Windows Server Hack [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Windows Server Hack [Electronic resources] - نسخه متنی

Mitch Tulloch

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Windows Server Hacks

Table of Contents

Copyright

Credits

About the Author

Contributors

Acknowledgments

Foreword: I''m a Sci-Fi freak

Preface

Why Windows Server Hacks?

Getting and Using the Scripts

How to Use This Book

How This Book Is Organized

Conventions Used in This Book

Using Code Examples

How to Contact Us

Got a Hack?

Chapter 1. General Administration

Hacks #1-16

Hack 1 Use Run As to Perform Administrative Tasks

Hack 2 Drag and Drop to the Run Menu

Hack 3 Find and Replace Registry Keys from a Command Line

Hack 4 Automatically Log On After Booting

Hack 5 Wait for and Optionally Terminate a Process

Hack 6 Shut Down a Remote Computer

Hack 7 Rename Mapped Drives

Hack 8 Execute a Command on Each Computer in a Domain

Hack 9 Add, Remove, or Retrieve Environment Variables

Hack 10 Extend Group Policy

Hack 11 Disable EFS

Hack 12 Get Event Log Information

Hack 13 Shortcut to Remote Assistance

Hack 14 Desktop Checker

Hack 15 Top Five Tools

Hack 16 myITforum.com

Chapter 2. Active Directory

Hacks #17-24

Hack 17 Retrieve the List of Old Domain Computer Accounts

Hack 18 Automate Creation of OU Structure

Hack 19 Modify All Objects in the OU

Hack 20 Delegate Control of an OU to a User

Hack 21 Send OU Information in Active Directory to an HTML Page

Hack 22 Display Active Directory Information

Hack 23 Store and Display Contact Information in Active Directory

Hack 24 Restore the Active Directory Icon in Windows XP

Chapter 3. User Management

Hacks #25-35

Hack 25 Search for Domain Users

Hack 26 Manage User Accounts in Active Directory

Hack 27 Get a List of Disabled Accounts

Hack 28 Get User Account Information

Hack 29 Check for Passwords that Never Expire

Hack 30 Enumerate Group Membership to a CSV File

Hack 31 Modify User Properties for All Users in a Particular OU

Hack 32 Check Group Membership and Map Drives in a Logon Script

Hack 33 Script Creation of a User''s Home Directory and Permissions

Hack 34 Prevent Ordinary Users from Creating Local Accounts

Hack 35 Put a Logoff Icon on the Desktop

Chapter 4. Networking Services

Hacks #36-47

Hack 36 Manage Services on Remote Machines

Hack 37 Simplify DNS Aging and Scavenging

Hack 38 Troubleshoot DNS

Hack 39 Manually Recreate a Damaged WINS Database

Hack 40 Change WINS for All Enabled Adapters

Hack 41 Ensure DHCP Server Availability

Hack 42 Change a Network Adapter''s IP Info

Hack 43 Change from Static IP to DHCP

Hack 44 Release and Renew IP Addresses

Hack 45 Use netsh to Change Configuration Settings

Hack 46 Remove Orphaned Network Cards

Hack 47 Implement Windows 2000 Network Load Balancing

Chapter 5. File and Print

Hacks #48-53

Hack 48 Map Network Drives

Hack 49 Determine Who Has A Particular File Open on the Network

Hack 50 Display a Directory Tree

Hack 51 Automate Printer Management

Hack 52 Set the Default Printer Based on Location

Hack 53 Add Printers Based on Name of Computer

Chapter 6. IIS

Hacks #54-61

Hack 54 Back Up the Metabase

Hack 55 Restore the Metabase

Hack 56 Map the Metabase

Hack 57 Metabase Hacks

Hack 58 Hide the Metabase

Hack 59 IIS Administration Scripts

Hack 60 Run Other Web Servers

Hack 61 IISFAQ

Chapter 7. Deployment

Hacks #62-68

Hack 62 Get Started with RIS

Hack 63 Customize RIS

Hack 64 Tune RIS

Hack 65 Customize SysPrep

Hack 66 Remove Windows Components from the Command Line

Hack 67 Unattended Installation of Windows Components

Hack 68 Easily Create a Network Boot Disk

Chapter 8. Security

Hacks #69-78

Hack 69 Fundamentals of a Virus-Free Network

Hack 70 Antivirus FAQ

Hack 71 Rename the Administrator and Guest Accounts

Hack 72 Get a List of Local Administrators

Hack 73 Find All Computers that Are Running a Service

Hack 74 Grant Administrative Access to a Domain Controller

Hack 75 Secure Backups

Hack 76 Find Computers with Automatic logon Enabled

Hack 77 Security FAQ

Hack 78 Microsoft Security Tools

Chapter 9. Patch Management

Hacks #79-89

Hack 79 Best Practices for Patch Management

Hack 80 Beginners Guide to Enterprise Patch Management

Hack 81 Patch-Management FAQ

Hack 82 Enumerate Installed Hotfixes

Hack 83 Apply Patches in the Correct Order

Hack 84 Windows Update FAQ

Hack 85 Obtain Updates via the Windows Update Catalog

Hack 86 Use Automatic Updates Effectively

Hack 87 Use Group Policy to Configure Automatic Updates

Hack 88 Automatic Updates FAQ

Hack 89 Software Update Services FAQ

Chapter 10. Backup and Recovery

Hacks #90-100

Hack 90 Collect Disaster Recovery Files

Hack 91 Back Up Individual Files from the Command Line

Hack 92 Back Up System State on Remote Machines

Hack 93 Back Up and Restore a Certificate Authority

Hack 94 Back Up EFS

Hack 95 Work with Shadow Copies

Hack 96 Back Up and Clear the Event Logs

Hack 97 Back Up the DFS Namespace

Hack 98 Recover with Automated System Recovery

Hack 99 Recovery Roadmap

Hack 100 Data Recovery of Last Resort

Colophon

Index

index_A

index_B

index_C

index_D

index_E

index_F

index_G

index_H

index_I

index_K

index_L

index_M

index_N

index_O

index_P

index_Q

index_R

index_S

index_T

index_U

index_V

index_W

index_X
توضیحات
افزودن یادداشت جدید










Hack 74 Grant Administrative Access to a Domain Controller

Here's a hack that will help
you secure any domain controllers you have running at a remote
site.

Active Directory has introduced many new levels of
complexity to server and security management. For example, if you
would like to grant a remote site administrator the rights to install
software or services on a domain controller, that person would have
to be a domain administrator. Granting that person domain
administrator rights introduces the possibility of that user creating
new accounts with administrative rights. Obviously, this is not an
ideal situation.

The following steps show how to grant a user the same level of rights
as an administrator of a member server or a workstation on a domain
controller, while preventing that user from having rights to Active
Directory.


Please note that this hack does not eliminate all possible security
risks, and the users who are granted these rights need to be highly
trusted

Log onto a domain controller with full domain administrator rights.
Make sure your Active Directory domain is in native mode.

Inside of Active Directory Users and Computers, create a global
security group called DCAdmins. Add all users/groups that will need
administrative access to the domain controllers to this group.

Create another global security group called DenyDCAdmins.

Add the DCAdmins group to the DenyDCAdmins group.

Inside of Active Directory Users and Computers, right-click on the
domain name and choose Properties. Click on the Security tab (if the
Security tab is not available, go to the View menu and choose
Advanced).

Click on Add and choose the DenyDCAdmins group. Once the group has
been selected, click on the Deny checkbox next to Full Control in the
Permissions area, as shown in Figure 8-4.



Figure 8-4. Denying Full Control permission for the DenyDCAdmins global group


Now, all users or groups that are members of the DCAdmins group have
full administrative access to all domain controllers but do not have
any access to Active Directory.


These users won't even be able to browse Active
Directory to apply permissions on shares or files. It is generally a
best practice for these users to have two accounts: one for
administering the domain controllers and another for day-to-day use.

Overall, this is a great approach to limit security for remote
administrators and operations teams that need to be able to make
changes on domain controllers. I highly recommend trying this
approach before blanketing your Active Directory environment with
unnecessary domain administrators.

Tim Mintner


/ 163