Let’s say you have a DVR that has a static IP of 192.168.1.200 and you need to forward port 7000 so that you can connect to it remotely. This article will give you step by step instructions to set up the port forwarding. How to port forward? 1. Once logged in, go to IP > Firewall 2. Select section on NAT
Windows Server of Active Directory Installing step by step.............
আজকের বিষয় Windows server 2008 এর Active Directory On Windows Server 2008 installing
যখন Administrator কে অনেক গুলো কম্পিউটার একসাথে নিয়ন্ত্রন করা অসম্ভব হয়ে পরে, তখন একটি Windows Server ইন্সটল করে Domain এর Database, Network নিয়ত্রন করার জন্য Active Directory on the Windows server ইন্সটল করতে হয়। উইন্ডোজ সার্ভার এর Active Directory ইন্সটল করার জন্য নিচের ধাপগুল অনুসরণ করতে হবে। চলুন দেখি টেকটিউন্সে আমার টিউনের সাথে। কিভাবে Active Directory ইন্সটল করতে হয়। Active Directory ইন্সটল করার জন্য নিচের ধাপগুল অনুসরণ করুন । ১। Active Directory সাফল্যের সাথে install করার জন্য নিচের ৪ টি ধাপ ইন্সটল থাকতে হবে। Have windows server 2008 already installed (ক) উইন্ডোজ সার্ভার ২০০৮ install থাকতে হবে। Have administrator privilege on the system (খ) System পরিচালনা করার জন্য Administrator এর বিশেষ অধিকার থাকতে হবে। Be able to reboot the system any time (গ) যে কোন সময় System Reboot করতে সক্ষম হতে হবে। Have an NTFS partition with enough free space (ঘ) NTFS ফর্মেটে যথেষ্ট |Free Space থাকতে হবে। ২। ইন্সটল করার পূর্বে নিচের বিষয়গুলো মনে রাখতে হবে।</strong>(A) If you are installing active directory on windows server 2008 for the 1st time, so it should be a global catalog server , it can’t be RODC (Read only domain control). (B) NT 4.O Domain controllers are not supported on windows server 2008 anymore. (C) If you still have NT Domain controllers on your network, you need to have 2000/2003 DCs to support them. (D) If you are making windows server 2008 a Domain controller on windows Server 2003 forest, you must prepare the forest for Windows server 2008 by running APREP (AMRAAM Producibility Enhancement Program . (ক) প্রথমে আপনার কম্পিউটার এর Name পরিবর্তন করে নেন My Computer>Right Baton>Properties> Computer Name থেকে আপনার মনের মত করে। তারপর Ok করে বের হয়ে আসুন। নিচের চিত্রের মতঃ-
(খ) installing Active Directory Domain Services এর কাজ শুরু হয়ে গেলঃ- 1. প্রথমে আপনার Windows server 2008 এর Active Directory install আছে কিনা তা chack করার জন্য প্রথমে Start> Administrative Tools> Active Directory Users and computer এ ক্লিক।
2. তারপর active directory domain services নামে একটি window আসবে ok করুন।
3. এ চিত্র দেখুন এখানে কোন Domain ইন্সটল হয়নি।
4. এখান চলুন Filnally কিভাবে Active Directory Domain Servecs বা Doamin Name ইন্সটল করতে হয়। 5. Start>Run এ click করে dcpromo লিখে Enter করুন। আর ScreenShout গুলো Flow করুন। 6. Welcome to the Active Directory Domain Services installations Wizard আসবে। এখানে User advanced mode installation এ ক্লিক করে Next এ ক্লিক।
7. আবারে Next এ ক্লিক।
8. এখানে Create a new domain in a new forest এ সিলেক্ট। যেহেতু আমার নতুন Domain ইন্সটল করব। তারপর Next.
9. এখানে আপনার Domain টি কি নামের হবে তা Type করুন। ( http://www.techtunes.com.bd একটি Domain name। তাই FQDN of the froest root domain হবে, techtunes.com.bd) আমি এখানে Domain.com দিয়েছি বুঝানোর জন্য। আপনি আপনার Domian টি কি হবে তা দিতে পারবেন। তবে খেয়ার রাখবেন আপনার Domain টি যেন অনন্য কোন Domain Name এর সাথে না মিলে। যেমন (www.techtunes.com.bd). globle world একই domain supportable হয় না। এ সম্পর্কে লিখতে অনেক সময় লাগবে।
10. নিচের চিত্রের মত এখানে Domain NetBIOS Name এ Domain চলে আসবে। কোন কিছু পরিবর্তন না করে Next করুন।
11. এ Window থেকে Forest functional level থেকে Windows server 2008 সিলেক্ট করে Next. ( আমি এ টিউনের শিরনামে বলেছি এ টিউনটির Acitve Directory domain services 2008 বা Domain Name কিভাবে install করতে হয়।
12. Additional Domain Controllation নামে একটি Window আসবে। Next করুন।
13. নিচের চিত্রের মত একটি Window আসবে। Do you want to continue. এখানে Yes করুন।
14. আবার Next করুন।
15. আপনার Adminstrator Password দিয়ে Next করুন।
16. এখানে Summary তে দেখুন Forst functional lavel: windows server 2008 এবং Domain Functional lavel: 2008 আছে। Next এ ক্লিক করুন।
17. এখন আপনার server টি Active directory Domain Services বা Domain Name ইন্সটল হতে থাকবে। Install শেষে Computer Restart চাইবে, আপনি ইচ্ছে করলে Domain ইন্সটল হওয়ার শেষে Automatic ভাবে Restart করাতে। এ জন্য আপনাকে এই Wondow এর মধ্যে Reboot on Completion কে Select করে দিতে হবে।
( Active directory domain Services ইন্সটল হতে অনেক সময় নিবে, সেই পর্যন্ত আপনাকে অপেক্ষা করতে হবে।) কম্পিউটার Restart হওয়ার পর আপনার Computer টা Logon করুন। 18. এখন Start>Administrative Tools>Active directory Users and Computers এ ক্লিক। 19. এ Wizard এ দেখুন আপনার computer টা Domain.com নামে Active directory domain Services ইন্সটল হয়েছে।
Block an IP or IP Range Using Windows IP Security Policy
If you need to block an IP, or range of IP addresses on your Windows Server 2008 or 2012 Server for security reasons you may do so by following the instructions below. If there is an IP range of a specific country you need to block and are unsure of the IP addresses allocated to the country please visit blockacountry.com to locate it's allocated IP address.
Note: Due to restrictions in our Domain Policy if you need to restrict RDP access to your server to only selected IP addresses you will need to use the instructions in our Restrict RDP Access by IP Address article.
Please take caution when blocking a large range of IP addresses as this will stop anyone in that range from accessing any sites on your server. If a restore of your server is required to regain access an additional charge may apply.
Setting up the IP Policy 1. Log into your dedicated server using Remote Desktop. 2. Click Start > Run >type MMC press OK. 3. In the console click File > Add/Remove Snap in. 4. Select the IP Security Policy Managment item in the Available snap-ins list click the Add button. 5. Leave Local Computer checked and click Finish and then OK. You should now be back to the console. 6. If no Security Policy exists yet, in the Left frame right click IP Security Policies on Local Computer and then click Create IP Security Policy then continue to next step. If a Security Policy does exist, right click on it in the Right pane and click Properties then continue to next section (Setting up the IP Filters) 7. Click Next on the first page of the Wizard 8. Name your IP Security Policy and provide a description if desired, then click Next. 9. Check the box for the Activate the default response rule option then click Next. 10. Leave the Active Directory default option on the Default Response Rule Authentication Methodpage selected and click Next. 11. On the final page of the Wizard leave the Edit properties option checked and click Finish. You should now have the properties window open. Setting up the IP Filters to ALLOW access
These steps must be completed to allow access to your server from the Managed.com subnets to allow administration of the server by Managed.com Support technicians and our access by our optimization tools. You will also need to allow any IP addresses you want to use to access your server.
Managed.com Subnets:
US: 208.88.72.0/21 and 70.34.32.0/20 UK: 212.84.80.0/22 EU 1:70.34.40.0/21 AU: 199.241.152.0/21 1. Click Add then click Next to continue. 2. Leave This rule does not specify a tunnel selected and click Next. 3. Leave all network connections selected and click Next. 4. You should now be on the IP filter list. You need to create a new filter, so don't select any of the default ones. Click Add. 5. Type a Name for your list, and a Description if desired. 6. Leave Mirrored. Match packets with the exact opposite source and destination addresses checked. Click Next. 7. Select A specific IP Address of Subnet as the Source address, enter the IP of Subnet you want to allow (see note above for Managed.com subnets) then click Next. 8. You can now select A Specific IP Address or Any IP Address for the Destination address. 9. Select the Protocol Type you wish to allow access to. Click Next and then Finish. 10. Complete the steps above for each additional IP address you want to add to the Filter. 11. Once you have added all the required IP Addresses to the list click OK. 12. Select the list you have just created from the IP Filter List and click Next. 13. In the Filter Action box click Add to create a new Action for the List you've selected. 14. Click Next on the first page of the Filter Action Wizard 15. Give your action a name such as AllowConnection and click Next. 16. Select the Permit radio button and click Next. 17. Click Finish. 18. Select the Filter Action you've just created and click Next then Finish. 19. Click OK to close the RDP Policy Properties box. Once you have added the filter to ALLOW access, follow the steps block unwanted access to the server or particular protocols.
Setting up the IP Filters to BLOCK access
Using Any IP Address as the IP Traffic Source will block access from all sources and is not recommended unless blocking access to a single protocol such as RDP, you will first need to complete the steps above to allow access to the Managed.com subnet, and any other IP addresses you wish to allow access to your server. 1. Click Add then click Next to continue. 2. Leave This rule does not specify a tunnel selected and click Next. 3. Leave all network connections selected and click Next. 4. You should now be on the IP filter list. You need to create a new filter, so don't select any of the default ones. Click Add. 5. Type a Name for your list, and a Description if desired. 6. Click Add... then click Next to continue. 7. In the description box type a description. 8. Leave Mirrored. Match packets with the exact opposite source and destination addresseschecked. Click Next. 9. Select the Source of the traffic you with to block then click Next. 10. You can now select A Specific IP Address or Any IP Address for the Destination address. 11. If you have selected A specific IP Address, type in the IP Address you want to block. Click Next. 12. Select the Protocol Type you wish to block, or select Any if you want to block access to all protocols. Next and then Finish. 13. Complete the steps above for each additional IP address you want to add to the Filter list, or if you have blocked all IP addresses continue to the next step. 14. Once you have added all the required IP Addresses to the list click OK. 15. Select the list you have just created from the IP Filter List and click Next. 16. In the Filter Action box select the BlockConnection option and click Next. 17. Click Finish. 18. Click OK to close the RDP Policy Properties box. 19. Once you're back in the Console/IP Security Policies screen, right click on the Policy you have just created and select Assign. This step will not be necessary if you are using an existing Policy.
Two-step verification on Windows and Mac
Add caption
Enhanced login protection doesn't require an iPhone or Android phone.
Two-step verification is a way to give your accounts more
protection than just a password or PIN. If you use a verification app
like Google Authenticator (iOS, Android), you log in to your account
(email, bank, Amazon, and so on) with your username and password, and
the app sends a temporary code to your phone that's the final key to get
into your account. But if you want to generate verification codes on
your desktop or laptop, you can.
Method 1: Chrome browser extensions
Using
a Chrome extension is the most approachable method, because the
extension will work on any device that runs the desktop version of the
browser. Authenticator for Chrome,
for example, works in Linux, on Google's Chromebook laptops, as well as
on Mac and Windows PCs. (Firefox doesn't currently have a comparable
option, but the newly launched Open Two-Factor Authenticator may prove as popular, in time.) Authenticator doesn't have a catchy name, but it works pretty nicely.
There's also Authy for Chrome,
but it hooks into the cloud and requires your phone number. If you're
just doing app-based two-step verification, it's more secure to perform
that function completely offline. But Authy is handy for codes generated
via SMS messages that are ordinarily sent to your phone.
How to set up Authenticator for Chrome
Let's
say you want to add Amazon two-step verification codes to
Authenticator. After installing the browser extension, go to Amazon's
website and log in. Go to Your Account, scroll down to Settings, click
Login & Security Settings, and go to Advanced Security Settings.
Click the Edit button, then Add New App in the Preferred Method section,
click the link labeled Can't Scan the Barcode, and copy the bolded
string of letters and numbers to your clipboard (Ctrl-C on your
keyboard).
Add caption
Click
the Authenticator icon in the upper-right corner of Chrome (it looks
like a tiny QR code), then the pen icon at upper right. Click the +
button and Manual Entry. Enter the email address associated with your
Amazon account into the Account section. Paste that clipboard string
into the Secret section, then click OK. Authenticator generates a new
code every 30 seconds -- to copy it quickly, just click the code, and
Authenticator will add it to your clipboard.
Authenticator may
warn you that this string is not encrypted. If you decide to create a
passphrase to encrypt the entries, be aware that you will lose access to
this entry if the passphrase is lost. For your security, there is no
password reset option.
Add caption
Method 2: Desktop client software
If
you don't want to use Chrome, or if you prefer to keep your two-step
verification code generation separate from your browser, you can install
a standalone desktop app. However, you don't have as many options.
WinAuth
is arguably the best for Windows users. It automatically supports a
variety of services like Google, Microsoft, and Steam, and you can
manually add secret strings for things like Amazon.
To do so,
navigate to the folder where you downloaded WinAuth and double-click the
app. This is not an installer file. Instead, the program is
self-contained within this EXE file. Click the Add button, then
Authenticator. Put something descriptive in the Name section, paste
Amazon's secret string from your clipboard into the field below that,
click Decode, then click Verify Authenticator. This will generate a test
code. Go back to the Amazon account page where you copied the secret
string, type this test code into the Enter Code section, and click the
button labeled Verify Code and Continue.
Add caption
WinAuth
will now give you the option to protect your codes with a password. It
will also offer to use Windows' built-in encryption or a YubiKey. You
can either create your password and click the OK button, or click the
Cancel button to bypass these protection options. (If you change your
mind later, you can access this menu by clicking the gear icon and
selecting Change Protection.)
To generate a code, click the
circular arrow button to the right of the account name. This code will
be valid for 10 seconds. Right-click the entry to see a variety of
options, like deleting it, renaming it, customizing its icon, and other
functions.
What about two-factor authentication?
With
two-factor authentication (2FA), factor one is the device you want to
log in with, and factor two is the device you use to generate codes. So
if you're generating codes on the same device you're logging in on, then
you're technically not engaging in two-factor security. You're just
using two-step verification.
Though two-step is not as secure as
two-factor, it's still useful. For instance, if an unauthorized user
breaks into a consumer database and gets your login info -- as with 68 million Dropbox accounts -- the intruder still won't be able to get into your account without the authentication code.
When
hacks like that happen (and they happen more often than we'd like), it
doesn't matter how good your password is, because the hackers will have
it right in front of them if they can decrypt the database. But they
won't have your verification code, since that's only generated on the
device that you previously authorized to generate those codes.
