When an instance grows to be very large, and its folder structure has many levels, the generation of this weather column can cost a lot of system resources slowing down other processes. If an instance is impacted by the performance of the Weather Column, a solution is to remove the folder health metrics of all existing folders. The only caveat of such a change is that the weather column will always report Folders as Healthy.
sysadmin jenkinsThe unattended-upgrades package can be used to automatically install updated packages, and can be configured to update all packages or just install security updates.
To configure unattended-upgrades, edit /etc/apt/apt.conf.d/50unattended-upgrades
.
To enable automatic updates, edit /etc/apt/apt.conf.d/20auto-upgrades
.
In looking into compromised systems, often what is needed by incident responders and investigators is not enabled or configured when it comes to logging. To help get system logs properly Enabled and Configured, below are some cheat sheets to help you do logging well and so the needed data we all need is there when we look.
documentation sysadmin tipsStarting in Windows Server 2008 R2, Active Directory now implements a true recycle bin. No longer will you need an authoritative restore to recover deleted users, groups, OU’s, or other objects. Instead, it is now possible to use PowerShell commands to bring back objects with all their attributes, backlinks, group memberships, and metadata.
active directory sysadminA Failover Cluster does not update the lastLogonTimeStamp
the same way as a real computer. A cluster updates the lastLogonTimeStamp
when it brings a clustered network name resource online. Once online, it caches the authentication token. Therefore, a clustered network named resource working in production for months will never update the lastLogonTimeStamp
. This appears as a stale computer account to the AD administrator.
Start the instance of SQL Server in single-user mode by using either the -m
or -f
options. Any member of the computer's local Administrators group can then connect to the instance of SQL Server as a member of the sysadmin fixed server role.
Kubernetes is the hottest kid on the block among container orchestration tools right now. In this tutorial, I want to document my journey of learning Kubernetes, clear up some points that tripped me as a beginner, and try to explain the most important concepts behind how it works.
tutorial devops reading sysadmin kubernetesEben’s guide to leveled logging:
ERROR: "your code is really broken"
WARNING: "your code is broken, but only in a subtle way that will bite you later"
INFO: "irrelevant trivia"
DEBUG: "information that would help you understand what's going on if you had enabled debug logging in production which you didn't"
devops
sysadmin
There are quite a few ways to limit UAC prompts further in Windows. One of the easiest ways for instance is to change a program's properties to always run with administrative privileges. Another option, less commonly known, is to use the Microsoft Application Compatibility Toolkit to whitelist applications so that they do not display an UAC prompt when they are run.
windows sysadminThe Infrastructure Planning and Design Guide Series provides concise planning guidance for Microsoft infrastructure products, helping to streamline and clarify design processes for unique infrastructure technologies and scenarios.
tutorial windows sysadmin windows server 2008By making the primary NTP server flag 0x9
, we made it Client 0x08
+ SpecialInterval 0x01
and as for the second NTP time server. By making the secondary NTP peer flag 0xa
, we made it 0x08 Client
+ 0x02 UseAsFallbackOnly
. On initial sync during service startup the polling interval time is zero which will not match the special polling interval that our 0x01
flag requires. This being the case w32time
will use the Fallback server as its primary choice until the special polling interval arrives then it will use the intended primary server.
This system, which we revised in December 2011 based on customer feedback, is intended to help our customers decide which updates they should apply under their particular circumstances, and how rapidly they need to take action.
windows sysadmin securityRRDtool refers to Round Robin Database tool. Round robin is a technique that works with a fixed amount of data, and a pointer to the current element. Think of a circle with some dots plotted on the edge. These dots are the places where data can be stored. Draw an arrow from the center of the circle to one of the dots; this is the pointer. When the current data is read or written, the pointer moves to the next element. As we are on a circle there is neither a beginning nor an end, you can go on and on and on. After a while, all the available places will be used and the process automatically reuses old locations.
tutorial sysadmin networking rrdtoolRRDtool is a graphing utility made by Tobi Oetiker that takes data sets you collect and graphs them. RRDtool (acronym for round-robin database tool) correlates time-series data like network bandwidth, temperatures, CPU load or any other data type. Data is stored in a round-robin database (circular buffer) which allows the system storage footprint to remain constant over time. The database will always have the same amount of data points throughout its lifetime. When new data comes in the oldest data set is removed.
tutorial sysadmin rrdtoolFor Windows Server 2016 installations, a security update arrives first, followed by a quality update a couple of weeks later. Cumulative updates with new security fixes arrive on the second Tuesday of each month ("patch Tuesday"). Cumulative updates with new quality fixes arrive on the fourth Tuesday of each month. Windows Server 2016 updates first arrive as "optional" updates, but they later become "recommended" updates after two weeks.
security sysadmin windows windows server 2016Permissions in Active Directory are defined by so-called security descriptors, which are stored as properties directly in the AD objects.
active directory sysadminUnder certain constrained circumstances, disabling User Account Control (UAC) on Windows Server can be an acceptable and recommended practice.
security sysadmin windowsFrom time to time you may want to delegate control of an AD security group to an unprivileged user. The group manager property is an LDAP property on the group object that contains the Distinguished Name of a given user account. The checkbox that allows the group manager to modify who is a member of this group is not an LDAP property with a boolean type, that would be too simple and not line up with the Microsoft security management methodology. It's implemented as an Access Control Entry (ACE) in the objects Discretionary Access Control Li (DACL). Think of it like the permissions when looking at the Security tab for a file. These can be manipulated programatically.
active directory windows sysadminDNSLint is a Microsoft Windows utility that can help you determine whether all DNS servers that are supposed to be authoritative for the root of an Active Directory forest actually have the necessary DNS records, and can resolve all of the necessary DNS records to successfully synchronise partition replicas among domain controllers in an Active Directory forest.
active directory windows sysadmin dns