Windows 2008 R2 Server

8 articles in category Windows 2008 R2 Server / Subscribe

I don’t know about the RAM capacity in your head, but mine is kinda limited. Often time when I code in PowerShell, I don’t remember the exact name of a property/method. With the date and time object particularly. It’s different, yet very similar among the many programming languages I use daily.

so after I issue

I usually fire up browser and go to Microsoft Technet PowerShell reference site to find the right command. I remember what it sounded like, but can’t remember exactly how to type it out. Yes you can type help get-date. But it doesn’t tell you all the properties and method you need.

if you want to know the list of all properties and method of an object/variable, set a value to a variable, and pass that variable to get-member cmdlet

$time | get-member

You’ll get all the properties and method that belong to $time variable. A real time saver.

I was researching for a colleague of mine whether there is any documentation out there to secure 2 or more computers using IPSec(IP Security). Surprisingly, there isn’t any easy one. Those that are out there requires you to configure group policy at the domain level, and domain controller(from what I found). What if you are neither a Domain Admin or GP Admin?? Some forum even suggested that IPSec without group policy isn’t possible. This is true, but you can always configure the policy locally on each computer, without having to go through domain policy. If you are implementing IPSec on a large scale, of course, domain group policy would be the way to do it.

If you are not familiar with IPSec, this article from technet is probably the best one I can find.

So, just like the title of my blog, I’ll try to post things I can’t find Googling. Not only will I spell out the solution, I will explain what each of the step does so that you are not just clicking through dialog boxes. Bold fonts in a sentence indicate action you need to perform. Italic fonts indicate label.


IPSec without Group Policy

IPSec without Domain Group Policy

You have a central server(web server, file server, database, etc) in your company, and you have a small number of workstation accessing the server(as pictured on the right). Let’s say you have 3 workstations, and you’d like to accomplish the following:

  • The traffic between the server and 3 stations needs to be secured.
  • ONLY those 3 stations  are able to access the server, all other stations are not permitted
  • In addition to limiting access only from specific stations, you’d also like to limit access to ONLY specific users
  • If domain user 1 uses computer W to access the protected server, the traffic will be denied because computer W is not on the ‘allowed computers list’
  • If domain user 4 uses computer X, Y or Z to access the protected server, the traffic will be denied because domain user 4 is not on the ‘allowed users list’
  • Domain user 2 can use computer X, Y, or Z to access the protected server.
  • Computer X, Y and Z can still be used to communicate with other servers as usual(can still be used for browsing and normal business tasks). This is optional. You will find this on step IV.17 below

If you are planning to deploy this solutions to hundreds of computers, of course Group Policy will make your life easier.

Short Solution and its shortcoming: Continue Reading →

If you ever find a need to delete a replica from your Data Protection manager 2007 or DPM2010, you will find that this is not as simple as clicking through several task buttons. This is quite cumbersome if you don’t have any programming knowledge. Surprisingly, this process was A LOT easier in DPM 2006. I don’t know why Microsoft decided to take this feature out.

The short answer to this question is: POWERSHELL. You need to use DPM management shell, which is a powershell command prompt.

The long answer is as follow: Continue Reading →