I've found OpenSSH on Windows to be missing some features that Linux has. It may be a Windows vs Linux thing but home directories and jails seem to be both missing. There were some others in the past but don't remember what they were offhand.
Those are not features of SSH. SSH doesn't have them on either platform.
That's fine... but that's one of the reasons we needed to look at a different SFTP server that allowed us to designate home directories and jails for users.
Seems like an odd functionality to want in your SSH server. Why do you want that on Windows?
If you're treating it like FTP, why wouldn't you want those things?
But FTP doesn't have those things, either. In both cases FTP and SFTP are just the protocols, but we are talking about OS functions. Why does SFTP need to be treated so differently from FTP is really the base question.
Oh and they provide the hyper v integration as cab file (guest agent):
I cant belive I complained when VIRT IO Tools was repackaged some time ago and they changed some folders in there ISO image, while MS gives you a .cab file and not even an executable.
What do you mean? What VM are you trying to install? You shouldn't need any integration tools at all for any modern operating system on a VM. They come built in and are updated via Windows Update (if running Windows OS)
If you install RHEL or CentOS, you can download a Linux Integration Services .ISO if you need to. You simply run the ./install.sh file. All other modern Linux OSs already have the Hyper-V Integration built in to the kernel.
The following files are available for download from the Microsoft Download Center.
Operating system Update
All supported x86-based versions of Windows 8.1 Download Download the package now.
All supported x64-based versions of Windows 8.1 Download Download the package now.
All supported x64-based versions of Windows Server 2012 R2 Download Download the package now.
All supported x64-based versions of Windows Server 2012 Download Download the package now.
All supported x86-based versions of Windows 7 Download Download the package now.
All supported x64-based versions of Windows 7 Download Download the package now.
All supported x64-based versions of Windows Server 2008 R2 Download Download the package now.
Go to the download, and it is all .cab files.
WTF are you talking about. This is not DVD media. You are doing it wrong from the beginning.
Ofcourse I know this is not DVD media, those are the Hyper-V agents that MS wants you to install on your guest machine, MS calls them Hyper-V integration components.
ESXi and KVM Virt IO all provides much better ways to get this installed on your guest machines, and dont provide you a dumb .cab file.
Just because you are not capable of providing a share to get access the files from within the VM does not mean the process is stupid.
Who wants to mount ISO files from the hypervisor all the time just to update software in a guest VM? That is the stupid thing.
Okay, granted what are the commands to create share in Windows hyper-V standalone? I tried and failed, or the only way to do so is to have share outside hyper-V like NAS ? if so both KVM and ESXi can be easier in sending files directly to the host.
I dont want to go to fight about who is the best Virtualization platform cause that is pointless, but my trial wit Hyper-V is everything required 2 extra steps to get it configured. While the competition it can be done with one step.
Why are you trying to put these files on the hypervisor? They have no need to be on the hypervisor. You cannot download them there anyway why are you trying to put them there? The guest VM does not care where they are shared from. Just put them someplace accessible. or even download them directly in the guest VM.
I am not arguing best hypervisor platform. I am simply stating you are doing things wrong and causing your own problems.
I'm guessing that he might be saying that he has no NAS, and doesn't want to create a share from his desktop machine to make those ISOs available to the hypervisor.
ESXi allows you to have a folder on the DataStore that you can then reference. I did this for my ESXi server. Same goes for my XS, I had a local piece of storage on the hypervisor for ISOs.
I don't see an actual issue with this. The biggest one I seem is that you might be using more expensive disk to store ISOs instead of storing them on a NAS.
And Hyper-V lets you access share a folder too. It is all windows, so the admin share is there and active.
Seems odd you'd have the least secure systems on the domain, the client computers... and not have the most secure systems on the domain, the servers. With your DC and hypervisor being on the domain, how many times have those been compromised? Do you not update your servers? Do they all have internet access
To my knowledge they haven't been.
No. All servers receive Windows updates.
And I agree, this is odd. This, and so many other things, are being fixed one bite at a time.
Set your firewall to drop outbound traffic from servers that don't need Internet access. Point those servers to a local WSUS server for updates. Allow the WSUS server to get out to Internet. You can set local policy and point servers to WSUS, if they aren't domain joined. That way, servers can be updated but lower attack vector as they cannot get online.
Someone looking at this thread had a hard time figuring out how to open the registry editor after booting to CLI mode from the 2008 R2 media. from the command line, type regedit and hit enter, it will load.
When we work strictly from Windows Server Core installations we need to be able to do everything from the command line, even user management. Let's add a user that already exists into a group that already exists in Active Directory using only PowerShell.
To do this we have the handy Add-ADGroupMember PowerShell commandlet. This is very easy to use in its basic form, all we need is the name of the group and of the user that we want to add. In this case, I want to add user jane to the group "Domain Admins".
Add-ADGroupMember "Domain Admins" jane
That's it, jane is added automatically. This process, like most, is silent on success. To verify that all is as we want it to be, we can use the Get-ADGroupMember command to look up the members of a group.
Get-ADGroupMember "Domain Admins"
Can also do
Add-ADGroupMember -identity "Domain Admins" -members "jane" -WhatIf
to see if it gets added before actually running the command.
Good article. There is ZERO reason to have a GUI on a Domain Controller. Everything can be done through Server Manager on Windows 10/8
You mean RSAT ;)
Both? You can do a lot of directory management through Server Manager as well.
Ok, agree. Just don't like the Server Manager this much, ugly interface. I want to be sure WHICH drive on WHICH host I'm going to format for example. But that is just my personal opinion and I'm more or less a console fetishist ;)
But when it comes to ADSIedit or AD sites, you really want to have RSAT.
Those options are generally only there is RSAT is installed.
DDoS depends on public addresses acting as a clients pounding your DNS server with thousands of recursive queries at once. If your DNS server isn't public, then it isn't a open resolver, and a client on the internet can't query it directly.
In our case, we have a local DNS server, available to the internet, as a backup to our ISP-hosted DNS. This server is typically vulnerable. But it's set with a higher cost so it won't be used unless ISP goes down.