Backup with PowerShell in Windows 2012

 

1 Open an elevated PowerShell window. (You must be a member of either the Administrators or Backup Operators group to perform these steps.)

2 Configure your script execution policy to allow untrusted scripts by typing the following and choosing Yes when prompted:

Set-ExecutionPolicy Unrestricted

3 Now input the following PowerShell script while making sure to change the values for New-WBBackupTarget and Get-WBVirtualMachine to something that’s relevant to your own environment:

# Create a New Backup Policy

$BackupPolicy = New-WBPolicy

# Specify a Target

$BackupTarget = New-WBBackupTarget -VolumePath F:

# Add the target to your policy

Add-WBBackupTarget -Policy $BackupPolicy -Target $BackupTarget

# Specify your virtual machine name

$VMs = Get-WBVirtualMachine | where vmname -like “ws2012r2*”

Add-WBVirtualMachine -Policy $BackupPolicy -VirtualMachine $VMs

# Configure the schedule

$BackupTime = [datetime] “23:00”

Set-WBSchedule -Policy $BackupPolicy -Schedule $BackupTime

# Activate the policy

Set-WBPolicy -Policy $BackupPolicy -AllowDeleteOldBackups

4 Once the script runs, your backup policy will be confi gured to run at the scheduled time, and you can view the job from inside the Windows Server Backup console.

 

Active Directory Trust

Active Directory Trust relationship is a logical link which allows a domain to access another domain, or a forest to access another forest. Trusts which are created automatically are called as implicit Trusts and the trusts which are created manually are called as Explicit Trusts.

The following are the characteristics of Windows Trusts.

  • Active Directory Trusts can be created manually (explicitly) or automatically (implicitly).
  • Active Directory Trusts can be either transitive or non-transitive. A transitive trust extends the trust relationships with other domains and a nontransitive does not allow the trust to flow to any other domains in the forest.
  • Active Directory Trusts can be one-way or two-way.

Active Directory Trust Types

Parent-child Trust: Parent-child Trust is an implicitly established, two-way, transitive trust when you add a new child domain to a tree.

Tree-root Trust: Tree-root Trust is an implicitly established, two-way, transitive trust when you add a new tree root domain to a forest.

Shortcut Trust: Shortcut Trust is an explicitly created, transitive trust between two domains in a forest to improve user logon times. Shortcut Trust will make a trust path shorter between two domains in the same forest. The Shortcut Trust can be one-way or two-way.

External Trust: External Trust is explicitly created, non-transitive trust between Windows Server 2003 domains that are in different forests or between a Windows Server 2003 domain and Windows NT 4 domain. The External Trust can be one-way or two-way.

Realm Trust: Realm Trust is explicitly created transitive or non-transitive trust between a non-Windows Kerberos realm and a Windows Server 2003 domain. This trust helps to create trust relationship between Windows Server 2003 domain and any Kerberos version 5 realm. The Realm Trust can be and one-way or two-way.

Forest Trust: Forest Trust is explicitly transitive (between two forests) created trust between two forest root domains. The Forest Trust can be one-way or two-way.

Enabling NAP on VPN clients

This topic describes how to configure virtual private network (VPN) clients to work with Network Access Protection (NAP) enforcement. This includes the following tasks:

  • Enabling the remote access quarantine enforcement client
  • Enabling and starting the NAP agent service
  • Modifying VPN connections
  • Accommodating clients not capable of using NAP (optional)

Enabling the remote access quarantine enforcement clientThe NAP VPN enforcement method requires that the remote access quarantine enforcement client is enabled on all NAP client computers.To enable the remote access quarantine enforcement client

  1. Click Start, click All Programs, click Accessories, and then click Run.
  2. Type napclcfg.msc, and then press ENTER.
  3. On the console, in the tree, click Enforcement Clients.
  4. In the details pane, right-click Remote Access Quarantine Enforcement Client, and then click Enable.

Enabling and starting the NAP agent serviceBy default, the Network Access Protection agent service on computers running Windows Vista is configured with a startup type of Manual. Each client must be configured so that the Network Access Protection agent service starts automatically, and the service must be started.To enable and start the NAP agent service

  1. Click Start, click Control Panel, click System and Maintenance, and then click Administrative Tools.
  2. Double-click Services.
  3. In the services list, double-click Network Access Protection Agent.
  4. In the Network Access Protection Agent Properties dialog box, change the Startup type to Automatic, and then click Start.
  5. Wait for the NAP agent service to start, and then click OK.
  6. Close the Services console, Administrative Tools, and System and Maintenance windows.

Modifying VPN connections
To modify VPN connections

  1. Click Start, click Run, and type NCPA.cpl, and then press ENTER.
  2. In the Network Connections window, right-click the appropriate VPN connection, click Properties, and then click the Security tab.
  3. Confirm that Advanced (custom Settings) is enabled, and then click Settings.
  4. For Logon security, select Use Extensible Authentication Protocol (EAP) and Protected EAP (PEAP) (encryption enabled), and then click Properties.
  5. Click Configure, and then click OK.
  6. Under Select Authentication Method, click either Secured password (MS-CHAP v2) or Smart Card or other certificate, depending on your deployment.
  7. Select Enable Quarantine checks.
  8. In the VPN Connection Properties windows, click OK three times.

Accommodating clients not capable of using NAP (optional)Clients running other operating systems can be accommodated in an NAP deployment. These clients should connect to the network by using the Connection Manager, and you should configure NPS to place these clients in the quarantine network. They will then be able to join the VPN Clients network using RQS or RQC.
(adsbygoogle = window.adsbygoogle || []).push({}); //--> Feedjit Flag Counter