Configuring and using Windows Deployment Services (WDS)

Windows Deployment Services (WDS) is a really interesting tool from Microsoft. It allows an administrator to remotely deploy Windows operating systems to machines booting from a network adapter.

In environments with a high number of clients WDS can be very useful, a new computer can be formatted just plugging the Ethernet, without any physical support like Windows DVDs or USB drives.

The configuration isn’t difficult but there are some requirements:

  • There must be an Active Directory Domain Services
  • At least one partition on the server must be formatted as NTFS
  • A DHCP server must be active to assign IP addresses to the WDS clients

Let’s see how you can configure and use the Windows Deployment Services.

How to deploy (and/or remove) software packages via GPO

One of the greatest advantages of having an Active Directory Domain is the possibility to deploy software packages via GPO (Group Policy Object). Software deployment is crucial in business environments to save time and money.

Microsoft not only gives us a simple way to deploy software, but also provides a quick solution to uninstall it when we don’t need it anymore.

How to: Software Restriction policies with AppLocker

We’ve already seen how to restrict software on Windows Server 2012 // R2 using GPOs. There’s another way available since Windows Server 2012, thanks to a feature called AppLocker.

We still use GPOsAppLocker is a subset of GPOs – to enforce software restriction but it’s easier and more powerful.

AppLocker can manage execution permissions of:

  • Executables: files with .exe extension
  • Windows installers: Windows installer packages with .msi and .msp extensions
  • Scripts: files with .ps1, .bat, .cmd, .cbs and .js extensions
  • Packaged Apps: Windows Store apps


How to configure static routes to route traffic through a specific gateway

Sometimes you may need to route traffic through a specific gateway only for destinations matching a group of IPs or a subnet.

Static routes are usually configured at the router level but you can also configure them locally, from the Windows command prompt.

The operation is quite easy, you won’t miss the GUI. In our example we are using Windows Server 2012 R2, but you can do the same with any version of Windows. (more…)

How to add a Backup Domain Controller to an existing Active Directory Domain

An Active Directory Domain with a unique Primary Domain Controller (PDC) is something that you should not rely on. A hardware failure can make your day a really bad one and, for this reason, Microsoft give us the possibility to add a (or more) Backup Domain Controller (BDC) to our domain.

The configuration is quite simple on Windows Server 2012 // R2, a much appreciated gift from Redmond.

How DNS works

The Domain Name System (DNS) is a distributed naming system for devices connected to a network or the Internet. Its main job is to translate the domain names into IPs, to allow us to access a remote website without having to know a set of numbers.

From Wikipedia:

    The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their supported domains, and may delegate authority over sub-domains to other name servers. This mechanism provides distributed and fault tolerant service and was designed to avoid the need for a single central database.

The funny part about the DNS is that works in the same way in your local network, so when you access a local PC with its name (example: pc02.thesolving.local) there’s a domain name server translating it in a local network IP address.

The DNS can store different types of records. Three are the most important ones:

  • A: translate a domain name in one or more IP addresses (32-bit)
  • CNAME: translate a domain name (alias) in another domain name
  • MX: translate a domain name in one or more IP addresses (only for emails)

The domain names tree composes the Domain Name Space. Every domain can have subdomains and it’s possible to segment this tree in zones of a single domain name or multiple domain names.

The domain hierarchy is quite simple, the more a label is on the right and higher its level is.

For example, in we have:

  • A top-level domain: org
  • A second level domain: example
  • A third level domain: explanation

It’s possible to add other levels of segmentation, up to 127 levels. The total lenght of a domain name may not exceed the length of 253 characters while each label can’t contain more than 63 characters.

A domain name resolver, the client side of the DNS, determines the domain name server responsible for a domain name by a sequence of queries. It starts with the top-level domain and go on with lower level domains.

The domain name system heavely relies on caching to avoid bottleneck and performance issues.