clonezilla vs storagecraft shadow protect full version / IT edition -- atapiport0 detected a controller error --- clone a disk

clonezilla vs storagecraft shadow protect full version / IT edition


long story short:

Scottie could not log in to a w7 pro x32 bit domain-joined PC

it takes a long time, and desktop not showing up. in the process I spotted a black screen with the words this copy of w7 is not genuine.

loggin as local admin, run a malware scan, I cound not stopped it in the the middle, have to turn it off.

pull the hard drive out, put in a usb enclosure, do nod32 online scan, very clean.

put it back, run scandisk, bad cluster found , file ntuser.dat corrupted.

check event viewer, atapiport0 error detected controller

then the drama finally started between Clonezilla and StrogaeCraft Shadow Protect

0/ the PC and the disk drive is under warranty, I hate to reload windows, so I want to clone it. as I can login as Scottie when chkdsk /r did the bad clusters.

1/ I contacted the PC supplier, they sent me a replacement hard drive of the same model 500GB western digital. the PC vendor is correct in saying if too many bad clusters, it wont be possible to clone.

2/ using shadowportect to take an image of the original hard drive, my IT edition version is too slow, it failed . there should be an option ignore bad clusters.  Storagecraft support told me the latest edition should have that feature.

3/ the trial version should work (ignore the bad cluster option), also I should be able to restore it. sadly it did take an image , but it is blank. I could not use.

4/ time is running out for me. google search is my friend, CloneZilla showed up. its debian based.

5/ download the amd64 ISO, burnt to a CD, boot the PC from cdrom with two hard drive attached.

6/ default clone failed, I have to manually choose ignore bad clusters, tried again, , awesome, I have a fully working w7, everything is good as Scottie tested it

Implementing an Advanced Server Infrastructure -- a never ending topic

Implementing an Advanced Server Infrastructure

system center 1/4

Highly Available enterprise infrastructure 1/4

server virtualization infrastructure 1/4 

identity and access solutions 1/4

Exam 70-414 Implementing an Advanced Server Infrastructure --- it is a very hard one, much more complicated than originally thought

Exam 70-414

Implementing an Advanced Server Infrastructure

it is vastly different , in that it is not like the traditional windows 2003, windows 2008 (R2),

2003/2008 MCSE / MCITP are purely (or almost) related to windows server itself.

but MCSE 2012 requires System Center 2012, SCVMM, SCOM, SCCM, service manager, orchestor, app controller, and DPM

those topics are huge by itself in additional to windows 2012 server itself;

it also entails windows Azure for 

• Azure Site Recovery

Set-AdfsGlobalAuthenticationPolicy

Set-AdfsGlobalAuthenticationPolicy

https://technet.microsoft.com/en-us/library/dn479384.aspx

Set-AdfsGlobalAuthenticationPolicy [-AdditionalAuthenticationProvider  ] [-DeviceAuthenticationEnabled  ] [-PassThru] [-PrimaryExtranetAuthenticationProvider  ] [-PrimaryIntranetAuthenticationProvider  ] [-WindowsIntegratedFallbackEnabled  ] [-Confirm] [-WhatIf] [ ]

windows server gateway -- never heard of before

https://technet.microsoft.com/en-us/library/dn249417.aspx

https://technet.microsoft.com/en-us/library/dn313101.aspx


Before you can add a gateway that runs Windows Server 2012 R2 to your configuration in VMM, you must perform the tasks in this section.

Open the Fabric workspace.
On the Home tab, in the Show group, ensure that Fabric Resources is selected.
In the Fabric pane, expand Networking, and then click Network Service.
Network services include gateways, virtual switch extensions, network managers, and top-of-rack (TOR) switches.
On the Home tab, in the Add group, click Add Resources, and then click Network Service.
The Add Network Service Wizard opens.
On the Name page, enter a name and optional description for the gateway, and then click Next.

On the Manufacturer and Model page, in the Manufacturer list, select Microsoft, and in the Model list, select Microsoft Windows Server Gateway. Then click Next.

Configuring Distributed Key Management in VMM (re-post)

https://technet.microsoft.com/en-us/library/gg697604.aspx

During the installation of a Virtual Machine Manager (VMM) management server, you must decide whether to store the keys to encrypted data on the local computer or configure distributed key management. On the Configure service account and distributed key management page of Setup, you can select to use distributed key management to store encryption keys in Active Directory Domain Services (AD DS) instead of storing the encryption keys on the computer on which the VMM management server is installed.

By default, VMM encrypts some data in the VMM database by using the Data Protection Application Programming Interface (DPAPI). For example, VMM encrypts Run As account credentials and passwords in guest operating system profiles. VMM also encrypts product key information in virtual hard disk properties for virtual machine role scenarios and configuration. The encryption of this data is tied to the specific computer on which VMM is installed and the service account that VMM uses. Therefore, if you move your VMM installation to another computer, VMM will not retain the encrypted data. In that case, you must enter this data manually to fix the VMM objects.

Distributed key management, however, stores the encryption keys in AD DS. Therefore, if you must move your VMM installation to another computer, VMM will retain the encrypted data because the other computer will have access to the encryption keys in AD DS.

Certification Authority Guidance -- CRL and AIA

https://technet.microsoft.com/en-us/library/hh831574.aspx

After a root or subordinate CA is installed, you must configure the Authority Information Access (AIA) and CRL distribution point (CDP) extensions before the CA issues any certificates. The AIA extension specifies where to find up-to-date certificates for the CA. The CDP extension specifies where to find up-to-date CRLs that are signed by the CA. These extensions apply to all certificates that are issued by that CA.

Configuring these extensions ensures that this information is included in each certificate that the CA issues so that it is available to all clients. This ensures that PKI clients experience the least possible number of failures due to unverified certificate chains or certificate revocations, which can result in unsuccessful VPN connections, failed smart card sign-ins, or unverified email signatures.

Using Data Recovery Agents with BitLocker

https://technet.microsoft.com/en-us/library/dd875560(v=ws.10).aspx#BKMK_proc_dra

http://www.grouppolicy.biz/2010/01/how-to-configure-group-policy-to-use-data-recovery-agents-with-bitlocker-to-go-drives-part-2/

configured Group Policy to use a Data Recovery Agent with “BitLocker to Go” drives

ISSUING THE EFS DATA RECOVERY AGENT

First you need to create/issue at least one account with the Data Recovery Agent certificate that will be used for when encrypting all the Bitlocker to Go drives.

Step 1. Click Start, and then type certmgr.msc to open the Certificates snap-in

Step 2. In the console tree, expand Personal, and then click Certificates.

Step 2. Right click on Certificates and click on All Tasks and then Request New Certificate…

Network Load Balancing Manager Properties -- Filtering mode and Affinity

Network Load Balancing Manager Properties

https://technet.microsoft.com/en-us/library/cc771709.aspx

• For Filtering mode, configure the following parameters:
  
  
  • The Multiple hosts parameter specifies that multiple hosts in the cluster will handle network traffic for the associated port rule. This filtering mode provides scaled performance and fault tolerance by distributing the network load among multiple hosts. You can specify that the load be equally distributed among the hosts or that each host will handle a specified load weight.
    
  • The Single host parameter specifies that network traffic for the associated port rule be handled by a single host in the cluster according to the specified handling priority. This filtering mode provides port specific fault tolerance for handling network traffic.
    
  • The Disable this port range parameter specifies that all network traffic for the associated port rule be blocked. In this case, the NLB driver filters all corresponding network packets or datagrams. This filtering mode lets you block network traffic that is addressed to a specific range of ports.
    
• The Affinity parameter is applicable only for the Multiple hosts filtering mode.
  
  
  • The None option specifies that multiple connections from the same client IP address can be handled by different cluster hosts (there is no client affinity). To allow Network Load Balancing to properly handle IP fragments, you should avoid using None when selecting UDP or Both for your protocol setting.
    
  • The Single option specifies that NLB should direct multiple requests from the same client IP address to the same cluster host. This is the default setting for affinity. You can optionally modify the NLB client affinity to direct all client requests from a TCP/IP Class C address range (instead of a single IP address) to a single cluster host by enabling the Network option instead of theSingle option. This feature ensures that clients that use multiple proxy servers to access the cluster can have their TCP connections directed to the same cluster host.
    
  • The Network option specifies that NLB direct multiple requests from the same TCP/IP Class C address range to the same cluster host. Enabling Network affinity instead of Single affinity ensures that clients that use multiple proxy servers to access the cluster have their TCP connections directed to the same cluster host.
    
    The use of multiple proxy servers at the client's site causes requests from a single client to appear to originate from different computers. Assuming that all of the client's proxy servers are located within the same address range, Network affinity ensures that client sessions are properly handled. If you do not need this capability, use Single affinity to maximize scaled performance.

Monitors and Rules -- operations manager

https://technet.microsoft.com/en-us/library/hh457603.aspx

Create a Rule if…

• You want to collect performance counters or events for analysis and reporting. Monitors only collect this information when it initiates a change in health state. If you want to collect the information you need to create a collection rule.
  
  If you want to both collect a performance counter and set a threshold for it to set a health state, then create both a rule and a monitor using the same performance counter.
  
• You want to generate an alert that is not related to health state of an object.

reate a monitor if…

• You want to affect the health of an object. In addition to generating an alert, a monitor will affect the health state of its target object. This is displayed in state views and availability reports.
  
• You want to automatically resolve an alert when the error condition has been cleared. An alert from a rule cannot be automatically cleared since a rule has no way of detecting that the problem has been resolved. A monitor can detect that the problem has been resolved when the condition for its healthy state is met, and the alert can automatically be resolved.
  
• You are creating an alert based on a performance threshold. There are no rules available to generate an alert from a performance threshold. A monitor should be used for this scenario anyway since you can use the condition where the performance counter is under the defined threshold.
  
• You have a condition that requires more complex logic than is possible with rules. The Operations console provides a variety of options for setting the health state of a monitor but only simple detection for a rule. If you need more complex logic for a rule but don’t have a method to detect the monitor’s healthy state, then you can create a monitor using Manual or Timer reset. See Event Monitor Reset for more information.

How to Configure Visual Studio Web Test Monitoring in Global Service Monitor

https://technet.microsoft.com/en-us/library/jj860376.aspx

System Center Global Service Monitor is a cloud service that provides a simplified way to monitor the availability of external-web-based applications from multiple locations around the world. Global Service Monitor has two monitoring types. These are the Web Application Availability monitoring that monitors single URLs, and Visual Studio Web Tests monitoring that lets you to run multi-step, authenticated web tests from Microsoft-provided agents in the cloud. Here are the instructions to configure Visual Studio Web Tests.

To configure Visual Studio Web Tests

1. To configure Visual Studio Web Tests, open the Global Service Monitor landing page. In the Operations Manager console, in the navigation pane, clickAdministration, click Global Service Monitor, and then click Configure Visual Studio Web Tests. This opens the Visual Studio Web Test Monitoring template. This template lets you to add monitoring for Visual Studio Web Tests and run these monitoring tests from external locations.

System Center Global Service Monitor

https://technet.microsoft.com/en-us/library/jj860368.aspx

System Center Global Service Monitor is a cloud service that provides a simplified way to monitor the availability of external-web-based applications from multiple locations around the world. Importantly, Global Service Monitor monitors applications from the perspective of the customers who use them. Because Global Service Monitor monitors from locations that are correlated to customer geographies, application owners can gain insight into customer experiences in addition to the separate problems related to external factors, such as Internet or network problems, from application or service problems. The Global Service Monitor monitoring experience focuses on the application instead of the infrastructure or individual URL.

Global Service Monitor integrates with the Operations Manager console so that you can monitor external- and internal-facing web applications in the same place you monitor other applications.

Global Service MonitorMonitoring Capabilities

With Global Service Monitor, the Operations Manager console integration lets you monitor web applications from both internal and external locations. In Global Service Monitor, you can use your management group and obtain access to agents in the cloud provided by Microsoft. This lets you monitor web applications from 15 locations and then report back to your management group. You can also use your own agents as watcher nodes to monitor internal locations and applications.

The Microsoft Portfolio of Asset Inventory and Management Tools

The Microsoft Portfolio of Asset Inventory and Management Tools

http://www.microsoft.com/sam/en/ca/invtools.aspx

Microsoft has a family of asset inventory and management tools that help organizations of all sizes maintain control of the software assets. These include choices of on-premise or Web-based tools. Organizations that have a better understanding of their own assets will be able to:

• Improve IT efficiency by gaining tighter understanding and control over assets and infrastructure.
• Avoid over-buying
• Help save costs by enabling a well managed dynamic IT infrastructure.
• Lower or avoid liability.

Configuring Distributed Key Management in VMM

https://technet.microsoft.com/en-us/library/gg697604.aspx

Configure Dynamic Optimization and Power Optimization in VMM

https://msincic.wordpress.com/2011/10/05/dynamic-and-power-optimization-of-vmm-2012-hyper-v-xenserver-vmware/

Dynamic and Power Optimization of VMM 2012-Hyper-V + XenServer + VMWare

https://technet.microsoft.com/en-us/library/gg675118.aspx

se the 3 migration of VMs technology between host XenServer, VMWare and Hyper-V. Everyone can be in the same group and using the PRO Tips. 

Use Cluster Shared Volumes in a Failover Cluster

https://technet.microsoft.com/en-us/library/jj612868.aspx

Cluster Shared Volumes (CSV) enable multiple nodes in a failover cluster to simultaneously have read-write access to the same LUN (disk) that is provisioned as an NTFS volume. (In Windows Server 2012 R2, the disk can be provisioned as NTFS or Resilient File System (ReFS).) With CSV, clustered roles can fail over quickly from one node to another node without requiring a change in drive ownership, or dismounting and remounting a volume. CSV also help simplify the management of a potentially large number of LUNs in a failover cluster.

CSV provide a general-purpose, clustered file system, which is layered above NTFS (or ReFS in Windows Server 2012 R2). CSV applications include:

• Clustered virtual hard disk (VHD) files for clustered Hyper-V virtual machines
  
• Scale-out file shares to store application data for the Scale-Out File Server clustered role. Examples of the application data for this role include Hyper-V virtual machine files and Microsoft SQL Server data. (Be aware that ReFS is not supported for a Scale-Out File Server.) For more information about Scale-Out File Server, see Scale-Out File Server for Application Data Overview.

AD RMS Super Users

https://technet.microsoft.com/en-us/library/ee424431%28v=exchg.150%29.aspx

try to log a case with MS O365

We're sorry, there's a problem with mail. We're working on it.

We already know about the issue. You don't need to create a service request. For updates on this issue, check the Service Health Dashboard.

Exchange - Restoring service - EX21781 Hide Info…

24/04/2015 12:41:30 p.m.

Current Status: Engineers identified an expired certificate that has caused impact to a portion of the Exchange Admin Center (EAC) menu functionality. Engineers have deployed a new certificate and are updating a code configuration to restore service. As the code configuration is updated, customers will experience the restoration of EAC menu functionality. User Experience: End users are not affected by this issue. Customer Impact: Customer impact appears to be limited at this time. Administrators may be unable to access the "Another User" menu in the Exchange Admin Center (EAC). Incident Start Time: Wednesday, April 22, 2015, at 8:39 PM UTC Preliminary Root Cause: An expired certificate caused impact to a portion of the EAC menu functionality. Next Update by: Friday, April 24, 2015, at 8:00 PM UTC  

Prepare to Deploy Hyper-V Replica

https://technet.microsoft.com/en-us/library/jj134153.aspx

Hyper-V Replica is a feature of Hyper-V, so you must enable the Hyper-V server role

If you plan to use a failover cluster with Hyper-V Replica and haven’t already set up the cluster, see http://go.microsoft.com/fwlink/?LinkId=253006

Each node of the failover cluster that is involved in Replica must have the Hyper-V server role installed. If you haven’t already done so, refer to Step 1.2 in this topic and install the Hyper-V role on each cluster node.

Defining a service level objective against an application

https://technet.microsoft.com/en-us/library/dd441412.aspx

You can configure a service level objective (SLO) to define the availability and performance goals for an application. In the following procedure, you create a new service level (LOB Application 1) against a distributed application, define a Monitor SLO that is based on availability (99.9% up-time), and define a Collection Rule SLO that is based on a performance rule (80% average processor time).

WSUS server modes

https://technet.microsoft.com/en-us/library/cc720448(v=ws.10).aspx

There are two ways to link WSUS servers together:

Autonomous mode: An upstream WSUS server shares updates with its downstream server or servers during synchronization, but not update approval status or computer group information. Downstream WSUS servers must be administered separately. Autonomous servers can also synchronize updates for a set of languages that is a subset of the set synchronized by their upstream server.

Replica mode: An upstream WSUS server shares updates, approval status, and computer groups with its downstream server or servers. Downstream replica servers inherit update approvals and cannot be administered apart from their upstream WSUS server.

Differences between Self-service Portal and App controller?

https://social.technet.microsoft.com/Forums/en-US/b57e74af-48c7-4e3c-98c4-baaf3e1e3445/differences-between-selfservice-portal-and-app-controller?forum=appcontroller

App Controller is a super-set of the functionality in the self-service portal. With App Controller you can:

• View and deploy virtual machines and services (the self-service portal shows only virtual machines)
• View virtual machines and services from more than 1 VMM management server (providing they are in the same trust boundary)
• Upgrade services
• Copy files to/from VMM libraries
• View, deploy and upgrade services running in Windows Azure
• Use Active Directory users and groups to provide access to Windows Azure subscriptions

Citrix XenServer — Microsoft System Center Integration Pack

http://www.citrix.com/go/products/xenserver/microsoft-beta.html

AD RMS Clusters

https://technet.microsoft.com/en-us/library/cc771175.aspx

here are two types of clusters: root clusters and licensing-only clusters. The first server in an AD RMS installation always becomes the root cluster. The root cluster handles all certification and licensing requests for the Active Directory Domain Services (AD DS) domain in which it was installed. For complex environments, licensing-only clusters can be created in addition to the root cluste

an Offline Root CA with a Subordinate CA

an Offline Root CA with a Subordinate CA

https://marckean.wordpress.com/2010/07/28/build-an-offline-root-ca-with-a-subordinate-ca/

https://technet.microsoft.com/en-us/library/hh831348.aspx

Cross Certification

https://msdn.microsoft.com/en-us/library/windows/desktop/bb540800(v=vs.85).aspx

Cross certification enables entities in one public key infrastructure (PKI) to trust entities in another PKI. This mutual trust relationship is typically supported by a cross-certification agreement between the certification authorities (CAs) in each PKI. The agreement establishes the responsibilities and liability of each party.

A mutual trust relationship between two CAs requires that each CA issue a certificate to the other to establish the relationship in both directions. The path of trust is not hierarchal (neither of the governing CAs is subordinate to the other) although the separate PKIs may be certificate hierarchies. After two CAs have established and specified the terms of trust and issued certificates to each other, entities within the separate PKIs can interact subject to the policies specified in the certificates.

P2V Prerequisites in VMM - SCVMM 2012

P2V Prerequisites in VMM

https://technet.microsoft.com/en-us/library/hh427293.aspx

• Must have at least 512 MB of RAM.
  
• Cannot have any volumes larger than 2040 GB.
  
• Must have an Advanced Configuration and Power Interface (ACPI) BIOS. Vista WinPE will not install on a non-ACPI BIOS.
  
• Must be accessible by VMM and by the virtual machine host.
  
• Cannot be in a perimeter network.

two way mirror , three way mirror in server 2012

two way mirror , three way mirror in server 2012

https://social.technet.microsoft.com/Forums/windowsserver/en-US/2e6955b7-b293-4880-8fb3-8b4ce0e02ec9/mirror-in-storage-pool?forum=winserver8gen

Pool requires a quorum of 50% plus drives to be present to survive.

with 3 way mirror - we have a guarantee of surviving 2 disk failure. 

Maintaining the above requirements and providing the guarantee - mandates us to have minimum 5 disks in pool. As if we loose 2, we still have 3 in the pool (>50%) for pool to maintain it's quorum.

https://technet.microsoft.com/en-us/library/jj822938.aspx#BKMK_Step2

http://www.bleepingcomputer.com/tutorials/how-to-configure-storage-spaces-windows-8/

Simple Storage Space

Simple striping, otherwise known as Raid-0, takes multiple drives and combines them into one virtual drive seen by Windows. This allows you to take different drives of different sizes and combine them into a new drive that uses all of the space on each drive. This allows you to quickly add more storage to a storage space that is running low by adding a new physical drive to the pool. This type of storage space is not recommended for critical or irreplaceable data because if one of these drives fails, you lose all of the data on all of the drives.

Two-way Mirroring Storage Space

Two-way mirroring, or Raid-1, is when you take two drives and they mirror each other. This type of storage space provides hardware protection because if one drive fails the data is still safely stored on the other drive. Please note, that when you use this type of storage space you will only be able to use the space of the smallest drive.

Three-way Mirroring Storage Space

Three-way mirroring is similar to two-way mirroring, but requires 5 drives. This storage process provides hardware protection in the event that two drives fail at the same time.

Parity Storage Space

The parity storage space, or Raid-5, allows you to take 3 or more drives and combine all but the last one into one large virtual drive. The last drive is then used as the parity drive that protects you in the event that one drive fails. If second drive fails before you replace the first failed one, you will lose all of your data.

Creating a Windows Server 2012 Failover Cluster

Creating a Windows Server 2012 Failover Cluster

http://blogs.msdn.com/b/clustering/archive/2012/05/01/10299698.aspx

After installing the Failover Clustering feature, and validating a configuration, the next step is to create a new cluster.

The Hyper-V Administrators group

https://technet.microsoft.com/en-us/library/hh831410.aspx


The Hyper-V Administrators group

The Hyper-V Administrators group is introduced and is implemented as a local security group.

What value does this change add?

This group can reduce the number of users that belong to the local Administrators group while providing users with access to Hyper-V.

What works differently?

The Hyper-V Administrators group is a new local security group. Add users to this group instead of the local Administrators group to provide them with access to Hyper-V. Members of the Hyper-V Administrators have complete and unrestricted access to all features of Hyper-V.

Installing AD FS Role Services and Configuring Certificates

https://technet.microsoft.com/en-us/library/cc771041%28v=ws.10%29.aspx

 export the token-signing certificate

import the server authentication cert 

How to Create VIP Templates for Network Load Balancing 

https://technet.microsoft.com/en-us/library/hh335100.aspx

ou can use the following procedure to create a virtual IP (VIP) template for Microsoft Network Load Balancing (NLB) in Virtual Machine Manager (VMM). A virtual IP template contains load balancer-related configuration settings for a specific type of network traffic. For example, you could create a template that specifies the load balancing behavior for HTTPS traffic on port 443.

Configure CDP and AIA Extensions

https://technet.microsoft.com/en-us/library/cc776904%28v=ws.10%29.aspx

• Adjust the default LDAP:/// and HTTP:// URL locations on the Extensions tabof the certification authority Properties page according to your needs. Do not remove the local CDP location, however. The CA requires the local CDP location in order to publish the CRL to itself. The CA uses the local CRL to validate all certificates before they are issued to users. The local path does not show in the CDP extension of issued certificates.

Dell sonicwall tz215 cannot do VLAN internet on the WAn interface

Dell sonicwall  tz215 cannot do VLAN internet on the WAN interface or whatever interface

after a couple of hours talk with Dell sonicwall support, it is concluded that it doesn't support VLAN-ed internet connection even if a sub-interface created with VLAN

what a joke

Offce365 distribution group with no members will not bounce back

- Offce365 distribution group with no members will not bounce back emails

Gateway Servers in Operations Manager

https://technet.microsoft.com/en-us/library/hh212823.aspx

System Center 2012 – Operations Manager requires mutual authentication be performed between agents and management servers prior to the exchange of information between them. To secure the authentication process between the two, the process is encrypted. When the agent and the management server reside in the same Active Directory domain or in Active Directory domains that have established trust relationships, they make use of Kerberos V5 authentication mechanisms provided by Active Directory. When the agents and management servers do not lie within the same trust boundary, other mechanisms must be used to satisfy the secure mutual authentication requirement.

Certificate Enrollment Policy Web Service

https://technet.microsoft.com/en-us/library/dd759230.aspx

The Certificate Enrollment Policy Web Service is an Active Directory Certificate Services (AD CS) role service that enables users and computers to obtain certificate enrollment policy information. Together with the Certificate Enrollment Web Service, this enables policy-based certificate enrollment when the client computer is not a member of a domain or when a domain member is not connected to the domain.

User Role Descriptions for VMM

https://technet.microsoft.com/en-us/library/gg696971.aspx

Fabric Administrator (Delegated Administrator)

Members of the Delegated Administrator user role can perform all administrative tasks within their assigned host groups, clouds, and library servers, except for adding XenServer and adding WSUS servers. Delegated Administrators cannot modify VMM settings, and cannot add or remove members of the Administrators user role. To create a delegated administrato

You can create user roles in Virtual Machine Manager (VMM) to define the objects that users can manage and the management operations that users can perform. The following table summarizes the capabilities of each user role in VMM.

User Role Descriptions for VMM

VMM User Role	Capabilities
Administrator	Members of the Administrators user role can perform all administrative actions on all objects that VMM manages. Administrators have sole responsibility for these features of VMM: Only administrators can add stand-alone XenServer hosts and XenServer clusters (known as pools) to VMM management. Only administrators can add a Windows Server Update Services (WSUS) server to VMM to enable updates of the VMM fabric through VMM. To change the members of the Administrator user role, see How to Add Users to the Administrator User Role in VMM.
Fabric Administrator (Delegated Administrator)	Members of the Delegated Administrator user role can perform all administrative tasks within their assigned host groups, clouds, and library servers, except for adding XenServer and adding WSUS servers. Delegated Administrators cannot modify VMM settings, and cannot add or remove members of the Administrators user role. To create a delegated administrator, see How to Create a Delegated Administrator User Role in VMM.
Read-Only Administrator	Read-only administrators can view properties, status, and job status of objects within their assigned host groups, clouds, and library servers, but they cannot modify the objects. Also, the read-only administrator can view Run As accounts that administrators or delegated administrators have specified for that read-only administrator user role. To create a read-only administrator, see How to Create a Read-Only Administrator User Role in VMM.
Tenant Administrator	As of VMM in System Center 2012 Service Pack 1 (SP1), you can create Tenant Administrator user roles. Members of the Tenant Administrator user role can manage self-service users and VM networks. Tenant administrators can create, deploy, and manage their own virtual machines and services by using the VMM console or a web portal. Tenant administrators can also specify which tasks the self-service users can perform on their virtual machines and services. Tenant administrators can place quotas on computing resources and virtual machines. To create a tenant administrator, see How to Create a Tenant Administrator User Role in VMM.
Application Administrator (Self-Service User)	Members of the Self-Service User role can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal. To create a self-service user, see How to Create a Self-Service User Role in VMM.

Caution
If you grant rights for a particular template to a user that does not have rights to the Run As account that the template is configured with, then the user can potentially extract the credentials for the Run As account from the template.

As of System Center 2012 R2, VMM administrators can use the Create User Role Wizard to configure user roles with a set of permitted actions on a per-cloud basis in addition to the global settings. These settings apply only to the tenant administrator and the self-service user roles. With these settings, the user’s effective permitted actions for a given cloud are the combination of their global permitted actions and cloud permitted actions.

policy.inf vs capolicy.inf

https://technet.microsoft.com/en-us/library/cc787237(v=ws.10).aspx

http://blogs.technet.com/b/pki/archive/2014/03/05/constraints-what-they-are-and-how-they-re-used-1.aspx

Cross-Certification and Qualified Subordination 

Qualified subordination

https://technet.microsoft.com/en-us/library/cc786077(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/cc785267(v=ws.10).aspx

Using qualified subordination to restrict certificate issuance to specific namespaces

Configuring qualified subordination between two organizations; specifically two configurations:

Allowing trust between all CAs in the two organizations

Limiting trust to specific CAs in the CA hierarchy

Configuring qualified subordination using a bridge CA

run data deduplication on the CSV?

 run data deduplication on the CSV?

Data deduplication in Windows Server 2012 R2 supports optimization of storage for Virtual Desktop Infrastructure (VDI) deployments and optimization of Cluster Shared Volumes (CSV). Data deduplication is supported on NTFS-formatted CSV and is not supported on Resilient File System (ReFS)-formatted CSV. For more information,

https://support.microsoft.com/en-us/kb/2906888

https://technet.microsoft.com/en-nz/library/dn486808.aspx

there are few guys at the top, Greg is doing both CBT nuggets and Train Signal - 70-414

there are few guys at the top, Greg is doing both CBT nuggets and Train Signal / pluralsight

70-414

windows azure biztalk charges a lot --- more than $100.00 dollars in 3 days

windows azure biztalk charges a lot --- more than $100.00 dollars in 3 days

I argued, MS support said remove credit card limit , then they will credit

the credit balance is not reflecting the BizTalk charge until 3 days later

 

windows azure redis cache costs more than 1.3 local dollars per day.

it is to be deleted from the first portal, not the second one, funny that

Ibiza Portal which is portal.azure.com

 

restore some information from onedrive

I have an excel spreadsheet in my hotmail onedrive which records technet virtual labs I have been through

unfortunately for me, after doing some search on the excel file, some cell vanished.

I usually used excel online to access it

how do I get those missing cells back

http://www.7tutorials.com/how-recover-previous-versions-your-documents-onedrive


yes, the trick is to use the version history feature , it is pretty good

still not sure how some cell disappeared

国内有的单位是要本人拿着当天报纸拍照 来证明⋯ 阅读详情: http://www.backchina.com/blog/344727/article-224609.html#ixzz3WO7vSLXN

国内有的单位是要本人拿着当天报纸拍照  来证明⋯

阅读详情: http://www.backchina.com/blog/344727/article-224609.html#ixzz3WO7vSLXN