Tong – 临渊羡鱼不如退而结网,潜心修练~

March 13, 2012

Windows常用命令及快捷键

Filed under: Uncategorized — Tong @ 2:35 PM

compmgmt.msc      Computer Management

diskmgmt.msc        Disk Management

File and Folder Permission

Filed under: Windows — Tong @ 2:01 PM
Tags:

 

Permission Description
Full Control Permission to read, write, change and delete files and sub-folders.
Modify Permission to read and write to files in the folder, and to delete current folder.
List Folder Contents Permission to obtain listing of files and folders and to execute files.
Read and Execute Permission to list files and folders and to execute files.
Write Permission to create new files and folders within selected folder.
Read Permission to list files and folders

 

Permission Description
Full Control Permission to read, write, change and delete the file.
Modify Permission to read and write to and delete the file.
Read and Execute Permission to view file contents and execute file.
Write Permission to write to the file.
Read Permission to view the files contents.

 

Reference :

http://www.techotopia.com/index.php/Understanding_Windows_Server_2008_File_and_Folder_Ownership_and_Permissions 

http://technet.microsoft.com/en-us/library/cc732880.aspx

February 17, 2012

GPO相关的知识

Filed under: Windows — Tong @ 8:21 PM
Tags:

 

现在工作中经常用到GPO相关的知识,正好总结学习下…

Tips :

1. Sync的时间

配置新的安全策略后,原则上在工作站或服务器上,每90分钟更新一次安全性设置,而在域控制器则5分钟更新一次;初此之外,在没有任何更改的情况下,这些安全设置每16小时会更新一次。如果我们想要强迫更新,就需要 命令gpupdate /force。

2. Client 处理组策略的流程

  1. Client  启动,执行本地security policy。
  2. Client 连接网络,想DC获取相应的GPO list。
  3. Client 根据GPO列表连接到Sysvol文件夹定位对于的组策略模板。
  4. Client 根据Template执行相应的操作。
  5. 组策略执行后,出现登陆界面,登陆。
  6. 用户登录后,获取相应的GPO

3. 组策略执行和应用的一些原则

组策略的执行时处理顺序:本地 – 》 站点 – 》域- 》OU ;组策略获取GPO列表的顺序: 从所属OU往上查找每一层存在的GPO对象,直至域级。然后再查找站点所链接的GPO对象,生成完整的GPO列表;

GPO组策略 权限处理之原则:

一.继承性。子容器继承父容器的配置。

二.子容器配置了策略,则优先父容器。

三.组策略累加性。

GPO冲突处理原则

一.处理顺序在后的GPO优先。处理顺序是 站点—域—OU

二.先处理计算机配置,再处理用户配置,二者有冲突,以计算机配置优先。

三.多个GPO在同一个OU 配置将累加,如果相互有冲突,排前的优先。

四.本地计算机配置优先权最低,站点。域。OU配置优先。

GPO的例外配置

一.阻止策略继承。组策略属性页面 左小钩选上。

二.强制策略继承。组策略属性页面—>选项à阻止替代 钩上。(不管你是否阻止了组策略的继承都会应用组策略)

三.过滤组策略。在某个OU上OU里的用户排除某个用户,组策略属性页面à属性à安全à添加某人à钩选 读取和应用组策略 为拒绝。

4.  GPO的组成

GPO是有 GPC (组策略容器)和 GPT (组策略模板)组成。

GPC:存储在活动目录数据库 (AD User and Computers –> System –>Policies ),提供版本信息、状态信息和相关的属性信息。

GPT:存储在域控的sysvol共享中 (\\*.*.net\SYSVOL\*.*.net\Policies),存储组策略设置的地方,包括:管理模板、脚本、软件安装、文件夹重定向等设置

 

 

http://loveunicom.blog.51cto.com/121558/382551

http://technet.microsoft.com/zh-cn/library/cc757050(v=ws.10).aspx

February 15, 2012

Crash Dump Files in Windows Server 2008 R2

Filed under: Windows — Tong @ 11:48 AM

 

 

 

 

 

 

Understanding Crash Dump Files http://blogs.technet.com/b/askperf/archive/2008/01/08/understanding-crash-dump-files.aspx

February 10, 2012

Windows Runas Command logon failure 1385

Filed under: Windows — Tong @ 2:58 PM
Tags:

经常用到 runas /env /user:domain\serviceaccount [command],有时候会碰到 1385的error,类似下面的:

RUNAS ERROR: Unable to run - [command]
1385: Logon failure: the user has not been granted the requested logon type at this computer.

Solution:

  • 域中,找到相应的GPO, 把这个serviceaccount 添加到 ‘log on as a batch job’的setting里面就好了, 具体路径为 Policies\Windows Setting\Security Setting\Local Policies/User Right Assignment\Log on as a batch job.
  • 非域环境就在local security policy (secpol.msc)里对应的位置添加。

看了下 Log on as a batch job Properties 的解释 是这样写的:

———————————–

Log on as a batch job

This security setting allows a user to be logged on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows.

For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an interactive user.

Default: Administrators
Backup Operators.

——————————————

 

February 9, 2012

加密文件系统 EFS

Filed under: Windows — Tong @ 4:44 PM

September 29, 2011

磁盘空间及文件夹大小查询

Filed under: PowerShell — Tong @ 6:34 PM
  • 查询本机或远端机器的磁盘空间

————————————————————————————

function Check-Diskspace {

param (

[string]$computer

)

$drives = gwmi Win32_LogicalDisk -computer $computer | where { $_.DriveType -eq 3 }

foreach ($drive in $drives) {

write-host "Drive Name : " $drive.DeviceID

write-host "Total Space : "($drive.size/1GB).ToString("0.00") "GB"

write-host "Free Space : " ($drive.FreeSpace/1GB).ToString("0.00") "GB"

write-host " "

}

}

Check-DiskSpace $computer

————————————————————–

  • 查询某个磁盘或文件夹下的所有当前目录文件夹的大小

——————————————————————

Function get-OneFolderSize {

param ([System.String]${Path1})

$colItems = (Get-ChildItem $path1 -recurse | Measure-Object -property length -sum)

$colItems.sum /1MB

}

Function Get-FolderSize {

param ([System.String]${Path})

$Folders =dir $Path

Foreach ($Folder in $Folders)

{

$sizeMB =get-OneFolderSize $Folder.FullName

$Folder| Add-Member -MemberType NoteProperty -Name "SizeMB" -Value ($sizeMB) -PassThru

}

}

# Get-FolderSize e:\tools |sort -property SizeMB -Descending |select FullName,@{n=’FolderSize’;e={"{0:N2}" -f $_.SizeMB}} |select -first 10

——————————————————————————————————

 

 

Scenario 1: 将一个Folder下超过一定时间未访问的文件列出来,然后根据实际情况处理

(more…)

May 31, 2011

数据库镜像

Filed under: SQL Server — Tong @ 3:17 PM
Tags:

这几天打算学一下镜像相关的知识。

1.数据库镜像概述

2. 数据库镜像会话

3. 连接客户端和镜像数据库

4.数据库镜像及其他功能和组件

5.设置数据库镜像

6.暂停和恢复数据库镜像

7.删除数据库镜像

8.管理数据库镜像

9.监视数据库镜像

 

Useful links:

SQL Server 2005 数据库镜像

May 4, 2011

Script used to query folder size

Filed under: PowerShell — Tong @ 6:47 PM

$startFolder = “E:\”
$colItems = (Get-ChildItem $startFolder | Measure-Object -property length -sum)
“$startFolder — ” + “{0:N2}” -f ($colItems.sum / 1MB) + ” MB”

$colItems = (Get-ChildItem $startFolder  | Where-Object {$_.PSIsContainer -eq $True} | Sort-Object)
foreach ($i in $colItems)
{
$subFolderItems = (Get-ChildItem -recurse  $i.FullName | Measure-Object -property length -sum)
$i.FullName + ” — ” + “{0:N2}” -f ($subFolderItems.sum / 1MB) + ” MB”
}

March 16, 2011

How to display n lines in a file

Filed under: PowerShell — Tong @ 8:31 PM

We need to analyze some big log files in daily job. And we just need to display some lines, like first n lines or last n lines.

Just write some methods here for my further reference.

1. Way to list top n lines:

Next Page »

Theme: Rubric. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.