About Me

صورتي
Mansoura, Egypt
Ambitious person has the ability to confront and solve difficult problems and study hard to reach the highest levels

الأحد، 9 ديسمبر، 2012

كورس إحتراف إدارة سيرفر الشيربوينت 2010

السلام عليكم ورحمة الله وبركاته
 

 SharePoint 2010 Administration Course
 

 كورس إحتراف إدارة سيرفر الشيربوينت 2010


أقدم لكم اليوم بفضل الله كورس إحتراف إدارة الشيربوينت 2010 ولا يخفى على أحد مدى أهمية هذا السيرفر لأى شركة لما له من قدرات هائلة على الارتباط والإتصال والإستفادة من سيرفرات مايكروسوفت وأيضاً سيرفرات غير مايكروسوفت

هذا الكورس كامل بفضل الله ويغطى الأمتحان الدولى رقم 70-667 والخاص بإدارة وتهيئة سيرفر الشيربوينت 2010

وقد راعينا الآتى فى هذا الإصدار :-
شرح مبسط وسهل كما تعودتم منا دائماً.

تمارين مفصلة تجدونها فى كل درس فيديو وذلك للتطبيق العملى بالإضافة إلى الشرح النظرى .

تم دمج جميع عروض الباوربوينت الخاصة بالشرح + ملفات وورد توضيحية إضافية لتعميق الفهم وهذا كله ستجدونه فى CD الخاص بالبرنامج .

توفير الوقت والجهد فى البحث عن البرامج المستخدمة فى التمارين حيث تم دمج البرامج اللازمة للتمرينات فى جميع حلقات الكورس وتجدونها أيضاً فى السى دى الخاص بالبرنامج




وهذا رابط فيديو شرح مقدمة الكورس بالكامل

http://www.youtube.com/watch?v=qYHE7...ature=youtu.be
كيفية الحصول على الإسطوانة :-
هذا العمل فيه جهد مبذول ليكون فى أفضل صورة ممكنة ولذلك سامحونا لن يكون متاحاً مجاناً على أى موقع على الأنترنت .

هذه الإسطوانة ستكون متاحة فقط من خلال أحد طرق الدفع التى سيأتى ذكرها .
تكلفة الإسطوانة للمقيمين داخل مصر 900 جنيه فقط ، والمقيمين فى الخارج 200 دولار فقط .

للمقيمين خارج مصر يتم التحويل من خلال ويسترن يونيون – باسم " Mahmoud Yaseen Mohammed" ويتم دفع قيمة التحويل .

للمقيمين فى القاهرة يمكنكم الحصول على الإسطوانة من مركز 4TRAINEE للتدريب .

سيتم رفع الاسطوانة على سيرفر مباشر وسريع ليتسنى لمن هم خارج مصر من تحميلها مباشرة .

يرجى عدم نشر هذه المادة التعليمية لمن حصل عليها بأى شكل من الأشكال على أى منتدى أو موقع بدون إذن من صاحب هذه المادة حفاظاً على حقوق الملكية وهذه أمانة بيننا وبينكم أمام الله .


Contact :-
Trainer Eng. Mahmoud Yaseen Mobile : +20 1113644492
Email : Mahmoud_kung2005@yahoo.com

و فى النهاية أتمنى لكم التوفيق والقبول

السلام عليكم ورحمة الله وبركاته

الاثنين، 31 أكتوبر، 2011

NAP VPN ENFORCEMENT LAB


NAP VPN ENFORCEMENT LAB





3 machines : [DC  + VPN SERVER Domain Member + Client [WG]

LAB Steps :-
1- Add ENT Root CA on DC .
2- Cert templates --- r.click -- manage -- computer -- properties -- security -- read+Enroll --- ok .
3- On VPN -- MMC – Certificates [computer] --- request  certificate .
4- On VPN ----- add Roles ----- Network policy and Access ------------- choose NPS + RRAS [R.A] --- ok
5- start ----- programs ------ Administrative Tools -------- Open Network Policy Server  .
Windows Security  Health ----- default configuration --- allow only F.W + clear all other settings .
policies--- health policies -- create 2 policies
Compliant --- pass all SHV + select ...
Non Compliant --- fail one or more SHV + select ....
Network policies --- disable defaults --- NEW
** compliant full access ---  condition " health policy"[compliant] ----access granted --- allow full access ---- finish
** non compliant - limited access ----- condition " health policy"[non compliant] --- limited access + uncheck " enable auto   
      remediation" .
IP filters ----- input + output  " allow for one PC "
Input filters--- new DST Network --- add -- DC IP/32 mask --- permit only --- ok
Output filters--- new SRC Network --- add -- DC IP/32 mask --- permit only --ok  ---- then finish the policy

Connection request policy --- disable default --- create NEW
name ---- type[VPN] ---- condition "tunnel type" select pptp+l2tp+sstp --- auth method [override] --- EAP types --- add --- MS protected EAP + MS Secured password ... -- ok
MS protected EAP --- Edit -- ensure --- Enforce network access protection is selected ----- finish

NOW -- configure RRAS --- VPN --- finish  ---- then  go to NPS --- connection request policies  ------- disable MS RRAS + MOVE our policy into the  TOP ***

Administrative tools --------- Firewall with advanced sec  ------ Create Inbound Rule ------- ICMP V4 [Echo request] ------ Finish

Client :-
** Export CA cert --- import into computer trusted Root CA [MMC]
1- run --- napclcfg.msc --- Enforcement -- EAP --- Enable .
2- gpedit.msc ---- administrative  templates --- windows  components  --- security center -- turn on
3- Run --- services.msc --- network access protection --- Auto + start
4- Create VPN connection --- finish ---- properties --- security ----- Authentication ---- use EAP
Microsoft : Protected EAP [PEAP] (encryption Enabled) --- properties --- uncheck "connect to these ..." + check " Enforce network access protection" 




الأحد، 30 أكتوبر، 2011

شرح كورس 70-290

Course 70-290 

Managing and Maintaining Windows server 2003


http://www.4trainee.com/videocourses/-microsoft/-mcse/70-290.html

شرح كورس الأبجريد إلى ويندوز سيرفر 2008 70-649


http://www.youtube.com/playlist?list=PL71BEC4E0817231EB&feature=viewall

شرح كورس 70-291 على يوتيوب







http://www.youtube.com/playlist?list=PL123A1F028823CD11&feature=viewall

Windows 2003 Trust Relationships

·  Two-way trust: A trust relationship between two domains in which both domains trust each other. For example, domain A trusts domain B, and domain B trusts domain A. All parent-child trusts are two-way trusts.

·  One-way: incoming trust: A one-way trust relationship between two domains in which the direction of the trust points toward the domain from which you start the New Trust Wizard (and which is identified in the wizard as This domain). When the direction of the trust points toward your domain, users in your domain can access resources in the specified domain. For example, if you are the domain administrator in domain A and you create a one-way, incoming trust to domain B, this provides a relationship through which users who are located in domain A can access resources in domain B. Because this relationship is one-way, users in domain B cannot access resources in domain A.

·  One-way: outgoing trust: A one-way trust relationship between two domains in which the direction of the trust points toward the domain that is identified as Specified domain in the New Trust Wizard. When the direction of trust points toward the specified domain, users in the specified domain can access resources in your domain. For example, if you are the domain administrator in domain A and you create a one-way, outgoing trust to domain B, this provides a relationship through which users who are located in domain B can access resources in domain A. Because this relationship is one way, users in domain A cannot access resources in domain B.
·  Domain-wide authentication: An authentication setting that permits unrestricted access by any users in the specified domain to all available shared resources that are located in the local domain. This is the default authentication setting for external trusts.
·  Forest-wide authentication: An authentication setting that permits unrestricted access by any users in the specified forest to all available shared resources that are located in any of the domains in the local forest. This is the default authentication setting for forest trusts.
·  Selective authentication: An authentication setting that restricts access over an external trust or forest trust to only those users in a specified domain or specified forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the local domain or the local forest. This authentication setting must be enabled manually.


What types of trust relationships does Windows Server 2003 support?

Windows 2003 supports six types of trusts (although the OS doesn't support all types for all forest modes):
  • Tree-root trust--Windows 2003 automatically creates a transitive, two-way trust when you add a new tree-root domain to an existing forest. Tree-root trusts let every domain in different trees in the same forest implicitly trust one another.
  • Parent-child trust--Windows 2003 automatically creates a transitive, two-way trust when you add a child domain to an existing domain. This trust lets every domain in a particular tree implicitly trust one another.
  • Shortcut trust--When domains that authenticate users are logically distant from one another, the process of logging on to the network can take a long time. You can manually add a shortcut trust between two domains in the same forest to speed authentication. Shortcut trusts are transitive and can either be one way or two way.
  • External trust--Administrators can manually create an external trust between domains in different forests or from a Windows 2003 domain to a Windows NT 4.0 or earlier domain controller (DC). External trusts are nontransitive and can be one way or two way.
  • Forest trust--When two forests have a functional level of Windows 2003, you can use a forest trust to join the forests at the root. An administrator can manually create a two-way forest trust that lets all domains in both forests transitively trust each other. Forest trusts can also be one way, in which case the domains in only one of the forests would trust the domains in the other forest. Multiple forest trusts aren't transitive. Therefore, if forest A has a forest trust to forest B and forest B has a forest trust to forest C, forest A does not implicitly trust forest C.
  • Realm trust--An administrator can manually create a realm trust between a Windows 2003 domain and a non-Windows Kerberos 5 realm. Realm trusts can be transitive or nontransitive and one way or two way.

[AD Tutorial] How to adjust Domain Controller ]

Each windows domain controller has several SRV records that client use as part of the DC locator process to find the closest domain controller. Two fields of the SRV record let clients determine which server to use when multiple possibilities are returned. The Priority field is used to dictate if a specific server or set of servers should always be contacted over others unless otherwise unavailable. A server with a higher priority( Lower field value) will always be contacted before a server with a lower priority.

First let's check the existing priority and weight of the domain.

The weight  value is stored in the LdapSrvWeight registry entry. The default value is 100, but it can range from 0 through 65535. By reducing this value, DNS refers clients to a domain controller less frequently based on the proportion of this value to the value of other domain controllers. For example, to configure the system so that the domain controller hosting the PDC emulator role receives requests only half as many times as the other domain controllers, configure the weight of the domain controller hosting the PDC emulator role to be 50. DNS determines the weight ratio for that domain controller to be 50/100 (50 for that domain controller and 100 for the other domain controllers). After you reduce this ratio to 1/2, DNS refers clients to the other domain controllers twice as often as it refers to the domain controller with the reduced weight setting. By reducing client referrals, the domain controller receives fewer client requests and has more resources for other tasks, such as performing the role of PDC emulator.

Adjusting the priority of the domain controller also reduces the number of client referrals. However, rather than reducing it proportionally to the other domain controllers, changing the priority causes DNS to stop referring all clients to this domain controller unless all domain controllers with a lower priority setting are unavailable.
A domain controller's priority value is stored in its registry. When the domain controller starts, the Net Logon service registers with the DNS server. The priority value is registered with the rest of its DNS information. When a client uses DNS to discover a domain controller, the priority for a given domain controller is returned to the client with the rest of the DNS information. The client uses the priority value to help determine to which domain controller to send requests.
The value is stored in the LdapSrvPriority registry entry. The default value is 0, but it can range from 0 through 65535.


Important: A lower value entered for LdapSrvPriority indicates a higher priority.

To change the weight for DNS SRV records in the registry:
1.Click Start, click Run, type regedit and then press ENTER.
2. navigate to HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
3. To configure the Priority, add a REG_DWORD with the name LdapSrvPriority.
     to configure the Weight, add a REG_DWORD with the name LdapSrvWeight.
After you make the change, \System32\Config\netlogon.dns file should be updated and the DDNS updates sent to the DNS server within an hour. You can also restart the NetLogon service to expedite the process.