Monthly Archives: March 2017

How to properly implement Access Control Policy.

Several days ago finished my free video seminar. Recording is done in Mongolian. Many my friends, Mongolian IT engineers ask me how properly organize, monitor, maintain assigned permissions to different IT resources (not only shared folder or printer) in accordance with least required access, how adequately conduct Access Control using RBAC. Please share this video with your friends/co-workers – i believe that discussed problem is very common in our IT community.

Follow by this link to watch my video lesson on youtube.Read the rest


Briefly: how to maintain remote branches computers without visits.
how to format or re-image or backup or restore or repair or monitor company computers over lan, over wan.

We propose to attend our new two days seminar:


  • Windows Deployment Service/WDS
  • pxelinux before WDS for protection by password and booting Linux distributives including ESXi installers, memtest, ghost, Acronis and so on
  • How to netboot MS DaRT/ERD tools to repair/backup remote computers settings and data
  • Unattended installation
  • KMS server for Windows, Office auto-activation during unattended installation
  • free Veeam End-point Backup and Veeam Backup and Replication Server for remote restores
Read the rest

Facts about Active Directory to help understand it and properly use.

  1. AD is the basement/heart/glue for all Microsoft (and not only Microsoft) server products. Almost any Microsoft solution is based on AD as a prerequisite. Therefore it’s common misunderstanding and misuse that AD is considered only as side effect (or even as lesser unavoidable evil :)) of implementation of other Microsoft systems like MS Dynamics NAV, Exchange, Lync, Sharepoint. It means you cannot install Exchange without pre-installation and pre-configuration of AD. As a result of a such wrong approach to AD many companies don’t use Active Directory appropriately, some of them completely don’t understand what is the main role of AD
Read the rest

iMac and macbooks in Windows environment, why you better integrate them.

The main reason why you need to limit end-users on Windows and Mac computers is the same – much longer periods of stable, guaranteed work with less maintenance overheads.

Recently i see more and more companies which ignores that principle. Mindlessly MacOS is considered as more stable and protected by default without any needs in extra efforts. But if you don’t deprive end-user rights for full system configuration as you do for Windows computers you can get really bad problems. The most unpleasant one is when you got a blocked computer with unknown EFI firmware password. On modern models of

Read the rest