2 - Windows Server 2

Embed Size (px)

Citation preview

  • 8/2/2019 2 - Windows Server 2

    1/30

    Intro to Systems Administration

    WINDOWS SERVER 2003

  • 8/2/2019 2 - Windows Server 2

    2/30

    Table of Content

    Creating User Accounts

    Creating Group accounts Creating Computer Accounts

    Group Policy

    Disk Space, Sharing and Permissions Disk Management

  • 8/2/2019 2 - Windows Server 2

    3/30

    Creating User Accounts

    In the Active Directory Users and Computers, one can manage or

    change the settings of user accounts.

    How to?

    1.Click start -> Administrative Tools ->Active Directory Users andComputers.

    2. Right click the users container -> New, and click User.

    3. Enter Name and Last name, and then enter the User Logon name,

    e.g. petruss/ spetrus4. Ensure that your domain is correct then click Next.

    5. Enter your password twice to confirm it. (Complex Password)

    6. Can choose then if user should change password at next Logon, or

    not.

  • 8/2/2019 2 - Windows Server 2

    4/30

    Group Accounts

    Group accounts help to minimize the administrative effort associated with

    assigning rights and permissions to users with common needs.

    You have two different types in Windows Server 2003

    1) Security Groups

    q A Security Identifier (SID) that allows groups assigned permissions to

    resources as well as rights to perform various tasks defines this group.

    2) Distribution Groups

    q Are used when sending an e-mail to a group, which then sends it to allmembers of that group.

  • 8/2/2019 2 - Windows Server 2

    5/30

    Group Accounts : Scope Whether a group is a security group or a

    distribution group, it is characterized by a

    scope.

    The Scope identifies the extent to which thegroup is applied in the domain tree or forest.

    Different Scopes

    Universal

    Global

    Domain Local

  • 8/2/2019 2 - Windows Server 2

    6/30

    Creating Group Objects

    1.Click start -> Administrative Tools -> Active Directory Users andComputers.

    2. Right click the users container -> New, and click on Group.

    3.Enter the New Group Name in the box, select the group scope,local or global, and then choose the Group type, Security or

    Distribution, then click OK to create the group.

    4.Then double click the group name to view its properties, click the

    members tab.Use add button to add users or other groups to the group created,

    then click OK to close properties box.

  • 8/2/2019 2 - Windows Server 2

    7/30

    To create and manage Computer

    accounts.Computers are also required to have accounts in Active Directory

    1. Click start, select Administrative Tools, and click on Active

    Directory Users and Computers.

    2. Right-click the computers container and then select New, then

    click Computer.

    3. Enter the workstation name, and then click Next.

    4. In the Managed screen, click Next.5. Then Click Finish and the new computer will appear in

    Computers container.

    6. Right-Click the new Computer name, and click properties to view

    and change the settings of new computer.

  • 8/2/2019 2 - Windows Server 2

    8/30

    Group Policy

    Administrators use Group Policy to define options

    for managing configurations of servers, desktops,

    and groups of users. Local policy settings can be applied to all

    machines, and for those that are part of a domain,

    an administrator can use Group Policy to setpolicies that apply across a given site, domain, or

    range of organizational units (OUs) in the Active

    DirectoryIntroduction to Group Policy in Windows Server 2003 Microsoft Corporation Published: April 2003

  • 8/2/2019 2 - Windows Server 2

    9/30

    Group Policies

    Group policies deal with account lockouts, passwords and Kerberos etc.

    Lockout: - Number of times a user can try to login before being locked out.

    Passwords: - Enforce password history, defines the number of passwords to

    be unique before a user can reuse an old password. (After how many days

    should a user change their password.)

    Kerberos: - Enforce user logon restrictions using Key Distribution Center

    (KDC.

    To view group policies:1. Right Click the Domain object in Active Directory Users and Computers,

    then click on Properties.

    2. Click on the Group Policy tab, and then click on the Edit button to show

    account policies.

  • 8/2/2019 2 - Windows Server 2

    10/30

    Managing file access, disks and

    disk Storage

    Why have a network?

    The Sharing of network resources

    Network resources need to be secured

    Restrictions and permissions

    Administrator can limit certain groups and give completecontrol to others. (Windows Server 2003).

  • 8/2/2019 2 - Windows Server 2

    11/30

    Shared folders

    These are data sources that have been made

    available over the network to authorized users.

    Centralized network resources through the useof shared folders

    There are two ways of creating shared folders:

    Creating a shared folder using Windows Explorer Creating a shared folder using Computer Management

    Console

  • 8/2/2019 2 - Windows Server 2

    12/30

    Creating a shared folder using

    Windows Explorer1. Open Windows explorer and create a new folder under c:drive,

    2. Right click on folder -> Sharing and Security.

    3. In the sharing tab, click the share this folder radio button, and

    the name of the share in the text box.

    4. Then Click OK, and folder should be shared.

    5. To verify browse to your network folder and view shared folder.

    C ti h d f ld i

  • 8/2/2019 2 - Windows Server 2

    13/30

    Creating a shared folder using

    Computer Management Console

    1. Right click on My Computer and click on Manage.

    2. Click the + Symbol next to Shared Folders, and click on Shares

    3. Right click the Shares folder and click New Share

    4. At folder path, type in folder or browse location, then click Next

    5. If folder does not exist you will be prompted to create byclicking Yes.

    6. At Permissions screen choose permission type for folder then

    click finish.

  • 8/2/2019 2 - Windows Server 2

    14/30

    Implementing Shared Folder

    Permissions

    1. Under Sharing and Security of folder click on

    Permissions.

    2. Click on Add to select users, computer or groups to add.

    3. Then select permissions Full Control, Read, or Change.

    4. Then click Apply and OK.

  • 8/2/2019 2 - Windows Server 2

    15/30

    Windows Server 2003 supports 3

    types of file systemsa) FAT File System:

    Used by DOS and is supported by all Windows OS since.

    Win Server 2003 supports partitions for FAT up to 4GB of space.

    FAT has a partition size limitation, and it has no security features.

    b) FAT32 File System: Supports much larger partitions up to 2Terabytes.

    Does not have any advanced security features e.g. permissions onfiles and folders resources.

    c) NTFS File System:

    Introduced in Win NT OS. Supports in practice from 2Terabytes to16Terabytes, but is capable of addressing up to 16 Exabytes.

    Comes with better performance, greater scalability, supports forActive Directory, and has the ability to configure security permissions.It has support for remote Storage, and has recovery logging of diskactivities.

  • 8/2/2019 2 - Windows Server 2

    16/30

    NTFS Permissions

    These permissions can only be applied on files andfolders that exist in partitions formatted with NTFS file

    system. NTFS permissions are configured through the Security

    tab, and its cumulative, that means if a user is member ofdifferent groups, his permissions are all permissions put

    together. It can be set at file or folder level, and child folders and

    files inherit permissions unless otherwise specified.

    I l i NTFS P i i

  • 8/2/2019 2 - Windows Server 2

    17/30

    Implementing NTFS Permissions

    1. Under the Sharing and Security of Folder, select the Security tab

    2. Click the Add button to add user, computer and groups.

    3. Then select permission for different users, either Full Control, Modify, Read &Execute, Read, Write etc.

    4. Click the advanced button, to specify inheritable properties.

    5. To remove any Groups or Users, click on Remove.

    6. Then Click Apply and the OK.

    For special permissions, click advanced button and modify Permissions for users

    and groups. When Shared folder and NTFS permissions are combined: -

    Over a network the most restrictive permission of the two becomes the effectivepermission.

    When a file is accessed locally, only NTFS permissions apply.

  • 8/2/2019 2 - Windows Server 2

    18/30

    Disk Management :Windows 2003 Server supports two data storage types

    Basic Disks Uses traditional Disk management Techniques and contains primary and

    extended partitions and logical drives, any can be configured with FAT,

    FAT32 and NTFS.

    Each partition acts as a separate storage on the disk. If more then one primary partition is configured, only one can be marked as

    the active partition.

    Dynamic Disks

    Does not use partitions, but volumes instead, because they provide additionalfeatures and capabilities.

    Provides a new flexibility, as there are basically no restrictions to the number

    of volumes that can be implemented on the disk.

    Not restricted to the size initially configured.

  • 8/2/2019 2 - Windows Server 2

    19/30

    Basic DisksPrimary Partitions: -

    There are at least one configured on a drive

    Usually contain the operating system start-up files at the beginning of thepartition.

    The active primary partition is where the computer looks for the hardware

    specific files to start the OS.

    Extended Partitions: -

    Created from space that is not yet partitioned, meaning space that is leftafter primary partition has been created.

    Can only be one extended partition on a standard basic Disk. It is not formatted or does not have a drive letter assigned.

    Once created, it can be further divided into logical drives each getting theirdrive letter. The disk is described as logicalbecause it does not actuallyexist as a single physical entity in its own right

  • 8/2/2019 2 - Windows Server 2

    20/30

    Dynamic Disks Volume Types

    Simple volume: - Is dedicated and formatted portion of disk space, which can beextended by adding, unallocated space to the volume later.

    Note!! Only if formatted with NTFS, can it be extended.

    Spanned volume: - Consist of space of combining from 2 to 32 Dynamic Disks and treatall as single volume, thus reducing the number of drive letters.

    Any new disks added then the spanned volume can be extended to include it.

    Note!! If one disk fails, the entire volume is inaccessible.

    Striped Volume: - Extends the life of the hard disk drive by spreading data equally over

    two or more drives, thus one drive does not work more then the other.Also increases performance, because read and writing to disks is faster as it would havebeen with only one drive, thus it is useful when storing large databases and datareplication from one volume to another.

    Note!! Data can be lost if one or more disks in striped volume fail.

  • 8/2/2019 2 - Windows Server 2

    21/30

    Managing partitions and volumes

    Managing your Disk properties using Disk Management Tool.

    1. Right-Click My Computer and click Manage.

    2. Expand Storage, and click Disk Management.3. To check your drive properties, right click the drive and click properties.

    4. Here you have different options like, Tools, Hardware, Sharing, ShadowCopies, Quota and Security to configure your drive.

    5. In the lower right pane, right Click Disk 0 and click Properties, showing theproperties page for the disk drive.

    6. The Policies tab is used to configure write caching and safe removalsettings.

    7. The Volumes tab lists all partitions configured on the Disk

    8. The Driver tab allows you to view details about currently installed driver.

    Creating and Deleting a Primary

  • 8/2/2019 2 - Windows Server 2

    22/30

    Creating and Deleting a Primary

    Partition.

    1. In Disk Management, right click Disk 0, and click NewPartition.

    2. Click Next, at New Partition Wizard.

    3. Then select the Primary Partition radio button and clickNext.

    4. Specify the size of the partition in MB, and click Next.

    5. Then assign the drive letter and click Next.

    6. Then check Perform a Quick format and click Next and theFinish.

    7. To Delete Partition, right Click the Volume and select DeletePartition.

  • 8/2/2019 2 - Windows Server 2

    23/30

    Creating an extended Partition

    1. In Disk Management, right click Disk 0, and click New Partition.

    2. Click Next, at New Partition Wizard.

    3. Then select the Extended Partition radio button and click Next.

    4. Specify the size of the partition in MB, and click Next and then

    Finish

  • 8/2/2019 2 - Windows Server 2

    24/30

    Creating a logical Drive

    1. In Disk Management, right click Disk 0, and click NewLogical Drive.

    2. Click Next, at New Partition Wizard.

    3. Then select the Create new logical drive option and clickNext.

    4. Then specify the size in MB, and click Next.

    5. Select the drive letter and click Next.

    6. Then select Format this partition with the following settings,type in the Volume label, and click Next and then Finish.

  • 8/2/2019 2 - Windows Server 2

    25/30

    Converting a Basic Disk to a

    Dynamic Disk.

    1. Right-Click My Computer and click Manage.

    2. Expand Storage, and click Disk Management.

    3. Right Click Disk 0 and click Convert to Dynamic Disk

    4. Then click OK, and click on Convert.5. If Disk Management Dialog appears the click Yes.

    6. Then Click Yes to confirm that the file systems on disk will bedismounted

    7. Then computer will be rebooted when done.

    Note !! To go back to basic disk, all volumes will have to be deleted, soback-up your dynamic disk, and restore from backups later.

  • 8/2/2019 2 - Windows Server 2

    26/30

    Disk Management:

    Fault Tolerant disk Strategies

    Allows setup of the system to recover from hardware and softwarefailure.

    Windows 2003 Server allows this fault tolerance through software

    RAID (Redundant Array of Independent Disks):- which is a set ofstandards for lengthening disk life, preventing data loss andenabling relatively uninterrupted access to data.

    RAID is setup depending on level of fault tolerance. Your Server willinclude either 2-3 harddrives with RAID controllers.

    The Harddrives are controlled through these controllers dependingon how it has been setup, whether it be for backup, or for speed.

    Lets look at the different levels of RAID setup.

  • 8/2/2019 2 - Windows Server 2

    27/30

    RAID Levels

    1) RAID level 0: - Striping (Striped Volumes) with no otherredundancy features, it is just for extending disk life and improveperformance.

    2) RAID level 1: - Used for simple mirroring, providing a means ofduplicating the operating systems files in the event of disk failure.It places the backup on a different controller that is used by maindisk. This RAID is much slower as all data has to be written twice.

    3) RAID level 2: - Uses an array of disks whereby the data isstriped across all disks in the array, and it contains error-correcting information on each to reconstruct data from a faileddisk.

  • 8/2/2019 2 - Windows Server 2

    28/30

    Raid levels

    4) RAID level 3: - Same as level 2, but stores the error correcting infoonly on one drive, so if that drive fails cannot reconstruct the data.

    5) RAID level 4: - Same as level 2, but can perform checksum

    verification, which is the sum of bits on a file. So when disk fails and datais reconstructed, the reconstructed file size is compared the checksumsize, and if the two dont match then files might be corrupted.

    6) RAID level 5: - Includes striping, error correction and checksum

    verification, and all are spread across all of the disks. However this RAIDuses more memory then others. Recovery for this RAID provides sameguarantee as with disk mirroring (level 1), and has much faster readaccess then Level 1.

  • 8/2/2019 2 - Windows Server 2

    29/30

    Disk Maintenance and

    Management UtilitiesThere are a variety of Utilities apart from the Disk Management Tool, which youaccess by opening the properties of a drive.

    To name a few:

    Check Disk: Allows for scanning of disk for bad sectors and file system errors.

    CONVERT: Command line utilities for converting file systems from FAT FAT32or volumes to the NTFS file system.

    DISK Cleanup: For removing of temporary internet files, downloaded programs,files in Recycle bin, windows temporary files and installed programs no longerused.

    Disk Defragmenter: - locates fragmented folders and files and move them to a

    location on the physical disk in a contiguous order.

  • 8/2/2019 2 - Windows Server 2

    30/30

    References

    MCSE (Exam 70-294) Planning, Implementing, and Maintaining a Microsoft

    Windows Server 2003 Active Directory Infrastructure 2nd Edition, Published by

    Microsoft Press 2006. Jill Spealman, Kurt Hudson, and Melissa Craft with

    Anthony Steven of Content Master, ISBN: 0-7356-2286-8

    Windows Server 2003 Weekend Crash Course Published by Wiley Publishing2003. Don Jones, ISBN: 0-7645-4925-1

    Active Directory Cookbook Published By OReilly 2003. Robbie Allen, ISBN: 0-

    596-00464-8