Add user to domain group from file

Publikováno 15.7.2011 | Autor: marwin

we need create name.txt file include CN  of users

for -f  „delims=,tokens=*“ %G in (name.txt) do @dsmod group „CN=,OU=,DC=,DC=“ -addmbr „CN=%G,OU=,DC=,DC=“

 

Rubriky: Active Directory | Komentáře nejsou povolené u textu s názvem Add user to domain group from file

How get permission of folders, files / jak si vypsat opravneni slozek

Publikováno 1.6.2011 | Autor: marwin

vztahneme se seznam slozek do souboru / we make spill folders to file – command below

 

dir /AD /S /B > directory.txt

 

and now use this command /a nyni pouzijeme tento prikaz

 

FOR /F „delims=*“ %i in (directory.txt) do cacls „%i“

 

Rubriky: MIcrosoft Windows (client/server) | Komentáře nejsou povolené u textu s názvem How get permission of folders, files / jak si vypsat opravneni slozek

create object in AD from file

Publikováno 1.6.2011 | Autor: marwin

Vytvorime si .csv file s obsahem – nazvy skupin , uzivatel

We make create file include names of users or groups ( objects)

 

Test.csv – obsahuje –

Cn

Jmenoskupiny1

Jmenoskupiny2

 

pouzijeme prikaz(muzeme upravt dle potreb)

we use this command

 

Command : for -f “delims=, tokens=*” %G in (test.csv) do @dsadd group “cn=%G,ou=….,DC=…,DC=….” –secgrp yes –scope l

 

or you can use alternative way

 

objectClass,sAMAccountName,dn

user,amasv,“ cn=Martin Svoboda,ou=it,dc=secure,dc=com“

 

csvde –i  name of csv

 

 

Rubriky: Active Directory | Komentáře nejsou povolené u textu s názvem create object in AD from file

Configuring Exchange 2007 Split Permissions to the Regional Admins

Publikováno 1.6.2011 | Autor: marwin

Configuring Permissions for the Regional Exchange Admins over powershell

 

 

Split permissions model strictly separate the rights to manipulate Exchange attributes to only these users objects, for which is the respective administrator responsible. In our configuration, the RegionAdmins security group is responsible only to manipulate objects in specific Region Active Directory container. This group must not be able to change Exchange attributes on user objects in another OU containers. Also for the spec. OU like Region Users and Groups containers inside spec Region OU have to be the rights granted, because this containers can contain accounts (which can have mailboxes) or distribution groups. Administrators of Exchange attributes must be able to view all the required settings in an Exchange Organization. For this purpose, they have to be members of Exchange View-Only Administrators.

To grant the required permissions according to the Split Permissions model, we have to use the Exchange Management Shell console. There is a script located in the

%ProgramFiles%\Microsoft\Exchange Server\Scripts directory

that can help you to configure the split permissions model. This script configures automatically the ability to manipulate the required Exchange permissions inside the OU container (for Recipient, Contact and Group objects).

Using the Exchange Management Shell, you can run the following script:

 

ConfigureSplitPerms.ps1 -User „User or Group name“ -Identity „OU container“

 

The procedure to implement split permissions model for the RegionAdmins security group is described below:

Granting the required permissions for the Service container inside the Region OU

 

Configuresplitperms -User “yourcompanydomain”\ RegionAdmins” -Identity “OU=…. ,DC=… ”

Similarly we have to grant the required permissions using this procedure for all other regional admins security groups in their respective OU containers, where they will be manage the Exchange recipients.

Add permissions for RegionAdmins – „access recipient update services“ on CN=Exchange Administration Group (FYDIBOHF23SPDLT) and delegate this permission on all child „Exchange Server objects „

 

Rubriky: Exchange Server / Exchange Online | Komentáře nejsou povolené u textu s názvem Configuring Exchange 2007 Split Permissions to the Regional Admins

IIS 6.0, 7.0 Protokoly PCT 1.0, SSL 2.0, SSL 3.0 nebo TLS 1.0 a šifrovací al. a protokoly v souboru channel.dll

Publikováno 9.2.2011 | Autor: marwin

V případě provozování web. služeb na OP Windows server 2003 , 2008 je dobré ověřit nastavení šifrování a používaní protokolů pro bezpečnou komunikaci mezi klientem a serverem. U Windows server 2003 a dokonce i u Windows 2008 je např. protokol SSL 2.0 standardně zapnut. Ten obsahuje bez. chyby které jsou opraveny až v SSLv3, TLS 1.0, 1.2
U starších OS je doporučeno zakázat slabé šifry DES 56/56, NULL, RC2 40/128, RC4 40/128, RC4 56/128.

Vyzkoušejte si test , který je online!

Klikni sem

Navod jak upravit registry naleznete na stránkách Microsoftu

KB web link

How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll

http://support.microsoft.com/kb/245030/en-us

How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services

http://support.microsoft.com/kb/187498/en-us

nebo použijte tento jednoduchý návod

přidáním klíče typu DWORD jmeno „Enabled“ s hodnotou 00000000 decimal.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
SCHANNEL\Ciphers\RC4 56/128
SCHANNEL\Ciphers\RC2 56/128
SCHANNEL\Ciphers\RC4 40/128
SCHANNEL\Ciphers\RC2 40/128

přidáním klíče typu DWORD jmeno „Enabled“ s hodnotou 00000000 decimal.

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocol
Protocol\SSL 2.0\Client
Protocol\SSL 2.0\Server
…..
………

Rubriky: IIS | Komentáře nejsou povolené u textu s názvem IIS 6.0, 7.0 Protokoly PCT 1.0, SSL 2.0, SSL 3.0 nebo TLS 1.0 a šifrovací al. a protokoly v souboru channel.dll