Tuesday, March 4, 2014

Remove Ads.yahoo.com pop-up virus (Removal Guide)


STEP 1: Remove Ads.yahoo.com pop-up ads from Internet Explorer, Firefox and Google Chrome with AdwCleaner

The AdwCleaner utility will scan your computer and web browser for the Ads.yahoo.com malicious files, browser extensions and registry keys, that may have been installed on your computer without your knowledge.
  1. You can download AdwCleaner utility from the below link.
    ADWCLEANER DOWNLOAD LINK (This link will automatically download AdwCleaner on your computer)
  2. Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    Picture of AdwCleaner Icon
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
  3. When the AdwCleaner program will open, click on the Scan button as shown below.
    Picture of AdwCleaner Scan button
    AdwCleaner will now start to search for the Ads.yahoo.com malicious files that may be installed on your computer.
  4. To remove the Ads.yahoo.com malicious files that were detected in the previous step, please click on the Clean button.
    Picture of AdwCleaner Clean button
  5. AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.

STEP 2: Remove Ads.yahoo.com adware with Junkware Removal Tool

Junkware Removal Tool is a powerful utility, which will remove Ads.yahoo.com pop-up ads from Internet Explorer, Firefox or Google Chrome.
  1. You can download the Junkware Removal Tool utility from the below link:
    JUNKWARE REMOVAL TOOL DOWNLOAD LINK (This link will automatically download the Junkware Removal Tool utility on your computer)
  2. Once Junkware Removal Tool has finished downloading, please double-click on the JRT.exe icon as seen below.
    [Image: Junkware Removal Tool]
    If Windows prompts you as to whether or not you wish to run Junkware Removal Tool, please allow it to run.
  3. Junkware Removal Tool will now start, and at the Command Prompt, you’ll need to press any key to perform a scan for the Ads.yahoo.com hijacker.
    [Image: Junkware Removal Tool scanning for Ads.yahoo.com virus]
    Please be patient as this can take a while to complete (up to 10 minutes) depending on your system’s specifications.
  4. When the scan Junkware Removal Tool will be completed, this utility will display a log with the malicious files and registry keys that were removed from your computer.
    [Image: Junkware Removal Tool final log]

STEP 3: Remove Ads.yahoo.com pop-up virus with Malwarebytes Anti-Malware Free

Malwarebytes Anti-Malware Free uses industry-leading technology to detect and remove all traces of malware, including worms, Trojans, rootkits, rogues, dialers, spyware, and more.
It is important to note that Malwarebytes Anti-Malware works well and should run alongside antivirus software without conflicts.
  1. You can download Malwarebytes Anti-Malware Free from the below link, then double click on it to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
  2. When the installation begins, keep following the prompts in order to continue with the setup process.
    [Image: Malwarebytes Anti-Malware final installation screen]
  3. On the Scanner tab,select Perform quick scan and then click on the Scan button to start scanning your computer.
    [Image: Malwarebytes Anti-Malware Quick Scan]
  4. Malwarebytes’ Anti-Malware will now start scanning your computer for Ads.yahoo.com malicious files as shown below.
    [Image: Malwarebytes Anti-Malware scanning for Ads.yahoo.com virus
  5. When the Malwarebytes scan will be completed,click on Show Result.
    [Image: Malwarebytes Anti-Malware scan results]
  6. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
    [Image:Malwarebytes removing virus]

STEP 4: Double-check for the Ads.yahoo.com infection with HitmanPro

HitmanPro is a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.). HitmanPro is designed to work alongside existing security programs without any conflicts. It scans the computer quickly (less than 5 minutes) and does not slow down the computer.
  1. You can download HitmanPro from the below link, then double-click on it to start this program.
    HITMANPRO DOWNLOAD LINK (This link will open a new web page from where you can download HitmanPro)
  2. HitmanPro will start and you’ll need to follow the prompts (by clicking on the Next button) to start a system scan with this program.
    HitmanPro scanner
    HitmanPro installation
  3. HitmanPro will start scanning your computer for Ads.yahoo.com malicious files as seen in the image below.
    HitmanPro scan Ads.yahoo.com virus
  4. Once the scan is complete,you’ll see a screen which will display all the infected files that this utility has detected, and you’ll need to click on Next to remove this malicious files.
    HitmanPro scan results
  5. Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer.
    HitmanPro 30 days activation button

(OPTIONAL) STEP 5 : Remove the browser extension responsible for the Ads.yahoo.com pop-up ads from Internet Explorer, Firefox and Google Chrome

If you are still experiencing issues with the Ads.yahoo.com pop-up ads in Internet Explorer, Firefox or Chrome, we will need to reset your browser to its default settings. This step needs to be performed only if your issues have not been solved by the previous steps.

Remove Ads.yahoo.com pop-up ads from Internet Explorer

  1. Open Internet Explorer, click on the gear icon [Image: icongear.jpg] (Tools for Windows XP users) at the top (far right), then click again on Internet Options.
    Internet Options in IE
  2. In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.
    Reset Internet Explorer
  3. In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset.
    Internet Explorer back to its default settings to remove Ads.yahoo.com virus
  4. When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.
  5. Close and open Internet Explorer.

Remove Ads.yahoo.com pop-up ads from Mozilla Firefox

  1. At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu (on Windows XP, click the Help menu at the top of the Firefox window), and select Troubleshooting Information.
    Firefox Troubleshooting Information
  2. Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
    Firefox default settings to remove Ads.yahoo.com pop-up virus
  3. To continue, click Reset Firefox in the confirmation window that opens.
  4. Firefox will close and be reset. When it’s done, a window will list the information that was imported. Click Finish

Remove Ads.yahoo.com pop-up ads from Google Chrome

  1. Remove Ads.yahoo.com extensions from Google Chrome.
    Click the Chrome menu Chrome menu  button on the browser toolbar, select Tools and then click on Extensions.
    Google Chrome Extensions
  2. In the Extensions tab, remove the DP1815, LyricsSay-1, LyricXeeker, Plus-HD 1.3, BetterSurf, LyricsGet, PassShow, LyricsBuddy-1, AlLyrics, ElectroLyrics-1, a2zLyrics-1, Feven 1.8, Websteroids, ScorpionSaver, HD-Plus 3.5 any other unknown extensions, by clicking the trash can [Image: Remove an extension from Chrome] icon.
    Cyber criminals often change the name of malicious extension that is causing the Ads.yahoo.com pop-up ads, so if you have not installed an extensions then you should remove it from your web browser.
Posted by at 1 comment:
Labels:

Monday, March 3, 2014

Managing Windows Server 2008 Print Services


Managing Remote Print Servers

In the previous chapter it was stated that the Print Management tool provides a central location from which the print services for an entire network may be managed. So far we have only looked and managing the print server running on the local computer. In this section we will look at adding remote servers to the local Print Management configuration. For the purposes of this example a theoretical configuration consisting of two Windows Server 2008 systems named winserver-1 and winserver-2 is assumed. Both systems have the print services role installed and Print Management on winserver-1 will be configured to also manage print services on winserver-2. This is achieved by first launching Print Management on the local winserver-1 system (Start -> Administration Tools -> Print Management), right clicking on the Print Servers node of the tree hierarchy in the left hand pane and selecting the Add/Remove Servers option.
From the resulting menu, select the Add/Remove Servers option. The resulting dialog box displays the currently configured print servers under the management of local Print Management. If no remote print servers have been added previously the only server listed will be the local system. To add additional print servers either enter a comma separated list of server names, or use the Browse button to locate servers on the network. When one or more servers have been selected, click on the Add to list button to add the servers to the list. The following figure illustrates the Add/Remove Servers dialog box configured with both the local and remote servers:

Adding remote print servers to Print Management Console

Once all the required remote print servers have been added to the list, click on Apply then close the dialog to return to the main Print Management window. The new print servers will now appear alongside the local server under Print Servers in the left hand pane of the Print Management screen as illustrated below:

Managing multiple print servers on Windows Server 2008

Migrating Printers and Queues Between Servers


Windows Server 2008 also provides the ability to migrate both printers and print queues from one print server to another. This makes it easy, for example, to take a print server off-line for maintenance or to permanently re-assign a printer from one print server to another. The steps outlined below assume that print Management has been configured to manage both the source and target print servers as outlined in the preceding section of this chapter. If this is not the case, the printer export file will need to be copied onto the destination server or made available via file sharing and imported using Print Management on that server.
This form of migration is performed using the Printer Migration Wizard which, along with most other tasks, is accessed from the Print Management interface. Once Print Management is up and running, right click on the server in the left pane from which the printer is to be migrated (the source server) and select Export Printers To a File from the menu. Print Management will subsequently display a dialog listing the printer drivers, port and queues currently configured on the selected print server as illustrated below:

List of printers to be exported prior to migration

After reviewing the listed information click Next and select a suitable location to save the printer export file and click Next once again to perform the export process. Depending on the number of printers being exported and the size of the drivers the export process may take a few minutes to complete. If the export was successful a message will appear beneath the progress bar stating this fact. If the export was unsuccessful, click on the Open Event Viewer button provided to learn more about the cause of the problem so that remedial action may be taken. Assuming a successful export click Finish to dismiss the Printer Migration dialog.
The next step is to import the printers into the target server. Begin by right clicking on the destination server in the Print Management window and selecting Import printers from a file.... In the resulting dialog, use the browse button to navigate to the export file, select it and click on Next to proceed. Once the file has been read a screen will appear identical to the one displayed prior to exporting the printer objects in the preceding step. Review this information and click Next to display the Select import options screen as illustrated in the following figure:

Selecting the printer import options

These options require a little explanation:
  • Keep existing printers; import copies - It is possible that a printer being imported is already also installed on the destination server. With this option selected, the original printer on the destination server will be left unchanged and the new printer imported as a copy.
  • Overwrite existing printers - If the printer being imported is already installed on the target server it is overwritten by the imported copy when this option is selected.
  • List printers that were previously listed - When selected, only printers that were already listed in Active Directory will still be listed after the import process is completed.
  • List all printers - All printers are listed in Active Directory
  • Don't list any printers - No printers are listed in Active Directory
Once the required settings are configured, click Next to initiate the printer import process. The printer configurations, drivers and queues will be subsequently be imported onto the target print server. If errors are reported click on the Open Event Viewer button to obtain additional information. In particular, be mindful of printers that were physically connected to the source print server. Since they are not physically connected to the target server an error will likely occur during the migration. Even if the printer was physically moved to the target system prior to migration it is also possible that it is connected to a different physical port to that used on the source server. Such problems can be resolved by right clicking on the imported printer in Print Management, selecting Properties and making the necessary configuration changes.

Configuring Printer Permissions

Access to printers is controlled through the configuration of printer permissions. By default, a printer is accessible to all users on the local system, and if shared, all users elsewhere on the network. Printer permissions are divided into two categories, special permissions and standard permissions. Before describing how to change the permissions on a printer it is first important to understand the meaning of each permission option.
The standard printer permissions are outlined in the following table:
PermissionDescription
PrintAllows users and groups to send documents to the printer and to manage their own print jobs. Also includes the Read special permission allowing viewing, but not alteration, of printer permissions
Manage PrintersAllows full management of the printer, including changing shared status, changing of permissions and properties, taking ownership of printers and print jobs and starting and stopping print jobs. Includes the Read, Change and Take Ownership special permissions.
Manage DocumentsAllows user and groups to manage print jobs but does not provide the ability to print. Permissions consist of pausing, restarting, resuming and reordering and canceling print jobs. Includes the Read, Change and Take Ownership special permissions
The special permissions are as follows:
PermissionDescription
Read PermissionsUser or Group may view the permissions on the printer.
Change PermissionsUser or Group may change the permissions of a printer.
Take OwnershipUser or Group may take ownership of printer and/or print jobs.
The current permissions for a printer may be viewed and changed by right clicking on that printer in the Print Management tool (Start -> Administrative Tools -> Print Management), selecting Properties and clicking on the Security tab:

Windows Server Printer permissions

To change the permissions for a currently listed user or group, select the user or group and change the Allow and Deny permissions to the required settings. When the settings are configured, click on apply to commit the changes. If the user or group is not currently listed in the properties dialog, click on the Add... button to invoke the Select Users or Groups dialog. Change the Location setting if necessary and then enter the names of the users or groups, separated by semi-colons into the bottom text box. Click the Check Names button to verify the selected users or groups exist within the current location scope:

Selecting users and groups

Assuming the names are correct click on OK to return to the properties dialog where the selected users and/or groups will now be included in the Group or user names list. To configure permissions, select a user or group and set the permissions in the Permissions for section of the dialog. Click Apply to commit the changes and repeat the task for any other users or groups added to the list.
To configure the special permissions click on the Advanced button in the Security page of the properties panel to display the Advanced Security Settings dialog as illustrated below:

Advanced Printer Security Settings

To modify the permissions for a user or group select that object from the list and click Edit... to display the Permission Entry for dialog. In this dialog both the standard and special permissions for the selected user or group are displayed and may be changed as required. As noted previously, certain special permissions are implicit in standard permission settings. For example, setting the Manage Printers standard permission also enables the Read, Change and Take Ownership special permissions. Once the desired permission changes have been made click on OK to dismiss the Permission Entry for dialog, followed by Apply, then OK in the Advanced Security Settings dialog. Finally, click on OK to dismiss the properties dialog and return to Print Management.

Changing Printer Ownership

After a printer has been installed the owner, by default, is SYSTEM. Ownership may be taken either by an administrator or by a user or group which has been assigned Take ownership permission for the printer.
To assign ownership to another user or group, open the properties dialog for the printer, select the Security tab and then click on Advanced. In the advanced settings screen, select the Owner tab. This screen will list the current owner, together with a list of users and group to which ownership may be changed. If the intended new owner is not listed in the Change owner to: list, click on the Other users or groups... button to access the Select User or Group dialog box. Enter the name of a user or group and click on the Check Names button. With the correct name selected, click on OK to return to the list of owners. Select the desired owner from the list and click on Apply to commit the change of ownership.

Printer Pooling Configuration

Printer Pooling refers to the process of allocating multiple physical print devices to a single logical printer. In such a configuration print jobs to the logical printer are assigned by the print server to the first available physical printer in the pool. A key requirement is that the physical printers that make up a pool must all use the same print driver and have the same amount of memory.
To configure printer pooling, install a printer such that it uses a particular port (such as a local port or IP address). Attach the other printers that are to make up the pool, but do not install them via Print Management. Once the first printer is installed, open the properties dialog for that printer by right clicking on it in Print Management and select the Ports tab. In the Ports page select the Enable printer pooling option. If the ports to which the additional printers are connected are listed make sure they are all selected. Note that a pool can be made up of printers connected in any combination of ways (network, serial, parallel, USB etc). In the case of network printers, click on Add Port... and enter the IP address of the additional printer, click New Port... and allow the wizard to create the new port. Once all the new ports are added and selected, click Apply to create the printer pool. The following figure illustrates a printer pool comprising three HP Deskjet network printers:

Configuring a Windows Printer Pool

Configuring Printer Availability and Priority

Rather than working with the actual physical printers, users are in fact working with logical printers which map onto a physical print device. Windows allows a single physical print device to be assigned to multiple logical printers. This approach brings considerable flexibility in terms of controlling the availability of a printer to different groups of users and the priority of their print jobs.
This concept is best described by example. Suppose that a printer is to be made available to members of an engineering group only during the office hours. That same printer, however, is to always be available to the management group. Similarly, any print jobs belonging to the management group must be given a higher priority than those of the engineering group. To achieve this objective, two logical printers assigned to the same physical print device will be created, one for engineering and one for management. The availability of the engineering logical printer will be restricted to office hours and given a low priority. The management logical printer will always be available and will be given a high priority. Permissions on the logical printers will then be configured such that the engineering team is denied access to the management printer.
Availability and priority is configured from the printer property panel. To access these settings, launch Print Management and navigate to the required printer in the left pane. Right click on the printer, select Properties and then choose the Advanced tab. Once selected, the property panel will appear as follows:

Configuring printer priority and availability

For the management logical printer the Always available option will be selected and a high priority assigned (for example 95). Once these values are set, click on the Security tab of the properties dialog and deny access to the printer for the engineering group. Repeat these steps for the engineering logical printer, this time selecting the Available from option and specifying the hours that the printer is available.
Posted by at No comments:
Labels:

Sunday, March 2, 2014

Scenario Overview for Restoring Deleted Active Directory Objects


Applies To: Windows Server 2008 R2
Accidental deletion of Active Directory objects is a common occurrence for users of Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS).
Restoring deleted objects before Active Directory Recycle Bin
In Windows Server 2008 Active Directory domains, you could recover accidentally deleted objects from backups of AD DS that were taken by Windows Server Backup. You could use the ntdsutil authoritative restore command to mark objects as authoritative to ensure that the restored data was replicated throughout the domain. For more information about backup and authoritative restore of deleted Active Directory objects in AD DS, see the AD DS Backup and Recovery Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkID=125451).
The drawback to the authoritative restore solution was that it had to be performed in Directory Services Restore Mode (DSRM). During DSRM, the domain controller being restored had to remain offline. Therefore, it was not able to service client requests. (When you restored objects in AD LDS, you were required to stop your AD LDS instance. However, when you restored objects in AD LDS, you did not have to boot into DSRM.)
Another shortcoming of authoritatively restoring Active Directory objects from AD DS backups was that any changes to the objects that occurred between the backup time and the restore time could not be recovered. Consider the following scenario: An administrator assigns a new group membership to a user account and then accidentally deletes this user account. The administrator then tries to authoritatively restore this user account from the AD DS backup that was taken three days ago. The user object is indeed recovered, but its most recent group membership information is not restored. The user account remains in the state that it was in at the time that the AD DS backup was performed three days ago.
In Windows Server 2003 Active Directory and Windows Server 2008 AD DS, you could recover deleted Active Directory objects through tombstone reanimation. Introduced in Windows Server 2003, tombstone reanimation took advantage of the fact that Active Directory kept the deleted objects in the database for a period of time before physically removing them. In Windows Server 2003 and Windows Server 2008, a deleted Active Directory object was not physically removed from the database immediately. Instead, the object’s distinguished name (also known as DN) was mangled, most of the object’s non-link-valued attributes were cleared, all of the object’s link-valued attributes were physically removed, and the object was moved to a special container in the object's naming context (also known as NC), named Deleted Objects. The object, now called a tombstone, became invisible to normal directory operations. Tombstones could be reanimated anytime within the tombstone lifetime period and become live Active Directory objects again.
The default tombstone lifetime was 180 days in Windows Server 2003 with Service Pack 1 (SP1), Windows Server 2003 with Service Pack 2 (SP2), and Windows Server 2008. You could use tombstone reanimation to recover deleted objects without taking your domain controller or your AD LDS instance offline. However, the reanimated objects’ link-valued attributes (for example, group memberships of user accounts) that were physically removed and the non-link-valued attributes that were cleared were not recovered. Therefore, administrators could not rely on tombstone reanimation as the ultimate solution for accidental deletion of objects. For more information about tombstone reanimation, see Reanimating Active Directory Tombstone Objects (http://go.microsoft.com/fwlink/?LinkID=125452).
The following illustration shows an Active Directory object’s life cycle in the Windows Server 2003 and Windows Server 2008 environments, which support tombstone reanimation. It also shows the life cycle of Active Directory objects in a Windows Server 2008 R2 environment with Active Directory Recycled Bin disabled, which is the default behavior when your environment’s forest functional level is first set to Windows Server 2008 R2.
4d7731f7-22c5-412b-b64b-ce3166f9177d
Restoring deleted objects with Active Directory Recycle Bin enabled
Windows Server 2008 R2 Active Directory Recycle Bin helps minimize directory service downtime by enhancing your ability to preserve and restore accidentally deleted Active Directory objects without restoring Active Directory data from backups, restarting AD DS, or rebooting domain controllers. When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.
The following illustration shows a new Active Directory object’s life cycle in Windows Server 2008 R2 when Active Directory Recycle Bin is enabled.
8eee582d-ce09-4d6b-96f8-b9e79794cc85
Deleted objects
After you enable Active Directory Recycle Bin, when an Active Directory object is deleted the system preserves all the object’s link-valued and non-link-valued attributes and the object becomes “logically deleted,” which is a new state in Windows Server 2008 R2. A deleted object is moved to the Deleted Objects container, with its distinguished name mangled. A deleted object remains in the Deleted Objects container in a logically deleted state throughout the duration of the deleted object lifetime.
Within the deleted object lifetime, you can recover a deleted object by using the procedures in Step 2: Restore a Deleted Active Directory Object and make it a live Active Directory object again. Within the deleted object lifetime, you can also recover a deleted object through an authoritative restore from a backup of AD DS.
Recycled objects
After the deleted object lifetime expires, the logically deleted object is turned into a recycled object and most of its attributes are stripped away. A “recycled object,” which is a new state in Windows Server 2008 R2, remains in the Deleted Objects container until its recycled object lifetime expires. After the recycled object lifetime expires, the garbage-collection process physically deletes the recycled Active Directory object from the database.
ImportantImportant
A recycled object cannot be recovered with the procedures in Step 2: Restore a Deleted Active Directory Object or with the steps in Reanimating Active Directory Tombstone Objects (http://go.microsoft.com/fwlink/?LinkID=125452). This is a new behavior in Windows Server 2008 R2.
Do not attempt to recover a recycled object through an authoritative restore from a backup of AD DS. Instead, we recommend that you recover deleted objects with Active Directory Recycle Bin during the deleted object lifetime.
By default, a recycled object in Windows Server 2008 R2 preserves the same set of attributes as a tombstone object in Windows Server 2003 and Windows Server 2008. To change the set of attributes that are preserved on a Windows Server 2008 R2 recycled object (that is, to make sure that a particular attribute of an object is preserved when this object becomes recycled), set the value of the searchFlags attribute in the schema to 0x00000008. This process is similar to the process for preserving attributes on Windows Server 2003 and Windows Server 2008 tombstone objects. For more information, see Search-Flags Attribute (http://go.microsoft.com/fwlink/?LinkID=125453).
ImportantImportant
When Active Directory Recycle Bin is enabled, all objects that were deleted before Active Directory Recycle Bin was enabled (that is, all tombstone objects) become recycled objects. These objects are no longer visible in the Deleted Objects container, and they cannot be recovered with Active Directory Recycle Bin. The only way to restore these objects is through an authoritative restore from a backup of AD DS that was taken of the environment before Active Directory Recycle Bin was enabled.
Deleted object lifetime and recycled object lifetime
The deleted object lifetime is determined by the value of the msDS-deletedObjectLifetime attribute. The recycled object lifetime is determined by the value of the legacy tombstoneLifetime attribute. By default, msDS-deletedObjectLifetime is set to null. When msDS-deletedObjectLifetime is set to null, the deleted object lifetime is set to the value of the recycled object lifetime. By default, the recycled object lifetime, which is stored in the tombstoneLifetime attribute, is also set to null. In Windows Server 2008 R2, when tombstoneLifetime is set to null, the recycled object lifetime defaults to 180 days.
You can modify the values of the msDS-deletedObjectLifetime and tombstoneLifetime attributes anytime. When msDS-deletedObjectLife is set to some value other than null, it no longer assumes the value of tombstoneLifetime. For more information about how to modify the deleted object lifetime and the recycled object lifetime, see Modifying the tombstone lifetime and deleted object lifetime section in Appendix A: Additional Active Directory Recycle Bin Tasks.
Recovering Active Directory objects from backups through an authoritative restore
To determine if you can use a particular backup of AD DS to successfully recover a previously deleted object through an authoritative restore, verify the value of the resultant backup lifetime in your Active Directory forest. The value of the resultant backup lifetime in an Active Directory forest specifies the number of days during which any backup that is taken of this forest is most effective when it is used to restore an Active Directory environment. (The restore tasks can include recovering accidentally deleted data or promoting domain controllers from media.)
The value of the resultant backup lifetime is the smaller value of the following two attributes: the msDS-deletedObjectLifetime attribute, which stores the deleted object lifetime, and the tombstoneLifetime attribute, which stores the recycled object lifetime. By default, msDS-deletedObjectLifetime is set to null. When msDS-deletedObjectLifetime is set to null, the deleted object lifetime is set to the value of the recycled object lifetime. By default, tombstoneLifetime is also set to null. When tombstoneLifetime is set to null, the recycled object lifetime defaults to 180 days. Therefore, by default, the value of the resultant backup lifetime in an Active Directory forest is set to 180 days.
ImportantImportant
We recommend that the resultant backup lifetime in your Active Directory environment be equal to or greater than 180 days to ensure that the backups that you can use to authoritatively restore an Active Directory environment are effective and usable for a long period of time.
Although it is possible for you to modify the values of the deleted object lifetime (which is stored in the msDS-deletedObjectLifetime attribute) and the recycled object lifetime (which is stored in the tombstoneLifetime attribute), we do not recommend this because it can cause problems in your environment.
If the value of the deleted object lifetime (in the msDS-deletedObjectLifetime attribute) is smaller than the value of the recycled object lifetime (in the tombstoneLifetime attribute), the authoritative restore of a deleted object from a backup will be successful only for the duration of the deleted object lifetime. Attempts to recover a recycled object using authoritative restore from a backup will fail because after the restored object replicates, it will be recycled again. This scenario is especially true if you recycle deleted objects manually, which makes the deleted object lifetime shorter than the recycled object lifetime.
Restoring Group Policy objects or Exchange-related objects
You can use Active Directory Recycle Bin to restore all deleted objects that were previously stored in AD DS. However, if you use Active Directory Recycle Bin to restore deleted Group Policy objects (GPOs) or Exchange-related objects that were previously stored in AD DS, any application-specific data for these objects that was not stored in AD DS will not be restored.
You can use the Group Policy Management snap-in to back up and restore GPOs and then manually re-create links to the appropriate site, domain, or OU objects in AD DS. For more information, see Back Up, Restore, Import, and Copy Group Policy Objects (http://go.microsoft.com/fwlink/?LinkId=146609).
We do not recommend that you use Active Directory Recycle Bin to restore Exchange configuration objects that were accidentally deleted with Exchange administrative tools. Instead, the recommended approach is to re-create these objects by using the supported Exchange administrative tools. If you accidentally delete an Exchange configuration object without using Exchange administrative tools, try to restore this object with Active Directory Recycle Bin as quickly as possible. However, any configuration changes that occurred in the environment between this object’s deletion and its restoration will not be recovered, and they can result in Exchange configuration problems. For example, if you use Active Directory Recycle Bin to recover accidentally deleted Exchange recipients, such as contacts, users or distribution groups, be sure to reapply current Exchange policies or other configuration data to them. This data could have been modified since these objects were deleted.
Posted by at No comments:
Labels: ,

Backup and Recovery Overview for Windows Server 2008 R2


Applies To: Windows Server 2008 R2
Windows Server 2008 R2 contains features to help you create backups and, if needed, perform a recovery of your operating system, applications, and data. By using these features appropriately and implementing good operational practices, you can improve your organization's ability to recover from damaged or lost data, hardware failures, and disasters. For Windows Server 2008 R2, there are new features that expand what you can back up, where you can store backups, and how you can perform recoveries.
This topic contains the following sections:
Backup and recovery technologies
There are several features that you can use together to create backups and perform recoveries of your server systems and data. These features include the following:
  • Shadow Copies of Shared Folders. This feature is an extension to the Shared Folders Microsoft Management Console (MMC) snap-in.
  • Windows Server Backup tools. These include the Windows Server Backup MMC snap-in, the Wbadmin command, and the Windows PowerShell cmdlets for Windows Server Backup.
  • Windows Recovery Environment. This environment includes the System Image Recovery tool, the Windows Memory Diagnostic tool, and the Command Prompt.
This table summarizes the tools you can use to perform the following backup or recovery tasks for your computers running Windows Server 2008 R2:

 

Shadow Copies of Shared Folders Windows Server Backup snap-in Wbadmin command Windows PowerShell cmdlets (Windows.ServerBackup) Windows Recovery Environment
Create shadow copies of files or folders on a shared resource YES
Create schedule for backups to be run automatically YES YES YES
Create a one-time supplemental backup YES YES YES
Perform a recovery of files, folders, applications, volumes, system state, and catalog YES YES YES
Perform a bare metal recovery, full server recovery, or recovery of the operating system YES
Remote management YES YES YES
Shadow Copies of Shared Folders overview
Shadow Copies of Shared Folders provides point-in-time copies of files that are located on shared resources, such as a file server.
What is Shadow Copies of Shared Folders?
Shadow Copies of Shared Folders is a feature included in the Shared Folders MMC snap-in that you or your users can use to view shared files and folders as they existed at points of time in the past. Accessing previous versions of files, or shadow copies, is useful because you can:
  • Recover files that were accidentally deleted. If you accidentally delete a file, you can open a previous version and copy it to a safe location.
  • Recover from accidentally overwriting a file. If you accidentally overwrite a file, you can recover a previous version of the file. (The number of versions depends on how many snapshots you have created.)
  • Compare versions of a file while working. You can use previous versions when you want to check what has changed between versions of a file.
However, creating shadow copies is not a replacement for creating regular backups. Use a tool such as Windows Server Backup to create regular backups of your server. Also, you can only enable Shadow Copies of Shared Folders on a per-volume basis—that is, you cannot select specific shared folders and files on a volume to be copied or not copied.
Hardware and software considerations for Shadow Copies of Shared Folders
Shadow Copies of Shared Folders is available in all editions of Windows Server 2008 R2. However, the Shadow Copies of Shared Folders user interface is not available for the Server Core installation option of Windows Server 2008 R2. To create shadow copies for computers with a Server Core installation, you need to manage this feature remotely from another computer.
If you plan to defragment the source volume on which Shadow Copies of Shared Folders is enabled, we recommend that you set the cluster allocation unit size to be 16 KB or larger when you initially format the source volume. If you do not, the number of changes caused by defragmentation can cause previous versions of files to be deleted.
If you require NTFS file compression on the source volume, you cannot use an allocation unit size larger than 4 KB. In this case, when you defragment a volume that is very fragmented, you may lose older shadow copies faster than expected.
Additional references for Shadow Copies of Shared Folders
For more information about Shadow Copies of Shared Folders and recovering files and folders, see the following resources:
Windows Server Backup overview
Windows Server Backup is a feature that provides a set of wizards and other tools for you to perform basic backup and recovery tasks for your servers. This feature has been updated since its first release in Windows Server 2008. In addition, the previous backup feature (Ntbackup.exe) that was available with earlier versions of Windows has been removed.
What is Windows Server Backup?
Windows Server Backup consists of an MMC snap-in, command-line tools, and Windows PowerShell cmdlets that provide a complete solution for your day-to-day backup and recovery needs. You can use the four wizards to guide you through running backups and recoveries. You can use Windows Server Backup to back up a full server (all volumes), selected volumes, the system state, or specific files or folders, and to create a backup that you can use for bare metal recovery. You can recover volumes, folders, files, certain applications, and the system state. And, in case of disasters like hard disk failures, you can perform a system recovery or bare metal recovery by using a full server or a bare metal recovery backup and the Windows Recovery Environment—this will restore your complete system onto the new hard disk.
You can use Windows Server Backup to create and manage backups for the local computer or a remote computer. Also, you can schedule backups to run automatically.
Windows Server Backup is intended for use by everyone who needs a basic backup solution—from small business owners to IT professionals in large enterprises. However, the design makes it especially well-suited for smaller organizations or individuals who are not IT professionals.
noteNote
You cannot recover backups that you created in earlier versions of Windows with Ntbackup.exe by using Windows Server Backup. However, a version of Ntbackup.exe is available as a download to Windows Server 2008 and Windows Server 2008 R2 for users who want to recover data from backups created using Ntbackup.exe. The downloadable version of Ntbackup.exe is only for recovering backups for older versions of Windows and cannot be used to create new backups. To download Ntbackup.exe, see http://go.microsoft.com/fwlink/?LinkId=82917.
Features in Windows Server Backup
  • Windows Server Backup snap-in. This tool contains four wizards to help you perform backups and recoveries of your servers: Schedule Backup Wizard, Backup Once Wizard, Recovery Wizard, and Catalog Recovery Wizard. You can use the main page of the snap-in to view information about any past or future backup or recovery operations. Also, you can use the tool to configure performance options for backups and recoveries.

    As a new functionality in Windows Server 2008 R2, you can create backups with the Schedule Backup Wizard and the Backup Once Wizard that you can use to perform system state or bare metal recoveries. Other new functionality includes the ability to store scheduled backups on a remote shared folder, to back up specific files and folders rather than full volumes, and the ability to exclude files based on location and file type.
  • Wbadmin command. Windows Server Backup includes the Wbadmin command and documentation, which enable you to perform the same tasks at the command line that you can perform by using the snap-in. For more information, see the Command Reference (http://go.microsoft.com/fwlink/?LinkId=140216). You can also automate backup activities through scripting.

    Changes to this command are the same as the changes for the Windows Server Backup snap-in.
  • Windows PowerShell cmdlets for Windows Server Backup. Windows Server 2008 R2 contains an updated collection of cmdlets for Windows Server Backup that you can use to write scripts to perform backups. For more information, see http://go.microsoft.com/fwlink/?LinkId=140217.
Hardware and software considerations for Windows Server Backup
Windows Server Backup is available in all editions of Windows Server 2008. However, the Windows Server Backup snap-in is not available for the Server Core installation option. To run backups for computers with a Server Core installation, you need to either use the command line or manage backups remotely from another computer.
Windows Server Backup supports external and internal hard disks, optical media drives, and removable media drives. You can no longer back up to tape—however, support of tape storage drivers is still included. To perform a scheduled backup, as a best practice, use an external hard disk that supports either USB 2.0 or IEEE 1394.
Additional references for Windows Server Backup
For more information about Windows Server Backup, see the following resources:
Windows Recovery Environment overview
Windows Recovery Environment is a partial version of the operating system and a set of tools that you can use to perform system recoveries (along with a backup that you created earlier using Windows Server Backup).
What is Windows Recovery Environment?
You can access the recovery and troubleshooting tools in Windows Recovery Environment through the System Recovery Options dialog box in the Install Windows Wizard. In Windows Server 2008 R2, to launch this wizard, use the Windows Setup disc or start/restart the computer, press F8, and then select Repair Your Computer from the list of startup options.
You can disable or enable Windows Recovery Environment by doing the following:
To disable Windows Recovery Environment
  1. To open a command prompt with elevated privileges, click Start, right-click Command Prompt, and then click Run as administrator.
  2. At the prompt type: :\Windows\System32\REAgentC.exe /disable
noteNote
This procedure prevents Windows Recovery Environment from being launched manually by pressing F8.
To re-enable Windows Recovery Environment
  1. To open a command prompt with elevated privileges, click Start, right-click Command Prompt, and then click Run as administrator.
  2. At the prompt type: :\Windows\System32\REAgentC.exe /enable
You can also configure your servers to fail over to the Windows Recovery Environment if they fail to boot. (For instructions, see http://go.microsoft.com/fwlink/?LinkId=94458.)
Features in Windows Recovery Environment
The tools in Windows Recovery Environment include:
  • System Image Recovery. You can use this tool and a backup that you created earlier with Windows Server Backup to restore your operating system or full server.
  • Windows Memory Diagnostic. You can use this tool (which is a memory diagnostic schedule) to check your computer's RAM. Doing this requires a restart. In addition, this tool requires a valid Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Windows 7 installation to function.
  • Command Prompt. This opens a command prompt window with Administrator privileges that provides full access to your file system and volumes. In addition, certain Wbadmin commands are only available from this command window. For information about the Wbadmin command, see the Command Reference (http://go.microsoft.com/fwlink/?LinkId=140216).
Hardware and software considerations for Windows Recovery Environment
Windows Recovery Environment is available in all editions of Windows Server 2008 and Windows Server 2008 R2. However, the processor architecture for a given instance of Windows Recovery Environment and the computer whose system you are trying to restore must match. For example, Windows Recovery Environment for an x64-based version of the operating system only works on an x64-based computer. In addition, your hardware manufacturer may have installed Windows Recovery Environment on a partition on your server—if not, you will need a Setup disc to access this tool.
For Windows Server 2008 R2, the Windows Recovery Environment is installed by default, except for the Server Core installation option.
Additional references for Windows Recovery Environment
For more information about Windows Recovery Environment and recovering your server, see the following resources:
Windows Server Backup Security Considerations
When using Windows Server Backup to create backups of files, folders, or entire computers, you should be aware of the following security considerations:

 

ConsiderationImpact
Who has rights to backup content on the computer?Members of administrators group and backup operators group have the right to backup files and folders on a computer by default. Members of the Server Operators group on domain controllers also have this right. Other user accounts or groups must have the Back up files and directories user right specifically assigned to be able to use Windows Server Backup to backup content from a computer.
Who has rights to restore content to the computer?Members of administrators group and backup operators group have the right to backup files and folders on a computer by default. Members of the Server Operators group on domain controllers also have this right. Other user accounts or groups must have the Restore up files and directories user right specifically assigned to be able to use Windows Server Backup to restore content to a computer.
How will your backup information be safeguarded?Once the backup is made any confidential data on the computer is stored with the backup. You should take the same protections to safeguard that data as you would with the computer it originated from. If it is stored in a network location, it should have restricted access rights so that only trusted users have access. A disk encryption program such as BitLocker can be used to encrypt the storage location after the backup is made to further protect the information in the backup.
How is online access to the backups controlled?Windows uses Kerberos authentication and authorization methods to validate user’s rights to the backup location by default.
How is physical access to the backup storage devices controlled?Backup storage devices should be kept in a restricted access location. To further safeguard the storage disks from being compromised, you should encrypt the disks using a disk encryption program such as BitLocker to require that either a certain computer or a certain user credential is used to access the disk.
What events should I audit?At a minimum audit Microsoft-Windows-Backup event 50 which is caused by lack of space on the backup location and event 214 which is the successful restore of files. Lack of space in a target location will prevent backups from occurring until the issue is resolved. Restoring files should be an uncommon event, if file restores are happening regularly it is important that you be aware of the conditions that are causing files to have to be restored as there may be an underlying process or hardware issue that needs to be addressed.
Posted by at No comments:
Labels: ,

Printers Extension


Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012
Group Policy includes the Printers preference extension. This extension allows you to create, configure, and delete local, shared, and TCP/IP printers.

Getting started

You can create and configure Printer preference items for any domain-based Group Policy object (GPO). You configure the settings by editing a GPO using the Group Policy Management Console. When editing a GPO, you can find this preference extension at the following location:
Computer Configuration or User Configuration
   └ Preferences
      └ Control Panel Settings
         └ Printers
For information about how to use this extension to create and configure a preference item, see the following topics:
Posted by at No comments:
Labels: , ,

Saturday, March 1, 2014

Design a WSUS Storage Strategy


Applies To: Windows Server 2003 with SP2, Windows Server 2008 R2, Windows Server 2008 R2 with SP1, Windows Server Update Services, Windows Small Business Server 2011 Standard
Windows Server Update Services (WSUS) 3.0 SP2 uses two types of storage systems: a database to store WSUS configuration and update metadata, and an optional local file system to store update files. Before you install WSUS, you should decide how you want to implement storage.
Updates are composed of two parts: metadata that describes the update and the files that are required to install the update. Update metadata is typically much smaller than the actual update, and it is stored in the WSUS database. Update files are stored either on a local WSUS server or on a Microsoft Update Web server.
In a deployment of multiple WSUS servers, each WSUS server can configure its own storage options.
In this topic:
WSUS database
WSUS 3.0 SP2 requires a database for each WSUS server. WSUS supports the use of a database that resides on a different computer than the WSUS server, with some restrictions. For a list of supported databases and remote database limitations, see WSUS database requirements.
The WSUS database stores the following information:
  • WSUS server configuration information
  • Metadata that describes each update
  • Information about client computers, updates, and interactions

If you install multiple WSUS servers, you must maintain a separate database for each WSUS server, whether it is an autonomous or a replica server. (For more information about WSUS server types, see Design the WSUS Server Layout.) You cannot store multiple WSUS databases on a single instance of SQL Server, except in Network Load Balancing (NLB) clusters that use SQL Server failover. For more about this configuration, see Configure WSUS for Network Load Balancing.
SQL Server, SQL Server Express, and Windows Internal Database provide the same performance characteristics for a single server configuration, where the database and the WSUS service are located on the same computer. A single server configuration can support several thousand WSUS client computers.
CautionCaution
Do not attempt to manage WSUS by accessing the database directly. Directly manipulating the database can cause database corruption. The corruption might not be immediately obvious, but it can prevent upgrades to the next version of the product.
You can manage WSUS by using the WSUS console or WSUS application programming interfaces (APIs). For more information about how to use WSUS APIs, see the Windows Server Update Services Software Development Kit.
WSUS with Windows Internal Database
By default, the installation wizard creates and uses a Windows Internal Database that is named SUSDB.mdf. This database is located in the \WSUS\UpdateServicesDbFiles folder, where is the local drive on which the WSUS server software is installed. Windows Internal Database is included with WSUS 3.0 SP2.
WSUS supports Windows authentication only for the database. You cannot use SQL Server authentication with WSUS. If you use Windows Internal Database for the WSUS database, WSUS Setup creates an instance of SQL Server that is named server\MICROSOFT##SSEE, where server is the name of the computer. With either database option, WSUS Setup creates a database named SUSDB. The name of this database is not configurable.
We recommend that you use Windows Internal Database in the following cases:
  • The organization has not already purchased and does not require a SQL Server product for any other application.
  • The organization does not require an NLB WSUS solution.
  • You intend to deploy multiple WSUS servers (for example, in branch offices). In this case, you should consider using Windows Internal Database on the secondary servers, even if you will use SQL Server for the root WSUS server. Because each WSUS server requires a separate instance of SQL Server, you will quickly experience database performance issues if only one SQL Server handles multiple WSUS servers.
Windows Internal Database does not provide a user interface or any database management tools. If you select this database for WSUS, you must use external tools to manage the database. You can back up and restore the Windows Internal Database database by using Windows Server Backup. For more information, see Backup and Restore WSUS Data and Backing Up Your Server. You can reindex the Windows Internal Database database by using a published script.
For more information about reindexing the Windows Internal Database database, see Reindex the WSUS Database.
WSUS with SQL Server
We recommend that you use SQL Server with WSUS in the following cases:
  • You require an NLB WSUS solution.
  • You already have at least one instance of SQL Server installed.
You cannot run the SQL Server service under a local non-system account or by using SQL Server authentication. WSUS supports Windows authentication only.
WSUS update storage
You can store update files on the local WSUS server, or you can leave approved updates on the Microsoft Update Web servers. In the first case, client computers will download approved updates from the local WSUS server. In the latter case, client computers will download approved updates directly from Microsoft Update. The option that makes the most sense for your organization will depend on network bandwidth to the Internet, network bandwidth on the intranet, and local storage availability.
You can select a different update storage solution for each WSUS server that you deploy.
Local WSUS server storage
Local storage of update files is the default option when you install and configure WSUS. This option can save bandwidth on the corporate connection to the Internet because client computers download updates directly from the local WSUS server.
This option requires that the server have sufficient disk space to store all needed updates. At a minimum, WSUS requires 20 GB to store updates locally; however, we recommend 30 GB based on tested variables. For more information about storage capacity requirements and planning, see WSUS Server minimum hardware requirements and Determine Capacity Requirements.
Remote storage on Microsoft Update servers
You can store updates remotely on Microsoft Update servers. This option is useful if most client computers connect to the WSUS server over a slow WAN connection, but they connect to the Internet over a high-bandwidth connection.
In this case, the root WSUS server synchronizes with Microsoft Update and receives the update metadata. After you approve the updates, the client computers download the approved updates from Microsoft Update servers.
The following drawing shows a WSUS configuration in which updates are stored on Microsoft Update. In this case, branch offices retrieve approved updates directly from Microsoft Update servers. This saves disk space and network bandwidth in the organization. This storage option can offer faster downloads for geographically distributed client computers.
Clients Download Approved Updates from Microsoft
WSUS storage planning best practices
The following practices can help you conserve resources on your WSUS server:
  1. Make sure that your WSUS server is configured to download only approved updates. When the server synchronizes updates, it downloads only the update metadata and will download the update files only after the update has been approved.
  2. If a WSUS server serves only a few client computers, or if most of the client computers are roaming with Internet access, consider hosting update files on Microsoft Update instead of on the local WSUS server.
  3. Approve only the updates that are actually needed by the client computers and limit the product updates to the products that are actually installed.
  4. Synchronize only the update languages that are needed. If you must synchronize multiple languages and you store updates locally, you can estimate the required disk space by multiplying the recommended space times the number of update languages.
  5. Enable WSUS to automatically decline expired updates. If for some reason you do not want to automatically decline expired updates, you should schedule a task to manually decline expired updates regularly.
  6. Do not use express installation files unless you must minimize downloads between the WSUS server and its client computers. Express installation files typically reduce downloads from WSUS servers to client computers by a factor of two, but they increases downloads from Microsoft Update (or an upstream server) by a factor of four. You should evaluate which criteria are more important to your network: local network bandwidth, or server disk space and Internet bandwidth. For more information, see Express installation files.

See Also

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)