Malkavian's questions

我尝试使用 3 台 PC 创建具有副本集的 mongodb 集群。我对 mongodb 非常陌生。这 3 台 PC 安装了 almalinux9.5 和 mongodb v6。到目前为止，我以 root 身份发出了这些命令。

 yum install https://repo.percona.com/yum/percona-release-latest.noarch.rpm
 percona-release enable psmdb-60 release
 yum list percona-server-mongodb --showduplicates
 yum install percona-server-mongodb
 systemctl start mongod
 systemctl status mongod
 systemctl stop mongod
 mongosh
 sudo firewall-cmd --add-port=27017/tcp --permanent
 firewall-cmd --reload
 systemctl restart mongod
 rm /tmp/mongodb-27017.sock
 systemctl restart mongod
 systemctl status mongod
 mongosh --port 27017  --authenticationDatabase "admin" -u "admin" -p
 nano /etc/mongod.conf 
 systemctl stop mongod

conf文件是这样的：

dbPath: /var/lib/mongo
  journal:
    enabled: true
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongo/mongod.log
processManagement:
  fork: true
  pidFilePath: /var/run/mongod.pid
net:
  port: 27017
  bindIp: 0.0.0.0
security:
  authorization: enabled
replication:
  replSetName: "rs0"
security:
    keyFile: /etc/mongodb/keyfile

当我尝试启动 mongod 并以 root 身份执行此操作时，收到以下错误日志：

{"t":{"$date":"2025-01-16T12:01:48.622+01:00"},"s":"I",  "c":"CONTROL",  "id":23285,   "ctx":"-","msg":"Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'"}
{"t":{"$date":"2025-01-16T12:01:48.629+01:00"},"s":"I",  "c":"NETWORK",  "id":4915701, "ctx":"-","msg":"Initialized wire specification","attr":{"spec":{"incomingExternalClient":{"minWireVersion":0,"maxWireVersion":17},"incomingInternalClient":{"minWireVersion":0,"maxWireVersion":17},"outgoing":{"minWireVersion":6,"maxWireVersion":17},"isInternalClient":true}}}
{"t":{"$date":"2025-01-16T12:01:48.630+01:00"},"s":"I",  "c":"NETWORK",  "id":4648601, "ctx":"main","msg":"Implicit TCP FastOpen unavailable. If TCP FastOpen is required, set tcpFastOpenServer, tcpFastOpenClient, and tcpFastOpenQueueSize."}
{"t":{"$date":"2025-01-16T12:01:48.632+01:00"},"s":"I",  "c":"ACCESS",   "id":20254,   "ctx":"main","msg":"Read security file failed","attr":{"error":{"code":30,"codeName":"InvalidPath","errmsg":"permissions on /etc/mongodb/keyfile are too open"}}}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"I",  "c":"SHARDING", "id":5847201, "ctx":"main","msg":"Balancer command scheduler stop requested"}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"I",  "c":"ASIO",     "id":22582,   "ctx":"main","msg":"Killing all outstanding egress activity."}
{"t":{"$date":"2025-01-16T12:01:48.633+01:00"},"s":"F",  "c":"CONTROL",  "id":20575,   "ctx":"main","msg":"Error creating service context","attr":{"error":"Location5579201: Unable to acquire security key[s]"}}

为了更好地解释我的尝试，我创建了一个名为 keyfile 的密钥文件，并使用 scp 将其复制到路径为 /etc/mongodb/keyfile 的 3 台 PC 上，该密钥文件现在具有权限 644。我该如何修复无法获取安全密钥的错误，这是什么意思？

您好，感谢您抽出时间。我会尝试解释我的实验。我在 kubernetes 中部署了一个应用程序。我可以使用负载均衡器访问它。使用 traefik，我可以通过 http 访问它。我想通过 Https 访问它。为了实现该结果，我尝试关注 youtube 视频和 traefik 文档并使用证书管理器。我喜欢使用 yml 文件工作，但如果有更好的方法，请告诉我，因为我正在从实践中学习。我将发布所有理论上的 yml 文件，希望 serverfault 给我足够的空间来发布它们。

#001-role.yml
        kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: traefik-role
    
    rules:
      - apiGroups:
          - ""
        resources:
          - services
          - secrets
          - nodes
        verbs:
          - get
          - list
          - watch
      - apiGroups:
          - discovery.k8s.io
        resources:
          - endpointslices
        verbs:
          - list
          - watch
      - apiGroups:
          - extensions
          - networking.k8s.io
        resources:
          - ingresses
          - ingressclasses
        verbs:
          - get
          - list
          - watch
      - apiGroups:
          - extensions
          - networking.k8s.io
        resources:
          - ingresses/status
        verbs:
          - update
      - apiGroups:
          - traefik.io
        resources:
          - middlewares
          - middlewaretcps
          - ingressroutes
          - traefikservices
          - ingressroutetcps
          - ingressrouteudps
          - tlsoptions
          - tlsstores
          - serverstransports
          - serverstransporttcps
        verbs:
          - get
          - list
          - watch

#002-account.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-account

#003-role-binding.yml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-role
subjects:
  - kind: ServiceAccount
    name: traefik-account
    namespace: default 

#004-traefik.yml
kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-deployment
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-account
      containers:
        - name: traefik
          image: traefik:v3.2
          args:
            - --api.insecure
            - --providers.kubernetesingress
          ports:
            - name: web
              containerPort: 80
            - name: dashboard
              containerPort: 8080

#005-traefik-service.yml
apiVersion: v1
kind: Service
metadata:
  name: traefik-dashboard-service

spec:
  type: LoadBalancer
  ports:
    - port: 8080
      targetPort: dashboard
  selector:
    app: traefik
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-service

spec:
  type: LoadBalancer
  ports:
    - targetPort: web
      port: 80
  selector:
    app: traefik

#006-program-frontend-deployment.yml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: kompose convert -f compose.yml
    kompose.version: 1.34.0 (HEAD)
  labels:
    io.kompose.service: program-frontend
  name: program-frontend
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: program-frontend
  template:
    metadata:
      annotations:
        kompose.cmd: kompose convert -f compose.yml
        kompose.version: 1.34.0 (HEAD)
      labels:
        io.kompose.service: program-frontend
    spec:
      containers:
        - env:
            - name: API_GATEWAY_BASE_URL
              value: http://edge-thinghy:9000
          image: program-image
          name: program-frontend
          ports:
            -  name: program-frontend
               containerPort: 3000
               protocol: TCP
      imagePullSecrets:
        - name: ghcr-secret
      restartPolicy: Always

#007-program-frontend-service.yml
apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: kompose convert -f compose.yml
    kompose.version: 1.34.0 (HEAD)
  labels:
    io.kompose.service: program-frontend
  name: program-frontend
spec:
  ports:
    - name: program-frontend
      protocol: TCP
      port: 3000
      targetPort: program-frontend
  selector:
    io.kompose.service: program-frontend

#008-edit-program-service.yml
apiVersion: v1
kind: Service
metadata:
  name: program-frontend
spec:
  ports:
    - name: program-frontend
      port: 80
      targetPort: 3000
  selector:
    io.kompose.service: program-frontend

#009-program-ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: program-ingress
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: program-frontend
            port: 
              name: program-frontend

#010-challenge.yml
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
 name: program-challenge
 namespace: default
spec:
 acme:
   email: [email protected]
   server: https://acme-v02.api.letsencrypt.org/directory
   privateKeySecretRef:
     name: program-issuer-account-key
   solvers:
     - http01:
         ingress:
           class: traefik

#011-ingress-rule.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: program-ssl-ingress
 namespace: default
 annotations:
   cert-manager.io/issuer: "program-challenge"
spec:
 tls:
   - hosts:
       - program-demo.example.domain
     secretName: tls-program-ingress-http
 rules:
   - host: program-demo.example.domain
     http:
       paths:
         - path: /
           pathType: Prefix
           backend:
             service:
               name: program-frontend
               port:
                 name: program-frontend

#012-redirect-http-to-https.yml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: program-frontend-redirect
spec:
  redirectScheme:
    scheme: https
    permanent: true

如果我理解正确的话，那么我应该能够访问https://program-demo.example.domain，但我只能访问http://program-demo.example.domain，我是不是误读了文档中的某些内容？我的推理有什么问题吗？提前感谢您的时间。

在集群 kubernetes 环境中，我有 Traefik v3.2.1 和 CertManager 1.16.1 以及我正在测试的程序。当我尝试应用此文件：022-red-ing.yml 时出现此错误：

error: error validating "022-red-ing.yml": error validating data: [apiVersion not set, kind not set]; if you choose to ignore these errors, turn validation off with --validate=false

我想正确定义该文件，但我缺少信息，因为我复制该文件的文档没有说明 apiVersion 和 kind。

该文件目前是这样的：

cat 022-红色-ing.yml

   apiVersion: networking.k8s.io/v1
    kind: Ingress
    spec:
      selector:
        istio: ingressgateway
      servers:
      - hosts:
        - program.example.domain
        port:
          name: https
          number: 443
          protocol: HTTPS
        tls:
          credentialName: tls-program-ingress-http
          mode: SIMPLE
      - hosts:
        - program.example.domain
        port:
          name: program-frontend
          number: 80
          protocol: HTTP
        tls:
          httpsRedirect: true
      - hosts:
        - '*'
        port:
          name: http
          number: 80
          protocol: HTTP

我应该设置什么 apiVersion 和 kind？如果我添加以下代码：

apiVersion: extensions/v1beta1
kind: Ingress

我收到另一个错误。现在当我这样做时：

kubectl 应用-f 022-red-ing.yml

我明白了

error: error when retrieving current configuration of:
Resource: "networking.k8s.io/v1, Resource=ingresses", GroupVersionKind: "networking.k8s.io/v1, Kind=Ingress"
Name: "", Namespace: "default"
from server for: "022-red-ing.yml": resource name may not be empty

我做错了什么。

我正在运行一个 kubernetes 集群，并且有一个在 TestPort（实际上是 3000）上运行的 TestApplication。我设法启动并运行了 Traefik v3.2.1，并使用 http 质询启动并运行了 CertManager 1.16.1 以进行 letsencrypt。我想保护 TestApplication，让人们通过 TraefiK 端口 443 并进入 TestApplication:TestPort。如何为我的应用程序创建适当的 Ingress 资源？到目前为止，我做到了：

 #001-app-deployment.yml
    apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    kompose.cmd: kompose convert -f compose.yml
    kompose.version: 1.34.0 (HEAD)
  labels:
    io.kompose.service: app-frontend
  name: app-frontend
spec:
  replicas: 1
  selector:
    matchLabels:
      io.kompose.service: app-frontend
  template:
    metadata:
      annotations:
        kompose.cmd: kompose convert -f compose.yml
        kompose.version: 1.34.0 (HEAD)
      labels:
        io.kompose.service: app-frontend
    spec:
      containers:
        - env:
            - name: API_GATEWAY_BASE_URL
              value: http://edge-thinghy:9000
          image: my-image-I-test
          name: app-frontend
          ports:
            -  name: app-frontend
               containerPort: 3000
               protocol: TCP
      imagePullSecrets:
        - name: ghcr-secret
      restartPolicy: Always

#010-app-service.yml
        apiVersion: v1
    kind: Service
    metadata:
      name: app-frontend
    
    spec:
      ports:
        - name: app-frontend
          port: 80
          targetPort: 3000
    
      selector:
        app: app-frontend
    
    #011-app-ingress.yml
    
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: app-ingress
    spec:
      rules:
      - http:
          paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: app-frontend
                port: 
                  name: app-frontend
    
    #012-challenge.yml

    apiVersion: cert-manager.io/v1
    kind: Issuer
    metadata:
     name: app-challenge
     namespace: default
    spec:
     acme:
       email: [email protected]
       server: https://acme-v02.api.letsencrypt.org/directory
       privateKeySecretRef:
          name: app-issuer-account-key
       solvers:
         - http01:
             ingress:
               class: traefik
    
    #013-ingress-rule.yml
    
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
     name: app-ssl-ingress
     namespace: default
     annotations:
       cert-manager.io/issuer: "app-challenge"
    spec:
     tls:
       - hosts:
           - app.domain.example
         secretName: tls-app-ingress-http
     rules:
       - host: app.domain.example
         http:
           paths:
             - path: /
               pathType: Prefix
               backend:
                 service:
                   name: app-frontend
                   port:
                     name: app-frontend

由于证书已颁发，我原本希望 Traefik 能够自动工作，但当我转到https://app.domain.example时却超时了。我想我做错了什么。如果我打开 traefik pod 日志，我可以看到：

    ERR Skipping service: no endpoints found ingress=app-ingress namespace=default providerName=kubernetes serviceName=app-frontend servicePort=&ServiceBackendPort{Name:app-frontend,Number:0,}
    ERR Skipping service: no endpoints found ingress=app-ssl-ingress namespace=default providerName=kubernetes serviceName=app-frontend servicePort=&ServiceBackendPort{Name:app-frontend,Number:0,}

尽管我可以访问http://app.domain.example，但不能访问 https，如果我这样做

    kubectl get ingress
NAME               CLASS     HOSTS              ADDRESS   PORTS 
app-ingress       traefik   *                            80     
app-ssl-ingress   traefik   app.domain.example           80, 443

我有一个正在运行的 kubernetes 集群，我想公开一项服务。我有一个在端口 TestPort 3000 上运行的 TestApplication。如何配置 Traefik 以充当入口提供程序？在文档中，我不明白我必须在哪里指定

providers:
  kubernetesIngress: {}

来源：https ://doc.traefik.io/traefik/providers/kubernetes-ingress/

这足以指定它必须充当 kubernetes 入口吗？

    kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-deployment
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-account
      containers:
        - name: traefik
          image: traefik:v3.2
          args:
            - --api.insecure
            - --providers.kubernetesingress
          ports:
            - name: web
              containerPort: 80
            - name: dashboard
              containerPort: 8080

我刚刚开始学习 kubernetes。我在 digital-ocean 上创建了一个帐户并启动了一个 kubernetes 集群。然后我尝试按照这篇文章https://www.digitalocean.com/community/tutorials/how-to-secure-your-site-in-kubernetes-with-cert-manager-traefik-and-let-s-encrypt进行操作。但我对它的工作原理有一些疑问。现在我的情况是这样的：

kubectl get pods,services,deployments
NAME                                   
pod/app-frontend      
pod/app-backend       
pod/cm-acme-http-solver-qh8ms          
pod/company-service    
pod/edge-service      
pod/location-service  
pod/traefik           
pod/traefik-deployment 
pod/user-service      

NAME                                TYPE           EXTERNAL-IP       PORT(S)                   
service/app-frontend                LoadBalancer   app-ext-ip        3000:32459/TCP            
service/app-backend                 ClusterIP      <none>            5432/TCP                  
service/cm-acme-http-solver-fcgpr   NodePort       <none>            8089:30577/TCP            
service/company-service             ClusterIP      <none>            9003/TCP                  
service/edge-service                ClusterIP      <none>            9000/TCP                  
service/kubernetes                  ClusterIP      <none>            443/TCP                   
service/location-service            ClusterIP      <none>            9002/TCP                  
service/traefik                     LoadBalancer   traefik-ext-ip    80:32591/TCP,443:30716/TCP
service/traefik-dashboard-service   LoadBalancer   tr-dash-ext-ip    8080:31431/TCP            
service/traefik-web-service         LoadBalancer   tr-ws-ext-ip      80:31211/TCP              
service/user-service                ClusterIP      <none>            9001/TCP                  

NAME                              
deployment.apps/app-frontend     
deployment.apps/app-backend     
deployment.apps/company-service   
deployment.apps/edge-service      
deployment.apps/location-service  
deployment.apps/traefik           
deployment.apps/traefik-deployment
deployment.apps/user-service  

因此，我让 Traefik 工作，但没有充当代理；应用程序前端工作，但没有在 https 中工作；由 letsencrypt 颁发的证书没有在任何地方使用。例如

kubectl get issuer -o wide
NAME             READY   STATUS 
challenge-http   True    The ACME account was registered with the ACME server
kubectl get certificateRequest -o wide
NAME                          APPROVED   DENIED   READY   ISSUER           REQUESTOR                                         STATUS                                                                                                 AGE
    tls-app-ingress   True                False   challenge-http   system:serviceaccount:cert-manager:cert-manager   Waiting on certificate issuance from order default/tls-app-ingress-http: "pending"
kubectl get certificates
NAME                    READY   SECRET                  AGE
tls-app-ingress-http   False   tls-area-ingress-http   166m

当然，由于我从头开始学习，所以一切都在默认环境中。我该如何告诉 kubernetes 使用 Traefik 作为代理并通过 https 到达应用程序前端？如果你回答我一些文档供我阅读，我不会生气，只要给我指明正确的方向就行了。

我尝试使用 apache tomcat 9.0.97 和 java openjdk-11.0.25+9，一切似乎都很好。在其他人修改了某些东西后，我注意到服务器在启动时进入了无限循环。为了解决这个问题，我删除了所有 war 文件并在 webapp 中添加了文件夹，然后启动了服务器并跟踪 catalina.out。我可以看到这个严重的错误

SEVERE [main] org.apache.catalina.core.StandardServer.await Failed to create server shutdown socket on address [localhost] and port [8005] (base port [8005] and offset [0])
java.net.BindException: Address already in use (Bind failed)
    at java.base/java.net.PlainSocketImpl.socketBind(Native Method)
    at java.base/java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:452)
    at java.base/java.net.ServerSocket.bind(ServerSocket.java:395)
    at java.base/java.net.ServerSocket.<init>(ServerSocket.java:257)
    at org.apache.catalina.core.StandardServer.await(StandardServer.java:537)
    at org.apache.catalina.startup.Catalina.await(Catalina.java:825)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:773)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)

你有解决方案吗？

我想在 Windows Server 2022 中编辑远程桌面的登录行为。

有人告诉我，建立连接后可以要求输入密码。为了获得这一点，我应该在机器内编辑一个 gpo。

让我解释一下，现在在建立连接之前会询问密码，但我想要实现的是在远程计算机上的登录屏幕上询问密码。

我有一个天蓝色的租户，名为domainA.com。

我的朋友有一个名为domainB.com 的天蓝色租户。

是否可以拥有 Microsoft Teams 和 Outlook 全局地址列表，将我的用户和他的用户列为非外部用户？怎么可能实现呢？

我想实现以下结果：从 nagios core 4.4.5 接收使用 ncpa 2.2.0 的多个 Windows 服务器上的磁盘使用信息。现在我做了以下事情。我在nagios core中配置了nrdp。我在 nagios 核心中配置了主机和服务。

    define service {
host_name server_name
service_description Disk Usage
check_command check_ncpa!-t 'secret_token' -P 5693 -M disk -w 80 -c 90 -u Gi
max_check_attempts 5
check_interval 5
retry_interval 1
check_period 24x7
notification_interval 60
notification_period 24x7
contacts nagiosadmin
register 1
}

我在 Windows 服务器上配置了被动检查

[passive checks]
%HOSTNAME%|__HOST__ = system/agent_version
%HOSTNAME%|CPU Usage = cpu/percent --warning 60 --critical 80 --aggregate avg
%HOSTNAME%|Memory Usage = memory/virtual --warning 80 --critical 90 --units Gi
%HOSTNAME%|Process Count = processes --warning 300 --critical 400
%HOSTNAME%|Disk Usage = disk/logical/C:|/used_percent --warning 80 --critical 90 --units Gi

我可以看到主机和不同的服务，例如 ram 使用情况、cpu 使用情况，但看不到磁盘使用情况。我收到一个我不明白的错误

未知：无法在没有检查方法的节点上运行检查。请求的“磁盘”节点。

我刚刚继承了一个带有 windows 2008 和 ManageEngine Network Analyzer 的旧 windows 服务器，在这个网络中我有一个 Hp 交换机。

该交换机是 HP A5500-24G-4SFP HI。

如何从交换机收集 sFlow 并将其发送到 ManageEngine。

我一直在阅读可以在此处找到的手册。

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-a00040098en_us

关于配置 sFlow 数据的章节对我没有帮助。我不明白代理 - 收集器的描述。也许代理应该是交换机上的IP，而收集器应该是管理引擎的IP？

我刚刚在 Windows 2016 服务器中安装了 wsus 角色。据我了解，网络中的所有计算机/服务器都会联系 wsus，并下载他们需要的文件。在不到一天的时间里，wsus 就消耗了 100GB 的所有磁盘空间。在这个网络中有从 2008 到 2016 的 windows 服务器。从第一个到版本 1903 的 windows 10 和从 2010 到 365 的 microsoft office。wsus 是否可能正在下载不必要的更新？wsus 如何决定下载更新？

我需要限制用户在多台机器上的操作。这些机器曾经是瘦客户端，现在是加入域的普通个人计算机。是否可以使用 GPO 或第三方工具强制用户在桌面上仅使用一个指定程序？机器是 windows 10 pro 和域控制器 windows server 2012

我只是单击了 sql server agent -> new schedule -> 将其命名为 thisisjustatest 并安排它在明天凌晨 1 点运行。我想找到那个时间表并将其删除。我在任何地方都找不到它。该平台是 MICROSOFT SQL SERVER MANAGEMENT STUDIO 2008R2。谁能帮我找到并删除它？它有什么作用？

我刚刚读了这篇很棒的帖子：

http://blogs.technet.com/b/josebda/archive/2014/11/05/migrating-file-server-from-windows-server-2003-to-windows-server-2012-r2.aspx

我想知道我是否可以使用 windows server 2003sp2 和使用 DFS 的 windows server 2012R2 虚拟机实现类似的结果。

我以为我可以在旧的 xxx.domain1.yyy 机器上启用 dfs

并在新的 kkk.domain2.zzz 机器上配置它。然后激活 dfs 复制。

有没有人尝试过这个或者是胡说八道？

我想我找到了答案。我可以使用 dfs 将 2003r2（而不是 2003）复制到 2008r2，但不能复制到 2012r2。但是可以使用 DFS 并将旧的 windows server 2008R2 复制到新的 windows server 2012R2。

是否可以拒绝使用 Microsoft Windows Server Update Services 3.0 SP2 免费升级 Windows 10？我想阻止网络中所有可能的免费升级，并且我需要阻止在几台 windows 7 pro 和 windows 8.1 pro 机器上进行升级。可以用 wsus 3.0 sp2 完成吗？你会推荐那个行动方案吗？谢谢你。