2 - Windows Server 2

8/2/2019 2 - Windows Server 2

1/30

Intro to Systems Administration

WINDOWS SERVER 2003


2/30

Table of Content

Creating User Accounts

Creating Group accounts Creating Computer Accounts

Group Policy

Disk Space, Sharing and Permissions Disk Management


3/30

Creating User Accounts

In the Active Directory Users and Computers, one can manage or

change the settings of user accounts.

How to?

1.Click start -> Administrative Tools ->Active Directory Users andComputers.

2. Right click the users container -> New, and click User.

3. Enter Name and Last name, and then enter the User Logon name,

e.g. petruss/ spetrus4. Ensure that your domain is correct then click Next.

5. Enter your password twice to confirm it. (Complex Password)

6. Can choose then if user should change password at next Logon, or

not.


4/30

Group Accounts

Group accounts help to minimize the administrative effort associated with

assigning rights and permissions to users with common needs.

You have two different types in Windows Server 2003

1) Security Groups

q A Security Identifier (SID) that allows groups assigned permissions to

resources as well as rights to perform various tasks defines this group.

2) Distribution Groups

q Are used when sending an e-mail to a group, which then sends it to allmembers of that group.


5/30

Group Accounts : Scope Whether a group is a security group or a

distribution group, it is characterized by a

scope.

The Scope identifies the extent to which thegroup is applied in the domain tree or forest.

Different Scopes

Universal

Global

Domain Local


6/30

Creating Group Objects

1.Click start -> Administrative Tools -> Active Directory Users andComputers.

2. Right click the users container -> New, and click on Group.

3.Enter the New Group Name in the box, select the group scope,local or global, and then choose the Group type, Security or

Distribution, then click OK to create the group.

4.Then double click the group name to view its properties, click the

members tab.Use add button to add users or other groups to the group created,

then click OK to close properties box.


7/30

To create and manage Computer

accounts.Computers are also required to have accounts in Active Directory

1. Click start, select Administrative Tools, and click on Active

Directory Users and Computers.

2. Right-click the computers container and then select New, then

click Computer.

3. Enter the workstation name, and then click Next.

4. In the Managed screen, click Next.5. Then Click Finish and the new computer will appear in

Computers container.

6. Right-Click the new Computer name, and click properties to view

and change the settings of new computer.


8/30

Group Policy

Administrators use Group Policy to define options

for managing configurations of servers, desktops,

and groups of users. Local policy settings can be applied to all

machines, and for those that are part of a domain,

an administrator can use Group Policy to setpolicies that apply across a given site, domain, or

range of organizational units (OUs) in the Active

DirectoryIntroduction to Group Policy in Windows Server 2003 Microsoft Corporation Published: April 2003


9/30

Group Policies

Group policies deal with account lockouts, passwords and Kerberos etc.

Lockout: - Number of times a user can try to login before being locked out.

Passwords: - Enforce password history, defines the number of passwords to

be unique before a user can reuse an old password. (After how many days

should a user change their password.)

Kerberos: - Enforce user logon restrictions using Key Distribution Center

(KDC.

To view group policies:1. Right Click the Domain object in Active Directory Users and Computers,

then click on Properties.

2. Click on the Group Policy tab, and then click on the Edit button to show

account policies.


10/30

Managing file access, disks and

disk Storage

Why have a network?

The Sharing of network resources

Network resources need to be secured

Restrictions and permissions

Administrator can limit certain groups and give completecontrol to others. (Windows Server 2003).


11/30

Shared folders

These are data sources that have been made

available over the network to authorized users.

Centralized network resources through the useof shared folders

There are two ways of creating shared folders:

Creating a shared folder using Windows Explorer Creating a shared folder using Computer Management

Console


12/30

Creating a shared folder using

Windows Explorer1. Open Windows explorer and create a new folder under c:drive,

2. Right click on folder -> Sharing and Security.

3. In the sharing tab, click the share this folder radio button, and

the name of the share in the text box.

4. Then Click OK, and folder should be shared.

5. To verify browse to your network folder and view shared folder.

C ti h d f ld i


13/30

Creating a shared folder using

Computer Management Console

1. Right click on My Computer and click on Manage.

2. Click the + Symbol next to Shared Folders, and click on Shares

3. Right click the Shares folder and click New Share

4. At folder path, type in folder or browse location, then click Next

5. If folder does not exist you will be prompted to create byclicking Yes.

6. At Permissions screen choose permission type for folder then

click finish.


14/30

Implementing Shared Folder

Permissions

1. Under Sharing and Security of folder click on

Permissions.

2. Click on Add to select users, computer or groups to add.

3. Then select permissions Full Control, Read, or Change.

4. Then click Apply and OK.


15/30

Windows Server 2003 supports 3

types of file systemsa) FAT File System:

Used by DOS and is supported by all Windows OS since.

Win Server 2003 supports partitions for FAT up to 4GB of space.

FAT has a partition size limitation, and it has no security features.

b) FAT32 File System: Supports much larger partitions up to 2Terabytes.

Does not have any advanced security features e.g. permissions onfiles and folders resources.

c) NTFS File System:

Introduced in Win NT OS. Supports in practice from 2Terabytes to16Terabytes, but is capable of addressing up to 16 Exabytes.

Comes with better performance, greater scalability, supports forActive Directory, and has the ability to configure security permissions.It has support for remote Storage, and has recovery logging of diskactivities.


16/30

NTFS Permissions

These permissions can only be applied on files andfolders that exist in partitions formatted with NTFS file

system. NTFS permissions are configured through the Security

tab, and its cumulative, that means if a user is member ofdifferent groups, his permissions are all permissions put

together. It can be set at file or folder level, and child folders and

files inherit permissions unless otherwise specified.

I l i NTFS P i i


17/30

Implementing NTFS Permissions

1. Under the Sharing and Security of Folder, select the Security tab

2. Click the Add button to add user, computer and groups.

3. Then select permission for different users, either Full Control, Modify, Read &Execute, Read, Write etc.

4. Click the advanced button, to specify inheritable properties.

5. To remove any Groups or Users, click on Remove.

6. Then Click Apply and the OK.

For special permissions, click advanced button and modify Permissions for users

and groups. When Shared folder and NTFS permissions are combined: -

Over a network the most restrictive permission of the two becomes the effectivepermission.

When a file is accessed locally, only NTFS permissions apply.


18/30

Disk Management :Windows 2003 Server supports two data storage types

Basic Disks Uses traditional Disk management Techniques and contains primary and

extended partitions and logical drives, any can be configured with FAT,

FAT32 and NTFS.

Each partition acts as a separate storage on the disk. If more then one primary partition is configured, only one can be marked as

the active partition.

Dynamic Disks

Does not use partitions, but volumes instead, because they provide additionalfeatures and capabilities.

Provides a new flexibility, as there are basically no restrictions to the number

of volumes that can be implemented on the disk.

Not restricted to the size initially configured.


19/30

Basic DisksPrimary Partitions: -

There are at least one configured on a drive

Usually contain the operating system start-up files at the beginning of thepartition.

The active primary partition is where the computer looks for the hardware

specific files to start the OS.

Extended Partitions: -

Created from space that is not yet partitioned, meaning space that is leftafter primary partition has been created.

Can only be one extended partition on a standard basic Disk. It is not formatted or does not have a drive letter assigned.

Once created, it can be further divided into logical drives each getting theirdrive letter. The disk is described as logicalbecause it does not actuallyexist as a single physical entity in its own right


20/30

Dynamic Disks Volume Types

Simple volume: - Is dedicated and formatted portion of disk space, which can beextended by adding, unallocated space to the volume later.

Note!! Only if formatted with NTFS, can it be extended.

Spanned volume: - Consist of space of combining from 2 to 32 Dynamic Disks and treatall as single volume, thus reducing the number of drive letters.

Any new disks added then the spanned volume can be extended to include it.

Note!! If one disk fails, the entire volume is inaccessible.

Striped Volume: - Extends the life of the hard disk drive by spreading data equally over

two or more drives, thus one drive does not work more then the other.Also increases performance, because read and writing to disks is faster as it would havebeen with only one drive, thus it is useful when storing large databases and datareplication from one volume to another.

Note!! Data can be lost if one or more disks in striped volume fail.


21/30

Managing partitions and volumes

Managing your Disk properties using Disk Management Tool.

1. Right-Click My Computer and click Manage.

2. Expand Storage, and click Disk Management.3. To check your drive properties, right click the drive and click properties.

4. Here you have different options like, Tools, Hardware, Sharing, ShadowCopies, Quota and Security to configure your drive.

5. In the lower right pane, right Click Disk 0 and click Properties, showing theproperties page for the disk drive.

6. The Policies tab is used to configure write caching and safe removalsettings.

7. The Volumes tab lists all partitions configured on the Disk

8. The Driver tab allows you to view details about currently installed driver.

Creating and Deleting a Primary


22/30

Creating and Deleting a Primary

Partition.

1. In Disk Management, right click Disk 0, and click NewPartition.

2. Click Next, at New Partition Wizard.

3. Then select the Primary Partition radio button and clickNext.

4. Specify the size of the partition in MB, and click Next.

5. Then assign the drive letter and click Next.

6. Then check Perform a Quick format and click Next and theFinish.

7. To Delete Partition, right Click the Volume and select DeletePartition.


23/30

Creating an extended Partition

1. In Disk Management, right click Disk 0, and click New Partition.


3. Then select the Extended Partition radio button and click Next.

4. Specify the size of the partition in MB, and click Next and then

Finish


24/30

Creating a logical Drive

1. In Disk Management, right click Disk 0, and click NewLogical Drive.


3. Then select the Create new logical drive option and clickNext.

4. Then specify the size in MB, and click Next.

5. Select the drive letter and click Next.

6. Then select Format this partition with the following settings,type in the Volume label, and click Next and then Finish.


25/30

Converting a Basic Disk to a

Dynamic Disk.

1. Right-Click My Computer and click Manage.

2. Expand Storage, and click Disk Management.

3. Right Click Disk 0 and click Convert to Dynamic Disk

4. Then click OK, and click on Convert.5. If Disk Management Dialog appears the click Yes.

6. Then Click Yes to confirm that the file systems on disk will bedismounted

7. Then computer will be rebooted when done.

Note !! To go back to basic disk, all volumes will have to be deleted, soback-up your dynamic disk, and restore from backups later.


26/30

Disk Management:

Fault Tolerant disk Strategies

Allows setup of the system to recover from hardware and softwarefailure.

Windows 2003 Server allows this fault tolerance through software

RAID (Redundant Array of Independent Disks):- which is a set ofstandards for lengthening disk life, preventing data loss andenabling relatively uninterrupted access to data.

RAID is setup depending on level of fault tolerance. Your Server willinclude either 2-3 harddrives with RAID controllers.

The Harddrives are controlled through these controllers dependingon how it has been setup, whether it be for backup, or for speed.

Lets look at the different levels of RAID setup.


27/30

RAID Levels

1) RAID level 0: - Striping (Striped Volumes) with no otherredundancy features, it is just for extending disk life and improveperformance.

2) RAID level 1: - Used for simple mirroring, providing a means ofduplicating the operating systems files in the event of disk failure.It places the backup on a different controller that is used by maindisk. This RAID is much slower as all data has to be written twice.

3) RAID level 2: - Uses an array of disks whereby the data isstriped across all disks in the array, and it contains error-correcting information on each to reconstruct data from a faileddisk.


28/30

Raid levels

4) RAID level 3: - Same as level 2, but stores the error correcting infoonly on one drive, so if that drive fails cannot reconstruct the data.

5) RAID level 4: - Same as level 2, but can perform checksum

verification, which is the sum of bits on a file. So when disk fails and datais reconstructed, the reconstructed file size is compared the checksumsize, and if the two dont match then files might be corrupted.

6) RAID level 5: - Includes striping, error correction and checksum

verification, and all are spread across all of the disks. However this RAIDuses more memory then others. Recovery for this RAID provides sameguarantee as with disk mirroring (level 1), and has much faster readaccess then Level 1.


29/30

Disk Maintenance and

Management UtilitiesThere are a variety of Utilities apart from the Disk Management Tool, which youaccess by opening the properties of a drive.

To name a few:

Check Disk: Allows for scanning of disk for bad sectors and file system errors.

CONVERT: Command line utilities for converting file systems from FAT FAT32or volumes to the NTFS file system.

DISK Cleanup: For removing of temporary internet files, downloaded programs,files in Recycle bin, windows temporary files and installed programs no longerused.

Disk Defragmenter: - locates fragmented folders and files and move them to a

location on the physical disk in a contiguous order.


30/30

References

MCSE (Exam 70-294) Planning, Implementing, and Maintaining a Microsoft

Windows Server 2003 Active Directory Infrastructure 2nd Edition, Published by

Microsoft Press 2006. Jill Spealman, Kurt Hudson, and Melissa Craft with

Anthony Steven of Content Master, ISBN: 0-7356-2286-8

Windows Server 2003 Weekend Crash Course Published by Wiley Publishing2003. Don Jones, ISBN: 0-7645-4925-1

Active Directory Cookbook Published By OReilly 2003. Robbie Allen, ISBN: 0-

596-00464-8

Documents

2 - Windows Server 2