sudo fdesetup authrestart (funguje pouze pokud „fdesetup supportsauthrestart“ vrátí „true“)
http://lifehacker.com/bypass-a-filevault-password-at-startup-by-rebooting-fro-1686770324
Měsíc: Březen 2015
Certifikáty pro Domain Controllery
Výborný článek popisující různé varianty šablon pro certifikáty doménových řadičů.
Domain Controller related certificate templates
Domain controllers are interested in the following certificate templates, but depending on the DCs operating system version and the CA’s OS version it depends on what they prefer:
| Name | Description | Key Usage | Subject Type | Applications used for enhanced key usage | Application policies or enhanced key usage |
| Domain Controller | Used by domain controllers as all-purpose certificates and is superseded by two separate templates: Domain Controller Authentication and Directory E-mail Replication | Signature and encryption | DirEmailRep | Client authentication Server authentication |
4.1 |
| Domain Controller Authentication | Used to authenticate Active Directory computers and users | Signature and encryption | Computer | Client authentication Server authentication Smart card logon |
110.0 |
| Directory E-mail Replication | Used to replicate e-mail within AD DS | Signature and encryption | DirEmailRep | Directory service e-mail replication | 115.0 |
| Kerberos Authentication | New in Windows Server 2008, this template is similar to the Domain Controller Authentication template and offers enhanced security capabilities for Windows Server 2008 domain controllers authenticating Active Directory users and computers | Signature and encryption | Computer | Client authentication Server authentication Smart card logon KDC authentication |
110.0 |
| Domain Controller | Windows2000 Server-based CA (version 1 only) | Windows Server 2003-based CA | Windows Server 2008-based CA |
| Windows 2000 Server (enroll for version 1 templates only) | Domain Controller | Domain Controller | Domain Controller |
| Windows Server 2003 | Domain Controller | Domain Controller or Domain Controller Authentication Directory E-mail Replication |
Kerberos Authentication or Domain Controller Authentication Directory E-mail Replication |
| Windows Server2008 | Domain Controller | Domain Controller or Domain Controller Authentication Directory E-mail Replication |
Kerberos Authentication Directory E-mail Replication |
| Windows Server 2012 | Domain Controller | Domain Controller or Domain Controller Authentication Directory E-mail Replication |
Kerberos Authentication Directory E-mail Replication |
| Template name | Windows 2000 Server | Windows Server 2003 | Windows Server 2008/2012 |
| Directory E-mail Replication | X | ||
| Domain Controller | X | X | X |
| Domain Controller Authentication | X | ||
| Kerberos Authentication | X |
Performance countery pro AADSync
Postup sice žádné performance countery neopraví, ale v logu se přestanou množit chyby. Dle MS supportu bude opraveno v dalších verzích, chyby se přelila z FIMu.
- Delete registry key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ FIMSynchronizationService\Performance]
- Recreate the ‚Performance‘ registry key.
- unlodctr.exe FIMSynchronizationService
- lodctr.exe „C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\mmsperf.ini“