Configuring DFSR to a Static Port – The rest of the story

By Ned Pyle
Published Apr 04 2019 02:39 PM

First published on TechNet on Jul 16, 2009
Ned-san here again. Customers frequently call us about configuring their servers to listen over specific network ports. This is usually to satisfy firewall rules – more on this later. A port in TCP/IP is simply an endpoint to communication between computers. Some are reserved, some are well-known, and the rest are simply available to any application to use. Today I will explain the network communication done through all facets of DFSR operation and administration. Even if you don’t care about firewalls and ports, this should shed some light on DFSR networking in general, and may save you skull sweat someday.

DFSR and RPC

Plenty of Windows components support hard-coding to exclusive ports, and at a glance, DFSR is no exception. By running the DFSRDIAG STATICRPC command against the DFSR servers you force them to listen on whatever port you like for file replication:

thumbnail image 1 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

Many Windows RPC applications use the Endpoint Mapper (EPM) component for these types of client-server operations. It’s not a requirement though; an RPC application is free to declare its own port and only listen on that one, with a client that is hard-coded to contact that port only. This range of ports is 1025-5000 in Windows Server 2003 and older, and 49152-65535 in Vista and … DFSR uses EPM.

Update 3/3/2011 (nice catch Walter)

As you have probably found, we later noticed a bug in DFSR on Win2008 and Win2008 R2 DCs (only – not member servers) where the service would always send-receive on port 5722. This article was done before that and doesn’t reflect it. Read more on this here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;832017

http://blogs.technet.com/b/askds/archive/2010/05/14/friday-mail-sack-it-s-about-to-get-re…
All of the below is accurate for non-DCs

By setting the port, you are telling EPM to always respond with the same port instead of one within the dynamic range. So when DFSR contacted the other server, it would only need to use two ports:

thumbnail image 2 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

So with a Netmon 3.3 capture, it will look something like this when the DFSR service starts up:

1. The local computer opens a dynamic client port and connects to EPM on the remote computer, asking for connectivity to DFSR.

thumbnail image 3 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

2. That remote computer responds with a port that the local computer can connect to for DFSR communication. Because I have statically assigned port 55555, the remote computer will always respond with this port.

thumbnail image 4 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

3. The local computer then opens a new client port and binds to that RPC port on the remote server, where the DFSR service is actually listening. At this point two DFSR servers can replicate files between each other.

thumbnail image 5 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

The Rest of the Story

If it’s that easy, why the blog post? Because there’s much more DFSR than just the RPC replication port. To start, your DFSR servers need to be able to contact DC’s. To do that, they need name resolution. And they will need to use Kerberos. And the management tools will need DRS API connectivity to the DC’s. There will also need to be SMB connectivity to create replicated folders and communicate with the Service Control Manager to manipulate DFSR. And all of the above also need the dynamic client ports available outbound through the firewall to allow that communication. So now that’s:

  • EPM port 135 (inbound on remote DFSR servers and DC’s)
  • DFSR port (inbound on remote DFSR servers)
  • SMB port 445 (inbound on remote DFSR servers)
  • DNS port 53 (inbound on remote DNS servers)
  • LDAP port 389 (inbound on remote DC’s)
  • Kerberos port 88 (inbound on remote DC’s)
  • Ports 1025-5000 or 49152-65535 (outbound, Win2003 and Win2008 respectively – and inbound on remote DC’s).

Let’s see this in action. Here I gathered a Netmon 3.3 capture of configuring a new replication group:

  • Server-01 – IP 10.10.0.101 – DC/DNS
  • Server-02 – IP 10.10.0.102 – DFSR
  • Server-03 – IP 10.10.0.103 – DFSR
  • Server-04 – IP 10.10.0.104 – Computer running the DFSMGMT.MSC snap-in

1. First the snap-in gets name resolution for the DC from my management computer (local port 51562 to remote port 53):

thumbnail image 6 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

2. Then it contacts the DC – the EPM is bound (local port 49199 to remote port 135) and a dynamic port is negotiated so that the client knows which port on which to talk to the DC (port 49156).

thumbnail image 7 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

3. Having connected to the DC through RPC to DRS (a management API), it then returns information about the domain and other things needed by the snap-in.

thumbnail image 8 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

4. The snap-in then performs an LDAP query to the DC to locate the DFSR-GlobalSettings container in that domain o that it can read in any new Replication Groups (local port 49201 to remote port 389).

thumbnail image 9 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

5. The snap-performs LDAP and DNS queries to get the names of the computers being selected for replication:

thumbnail image 10 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

6. The DFSR service must be verified (is it installed? Is it running?) This requires a Kerberos CIFS (SMB) request to the DC as well as an SMB connection to the DFSR servers – this is actually a ‘named pipe’ operation over remote port 445, where RPC uses SMB as a transport:

thumbnail image 11 of blog post titled
Configuring DFSR to a Static Port - The rest of the story
thumbnail image 12 of blog post titled
Configuring DFSR to a Static Port - The rest of the story
thumbnail image 13 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

7. The Replicated Folders are created (or verified to exist) on the DFSR servers – I called mine ‘testrf’. This uses SMB again from the snap-in computer to the DFSR server, over remote port 445:

thumbnail image 14 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

8. The snap-in will write all the configuration data through LDAP over remote port 389 against the DC. This creates all the AD objects and attributes, creates the topology, writes to each DFSR computer object, etc. There are quite a few frames here so I will just highlight a bit of it:

thumbnail image 15 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

9. If you wait for AD replication to complete and the DFSR servers to poll for changes, you will see the DFSR servers request configuration info through LDAP, and then start working normally on their static RPC port 55555 – just like I showed at the beginning of this post above.

DCOM and WMI

All of the things I’ve discussed are guaranteed needs in order to use DFSR. For the most part you don’t have to have too many remote ports open on the DFSR server itself. However, if you want to use tools like DFSRDIAG.EXE and WMIC.EXE remotely against a DFSR server, or have a remote DFSR server generate ‘Diagnostic Health Reports’, there is more to do.

DFSR utilizes Windows Management Instrumentation as its ‘quasi-API’. When tools like DFS Management are run to generate health reports, or DFSRDIAG POLLAD is targeted against a remote server, you are actually using DCOM and WMI to tell the targeted server to perform actions on your behalf.

There is no mechanism to control which RPC DCOM/WMI will listen on as there is for DFSR and other services. At service startup DCOM/WMI will pick the next available dynamic RPC port. This means in theory that you would have to have open the entire range of dynamic ports for the target OS, 1025-5000 (Win2003) or 49152-65535 (Win2008)

For example, here I am running DFSRDIAG POLLAD /MEM:2008-02 to force that server to poll its DC for configuration changes. Note the listening port that I am talking to on the DFSR server (hint – it’s not 55555):

thumbnail image 16 of blog post titled
Configuring DFSR to a Static Port - The rest of the story
thumbnail image 17 of blog post titled
Configuring DFSR to a Static Port - The rest of the story
thumbnail image 18 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

And in my final example, here I am running the DFS Management snap-in and requesting a diagnostic health report. Note again how we use DCOM/WMI/RPC and do not connect directly to the DFSR service; again this requires that we have all those inbound dynamic ports open on the DFSR server:

thumbnail image 19 of blog post titled
Configuring DFSR to a Static Port - The rest of the story

Wrap Up

So is it worth it to try and use a static replication port? Maybe. If you don’t plan on directly administering a DFSR server and just need it talking to its DC, its DNS server, and its replication partners, can definitely keep the number of ports used quite low. But if you ever want to communicate directly with it as an administrator, you will need quite a few holes punched through your firewall.

That is, unless you are using IPSEC tunnels through your Firewalls like we recommend. 🙂

– Ned ‘Honto’ Pyle

Source :
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/configuring-dfsr-to-a-static-port-the-rest-of-the-story/ba-p/396746

What Is DFS Replication and How to Configure It?

Updated: May 23, 2023
By: NAKIVO Team

File shares are used in organizations to allow users to access and exchange files. If the number of file shares is large, it may be difficult to manage them because mapping many shared resources to each user’s computer takes time and effort. If the configuration of one file share changes, you need to update shared drive mappings for all users using this share. In this case, DFS can help you optimize the hierarchy of shared folders to streamline administration and the use of shared resources.

This blog post explains DFS configuration and how to set up DFS replication in Windows Server 2019.

NAKIVO for Windows Backup

NAKIVO for Windows Backup

Fast backup of Windows servers and workstations to onsite, offiste and cloud. Recovery of full machines and objects in minutes for low RTOs and maximum uptime.

DISCOVER SOLUTION

What Is DFS and How It Works

A Distributed File System (DFS) is a logical organization that transparently groups existing file shares on multiple servers into a structured hierarchy. This hierarchy can be accessed using a single share on a DFS server.
A DFS file share can be replicated across multiple file servers in different locations to optimize server load and increase access speed to shared files. In this case, a user can access a file share on a server that is closest to them. DFS is intended to simplify access to shared files.

Using a DFS namespace server

DFS uses the Server Message Block (SMB) protocol, which is also known as the Common Internet File System (CIFS). Microsoft’s implementation of DFS doesn’t work with other file sharing protocols like NFS or HDFS. However, you can connect multiple SMB shares configured on NAS devices and Linux machines using Samba to your DFS server running on Windows Server. DFS consists of server and client components.

You can configure one DFS share that includes multiple file shares and connect users to this single file share using a unified namespace. When users connect to this file share using a single path, they see a tree structure of shared folders (as they are subfolders of the main share) and can access all needed file shares transparently. Underlying physical file servers hosting file shares are abstracted from the namespace used to access shares. DFS namespaces and DFS replication are the two main components used for DFS functioning.

What is a DFS namespace?

A DFS namespace is a virtual folder that contains links to shared folders stored on different file servers. DFS namespaces can be organized in different ways depending on business needs. They can be organized by geographical location, organization units, a combination of multiple parameters, etc. You can configure multiple namespaces on a DFS server. A DFS namespace can be standalone or domain-based.

DFS namespace and folder targets
  • standalone DFS namespace stores configuration information and metadata locally on a root server in the system registry. A path to access the root namespace is started with the root server name. A standalone DFS namespace is located only on one server and is not fault-tolerant. If a root server is unavailable, the entire DFS namespace is unavailable. You can use this option if you don’t have an Active Directory domain configured (when using a Workgroup).
  • domain-based DFS namespace stores configuration in Active Directory. A path to access a root namespace starts with the domain name. You can store a domain-based DFS namespace on multiple servers to increase the namespace availability. This approach allows you to provide fault tolerance and load balancing across servers. Using domain-based DFS namespaces is recommended.

A namespace consists of the root, links (folders), and folder targets.

  • namespace root is a starting point of a DFS namespace tree. Depending on the type, a namespace can look like this:

\\ServerName\RootName (a standalone namespace)

\\DomainName\RootName (a domain-based namespace)

  • namespace server is a physical server (or a VM) that hosts a DFS namespace. A namespace server can be a regular server with the DFS role installed or a domain controller.
  • folder is a link in a DFS namespace that points to a target folder containing content for user access. There are also folders without targets used for organizing the structure.
  • folder target is a link to a shared file resource located on a particular file server and available via the UNC path (Universal Naming Convention). A folder target is associated with the folder in a DFS namespace, for example, \\FS2\TestShare on the FS2 server. A folder target is what users need to access files.

One folder target can be a link to a single folder or multiple folders (if these folders are located on two different servers and are synchronized/replicated with each other). For example, a user needs to access \\DFS-server01\TestShare\Doc but depending on the user’s location, the user is redirected to a shared folder \\FS01\Doc or \\FS02\Doc.

The DFS tree structure includes the following components:

  • DFS root, which is a DFS server on which the DFS service is running
  • DFS links, which are links pointing to network shares used in DFS
  • DFS targets, which are real network shares to which DFS links point

What is DFS replication?

DFS replication is a feature used to duplicate existing data by replicating copies of that data to multiple locations. Physical file shares can be synchronized with each other at two or more locations.

An important feature of DFS replication is that the replication of a file starts only after that file has been closed. For this reason, DFS replication is not suitable for replicating databases, given that databases have files opened during the operation of a database management system. DFS replication supports multi-master replication technology, and any member of a replication group can change data that is then replicated.

DFS replication group is a group of servers participating in the replication of one or multiple replication folders. A replicated folder is synchronized between all members of the replication group.

DFS replication group

DFS replication uses a special Remote Differential Compression algorithm that allows DFS to detect changes and copy only changed blocks of files instead of copying all data. This approach allows you to save time and reduce replication traffic over the network.

DFS replication is performed asynchronously. There can be a delay between writing changes to the source location and replicating those changes to the target location.

DFS Replication topologies

There are two main DFS replication topologies:

  • Hub and spoke. This topology requires at least three replication members: one which acts as a hub and two others act as spokes. This technique is useful if you have a central source originating data (hub) and you need to replicate this data to multiple locations (spokes).
  • Full mesh. Each member of a replication group replicates data to each group member. Use this technique if you have 10 members or less in a replication group.

What are the requirements for DFS?

The main requirement is using Windows Server 2008 DataCenter or Enterprise editions, Windows Server 2012, or a newer Windows Server version. It is better to use Windows Server 2016 or Windows Server 2019 nowadays.

NTFS must be a file system to store shared files on Windows Server hosts.

If you use domain-based namespaces, all servers of a DFS replication group must belong to one Active Directory forest.

How to Set Up DFS in Your Windows Environment

You need to prepare at least two servers. In this example, we use two machines running Windows Server 2019, one of which is an Active Directory domain controller:

  • Server01-dc.domain1.local is a domain controller.
  • Server02.domain1.local is a domain member.

This is because configuring DFS in a domain environment has advantages compared to Workgroup, as explained above. The domain name is domain1.local in our case. If you use a domain, don’t forget to configure Active Directory backup.

Enable the DFS roles

First of all, you need to enable the DFS roles in Windows Server 2019.

  1. Open Server Manager.
  2. Click Add Roles and Features in Server Manager.
  3. Select Role-based or featured-based installation in the Installation type screen of the Add Roles and Features wizard.
  4. In the Server Selection screen, make sure your current server (which is a domain controller in our case) is selected. Click Next at each step of the wizard to continue.
  5. Select server roles. Select DFS Namespaces and DFS Replication, as explained in the screenshot below.
Setting up DFS in Windows Server 2019 – installing DFS roles
  1. In the Features screen, you can leave settings as is.
  2. Check your configuration in the confirmation screen and if everything is correct, click Install.
  3. Wait for a while until the installation process is finished and then close the window.

DFS Namespace Setup

Create at least one shared folder on any server that is a domain member. In this example, we create a shared folder on our domain controller. The folder name is shared01 (D:\DATA\shared01).

Creating a shared folder

  1. Right-click a folder and, in the context menu, hit Properties.
  2. On the Sharing tab of the folder properties window, click Share.
  3. Share the folder with Domain users and set permissions. We use Read/Write permissions in this example.
  4. Click Share to finish. Then you can close the network sharing options window.
Sharing a folder in Windows Server 2019 to set up DFS

Now the share is available at this address:

\\server01-dc\shared01

Creating a DFS namespace

Let’s create a DFS namespace to link shared folders in a namespace.

  • Press Win+R and run dfsmgmt.msc to open the DFS Management window. You can also run this command in the Windows command line (CMD).

As an alternative, you can click Start > Windows Administrative Tools > DFS Management.

  • In the DFS Management section, click New Namespace.
How to configure DFS namespaces
  • The New Namespace Wizard opens in a new window.
  1. Namespace Server. Enter a server name. If you are not sure that the name is correct, click Browse, enter a server name and click Check Names. In this example, we enter the name of our domain controller (server01-dc). Click Next at each step of the wizard to continue.
Adding a DFS namespace server
  1. Namespace Name and Settings. Enter a name for a namespace, for example, DFS-01. Click Edit Settings.
Entering a name for a DFS namespace

Pay attention to the local path of a shared folder. Change this path if needed. We use the default path in our example (C:\DFSRoots\DFS-01).

  1. You need to configure access permissions for network users. Click Use custom permissions and hit Customize.
Configuring access permissions for a shared folder on a DFS namespace server
  1. We grant all permissions for domain users (Full Control). Click Add, select Domain Users, select the appropriate checkboxes, and hit OK to save settings.
Configuring permissions for a shared folder
  1. Namespace type. Select the type of namespace to create. We select Domain-based namespace and select the Enable Windows Server 2008 mode checkbox. Select this checkbox if the functional level of your domain is Windows Server 2008 when you use Windows Server 2016 or Windows Server 2019 for better compatibility.

It is recommended that you use a Domain-based namespace due to advantages such as high DFS namespace availability by using multiple namespace servers and transferring namespaces to other servers.

Selecting a domain-based namespace for DFS configuration
  1. Review Settings. Review settings and, if everything is correct, click Create.
Reviewing configuration to finish DFS namespace setup
  1. Confirmation. The window view in case of success is displayed in the screenshot below. The namespace creation has finished. Click Close.
A DFS namespace has been created

Adding a new folder to a namespace

Now we need to add a new folder into the existing namespace. We are adding a folder on the same server, which is a domain controller, but this method is applicable for all servers within a domain.

  1. Open the DFS management window by running dfsmgmt.msc as we did before. Perform the following actions in the DFS management window.
  2. In the left pane, expand a namespace tree and select a namespace (\\domain1.local\DFS-01\ in our case).
  3. In the right pane (the Actions pane), click New Folder.
  4. In the New Folder window, enter a folder name, for example, Test-Folder to link the DFS folder and a shared folder created before. Click Add.
Adding a new folder into a DFS namespace
  1. Enter the path to the existing folder. We use \\server01-dc\shared01 in this example. You can click Browse and select a folder. Click OK to save the path to the folder target.
Adding a folder target

The folder target has been added.

  1. Click OK to save settings and close the New Folder window.
A folder target has been added

Now you can access the shared folder by entering the network address in the address bar of Windows Explorer:

\\server01-dc\dfs-01\Test-Folder

You should enter a path in the format:

\\DomainName\DFS-NameSpace\

Accessing a shared folder in Windows Explorer

How to Configure DFS Replication

We need to configure the second server to replicate data. The name of the second server is Server02 and this server is added to the domain1.local domain in this example. Add your second server to a domain if you have not done this operation before.
Install the DFS roles, as we did for the first server. As an alternative method, you can use PowerShell instead of the Add Roles wizard. Run these two commands in PowerShell to install DFS replication and DFS namespace roles.

Install-WindowsFeature -name “FS-DFS-Replication” -IncludeManagementTools

Install-WindowsFeature -name “FS-DFS-Namespace” -IncludeManagementTools

First of all, we need to install the DFS Replication role on the second server.

How to set up DFS roles in PowerShell

Create a folder for replicated data, for example, D:\Replication

We are going to use this folder to replicate data from the first folder created on the first server before.

Share this folder (D:\Replication) on the second server and configure access permissions the same way as for the previous shared folder. In this example, we share the folder with Domain Users and grant Read/Write permissions.

Sharing a folder on the second server

The network path is \\server02\replication in this example after sharing this folder. To check the network path to the folder, you can right-click the folder name and open the Sharing tab.

Let’s go back to the domain controller (server01-dc) and open the DFS Management window.

In the left pane of the DFS Management window, expand the tree and select the namespace created before (Test-Folder in this case).

Click Add Folder Target in the Actions pane located in the top right corner of the window.

The New Folder Target window appears. Enter the network path of the folder that was created on the second server before:

\\Server02\Replication

Click OK to save settings and close the window.

Adding a new folder target to configure Windows DFS replication

A notification message is displayed:

A replication group can be used to keep these folder targets synchronized. Do you want to create a replication group?

Click Yes.

A notification message is displayed when creating a DFS replication group

Wait until the configuration process is finished.

As a result, you should see the Replicate Folder Wizard window. Perform the next steps in the wizard window.

Check the replication group name and replicated folder name. Click Next to continue.

Entering a replication group name and replication folder name

Check folder paths in the Replication Eligibility screen.

Checking paths of shared folders

Select the primary member from the drop-down list. In this example, the primary member is Server01-dc. Data from the primary member is replicated to other folders that are a part of the DFS namespace.

Selecting a primary member when configuring DFS replication

Select the topology of connections for replication.

Full mesh is the recommended option when using a DFS replication group with less than ten servers. We use Full mesh to replicate changes made on one server to other servers.

The No Topology option can be used if you want to create a custom topology after finishing the wizard.

The Hub and spoke option is inactive (grayed out) because we use less than three servers.

Selecting a full mesh topology to configure DFS replication

Configure replication group schedule and bandwidth. There are two options:

  • Replicate continuously using the specified bandwidth. Replication is performed as soon as possible. You can allocate bandwidth. Continuous replication of data that changes extensively can consume a lot of network bandwidth. To avoid a negative impact on other processes using the network, you can limit bandwidth for DFS replication. Keep in mind that hard disk load can be high.
  • Replicate during the specified days and times. You can configure the schedule to perform DFS replication at the custom date and time. You can use this option if you don’t need to always have the last version of replicated data in target folders.

We select the first option in our example.

Setting up DFS replication group schedule

Review settings for your DFS replication group. If everything is correct, click Create.

Reviewing settings for a DFS replication group before finishing configuration

View the DFS replication configuration status on the Confirmation screen. You should see the Success status for all tasks as displayed on the screenshot below. Click Close to close the wizard window.

A DFS replication group has been created successfully

A notification message about the replication delay is displayed. Read the message and hit OK.

A notification message about DFS replication delay

DFS replication has been configured. Open a shared folder from which data must be replicated initially. Write a file to that network folder and check whether the new data is replicated to the second folder on another server. Don’t forget that opened files are not replicated until they are closed after saving changes to a disk. In a few moments, you should see a file-replica in the target folder.

Using filters for DFS Replication

Use file filters to select the file types you don’t want to replicate. Some applications can create temporary files and replicating them wastes network bandwidth, loads hard disk drives, consumes additional storage space in the target folder, and increases overall time to replicate data. You can exclude the appropriate file types from DFS replication by using filters.

To configure filters, perform the following steps in the DFS Management window:

  1. Expand the Replication tree in the navigation pane and select the needed DFS replication group folder name (domain1.local\dfs-01\Test-folder in our case).
  2. Select the Replicated Folders tab.
  3. Select the needed folder, right-click the folder name and hit Properties. Alternatively, you can select the folder and click Properties in the Actions pane.
  4. Set the filtered file types by using masks in the folder properties window. In this example, files matching the rule are excluded from replication:

~*, *.bak, *.tmp

You can also filter subfolders, for example, exclude Temp subfolders from DFS replication.

Configuring DFS replication filters

Staging location

There can be a conflict when two or more users save changes to a file before these changes are replicated. The most recent changes have precedence for replication. Older versions of changed files are moved to the Conflict or Deleted folder. This issue can happen when replication speed is low and the file size is large (amount of changes is high) when the amount of time to transfer changed data is lower than the interval between writing changes to the file by users.

Staging folders act as a cache for new and changed files that are ready to be replicated from source folders to target folders. The staging location is intended for files that exceed a certain file size. Staging is used as a queue to store files that must be replicated and ensure that changes can be replicated without worrying about changes to them during the transfer process.

Another aspect of configuring staging folders is performance optimization. DFS replication can consume additional CPU and disk resources, slow down and even stop if the staging quota is too small for your tasks. The recommended size of the staging quota is equal to the size of the 32 largest files in the replication folder.

You can edit staging folder properties for DFS Replication in the DFS Management window:

  1. Select a replication group in the left pane of the DFS Management window.
  2. Select the Memberships tab.
  3. Select the needed replication folder, right-click the folder, and hit Properties.
  4. Select the Staging tab in the Properties window.
  5. Edit the staging path and quota according to your needs.
Configuring DFS staging location

Saved changes are not applied immediately. New staging settings must be replicated across all DFS servers within a domain. Time depends on Active Directory Domain Services replication latency and the polling interval of servers (5 minutes or more). Server reboot is not required.

DFS Replication vs. Backup

Don’t confuse DFS Replication of data in shared folders and data backup. DFS replication makes copies of data on different servers, but if unwanted changes are written to a file on one server, these changes are replicated to other servers. As a result, you don’t have a recovery point because the file has been overwritten with unwanted changes on all servers and you can use it for recovery in case of failure. This threat is present in case of a ransomware attack.

Use NAKIVO Backup & Replication to protect data stored on your physical Windows Server machines including data stored in shared folders. The product also supports Hyper-V VM backup and VMware VM backup at the host level for effective protection.

1 Year of Free Data Protection: NAKIVO Backup & Replication

1 Year of Free Data Protection: NAKIVO Backup & Replication

Deploy in 2 minutes and protect virtual, cloud, physical and SaaS data. Backup, replication, instant recovery options.

GET THE FREE EDITION

Conclusion

Distributed File System (DFS) can significantly simplify shared resources management for administrators and make accessing shared folders more convenient for end-users. DFS makes transparent links to shared folders located on different servers.

DFS namespaces and DFS replication are two main features that you can configure in the DFS Management window after installing the appropriate Windows server roles. Opt for configuring DFS in a domain environment rather than in a Workgroup environment because there are many advantages, such as high availability and flexibility in an Active Directory domain.

Source :
https://www.nakivo.com/blog/configure-dfs-replication-for-windows-server/

The Ultimate Guide to Password Best Practices: Guarding Your Digital Identity

Dirk Schrader
Published: November 14, 2023
Updated: November 24, 2023

In the wake of escalating cyber-attacks and data breaches, the ubiquitous advice of “don’t share your password” is no longer enough. Passwords remain the primary keys to our most important digital assets, so following password security best practices is more critical than ever. Whether you’re securing email, networks, or individual user accounts, following password best practices can help protect your sensitive information from cyber threats.

Read this guide to explore password best practices that should be implemented in every organization — and learn how to protect vulnerable information while adhering to better security strategies.

The Secrets of Strong Passwords

A strong password is your first line of defense when it comes to protecting your accounts and networks. Implement these standard password creation best practices when thinking about a new password:

  • Complexity: Ensure your passwords contain a mix of uppercase and lowercase letters, numbers, and special characters. It should be noted that composition rules, such as lowercase, symbols, etc. are no longer recommended by NIST — so use at your own discretion.
  • Length: Longer passwords are generally stronger — and usually, length trumps complexity. Aim for at least 6-8 characters.
  • Unpredictability: Avoid using common phrases or patterns. Avoid using easily guessable information like birthdays or names. Instead, create unique strings that are difficult for hackers to guess.

Handpicked related content:

Combining these factors makes passwords harder to guess. For instance, if a password is 8 characters long and includes uppercase letters, lowercase letters, numbers and special characters, the total possible combinations would be (26 + 26 + 10 + 30)^8. This astronomical number of possibilities makes it exceedingly difficult for an attacker to guess the password.

Of course, given NIST’s updated guidance on passwords, the best approach to effective password security is using a password manager — this solution will not only help create and store your passwords, but it will automatically reject common, easy-to-guess passwords (those included in password dumps). Password managers greatly increase security against the following attack types.

Password-Guessing Attacks

Understanding the techniques that adversaries use to guess user passwords is essential for password security. Here are some of the key attacks to know about:

Brute-Force Attack

In a brute-force attack, an attacker systematically tries every possible combination of characters until the correct password is found. This method is time-consuming but can be effective if the password is weak.

Strong passwords help thwart brute force attacks because they increase the number of possible combinations an attacker must try, making it unlikely they can guess the password within a reasonable timeframe.

Dictionary Attack

A dictionary attack is a type of brute-force attack in which an adversary uses a list of common words, phrases and commonly used passwords to try to gain access.

Unique passwords are essential to thwarting dictionary attacks because attackers rely on common words and phrases. Using a password that isn’t a dictionary word or a known pattern significantly reduces the likelihood of being guessed. For example, the string “Xc78dW34aa12!” is not in the dictionary or on the list of commonly used passwords, making it much more secure than something generic like “password.”

Dictionary Attack with Character Variations

In some dictionary attacks, adversaries also use standard words but also try common character substitutions, such as replacing ‘a’ with ‘@’ or ‘e’ with ‘3’. For example, in addition to trying to log on using the word “password”, they might also try the variant “p@ssw0rd”.

Choosing complex and unpredictable passwords is necessary to thwart these attacks. By using unique combinations and avoiding easily guessable patterns, you make it challenging for attackers to guess your password.

How Password Managers Enhance Security

Password managers are indispensable for securely storing and organizing your passwords. These tools offer several key benefits:

  • Security: Password managers store passwords and enter them for you, eliminating the need for users to remember them all. All users need to remember is the master password for their password manager tool. Therefore, users can use long, complex passwords as recommended by best practices without worrying about forgetting their passwords or resorting to insecure practices like writing passwords down or reusing the same password for multiple sites or applications.
  • Password generation: Password managers can generate a strong and unique password for user accounts, eliminating the need for individuals to come up with them.
  • Encryption: Password managers encrypt password vaults, ensuring the safety of data — even if it is compromised.
  • Convenience: Password managers enable users to easily access passwords across multiple devices.

When selecting a password manager, it’s important to consider your organization’s specific needs, such as support for the platforms you use, price, ease of use and vendor breach history. Conduct research and read reviews to identify the one that best aligns with your organization’s requirements. Some noteworthy options include Netwrix Password Secure, LastPass, Dashlane, 1Password and Bitwarden.

How Multifactor Authentication (MFA) Adds an Extra Layer of Security

Multifactor authentication strengthens security by requiring two or more forms of verification before granting access. Specifically, you need to provide at least two of the following authentication factors:

  • Something you know: The classic example is your password.
  • Something you have: Usually this is a physical device like a smartphone or security token.
  • Something you are: This is biometric data like a fingerprint or facial recognition.

MFA renders a stolen password worthless, so implement it wherever possible.

Password Expiration Management

Password expiration policies play a crucial role in maintaining strong password security. Using a password manager that creates strong passwords also has an influence on password expiration. If you do not use a password manager yet, implement a strategy to check all passwords within your organization; with a rise in data breaches, password lists (like the known rockyou.txt and its variations) used in brute-force attacks are constantly growing. The website haveibeenpawned.com offers a service to check whether a certain password has been exposed. Here’s what users should know about password security best practices related to password expiration:

  • Follow policy guidelines: Adhere to your organization’s password expiration policy. This includes changing your password when prompted and selecting a new, strong password that meets the policy’s requirements.
  • Set reminders: If your organization doesn’t enforce password expiration via notifications, set your own reminders to change your password when it’s due. Regularly check your email or system notifications for prompts.
  • Avoid obvious patterns: When changing your password, refrain from using variations of the previous one or predictable patterns like “Password1,” “Password2” and so on.
  • Report suspicious activity: If you notice any suspicious account activity or unauthorized password change requests, report them immediately to your organization’s IT support service or helpdesk.
  • Be cautious with password reset emails: Best practice for good password security means being aware of scams. If you receive an unexpected email prompting you to reset your password, verify its authenticity. Phishing emails often impersonate legitimate organizations to steal your login credentials.

Password Security and Compliance

Compliance standards require password security and password management best practices as a means to safeguard data, maintain privacy and prevent unauthorized access. Here are a few of the laws that require password security:

  • HIPAA (Health Insurance Portability and Accountability Act): HIPAA mandates that healthcare organizations implement safeguards to protect electronic protected health information (ePHI), which includes secure password practices.
  • PCI DSS (Payment Card Industry Data Security Standard): PCI DSS requires organizations that handle payment card data on their website to implement strong access controls, including password security, to protect cardholder data.
  • GDPR (General Data Protection Regulation): GDPR requires organizations that store or process the data of EU residents to implement appropriate security measures to protect personal data. Password security is a fundamental aspect of data protection under GDPR.
  • FERPA (Family Educational Rights and Privacy Act): FERPA governs the privacy of student education records. It includes requirements for securing access to these records, which involves password security.

Organizations subject to these compliance standards need to implement robust password policies and password security best practices. Failure to do so can result in steep fines and other penalties.

There are also voluntary frameworks that help organizations establish strong password policies. Two of the most well known are the following:

  • NIST Cybersecurity Framework: The National Institute of Standards and Technology (NIST) provides guidelines and recommendations, including password best practices, to enhance cybersecurity.
  • ISO 27001: ISO 27001 is an international standard for information security management systems (ISMSs). It includes requirements related to password management as part of its broader security framework.

Password Best Practices in Action

Now, let’s put these password security best practices into action with an example:

Suppose your name is John Doe and your birthday is December 10, 1985. Instead of using “JohnDoe121085” as your password (which is easily guessable), follow these good password practices:

  • Create a long, unique (and unguessable) password, such as: “M3an85DJ121!”
  • Store it in a trusted password manager.
  • Enable multi-factor authentication whenever available.

10 Password Best Practices

If you are looking to strengthen your security, follow these password best practices:

  • Remove hints or knowledge-based authentication: NIST recommends not using knowledge-based authentication (KBA), such as questions like “What town were you born in?” but instead, using something more secure, like two-factor authentication.
  • Encrypt passwords: Protect passwords with encryption both when they are stored and when they are transmitted over networks. This makes them useless to any hacker who manages to steal them.
  • Avoid clear text and reversible forms: Users and applications should never store passwords in clear text or any form that could easily be transformed into clear text. Ensure your password management routine does not use clear text (like in an XLS file).
  • Choose unique passwords for different accounts: Don’t use the same, or even variations, of the same passwords for different accounts. Try to come up with unique passwords for different accounts.
  • Use a password management: This can help select new passwords that meet security requirements, send reminders of upcoming password expiration, and help update passwords through a user-friendly interface.
  • Enforce strong password policies: Implement and enforce strong password policies that include minimum length and complexity requirements, along with a password history rule to prevent the reuse of previous passwords.
  • Update passwords when needed: You should be checking and – if the results indicate so – updating your passwords to minimize the risk of unauthorized access, especially after data breaches.
  • Monitor for suspicious activity: Continuously monitor your accounts for suspicious activity, including multiple failed login attempts, and implement account lockouts and alerts to mitigate threats.
  • Educate users: Conduct or partake in regular security awareness training to learn about password best practices, phishing threats, and the importance of maintaining strong, unique passwords for each account.
  • Implement password expiration policies: Enforce password expiration policies that require password changes at defined circumstances to enhance security.

How Netwrix Can Help

Adhering to password best practices is vital to safeguarding sensitive information and preventing unauthorized access.

Netwrix Password Secure provides advanced capabilities for monitoring password policies, detecting and responding to suspicious activity and ensuring compliance with industry regulations. With features such as real-time alerts, comprehensive reporting and a user-friendly interface, it empowers organizations to proactively identify and address password-related risks, enforce strong password policies, and maintain strong security across their IT environment.

Conclusion

In a world where cyber threats are constantly evolving, adhering to password management best practices is essential to safeguard your digital presence. First and foremost, create a strong and unique password for each system or application — remember that using a password manager makes it much easier to adhere to this critical best practice. In addition, implement multifactor authentication whenever possible to thwart any attacker who manages to steal your password. By following the guidelines, you can enjoy a safer online experience and protect your valuable digital assets.

Dirk Schrader

Dirk Schrader is a Resident CISO (EMEA) and VP of Security Research at Netwrix. A 25-year veteran in IT security with certifications as CISSP (ISC²) and CISM (ISACA), he works to advance cyber resilience as a modern approach to tackling cyber threats. Dirk has worked on cybersecurity projects around the globe, starting in technical and support roles at the beginning of his career and then moving into sales, marketing and product management positions at both large multinational corporations and small startups. He has published numerous articles about the need to address change and vulnerability management to achieve cyber resilience.

Source :
https://blog.netwrix.com/2023/11/15/password-best-practices/

How to Set Up a VLAN

Diego Asturias UPDATED: July 11, 2023


If you want to improve your network security and performance, learning how to set up a VLAN properly is all you need. Virtual LANs are powerful networking tools that allow you to segment your network into logical groups and isolate traffic between them.

In this post, we will go through the steps required to set up a VLAN in your network. We will configure two switches along with their interfaces and VLANs, respectively.

So, let’s dive in and learn how to set up VLANs and take your network to the next level.

Table of Contents

  • What is a VLAN?
  • Preparing for VLAN configuration
    • Our Lab
    • Network Diagram
  • How to set up a VLAN on a Switch?
    • Let’s connect to the Switch
    • Configure VLANs
    • Assign switch ports to VLANs
    • Configure trunk ports
  • Extra Configuration to Consider

What is a VLAN?

Before we go deep into learning how to set up a VLAN and provide examples, let’s understand the foundations of VLANs (or Virtual Local Area Networks).

In a nutshell, VLANs are logical groupings of devices that rely on Layer 2 addresses (MAC) for communication. VLANs are implemented to segment a physical network (or large Layer two broadcast domains) into multiple smaller logical networks (isolated broadcast domains).

Each VLAN behaves as a separate network with its own broadcast domain. VLANs help prevent broadcast storms (extreme amounts of broadcast traffic). They also help control traffic and overall improve network security and performance.

Preparing for VLAN configuration

Although VLANs are usually left for Layer 2 switches, in reality, any device (including routers and L3 switches) with switching capabilities and support of VLAN configuration should be an excellent fit for VLANs. In addition, VLANs are supported by different vendors, and since each vendor has a different OS and code, the way the VLANs are configured may slightly change.

Furthermore, you can also use specific software such as network diagramming and simulation to help you create network diagrams and test your configuration.

Our Lab

We will configure a popular Cisco (IOS-based) switch for demonstration purposes. We will use Boson NetSim (a network simulator for Cisco networking hardware and software) to run Cisco IOS simulated commands. This simulation is like you were configuring an actual Cisco switch or router.

Network Diagram

To further illustrate how to set up a VLAN, we will work on the following network diagram. We will configure two VLANs in two different switches. We will then configure each port on the switches connected to a PC. We will then proceed to configure the trunk port, which is vital for VLAN traffic.

Network Diagram

Network diagram details

  • S2 and S3 (Switch 2 and Switch 3) – Two Cisco L2 Switches connecting PCs at different VLANs (VLAN 10 and VLAN 20) via Fast Ethernet interfaces.
  • VLANs 10 and VLAN20. These VLANs configured in L2 switches (S2 and S3) create a logical grouping of PCs within the network. In addition, each VLAN gets a name, VLAN 10 (Engineering) and VLAN 20 (Sales).
  • PCs. PC1, PC2, PC3, and PC4 are each connected to a specific L2 switch.

How to set up a VLAN on a Switch?

So now that you know the VLAN configuration we will be using, including the number of switches, VLAN ID, VLAN name, and the devices or ports that will be part of the configuration, let’s start setting up the VLANs.

Note: VLAN configuration is just a piece of the puzzle. Switches also need proper interface configuration, authentication, access, etc. To learn how to correctly connect and configure everything else, follow the step-by-step guide on how to configure a Cisco Switch. 

a. Let’s connect to the switch

Inspect your hardware and find the console port. This port is usually located on the back of your Cisco switch. You can connect to the switch’s “console port” using a console cable (or rollover). Connect one end of the console cable to the switch’s console port and the other to your computer’s serial port.

Note: Obviously, not all modern computers have serial ports. Some modern switches come with a Mini USB port or AUX port to help with this. But if your hardware doesn’t have these ports, you can also connect to the switch port using special cables like an RJ-45 rollover cable, a Serial DB9-to-RJ-45 console cable, or a serial-to-USB adapter. 

  • Depending on your switch’s model, you can configure it via Command Line Interface (CLI) or Graphical User Interface (GUI). We will connect to the most popular user interface: The IOS-based CLI. 
  • To connect to your switch’s IOS-based CLI, you must use a terminal emulator on your computer, such as PuTTY or SecureCRT.
  • You’ll need to configure the terminal emulator to use the correct serial port and set the baud rate to 9600. Learn how to properly set these parameters in the Cisco switching configuration guide.
  • In the terminal emulator, press Enter to activate the console session. The Cisco switch should display a prompt asking for a username and password.
  • Enter your username and password to log in to the switch.
connect to the switch

b. Configure VLANs

According to our previously shown network diagram, we will need two VLANs; VLAN 10 and VLAN 20.

  • To configure Layer 2 switches, you need to enter the privileged EXEC mode by typing “enable” and entering the password (if necessary).
  • Enter the configuration mode by typing “configure terminal.”
  • Create the VLAN with “vlan <vlan ID>” (e.g., “vlan 10”).
  • Name the VLAN by typing “name <vlan name>” (e.g., “name Sales”).
  • Repeat these two steps for each VLAN you want to create.

Configuration on Switch 2 (S2)

S2# configure terminal

S2(config)# vlan 10

S2(config-vlan)# name Engineering

S2(config-vlan)# end

S2# configure terminal

S2(config)# vlan 20

S2(config-vlan)# name Sales

S2(config-vlan)# end

Use the “show vlan” command to see the configured VLANs. From the output below, you’ll notice that the two new VLANs 10 (Engineering) and 20 (Sales) are indeed configured and active but not yet assigned to any port.

Configure VLANs

Configuration on Switch 3 (S3)

S3# configure terminal

S3(config)# vlan 10

S3(config-vlan)# name Engineering

S3(config-vlan)# end

S3# configure terminal

S3(config)# vlan 20

S3(config-vlan)# name Sales

S3(config-vlan)# end

Configuration on Switch 3 (S3)

Note: From the output above, you might have noticed VLAN 1 (default), which is currently active and is assigned to all the ports in the switch. This VLAN, also known as native VLAN, is the default VLAN on most Cisco switches. It is used for untagged traffic on a trunk port. This means that all traffic that is not explicitly tagged with VLAN information will be sent to this default VLAN. 

Now, let’s remove those VLAN 1 tags from interfaces Fa0/2 and Fa0/3. Or in simple words let’s assign the ports to our newly created VLANs.

c. Assign switch ports to VLANs

In the previous section, we created our VLANs; now, we must assign the appropriate switch ports to the correct VLANs. The proper steps to assign switch ports to VLANs are as follows:

  • Enter configuration mode. Remember to run these commands under the configuration mode (configure terminal).
  • Assign ports to the VLANs by typing “interface <interface ID>” (e.g., “interface GigabitEthernet0/1”).
  • Configure the port as an access port by typing “switchport mode access”
  • Assign the port to a VLAN by typing “switchport access vlan <vlan ID>” (e.g., “switchport access vlan 10”).
  • Repeat these steps for each port you want to assign to a VLAN.

Let’s refer to a section of our network diagram

network diagram

Configuration on Switch 2 (S2)

S2(config)# interface fastethernet 0/2

S2(config-if)# switchport mode access

S2(config-if)# switchport access vlan 10

S2(config)# interface fastethernet 0/3

S2(config-if)# switchport mode access

S2(config-if)# switchport access vlan 20

Configuration on Switch 2 (S2)

Use the “show running-configuration” to see the new configuration taking effect on the interfaces.

Configuration on Switch 3 (S3)

S3(config)# interface fastethernet 0/2

S3(config-if)# switchport mode access

S3(config-if)# switchport access vlan 10

S3(config)# interface fastethernet 0/3

S3(config-if)# switchport mode access

S3(config-if)# switchport access vlan 20

Configuration on Switch 3 (S3)

A “show running-configuration” can show you our configuration results.

show running-configuration

d. Configure trunk ports

Trunk ports are a type of switch port mode (just like access) that perform essential tasks like carrying traffic for multiple VLANs between switches, tagging VLAN traffic, supporting VLAN management, increasing bandwidth efficiency, and allowing inter-VLAN routing.

If we didn’t configure trunk ports between our switches, the PCs couldn’t talk to each other on different switches, even if they were on the same VLAN.

Here’s a step by step to configuring trunk ports

  • Configure a trunk port to carry traffic between VLANs by typing “interface <interface ID>” (e.g., “interface FastEthernet0/12”).
  • Set the trunk encapsulation method (dot1q). The IEEE 802.1Q (dot1q) trunk encapsulation method is the standard tagging Ethernet frames with VLAN information.
  • Configure the port as a trunk port by typing “switchport mode trunk”.
  • Repeat the steps for each trunk port you want to configure.

Note (on redundant trunk links): To keep our article simple, we will configure one trunk link. However, keep in mind that any good network design (including trunk links) would need redundancy. One trunk link between switches is not an optimal redundant solution for networks on production. To add redundancy, we recommend using EtherChannel to bundle physical links together and configure the logical link as a trunk port. You can also use Spanning Tree Protocol (STP) by using the “spanning-tree portfast trunk” command.

Let’s refer to our network diagram

network diagram

Configuration on Switch 2 (S2)

S2(config)# interface fastethernet 0/12

S2(config-if)# switchport trunk encapsulation dot1q

S2(config-if)# switchport mode trunk

S2(config-if)# exit

Configuration on Switch 2 (S2)

Configuration on Switch 3 (S3)

S3(config)# interface fastethernet 0/24

S3(config-if)# switchport trunk encapsulation dot1q

S3(config-if)# switchport mode trunk

S3(config-if)# exit

Configuration on Switch 3 (S3)

Note: You can use different types of trunk encapsulation such as dot1q and ISL, just make sure both ends match the type of encapsulation.

Extra Configuration to Consider

Once you finish with VLAN and trunk configuration, remember to test VLAN connectivity between PCs, you can do this by configuring the proper IP addressing and doing a simple ping. Below are other key configurations related to your new VLANs that you might want to consider.

a. Ensure all your interfaces are up and running

To ensure that your interfaces are not administratively down, issue a “no shutdown” (or ‘no shut’) command on all those newly configured interfaces. Additionally, you can also use the “show interfaces” to see the status of all the interfaces.

no shutdown command

b. (Optional) enable inter-VLAN

VLANs, as discussed earlier, separate broadcast domains (Layer 2) — they do not know how to route IP traffic because Layer 2 devices like switches can’t accept IP address configuration on their interfaces. To allow inter-VLAN communication (PCs on one VLAN communicate with PCs on another VLAN), you would need to use a Layer 3 device (a router or L3 switch) to route traffic.

There are three ways to implement inter-VLAN routing: an L3 router with multiple Ethernet interfaces, an L3 router with one router interface using subinterfaces (known as Router-On-a-Stick), and an L3 switch with SVI.

We will show a step-by-step on how to configure Router-On-a-Stick for inter-VLAN communications. 

  • Connect the router to one switch via a trunk port.
  • Configure subinterfaces on the router for each VLAN (10 and 20 in our example). To configure subinterfaces, use the “interface” command followed by the VLAN number with a period and a subinterface number (e.g., “interface FastEthernet0/0.10” for VLAN 10). For example, to configure subinterfaces for VLANs 10 and 20, you would use the following commands:

> router(config)# interface FastEthernet 0/0

> router(config-if)# no shutdown

> router(config-if)# interface FastEthernet 0/0.10

> router(config-subif)# encapsulation dot1Q 10

> router(config-subif)# ip address 192.168.10.1 255.255.255.0

> router(config-subif)# interface FastEthernet 0/0.20

> router(config-subif)# encapsulation dot1Q 20

> router(config-subif)# ip address 192.168.20.1 255.255.255.0

  • Configure a default route on the router using the “ip route” command. This is a default route to the Internet through a gateway at IP address 192.168.1.1. For example:

> router(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1

c. Configure DHCP Server

To automatically assign IP addresses to devices inside the VLANs, you will need to configure a DHCP server. Follow these steps:

  1. The DHCP server should also be connected to the VLAN.
  2. Configure the DHCP server to provide IP addresses to devices in the VLAN.
  3. Configure the router to forward DHCP requests to the DHCP server by typing “ip helper-address <ip address>” (e.g., “ip helper-address 192.168.10.2”).

Final Words

By following the steps outlined in this post, you can easily set up a VLAN on your switch and effectively segment your network. Keep in mind to thoroughly test your VLAN configuration and consider additional configuration options to optimize your network for your specific needs.

With proper setup and configuration, VLANs can greatly enhance your network’s capabilities and 10x increase its performance and security.

Source :
https://www.pcwdld.com/how-to-set-up-a-vlan/

The Best Network Monitoring Tools & Software

Marc Wilson UPDATED: October 20, 2023

The realm of Network Monitoring Tools, Software, and Vendors is Huge, to say the least. New software, tools, and utilities are being launched almost every year to compete in an ever-changing marketplace of IT monitoringserver monitoring, and system monitoring software.

I’ve test-driven, played with and implemented dozens during my career and this guide rounds up the best ones in an easy-to-read format and highlighted their main strengths and why I think they are in the top class of tools to use in your IT infrastructure and business.

Some of the features I am looking for are device discovery, uptime/downtime indicators, along with robust and thorough alerting systems (via email/SMS),  NetFlow and SNMP Integration as  well as considerations that are important with any software purchase such as ease of use and value for money.

The features from above were all major points of interest when evaluating software suites for this article and I’ll try to keep this article as updated as possible with new feature sets and improvements as they are released.

Here is our list of the top network monitoring tools:

  1. Auvik – EDITOR’S CHOICE This cloud platform provides modules for LAN monitoring, Wi-Fi monitoring, and SaaS system monitoring. The network monitoring package discovers all devices, maps the network, and then implements automated performance tracking. Get a 14-day free trial.
  2. Paessler PRTG Network Monitor – FREE TRIAL A collection of monitoring tools and many of those are network monitors. Runs on Windows Server. Start a 30-day free trial.
  3. SolarWinds Network Performance Monitor – FREE TRIAL The leading network monitoring system that uses SNMP to check on network device statuses. This monitoring tool includes autodiscovery that compiles an asset inventory and automatically draws up a network topology map. Runs on Windows Server. Start 30-day free trial.
  4. Checkmk – FREE TRIAL This hybrid IT infrastructure monitoring package includes a comprehensive network monitor that provides device status tracking and traffic analysis functions via the integration with ntop. Available as a Linux install package, Docker package, appliance and cloud application available in cloud marketplaces. Get a 30-day free trial.
  5. Datadog Network Monitoring – FREE TRIAL Provides good visibility over each of the components of your network and the connections between them – be it cloud, on-premises or hybrid environment. Troubleshoot infrastructure, apps and DNS issues effortlessly.
  6. ManageEngine OpManager – FREE TRIAL An SNMP-based network monitor that has great network topology layout options, all based on an autodiscovery process. Installs on Windows Server and Linux.
  7. NinjaOne RMM – FREE TRIAL This cloud-based system provides remote monitoring and management for managed service providers covering the systems of their clients.
  8. Site24x7 Network Monitoring – FREE TRIAL A cloud-based monitoring system for networks, servers, and applications. This tool monitors both physical and virtual resources.
  9. Atera – FREE TRIAL A cloud-based package of remote monitoring and management tools that include automated network monitoring and a network mapping utility.
  10. ManageEngine RMM Central – FREE TRIAL A powerful asset and network management that includes patching, remote access, and automated remediation.

Related Post: Best Bandwidth Monitoring Software and Tools for Network Traffic Usage

The Top Network Monitoring Tools and Software

Below you’ll find an updated list of the Latest Tools & Software to ensure your network is continuously tracked and monitored at all times of the day to ensure the highest up-times possible. Most of them have free Downloads or Trials to get you started for 15 to 30 days to ensure it meets your requirements.

What should you look for in network monitoring tools?

We reviewed the market for network monitoring software and analyzed the tools based on the following criteria:

  • An automated service that can perform network monitoring unattended
  • A device discovery routine that automatically creates an asset inventory
  • A network mapping service that shows live statuses of all devices
  • Alerts for when problems arise
  • The ability to communicate with network devices through SNMP
  • A free trial or a demo for a no-cost assessment
  • Value for money in a package that provides monitoring for all network devices at a reasonable price

With these selection criteria in mind, we have defined a shortlist of suitable network monitoring tools for all operating systems.

1. Auvik – FREE TRIAL

Auvik Network Monitoring

Auvik is a SaaS platform that offers a network discovery and mapping system that automates enrolment and then continues to operate in order to spot changes in network infrastructure. This system is able to centralize and unify the monitoring of multiple sites.

Key Features:

  • A SaaS package that includes processing power and storage space for system logs as well as the monitoring software
  • Centralizes the monitoring of networks on multiple sites
  • Watches over network device statuses
  • Offers two plans: Essential and Performance
  • Network traffic analysis included in the higher plan
  • Monitors virtual LANs as well as physical networks
  • Autodiscovery service
  • Network mapping
  • Alerts for automated monitoring
  • Integrations with third-party complimentary systems

Why do we recommend it?

Auvik is a cloud-based network monitoring system. It reaches into your network, identifies all connected devices, and then creates a map. While SolarWinds Network Performance Monitor also performs those tasks, Auvik is a much lighter tool that you don’t have to host yourself and you don’t need deep technical knowledge to watch over a network with this automated system.

Auvik’s network monitoring system is automated, thanks to its system of thresholds. The service includes out-of-the-box thresholds that are placed on most of the metrics that the network monitor tracks. It is also possible to create custom thresholds.

Once the monitoring service is operating, if any of the thresholds are crossed, the system raises an alert. This mechanism allows technicians to get on with other tasks, knowing that the thresholds give them time to avert system performance problems that would be noticeable to users.

Network management tools that are included in the Auvik package include configuration management to standardize the settings of network devices and prevent unauthorized changes.

The processing power for Auvik is provided by the service’s cloud servers. However, the system requires collectors to be installed on each monitored site. This software runs on Windows Server and Ubuntu Linux. It is also possible to run the collector on a VM. Wherever the collector is located, the system manager still accesses the service’s console, which is based on the Auvik server, through any standard Web browser.

Who is it recommended for?

Smaller businesses that don’t have a team to support IT would benefit from Auvik. It needs no software maintenance and the system provides automated alerts when issues arise, so your few IT staff can get on with supporting other resources while Auvik looks after the network.

PROS:

  • A specialized network monitoring tool
  • Additional network management utilities
  • Configuration management included
  • A cloud-based service that is accessible from anywhere through any standard Web browser
  • Data collectors for Windows Server and Ubuntu Linux

CONS:

  • The system isn’t expandable with any other Auvik modules

Auvik doesn’t publish its prices by you can access a 14-day free trial.

EDITOR’S CHOICE

Auvik is our top pick for a network monitoring tool because it is a hosted SaaS package that provides all of your network monitoring needs without you needing to maintain the software. The Auvik platform installs an agent on your site and then sets itself up by scanning the network and identifying all devices. The inventory that this system generates gives you details of all of your equipment and provides a basis for network topology maps. Repeated checks on the network gather performance statistics and if any metric crosses a threshold, the tool will generate an alert.  You can centralize the monitoring of multiple sites with this service.

Download: Get a 14-day FREE Trial

Official Site: https://www.auvik.com/#trial

OS: Cloud-based

2. PRTG Network Monitor from Paessler – FREE TRIAL

PRTG Network Monitor

PRTG Network Monitor software is commonly known for its advanced infrastructure management capabilities. All devices, systems, traffic, and applications in your network can be easily displayed in a hierarchical view that summarizes performance and alerts. PRTG monitors the entire IT infrastructure using technology such as SNMP, WMI, SSH, Flows/Packet Sniffing, HTTP requests, REST APIs, Pings, SQL, and a lot more.

Key Features:

  • Autodiscovery that creates and maintains a device inventory
  • Live network topology maps are available in a range of formats
  • Monitoring for wireless networks as well as LANs
  • Multi-site monitoring capabilities
  • SNMP sensors to gather device health information
  • Ping to check on device availability
  • Optional extra sensors to monitor servers and applications
  • System-wide status overviews and drill-down paths for individual device details
  • A protocol analyzer to identify high-traffic applications
  • A packet sniffer to collect packet headers for analysis
  • Color-coded graphs of live data in the system dashboard
  • Capacity planning support
  • Alerts on device problems, resource shortages, and performance issues
  • Notifications generated from alerts that can be sent out by email or SMS
  • Available for installation on Windows Server or as a hosted cloud service

Why do we recommend it?

Paessler PRTG Network Monitor is a very flexible package. Not only does it monitor networks, but it can also monitor endpoints and applications. The PRTG system will discover and map your network, creating a network inventory, which is the basis for automated monitoring. You put together your ideal monitoring system by choosing which sensors to turn on. You pay for an allowance of sensors.

It is one of the best choices for organizations with low experience in network monitoring software. The user interface is really powerful and very easy to use.

A very particular feature of PRTG is its ability to monitor devices in the data center with a mobile app. A QR code that corresponds to the sensor is printed out and attached to the physical hardware. The mobile app is used to scan the code and a summary of the device is displayed on the mobile screen.

In summary, Paessler PRTG is a flexible package of sensors that you can tailor to your own needs by deciding which monitors to activate. The SNMP-based network performance monitoring routines include an autodiscovery system that generates a network asset inventory and topology maps. You can also activate traffic monitoring features that can communicate with switches through NetFlow, sFlow, J-Flow, and IPFIX. QoS and NBAR features enable you to keep your time-sensitive applications working properly.

Who is it recommended for?

PRTG is available in a Free edition, which is limited to 100 sensors. This is probably enough to support a small network. Mid-sized and large organizations should be interested in paying for larger allowances of sensors. The tool can even monitor multiple sites from one location.

PROS:

  • Uses a combination of packet sniffing, WMI, and SNMP to report network performance data
  • Fully customizable dashboard is great for both lone administrators as well as NOC teams
  • Drag and drop editor makes it easy to build custom views and reports
  • Supports a wide range of alert mediums such as SMS, email, and third-party integrations into platforms like Slack
  • Each sensor is specifically designed to monitor each application, for example, there are prebuilt sensors whose specific purpose is to capture and monitor VoIP activity
  • Supports a freeware version

CONS:

  • Is a very comprehensive platform with many features and moving parts that require time to learn

PRTG has a very flexible pricing plan, to get an idea visit their official pricing webpage below. It is free to use for up to 50 sensors. Beyond that you get a 30-day free trial to figure out your network requirements.

Paessler PRTGDownload a 30-day FREE Trial

3. SolarWinds Network Performance Monitor – FREE TRIAL

SolarWinds Network Performance Monitor with Free Trial

SolarWinds Network Performance Monitor is easy to setup and can be ready in no time. The tool automatically discovers network devices and deploys within an hour. Its simple approach to oversee an entire network makes it one of the easiest to use and most intuitive user interfaces.

Key Features:

  • Automatically Network Discovery and Scanning for Wired and Wifi Computers and Devices
  • Support for Wide Array of OEM Vendors
  • Forecast and Capacity Planning
  • Quickly Pinpoint Issues with Network Performance with NetPath™ Critical Path visualization feature
  • Easy to Use Performance Dashboard to Analyze Critical Data points and paths across your network
  • Robust Alerting System with options for Simple/Complex Triggers
  • Monitor CISCO ASA networks with their New Network Insight™ for CISCO ASA
  • Monitor ACL‘s, VPN, Interface and Monitor on your Cisco ASA
  • Monitor Firewall rules through Firewall Rules Browser
  • Hop by Hop Analysis of Critical Network Paths and Components
  • Automatically Discover Networks and Map them along with Topology Views
  • Manage, Monitor and Analyze Wifi Networks within the Dashboard
  • Create HeatMaps of Wifi Networks to pin-point Wifi Dead Spots
  • Monitor Hardware Health of all Servers, Firewalls, Routers, Switches, Desktops, laptops and more
  • Real-Time Network and Netflow Monitoring for Critical Network Components and Devices

Why do we recommend it?

SolarWinds Network Performance Monitor is the leading network monitoring tool in the world and this is the system that the other monitor providers are chasing. Like many other network monitors, this system uses the Simple Network Management Protocol (SNMP) to gather reports on network devices. The strength of SolarWinds lies in the deep technical knowledge of its support advisors, which many other providers lack.

The product is highly customizable and the interface is easy to manage and change very quickly. You can customize the web-based performance dashboards, charts, and views. You can design a tailored topology for your entire network infrastructure. You can also create customized dependency-aware intelligent alerts and much more.

SolarWinds NPM Application Summary

The software is sold by separate modules based on what you use. SolarWinds Network Performance Monitor Price starts from $1,995 and is a one-time license including 1st-year maintenance.

SolarWinds NPM has an Extensive Feature list that make it One of the Best Choices for Network Monitoring Solutions

SolarWinds NPM is able to track the performance of networks autonomously through the use of SNMP procedures, producing alerts when problems arise. Alerts are generated if performance dips and also in response to emergency notifications sent out by device agents. This system means that technicians don’t have to watch the monitoring screen all the time because they know that they will be drawn back to fix problems by an email or SMS notification.

SolarWinds NPM - NetPath Screenshot
NetPath Screenshot

Who is it recommended for?

SolarWinds Network Performance Monitor is an extensive network monitoring system and it is probably over-engineered for use by a small business. Mid-sized and large companies would benefit from using this tool.

PROS:

  • Supports auto-discovery that builds network topology maps and inventory lists in real-time based on devices that enter the network
  • Has some of the best alerting features that balance effectiveness with ease of use
  • Supports both SNMP monitoring as well as packet analysis, giving you more control over monitoring than similar tools
  • Uses drag and drop widgets to customize the look and feel of the dashboard
  • Tons of pre-configured templates, reports, and dashboard views

CONS:

  • This is a feature-rich enterprise tool designed for sysadmin, non-technical users may some features overwhelming

You can start with a 30-day free trial.

SolarWinds NPMDownload a 30-day FREE Trial!

4. Checkmk – FREE TRIAL

Checkmk Uplink Bandwidth Graph

Checkmk is an IT asset monitoring package that has the ability to watch over networks, servers, services, and applications. The network monitoring facilities in this package provide both network device status tracking and network traffic monitoring.

Features of this package include:

  • Device discovery that cycles continuously, spotting new devices and removing retired equipment
  • Creation of a network inventory
  • Registration of switches, routers, firewalls, and other network devices
  • Creation of a network topology map
  • Continuous device status monitoring with SNMP
  • SNMP feature report focus for small businesses
  • Performance thresholds with alerts
  • Wireless network monitoring
  • Protocol analysis
  • Traffic throughput statistics per link
  • Switch port monitoring
  • Gateway transmission speed tracking
  • Network traffic data extracted with ntop
  • Can monitor a multi-vendor environment

Why do we recommend it?

The Checkmk combination of network device monitoring and traffic monitoring in one tool is rare. Most network monitoring service creators split those two functions so that you have to buy two separate packages. The Checkmk system also gives you application and server monitoring along with the network monitoring service.

The Checkmk system is easy to set up, thanks to its autodiscovery mechanism. This is based on SNMP. The program will act as an SNMP Manager, send out a broadcast requesting reports from device agents, and then compile the results into an inventory. The agent is the Checkmk package itself if you choose to install the Linux version or it is embedded on a device if you go for the hardware option. If you choose the Checkmk Cloud SaaS option, that platform will install an agent on one of your computers.

The SNMP Manager constantly re-polls for device reports and the values in these appear in the Checkmk device monitoring screen. The platform also updates its network inventory according to the data sent back by device agents in each request/response round. The dashboard also generates a network topology map from information in the inventory. So, that map updates whenever the inventory changes.

Checkmk Network Topology

While gathering information through SNMP, the tool also scans the headings of passing packets on the network to compile traffic statistics. Basically, the tool provides a packet count which enables it to quickly calculate a traffic throughput rate. Data can also be segmented per protocol, according to the TCP port number in each header.

Who is it recommended for?

Checkmk has a very wide appeal because of its three editions. Checkmk Raw is free and will appeal to small businesses. This is an adaptation of Nagios Core. The paid version of the system is called Checkmk Enterprise and that is designed for mid-sized and large businesses. Checkmk Cloud is a SaaS option.

PROS:

  • Provides both network device monitoring and traffic tracking
  • Automatically discovers devices and creates a network inventory
  • Free version available
  • Options for on-premises or SaaS delivery
  • Monitors wireless networks as well as LANs
  • Available for installation on Linux or as an appliance

CONS:

  • Provides a lot of screens to look through

Start a 30-day free trial.

CheckmkStart 30-day FREE Trial

5. Datadog Network Monitoring – FREE TRIAL

Datadog App Performance

Datadog Network Monitoring supervises the performance of network devices. The service is a cloud-based system that is able to explore a network and detect all connected devices. With the information from this research, the network monitor will create an asset inventory and draw up a network topology map. This procedure means that the system performs its own setup routines.

Features of this package include:

  • Monitors networks anywhere, including remote sites
  • Joins together on-premises and cloud-based resource monitoring
  • Integrates with other Datadog modules, such as log management
  • Offers an overview of all network performance and drill-down details of each device
  • Facilitates troubleshooting by identifying performance dependencies
  • Includes DNS server monitoring
  • Gathers SNMP device reports
  • Blends performance data from many information sources
  • Includes data flow monitoring
  • Offers tag-based packet analysis utilities in the dashboard
  • Integrates protocol analyzers
  • Performance threshold baselining based on machine learning
  • Alerts for warnings over evolving performance issues
  • Packages offer network performance monitoring tools (traffic analysis) or network device monitoring
  • Subscription charges with no startup costs

Why do we recommend it?

Datadog Network Monitoring services are split into two modules that are part of a cloud platform of many system monitoring and management tools. These two packages are called Network Performance Monitoring and Network Device Monitoring, which are both subscription services. While the device monitoring package works through SNMP, the performance monitor measures network traffic levels.

The autodiscovery process is ongoing, so it spots any changes you make to your network and instantly updates the inventory and the topology map. The service can also identify virtual systems and extend monitoring of links out to cloud resources.

Datadog Network Monitoring

Datadog Network Monitoring provides end-to-end visibility of all connections, which are also correlated with performance issues highlighted in log messages. The dashboard for the system is resident in the cloud and accessed through any standard browser. This centralizes network performance data from many sources and covers the entire network, link by link and end to end.

You can create custom graphs, metrics, and alerts in an instant, and the software can adjust them dynamically based on different conditions. Datadog prices start from free (up to five hosts), Pro $15/per host, per month and Enterprise $23 /per host, per month.

Who is it recommended for?

The two Datadog network monitoring packages are very easy to sign up for. They work well together to get a complete view of network activities. The pair will discover all of the devices on your network and map them, then startup automated monitoring. These are very easy-to-use systems that are suitable for use by any size of business.

PROS:

  • Has one of the most intuitive interfaces among other network monitoring tools
  • Cloud-based SaaS product allows monitoring with no server deployments or onboarding costs
  • Can monitor both internally and externally giving network admins a holistic view of network performance and accessibility
  • Supports auto-discovery that builds network topology maps on the fly
  • Changes made to the network are reflected in near real-time
  • Allows businesses to scale their monitoring efforts reliably through flexible pricing options

CONS:

  • Would like to see a longer trial period for testing

Start a 14-day free trial.

DatadogStart a 14-day FREE Trial

6. ManageEngine OpManager – FREE TRIAL

ManageEngine OpManager Linux Network Monitoring

At its core, ManageEngine OpManager is infrastructure management, network monitoring, and application performance management “APM” (with APM plug-in) software.

Key Features:

  • Includes server monitoring as well as network monitoring
  • Autodiscovery function for automatic network inventory assembly
  • Constant checks on device availability
  • A range of network topology map options
  • Automated network mapping
  • Performs an SNMP manager role, constantly polling for device health statuses
  • Receives SNMP Traps and generates alerts when device problems arise
  • Implements performance thresholds and identifies system problems
  • Watches over resource availability
  • Customizable dashboard with color-coded dials and graphs of live data
  • Forwards alerts to individuals by email or SMS
  • Available for Windows Server and Linux
  • Can be enhanced by an application performance monitor to create a full stack supervisory system
  • Free version available
  • Distributed version to supervise multiple sites from one central location

Why do we recommend it?

ManageEngine OpManager is probably the biggest threat to SolarWind’s leading position. This package monitors servers as well as networks. This makes it a great system for monitoring virtualizations.

When it comes to network management tools, this product is well balanced when it comes to monitoring and analysis features.

The solution can manage your network, servers, network configuration, and fault & performance; It can also analyze your network traffic. To run Manage Engine OpManager, it must be installed on-premises.

A highlight of this product is that it comes with pre-configured network monitor device templates. These contain pre-defined monitoring parameters and intervals for specific device types.
The essential edition product can be purchased for $595 which allows up to 25 devices.

Who is it recommended for?

A nice feature of OpManager is that it is available for Linux as well as Windows Server for on-premises installation and it can also be used as a service on AWS or Azure for businesses that don’t want to run their own servers. The pricing for this package is very accessible for mid-sized and large businesses. Small enterprises with simple networks should use the Free edition, which is limited to covering a network with three connected devices.

PROS:

  • Designed to work right away, features over 200 customizable widgets to build unique dashboards and reports
  • Leverages autodiscovery to find, inventory, and map new devices
  • Uses intelligent alerting to reduce false positives and eliminate alert fatigue across larger networks
  • Supports email, SMS, and webhook for numerous alerting channels
  • Integrates well in the ManageEngine ecosystem with their other products

CONS:

  • Is a feature-rich tool that will require a time investment to properly learn

Start 30-day free trial.

ManageEngine OpManagerDownload a 30-day FREE Trial

7. NinjaOne RMM – FREE TRIAL

NinjaOne Endpoint Management

NinjaOne is a remote monitoring and management (RMM) package for managed service providers (MSPs). The system reaches out to each remote network through the installation of an agent on one of its endpoints. The agent acts as an SNMP Manager.

Key Features:

  • Based on the Simple Network Management Protocol
  • SNMP v1, 2, and 3
  • Device discovery and inventory creation
  • Continuous status polling for network devices and endpoints
  • Live traffic data with NetFlow, IPFIX, J-Flow, and sFlow
  • Traffic throughput graphs
  • Customizable detail display
  • Performance graphs
  • Switch port mapper
  • Device availability checks
  • Syslog processing for device status reports
  • Customizable alerts
  • Notifications by SMS or email
  • Related endpoint monitoring and management

Why do we recommend it?

NinjaOne RMM enables each technician to support multiple networks simultaneously. The alerting mechanism in the network monitoring service means that you can assume that everything is working fine on a client’s system unless you receive a notification otherwise. The network tracking service sets itself up automatically with a discovery routine.

The full NinjaOne RMM package provides a full suite of tools for administering a client’s system. The network monitoring service is part of that bundle along with endpoint monitoring and patch management.

The Ninja One system onboards a new client site automatically through a discovery service that creates both hardware and software inventories. The data for each client is kept separate in a subaccount. Technicians that need access to that client’s system for investigation need to be set up with credentials.

The network monitoring system provides both device status tracking and network traffic analysis. The service provides notifications if a dive goes offline or throughput drops.

Who is it recommended for?

This service is built with a multi-tenant architecture for use by managed service providers. However, IT departments can also use the system to manage their own networks and endpoints. The service is particularly suitable for simultaneously monitoring multiple sites. The console for the RMM is based in the cloud and accessed through any standard Web browser.

PROS:

  • A cloud-based package that onboards sites through the installation of an agent
  • Auto discovery for network devices and endpoints
  • Network device status monitoring
  • Network traffic analysis
  • Syslog message scanning

CONS:

  • No price list

NinjaOne doesn’t publish a price list so you start your buyer’s journey by accessing a 14-day free trial.

NinjaOneStart a 14-day FREE Trial

8. Site24x7 Network Monitoring – FREE TRIAL

Site24x7 Network Performance Monitor

Site24x7 is a monitoring service that covers networks, servers, and applications. The network monitoring service in this package starts off by exploring the network for connected devices. IT logs its findings in a network inventory and draws up a network topology map.

Key Features:

  • A hosted cloud-based service that includes CPU time and performance data storage space
  • Can unify the monitoring of networks on site all over the world
  • Uses SNMP to check on device health statuses
  • Gives alerts on resource shortages, performance issues, and device problems
  • Generates notifications to forward alerts by email or SMS
  • Root cause analysis features
  • Autodiscovery for a constantly updated network device inventory
  • Automatic network topology mapping
  • Includes internet performance monitoring for utilities such as VPNs
  • Specialized monitoring routines for storage clusters
  • Monitors boundary and edge services, such as load balancers
  • Offers overview and detail screens showing the performance of the entire network and also individual devices
  • Includes network traffic flow monitoring
  • Facilities for capacity planning and bottleneck identification
  • Integrates with application monitoring services to create a full stack service

Why do we recommend it?

Site24x7 Network Monitoring is part of a platform that is very similar to Datadog. A difference lies in the number of modules that Site24x7 offers – it has far fewer than Datadog. Site24x7 bundles its modules into packages with almost all plans providing monitoring for networks, servers, services, applications, and websites. Site24x7 was originally developed to be a SaaS plan for ManageEngine but then was split out into a separate brand, so there is very solid expertise behind this platform.

The Network Monitor uses procedures from the Simple Network Management Protocol (SNMP) to poll devices every minute for status reports. Any changes in the network infrastructure that are revealed by these responses update the inventory and topology map.

The results of the device responses are interpreted into live data in the dashboard of the monitor. The dashboard is accessed through any standard browser and its screens can be customized by the user.

The SNMP system empowers device agents to send out a warning without waiting for a request if it detects a problem with the device that it is monitoring. Site24x7 Infrastructure catches these messages, which are called Traps, and generates an alert. This alert can be forwarded to technicians by SMS, email, voice call, or instant messaging post.

The Network Monitor also has a traffic analysis function. This extracts throughput figures from switches and routers and displays data flow information in the system dashboard. This data can also be used for capacity planning.

Who is it recommended for?

The plans for Site24x7 are very reasonably priced, which makes them accessible to businesses of all sizes. Setup for the system is automated and much of the ongoing monitoring processes are carried out without any manual intervention.

PROS:

  • One of the most holistic monitoring tools available, supporting networks, infrastructure, and real user monitoring in a single platform
  • Uses real-time data to discover devices and build charts, network maps, and inventory reports
  • Is one of the most user-friendly network monitoring tools available
  • User monitoring can help bridge the gap between technical issues, user behavior, and business metrics
  • Supports a freeware version for testing

CONS:

  • Is a very detailed platform that will require time to fully learn all of its features and options

Site24x7 costs $9 per month when paid annually. It is available for a free trial.

Site24x7Get the FREE Trial

9. Atera – FREE TRIAL

Atera Screenshot

Atera is a package software that was built for managed service providers. It is a SaaS platform and it includes professional service automation (PSA) and remote monitoring and management (RMM) systems.

Why do we recommend it?

Atera is a package of tools for managed service providers (MSPs). Alongside remote network monitoring capabilities, this package provides automated monitoring services for all IT operations. The package also includes some system management tools, such as a patch manager. Finally, the Atera platform offers Professional Services Automation (PSA) tools to help the managers of MSPs to run their businesses.

The network monitoring system operates remotely through an agent that installs on Windows Server. The agent enables the service to scour the network and identify all of the network devices that run it. This is performed using SNMP, with the agent acting as the SNMP Manager.

The SNMP system enables the agent to spot Traps, which warn of device problems. These are sent to the Atera network monitoring dashboard, where they appear as alerts. Atera offers an automated topology mapping service, but this is an add-on to the main subscription packages.

Who is it recommended for?

Atera charges for its platform per technician, so it is very affordable for MSPs of all sizes. This extends to sole technicians operating on a contract basis and possibly fielding many small business clients.

PROS:

  • Remote automated network discovery
  • Network performance monitoring with SNMP
  • Alerts for notified device problems
  • Also includes remote system management tools
  • Scalable pricing with three plan levels
  • 30-day free trial

CONS:

  • Network mapping costs extra

You can start a 30-day free trial.

AteraStart 30-day Free Trial

10. ManageEngine RMM Central – FREE TRIAL

ManageEngine RMM Central

ManageEngine RMM Central provides sysadmins with everything they need to support their network. Automated asset discovery makes deployment simple, allowing you to collect all devices on your network by the end of the day.

Key Features

  • Automated network monitoring and asset discovery
  • Built-in remote access with various troubleshooting tools
  • Flexible alert integrations

With network and asset metrics collected, administrators can quickly see critical insights automatically generated by the platform. With over 100 automated reports it’s easy to see exactly where your bottlenecks are and what endpoints are having trouble.

Administrators can configure their own SLAs with various automated alert options and even pair those alerts with other automation that integrate into their helpdesk workflow.

PROS:

  • Uses a combination of packet sniffing, WMI, and SNMP to report network performance data
  • Fully customizable dashboard is great for both lone administrators as well as NOC teams
  • Drag and drop editor makes it easy to build custom views and reports
  • Supports a wide range of alert mediums such as SMS, email, and third-party integrations into platforms like Slack

CONS:

  • Is a very comprehensive platform with many features and moving parts that require time to learn

Start a 30-day free trial.

source :
https://www.pcwdld.com/network-monitoring-tools-software/

Running Remote Commands

Article 07/03/2023

In this article

  1. Windows PowerShell remoting without configuration
  2. Windows PowerShell remoting
  3. See Also

You can run commands on one or hundreds of computers with a single PowerShell command. Windows PowerShell supports remote computing using various technologies, including WMI, RPC, and WS-Management.

PowerShell supports WMI, WS-Management, and SSH remoting. In PowerShell 7 and higher, RPC is supported only on Windows.

For more information about remoting in PowerShell, see the following articles:

Windows PowerShell remoting without configuration

Many Windows PowerShell cmdlets have the ComputerName parameter that enables you to collect data and change settings on one or more remote computers. These cmdlets use varying communication protocols and work on all Windows operating systems without any special configuration.

These cmdlets include:

Typically, cmdlets that support remoting without special configuration have the ComputerName parameter and don’t have the Session parameter. To find these cmdlets in your session, type:

PowerShellCopy

Get-Command | Where-Object {
    $_.Parameters.Keys -contains "ComputerName" -and
    $_.Parameters.Keys -notcontains "Session"
}

Windows PowerShell remoting

Using the WS-Management protocol, Windows PowerShell remoting lets you run any Windows PowerShell command on one or more remote computers. You can establish persistent connections, start interactive sessions, and run scripts on remote computers.

To use Windows PowerShell remoting, the remote computer must be configured for remote management. For more information, including instructions, see About Remote Requirements.

Once you have configured Windows PowerShell remoting, many remoting strategies are available to you. This article lists just a few of them. For more information, see About Remote.

Start an interactive session

To start an interactive session with a single remote computer, use the Enter-PSSession cmdlet. For example, to start an interactive session with the Server01 remote computer, type:

PowerShellCopy

Enter-PSSession Server01

The command prompt changes to display the name of the remote computer. Any commands that you type at the prompt run on the remote computer and the results are displayed on the local computer.

To end the interactive session, type:

PowerShellCopy

Exit-PSSession

For more information about the Enter-PSSession and Exit-PSSession cmdlets, see:

Run a Remote Command

To run a command on one or more computers, use the Invoke-Command cmdlet. For example, to run a Get-UICulture command on the Server01 and Server02 remote computers, type:

PowerShellCopy

Invoke-Command -ComputerName Server01, Server02 -ScriptBlock {Get-UICulture}

The output is returned to your computer.

OutputCopy

LCID    Name     DisplayName               PSComputerName
----    ----     -----------               --------------
1033    en-US    English (United States)   server01.corp.fabrikam.com
1033    en-US    English (United States)   server02.corp.fabrikam.com

Run a Script

To run a script on one or many remote computers, use the FilePath parameter of the Invoke-Command cmdlet. The script must be on or accessible to your local computer. The results are returned to your local computer.

For example, the following command runs the DiskCollect.ps1 script on the remote computers, Server01 and Server02.

PowerShellCopy

Invoke-Command -ComputerName Server01, Server02 -FilePath c:\Scripts\DiskCollect.ps1

Establish a Persistent Connection

Use the New-PSSession cmdlet to create a persistent session on a remote computer. The following example creates remote sessions on Server01 and Server02. The session objects are stored in the $s variable.

PowerShellCopy

$s = New-PSSession -ComputerName Server01, Server02

Now that the sessions are established, you can run any command in them. And because the sessions are persistent, you can collect data from one command and use it in another command.

For example, the following command runs a Get-HotFix command in the sessions in the $s variable and it saves the results in the $h variable. The $h variable is created in each of the sessions in $s, but it doesn’t exist in the local session.

PowerShellCopy

Invoke-Command -Session $s {$h = Get-HotFix}

Now you can use the data in the $h variable with other commands in the same session. The results are displayed on the local computer. For example:

PowerShellCopy

Invoke-Command -Session $s {$h | where {$_.InstalledBy -ne "NT AUTHORITY\SYSTEM"}}

Advanced Remoting

PowerShell includes cmdlets that allow you to:

  • Configure and create remote sessions both from the local and remote ends
  • Create customized and restricted sessions
  • Import commands from a remote session that actually run implicitly on the remote session
  • Configure the security of a remote session

PowerShell on Windows includes a WSMan provider. The provider creates a WSMAN: drive that lets you navigate through a hierarchy of configuration settings on the local computer and remote computers.

For more information about the WSMan provider, see WSMan Provider and About WS-Management Cmdlets, or in the Windows PowerShell console, type Get-Help wsman.

For more information, see:

For help with remoting errors, see about_Remote_Troubleshooting.

See Also

Source :
https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.3

Keep removed apps from returning during an update

Article 02/24/2023

In this article

  1. Create registry keys for deprovisioned apps
  2. Package names for apps provisioned in Windows 10, version 1709
  3. Registry keys for provisioned apps

When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed post-update. This can happen if the computer was offline when you removed the apps. Windows 10, version 1803 has fixed this issue.

 Note

  • This issue only occurs after a feature update (from one version to the next), not monthly updates or security-related updates.
  • This only applies to first-party apps that shipped with Windows 10. This doesn’t apply to third-party apps, Microsoft Store apps, or LOB apps.
  • This issue can occur whether you removed the app using Remove-appxprovisionedpackage or Get-AppxPackage -allusers | Remove-AppxPackage -Allusers.

To remove a provisioned app, you need to remove the provisioning package. The apps might reappear if you removed the packages in one of the following ways:

  • If you removed the packages while the wim file was mounted when the device was offline.
  • If you removed the packages by running a PowerShell cmdlet on the device while Windows was online. Although the apps won’t appear for new users, you’ll still see the apps for the user account you signed in as.

When you remove a provisioned app, we create a registry key that tells Windows not to reinstall or update that app the next time Windows is updated. If the computer isn’t online when you deprovision the app, then we don’t create that registry key. (This behavior is fixed in Windows 10, version 1803. If you’re running Windows 10, version 1709, apply the latest security update to fix it.)

 Note

If you remove a provisioned app while Windows is online, it’s only removed for new users—the user that you signed in as will still have that provisioned app. That’s because the registry key created when you deprovision the app only applies to new users created after the key is created. This doesn’t happen if you remove the provisioned app while Windows is offline.

To prevent these apps from reappearing at the next update, manually create a registry key for each app, then update the computer.

Create registry keys for deprovisioned apps

Use the following steps to create a registry key:

  1. Identify any provisioned apps you want removed. Record the package name for each app.
  2. Create a .reg file to generate a registry key for each app. Use this list of Windows 10, version 1709 registry keys as your starting point.
    1. Paste the list of registry keys into Notepad (or a text editor).
    2. Remove the registry keys belonging to the apps you want to keep. For example, if you want to keep the Bing Weather app, delete this registry key:YAMLCopyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\A ppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe]
    3. Save the file with a .txt extension, then right-click the file and change the extension to .reg.
  3. Double-click the .reg file to create the registry keys. You can see the new keys in HKLM\path-to-reg-keys.

You’re now ready to update your computer. After the update, check the list of apps in the computer to confirm the removed apps are still gone.

Package names for apps provisioned in Windows 10, version 1709

Displayed app namePackage name
Microsoft.3DBuilderMicrosoft.3DBuilder_15.2.10821.1000_neutral_~_8wekyb3d8bbwe
Microsoft.BingWeatherMicrosoft.BingWeather_4.23.10923.0_neutral_~_8wekyb3d8bbwe
Microsoft.DesktopAppInstallerMicrosoft.DesktopAppInstaller_1.10.16004.0_neutral_~_8wekyb3d8bbwe
Microsoft.GetHelpMicrosoft.GetHelp_10.1706.1811.0_neutral_~_8wekyb3d8bbwe
Microsoft.GetstartedMicrosoft.Getstarted_5.12.2691.1000_neutral_~_8wekyb3d8bbwe
Microsoft.HEVCVideoExtensionMicrosoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe
Microsoft.MessagingMicrosoft.Messaging_2018.124.707.0_neutral_~_8wekyb3d8bbwe
Microsoft.Microsoft3DViewerMicrosoft.Microsoft3DViewer_3.1803.29012.0_neutral_~_8wekyb3d8bbwe
Microsoft.MicrosoftOfficeHubMicrosoft.MicrosoftOfficeHub_2017.715.118.0_neutral_~_8wekyb3d8bbwe
Microsoft.MicrosoftSolitaireCollectionMicrosoft.MicrosoftSolitaireCollection_3.18.12091.0_neutral_~_8wekyb3d8bbwe
Microsoft.MicrosoftStickyNotesMicrosoft.MicrosoftStickyNotes_2.1.18.0_neutral_~_8wekyb3d8bbwe
Microsoft.MSPaintMicrosoft.MSPaint_4.1803.21027.0_neutral_~_8wekyb3d8bbwe
Microsoft.Office.OneNoteMicrosoft.Office.OneNote_2015.9126.21251.0_neutral_~_8wekyb3d8bbwe
Microsoft.OneConnectMicrosoft.OneConnect_3.1708.2224.0_neutral_~_8wekyb3d8bbwe
Microsoft.PeopleMicrosoft.People_2017.1006.1846.1000_neutral_~_8wekyb3d8bbwe
Microsoft.Print3DMicrosoft.Print3D_1.0.2422.0_neutral_~_8wekyb3d8bbwe
Microsoft.SkypeAppMicrosoft.SkypeApp_12.1811.248.1000_neutral_~_kzf8qxf38zg5c
Microsoft.StorePurchaseAppMicrosoft.StorePurchaseApp_11802.1802.23014.0_neutral_~_8wekyb3d8bbwe
Microsoft.WalletMicrosoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe
Microsoft.Windows.PhotosMicrosoft.Windows.Photos_2018.18022.15810.1000_neutral_~_8wekyb3d8bbwe
Microsoft.WindowsAlarmsMicrosoft.WindowsAlarms_2017.920.157.1000_neutral_~_8wekyb3d8bbwe
Microsoft.WindowsCalculatorMicrosoft.WindowsCalculator_2017.928.0.1000_neutral_~_8wekyb3d8bbwe
Microsoft.WindowsCameraMicrosoft.WindowsCamera_2017.1117.10.1000_neutral_~_8wekyb3d8bbwe
microsoft.windowscommunicationsappsmicrosoft.windowscommunicationsapps_2015.9126.21425.0_neutral_~_8wekyb3d8bbwe
Microsoft.WindowsFeedbackHubMicrosoft.WindowsFeedbackHub_2018.323.50.1000_neutral_~_8wekyb3d8bbwe
Microsoft.WindowsMapsMicrosoft.WindowsMaps_2017.1003.1829.1000_neutral_~_8wekyb3d8bbwe
Microsoft.WindowsSoundRecorderMicrosoft.WindowsSoundRecorder_2017.928.5.1000_neutral_~_8wekyb3d8bbwe
Microsoft.WindowsStoreMicrosoft.WindowsStore_11803.1001.613.0_neutral_~_8wekyb3d8bbwe
Microsoft.Xbox.TCUIMicrosoft.Xbox.TCUI_1.8.24001.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxAppMicrosoft.XboxApp_39.39.21002.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxGameOverlayMicrosoft.XboxGameOverlay_1.24.5001.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxIdentityProviderMicrosoft.XboxIdentityProvider_2017.605.1240.0_neutral_~_8wekyb3d8bbwe
Microsoft.XboxSpeechToTextOverlayMicrosoft.XboxSpeechToTextOverlay_1.21.13002.0_neutral_~_8wekyb3d8bbwe
Microsoft.ZuneMusicMicrosoft.ZuneMusic_2019.18011.13411.1000_neutral_~_8wekyb3d8bbwe
Microsoft.ZuneVideoMicrosoft.ZuneVideo_2019.17122.16211.1000_neutral_~_8wekyb3d8bbwe

Registry keys for provisioned apps

ConsoleCopy

Windows Registry Editor Version 5.00
;1709 Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.GetHelp_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Getstarted_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MSPaint_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Office.OneNote_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.OneConnect_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.People_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Print3D_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SkypeApp_kzf8qxf38zg5c]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.StorePurchaseApp_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Wallet_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Windows.Photos_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsAlarms_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCalculator_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCamera_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\microsoft.windowscommunicationsapps_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsMaps_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsStore_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Xbox.TCUI_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxApp_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameOverlay_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.3DBuilder_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.HEVCVideoExtension_8wekyb3d8bbwe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Messaging_8wekyb3d8bbwe]

Get-AppxPackage Get-AppxPackage -allusers Remove-AppxPackage

Source :
https://learn.microsoft.com/en-us/windows/application-management/remove-provisioned-apps-during-update

How to Disable or Remove OneDrive on Windows 11

BY ABHISHEK KUMAR MISHRA
PUBLISHED AUG 12, 2022

Windows 11 comes with OneDrive pre-installed, but you don’t have to live with it if you don’t want to.

In newer versions of Windows, Microsoft added OneDrive to its “out-of-box experience,” meaning you get the app on your system from day one. OneDrive is a great tool for keeping your files stored in the cloud, but some users have their own preferred cloud storage app or want to keep everything on local storage.

If you feel that OneDrive serves no useful purpose to you, it is possible to disable the app. This post will discuss the methods to disable the app on your system. In addition, you will learn multiple ways to completely remove it.

Why Should You Disable OneDrive?

You may not want to keep a cloud backup of sensitive files related to work or personal use cases. One another issue is that OneDrive runs as soon as you boot your system. It continues to run in the background and consumes system and network resources in the process.

If you have a low-spec system or metered network connection, you can relate to this issue. So, it would be a good idea to disable or remove the app from your system in these circumstances.

Does Microsoft OneDrive Impact PC Performance?

OneDrive launches as soon as your system boots up. It tries to sync your documents to the cloud and runs in the background. Systems that have bare minimum compute resources can struggle with performance.

As such, if your PC isn’t the fastest out there, disabling OneDrive or getting rid of it entirely can help squeeze some precious processing power out of your system for other tasks.

How to Disable OneDrive on Windows 11

There are multiple ways to disable OneDrive on your system. You can disable the service from running at startup, disable it via the Group Policy Editor, or you can unlink your account from it.

1. How to Stop OneDrive From Launching at Startup

To disable OneDrive from launching at startup, do as follows:

  1. Go to the system tray icon area and click on the arrow icon. Then click on the OneDrive system tray icon to reveal the settings.
  2. Click on the gear icon and then select settings from the context menu.
  3. Switch to the Settings tab. Uncheck the Start OneDrive automatically when I sign in to the Windows option under the General section.Disable OneDrive From Launching At Startup
  4. Close the window. Now OneDrive won’t start automatically when you boot your PC up.

If you unlink your OneDrive account, the app won’t be able to sync your files anymore. To unlink your account, repeat the following steps.

  1. Open the OneDrive app from the system tray icon. Click on the gear icon and then click on the Settings option.
  2. Find the Unlink this PC option present under the Accounts tab.Unlink-Your-OneDrive-Account-1
  3. Follow the on-screen prompts to unlink your account and close the Window.

3. How to Disable OneDrive Using the Group Policy Editor

Windows users who own an Enterprise or Professional copy can use the Group Policy Editor to disable OneDrive. If you’re not on either of those versions, you’ll need to learn how to access the Group Policy Editor on Windows Home before you try these steps.

  1. Press Win + R to launch the Run command box on your system. Input gpedit.msc and press the Enter key.
  2. Group Policy Editor will launch.
  3. Navigate to Computer Configuration > Administrative Templates > Windows Components > OneDrive.
  4. Once you are inside the OneDrive folder, find the Prevent the usage of OneDrive for file storage policy.Disable OneDrive Using Group Policy Editor
  5. Double-click on it to edit the policy. A new window with detailed settings will pop up.
  6. Click on the Disabled radio button and then click the Apply button.
  7. Click on the OK button and exit the Group Policy Editor.

How to Remove OneDrive From Windows 11

If you’d rather just get rid of the app entirely, here are a few methods to remove OneDrive from your computer.

1. How to Uninstall OneDrive Using the Settings App

To remove OneDrive using the Settings app, do as follows:

  1. Press Win + I to launch the Settings app. Then navigate to the left-hand side menu and click on Apps.
  2. Then click on the Installed apps option in the Apps section.
  3. Scroll down and locate Microsoft OneDrive app in the list.
  4. Click on the three dots and select the Uninstall option.Uninstall OneDrive Using the Settings App
  5. Confirm your action and click on the Uninstall button again.
  6. Now, follows the on-screen prompts to remove the app from your system.

2. How to Uninstall OneDrive Using the Command Prompt

To remove OneDrive using the command prompt, do as follows:

  1. Press the Win key and search command prompt. Right-click on the first result and select the Run as administrator option.
  2. The command prompt will launch. Now, input the following command in the terminal: TASKKILL /f /im OneDrive.exe
  3. Once the command finishes executing, enter the uninstallation command: %systemroot%\SysWOW64\OneDriveSetup.exe /uninstallUninstall OneDrive Using CMD
  4. Wait for the execution to complete. CMD will not display any message about the uninstallation command.
  5. Exit the command prompt window. OneDrive won’t bother you anymore.

3. How to Uninstall OneDrive Using the PowerShell

To remove OneDrive using PowerShell, do as follows:

  1. Press the Win key and search for PowerShell. Right-click on the first search result and click on the Run as administrator option.
  2. PowerShell will launch. Now input the following command: winget uninstall onedriveUninstall OneDrive Using Powershell
  3. Press the Enter key to execute the command. You will see a successfully uninstalled message if the command executes without any error.
  4. Now, exit the PowerShell window.

4. How to Uninstall OneDrive Using a Batch Script

The above-mentioned processes uninstall the app but do not delete the remaining traces of the OneDrive app. However, there is a batch script that you can use to uninstall the app as well as remove all the traces of OneDrive from your system.

To remove OneDrive using a batch script, do as follows:

  1. Press the Win key and search for Notepad on your system. Click on the first result to launch the notepad app.
  2. Now, copy the following code into the notepad app window. Make sure to recheck the document for missing lines of code, if any.@echo off
    cls

    set x86="%SYSTEMROOT%\System32\OneDriveSetup.exe"
    set x64="%SYSTEMROOT%\SysWOW64\OneDriveSetup.exe"

    echo Closing OneDrive process.
    echo.
    taskkill /f /im OneDrive.exe > NUL 2>&1
    ping 127.0.0.1 -n 5 > NUL 2>&1

    echo Uninstalling OneDrive.
    echo.
    if exist %x64% (
    %x64% /uninstall
    ) else (
    %x86% /uninstall
    )
    ping 127.0.0.1 -n 5 > NUL 2>&1

    echo Removing OneDrive leftovers.
    echo.
    rd "%USERPROFILE%\OneDrive" /Q /S > NUL 2>&1
    rd "C:\OneDriveTemp" /Q /S > NUL 2>&1
    rd "%LOCALAPPDATA%\Microsoft\OneDrive" /Q /S > NUL 2>&1
    rd "%PROGRAMDATA%\Microsoft OneDrive" /Q /S > NUL 2>&1

    echo Removing OneDrive from the Explorer Side Panel.
    echo.
    REG DELETE "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f > NUL 2>&1
    REG DELETE "HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f > NUL 2>&1
    pause
  3. Now, navigate to the top area and click on the File option. Select the Save as option from the dropdown menu.Uninstall OneDrive Using batch script
  4. Choose the save location as desktop so that it is easier to find the file.
  5. Input a name that reflects the use case of the .bat file. For example, OneDriveRemovalTool.
  6. Now, click on the Save as type option and select All files from the drop-down list.
  7. Click on the Save button to save your .bat file.
  8. Go to the desktop and right-click on the newly created .bat file. Select the Run as administrator option.
  9. Let it finish execution and restart your computer. OneDrive won’t bug you anymore.

5. How to Uninstall OneDrive Using a Third-party Uninstaller Program

Uninstalling OneDrive using the Windows uninstaller leaves a lot of files and folders behind. In such cases, you can try a third-party uninstaller tool that will clean up everything related to OneDrive.

We will use Revo uninstaller app for this method, but you can use your preferred third-party uninstaller app for Windows if you like.

  1. Open any browser on your system and go to the official Revo uninstaller download page.
  2. Download the free version and install it on your system.
  3. Launch Revo uninstaller. Find OneDrive from the list of installed programs.
  4. Right-click on OneDrive and select the Uninstall option from the context menu.
  5. Uninstall window will pop up. Click on the continue button to proceed.Uninstall OneDrive Using Revo unistaller
  6. After the uninstall completes, select the advanced option to search for files and folders associated with OneDrive.
  7. Follow the on-screen prompts and delete everything. Restart your system for changes to take effect. You won’t find OneDrive anywhere on your system.

OneDrive Won’t Bother You Anymore

These were the steps to disable or remove OneDrive on your Windows machine. If you plan on reusing OneDrive someday, stick with the disabling methods. But if you want to remove it from your system, you can try out any of the uninstallation methods mentioned above.

Source :
https://www.makeuseof.com/windows-11-disable-remove-onedrive/

WinRM QuickConfig, HowTo Enable via GPO or Remotely on All Servers

Marc Wilson UPDATED: February 3, 2023

Configuring “WinRM Quickconfig” on remote computers can be a little difficult at times, especially if this is your first time using the Windows Remote Management service.

There are several ways to go about enabling winrm quickconfig on remote computers, many admins like to push the task to a GPO and others like to do it through powershell or 3rd Party programs.

We’ll highlight 3 different methods we’ve used in the past to get Windows Remote Management service enabled, along with avoiding the dreaded “WINRM QUICKCONFIG ACCESS DENIED” error that many people get when going through this process.

3 Ways to Remotely Enable WinRM on Windows Clients/Servers:

  1. Download and Run this Free Utility from Solarwinds to activate it on Remote Machines
  2. Setup new Group Policy Object to enable the WinRM Service and Firewall Rules
  3. Use PSEXEC to Remotely Enable on Client Machines

1. Free Utility for Remote Activation

This is by far the easiest way if you’ve already configured the Windows Firewall in your network. Solarwinds has a nifty free tool called “Remote Execution Enabler for PowerShell” that has the functionality to enable and configure WinRm on local and remote hosts within your network.

Its as easy as entering in the IP Address(es) or IP Address Range of all the computers your targeting, than enter credentials that have Administrative Rights to that PC (usually accounts in the Domain Administrators Group will do the trick) and click the “START CONFIGURATION” button:

winrm remote enabler by solarwinds screenshot

When the utility is finished starting the Windows Remote Management services on all IP Addresses or Ranges specified, you will see a green dot with a “Complete” status, as seen below:

completed screen

Grab the little utility from below and give it a go:

Download Free!

2. Setup via Group Policy Object (GPO)

If the above solution didn’t work for you, then setting up a GPO to do all the configuration is the next best thing, as you can assign it to any given computer or OU if necessary. Below are instructions for Windows 2012 R2 Server GPO setup.

  1. Open Group Policy Management from within Administrative Tools folder.
  2. Right-click on the desired OU that you want to create a Group Policy Object for and click on “Create a GPO in this Domain, and Link it here…
  3. Rename the GPO to whatever you would like, “Enable WinRM via GPO” or something along those lines then click OK.
  4. Now that the new GPO has been created, right-click on the Newly created GPO and click “EDIT“.
  5. Expand the Menu tree as follows: Computer Configuration > Policies Administrative Templates: Policy definitions > Windows Components > Windows Remote Management (WinRM) WinRM Service.
  6. Find the setting that says “Allow remote server management through WinRM” and right-click and click “EDIT” to configure the settings. (see image below)
    winrm group policy setting
  7. When the dialog box opens up, click “Enabled” and under the options section, either specify an IP Address range or put an Asterisk “*” to allow all IP addresses to remotely manage the PC. (We recommend specifying an IP Address to reduce any risk of a security compromise of your systems/network).
    config settings
  8. Now lets enable the Windows Remote Mangement (WS-Management) Service to start automatically.
    Go to Computer Configuration >  Preferences > Control Panel Settings > Services and right-click and select “NEW” and the select “Service“.
  9. A New Service Properties window will come up and you will need to change Startup to “Automatic (Delayed Start)” and then in the Service Name dialog box, click the box with the 3 dots in it to the right of the Service name box and select “Windows Remote Management (WS-Management)” and click the Select button.
  10. Once you’ve selected the Service, under the “Service action:” pull down, we’ll want to click “Start service“.
    gpo service setup
  11. Last Step of this Process is to configure the Windows Firewall to Allow the proper ports inbound.Go to Computer Configuration > expand Policies > expand Windows Settings > expand Security Settings > expand Windows Firewall with Advanced Security > expand Windows Firewall with Advanced Security > expand Inbound Rules.Right-click the Inbound Rules node and choose New Rule. (see screenshot below)inbound firewall rule
  12. When the New Inbound Rule wizard box opens, click on the “Predefined” radio button and scroll down to “Windows Remote Management” and click on it. (see screenshot below)predefinied winrm rule
  13. Next we’ll click on the Left Sidebar menu item that says “Predefined Rules” in order to not Allow the Firewall to open this Port to the Public network.When the window opens, uncheck the box that says Public profile next to it, as seen in the image below. This ensures that we only allow WinRM access to the Private and Domain networks.Then Click the Next button:remove public firewall rule
  14. The Last screen of the New Inbound Firewall Wizard will just ask whether to Allow The Connection or block it.Make sure the that “Allow the connection” radio box is checked and click Finish.

    allow connection

At this point, you’ve successfully finished the GPO and you’ll need to wait for the GPO to propagate throughout your network.

3. PSEXEC for WinRM Activation

If either of the two options above don’t work for you, using PSEXEC to remotely enable the service is another option, if you prefer. Here are the relevant commands you will need in order to execute “winrm quickconfig” using PSexec command line utility.

  1. Make sure you have PSEXEC installed on your machine and the proper “PATH” setup within your system variables – this should be automatically added when you install PSEXEC.If you dont have PSEXEC installed yet, grab the download from here (its part of the PSTOOLS package) and install it.
  2. Launch the an elevated “Command Prompt” window using your local/domain administrator account as the user of the target machine/s, to ensure that you have the necessary permissions to configure WinRM remotely on machines in your network.To run “Command Prompt” as a different user, hold the Shift Key down and right-click on the Command Prompt link and click on “Run as Different User” and then enter in a user account that has Administrator Privileges on all computers your targeting.elevated command prompt domain adminlogin
  3. Run one of the following commands below:psexec \\ComputerName -s winrm.cmd quickconfig -q or create a text file with all the computer names you want to target and save them on your C:\ drive and run the command below to enable on all PC’s in the specified text file we just created.Now you can run any one of the commands below depending on what you want to accomplishpsexec @c:\ALLComputerNames.txt -s winrm.cmd quickconfig -q
  4. If all goes well, you’ll see a screen like the one below that confirms everything has been configured properly for WinRM on the remote machine/s.psexec winrm remotely success

WinRM FAQs

is WinRM the same as RDP?

WinRM and RDP are two different systems but they can be used for the same purpose, which is to get remote access to a computer and execute commands. WinRM is a text-based system but RDP shows the Desktop of the remote computer.

Is WinRM a security risk?

WinRM uses HTTP by default and that isn’t secure. However, you can configure the system to use HTTPS for connections and that makes WinRM secure.

Does WinRM use TLS?

WinRM will use Transport Layer Security (TLS) if you specify that it should run its connections with HTTPS.

How does WinRM QuickConfig configure the firewall on the remote computer?

WinRM QuickConfig configures the firewall on the remote computer by adding a rule to allow incoming traffic on the WinRM port (default is 5985).

Is WinRM QuickConfig secure?

WinRM QuickConfig uses the HTTPS protocol to encrypt communication between the remote and local computers, making it secure for remote management.

What are the prerequisites for using WinRM QuickConfig on a remote computer?

The prerequisites for using WinRM QuickConfig on a remote computer include having administrative privileges on both the local and remote computers and having network connectivity between the computers.

How can I verify that WinRM is configured correctly on a remote computer?

To verify that WinRM is configured correctly on a remote computer, you can use the “WinRM Id” command to retrieve information about the remote computer and the WinRM configuration. If the command returns information about the remote computer and the WinRM configuration, it means that WinRM is configured correctly.

Related Articles:

What Is WinRM? Windows Remote Management command-line Utility

Source :
http://Source : https://www.pcwdld.com/winrm-quickconfig-remotely-configure-and-enable/

How to Install Windows 11 on Unsupported Hardware (Without TPM & Secure Boot)

June 8, 2023

To install Windows 11 (or upgrade from Windows 10), your computer must meet certain minimum system requirements: TPM 2.0 chip (Trusted Platform Module), UEFI + Secure Boot mode enabled, 3+ GB RAM, at least 64 GB hard drive, and a compatible 1GHz dual-core CPU (not all processors are supported!). Microsoft restricts the installation of Windows 11 to non-compatible devices by performing some pre-installation hardware requirements checks. In this article, we’ll show how to install Windows 11 on unsupported hardware without checking CPU, TPM, Secure Boot, and other requirements.

If your computer does not meet the minimum Windows 11 hardware requirements, you will see the following error during the OS installation:This PC can’t run Windows 11. This PC doesn’t meet the minimum system requirements to install this version of Windows. For more information, visit aka.ms/WindowsSysReq

To understand what requirements your computer doesn’t meet, check the Windows 11 setup errors in the setuperr.log file. This file contains only Windows installation errors (you can find the complete Windows install log in the setupact.log file, but it is hard to debug it since it is very large).

To open the Windows setup error log, open the command prompt right on the setup screen by pressing Shift + F10 and run this command:

notepad x:\windows\panther\setuperr.log

troubleshoot Windows 11 installation erorrs, minimum system requirement check via setuperr.log

In our case, the error says that there is not enough RAM on the computer (only 2 GB instead of 3 GB):2022-02-02 08:17:57, Error VerifyRAMRequirements: System has INSUFFICIENT system memory: [2048 MB] vs [3686 MB]

Please note that if your computer doesn’t meet several minimal requirements to install Windows, only the first one will be displayed in the setup log. It means that if you fixed or bypassed one of the compatibility errors, another compatibility error will appear in the installation log the next time you run Windows 11 Setup.

After we have added more RAM to the device, another error appeared:2022-02-02 08:43:21, Error VerifyTPMSupported:Tbsi_GetDeviceInfo function failed – 0x8028400f[gle=0x0000007a]

This means that the Windows 11 setup wizard detected there was no TPM chip on the computer.

If you install Windows 11 to a VMWare virtual machine, you can add a virtual TPM chip following the following guide. Another guide is used for Hyper-V VMs.

However, you can continue Windows 11 setup by ignoring one or more of the compatibility requirements.

To do it, use the command prompt on the Windows 11 setup screen:

  1. Run the Registry Editor regedit.exe.
  2. Go to HKEY_LOCAL_MACHINE\SYSTEM\Setup registry key and create a new key with the name LabConfig;
  3. Create reg DWORD parameters with values 1 for those compatibility checks you want to skip during installation.

The following bypass options are available for installing Windows 11 on unsupported hardware:

  • BypassCPUCheck – for incompatible CPUs
  • BypassTPMCheck – without a TPM 2.0+ chip
  • BypassRAMCheck – to skip minimum RAM check
  • BypassSecureBootCheck – for Legacy BIOS devices (or UEFI firmware with Secure Boot disabled)
  • BypassStorageCheck – to minimal bypass system drive size check

For example, in order not to check the TPM module during installation, create the BypassTPMCheck registry parameter with the value 1. You can do it using the graphical Registry Editor or with the command:

reg add HKLM\SYSTEM\Setup\LabConfig /v BypassTPMCheck /t REG_DWORD /d 1

windows 11 setup screen: bypass unsupported device checks using the bypasstpmcheck parameter under the reg key labconfig

In the same way, create other registry parameters for the checks you want to skip when installing Windows 11.

Then get back to Windows 11 setup window, go one step back, and continue with a typical Windows installation without compatibility checks.

You can modify Windows 11 installation ISO image so that all checks (TPM, SecureBoot, disk size, RAM, CPU) are skipped during OS installation. To do it, create a text file AutoUnattend.xml with the following contents:<unattend xmlns=”urn:schemas-microsoft-com:unattend”> <settings pass=”windowsPE”> <component name=”Microsoft-Windows-Setup” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”> <RunSynchronous> <RunSynchronousCommand wcm:action=”add”> <Order>1</Order> <Path>reg add HKLM\System\Setup\LabConfig /v BypassTPMCheck /t reg_dword /d 0x00000001 /f</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action=”add”> <Order>2</Order> <Path>reg add HKLM\System\Setup\LabConfig /v BypassSecureBootCheck /t reg_dword /d 0x00000001 /f</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action=”add”> <Order>3</Order> <Path>reg add HKLM\System\Setup\LabConfig /v BypassRAMCheck /t reg_dword /d 0x00000001 /f</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action=”add”> <Order>5</Order> <Path>reg add HKLM\System\Setup\LabConfig /v BypassCPUCheck /t reg_dword /d 0x00000001 /f</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action=”add”> <Order>4</Order> <Path>reg add HKLM\System\Setup\LabConfig /v BypassStorageCheck /t reg_dword /d 0x00000001 /f</Path> </RunSynchronousCommand> </RunSynchronous> <UserData> <ProductKey> <Key></Key> </ProductKey> </UserData> </component> </settings> </unattend>

autounattend.xml bypass windows 11 hardware requirements

If you want to disable Microsoft online account creation screen, add the following component section to the file:<component name=”Microsoft-Windows-Shell-Setup” processorArchitecture=”amd64″ publicKeyToken=”31bf3856ad364e35″ language=”neutral” versionScope=”nonSxS” xmlns:wcm=”http://schemas.microsoft.com/WMIConfig/2002/State” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”> <OOBE> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <ProtectYourPC>3</ProtectYourPC> </OOBE> </component>

Copy this file to the root of your Windows 11 USB installation media.

If you want to add an answer file to Windows 11 ISO image, extract its contents to any folder on your computer, copy AutoUnattend.xml to the same directory, and rebuild the ISO image.

I used free DISM++ (Toolkit -> ISO maker) to create the custom Windows 11 ISO image.

dism ++ modify windows iso image add answer file autounattend.xml

Then no hardware compatibility checks will be performed during Windows 11 setup.

Also, you can use the new Rufus version to create installation USB flash drives. It contains a special option: Extended Windows 11 Installation (no TPM/no Secure Boot/8Gb- RAM). This option allows you to create an image to install Windows 11 without checking TPM and Secure Boot:

rufus create installation media without TPM ans secure boot checks

Source :
https://woshub.com/windows-11-unsupported-hardware-no-tpm-secure-boot/