If we are concerned about keeping our Microsoft Windows environment up to date and controlled, we can also help ourselves with monitoring to control the pending patches that our Servers have in Windows Update. Let's continue to centralize everything we can in our management panel, let's control all our infrastructure from Nagios or Centreon and live more relaxed!
In this document we will start with something easy, we are going to monitor our first Windows computer, whether it is a Desktop or a Server. We will monitor the basics through SNMP, be CPU usage, RAM, Disk, Net, Swap Memory and Ping. With this we will have a first base to then add more elements that we need to monitor!!!
The other day we installed Microsoft Security Compliance Manager, today we see that within its installation we have a command-line utility called LocalGPO. It will allow us to export the local policies of a computer to a GPO policy backup to later use them in the Active Directory or import from a GPO backup (Active Directory) to the home team, Useful for computers that can't belong to a domain, teams in DMZ…
Microsoft Security Compliance Manager 2 is a repository of Microsoft security templates that we can apply to our servers or PCs on our network providing greater security, since these templates are predefined depending on the OS. and the services run by the target machine. The good thing is that we will be able to keep the templates always 'up to date’ through updates that we can download from the console. We will be able to import GPOs, More Baselines… we will be able to edit/duplicate them and to apply them to our environment we will export them.
Many times we find ourselves with the need to uninstall certain software that we have installed on our workstations, via WMI (Windows Management Instrumentation) We can uninstall the software we need on the computers we need, a platform that is not widely used by 'us'’ Administrators. Thanks to the command line parameters we can use variables and/or files with lists of equipment to automate these tasks,
If we need to carry policies from one Active Directory to another and we don't have a trust relationship, or there is no possible communication between them, we could make a backup of the GPO's that we are interested in in the source domain and import them through the migration tables in the destination domain. This document is valid for migrating GPO's between any version of Windows Server, since 2000, 2003, 2003 R2, 2008 or 2008 R2; In this document we will see how to perform these steps.
In some not very frequent cases we find domain migrations in which we do not have permissions to manage the current domain completely and only access to OUs where we manage only the users within them. In the event that we need “Becoming independent” and migrate the data to a new domain, we will not be able to use Microsoft's common tools such as FSMT since they require a trust relationship to be able to pass the permissions. The first thing we must have is to create the same users and groups on the new server. To do this, we have two options: Create them by hand or use a tool such as ldifde that will allow us to export them from the OUs we have permissions to a text file and import them into the new domain. As there is no trust relationship, we will not have the same SIDs in the users of the domain 1 and mastery 2 so when performing […]
In this document we will see how we can associate the digital certificates of the DNIe with SmartID (Electronic ID card) with the user accounts in our Active Directory, It is ideal for authenticating our employees without a username and password, of course, we can later associate it with the rest of the services we need, if we have access via the web, Citrix… we'd just need a card reader on each piece of equipment and you're good to go, It could even be used to put a device at the front door in the office to validate physical entry, Time Management… all through smart card-based authentication.
Today we see a utility called Microsoft IT Environment Health Scanner, it will help us to diagnose our Microsoft environment, at the Active Directory level. First we will install it and see the number of tests it performs, indicating the status of them. In addition, if we have any problem, it will propose a document from the KB of the Microsoft Support website. It's important, as it can serve as support before making any migration or major change, knowing the state of everything.
In any organization, Our users need certificates to access certain websites, whether for your own authentication or on behalf of your company. The most normal thing is that it is? install the certificate on the computer with the logged-in user, which is a manual process and that we have to take into account when a new person enters the organization, or when we have to renew a certificate, We have to do this process as many times as necessary. Well, we can use the directives of our Active Directory to assign certificates to users fully automatically.
Do Tailor-made training
Windows Server – VMware vSphere – Citrix Virtual Apps & Desktops – Centreon
|
We are a consulting firm that cares and pampers
|
 |
|
With quality and added value
|
 |
|
¡Let's work together!
|
 |
