CISCO CCNA Cyber Ops Certification

Another achievement for the love of #Cyber #Security completed two exam to become Cisco Certified Network Associate Cyber Ops (CCNA Cyber Ops) Thanks to my family, work colleague and my networks for encouragement and support. #CCNA #CyberOps #CyberSecurity 

My review for the Cert: This cert is for security analyst interested in Security Operation Center to become CISCO Cyber Ops it required to pass two exam.

First one is like knowing networking , cryptography , general info sec concepts, web attack, linux and windows commands, file system, logs and different type of model that deal with threat.

Second exam is implementing like type of Security operations monitoring tools, incident detection,analysis and playbooks, threat hunting, Threat scoring, incident response and automation, Computer Forensics, Network Intrusion Analysis, Data and event analysis etc

Loved studying the CISCO books but felt amazing when setup LAB in my pc Three VM First is vulnerable linux pc (metasploitable vm) Second for Monitoring (Security Onion ) Linux which have monitoring tools included and Third for Hacking/Breaking the other vulnerable system using (KALI Linux) which have industry standard awesome tools included. Also love  reading Computer Security Incident Handling Guide: NIST 800-61 doc.

CCNA Cyber Ops Exam Details :
https://learningnetwork.cisco.com/community/certifications/ccna-cyber-ops

Study Material for first Exam: SECFND Study Material
Understanding Cisco Cybersecurity Fundamentals (SECFND) v1.0
https://learningnetwork.cisco.com/community/certifications/ccna-cyber-ops/secfnd/study-material


Study Material for Second Exam: SECOPS Study Material
Implementing Cisco Cybersecurity Operations (SECOPS) v1.0
https://learningnetwork.cisco.com/community/certifications/ccna-cyber-ops/secops/study-material

Read More

Password what to use and how to use it ?

Now a days Passwords for people is like we don't love them but can't live without them. So, here is something that help you to stay secure. I am sure that you know many of the following widely available and well-known guidelines for creating more secure passwords, but just in case, here is a recap:

1. Use a mix upper- and lowercase letters, numbers, and special characters for example, Th1$1$@Samp!3
2. Replace some letters with numbers (for example, replace i with 1 and e with 3)
3. Do not include your name or other personal information (such as spouse /children, street address, school, birthdays, and anniversaries).
4. Use nonsense phrases, misspellings, substitutions, or before-and-after words and phrases combining two unrelated words or phrases, such as “Avangers007” "Highway2R@bbitH0le" "TheE4gl3hasALandD0wnUnder"
5. Combine two words by using a special character for example, P1zza&Cok3 Tra1n@ndT1ck3t, H4rry!P0t3r.
6. Use a combination of all the other tips in this list for example, “Harry porter becomes H4rry!P0t3r, Pizza and coke becomes P1zza&Cok3 etc.
7. Do not use repeating patterns between changes for example, password1, password2, password3, Most importantly 123456789 should never be used as password.
8. Do not use the same passwords for work and personal accounts.
9. Do not use passwords that are too difficult to remember.(keep it 8-14 character)
10. Use a password manager like KeePass Password Safe, LastPass, Dashlane, Sticky Password, Roboform, TrueKey, Symantec Norton Identity Safe etc

Finally “A password should be like a toothbrush. Use it every day; change it regularly; and DON’T share it with friends.”

Faysal Hasan - is a IT System Engineer with a passion for security. He worked in information technology service delivery for more than 7 years. He received his Bachelor in IT from Southern Cross University, Australia and has earned numerous technical certifications throughout his career which include MCSE, 2xMCSA, CCNA Cyber Ops, VMWare Data Center, Citrix Xen App, Mcafee Endpoint Protection, ITIL v3,. He  also received many training that include SPLUNK, Service NOW, Prince 2 project management etc, He  is currently working as System Engineer in Enterprise Operations looking after technology infrastructure for Victoria Police.

Read More

Windows Server 2016 New features and Interview Questions

Windows Server 2016 includes a large collection of new features such as Containers, Nano Server, Shielded VM’s and many more. If you’re applying for a job that requires knowledge of Microsoft’s latest tech then I strongly recommend reading about Dockers and Containers, particularly if you're involved in deployments, development or DevOps. Nano Server is another addition to the trimmed down OS types, providing a minimal footprint with high resource capacity.

 Hyper-V on Windows Server 2016:

# Compatible with Connected Standby (new):When the Hyper-V role is installed on a computer that uses the Always On/Always Connected (AOAC) power model, the Connected Standby power state is now available.

# Discrete device assignment (new): This feature lets you give a virtual machine direct and exclusive access to some PCIe hardware devices. Using a device in this way bypasses the Hyper-V virtualization stack, which results in faster access.

 # Encryption support for the operating system disk in generation 1 virtual machines (new)
You can now protect the operating system disk using BitLocker drive encryption in generation 1 virtual machines. A new feature, key storage, creates a small, dedicated drive to store the system drive’s BitLocker key. This is done instead of using a virtual Trusted Platform Module (TPM), which is available only in generation 2 virtual machines. To decrypt the disk and start the virtual machine, the Hyper-V host must either be part of an authorized guarded fabric or have the private key from one of the virtual machine's guardians. Key storage requires a version 8 virtual machine.

#Host resource protection (new): This feature helps prevent a virtual machine from using more than its share of system resources by looking for excessive levels of activity. Use Windows PowerShell to turn it on or off. To turn it on, run this command:

Set-VMProcessor TestVM -EnableHostResourceProtection $true 

# You can now add or remove a network adapter while the virtual machine is running, without incurring downtime. This works for generation 2 virtual machines that run either Windows or Linux operating systems.

You can also adjust the amount of memory assigned to a virtual machine while it's running, even if you haven't enabled Dynamic Memory. This works for both generation 1 and generation 2 virtual machines, running Windows Server 2016 or Windows 10.

# Linux Secure Boot (new) Linux operating systems running on generation 2 virtual machines can now boot with the Secure Boot option enabled. Ubuntu 14.04 and later, SUSE Linux Enterprise Server 12 and later, Red Hat Enterprise Linux 7.0 and later, and CentOS 7.0 and later are enabled for Secure Boot on hosts that run Windows Server 2016

# More memory and processors for generation 2 virtual machines and Hyper-V hosts


# Nested virtualization (new) This feature lets you use a virtual machine as a Hyper-V host and create virtual machines within that virtualized host. This can be especially useful for development and test environments.

#Shared virtual hard disks (updated): You can now resize shared virtual hard disks (.vhdx files) used for guest clustering, without downtime. Shared virtual hard disks can be grown or shrunk while the virtual machine is online. Guest clusters can now also protect shared virtual hard disks by using Hyper-V Replica for disaster recovery.

#Shielded virtual machines (new):Shielded virtual machines use several features to make it harder for Hyper-V administrators and malware on the host to inspect, tamper with, or steal data from the state of a shielded virtual machine. Data and state is encrypted, Hyper-V administrators can't see the video output and disks, and the virtual machines can be restricted to run only on known, healthy hosts, as determined by a Host Guardian Server.

Windows Containers

Windows Containers allow many isolated applications to run on one computer system. They're fast to build and are highly scalable and portable. Two types of container runtime are available, each with a different degree of application isolation. Windows Server Containers use namespace and process isolation. Hyper-V Containers use a light-weight virtual machine for each container.

Key features include:

• Support for web sites and applications using HTTPS
• Nano server can host both Windows Server and Hyper-V Containers
  
• Ability to manage data through container shared folders
  
• Ability to restrict container resources

Nano Server

Windows Server 2016 offers a new installation option: Nano Server. Nano Server is a remotely administered server operating system optimized for private clouds and datacenters. It is similar to Windows Server in Server Core mode, but significantly smaller, has no local logon capability, and only supports 64-bit applications, tools, and agents. It takes up far less disk space, sets up significantly faster, and requires far fewer updates and restarts than Windows Server. When it does restart, it restarts much faster. The Nano Server installation option is available for Standard and Datacenter editions of Windows Server 2016. 

Nano Server is ideal for a number of scenarios:

• As a "compute" host for Hyper-V virtual machines, either in clusters or not
  
• As a storage host for Scale-Out File Server.
  
• As a DNS server
  
• As a web server running Internet Information Services (IIS)
  
• As a host for applications that are developed using cloud application patterns and run in a container or virtual machine guest operating system
  
  

  Security and Assurance

  Includes security solutions and features for the IT professional to deploy in your datacenter and cloud environment. For information about security in Windows Server 2016 generally, see Security and Assurance. 
  
  
  
  Just Enough Administration : Just Enough Administration in Windows Server 2016 is security technology that enables delegated administration for anything that can be managed with Windows PowerShell. Capabilities include support for running under a network identity, connecting over PowerShell Direct, securely copying files to or from JEA endpoints, and configuring the PowerShell console to launch in a JEA context by default. 
   
  Credential Guard: Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. 
   
  Remote Credential Guard: Credential Guard includes support for RDP sessions so that the user credentials remain on the client side and are not exposed on the server side. This also provides Single Sign On for Remote Desktop. 
  
  
  Device Guard (Code Integrity): Device Guard provides kernel mode code integrity (KMCI) and user mode code integrity (UMCI) by creating policies that specify what code can run on the server. 
   
  Windows Defender:  Windows Server Antimalware is installed and enabled by default in Windows Server 2016, but the user interface for Windows Server Antimalware is not installed. However, Windows Server Antimalware will update antimalware definitions and protect the computer without the user interface. If you need the user interface for Windows Server Antimalware, you can install it after the operating system installation by using the Add Roles and Features Wizard.
  
  
  Control Flow Guard: Control Flow Guard (CFG) is a platform security feature that was created to combat memory corruption vulnerabilities. 
  
  

There are a lot more features but the above are the main one which you may focus for now then build your kowledge on more features as you go.


Here are some question for knowledge test:

Dynamic memory is a great feature that allows you to manage the amount of memory that Hyper-V virtual machines consume. How would you identify the memory a virtual machine consumes when Dynamic Memory is not enabled?

 Answer:
View the amount of RAM listed under Static in the Memory page of the virtual machine

Comments:
When dynamic memory is not enabled, the virtual machine is given a static amount of RAM. This value is located under the Static section of the Memory page of the virtual machine settings.


Virtual Network Manager (available from the Hyper-V Manager snap-in) offers three types of virtual networks that you can use to define various networking topologies for virtual machines and the virtualization server.

Which type of virtual network is isolated from all external network traffic on the virtualization server, as well any network traffic between the management operating system and the external network.

Answer:Private virtual network

Comments:
Private virtual network is useful when you need to create an isolated networking environment, such as an isolated test domain. 


You are trying to create a Nano Server on a physical computer. You have copied the NanoServerImageGenerator folder from the ISO to create a VHD that will run Nano Server on a physical computer using the pre-installed device drivers.

When you try and run Import-Module .\NanoServerImageGenerator it doesn’t work. What did you forget to run?

Answer:
Set-ExecutionPolicy

Comments:
You might have to adjust the Windows PowerShell execution policy. Set-ExecutionPolicy RemoteSigned should work well.

Nano Server is distributed on the physical media, where you will find a NanoServer folder; this contains a .wim image and a subfolder called Packages. It is these package files that you use to add server roles and features to the VHD image, which you then boot to.

You want to create a VHD that will run Nano Server on a physical computer, using the pre-installed device drivers. You have copied the VHD to the physical computer and want to configure it to boot from this new VHD. What command should you use?

Answer:bcdboot

Comments:
The BCDboot tool is a command-line tool that enables you to manage system partition files. You can use it to set up Windows to boot to a virtual hard disk.

 You want to prevent a virtual machine from using more than its share of system resources by looking for excessive levels of activity. This will help prevent a virtual machine's excessive activity from degrading the performance of the host or other virtual machines.

Which PowerShell paramter should you use with Set-VMProcessor?

 Answer:
-EnableHostResourceProtection

Comments:
EnableHostResourceProtection specifies whether to enable host resource protection. When monitoring detects a virtual machine with excessive activity, the virtual machine is given fewer resources. This monitoring and enforcement is off by default.

You want to capture the state, data, and hardware configuration of a running virtual machine. Which checkpoint can be very useful if you need to recreate a specific state or condition of a running virtual machine so that you can troubleshoot a problem?
Answer:
Standard

Comments:
Standard checkpoints capture the state, data, and hardware configuration of a running virtual machine and are intended for use in development and test scenarios.

 You have created a new data volume using the following docker command:

docker run -it -v c:\new-data-volume windowsservercore cmd

New data volumes are stored on the host under 'c:\ProgramData\Docker\volumes'. Where will this data volume be accessible in the running container?
Answer:
c:\new-data-volume 

Faysal Hasan - is a IT System Engineer has with a passion for security. He worked in information technology service delivery for more than 7 years. He received his Bachelor in IT from Southern Cross University, Australia and has earned numerous technical certifications throughout his career. He is currently working as the System Engineer in Enterprise Operations looking after technology infrastructure for Victoria Police.

Read More

DNS Interview Questions and Answers Windows Server

What is Domain Name System (DNS)?
Domain Name System is a service to resolve the Name to IP Address and IP Address to Name, DNS also used to locate servers, computers and services on your network and DNS is backbone of Active Directory that can be installed on windows server as a standalone or Domain Controller

What is Static and Dynamic DNS Record?
Manually created DNS entry called static record and the record created automatically by the system/DHCP itself called Dynamic DNS Record, static records are not easy to manage as the IP adress changes will not update automatically, we have to update manually

What is Dynamic DNS (DDNS)?
Dynamic DNS or DDNS is a method of updating a DNS record, DDNS is preferred most of the organization since it’s easy to maintain and you always get the latest updated IP address of the servers and computers

What are the record types in DNS?
DNS has many types of records, A record or host records are mostly known to everyone, will explain all the record types in DNS

A (Address) Maps a host name to an IP address, Compute1 pointing to 192.168.100.100, When a computer has multiple adapter cards and IP addresses, it should have multiple address records.
CNAME (Canonical Name) Sets an alias for a host name. Record pointing to different record like www.support.windowstricks.in can have an alias as www.windowstricks.in, so both the records are pointing to same page

MX (Mail Exchange) Specifies a mail exchange server for the domain, used for mail delivery which allows mail to be delivered to the correct mail servers

NS (Name Server) Specifies a name server for the domain, which is authoritative servers for the respective DNS Zone and allows DNS lookups within all DNS zones

PTR (Pointer) Creates a pointer that maps an IP address to a host name for reverse lookups.
SOA (Start of Authority) Declares the host that is the most authoritative for the zone and, as such, is the best source of DNS information for the zone. Each zone file must have an SOA record (which is created automatically when you add a zone)


What is Caching Only Server?
Caching-only servers are those DNS servers that only perform name resolution queries, cache the answers, and return the results to the client. Once the query is stored in cache, next time the query in resolved locally from cached instead of going to the actual site.

What are a Forward and Reverse Lookup?

• Forward Lookup: Searching for A record, all the name query is send to the DNS server against to IP address, it is generally said a forward lookup.
• Reverse Lookup: Searching for PTR records whicho provides a reverse lookup process, enabling clients to use a known IP address during a name query and look up a computer name based on its address

What is Primary DNS zone?
This is the read and writable copy of a zone file in the DNS namespace. This is primary source for information about the zone and it stores the master copy of zone data in a local file or in AD DS. Dy default the primary zone file is named as zone_name.dns in Windows\System32\DNS folder on the server
If its AD integrated zone then all the records are stored in Domain partition on the Domain Controllers

What id Secondary DNS zone?
This is the read only copy of a zone file in the DNS namespace. This is secondary source for information about the zone and it get the updated information from the master copy of primary zone. The network access must be available to connect with primary server. As secondary zone is merely a copy of a primary zone that is hosted on another server, and secondary zone cannot be stored in AD


What is stub DNS Zone?
A stub zone is a read only copy of a zone that contains only those resource records which are necessary to identify the authoritative DNS servers for that particular zone, stub zone also used like DNS Forwarding and its practically used to resolve names between separate DNS namespaces. This type of zone is generally created when a corporate merger or acquire and DNS servers for two separate DNS namespaces resolve names for clients in both namespaces.

A stub zone contains:
The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone.
The IP address of one or more master servers that can be used to update the stub zone

What is Aging and Scavenging?
Aging and Scavenging is a DNS server service which supports a mechanism for performing clean-up and removal of stale resource records which can accumulate in zone data over time. It helps to maintain the dynamic DNS environment by regular deletion of stale resource records from the DNS database. Some problems associated with stale records are: unnecessary space utilization long zone transfers, wrong resolution of the client query due to stale data, and accumulation of stale records on the DNS server can degrade its performance. These stale records problems can be resolved by the aging and scavenging features. Before using aging and scavenging features of DNS some conditions needed are:
1) Aging and scavenging features must be enabled on the DNS server and on the zone. By default, they are not enabled.
2) Resource records must be added dynamically to the zone or manually modified to be used in operations of aging and scavenging.

Aging
Aging is the process of identifying stale DNS records. It uses two intervals:
1) Non-Refresh interval
2) Refresh interval

Non-Refresh interval
This is the time period in which the resource records cannot be refreshed. It can be used to reduce the replication traffic in this time period to avoid the replication of the same information again.

Refresh interval
This is the time period in which the resource records can be refreshed.
Resource record refresh: This is a DNS dynamic update without changing the hostname and IP address.
If the non-refresh interval and refresh interval are 7 days, then the resource records can be considered as stale if not refreshed after 14 days. If the non-refresh interval and refresh interval are elapsed, then the resource records can be refreshed as long as they are not removed from the DNS zone. Aging uses a resource record time-stamp to identify if the record is stale or not.
Resource records having timestamp zero: These records are static records that are not stale records.
Resource records having timestamp not equal to zero: These records are dynamic records which represent the hour of the last refresh date.

Scavenging
Scavenging is the process of removal and clean-up of stale resource records from the DNS zone. The stale resource records will be removed only if the scavenging is enabled on the resource record,  where the resource record exists and at least one DNS hosting where the primary copy of the resource records exists.
Scavenging can be set in three places:
1) Individual record
2) Zone
3) Server
If scavenging is set on zone it will work only for dynamic records. It will work for manual entries only if it’s enabled for the zone. Once scavenging is set on zone this will enable it on DNS servers. The DNS server where the scavenging option enabled is responsible to scavenge the record. The server will log a DNS event 2501 to indicate the number of scavenging record and it will log a DNS event 2502 if no record where scavenged.

Scavenging formula:

Record timestamp+no refresh interval for zone+refresh interval for zone

If the sum of these values are greater the server time (current date and time on the DNS server) no action is taken and records are not deleted from the zone. If the sum is less than server time the records are deleted.

Aging and scavenging process for a sample record
Consider a DNS host “host-a.example.microsoft.com” register its host resource record on the DNS server where aging and scavenging are enabled. The DNS server set a time stamp for this record based on the current server time at the time of registration. The DNS server does not refresh the resource record for the duration of non-refresh interval. It can refresh the record before non-refresh interval if any update, such as the IP address of the host changes and it resets the time stamp accordingly. The DNS server refreshes the record after the non-refresh interval expires. During and after the refresh interval if any update comes it accepts and refresh the record. The server examines the subsequent scavenging and each record is compared to server time to determine whether the record should be removed and this is done by using scavenging formula.

Read More

Group Policy Interview Questions and Answers for Windows Administrator

What are group policies?
Group policies specify how programs, network resources, and the operating system work for users and computers in an organization. They are collections of user and computer configuration settings that are applied on the users and computers (not on groups). For better administration of group policies in the Windows environment, the group policy objects (GPOs) are used.

What is GPO?
Group policy object (GPO) is a collection of group policy settings. It can be created using a Windows utility known as the Group Policy snap-in. GPO affects the user and computer accounts located in sites, domains, and organizational units (OUs). The Windows 2000/2003 operating systems support two types of GPOs, local and non-local (Active Directory-based) GPOs.

What is Local GPOs/policy?
Local GPOs are used to control policies on a local server running Windows 2000/2003 Server. On each Windows  server, a local GPO is stored. The local GPO affects only the computer on which it is stored. By default, only Security Settings nodes are configured. The rest of the settings are either disabled or not enabled. The local GPO is stored in the %systemroot%SYSTEM32GROUPPOLICY folder.

What is Non-local Policy?
Non-local GPOs are used to control policies on an Active Directory-based network. A Windows  server needs to be configured as a domain controller on the network to use a non-local GPO. The non-local GPOs must be linked to a site, domain, or organizational unit (OU) to apply group policies to the user or computer objects. The non-local GPOs are stored in %systemroot%SYSVOLPOLICIESADM, where is the GPO’s globally unique identifier. Two non-local GPOs are created by default when the Active Directory is installed:
1. Default Domain Policy: This GPO is linked to the domain and it affects all users and computers in the domain.
2. Default Domain Controllers Policy: This GPO is linked to the Domain Controllers OU and it affects all domain controllers placed in this OU.
Multiple GPOs

GPO Apply order
When multiple group policy objects are assigned, the group policies are applied in the following order:
• The local group policy object is applied first
• Then, the group policy objects linked to sites are applied
If multiple GPOs exist for a site, they are applied in the order specified by an administrator
• GPOs linked to the domains are applied in the specified order
• Finally, GPOs linked to OUs are applied
The OU group policy objects are set from the largest to the smallest organizational unit, i.e., first the parent OU and then the child OU.
By default, a policy applied later overwrites a policy that was applied earlier. Hence, the settings in a child OU can override the settings in the parent OU
Group policy settings are cumulative if they are compatible with each other. In case they conflict with each other, the GPO processed later takes precedence.

What is No Override? Block Policy Inheritance?
The following are the exceptions with regard to the above-mentioned settings:
 No Override:
Any GPO can be set to No Override. If the No Override configuration is set to a GPO, no policy configured in the GPO can be overridden. If more than one GPO has been set to No Override, then the one that is the highest in the Active Directory hierarchy takes precedence
Block Policy Inheritance:
The Block Policy Inheritance option can be applied to the site, domain, or OU. It deflects all group policy settings that reach the site, domain, or OU from the object higher in the hierarchy. However, the GPOs configured with the No Override option are always applied
What is Loopback policy?

Is group policy from Parent Domain cab be inherited to child Domain?
Group Policy Inheritance
The group policies are inherited from parent to child within a domain. They are not inherited from parent domain to child domain

Following are the rules regarding group policy inheritance:
A policy setting is configured (Enabled or Disabled) for a parent OU, and the same policy setting is not configured for its child OUs. The child OUs inherit the parent’s policy
A policy setting is configured (Enabled or Disabled) for a parent OU, and the same policy setting is configured for its child OUs. The child OUs settings override the settings inherited from the parent’s OU
If any policy is not configured, no inheritance takes place
Compatible policy settings configured at the parent and child OUs are accumulated
Incompatible policy settings from the parent OU are not inherited
What is security filtering? Filtering Scope of GPOs
Although GPOs are linked to the site, domain, or OUs, and they cannot be linked to the security groups directly, applying permissions to the GPO can filter its scope. The policies in a non-local GPO apply only to users who have the Read and Apply Group Policy permissions set to Allow
By specifying appropriate permissions to the security groups, the administrators can filter a GPO’s scope for the computers and users

What Tools used to edit the Group policy?
GPMC and GPedit
How to check applied policy details from Client or server?
RSOP.msc (only works windows 2003 and above)
GPRESULT /v
What is .adm file?
Administrative Template are  required because Microsoft did not include all Registry settings in the default Group Policy, if you want to add more customized setting to existing policy then .ADM file can be created and imported to get the necessary setting

Read More

AD Active Directory Interview Questions and Answers

What is Active Directory?

Active Directory (AD) is a directory service developed by Microsoft and used to store objects like User, Computer, printer, Network information, It facilitate to manage your network effectively with multiple Domain Controllers in different location with AD database, able to manage/change AD from any Domain Controllers and this will be replicated to all other DC’s, centralized Administration with multiple geographical location and authenticates users and computers in a Windows domain

What is LDAP and how the LDAP been used on Active Directory(AD)?

What is Tree?
Tree is a hierarchical arrangement of windows Domain that share a contiguous name space

What is Domain?
Active Directory Domain Services is Microsoft’s Directory Server. It provides authentication and authorization mechanisms as well as a framework within which other related services can be deployed

What is Active Directory Domain Controller (DC)?
Domain Controller is the server which holds the AD database, All AD changes get replicated to other DC and vise vase

What is Forest?
Forest consists of multiple Domains trees. The Domain trees in a forest do not form a contiguous name space however share a common schema and global catalog (GC)

What is Schema?
Active directory schema is the set of definitions that define the kinds of object and the type of information about those objects that can be stored in Active Directory
Active directory schema is Collection of object class and there attributes
Object Class = User
Attributes = first name, last name, email, and others

Can we restore a schema partition?


Tel me about the FSMO roles?
Schema Master
Domain Naming Master
Infrastructure Master
RID Master
PDC
Schema Master and Domain Naming Master are forest wide role and only available one on each Forest, Other roles are Domain wide and one for each Domain
AD replication is multi master replication and change can be done in any Domain Controller and will get replicated to others Domain Controllers, except above file roles, this will be flexible single master operations (FSMO), these changes only be done on dedicated Domain Controller so it’s single master replication

How to check which server holds which role?
Netdom query FSMO

Which FSMO role is the most important? And why?
Interesting question which role is most important out of 5 FSMO roles or if one role fails that will impact the end-user immediately
Most armature administrators pick the Schema master role, not sure why maybe they though Schema is very critical to run the Active Directory
Correct answer is PDC, now the next question why? Will explain role by role what happens when a FSMO role holder fails to find the answer

Schema Master – Schema Master needed to update the Schema, we don’t update the schema daily right, when will update the Schema? While the time of operating system migration, installing new Exchange version and any other application which requires extending the schema
So if are Schema Master Server is not available, we can’t able to update the schema and no way this will going to affect the Active Directory operation and the end-user
Schema Master needs to be online and ready to make a schema change, we can plan and have more time to bring back the Schema Master Server

Domain Naming Master – Domain Naming Master required to creating a new Domain and creating an application partition, Like Schema Master we don’t cerate Domain and application partition frequently
So if are Domain Naming Master Server is not available, we can’t able to create a new Domain and application partition, it may not affect the user, user event didn’t aware Domain Naming Master Server is down

Infrastructure Master – Infrastructure Master updates the cross domain updates, what really updates between Domains? Whenever user login to Domain the TGT has been created with the list of access user got through group membership (user group membership details) it also contain the user membership details from trusted domain, Infrastructure Master keep this information up-to-date, it update reference information every 2 days by comparing its data with the Global Catalog (that’s why we don’t keep Infrastructure Master and GC in same server)
In a single Domain and single Forest environment there is no impact if the Infrastructure Master server is down
In a Multi Domain and Forest environment, there will be impact and we have enough time to fix the issue before it affect the end-user

RID Master –Every DC is initially issued 500 RID’s from RID Master Server.  RID’s are used to create a new object on Active Directory, all new objects are created with Security ID (SID) and RID is the last part of a SID. The RID uniquely identifies a security principal relative to the local or domain security authority that issued the SID
When it gets down to 250 (50%) it requests a second pool of RID’s from the RID master.  If RID 

Master Server is not available the RID pools unable to be issued to DC’s and DC’s are only able to create a new object depends on the available RID’s, every DC has anywhere between 250 and 750 RIDs available, so no immediate impact

PDC – PDC required for Time sync, user login, password changes and Trust, now you know why the PDC is important FSMO role holder to get back online, PDC role will impact the end-user immediately and we need to recover ASAP
The PDC emulator Primary Domain Controller for backwards compatibility and it’s responsible for time synchronizing within a domain, also the password master. Any password change is replicated to the PDC emulator ASAP. If a logon request fails due to a bad password the logon request is passed to the PDC emulator to check the password before rejecting the login request.

Tel me about Active Directory Database and list the Active Directory Database files?
NTDS.DIT
EDB.Log
EDB.Che
Res1.log and Res2.log
All AD changes didn’t write directly to NTDS.DIT database file, first write to EDB.Log and from log file to database, EDB.Che used to track the database update from log file, to know what changes are copied to database file.
NTDS.DIT: NTDS.DIT is the AD database and store all AD objects, Default location is the %system root%\nrds\nrds.dit, Active Directory database engine is the extensible storage engine which us based on the Jet database
EDB.Log: EDB.Log is the transaction log file when EDB.Log is full, it is renamed to EDB Num.log where num is the increasing number starting from 1, like EDB1.Log
EDB.Che: EDB.Che is the checkpoint file used to trace the data not yet written to database file this indicate the starting point from which data is to be recovered from the log file in case if failure
Res1.log and Res2.log:  Res is reserved transaction log file which provide the transaction log file enough time to shutdown if the disk didn’t have enough space

Active Directory restores types?
Authoritative restore
Non-authoritative restore

Non-authoritative restore of Active Directory
Non-authoritative restore is restore the domain controller to its state at the time of backup, and allows normal replication to overwrite restored domain controller with any changes that have occurred after the backup. After system state restore, domain controller queries its replication partners and get the changes after backup date, to ensure that the domain controller has an accurate and updated copy of the Active Directory database.
Non-authoritative restore is the default method for restoring Active Directory, just a restore of system state is non-authoritative restore and mostly we use this for Active Directory data loss or corruption.

How perform a non-authoritative restore?
Just start the domain controller in Directory Services Restore Mode and perform system state restore from backup

Authoritative restore of Active Directory
An authoritative restore is next step of the non-authoritative restore process. We have do non-authoritative restore before you can perform an authoritative restore. The main difference is that an authoritative restore has the ability to increment the version number of the attributes of all objects or an individual object in an entire directory, this will make it authoritative restore an object in the directory. This can be used to restore a single deleted user/group and event an entire OU.
In a non-authoritative restore, after a domain controller is back online, it will contact its replication partners to determine any changes since the time of the last backup. However the version number of the object attributes that you want to be authoritative will be higher than the existing version numbers of the attribute, the object on the restored domain controller will appear to be more recent and therefore, restored object will be replicated to other domain controllers in the Domain

How perform a authoritative restore?
Unlike a non-authoritative restore, an authoritative restores need to Ntdsutil.exe to increment the version number of the object attributes

What are Active Directory Partitions can be restored?
You can authoritatively restore only objects from configuration and domain partition. Authoritative restores of schema-naming contexts are not supported.

How many domain controllers need to back up? Or which domain controllers to back up?
Minimum requirement is to back up two domain controllers in each domain, one should be an operations master role holder DC, no need to backup RID Master (relative ID) because RID master should not be restored

Read More

Interview Tips

Congratulations on securing an interview!

This is your opportunity to demonstrate your personal attributes, your strengths, personality, your ability to communicate and how you react under pressure.  Here are some tips to assist you in selling your assets:

Develop Rapport

To ensure effective communication, it is very important to develop a good rapport with the person interviewing you.  Of course, this is sometimes difficult, particularly if you “really want the job”.  However, you must relax – get that high-pitched or tense tone out of your voice – and appear to be calm and self-assured at all times.

One of the simplest ways of helping this is to smile a lot.  Yes, when appropriate, smile.  Not a grin but a genuine, warm smile.  Ask yourself seriously: do you smile during the course of conversation?

Ask Good Questions

This is a big tip!  Don’t just tell the interviewer how wonderful you are and how good your achievements have been.  Demonstrate that you have done your homework that you are really listening and you understand what’s going on.  You can do this by asking relevant questions about the department and the job in question.  Taking an interest in the big picture will have a positive influence on the interviewer.  If, in the limited time of an interview, you can ask one or two questions that actually make the interviewer think about the answer, or better still, maybe cover issues they hadn’t even thought of, then you really are on the home stretch.

Preparation Will Make or Break the Interview!

Preparation is the first essential step towards a successful interview. 

Be prepared to answer a couple of standard questions such as:

Ø   What do you want to be doing in your career five years from now?  Ten years from now?

Ø   What style of management gets the best from you?  Who was your best boss?  Why?

Ø   What have you learnt from some of the jobs you have held?  What did you enjoy the most?  What did you enjoy the least?

Ø   What have you done that shows initiative in your career?

Ø   What are you looking for in your next role?

“Open probe” questions are different because they strike right at the heart of issues and require more than a yes/no answer.

Ø   Why do you want to change roles?

Ø   Give positive answer – confident, coherent and logical explanations are critical to the interview process.

Ø   What is your greatest strength/weakness?

Ø   Have some answers ready – even weaknesses can be presented positively, especially if you are doing something about them.

Ø   Why should you be successful in gaining this role?

Ø   Here’s a chance to review your strengths and show how you can make a big contribution.  Sell your benefits, not your features. 

Ø   How do you react to criticism?

Behavioural/Competency Based Interviews

Behavioural interviewing is based within the premise that past behaviour is the best indicator of future behaviour.  With a set of competencies identified beforehand, the interviewer will ask you to relate specific examples or situations where you have demonstrated a particular competency in the past.

For example, let’s say problem solving is a competency required for the role.  The interviewer may ask something like:

“Tell me about a time where you have solved a business problem?  What was the situation?  What was the outcome?”

The best way to answer these questions is to describe a specific example that demonstrates your ability in that area using the “STAR” technique to structure your response:

S – Situation

T – Task

A – Action

R – Result

So in answering the above question, an appropriate response may go something like this:

“The situation at XYZ Company when I first joined was that all employees had authority to speak to the media.  This created problems such as inconsistent message, inaccurate/untimely information release and an array of other undesirable consequences for the company’s image.  My task as Media & PR Manager was to build and maintain a positive corporate image so the action I took was to immediately implement a policy whereby only four nominated executives had authority to deal with the media and that all media and PR activity initiated outside my team was to be signed off by me.  I took the time to gain the buy-in of management and then all employees so that everyone was happy to adhere to the new policies.  The result was great – no more embarrassing situations and a far more positive attitude to our brand as evidenced by a recent independent survey”.

This answer clearly demonstrates the candidate’s ability to decisively and collaboratively solve a business problem.  The answer is also very succinct which means the interviewer is more likely to tune in to the entire response.  The interviewer can then drill down further to obtain more detail around the “how’s” and “why’s” of the example.

Great answers to interview questions are:

Ø   Relevant

Ø   Succinct

Ø   Able to show clearly what you did and how you did it

Ø   Delivered with an appropriate level of energy and enthusiasm

Ø   Not “waffly”!

Closing the Interview

You have come to the end of the interview.  Don’t make the mistake and nervously mumble “Thank You” and leave.  Always be prepared to ask questions at the end of the interview – have at least one question that indicates you’ve been listening.  Of course this is also a good opportunity to let the interviewer know that you are terribly keen on the job.  Don’t worry about appearing too eager – as long as you’re being yourself.  The interviewer is looking for an enthusiastic person, not someone who hasn’t decided if this is the right career for them.

If you have answered the two questions uppermost in the interviewer’s mind – “Why are you interested in the job?” and “What can you offer and can you do the job?” – You have done all you can.

Good luck – and enjoy!

Read More

Adobe Elements, Adobe Acrobat Reader, "Attempt to access invalid address" in Windows 10, Windows 7

Adobe Elements, Adobe Acrobat Reader, error message "attempt to access invalid address  in Windows 10, Windows 7

Try this Reg fix 

The key is "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management" 

Look for entry MoveImages 
if not there create new DWORD and it will be hexadecimal value 0x0 by default
If you set the key to 1 instead of 0 and restart your machine it resolved this error message


For Office 365 Attempt to access invalid address

The issue is for EMET (Enhanced Mitigation Experience Toolkit) which  causing the problems.
Try upgrading to new version from here https://technet.microsoft.com/en-us/security/jj653751
or uninstalling EMET doesn't work 
Then try this reg fix :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
For any process used by MS product it will have a value for 'MitigationOption' (eg excel.exe, infopath.exe etc) 

Set 'MitigationOption' to 0 or delete it.

Read More