Microsoft recently released, in Azure, a VM Start/Stop Solution. And I have been fiddling with it the last few days, as we were working already to overhaul our old runbooks.
While it is straightforward there are a few things that need to be improved like retry on failure and multiple schedules for start. So I started working on those issues by adding another automation account, an Azure storage table, two new runbooks into the mix and a scheduled job which will call the one of the runbooks via a webhook. The end result will be looking close to that.
Re-blog form Source
It is always good to remember that the Administrators group provides full control over the Domain Controllers and is just as critical of a group to keep users out of.
In the Domain Admins group, we all have seen accounts for monitoring, PowerShell queries, etc. Those typically only need WMI access to pull information to monitor/audit. By following the theory of least privilege, it allows you to still give access needed to watch your infrastructure, without potentially compromising access.
A new feature for the windows server 2019 that is currently released in the Windows insiders. If you want to test it out and provice feedback please follow the link and sign up.
One of the quorum models for Failover Clustering is the ability to use a file share as a witness resource. The File Share Witness is designated a vote in the Cluster when needed and can act as a tie breaker in case there is ever a split between nodes.
There is a specific requirement that the witness should be joined to the domain and part of the same forest. And the reason is that it needs Kerberos to connect and authenticate with the share.
For Windows Server 2019, additional safeguards have been added to help protect from misconfigurations. We have added logic to check to check if the share is going to DFS.
Microsoft does not support running the File Share Witness on a DFS share and did not support it in the past and we will not support it for the foreseeable future.
In a Windows 2016 4-node multi-site Cluster with two nodes at each site running SQL FCI, where each side utilizing a storage replication for the shared drives. This connection to the file share Witness, a part of the DFS share.
The Storage Migration Service was created to migrate servers and their data without re-configuring applications or users.
- Migrates unstructured data from anywhere into Azure & modern Windows Servers
- It’s fast, consistent, and scalable
- It takes care of complexity
- It provides an easily-learned graphical workflow
Windows Server 2019 and the Storage Migration Service are not supported in production environments!
Windows Admin Center formerly known as Project “Honolulu” is a new local web-based management for your servers, clusters, hyper-converged infrastructure and Windows 10 PCs.
Microsoft announced the public preview of SQL Information Protection, introducing advanced capabilities built into Azure SQL Database and on-premises SQL Server via SQL Server Management Studio for discovering, classifying, labeling, and protecting the sensitive data in your databases.
- Helping meet data privacy standards and regulatory compliance requirements, such as GDPR.
- Data-centric security scenarios, such as monitoring (auditing) and alerting on anomalous access to sensitive data.
- Controlling access to and hardening the security of databases containing highly sensitive data.