You may have read something about DFS replication in Server 2008. (DFS stands for Distributed File System or Distributed File Service.) Or perhaps you've been using this feature, which (among other capabilities) lets you create multiple redundant targets for file shares that you want to make available to network users. The DFS replication service (also known as DFS-R) is responsible for synchronizing updates to files that exist in more than one DFS target location. Read more
Among many other new goodies, Windows Server 2008 R2 brings us “AppLocker,” which is a re-branding of the Software Restriction Policies feature that’s been around for a few years now. This technology lets you restrict specific applications from being executed by Windows clients – either by creating a blacklist of prohibited apps, or a whitelist of allowed ones. AppLocker still lets you create path rules (which can consist of nothing more than a filename) and hash rules (which restrict apps based on a hash of the binary executable). So what’s different about AppLocker? Read more
I don’t know about you, but I know at least a hundred people who I would put in the category of Very Smart IT People, and well over a dozen who would qualify for Scary Smart IT People. The number of such folks in the USA, by extrapolation, should be impressively large. Why, then, do some of our public information systems still perform at such a poor level? Read more
Last time in this space, I mentioned an IBM research article that indicated that IT workers can be dramatically more productive when using computer systems with very fast response times. In a study of programmers, IBM found that system response times of 0.3 second more than doubled programmer transaction output compared to response times of 3 seconds. This was contrary to the conventional wisdom, which said that computer system delays are really not so bad because they give information workers time to think about their next task. Read more
Every now and then I get a bit nostalgic for the days when my workaday computer had a nearly instantaneous response time.
That would be when that computer was a 6 MHz IBM PC/AT.
How could it have an instantaneous response time when it was several hundred times slower that the machine I’m using to write this blog entry? Because the software was designed to be fast and efficient. If I wanted a directory of files in a folder, it appeared like lightning. (Even faster when I hot-rodded that AT to run at 8 MHz with a faster crystal on the motherboard. ) Read more
One of the ways you can create a rule to classify a file’s properties using the FCI (File Classification Infrastructure) in Server 2008 is to examine its contents, using the “Content Classifier.” You can perform a string search or look for data in a particular pattern. You can use a “regular expression” (or more than one) to identify files for classification. Read more
One of the interesting things that can happen with file classifications in Server 2008 R2 is that you may encounter some “rule overlap.” For example, if two rules apply to the same file, and one sets a given property to the third value in an ordered list, and the other rule sets the same property to the second value, the second value will be the winner. Read more
Last time I wrote that you can create new file classification properties in Server 2008 R2, such as (for example) to indicate degree of confidentiality, customer, project, and so on. The next step after defining the classification properties is to apply them, and the new version of the File Server Resource Manager (FSRM) console contains a node in the navigation pane to do just that: “Classification Rules.” Right-click to create a new rule. Read more
Remember WinFS – Windows Future Storage? Once upon a time, this was a planned radical enhancement to the Windows file system that was going to be part of Vista. It turned out to be far too ambitious, far too Microsoft-centric, and far too slow to see the light of day; but the basic idea was sound. NTFS is a good file system, but it just doesn’t let administrators and users describe files in adequate detail and with sufficient flexibility. As the number and type of files on our servers continues to increase, we need better tools to manage those files. Read more
As we continue to chat about some of the benefits of Server 2008 R2, I thought we could take a couple of minutes to mention Automatic SPN Management. This feature takes effect when you raise the Domain Functional Level (DFL) to Server 2008 R2; that is, when all domain controllers in the domain are running the new OS. (You can actually also use them if your DFL is Server 2008 or even Server 2003, as long as the Server 2008 R2 schema extensions have been run via ADPREP, but you only get automatic password and SPN management on DC’s running Server 2008 R2.) Read more
One of the areas of managing Windows servers that has always been a little problematical is that of discovering so-called “best practices.” One can debate the extent to which it is the operating system vendor’s responsibility to advise as to how best to use its products, but just as the manufacturer of an automobile is in a uniquely well-informed position to advise its customers as to best practices in safety and reliability and performance, so too is the OS manufacturer uniquely positioned to help customers understand the “typical best way” of operating; on the understanding that in Read more
Microsoft has provided several ways for us to evaluate Server 2008 R2. There are three “free” methods in addition to the traditional ways of getting eval copies through TechNet Plus and MSDN. (Get there at www.microsoft.com/windowsserver2008/en/us/trial-software.aspx.) Read more
“Promiscuous mode” (you’ve gotta love that nomenclature) is a network interface mode in which the NIC reports every packet that it sees. If you’re using the Wireshark packet sniffer and have it set to “promiscuous mode” in the Capture Options dialog box, you might reasonably think that you’re going to be seeing all the traffic on your network segment. This is not necessarily the case, and there could be several reasons for it. Read more
One of the most useful things you can do with a packet sniffer like Wireshark is gain an understanding of who and what is responsible for the lion’s share of communications traffic on your network. You might be interested to see which computers seem to be creating more traffic than others. You might want to test certain procedures and user actions to learn which are more “expensive” in terms of bandwidth. (For example, I was a little surprised to see on my own network that the simple act of navigating to a subfolder on a network share generated about 2000 SMB packets.) Read more
Last week we looked at a number of introductory issues on using the Wireshark tool. Now I’d like to turn our attention to some Windows-specific issues. One of the areas that always seems to interest users and administrators alike is logging on, so let’s take a look at some of the traffic types that can occur when a user logs on to a Server 2003 or 2008 domain. (The actual traffic in any given network will vary depending on many factors, so although the protocols and sequences mentioned here are fairly typical, they probably will not match exactly what you see on your network.) Read more
One of the features of Wireshark that you may have noticed, if you’ve been reading my posts this week and doing some experimenting on your own, is that the program color-codes packets in the packet list pane. For example, if Wireshark detects potential problems, it colors them with red text on a black field. Don’t be too concerned if you see some packets that appear this way – it might indicate a problem, but then again it might not. Read more
Last post we discussed filtering packets in Wireshark to restrict the displayed packets according to specified criteria, such as “tcp.port == 3389” to view Remote Desktop Protocol traffic, “tcp.port == 80” to view Web traffic, and “LDAP” to view Active Directory traffic. Read more
Unless you specify a filter when you create the capture file in Wireshark, you’ll see all the captured packets in the packet list pane. If you chose to perform a “promiscuous mode” capture then you could see packets from multiple sources. Now while it can be useful to have an overview of everything, usually when troubleshooting a problem or trying to understand a network “conversation,” you’ll want at some point to restrict the packet list based on certain criteria. Read more
Last time we took a look at how to perform a quick capture of some sample network traffic using Wireshark. The wealth of information that you may see can be confusing, so your next step might be to gain some control over what you actually need to see. First, I like to configure the columns in the uppermost “packet list” pane. You might expect to find this capability on the View menu, but it’s really on the Edit menu under Preferences, which will feel familiar to you Mac folks. Read more
There was a fair amount of commentary a couple of days ago when I introduced the Wireshark tool without actually getting into its feature set. My intention was to suggest some situations where the tool could be useful, mention the potential dangers of using the tool in the workplace, and recommend that readers first find out whether they’re allowed to use the tool at work, before getting into it. Apparently some readers out there thought that that was not enough information for a four-paragraph blog post. Read more
Glenn Weadock is a longtime instructor for Global Knowledge and teaches Windows 7, Server 2008, and Active Directory. He has recently co-developed with Mark Wilkins two advanced Server 2008 classes in the Microsoft Official Curriculum. Glenn also consults through his Colorado-based company Independent Software, Inc. and is technical director of MarketCoach Investment Education Software LLC.
The Leader in Network Knowledge
