www.kreslavsky.com

To move windows group to other domain download ADMT Tool

1. Install Active Directory Migration Tool
2. Open the ADMT MMC snap-in it is located in Administrative Tools.
3. Chose source and destination domains and click Next.
4. On the Group Selection screen, chose the group that you want to migrate and click Next.
5. On the next screen, select Browse and locate the desired OU.
6. On the Group Options screen, select one or more of the following and click Next:

   Update user rights: Copies any user rights that are assigned in the source domain to the target domain.

   Copy group members:Specifies whether the user objects that belong to the group should be migrated along with the group.

   Adds the security identifiers (SIDs) of the migrated group accounts in the source domain to the SID history of the new group in the target domain.

• On the Naming Conflicts screen, select whether you want to migrate group objects that conflict with objects in the target domain and click Next.
• Follow the remainder of the wizard to complete the migration.

• Leave a comment... (0)

What Is DRM:

Digital Rights Management, or DRM, is a technology that allows the owner of some forms
of media to enforce the terms to the people who have access to use it. Those who own the
copyright to music, film, books, and video commonly use DRM to protect their property.
You or your company may own media that you deliver on your media server or provide
in email or SharePoint sites. It’s important to protect it. It is common for confidential and
critical information to be sent from one company to a competing company or media outlet.
This can cause public relations, legal, or competition problems for an organization. For
example, a company may create a widget that is far superior to the competitor’s widgets.
The company has spent thousands of man hours and millions of dollars to create and document
this new widget. A disgruntled employee could easily send these documents to the
competitor or post them to a weblog for the world to see. If the company protected these
documents using a DRM solution, it would be able to avoid theft.

How Does DRM work?

When media is created, it is encrypted in order to protect it. For a user to access this encrypted
media, they have to have a license. This license contains information such as the following:
NN How long the content can be used
NN What actions can be done on the media
Simply put, the license or key unlocks the content and allows it to be played. The nice
thing about DRM is that you get to control how long it will be unlocked. For example, say
you want to provide content as a promotion that lasts only five days. With DRM protection,
you can set the key to expire in five days. With DRM you don’t have to worry about
users copying material and giving it to others because no matter who plays the content,
they still need to acquire a key or license.
DRM rights are stored in the key and not the content. This means that you can create
different keys for the same file. A normal DRM scenario would be that you encode content
with DRM protection. Then it would be posted so that users could download it. After
the content is downloaded, the user’s player sees that it is protected and connects to your
license provider site to get the needed key. After the user pays for the key, they are able to
play the content.
DRM also can be used to protect other types of files:
NN Office documents
NN Email
Word, Excel, PowerPoint, and other important company files can be protected using
Active Directory Rights Management Service (AD RMS). A typical example would be
using a SharePoint intranet that has or allows external users to view content.
The following sections, it is assumes that you have installed the AD RMS role and have
reviewed the event log for any errors.

Encryption

Before the Internet boom, encryption was mainly used by the military to protect data.
However, today encryption is a normal and needed protection against theft of content or
documents.
What is encryption? It is locking up data through the use of electronic keys. It is similar
to locking the doors on your home. You need a key to lock and unlock your door locks. It
is doubtful you would ever consider having a home without any locks or leaving the doors
open and going away for six months. If you did, you wouldn’t be surprised if your valuables
were stolen. Some people even pay large amounts of money to purchase high-end security
alarms to ensure that they have the best protection for their home. The same is true of your
data; without locking it with a lock and key, you are inviting anyone to take it.
AD RMS encrypts data by keeping out people who do not have proper keys. With AD
RMS, only trusted entities are granted access rights, just like giving someone you trust a
key to your home.
In addition to the AD RMS clients installed on a computer, AD RMS can be used in
specialized applications, these are enabled to enforce the usage rights. The following applications
are AD RMS enabled:
NN Microsoft Office 2003
NN Office 2007
NN Windows Mobile 6
The AD RMS client is included with Windows Vista and Windows Server 2008. If you are
using Windows 2000 Server, Windows XP, or another operating system, you can download
the AD RMS client from the Microsoft Download Center at www.microsoft.com/downloads/
details.aspx?FamilyId=02DA5107-2919-414B-A5A3-3102C7447838&displaylang=en.
For AD RMS to encrypt your data, you need to both have the AD RMS client installed
and have an AD RMS–enabled application. However, to be able to create protected content
you need to have the following:
NN Office 2007 Enterprise
NN Office 2007 Professional
NN Office 2007 Ultimate

Using AD DR M to Protect a Document

• Open Microsoft Word 2007.
• Open a document you want AD RMS to protect.
• Click the Microsoft button in the top-left corner of the screen.
• Click Prepare.
• Click Restrict Permissions.
• Click Restrict Access.
• Now click Restrict Permission to This Document.
• In the Read box, type in the name of the group that you want to allow read permissions.
• Now save this document in your network location.

  The group you specified can only view this document now. They will not be able to
  change, print, or even copy it.

• Leave a comment... (0)

Configure Fax properties – Windows server 2008

• Within Server Manager, expand Roles and then expand Fax Server.
• Right-click Fax and choose Properties.
• On the Receipts tab, click the box labeled Enable SMTP E-Mail Receipts Delivery and
  enter a From e-mail address, SMTP server address, and port number.
• Select the Activity Logging tab. Click the boxes next to Log Incoming Fax Activity and
  Log Outgoing Fax Activity.
• In the Activity Log Folder text box, enter the path to store the activity log. The default
  location is C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog.
• Select the Outbox tab, check the Automatically Delete Faxes Older Than option and
  then choose the number of days to keep faxes.
• Select the Archives tab and then check Archive All Faxes to This Folder.
• Browse to the location that should be used to store archived faxes. The default is
  C:\ProgramData\Microsoft\Windows NT\MSFax.
• To allow faxes to be reassigned, select the Accounts tab and then check the On box
  under Reassign Settings.
• Click OK.

Defining a Dialing Rule

Setting up dialing rules will help the fax server understand what your area requires. For
example, most locations in the United States require dialing a 1 before dialing a number
outside a local area code. When dialing within an area code, only 7 digits are needed.
Alternatively, if a local area uses 10-digit dialing, a user has to put in an area code plus the
7-digit phone number. As you can see, by setting up the dialing rules first, you keep your
users from having to enter numbers such as 1 before the area code.You can configure the
following options for dialing rules:
Dialed Number You can enter a region code and area code.
Target Device Choose to apply your rule to devices.

Configuring a Dialing Rule

• Under Fax Server in Server Manager, expand Outgoing Routing.
• Right-click on Rules and choose New and then Rule.
• In the Dialed Number section of the Add New Rule dialog box, enter your region
  code. If you are unsure, click Select and then choose from the list.
• In the Target Device section, choose whether you want this rule to apply to a device
  or a routing group and then choose from the list in the drop-down box.
• Click OK.

• Leave a comment... (0)

A Maps host name to an address
AAAA Maps host name to Ipv6 address
AFSDB Location of Andrew File System (AFS) cell’s database server or Distributed Computing Environment (DCE) cell’s authenticated server
ATMA Maps domain name to Asynchronous Transfer Mode (ATM) address
CNAME Creates an alias (synonymous) name for the specified host
HINFO Identifies the host’s hardware and operating system type
ISDN Maps host name to Integrated Services Digital Network (ISDN) address (phone
number)
KEY Public key related to a DNS domain name
MB Associates host with specified mailbox; experimental
MG Associates host name with mail group; experimental
MINFO Specifies mailbox name responsible for mail group; experimental
MR Specifies mailbox name that is correct rename of other mailbox; experimental
MX Mail exchange server for domain
NS Specifies address of domain’s name server(s)
NXT Defines literal names in the zone; implicitly indicates nonexistence of a name if
not defined
PTR Maps address to a host name for reverse lookup
RP Identifies responsible person for domain or host
RT Specifies intermediate host that routes packets to destination host
SIG Cryptographic signature record
SOA Specifies authoritative server for the zone
SRV Defines servers for specific purpose such as http, ftp, and so on
TXT Associates textual information with item in the zone
WINS Enables lookup of host portion of domain name through WINS server
WINS-R Reverses lookup through WINS server
WKS Describes services provided by specific protocol on specific port
X.25 Maps host name to X.121 address (X.25 networks); used in conjunction with RT
records

• Leave a comment... (0)

-t Pings continuously until terminated by Ctrl+C. Press Ctrl+Break to view statistics. Perform extended testing or check for intermittent problems.
-a Resolves address to host name. Test name resolution and troubleshoot Hosts file.
-n count Specifies number of packets to send Perform extended testing.
-l size Specifies packet size in bytes; the default is 64, the maximum is 8,192 Check for packet fragmentation and response time.
-f Sets Don’t Fragment flag in packet Prevent routers from fragmenting packet.
-i ttl Sets packet time-to-live Increase timeout on slow connections.
-v tos Sets Type of Service field Specify type of action remote router should perform on the packet.
-r count Records packet route; specify from 1 to 9 Determine route of outgoing and incoming packets.
-s count Sets timestamp for number of hops specified by count Set current hop count for the packet.
-j HostList Routes packets using host list; specify maximum of 9 hosts Direct traffic through specific route; hosts can be separated by intermediate gateways (loose source route).
-k HostList Routes packets using host list Similar to -j but hosts can’t be separated by intermediate gateways (strict source route).
-w timeout Sets packet timeout in milliseconds Increase timeout value to overcome timeout on slow connections.
-R Traces a round-trip path Trace back to client; used on IPv6 only.
-S srcaddr Source address to use Specify source address to ping from; used on IPv6 only.
-4 Forces IPv4 Force ping to use IPv4; not necessary if specifying IPv4 address.
-6 Forces IPv6 Force ping to use IPv6. target_name Specifies remote host(s) to ping Specify destination to ping.

• Leave a comment... (1)

Active Directory Certificate Services (AD CS). AD CS role services install on a number
of operating systems, including Windows Server 2008, Windows Server 2003, and
Windows 2000 Server. Naturally the fullest implementation of AD CS is only possible
on Windows Server 2008. You can deploy AD CS as a single standalone certification
authority (CA), or you can deploy multiple servers and configure them as root, policy, and
certificate issuing authorities. You also have a variety of Online Responder configuration
possibilities.
Active Directory Domain Services (AD DS). This is the role in the Windows Server
2008 operating system that stores information about users, computers, and other
resources on a network. AD DS is also used for directory-enabled applications such as
Microsoft Exchange Server. AD also stores all information required for Group Policy.
Active Directory Federation Services (AD FS). AD FS employs technology that
allows users over the life of a single online session to securely share digital identity
and entitlement rights, or ‘‘claims,’’ across security and enterprise boundaries. This
role—introduced and supported on all operating systems since Microsoft Windows
Server 2003 R2— provides Web Single Sign-On (SSO) services to allow a user to access
multiple, related Web applications.
Active Directory Lightweight Directory Services (AD LDS). This service is ideal if you
are required to support directory-enabled applications. AD LDS is a Lightweight Directory
Access Protocol (LDAP) compliant directory service.
Active Directory Rights Management Services (AD RMS). This service augments
an organization’s security strategy by protecting information through persistent usage
policies. The key to the service is that the right management policies are bound to the
information no matter where it resides or to where it is moved. AD RMS is used to lock
down documents, spreadsheets, e-mail, and so on from being infiltrated or ending up in
the wrong hands. AD RMS, for example, prevents e-mails from being accidentally forwarded
to the wrong people.
The Application Server role. This role supports the deployment and operation of custom
business applications that are built with Microsoft .NET Framework. The Application
Server role lets you choose services for applications that require COM+, Message Queuing,
Web services, and Distributed Coordinated Transactions.
DHCP and DNS. These two roles install these two critical network service services
required for every network. They support Active Directory integration and support IPv6.
Fax Server role. The fax server lets you set up a service to send and receive faxes over
your network. The role creates a fax server and installs the Fax Service Manager and the
Fax service on the server.

File Server role. This role lets you set up all the bits, bells, and whistles that come with a
Windows file server. This role also lets you install Share and Storage Management, the Distributed
File System (DFS), the File Server Resource Manager application for managing file
servers, Services for Network File System (NFS), Windows File Services, which include
stuff like the File Replication Service (FRS), and so on.
Network Policy and Access Services. This provides the following network connectivity
solutions: Network Access Protection (NAP), the client health policy creation, enforcement,
and remediation technology; secure wireless and wired access (802.1X), wireless
access points, remote access solutions, virtual private network (VPN) services, Radius, and
more.
Print Management role. The print services provide a single interface that you use to
manage multiple printers and print servers on your network.
Terminal Services role. This service provides technologies that enable users to access
Windows-based programs that are installed on a terminal server. Users can execute applications
remotely (they still run on the remote server) or they can access the full Windows
desktop on the target server.
Universal Description, Discovery, and Integration (UDDI). UDDI Services provide
capabilities for sharing information about Web services. UDDI is used on the intranet,
between entities participating on an extranet, or on the Internet.
Web Server role. This role provides IIS 7.0, the Web server, ASP.NET, and the Windows
Communication Foundation (WCF).

Windows Deployment Services. These services are used for deployment of new computers
in medium to large organizations.

• Leave a comment... (0)