Here are some best practices for a small business that has purchased Microsoft Windows Server 2019:

1. Plan your deployment: Before deploying Windows Server 2019, it is important to plan your infrastructure and determine your specific needs and requirements. This includes determining the number of servers you will need, the roles and features you will need to install, and the hardware and software requirements.
2. Create a disaster recovery plan: It's important to have a disaster recovery plan in place to protect your data and systems in case of an unexpected event. This includes creating regular backups, testing your disaster recovery procedures, and having a plan in place for restoring services in case of an outage.
3. Keep your server and software updated: Regularly updating your server and software can help to ensure that your systems are secure and running optimally. This includes patching your server, updating your antivirus software, and ensuring that your software is compatible with Windows Server 2019.
4. Monitor your server's performance: Regularly monitoring your server's performance can help you identify and resolve issues before they become critical. This includes monitoring your server's CPU, memory, and disk usage, as well as monitoring your network's performance.
5. Secure your server: Windows Server 2019 has many built-in security features that can help protect your server from external threats. This includes implementing firewalls, using a strong password policy, and encrypting your data.
6. Train your IT team: Windows Server 2019 is a powerful and complex operating system that requires knowledge and skill to manage effectively. It's important to provide training to your IT team to ensure they have the necessary knowledge and skills to manage and maintain your server.

By following these best practices, you can help ensure that your Windows Server 2019 deployment is successful and that your small business is protected from potential security risks.  If you can get Windows Server 2022 the same rules apply. ​Notable differences between Window Server 2019 and Window Server 2022 include increased host memory from 24TB to 48TB. The Maximum Logical CPUs have also increased from 512 to 2048.

​44 U.S. mass shootings in 2023
5179 mass shootings since 1/1/2013
0 days since the last mass shooting
data source: https://massshootingtracker.site/

“Instead of saying, ‘If it happens, then I will take action,’ the Sheepdog says, ‘When it happens, then I will be ready.’”

If the facts/data is valid, you can sort and start root cause analysis using the 5 whys technique. The most practical answers come from people who have hands-on experience with the process or problem in question (from both sides, actually criminals, sheep, and sheepdogs)

The first step in the discussion is to pick a side. If you believe that good guys(sheepdogs) can stop bad guys(wolfs), then you must choose a side you are a sheep or a sheepdog.

If you decide to be a Sheepdog, consider looking very carefully at the NJ carry permit information and process local teams that do a good job, is Gun For Hire, LLC FSS Armory and RTSP - Range, Firearms & Training (RTSP Randolph)

Places in New Jersey where private Sheepdogs are not welcomed. Wolfs (those that prey on the weak) can also read, so here is a short list of high-risk areas, and many are for a good reason and have appropriate screening levels and controls.

NO Places owned/leased/controlled by state, county, or muni gov’t

NO Courthouse, courtroom, any location used for administrative proceedings

NO Correctional or juvenile justice facility, jail, any location used for detention of suspects/offenders

NO State half-way house

NO Polling place

NO Public gatherings requiring a permit

NO School, college, university, educational institution, school bus

NO Child care/day care facility

NO Nursery, preschool, zoo, summer camp

NO Any park, beach, rec facility, playground owned/controlled by state, county or muni gov’t, or part of the above designated gun-free zone

NO Youth sports event (during, before and after) except shooting events

NO Shelters, emergency shelters, shelter programs, any shelter licensed/controlled by Juvenile Justice Commission or Division of Families

NO Community residence for developmentally disabled, head injuries, terminal illness, and residence licenses by Department of Human Services of Department of Health

NO Casinos and associated apps., hotels, retail, restaurants,bars, and entertainment facilities within casino

NO Plant that produces/distributes/converts energy

NO Airport or transportation hub

NO Heath care facility includes hospital, public health center, diagnostic center, treatment center, rehab center, extended care facility, skilled nursing home, nursing home, intermediate care facility, TB hospital, chronic disease hospital, maternity hospital, outpatient clinic, dispensary, assisted living center, home health care agency, residential treatment facility, residential health care facility, medical office, ambulatory care facility.
.
NO A facility licensed by or regulated by Department of Human Services, Department of Children or Families, Department of Health that provides mental health or addiction services

NO Public location being used for film, TV, theater purposes

NO Any place prohibited by federal or state rule or regulation of State/Federal Agency

Physical and logical security convergence refers to the integration of traditional physical security measures (such as cameras, locks, and alarms) with computer-based security systems (such as network security, access control, and surveillance). This convergence allows for a more comprehensive and holistic approach to security, as it allows organizations to better protect their assets and personnel by considering both the physical and digital realms.

One of the main benefits of physical and logical security convergence is that it allows for better information sharing between different security systems. For example, an access control system can be integrated with a video surveillance system, so that if a door is opened without proper authorization, a video of the event can be automatically recorded. This can help organizations quickly identify and respond to security breaches.

Another benefit of physical and logical security convergence is that it allows for more efficient use of resources. By integrating different security systems, organizations can reduce the number of separate devices and systems that need to be managed and maintained. This can help lower costs and reduce the risk of system failures.

One of the main challenges of physical and logical security convergence is that it can be difficult to achieve. This is because different security systems are often developed by different vendors and use different protocols and standards. This can make it difficult to integrate different systems together, and can lead to compatibility issues.
Another challenge of physical and logical security convergence is that it can be difficult to manage. This is because as more systems are integrated, the number of variables that need to be considered can increase, making it more difficult to identify and respond to security breaches.
​
Overall, physical and logical security convergence can provide a more comprehensive and holistic approach to security, allowing organizations to better protect their assets and personnel. However, it can be difficult to achieve and manage, and requires careful planning and execution to be successful.

VMWare ESXi is a popular virtualization platform for running multiple Windows servers, including Active Directory, file, and print services. Here are some best practices for setting up a VMWare ESXi system for this purpose:

1. Hardware requirements: Ensure that the hardware on which the VMWare ESXi system is running meets the minimum requirements for the number of virtual machines you plan to run.
   
2. Network design: Design the network infrastructure to ensure that the virtual machines have access to the necessary resources and that there is enough bandwidth to support the workload.
   
3. Virtual machine configuration: Configure the virtual machines with the necessary resources, such as CPU, memory, and storage, to ensure that they perform well.
   
4. Active Directory: When setting up Active Directory, ensure that the domain controllers are properly configured and that there are enough of them to provide redundancy and failover.
   
5. File and print services: When setting up file and print services, ensure that the virtual machines have access to the necessary storage and that the storage is properly configured for optimal performance.
   
6. Backup and recovery: Implement a backup and recovery strategy to ensure that the virtual machines can be restored in case of a disaster.
   
7. Security: Implement security measures, such as firewalls and intrusion detection systems, to protect the virtual machines from cyber threats.
   
8. Monitoring and reporting: Implement monitoring and reporting tools to keep track of the performance of the virtual machines and the VMWare ESXi system.
   

By following these best practices, you can set up a VMWare ESXi system that can effectively run multiple Windows servers, including Active Directory, file, and print services, and ensure that they perform well and are secure.

Cisco Meraki is a cloud-managed networking solution that provides a wide range of features and functionalities to help organizations manage their networks. The best practice for configuring Cisco Meraki depends on the specific needs and requirements of the organization. However, there are some general guidelines that can be followed to ensure that the configuration is secure and efficient.

1. Start by planning the network architecture and layout: Before making any changes to the network, it is important to have a clear understanding of the organization's needs and requirements. This includes identifying the number of devices and users that will be connected to the network, as well as the locations of these devices and users.
   
2. Set up a VLAN (Virtual Local Area Network) structure: VLANs are used to segment the network and provide more granular control over network access. This can be used to create different networks for different departments or groups of users, and to provide additional security by isolating different parts of the network.
   
3. Configure firewalls: Cisco Meraki firewalls provide advanced security features that can help protect the network from external threats. It is important to configure the firewall settings to match the organization's security policies and requirements.
   
4. Use wireless access points: Cisco Meraki wireless access points provide a range of features that can be used to optimize the wireless network. This includes setting up wireless SSIDs, configuring wireless security settings, and implementing wireless-specific policies.
   
5. Implement Network Access Control (NAC): NAC is a security feature that can be used to control access to the network based on the user's device and network status. This can be used to ensure that only authorized devices are able to connect to the network.
   
6. Use VPNs: Virtual Private Networks (VPNs) can be used to provide secure remote access to the network. Cisco Meraki provides several options for VPNs, including client VPN and site-to-site VPN.
   
7. Monitor and troubleshoot: Cisco Meraki provides a range of tools that can be used to monitor and troubleshoot the network. This includes real-time network monitoring, network analytics, and troubleshooting tools.
   
8. Keep Software and Firmware updated: Keeping the software and firmware updated ensures that the devices have the latest security patches and features.
   

By following these best practices, organizations can ensure that their Cisco Meraki configuration is secure and efficient. Keep in mind that the best practice may vary depending on the specific needs and requirements of the organization.

A SonicWall firewall can be configured for optimum security by following these best practices:

1. Enable the SonicWall Security Services: Enable the SonicWall Intrusion Prevention Service (IPS), Gateway Anti-Virus (GAV), Anti-Spyware (AS), and Application Control (App Ctrl) services to provide comprehensive protection against known and unknown threats.
2. Create security policies: Create security policies that define how traffic is handled, including access control, encryption, and authentication. These policies should be based on the principle of least privilege, allowing only the necessary access.
3. Use multiple levels of security: Use multiple levels of security, including firewalls, intrusion prevention, and VPNs to provide defense in depth. This will help to protect against known and unknown threats and reduce the risk of a successful attack.
4. Keep the firmware up-to-date: Keep the firmware up-to-date to ensure that the firewall has the latest security patches and features. This will help to protect against known vulnerabilities and newly discovered threats.
5. Use strong passwords: Use strong passwords for all administrative accounts and change them frequently. Passwords should be at least eight characters long and include a mix of letters, numbers, and special characters.
6. Use two-factor authentication: Use two-factor authentication (2FA) to provide an additional layer of security for remote access. This will help to protect against unauthorized access and reduce the risk of a successful attack.
7. Monitor and log network activity: Monitor and log network activity to detect suspicious activity and to identify potential security breaches. This will help to identify potential threats and to respond quickly to any security incidents.
8. Regularly backup the configuration: Regularly backup the configuration of the firewall to ensure that it can be quickly and easily restored in the event of a failure or security incident.
9. Regularly test the security: Regularly test the security of the firewall by performing vulnerability scans and penetration tests. This will help to identify potential vulnerabilities and to ensure that the firewall is providing the level of protection required.
10. Have an incident response plan: Have a well-defined incident response plan in place to ensure that security incidents are handled quickly and effectively. This plan should include procedures for identifying, containing, and resolving security incidents.

It is important to remember that security configuration is an ongoing process and should be regularly reviewed and updated to ensure that it remains effective against new and emerging threats. Furthermore, a security audit by a professional should be performed periodically to ensure that the firewall is configured correctly and that all the best practices are followed.

icrosoft PowerShell is a powerful tool that can be used to automate various tasks in Azure, including the creation of users. One way to create multiple users in an Azure tenant is by using a .csv file that contains the necessary information for each user. In this tutorial, we will walk through the steps of using PowerShell to create users in an Azure tenant from a .csv file.

1. First, open the PowerShell ISE and connect to your Azure tenant by running the command Connect-AzAccount. You will be prompted to enter your Azure credentials.
   
2. Next, create a new .csv file that contains the necessary information for the users you want to create. The .csv file should have the following headers: "UserName", "Password", "DisplayName", and "MailNickname". Each row should contain the information for a single user.
   
3. Import the .csv file into PowerShell by running the command $users = Import-Csv -Path "path\to\file.csv". Replace "path\to\file.csv" with the actual path to your .csv file.
   
4. Loop through each user in the .csv file using the command foreach ($user in $users).
   
5. Within the loop, create a new Azure AD user by running the command New-AzADUser -UserPrincipalName $user.UserName -DisplayName $user.DisplayName -MailNickName $user.MailNickname -AccountEnabled $true -Password (ConvertTo-SecureString -String $user.Password -AsPlainText -Force)
   
6. End the loop by running }
   
7. Run the script and it will create users in your azure tenant.
   

Note: Make sure that you are running these commands in Azure AD PowerShell module and also that you have the necessary permissions to create users in your Azure tenant.
By following these steps, you can use PowerShell to automate the creation of multiple users in an Azure tenant from a .csv file. This can save a lot of time and effort compared to manually creating each user, especially if you need to create a large number of users.

When it comes to security, it's important for businesses to trust their service providers. Accreditation is a way for businesses to ensure that their service providers are meeting industry standards and that they are providing high-quality services.
​
One of the main reasons why businesses should buy security services from accredited service providers is that these providers have been independently vetted by a third party. This means that they have been assessed against a set of standards and have been found to meet or exceed those standards. This provides businesses with a level of assurance that they are working with a reputable and trustworthy provider.

Another reason why businesses should buy security services from accredited service providers is that these providers have a proven track record of success. Accreditation is not a one-time event; it must be renewed on a regular basis, meaning that providers must continuously meet the standards in order to maintain their accreditation. This means that businesses can trust that their providers have the necessary experience and expertise to provide high-quality security services.

Accreditation can also help businesses ensure that their service providers are keeping up with the latest technology and industry developments. Accreditation bodies often require providers to demonstrate that they are using the latest technology and that they are staying up-to-date with industry trends. This helps businesses ensure that their service providers are providing the most current and effective security solutions.

Moreover, Accreditation also ensures that the service providers are adhering to the regulations, laws and compliance requirement that are specific to the industry or sector they are operating in. This is especially important for businesses that operate in regulated industries, such as financial services or healthcare, where compliance with regulations is critical to maintaining the trust of customers and stakeholders.
​
Additionally, Accreditation also helps in building trust with the customers and partners. When a business is working with an accredited security service provider, it sends a message to its customers and partners that the business takes security seriously and that it is committed to protecting its own and its customers' assets and sensitive information.

In summary, businesses should buy security services from accredited service providers because these providers have been independently vetted, have a proven track record of success, are keeping up with the latest technology and industry developments, adhering to the regulations, laws and compliance requirements and also helps in building trust with the customers and partners. Accreditation is an important way for businesses to ensure that they are working with reputable and trustworthy providers and that they are getting the high-quality security services they need to protect their assets and personnel.

Active Directory (AD) is a critical component of any Windows Server environment, and proper configuration is essential for efficient administration. Here are some best practices for configuring Windows Server 2019 Active Directory for administration:

1. Implement Group Policy Objects (GPOs): GPOs are used to centrally manage and configure settings for users and computers within the AD domain. GPOs can be used to enforce security policies, configure software settings, and manage user accounts.
   
2. Use Organizational Units (OUs): OUs are used to organize and structure the AD environment. By creating OUs for different departments, teams, or groups of users, administrators can more easily manage and apply GPOs and permissions.
   
3. Utilize Active Directory Users and Computers: This tool is used to manage the user and computer accounts within the AD domain. This tool allows administrators to create, delete, and manage accounts, as well as assign permissions and group membership.
   
4. Utilize Active Directory Domains and Trusts: This tool is used to manage the AD domain structure and trust relationships between domains.
   
5. Implement a backup and recovery strategy: Regularly backing up AD is crucial to ensure that the organization's data can be recovered in case of an emergency.
   
6. Use Active Directory Administrative Center: This is a new feature of Windows Server 2019 that provides a modern, web-based interface for managing AD. It allows administrators to perform common AD tasks such as creating and managing user and computer accounts, managing GPOs, and monitoring the health of the AD environment.
   
7. Utilize Role-Based Access Control (RBAC): RBAC allows administrators to assign different roles and permissions to different users and groups, making it easier to delegate responsibilities and manage access to resources.
   
8. Use Global Access Groups: Global access groups are used to manage access to resources across the entire AD forest. This can be used to more easily manage access to resources such as servers, printers, and applications.
   
9. Regularly check for security vulnerabilities: Regularly check for security vulnerabilities and apply the necessary patches and updates to keep your AD environment secure.
   

By following these best practices, organizations can ensure that their Windows Server 2019 Active Directory is configured for efficient administration, while also maintaining a high level of security. It's important to note that the best practice may vary depending on the specific needs and requirements of the organization.