IT geniuses, why are some public information systems so bad?
Submitted by Glenn Weadock on Tue, 10/27/09 - 10:07pm.

I don’t know about you, but I know at least a hundred people who I would put in the category of Very Smart IT People, and well over a dozen who would qualify for Scary Smart IT People. The number of such folks in the USA, by extrapolation, should be impressively large. Why, then, do some of our public information systems still perform at such a poor level?

Read more

More on Computer System Responsiveness

Why do sub-one-second response times make us more productive?
Submitted by Glenn Weadock on Fri, 10/23/09 - 2:10pm.

Last time in this space, I mentioned an IBM research article that indicated that IT workers can be dramatically more productive when using computer systems with very fast response times. In a study of programmers, IBM found that system response times of 0.3 second more than doubled programmer transaction output compared to response times of 3 seconds. This was contrary to the conventional wisdom, which said that computer system delays are really not so bad because they give information workers time to think about their next task.

Read more

Windows and Computer Responsiveness

Seconds matter when it comes to computing and productivity
Submitted by Glenn Weadock on Thu, 10/22/09 - 8:27pm.

Every now and then I get a bit nostalgic for the days when my workaday computer had a nearly instantaneous response time.

That would be when that computer was a 6 MHz IBM PC/AT.

How could it have an instantaneous response time when it was several hundred times slower that the machine I’m using to write this blog entry? Because the software was designed to be fast and efficient. If I wanted a directory of files in a folder, it appeared like lightning. (Even faster when I hot-rodded that AT to run at 8 MHz with a faster crystal on the motherboard. )

Read more

FCI and the Content Classifier

Classifying files by the data they contain
Submitted by Glenn Weadock on Mon, 10/19/09 - 11:36pm.

One of the ways you can create a rule to classify a file’s properties using the FCI (File Classification Infrastructure) in Server 2008 is to examine its contents, using the “Content Classifier.” You can perform a string search or look for data in a particular pattern. You can use a “regular expression” (or more than one) to identify files for classification.

Read more

Nuances of the File Classification Infrastructure

Dealing with rule overlap and rule re-application
Submitted by Glenn Weadock on Sun, 10/18/09 - 10:16pm.

One of the interesting things that can happen with file classifications in Server 2008 R2 is that you may encounter some “rule overlap.” For example, if two rules apply to the same file, and one sets a given property to the third value in an ordered list, and the other rule sets the same property to the second value, the second value will be the winner.

Read more

FCI Rules in Server 2008 R2

How to apply custom properties to existing files
Submitted by Glenn Weadock on Fri, 10/16/09 - 4:03pm.

Last time I wrote that you can create new file classification properties in Server 2008 R2, such as (for example) to indicate degree of confidentiality, customer, project, and so on. The next step after defining the classification properties is to apply them, and the new version of the File Server Resource Manager (FSRM) console contains a node in the navigation pane to do just that: “Classification Rules.” Right-click to create a new rule.

Read more

File Classification Infrastructure and Server 2008 R2

How to go beyond built-in file properties
Submitted by Glenn Weadock on Thu, 10/15/09 - 1:48pm.

Remember WinFS – Windows Future Storage? Once upon a time, this was a planned radical enhancement to the Windows file system that was going to be part of Vista. It turned out to be far too ambitious, far too Microsoft-centric, and far too slow to see the light of day; but the basic idea was sound. NTFS is a good file system, but it just doesn’t let administrators and users describe files in adequate detail and with sufficient flexibility. As the number and type of files on our servers continues to increase, we need better tools to manage those files.

Read more

Automatic SPN Management and Server 2008 R2

Simplifying the management of service accounts
Submitted by Glenn Weadock on Wed, 10/14/09 - 5:31pm.

As we continue to chat about some of the benefits of Server 2008 R2, I thought we could take a couple of minutes to mention Automatic SPN Management. This feature takes effect when you raise the Domain Functional Level (DFL) to Server 2008 R2; that is, when all domain controllers in the domain are running the new OS. (You can actually also use them if your DFL is Server 2008 or even Server 2003, as long as the Server 2008 R2 schema extensions have been run via ADPREP, but you only get automatic password and SPN management on DC’s running Server 2008 R2.)

Read more

Server 2008 R2's Best Practices Analyzer

What is the BPA and how can you use it?
Submitted by Glenn Weadock on Mon, 10/12/09 - 11:15pm.

One of the areas of managing Windows servers that has always been a little problematical is that of discovering so-called “best practices.” One can debate the extent to which it is the operating system vendor’s responsibility to advise as to how best to use its products, but just as the manufacturer of an automobile is in a uniquely well-informed position to advise its customers as to best practices in safety and reliability and performance, so too is the OS manufacturer uniquely positioned to help customers understand the “typical best way” of operating; on the understanding that in

Read more

Three creative ways to evaluate Windows Server 2008 R2

Weighing your evaluation version options
Submitted by Glenn Weadock on Sun, 10/11/09 - 7:52pm.

Microsoft has provided several ways for us to evaluate Server 2008 R2. There are three “free” methods in addition to the traditional ways of getting eval copies through TechNet Plus and MSDN. (Get there at www.microsoft.com/windowsserver2008/en/us/trial-software.aspx.)

Read more

Wireshark and Promiscuous Mode

Why you may not be seeing all the traffic you think you should
Submitted by Glenn Weadock on Wed, 09/30/09 - 12:41pm.

“Promiscuous mode” (you’ve gotta love that nomenclature) is a network interface mode in which the NIC reports every packet that it sees. If you’re using the Wireshark packet sniffer and have it set to “promiscuous mode” in the Capture Options dialog box, you might reasonably think that you’re going to be seeing all the traffic on your network segment. This is not necessarily the case, and there could be several reasons for it.

Read more

Measuring Byte Traffic on Windows Networks

How Wireshark can help identify bandwidth hogs and expensive operations
Submitted by Glenn Weadock on Tue, 09/29/09 - 3:53pm.

One of the most useful things you can do with a packet sniffer like Wireshark is gain an understanding of who and what is responsible for the lion’s share of communications traffic on your network. You might be interested to see which computers seem to be creating more traffic than others. You might want to test certain procedures and user actions to learn which are more “expensive” in terms of bandwidth. (For example, I was a little surprised to see on my own network that the simple act of navigating to a subfolder on a network share generated about 2000 SMB packets.)

Read more

AD Logons and Network Traffic

Using Wireshark to better understand the Active Directory logon process
Submitted by Glenn Weadock on Mon, 09/28/09 - 12:52pm.

Last week we looked at a number of introductory issues on using the Wireshark tool. Now I’d like to turn our attention to some Windows-specific issues. One of the areas that always seems to interest users and administrators alike is logging on, so let’s take a look at some of the traffic types that can occur when a user logs on to a Server 2003 or 2008 domain. (The actual traffic in any given network will vary depending on many factors, so although the protocols and sequences mentioned here are fairly typical, they probably will not match exactly what you see on your network.)

Read more

Wireshark Errors - Or Are They?

Red flags aren't always cause for concern
Submitted by Glenn Weadock on Fri, 09/25/09 - 12:50pm.

One of the features of Wireshark that you may have noticed, if you’ve been reading my posts this week and doing some experimenting on your own, is that the program color-codes packets in the packet list pane. For example, if Wireshark detects potential problems, it colors them with red text on a black field. Don’t be too concerned if you see some packets that appear this way – it might indicate a problem, but then again it might not.

Read more

Viewing Network Conversations in Wireshark

How to zero in on packet traffic between two systems only
Submitted by Glenn Weadock on Thu, 09/24/09 - 12:21pm.

Last post we discussed filtering packets in Wireshark to restrict the displayed packets according to specified criteria, such as “tcp.port == 3389” to view Remote Desktop Protocol traffic, “tcp.port == 80” to view Web traffic, and “LDAP” to view Active Directory traffic.

Read more

Filtering the Wireshark Packet List

How to view the captured packets you're interested in
Submitted by Glenn Weadock on Wed, 09/23/09 - 3:49pm.

Unless you specify a filter when you create the capture file in Wireshark, you’ll see all the captured packets in the packet list pane. If you chose to perform a “promiscuous mode” capture then you could see packets from multiple sources. Now while it can be useful to have an overview of everything, usually when troubleshooting a problem or trying to understand a network “conversation,” you’ll want at some point to restrict the packet list based on certain criteria.

Read more

Customizing the Wireshark Display

Control what the sniffer shows you to avoid information overload
Submitted by Glenn Weadock on Tue, 09/22/09 - 2:14pm.

Last time we took a look at how to perform a quick capture of some sample network traffic using Wireshark. The wealth of information that you may see can be confusing, so your next step might be to gain some control over what you actually need to see. First, I like to configure the columns in the uppermost “packet list” pane. You might expect to find this capability on the View menu, but it’s really on the Edit menu under Preferences, which will feel familiar to you Mac folks.

Read more

Capturing some packets in Wireshark

The first steps to examining Ethernet traffic
Submitted by Glenn Weadock on Mon, 09/21/09 - 10:55pm.

There was a fair amount of commentary a couple of days ago when I introduced the Wireshark tool without actually getting into its feature set. My intention was to suggest some situations where the tool could be useful, mention the potential dangers of using the tool in the workplace, and recommend that readers first find out whether they’re allowed to use the tool at work, before getting into it. Apparently some readers out there thought that that was not enough information for a four-paragraph blog post.

Read more

Welcome, visitor. Register Log in
About Glenn Weadock on Windows Server 2008

Glenn Weadock is a longtime instructor for Global Knowledge and teaches Windows 7, Server 2008, and Active Directory. He has recently co-developed with Mark Wilkins two advanced Server 2008 classes in the Microsoft Official Curriculum. Glenn also consults through his Colorado-based company Independent Software, Inc. and is technical director of MarketCoach Investment Education Software LLC.

Global Knowledge