7 OSI Layers 

The ISO (International Organization for Standardization) decided to construct a framework of standards in which different vendors would be able to use in order to communicate over a network consisting of diverse equipment and applications.  This framework is now considered the standard for communication of networks.  The OSI is divided into 7 layers, which divides the task into smaller more manageable task groups.  Each task or group of tasks assigned to each layer can also be implemented independently.  This limits complications between layers because the solutions offered by one layer do not adversely affect the other layers.

The 7 layers can be split logically into two subgroups.  Layers 7 thru 4 focus on the end to end communication of data source and destinations.  Layers 3 thru 1 are provide consistent communication between the network devices.  An easier way of looking at the OSI model is dividing the upper layers (7, 6, 5) from the lower layers (4, 3, 2, 1).  The upper layers deal with application issues and are implemented only in software.  The highest layer, the application layer, is the closest to the end user.  The lower layers are responsible for the transportation of the data.  The physical layer and the data link layer are implemented in hardware and software. The lowest layer, the physical layer, is closest to the physical network medium (the wires, for example) and is responsible for placing data on the medium.

The following is a top-down explanation of the OSI Model. It starts with the user's PC and it follows what happens to the user's file as it passes though the different OSI Model layers. The top-down approach was selected specifically (vs. starting at the Physical Layer and working up to the Application Layer) for ease of understanding. It is used here to show how the user's files are transformed (through the layers) into a bit stream for transmission on the network. 
 
LAYER 7 - APPLICATION
 
The application level provides services that directly support the user applications, such as user interface, e-mail, file transfer, database access, etc. There are many protocols at this layer that are commonly needed such as HTTP, WWW, FTP, TELNET, SMTP. It gives applications access to the network through the layers below. Another important function is file transfer between computers. Some computers store file names or represent text lines differently. The application layer takes care of the incompatibilities and allows a smooth transfer between systems.
Protocols: FTP¹, HTTP², SMTP³, DNS⁴, TFTP⁵, NFS⁶, TELNET⁷.



LAYER 6 - PRESENTATION 

The presentation level is translator between the application and network format. Unlike the lower layers, its concern is with the syntax and semantics of the information transmitted. Most user programs do not exchange random binary bit strings. They exchange data such as names, addresses, dates, etc. Different computers store the data in a different way. In order to allow these computers to transmit the data to each other the presentation layer translates the data into a standard form to be used on the network. Another function is data compression which can be used to reduce the number of bits needed to send the packet of information. Security is also added at this layer by using data encryption and decryption. This prevents others from intercepting the data and being able to decipher the meaning of the bits.
Protocols: ASCII⁸, EBCDIC⁹, MIDI¹⁰, MPEG¹¹, JPEG¹².



LAYER 5 - SESSION

 This layer allows applications on connecting systems to communicate using a session. It opens, uses, and closes this communication link. It also acts as a dialog control mechanism controlling who is able to transmit. Sessions can allow data to be sent in both directions at the same time or only one direction. The session layer determines who has the ability to transfer at the current time. Another valuable ability is to insert checkpoints during data transfers. During a large file transmission if the system crashes the checkpoints allow the system to start downloading at the last known checkpoint. An example of this is during either a interactive login or file transfer connection, the session would recognize names in the session and register them into a history. It could then connect and reconnect in case of a system crash at either of the systems.
Protocols: SQL¹³, RPC¹⁴.



LAYER 4 - TRANSPORT

 The basic function of the transport layer is to accept data from the session layer, break up the data into smaller units if need be, and send these manageable data packets to the network layer. At the destination this layer is responsible for combining the packets into their original state. This layer also checks to see if the layers are in the right order when received and not in duplicated form. If there is an error in one of the packets there is a request for that packet's retransmission. There are two protocols that sit at this layer. First, the TCP protocol connects the sender and the receiver using a socket which is determined by the IP address and port number. TCP keeps track of the packet delivery order and which ones need to be resent. UDP on the other hand is a connectionless communication and does not guarantee packet delivery between sender and receiver. Because it is connectionless the sender sends the data into the network with an IP address of the receiver and hopes it makes it to its destination. Since there is not a way of asking the sender to retransmit because of an error there is little error protection if any.
Protocols: TCP¹⁵ or UDP¹⁶.


LAYER 3 - NETWORK 

The network layer basically handles all of the addressing issues. This layer addresses packets, determines the best path or route, and manages network problems such as data congestion. There are three ways in which the packets are routed to their destinations. First, there could be a static route through the entire network that will never be changed. Second, there could be a static line only used during a particular session between the sender and receiver. Finally, the packets could be dynamically sent through the network using changing paths in order to prevent bottlenecks. The bottlenecks are formed when there are too many packets present in one subnet causing them to get in each other's way. The network level is also responsible for converting the network address and names to the MAC addresses of the machines. One of the most important functions of this layer is the ability to allow two different networks using conflicting addressing schemes to be able to send data to each other. The network layer allows the different protocols to "talk" to each other and understand where the packet's destination is.  Routers work at this level by sending the packets along the network.
Protocols: IP¹⁷, ICMP¹⁸, ARP¹⁹, PING²⁰, Traceroute²¹.



LAYER 2 - DATA LINK
 
The data link layer defines the format of data on the network. All of the data sent through the network are made into a frame which is performed at this level. The frame is a uniform way of sending the data along with address information and error checking capabilities. CRC is used for the error detection at this level. If at the receiving end the CRC fails at this level there is a request back to the sender for retransmission of this packet.
Protocols: IEEE 802.2²², 802.3²³, 802.5²⁴.





LAYER 1 - PHYSICAL

 The physical layer is responsible for establishing, maintaining and ending physical connections (point to point) between computers. This layer is concerned with the actual interpretation of the bit stream into an electrical signal that can be carried across a physical medium. The protocols at this layer deal with the binary transmission, voltage levels, and data rates. This layer would also specify physical medium properties such as cables and network cards.
Protocols: IEEE 802.3²³, 802.5²⁴.

What is Wireshark? 

Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course).
In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.

Some intended purposes
 Here are some examples people use Wireshark for:
• network administrators use it to troubleshoot network problems.
• network security engineers use it to examine security problems.
• developers use it to debug protocol implementations.
• people use it to learn network protocol internals.
 
Features

The following are some of the many features Wireshark provides:
• Available for UNIX and Windows.
• Capture live packet data from a network interface.
• Open files containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
• Import packets from text files containing hex dumps of packet data.
• Display packets with very detailed protocol information.
• Save packet data captured.
• Export some or all packets in a number of capture file formats.
• Filter packets on many criteria.
• Search for packets on many criteria.
• Colorize packet display based on filters.
• Create various statistics.

Interface Look like this ,

What is a PBX ?

A PBX (Private Branch Exchange) is a switch station for telephone systems. It consists mainly of several branches of telephone systems and it switches connections to and from them, thereby linking phone lines. 

Companies use a PBX for connecting all their internal phones to an external line. This way, they can lease only one line and have many people using it, with each one having a phone at the desk with different number. The number is not in the same format as a phone number though, as it depends on the internal numbering. Inside a PBX, you only need to dial three-digit or four-digit numbers to make a call to another phone in the network. We often refer to this number as an extension.

 

Shadow Copies of Shared Folders

Shadow Copies of Shared Folders provides point-in-time copies of files that are located on shared resources, such as a file server. With Shadow Copies of Shared Folders, users can view shared files and folders as they existed at points of time in the past. Accessing previous versions of files, or shadow copies, is useful because users can:

• Recover files that were accidentally deleted. If you accidentally delete a file, you can open a previous version and copy it to a safe location.
  
• Recover from accidentally overwriting a file. If you accidentally overwrite a file, you can recover a previous version of the file. (The number of versions depends on how many snapshots you have created.)
  
• Compare versions of a file while working. You can use previous versions when you want to check what has changed between versions of a file.
  

• Best Practices for Shadow Copies of Shared Folders
  
• Enable and Configure Shadow Copies of Shared Folders
  
• Troubleshooting Shadow Copies of Shared Folders
  

Additional considerations

• When you restore a file, the file permissions will not be changed. Permissions will remain the same as they were before the file was restored. When you recover a file that was accidentally deleted, the file permissions will be set to the default permissions for the directory.
  
• Shadow Copies of Shared Folders is available in all editions of Windows Server 2008 R2. However, the user interface is not available for the Server Core installation option. To create shadow copies for computers with a Server Core installation, you need to manage this feature remotely from another computer.
  
• When you bring disks online, if a disk contains shadow copy storage space for a volume, it is brought online before the volume itself to prevent the possibility of lost snapshots.
  
• Creating shadow copies is not a replacement for creating regular backups.
  
• When storage area limits are reached, the oldest shadow copy will be deleted to make room for more shadow copies to be created. After a shadow copy is deleted, it cannot be retrieved.
  
• Storage location, space allocation, and the schedule can be adjusted to suit your needs. On the Local Disk Properties page, on the Shadow Copies tab, click Settings.
  
• There is a limit of 64 shadow copies per volume that can be stored. When this limit is reached, the oldest shadow copy will be deleted and cannot be retrieved.
  
• Shadow copies are read-only. You cannot edit the contents of a shadow copy.
  
• You can only enable Shadow Copies of Shared Folders on a per-volume basis—that is, you cannot select specific shared folders and files on a volume to be copied or not copied.

 

Windows Server 2012 – The New and Improved Group Policy Management Console

With Windows Server 2012, there are tools, features and functions that are available from the first member server (or Win8 PC with the RSAT pack - http://www.microsoft.com/en-us/download/details.aspx?id=28972).

You don't need a schema extension, you don't need to deploy any 2012 Domain Controllers, you don't need to flip the bit to Domain or Forest Functional Levels. All you need to do is install the OS and install/enable the Remote Server Administration Tools.
In this post, I'll show you some things in the updated "Group Policy Management Console" (GPMC).

Before I show off some of the coolness of the new GPMC, hop on the 'way-back' machine and recall the joys of GPO editing circa Windows 2000….anyone remember doing that?

The GPMC is one of those rare IT gems – free, easy to use without too much ramp-up or massive whitepapers to pour through before you're able to make use of the tool and get some work done.

We got it right with that tool….and it has some great improvements in 2012.

Group Policy Infrastructure Status

When you open the GPMC, there is now a 'Status' tab. This shows 'at-a-glance' replication status of the Group Policy elements across your DCs.

• Repeating: You don't need any WS 2012 DCs to see this data – GPMC can get the information from W2k3 and newer DCs.

This first screen shot shows that "Infrastructure Status" data has not been gathered yet for this domain and that DC01 is the current "baseline domain controller" (which can be changed).

Click "Detect Now" at the bottom of the tab to initiate the data gathering and comparison against the baseline DC.

** WARNING ** This can take some time in a large AD environment, as it has to check multiple items on EACH DC in the domain.


Click the circle-arrow buttons to see more detail … currently showing that all four GPOs in the domain are in full sync between my baseline DC and my one other DC.


Refresh the console to see how the DCs drift from full sync as GPOs are edited and replication occurs…


If you click the "GPO version" link under "Active Directory" or "SysVol", a dialog displays which shows the version numbers for the GPO(s) not yet in sync…


Refresh the console again to see the replication status settle back into full sync against the baseline DC…


Here's a screenshot of the same process with the "baseline domain controller" being a 2003 R2 DC which also hosts all 5 FSMOs in my lab domain/forest.


And the Domain/Forest functional levels are still at 2003

Remote GP Update

Next up is remote GP Update – yes ladies and gentlemen, you can select an OU and choose to initiate a GPUpdate /FORCE on the computers within that OU.


Two computers are found in the target OU (and any sub-OUs)…


The update fails against one. We can "Save" the log to a CSV file for documentation, historical tracking or further troubleshooting work.




I opened the appropriate firewall ports via the "Group Policy Remote Update Firewall Ports" Starter GPOs which are part of WS 2012, too. I was then able to update the failing system.

• http://technet.microsoft.com/en-us/library/jj134201.aspx#BKMK_Step1

The way this works, is it creates a Scheduled Task to run GPUPDATE /FORCE on each system in the OU for both USER and COMPUTER portions of the GPO(s).

• This only works on Vista/2008 and newer OS instances
• Uses a random offset of 0-10 minutes for each system, so they don't all jump at once
• A command-prompt window will display when the Task executes on the target machine(s) if a user is logged in – beware possible end-user confusion and possible help-desk calls when this happens
• The UI is an 'all-or nothing' situation. It will refresh GPOs on all systems within the OU – if you need some granularity, you need some (surprise!) Powershell via…
  • The "Invoke-GPUPDATE" cmdlet - http://technet.microsoft.com/library/hh967455.aspx
    • Allows you to target one or more specific computers (instead of all in an OU/subOU)
    • Allows you to set specific time offset/delay (instead of 0-10 minutes)
    • Allows you to restart the target PC or log off any logged on user (if you need to ensure that Policy settings that require a restart or log-off/on get refreshed)
    • Other flexible options
    • Example: Invoke-gpudate –computer DHCP01 –randomdelayminutes 1 –force
      • Does a GPUPDATE /FORCE for user and computer Policies on a computer named DHCP01 with a 1 minute delay
  • While you're browsing Powershell as it relates to GPOs, please take a quick look at the "Backup-GPO" cmdlet
    • http://technet.microsoft.com/en-us/library/hh967480.aspx
    • You can learn this in a morning and be backing up all GPOs by lunch – that's the POWER of Powershell

GP Reporting

Wrapping up this post, have a look at the GP Reporting improvements (both in Results and Modeling):



A few items of note here:

• Displays visually, right at the top of the report, if/when inheritance is blocked – an immediate flag in terms of troubleshooting
• Displays visually, right at the top of the report, if/when a GPO is Enforced– an immediate flag in terms of troubleshooting
• Whether or not a fast link was detected.
• When Policy was last refreshed and how long it took
• Active links for recent GPO Event Log data on the target machine

Broken record repeat - important note – the updated GPMC tool is ready to go as soon as you deploy your first WS 2012 or Win8 member system w/ RSAT tools installed and enabled.

• No ADPREP needed
• No WS 2012 DCs required
• No domain functional levels required

How to install WSUS 3.0 SP2 on Windows Server 2012 Essentials

In Windows Server 2012 Essentials, you cannot install WSUS because the “Windows Server Update Services” role is missing in Server Manager.
The Windows Server Essentials team has released a hotfix that brings the WSUS role back to Windows Server 2012 Essentials. Use the following steps to fix and install WSUS 3.0 SP2 on the server:

1. View the KB article 2762663 : “You cannot enable the Windows Server Update Service role in Windows Server 2012 Essentials”
   
2. To download the hotfix from the KB article, click the link :  
   
   Note: You will need to provide your email address and the hotfix download location will be emailed to you from hotfix@microsoft.com.
   
3. Save the hotfix package on the server running Windows Server 2012 Essentials and install it. 
   
4. Restart your server. 
   
5. Turn on Windows Server Update Services(WSUS) as follows:
   
1. Open Server Manager
   
2. Click add Roles and Features,
   
3. In Select Server Roles, select Windows Server Update Services, and finish the wizard.
   
   

Sample WSUS configuration on Windows Server 2012 Essentials:

Here are some sample steps you can follow to continue the WSUS configuration, Once the WSUS installation has finished, you can see it in Server Manager or Start Screen. In the Server Manager, you will be prompted to run the Post-Installation task of WSUS which will let you choose the location to store updates on the server and then initialize the WSUS configuration.

Step 1: Configure WSUS server settings

1. Launch the WSUS configuration wizard by using Tools > Windows Server Update Services in Server Manager.
   
2. Click Next on the Before you begin screen.
   
3. Please consider if you want to join Microsoft Update Improvement Program. If so, please choose Yes, I will like to join the Microsoft Update Improvement Program.
   
4. On the Choose Upstream Server page, you have the option to synchronize the updates with Microsoft Update or with another WSUS server. If you don’t have upstream WSUS server, please choose Synchronize Microsoft Update.
   
5. After selecting the proper options for your deployment, click Next to proceed.
   
6. On the Specify Proxy Server page, select the Use a proxy server when synchronizing check box if you have a proxy in your network, and then type the proxy server name and port number (port 80 by default), user name and credentials in the corresponding boxes.
   
7. Click Next.
   
8. On the Connect to Upstream Server page, click Start Connecting. When it connects, click Next to proceed.
   
9. Please choose update Language, Products, Classifications settings one by one.
   
10. On the Set Sync Schedule page, choose whether to perform synchronization manually or automatically.
    
11. On the Finished page, you have the option to start the synchronization now by selecting the Begin initial synchronization check box.
    
12. After you click Finish, the configure WSUS task is done and the WSUS Management Console appears.
    

Step 2: Deploy WSUS settings to clients via domain GPO

1. In the Group Policy Management Console (GPMC), create a new GPO and then right click the GPO, choose Edit.
   
2. In the GPMC, expand Computer Configuration, expand Policies, expand Administrative Templates, expand Windows Components, and then click Windows Update.
   
3. In the details pane, double-click Configure Automatic Updates.
   
4. Click Enabled, and then click one of the following options under the Configure automatic updating setting:
   
• Notify for download and notify for install. This option notifies a logged-on administrative user before you download and install the updates.
  
• Auto download and notify for install. This option automatically begins downloading updates and then notifies a logged-on administrative user before installing the updates.
  
• Auto download and schedule the install. This option automatically begins downloading updates and then installs the updates on the day and time that you specify.
  
• Allow local admin to choose setting. This option lets local administrators to use Automatic Updates in Control Panel to select a configuration option. For example, they can choose a scheduled installation time. Local administrators cannot disable Automatic Updates.
  
5. Click OK.
   
6. In the Windows Update details pane, double-click Specify intranet Microsoft update service location. By default WSUS will use port 8530 for HTTP and 8531 for HTTPS. For example, you can type http://servername or http://servername:8530
   
7. Click Enabled, and then type the URL of the same WSUS server in the Set the intranet update service for detecting updates box and in the Set the intranet statistics server box. You can type in the same address above and then click OK.
   
   

On the client machines, we can run the command: gpupdate /force to force the client machine refresh the GPO settings on the computer. Once the new GPO settings are applied, you can go to Control Panel, open Windows Update and check the status. It will shows that the update settings are managed by the system administrator. If so, the Windows Update GPO was applied on the client machine successfully.

Step 3: Create computer group in WSUS console

1. In the WSUS Administration Console, expand Computers, right-click All Computers, and then click Add Computer Group.
   
2. In the Add Computer Group dialog box, specify the Name of the new test group, and click then Add. For example, a group called: Servers and a Group named: Clients
   
3. Click Computers, and then select the computers that you want to assign to this new group.
   
4. Right-click the computer names that you selected in the previous step, and then click Change Membership.
   
5. In the Set Computer Group Membership dialog box, select the test group that you created, and then click OK.
   

Alternatively, you can use the following method to let the WSUS server atomically change computers’ membership in WSUS console.

How To Install Exchange Server 2007 Steps

Microsoft Exchange Server 2007 has a lot to offer, including new capabilities, more efficiency, advanced protection, and many other advantages over its predecessors.
For those of you who have already made the decision to move up to the new version of Exchange. 

We’ll go through all of the steps you’ll need to successfully install Exchange Server 2007 on Windows Server 2003. If you’re using Server 2008 instead, then check out this how-to article on installing Exchange Server 2007 on Windows Server 2008.
Before we get started, you should make sure that your machine meets the minimum system requirements. As with any operating system installation, this is a critical step that you don’t want to overlook. 

Microsoft recommends for every administrator to check the network, hardware, software, client computer as well as other recommended elements before the actual Microsoft Exchange Server 2007 installation. For more information about the minimum system requirements see Microsoft TechNet.

Installing Exchange Server 2007

1. For our installation, we will be using the Exchange Server 2007 Setup Wizard.So start by logging on to the server on which you want to do the install and insert the Exchange Server 2007 DVD into the DVD drive. Setup.exe will automatically start.

2. On the Start page complete steps 1 through 3:

• Step 1: Install .NET Framework 2.0
• Step 2: Install Microsoft Management Console (MMC)
• Step 3: Install Microsoft Windows PowerShell

Note: If you already have these installed on your server you will automatically be taken to the next step.

3. The physical installation of Exchange Server is the fourth step in the installation process. Once you’re ready to continue, click on:

• Step 4: Install Microsoft Exchange

And in the Introduction window click on Next

4. Click on the I accept the terms in the license agreement option and click Next

5. Select Yes or No for the Error Reporting option. In my example I’m going to enable this feature. When ready, click on Next

6. Select one of the installation types listed. I’m going to select the Typical Exchange Server Installation. In this window you may also specify the path for the installation; I’m going to accept the default. When ready, click Next

7. In the next window you can specify client settings. Click on the Yes option if you think that one of your clients might have Outlook 2003 on his or her system.
If you are positive that all client computers have Outlook 2007 installed, you may click on No. When ready, click on Next to continue

8. Once the Readiness Checks are done running, click on the Install button to start the installation

9. The entire installation takes approximately 30 minutes. When it is successful you will see this window, on which you can go ahead and click Finish

10. You should update your Exchange server right after the installation. To do so, go back to the main install screen and click on Step 5: Critical Updates for Microsoft Exchange

11. On the Microsoft Update site, click on the Review and install updates link

12. Then click on the Install Updates option

13. Last thing you need to do is to restart your new Exchange Server! Go ahead and click Restart Now and you’re done!