My head in the clouds as usual. Today I passed the AWS Certified Solutions Architect - Associate exam. I used Ryan Kroonenburn’s course on Udemy to skill up. I recommend it: Udemy - AWS Certified Solutions Architect associate by Ryan Kroonenburn
Update: Ryan quit Udemy’s platform and setup his own by founding https://www.ACloudGuru.com
Came across this amazing body of work. These guys (a group of System Centre consultants) spent 100 days on automation tools across Windows and Linux and also AWS and Azure cloud services.
PowerShell DSC – from Basic to Advanced Cross-Platform Management and DevOps with DSC and Chef Package Deployment Azure PaaS (Cloud Services, Websites and SQL) for IT Pros Source Control and Unit Testing Integration and Automation for IT Pros (TFS, VSO and GIT) System Center and DevOps Amazon EC2 and PowerShell Well written, concise, high level overviews to wet your appetite.
Some PowerShell to configure Nic Teaming on Windows Server 2012. Note: pick teaming mode and load balancing algorithm to suit your networking environment. The config below is for two NICs going to independent switches in active-passive mode (no LACP). Also note that the order Windows discovers and labels NICs may not match your hardware vendor’s labelling at the back of the server.
# Check current state of NICs and do teaming if (get-netLbfoTeam) {write-host "Nic Team already exists"} else { write-host "Renaming NICs" #Rename Ethernet & Ethernet2 to Nic1 & Nic2 etc $nicIndex=1 get-netAdapter | ForEach-Object { $\_ | Rename-NetAdapter -NewName "Nic$nicIndex" ; $nicIndex++} #Create team for Nic1,2 write-host "Teaming Nic1 and Nic2" $team = new-netlbfoteam -name NicTeam -teammembers Nic1,Nic2 -TeamingMode **SwitchIndependent** -loadBalancingAlgorithm **TransportPorts** -Confirm:$false #Configure NIC2 as standby write-host "Configuring Nic2 as standby" Set-NetLbfoTeamMember -Name "Nic2" -AdministrativeMode Standby # loop until this NIC team is up while ($team.
Hide Select a location for the network When you deploy Windows 7 you get a prompt: “Select a location for the network”. Laptop users also see this when they connect to a new network or WIFI service. You must pick the local network type. This helps Windows firewall decide if the local network is trusted (Private) or untrusted (Public). Rather than leave this as a manual choice for PC deployment staff and laptop users, you can automate this.
You don’t need your machines talking to each other via NetBIOS over TCP/IP.
Turn this off to cut down on network chatter and reduce your attack surface. The following PowerShell is useful as step during OS deployment (one-off config), or as a Group Policy startup script (every boot). # disable NetBIOS over TCP/IP on new adapter (legacy protocol not required) $NETBIOS_DISABLED=2 Get-WmiObject Win32_NetworkAdapterConfiguration -filter "ipenabled = 'true'" | ForEach-Object { $_.
TL;DR Make RDP better on Win7. Enable UDP support with this update.
Add support for RDP 8.1 to Windows 7. Both an updated RDP client (useful when connecting to Windows Server 2012) and updates for the terminal server service. http://blogs.msdn.com/b/rds/archive/2013/11/12/remote-desktop-protocol-8-1-update-for-windows-7-sp1-released-to-web.aspx There are quite a few hotfix prerequisites that took a while to install. I found it quicker to extract the cab files from within the MSU hotfix files (used 7zip) and install using dism.
If you have proxy servers between your staff and the public internet, and you’re configuring the proxy server name/IP and port in web browsers then
CUT THAT OUT RIGHT NOW!
Your web browsers can find your proxy servers automatically (with a little help….)
What is Web Proxy Autodiscovery Protocol (WPAD)? The Web Proxy Autodiscovery Protocol (WPAD) is a method used by web clients (IE, Firefox, Chrome, Winodws) to locate an internet proxy automatically.
In the bad old days Windows would install in user friendly, super accessible mode. You’d then run scripts to lock it down, improving security permissions on registry keys, files and folders, reg tweaks, and potentially break stuff too. There were lots of security guides around. I’d use these NSA guides and tips from McGraw Hill’s Hacking Exposed. Now days Windows comes secure out of the box and you install roles before it’ll do anything.
If you come across a machine that has disconnected from the domain, and you don’t have a system to recover the local administrator password, you’ll need to break in. If you have physical access to the machine, and can access the OS files from another OS (disk is not encrypted), then you can make offline changes to Windows. Boot into your Windows Preinstallation Environment (WinPE), typically used for OS deployment. See Microsoft Deployment Toolkit.
A recent Microsoft TechNet Flash email links to a Forrester report about what CIOs should be doing in 2015. Part of it mentions hybrid cloud architectures (read Azure) Forrester Research Predictions 2015: CIOs Accelerate the Business Technology Agenda
“In 2015, digital disruption will change the nature of competition, forcing firms to obsess about creating superior digital experiences across the entire customer life cycle. Many CIOs have the technical expertise and cross-functional business purview to help drive this level of innovation, but they are too often still seen as nothing more than the leader of a cost centre.
