Hyper-V ConceptsIt's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
Our previous article covered introduction to the Domain Name System (DNS) and explained the importance of the DNS Server role within the network infrastructure, especially when Active Directory is involved. This article will cover the installation of the DNS server role in Windows 2012 Server and will include all necessary information for the successful deployment and configuration of the DNS service. Users interested can also read our DNS articles covering the Linux operating system or analysis of the DNS Protocol under our Network Protocols section.
The DNS Server can be installed during the deployment of Active Directory Services or as a stand-alone service on any Windows server. We'll be covering both options in this article.
Administrators who are in the process deploying Active Directory Services will be prompted to install the DNS server role during the AD installation process, as shown in the figure 1 below:
Figure 1. DNS Installation via Active Directory Services Deployment
Alternatively Administrators can select to install DNS server role later on or even on a different server, as shown next. We decided to install the DNS Server role on the Active Directory Domain Controller Server.
To begin the installation, open Server Manger and click Add Roles and Features. Click Next on Before you begin page. Now choose Role-based or feature-based installation and click Next:
Protecting Enterprise and Small-Medium Business networks from exploits and hacking attempts is not an easy task.
Each year software giants release new systems that bring new features and functionality to Enterprise and SMB companies aiming to increase collaboration, productivity, and generally make life easier for everyone, except IT Managers, System Engineers and Administrators.
Unfortunately history has proven many times in the past that new operating systems and applications are often bundled with a generous amount of security issues which are usually detected after a security incident.
Almost every company, regardless of its size, whether large or small, has faced data breaches and had important data, personal records and financial information stolen. Sadly, most companies never even know about the data breach until it's too late!
For example, in May 2014, the notorious Syrian Electronic Army attacked and successfully stole credentials from eBay. They managed to steal personal records of over 230 million users, compromising usernames, passwords, phone numbers and physical addresses, leaving eBay users vulnerable to identity theft.
Did you know that the PCI Data Security Standard (PCI DSS) provides a framework for developing a robust data security process - including prevention, detection and appropriate reaction to security incidents?
Last month, a huge data breach at P. F. Chang's, the famous chain restaurant, compromised payment information of their customers. Criminals hacked more than 33 restaurants between October 2013 and June 2014 at P. F. Chang's and managed to record the data belonging to an unestimated number of credit and debit cards used at the restaurant's locations. Subsequently, these newly stolen credit and debit cards were put up for sale on the black market. The identity of the attackers is yet to be worked out, and worst of all, P. F. Chang was alerted in June 2014 by the US Secret Service about the data breach! It seems like they were totally unaware of what was happening for a period of over 9 months!
A majority of the machines had data successfully siphoned off them because they had a common problem – they were not fully patched. It is suspected that software used in the machines had vulnerabilities and attackers used the security holes to enter and steal information. Patches are meant to fix flaws in the software, preventing attackers from gaining access through the flaws. However, applying patches in time is something that most users typically delay. The patching cycle too, adds to the security problems.
Are you aware that GFI's LanGuard is capable of delivering PCI DSS compliance reports, properly evaluating if your organization is up to date with the latest Security Standards? Download your copy now!
The Domain Name System (DNS) is perhaps one of the most important services for Active Directory. DNS provides name resolution services for Active Directory, resolving hostnames, URLs and Fully Qualified Domain Names (FQDN) into IP addresses. The DNS Service uses UDP port 53 and in some cases TCP port 53 - when UDP DNS requests fail consistently. (Double-Check for Windows)
When installed on a Windows Server, DNS uses a database stored in Active Directory or in a file and contains lists of domain names and corresponding IP addresses. When a client requests a website by typing a domain (URL) inside the web browser, the very first thing the browser does is to resolve the domain to an IP address.
To resolve the IP address the browser checks into various places. At first, it checks the local cache of the computer, if there is no entry for the domain in question, it then checks the local hosts file (C:\windows\system32\drivers\etc\hosts), and if no record is found their either, it finally queries the DNS server.
The DNS server returns the IP address to the client and the browser forms the http request which is sent to the destination web server.
The above series of events describes a typical http request to a site on the Internet. The same series of events are usually followed when requesting access to resources within the local network and Active Directory, with the only difference that the local DNS server is aware of all internal hosts and domains.
A DNS Server can be configured in any server running Windows Server 2012 operating system. The DNS server can be Active Directory integrated or not. A few important tasks a DNS server in Windows Server 2012 is used for are:
Our previous article explained what Group Policy Objects (GPO) are and showed how group policies can be configured to help control computers and users within an Active Directory domain. This article takes a look at Group Policy Enforcement, Inheritance and Block Inheritance throughout our Active Directory structure. Users seeking more technical articles on Windows 2012 Server can visit our dedicated Windows 2012 Server section.
Group Policy Enforcement, Inheritance and Block Inheritance provide administrators with the necessary flexibility allowing the successful Group Policy deployment within Active Directory, especially in large organizations where multiple GPOs are applied at different levels within the Active Directory, causing some GPOs to accidently override others.
Thankfully Active Directory provides a simple way for granular control of GPOs:
GPOs can be linked at Site, Domain, OUs and child OUs. By default, group policy settings that are linked to parent objects are inherited to the child objects in the active directory hierarchy. By default, Default Domain Policy is linked to the domain and is inherited to all the child objects of the domain hierarchy.
GPO inheritance let’s administrators to set common set of policies to the domain level or site level and configure more specific polices at the OU level. GPOs inherited from parent objects are processed before GPOs linked to the object itself.
As shown in the figure below, the Default Doman Policy GPO with precedence 2 will be processed first, because the Default Domain Policy is applied at the domain level (firewall.local) where as the WallPaper GPO is applied at the organization unit level:
Figure 1. Group Policy Inheritance
This article explains what Group Policies are and shows how to configure Windows Server 2012 Active Directory Group Policies. Our next article will cover how to properly enforce Group Policies (Group Policy Link Enforcement, Inheritance and Block Inheritance) on computers and users that a part of the company's Active Directory.
Before we dive into Group Policy configuration, let's explain what exactly Group Policies are and how they can help an administrator control its users and computers.
A Group Policy is a computer or user setting that can be configured by administrators to apply various computer specific or user specific registry settings to computers that have joined the domain (active directory). A simple example of a group policy is the user password expiration policy which forces users to change their password on a regular basis. Another example of a group policy would be the enforcement of a specific desktop background picture on every workstation or restricting users from accessing their Local Network Connection properties so they cannot change their IP address.
A Group Policy Object (GPO) contains one or more group policy settings that can be applied to domain computers, users, or both. GPO objects are stored in active directory. You can open and configure GPO objects by using the GPMC (Group Policy Management Console) in Windows Server 2012:
Figure 1. GPO Objects
Group Policy Settings are the actual configuration settings that can be applied to a domain computer or user. Most of the settings have three states, Enabled, Disabled and Not Configured. Group Policy Management Editor provides access to hundreds of computer and user settings that can be applied to make many system changes to the desktop and server environment.