Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [best-practices]

Questions asking for best practices in a given field. Be aware, that sometimes there might be no generally accepted best practices, in which case the question is likely to be closed for being subjective.

351 questions
1
vote
1 answer

Pre-Staging Computer Accounts

I hear that you can create the computer account in AD before you join the computer to the domain so that the computer immediately gets the right groups and such. I created the account by running something like: New-ADComputer -Name PCXXX -Path…
David
  • 316
  • 3
  • 15
1
vote
2 answers

RAIDs with a lot of spindles - how to safely put to use the "wasted" space

I have a fairly large number of RAID arrays (server controllers as well as midrange SAN storage) that all suffer from the same problem: barely enough spindles to keep the peak I/O performance, and tons of unused disk space. I guess it's a universal…
kubanczyk
  • 13,812
  • 5
  • 41
  • 55
1
vote
2 answers

Should I change root password

I manage about 50 servers mostly by remote access using ssh on a custom port (root login disabled and users need a public/private key to log in, password login are disabled). each servers have a unique root password (long string of…
cptHammer
  • 113
  • 4
1
vote
1 answer

Minimum level of access required for service account to run a scheduled task on server?

We have 2 domain administrator accounts in Active Directory: "Administrator" and "Robocopy". Robocopy is a service account associated with a scheduled task which executes a batch file- which runs Robocopy (on our SBS 2003 file server/domain…
Austin ''Danger'' Powers
  • 1,180
  • 6
  • 21
  • 51
1
vote
3 answers

Using drivers not supplied by server motherboard manufacturer

Is it considered bad practice/risky to use drivers for servers not provided by the motherboard manufacturer? My on board NIC drivers supplied by the manufacturer of my motherboard were released in summer 2012 and Intel has released several newer…
gravidThoughts
  • 197
  • 1
  • 8
1
vote
0 answers

Enable shadow copy where VHD files are stored?

Should I enable Shadow Copy on the volume that stores our Hyper-V VHDs? This same volume also has all our file shares, which is why I want to turn on shadow copy. If I do enable it, will it eat up my storage space, what with VHDs being quite big and…
Syntax
  • 225
  • 3
  • 9
1
vote
1 answer

Install Apache from Source or from Binary?

I work on a platform which serves several different projects. For the most part, all of the projects install their web server using Red Hat's RPM. We never created a policy for this which would require the projects' application developers to install…
theillien
  • 445
  • 3
  • 13
  • 28
1
vote
1 answer

what would be a better practice instead of chmod g+r /etc/shadow so I can use Unix user/group database for Jenkins authentication?

I don't want to run Jenkins as root, nor giving public access (or even group access) to /etc/shadow seems to a good idea. as suggested by "Manage Jenkins" when selecting Linux user/group database: "Either Jenkins needs to run as root or User 'httpd'…
MauricioOtta
  • 162
  • 2
  • 8
1
vote
3 answers

ESXi running 2 x Windows 2012 setup advice

After much deliberating and advice I'm intending to use an element of virtualisation for deploying some new servers. The original (physical) plan was one server running as domain controller, SQL (express), IIS and file/print server. It would be for…
george
  • 71
  • 9
1
vote
1 answer

When moving a server from behind a firewall into a DMZ, should you move a test server first?

We have to move a server from within the firewall to a DMZ (not a true DMZ, but a space that's between 2 firewalls. Is it typically a good idea, when moving a server in this fashion, to stand up another machine with the target IP to test the…
cdeszaq
  • 193
  • 1
  • 8
1
vote
2 answers

remote access/vpn to windows server 2012 production server best practice

I' need to access my production environment from remote ,outside the lan for emergency. I don't want users are prompted for remote desktop credencials and try to guess username and password. So what can i do? What is vpn? is it more secure?
user2119955
  • 25
  • 4
1
vote
1 answer

best practice renaming ssh login server

quick question: let's say you have a ssh login computer called sshlogin.example.com. Now for some obscure reason, your company decided to rename that machine to ssh.example.com. What's the best practice here? should I generate new ssh keys for…
memyself
  • 335
  • 6
  • 13
1
vote
2 answers

Is there a reason I shouldn't use iptables port forwarding?

I have a small application running on port 8888, and as a quick fix to remove the need to append the url with the port, I used the iptables program to forward all requests to port 80 to 8888. sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport…
CBA
  • 113
  • 4
1
vote
5 answers

Best Practices for Open Relay Email Server

I have a scenario where I need to setup postfix with no TLS, no SMTP authentication, and open relay allowing from only one remote IP address. Emails from this remote IP may have spoofed "from" address as well. I know, dont ask about how I got to…
WJR
  • 341
  • 1
  • 4
  • 17
1
vote
1 answer

Avoiding sudo to root with an alias, is it possible?

I've developed a bad habit of constantly sudoing to root. I was wondering if its possible to create an alias that prevents straight sudo but allows sudo -u. Or possibly echoes a warning when using sudo?
Peter Hargreaves
  • 27
  • 1
1 2 3
23 24