Microsoft recently published a two hours online course on Failover Clustering for Windows Server 2008 (formerly known as Longhorn).
You can access this content here and for $39.99, you can spend as much time as you want for the next three years reviewing the content.
This course, Course 6051: Implementing High Availability and Virtualization in Windows Server 2008 is part of a larger group of courses that can be purchased as a group, or you can purchase this individual course separate from any other eLearning course.
Rod Fournier and I are working on very similar material, with much more depth for our ClusterHelp.com course. However, we will not be releasing it until Windows Server 2008 is released to manufacturing. Look for more information here as Windows Server 2008 comes closer to release.
Category: Windows Server
About Windows Server
Setting Time Synchronization With Windows 2000
C:\>net time /querysntp This computer is not currently configured to use a specific SNTP server. The command completed successfully. |
For a list of NTP servers, see this page. Let’s configure it for clock.isc.org:
C:\>net time /setsntp:clock.isc.org The command completed successfully. |
Verify that it stuck:
C:\>net time /querysntp The current SNTP value is: clock.isc.org The command completed successfully. |
You may need to bounce w32time to see your results:
C:\>net stop w32time The Windows Time service is stopping. The Windows Time service was stopped successfully. C:\>net start w32time The Windows Time service is starting. The Windows Time service was started successfully. |
Note that you only want to do this on machines that are not already synchronizing with the domain controller, which happens automatically with active directory. This is also the method you would use to select an outside source to synchronize time with on the PDC of the domain at the root of the forest.
在英文Windows XP中设置中文的方法与步骤
英文Windows XP设置中文步骤:
10 things you should know about securing DNS
Dr. Thomas W. Shinder
Introduction
The Domain Name System (DNS) is used for resolving host names to IP addresses on the Internet and on private TCP/IP-based networks. DNS is subject to exploits and attacks, but you can make it more secure. Here are 10 strategies for securing your DNS servers.
1. Use DNS forwarders
A DNS forwarder is a DNS server that performs DNS queries on behalf of another DNS server. The primary reasons to use a DNS forwarder are to offload processing duties from the DNS server forwarding the query to the forwarder and to benefit from the potentially larger DNS cache on the DNS forwarder.
Another benefit of using a DNS forwarder is that it prevents the DNS server forwarding the requests from interacting with Internet DNS servers. This is especially important when your DNS server is hosting your internal domain DNS resource records. Instead of allowing your internal DNS servers to perform recursion and contacting DNS servers itself, configure the internal DNS server to use a forwarder for all domains for which it is not authoritative.
2. Use caching-only DNS servers
A caching-only DNS server is not authoritative for any DNS domains. It’s configured to perform recursion or use a forwarder. When it receives a response, it caches the result and returns the answer to the system issuing the DNS query to the caching-only DNS server. Over time, the caching-only DNS server can amass a large cache of DNS responses, which can significantly improve DNS response times for DNS clients of that caching-only DNS server.
Caching-only DNS servers can improve security for your organization when used as forwarders that are under your administrative control. Internal DNS servers can be configured to use the caching-only DNS server as their forwarders, and the caching-only DNS server performs recursion on behalf of your internal DNS servers. Using your own caching-only DNS servers as forwarders improves security because you don’t have to depend on your ISP’s DNS servers as forwarders when you’re unsure of their security configuration.
3. Use DNS advertisers
A DNS advertiser is a DNS server that resolves queries for domains for which the DNS advertiser is authoritative. For example, if you host publicly available resources for domain.com and corp.com, your public DNS server would be configured with DNS zone files for the domain.com and corp.com domains.
What sets the DNS advertiser apart from any other DNS server hosting DNS zone files is that the DNS advertiser answers queries only for domains for which it is authoritative. The DNS server will not perform recursion for queries to other DNS servers. This prevents anyone from using your public DNS server to resolve names in other domains. This increases security by lessening the risks associated with running a public DNS resolver, which include cache poisoning.
4. Use DNS resolvers
A DNS resolver is a DNS server that can perform recursion to resolve names for domains for which that DNS server is not authoritative. For example, you might have a DNS server on your internal network that’s authoritative for your internal network domain, internalcorp.com. When a client on your network uses that DNS server to resolve the name techrepublic.com, that DNS server performs recursion by querying other DNS servers to get the answer.
The difference between this DNS server and a DNS resolver is that a DNS resolver is a DNS server that is dedicated to resolving Internet host names. A resolver could be a caching-only DNS server that isn’t authoritative for any DNS domains. You can make the DNS resolver available to only your internal users, you can make it available only to your external users to provide a secure alternative to using a DNS server outside of your administrative control, or you can allow both internal and external users access to the DNS resolver.
5. Protect DNS from cache pollution
DNS cache pollution is an increasingly common problem. Most DNS servers can cache the results of DNS queries before forwarding the response to the host issuing the query. The DNS cache can significantly improve DNS query performance throughout your organization. The problem is that if the DNS server cache is “polluted” with bogus DNS entries, users can subsequently be forwarded to malicious Web sites instead of the sites they intended to visit.
Most DNS servers can be configured to prevent cache pollution. The Windows Server 2003 DNS server is configured to prevent cache pollution by default. If you’re using a Windows 2000 DNS server, you can configure it to prevent cache pollution by opening the Properties dialog box for the DNS server and clicking the Advanced tab. Select the Prevent Cache Pollution check box and restart the DNS server.
6. Enable DDNS for secure connections only
Many DNS servers accept dynamic updates, enabling them to register DNS host names and IP addresses for hosts that use DHCP for host IP addressing. DDNS can reduce the administrative overhead for DNS administrators who otherwise would need to manually configure DNS resource records for these hosts, but if unchecked, DDNS updates can pose a security risk. A malicious user can configure a host to dynamically update DNS host records of a file server, Web server, or database server and have connections that are destined to those servers diverted to his machine instead of the intended target.
You can reduce the risk of malicious DNS updates by requiring secure connections to the DNS server in order to perform the dynamic update. This is easily achieved by configuring your DNS server to use Active Directory integrated zones and requiring secure dynamic updates. All domain members will be able to dynamically update their DNS information in a secure context after you make this change.
7. Disable zone transfers
Zone transfers take place between primary and secondary DNS servers. Primary DNS servers that are authoritative for specific domains contain writable DNS zone files that are updated as needed. Secondary DNS servers received a read-only copy of these zone files from primary DNS servers. Secondary DNS servers are used to improve DNS query performance throughout an organization or over the Internet.
However, zone transfers are not limited to only secondary DNS servers. Anyone can issue a DNS query that will cause a DNS server configured to allow zone transfers to dump the entirety of its zone database files. Malicious users can use this information to reconnoiter the naming schema in your organization and attack key infrastructure services. You can prevent this by configuring your DNS servers to deny zone transfer requests or to allow zone transfers only to specific servers in the organization.
8. Use firewalls to control DNS access
Firewalls can be used to gain access control over who can connect to your DNS servers. For DNS servers that are used only for internal client queries, configure firewalls to block connections from external hosts to those DNS servers. For DNS servers used as caching-only forwarders, configure firewalls to allow DNS queries only from those DNS servers that use the caching-only forwarders. An especially important firewall policy setting is to block internal users from using the DNS protocol to connect to external DNS servers.
9. Set access controls on DNS registry entries
On Windows-based DNS servers, you should configure access controls on the DNS server-related Registry settings so that only the accounts that require access to them are allowed to read or change those Registry settings.
The HKLM\CurrentControlSet\Services\DNS key should be configured to allow only the Administrator and System account access, and these accounts should have Full Control permissions.
10. Set access control on DNS file system entries
On Windows-based DNS servers, you should configure access controls on the DNS server-related file system entries so that only the accounts that require access to them are allowed to read or change those files.
The %system_directory%\DNS folder and subfolders should be configured to allow only the system account to access the files, and the system account should be given Full Control permissions.
Additional resources
nTechRepublic’s Downloads RSS Feed
nSign up for our Downloads Weekly Update newsletter
nSign up for our Network Security NetNote
nCheck out all of TechRepublic’s free newsletters
n"Troubleshoot DNS with this flowchart" (TechRepublic download)
n"Ramp up DNS security with these three steps" (TechRepublic article)
n"Strengthen vulnerable spots to improve DNS security" (TechRepublic article)
Version history
nVersion: 1.0
nPublished: November 3, 2005
Discover The Importance of Certificate Validation for SSL-Secured Web Traffic
>
>Can You Afford to Have Anything Less Than 100% Uptime For Your Mission Critical E-mail?
>
>E-mail has become mission critical to the functioning of business and every hour of downtime can cost thousands of dollars in lost productivity and revenue. In this free white paper, learn how to address challenges such as: making e-mail truly available 24x7x365, securing against viruses, comprehensively backing up e-mail data and more.
>
>Download your copy now – it’s FREE:
>http://list.windowsitpro.com/t?ctl=165B8:44FB9
>
>
>Stopping Crimeware and Malware: How to Close the Vulnerability Window
>
>Computer users can no longer wait for a new vaccine every time a new security threat appears. How do you defend your network in a world of smarter, faster, Internet-borne zero-day attacks? In this free white paper find out about Intrusion Prevention that can detect and destroy unknown malware with virtually zero false positives.
>
>Download your copy now – it’s FREE:
>http://list.windowsitpro.com/t?ctl=165BA:44FB9
>
>
>—Essential Guides—
>
>The Essential Guide to Real-Time High Availability for Exchange
>
>Do you know what "high availability" really means? In this free essential guide learn what high availability really means and the different strategies that you can use to improve your email systems’ availability and resiliency.
>
>Download this guide now – it’s FREE: http://list.windowsitpro.com/t?ctl=165BB:44FB9
>
>
>—Free eBooks—
>New eBook Chapter!
>Title: Understanding and Leveraging SSL-TLS for Secure Communications
>Author: Jan De Clercq
>
>Get chapter 3 now at:
>http://list.windowsitpro.com/t?ctl=165B9:44FB9
>
>In chapter three, you’ll learn all you need to know about the Secure Sockets Layer/Transport Layer Security (SSL/TLS) topics you might encounter when dealing with and configuring the SSL/protocols for secure Web communications. You’ll discover how to optimize SSL server-side performance and how to deal with load balancing and firewalls. Plus – discover the details behind the SSL certificate validation process and more!
>
>Download chapter 3 now – it’s FREE:
>http://list.windowsitpro.com/t?ctl=165B9:44FB9
>
>
>—More eBooks—
>Learn about the hottest topics in the industry. Find more eBooks available for download at no charge by visiting http://list.windowsitpro.com/t?ctl=165BD:44FB9
>
>You’ll find books about:
>* Fax Servers: Integrate. Automate. Communicate
>* Essential Security Tips
>* Ensuring High Availability with Microsoft Exchange Server
>* And more!
>
>Note: Each eBook requires a separate username and password.
>
>—More White Papers—
>Download industry white papers on critical IT topics. Find more free white papers at: http://list.windowsitpro.com/t?ctl=165BC:44FB9
>
>You’ll find white papers about:
>* Converting a Microsoft Access Application to Oracle HTML DB
>* Basic Care And Feeding of Your Exchange Server 2003 Environment
>* A New Dimension in IT Infrastructure Management: Integrated KVM and Serial Console Control Systems
>* And more!
>
>* * * * * * * * * * * * * * * *
>If you find this information helpful, why not forward this to your friend?
>* * * * * * * * * * * * * * * *
>
>You are subscribed as wooway@hotmail.com.
>
>You received this email because you requested to receive additional information about eBooks and white papers from Windows IT Pro. To unsubscribe, click here: http://list.windowsitpro.com/u?id=C1D64F5E673AB92C040B9CC1B5A797CC.
>
>To manage your subscriptions, please visit our email subscription center at:
>http://list.windowsitpro.com/t?ctl=165BE:44FB9
>
>View the Windows IT Pro Privacy policy at
>http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
>
>Windows IT Pro is a division of Penton Media, Inc.
>221 East 29th Street, Loveland, CO 80538
>
>Copyright 2005, Penton Media, Inc. All Rights Reserved.