Embed Size (px)
DESCRIPTION
MCSE Notes
Citation preview
MCSE
DAY 1
NETWORK
NETWORK: A Network is an Interconnection of Devices
NETWORKING: It is the communication between the interconnected devices basically to share the network resources.
Types of Networks
LAN WAN MAN
Classification is done based upon the network it spans.
LAN: It spans a limited geographical area. And it provides a maximum bandwidth of 100 Mbps. In LAN we have full time connectivity.
WAN: Wide area network. It spans over larger geographical area, either you can go for full time or part time connectivity. It provides maximum of 2 Mbps.
MAN: This kind of network will work on DQDB (Distributed Queue Dual Bus). It provides a Bandwidth of 55-150 Mbps. And it cannot span more than 30 Miles.
NETWORK DEVICES:
1. HUB2. SWITCH3. ROUTER4. NIC
HUB: A Hub is a device into which you can connect all devices on a home network so that they can communicate to each other.
SWITCH: A Switch is also a device into which you can connect all the devices on a home network. So that they can communicate each other
ROUTER: It is a device which allows communication between two different networks.
Nic: It forms a Interface between the networked device (Computer) and the LAN.
- 1 -
LOGICAL TOPOLOGIES
WORKGROUP MODEL or PEER TO PEER) DOMAIN or CLIENT SERVER MODEL
Workgroup Model: It is a logical grouping of systems where you cannot find centralized database or centralized administration.
DOMAIN: It is a Logical grouping of systems where you can find centralized management and centralized database.
HISTORY OF MICROSOFT NETWORK OPERATING SYSTEMS:
WIN NT 3.1 1993WIN NT 3.5 1994WIN NT 4.0 1997WIN NT 5.0 OR WIN 2000 WIN 2003 SERVER OR .NET SERVER
- 2 -
DAY 2
ACTIVE DIRECTORY
Active Directory is a Directory service which contains information of all user accounts and shared resources on a network.
Active Directory is a Centralized Hierarchical Directory.
What is Active Directory?
Directory service Functionality
Organize
Manage RESOURCES
Control
Centralized Management
Single Point Management
PURPOSE OF ACTIVE DIRECTORY
1. Provides User Logon & Authentication, for authentication KERBEROS Version 5 Protocol is responsible. Authentication is nothing but proving your identity or validation.
2. To organize or Manage User AccountsComputersGroups & Network Resources
3. Enables Authorized users to easily locate network resources. Authorization is checking permissions & privileges.
FEATURES OF ACTIVE DIRECTORY FOR WIN 2000 & 2003
1. Fully Integrated Security2. Easy Administration using Group Policy3. Scalable to any size network4. Flexible
- 3 -
NEW FEATURES IN WIN 2003
1. Rename Computer name and Domain Name.2. Cross Forest trust relationship.3. Site to Site Replication is faster.4. Active Directory Application mode (ADAM)
INSTALLING ACTIVE DIRECTORY
Requirements:
1. For Active Directory it needs Windows 2000 & 2003 Server Operating System.
2. Static IP3. 250 MB of space and should be formatted with NTFS4. LAN should be active.
Installation:
1. Start2. Run3. dcpromo4. Welcome > Next5. Next6. Domain Controller > Next7. Domain in a New Forest > Next8. DNS Name ( With extension like .com or .net)
Active Directory is integrated with DNS. (DNS Server can be separate server)DNS follows with extension.
9. Domain Net Bios Name Net Bios name is used for backward compatibility like win98 or win NT or win95. And Net Bios uses Flat Names.
10.Storing the Database FileDatabase File is saved in NTDS folder.
NTDS: New Technology Directory Service In NTDS Directory NTDS.DIT file is saved. DIT= Directory Information Tree.
This NTDS Directory can be saved in any secondary drive but the drive should be formatted with NTFS.
11.System volumeIt is one of the default share folder responsible for replication between DC to ADC or ADC to DC.
12. Install DNS & Configure
- 4 -
13.Permissions First Option (Enables you to work with old Win OS like Win 98, 95, NT)Second Option (Enables you to work with Win 2000 or Win 2003)
14.Directory Service Restore Mode Admin Password.(Leave it Blank)
15.SummaryIt shows all information of Active Directory Service.
16.Next > It Installs Active Directory Service in to the Computer.
ACTIVE DIRECTORY FOLLOWS NAMING CONVENTION AS FOLLOWS:
1. NET BIOS: These are flat names which will not follow extensions. (For Example: Prakash)
2. DNS NAME SPACE: Active Directory follows DNS name space with which you can find names with Extensions ( For Example: .com, Prakash.net or prakash.edu)
TO IDENTIFY DOMAIN CONTROLLER OR TO CONFIRM ACTIVE DIRECTORY SERVICES IN COMMAND PROMPT
1. NET ACCOUNTS2. GETTYPE
NET ACCOUNTS: If we type this command in Command Prompt it shows PRIMARY if Active Directory Service is installed.
If Active Directory Service is not installed it shows SERVER.
GETTYPE: If we type this command in Command Prompt it shows DOMAIN CONTROLLER if Active Directory Service is installed.
If Active Directory Service is not installed it shows as SERVER.
AFTER INSTALLING ACTIVE DIRECTORY SERVICE IN SERVER OPERATING SYSTEM YOU WILL FIND 5 NEW CONSOLES
1. Active Directory Users & Computers2. Active Directory Domains & Trust3. Active Directory Sites & Services4. Domain Controller Security Policy5. Domain Security Policy.
- 5 -
WHAT IS DC & ADC ?
DC = Domain ControllerADC= Additional Domain Controller DC: The system which is running Server Operating System and Active Directory services is called Domain Controller.
It is one of the physical components.
Without a domain controller a Domain cannot exist
ADC: It is used as backup server. The main purpose of configuring ADC is for fault tolerance.
IP Settings for DC & ADC
Domain Controller System
Static IP: 10.0.0.1DNS: 10.0.0.1
Additional Domain Controller
Static IP: 10.0.0.2DNS: 10.0.0.1
What is Domain?
Domain represent as a triangle in 2000 & 2003Domain is a Logical Entity. A domain is secure logical administrative boundary.
FOR MAKING ADDITIONAL DOMAIN CONTROLLER
1. Start2. Run 3. dcpromo4. Welcome > Next5. Next6. Additional Domain Controller > Next7. Type Administrator Password of the Server System.
- 6 -
DIFFERENCE BETWEEN NT & 2003
WINDOWS NT WINDOWS 2000 & 2003Protocol Used for Authentication Protocol Used for AuthenticationNTLM KERBEROS VERSION 5It uses NetBIOS It uses DNS & Net BiosIt uses Primary Domain Controller & Backup Domain Controller
It uses Domain Controller & Additional Domain Controller
It Supports 40,000 of users It supports 1 Billion of users The database where it stores in winnt is sam Security accounts manager
It uses Directory named NTDS = New Technology Directory services.
Domain Represents as circle Domain Represents as Triangle
FLEXIBILITY
In Windows NT Primary Domain Controller is configured while installing Operating System. And if we want to remove Primary Domain Controller we have to format the whole operating system.
In Win 2000 & 2003We have a flexibility of installing or Uninstalling Active Directory services on the server operating system.
- 7 -
DAY 3
HOW DIRECTORY SERVICES ARE EVOLVED
DAP: Directory Access Protocol is based on OSI Layers.
LDAP: Light weight Directory Access Protocol is based on TCP/IP Layers.
DAP was introduced in BANYAN VINES
It named the Database as STREET TALK
LDAP: Is introduced by NOVELL
It named the Database as NDS (Network Directory Services)
LOGICAL STRUCTURE OF ACTIVE DIRECTORY
DOMAINS TREES FOREST
DOMAINS
Active Directory is made up of one or more domains. Creating the initial domain controller in a network also creates the domain.
You cannot have a domain without at least one domain controller. Each domain in the directory is identified by a DNS domain name. You use the Active Directory Domains and Trusts tools to manage
domains.
CONFIGURING A CHILD DOMAIN CONTROLLER
Check the IP Address & preferred DNS pointing to Domain Controller.
1. Run2. DCPROMO3. Next4. Next5. Domain Controller for a New domain > Next6. Child Domain in an existing domain > Next7. Administrator, Password & Domain (DC Credentials)8. Parent Domain : Microsoft.com
Child Domain : mcse9. NET BIOS: MCSE
- 8 -
10.Database folder (You can save this folder in any drive where NTFS formatting is done)
11.SYSVOL 12.Summary It shows and confirms the settings.
To confirm child domain in command prompt use the command NET ACCOUNTS. Even Child Domain Controller will display as PRIMARY.
The other way to confirm is go to Administrator Tools then click on Active Directory Domain & Trusts. And then expand the parent domain.
TREE
In Win 2003 operating system, A Tree is a set of one or more domains with contiguous names.
If more than one domain exists, you can combine the multiple domains into hierarchical tree structures.
The first domain created is the root domain and tree are child domains. A domain immediately above another domain in the same domain tree is
its parent.Example:
First Domain is Called as FOREST ROOT.
- 9 -
Microsoft.com
Child.Microsoft.com
grandchild.Microsoft.com
NEW TREE IN EXISTING FOREST
FOREST:
Multiple Domain trees within a single forest do not form a contiguous name space; that is they have noncontiguous DNS Domain names.
Although Trees in a forest do not share a name space a forest does have a single root domain called the forest root domain.
The forest root domain is by definition the first domain created in the forest.
The two forest – Wide Predefined Groups – Enterprise Administrators and Schema administrators – reside in the same domain.
Example:FOREST
Forest / Tree Root TREE
CISCO.COM MCSE.COM
CHILD.CISCO.COM
IP SETTINGS FOR DOMAIN CONTROLLER, ADDITIONAL DOMAIN CONTROLLER, CHILD DOMAIN CONTROLLER & NEW TREE IN EXISTING FOREST.
DC ADC CDC NTEFIP: 10.0.0.1 IP: 10.0.0.2 IP: 10.0.0.3 IP: 10.0.0.4DNS: 10.0.0.1 DNS: 10.0.0.1 DNS: 10.0.0.1 DNS: 10.0.0.1
SETTINGS FOR NEW TREE IN EXISTING FOREST
- 10 -
1. Run2. DCPROMO3. Next4. Domain Controller for New forest > Next5. Domain tree in Existing Forest > Next6. Admin Credentials7. DNS Name8. Rest same as before.
- 11 -
DAY 4
FSMO ROLES OR FIZZ-MOE
FSMO = Flexible Single Master Operations
They are 5 FSMO Roles. The exact difference between Domain Controller and Additional Domain Controller is these 5 FSMO Roles.
In Windows NT Domain model Replication will always take place from PDC to BDC. Because of which it is called Single Master Replication.
In Windows 2000 or 2003 Server Domain model Replication will take place from Domain Controller to Additional Domain Controller. Here it is known as Multi Master Replication.
ROLES OF ACTIVE DIRECTORY
Global Catalog Server
OPERATION MASTERS FOREST WIDE ROLES
Domain Naming MasterSchema Master
RID MasterPDC Emulator DOMAIN WIDE ROLESInfrastructure Master
DOMAIN NAMING MASTER: It is of the important role which will check the unique of the domains, with the help of Domain Naming Master you can create remove or rename the domains. It checks for the DNS conflicts, in the entire forest Domain Naming Master is present on first domain controller or root domain.
Domain Naming Master is common in the entire forest since it is known as Forest Wide Role.
SCHEMA MASTER: Schema is the design or Architecture of Active Directory it forms a template for Active Directory objects with the help of schema we can create and manipulate different objects. Schema is further divided into 2 classifications.
Classes = Objects or Users Attributes= Properties of Objects or Information on Objects
- 12 -
Schema is common for the entire forest, since it is known as Forest Wide Role.
RID MASTER:
First before knowing about RID Master we have to know about SID.
SID is a collection of RID & DID
SID = Security IdentifierRID = Relative IdentifierDID= Domain Identifier
SID
RID DID
If the Objects are created in the same domain DID will be same.
Each and every object is assigned by one SID and security principle objects are (Users, Groups & Computers) is also assigned by one SID.
SID is a collection of DID & RID. RID will check the uniqueness of the objects. DID will give the information about domains and is common for all the domains (Ex: 500).
RID is common for its individual domain. Since it is called Domain Wide Role.
To know SID for Administrator in command prompt is as follows:
WHOAMI /USER
Username SID
Zoom/ad min 5-1-5-21-2754622866-353471261-2485894766-500
DID RID
PDC EMULATOR
It is responsible for password updations in 2003 (Native mode). In mixed mode PDC Emulator will act as a PDC for BDC. In the entire forest PDC is present on to all the domains since it is called domain wide role.
- 13 -
INFRA STRUCTURE MASTER:
It is responsible to maintain Group membership information as well as time synchronization. Infrastructure master will notify groups that “These are the modifications taking place in sub domains” We can find infrastructure master in each and every domain since it is called as Domain Wide Role.
TRANSFERRING ROLES
Transferring roles is done only when Domain Controller is in Fault Tolerance or for Maintenance purpose.
Transferring of roles can only be done with Domain Controller to Additional Domain Controller.
Transferring can be done in two modes one is in Command Mode and other one in GUI Mode.
Preferably GUI Mode is much reliable.
Transferring through Command Prompt
1. NTDSUTIL2. ROLES3. CONNECTIONS4. CONNECT TO SERVER5. Q = QUIT6. ? = HELP7. TRANSFER DOMAIN NAMING MASTER8. TRANSFER SCHEMA MASTER9. TRANSFER RID MASTER10.TRANSFER PDC11.TRANSFER INFRASTRUCTURE MASTER12.Q13.Q14.NET ACCOUNTS (To check whether it is changed from Primary to
Backup)
Transferring the roles through GUI Mode
In this we have to change with three procedures, first we have to Transfer Domain Naming Master. Then we have to change RID, PDC & Infrastructure. And the last one is Transferring Schema Master.
- 14 -
Transferring Domain Naming Master:
1. Programs2. Administrator Tools3. Active Directory Domains & Trust4. Active Directory Domains & Trust (Right Click)5. Connect to DC6. Select the sys2 (The ADC where you want to transfer the DC)7. Check Domain Controller8. Active Directory Domains & Trust (Right Click)9. Select Operations Master10.Click on Change11.Ok
To Transfer RID, PDC & Infrastructure
1. Administrative Tools2. Active Directory User and Computers3. Right click on the Domain (Like zoom.com)4. Select Connect to Domain Controller5. From the list select sys2 (The ADC where you want to transfer the DC)
even check current Domain Controller.6. Right click on Domain Controller (Like zoom.com)7. Operation Master 8. Continue Change for all the roles
To Transfer Schema Master
1. REGSVR32 SCHMMGMT.DLL (First Register the File with the command this command in Start > Run)
2. Start3. Run4. MMC (Microsoft Management Console)5. File Menu6. Add / Remove Snap in 7. Add8. (Select) Active Directory Schema9. Add10.Close11.ok12.(Select) & Right Click on Active Directory Schema13.Change Domain Controller 14.Check Specify name15.Assign the server name as sys2 (The Name of the computer you want to
change ADC to DC) 16.ok
- 15 -
17.Right Click on Active Directory Schema18.Operation Master19.Change20. To confirm use NET ACCOUNTS Command in command prompt whether
it changed from Primary to Backup.
GLOBAL CATALOG SERVER
It is not a Role it is a Service and you can’t transfer Global Catalog Server.
Global Catalog Server it maintains the complete information about it domain and partial information about other domains, which exist in the forest. It is also known as Master Searchable Index. By default we can find Global Catalog Server in domain controller or root domain. It is called as Forest Wide Role.
To Check Global Catalog Server
1. Open Active Directory Sites & Services2. Expand Sites3. Default – First – Site – Name4. Server5. Sys16. Right Click on NTDS Settings7. Properties
- 16 -
Day 5
FUNCTIONAL LEVELS
Forest and Domain Functional Levels Functional level determines
- Supported domain controller operating system.- Active Directory features available.
Domain Functional levels can be raised independently of one another. Raising forest functional level is performed by Enterprise Administrator
- Requires all domains to be a windows 2000 native or windows server 2003 functional levels.
Functional Levels are classified into two levels
Domain Functional Level Forest Functional Level
Domain Functional Levels:a) Windows 2000 Mixed Modeb) Windows 2000 Native Modec) Windows 2003 Interim Moded) Windows 2003 Mode
a) Windows 2000 Mixed Mode:
Windows
2003
2000 NT
- 17 -
b) Window 2000 Native Mode
Windows
2003
2000 2000
c) Window 2003 Interim Mode
Windows
2003
2003 NT
d) Windows 2003 Mode
Windows
2003
2003 2003
- 18 -
Forest Function Levels
Forest Function Level Domain Controller SupportedWindows 2000 (Default) Win NT 4.0, 2000, 2003 ServerWindows Server 2003 Interim Win NT 4.0, 2003 ServerWindows Server 2003 Server Family Win Server 2003 Family
Function Levels are important when you are planning to upgrade the operating system or for establishing trust relationship.
To check Functional levels
1. Active Directory Domains & Trusts2. Right Click on the domain name (Ex: zoom.com)3. Click on the Function level or Forest Function Level
TRUST RELATIONSHIP
CISCO.COM (Trusting)
CHILD.CISCO.COM (Trusted)
Secure Communication paths that allow security principals in one domain to be authenticated and accepted in other domains.
Some trusts are automatically created.- Parent Child domains trust each other.- Tree root domains trust forest root domains.
- 19 -
Other trusts are manually created Forest – Forest transitive trust relationship can be created in windows
2003 forest only.
Transitive Trust: In Transitive trust relationship Domain A trust Domain B, In the same way Domain B trust Domain C and in the same way Domain C trust Domain A. This is called Transitive Trust.
A
B C
Non Transitive Trust: Domain A trust Domain B, In the same way Domain B trusts Domain C but Domain C will not trust Domain A. It is known as Non Transitive Trust Relationship.
A
B C
One Way Incoming: Example
A1 Incoming A2 A3 DatabaseServer A4
Zoom.com Yahoo.com
- 20 -
Types of Trust:
Default: Two ways transitive trust Kerberos trusts (Intra-Forest)
Shortcut: One or two way transitive Kerberos trusts (Intra-Forest)- Reduce Authentication requests.
Forest: One or two way transitive Kerberos trust- Windows Server 2003 Forest – Windows 2000 does not support
forest trusts.- Only between Forest Roots- Creates transitive domain relationship
External: One way Non-Transitive NTLM trusts.- Used to connect to/from Windows NT or External 2000 domains- Manually Created
REALM: One or two way non-transitive Kerberos trusts connect to/from UNIX MIT Kerberos Realms.
Configuring Cross Forest Trust Relationship
IP Setting in 2 different domains
Satyam.com SBI.com
Root Domain Controller Root Domain Controller
IP: 10.0.0.1 IP: 10.0.0.2 PDNS: 10.0.0.1 PDNS: 10.0.0.2 SDNS: 10.0.0.2 SDNS: 10.0.0.1
1. In two different domains Assign alternate DNS as above given example.
2. To Raise the function levels domains as well as forest open the console
3. Active Directory Domain & Trusts.
4. Right Click on the Domain ( for Example: select the domain SBI.com and raise domain functional level from the list as Window Server 2003)
- 21 -
5. To raise forest functional level right click on Active Directory Domains & trust Raise forest function Level
6. Select windows Server 2003 and raise it.
7. Follow the same in other domain even to raise the functional levels.
8. To establish a trust between two different forest for example in SBI.com open the console Active Directory Domains & Trusts
9. Right Click on the domain SBI.com
10.Select next tab trust
11.And Click on new trust
12.Assign the DNS name of other domain for example satyam.com
13.Check Forest trust
14.Select 2 way
15.Check “Both this domain and specified Domain” > Next
16.Assign the credentials as admin & Password > Next
17.Check “Forest wide Authentication”
18.Check “Forest wide Authentication”
19.Next
20.Next
21.Next
22.Yes > Next
23.Yes > Next
24.Finish.
We have to give permissions from the server side also to logon.
1. To give permissions for users/ admin/ Groups2. Admin Tools
- 22 -
3. Domain Controller security policy4. Double Click Local Policies5. User Right Assignment6. Allow Logon Locally7. Add user or group8. Browse9. Locations10.Select the Other Domain11.OK12.Specify Administrator and Click on check names13.OK14.OK15.OK16.(To Update default policies) Start > Run > GPUPDATE
External Trust
It is non-transitive it is used to communicate with Windows Server 2003 to Lower Versions like Win NT, Win 2000 server. It is also used to communicate between only two roots in the forest,
REALM
It is used to communicate between windows 2003 server to Non Windows Operating system.
- 23 -
DAY 6
PHYSICAL COMPONENTS
Logical Components of Window 2003 Server is Forest & Trees.
Physical Components:
Domain Controllers Sites
Domain Controller is a system which is loaded with Active Directory Services in Windows 2000 or Windows 2003 server operating system.
- Stores Replicas of Active Directory Database.- Associated with given site.
Sites are areas of good connectivity it is one of the Physical component of the Active Directory Services.
Sites are associated with subnet mask. Subnet Mask is a Sub Division of IP Network.
A Site can span multiple domains. A domain can span multiple sites.
Example for Sites:
INDIA USA
Servers Servers
DC WAN LINK DC
Clients Clients
REPLICATION TOPOLOGY
They are classified into 2 sites
1. Intra Site Replication2. Inter Site Replication
- 24 -
Intra Site Replication: The replication which is taking place within a single site between DC to ADC is called Intra Site Replication.
For Replication KCC (Knowledge Consistency Checker) service is responsible.
Inter Site Replication: The Replication which is taking place between 2 different sites is called Inter Site Replication.
BRIDGE HEAD SERVER: The server is responsible for gathering the information from one Domain Controller. So that it can replicate to another Domain Controller (ADC)
By Default DC & ADC serves will get updated in default first site name. In site by default one site link also configured.
Configuring Sites:
1. To create sites open the console.2. Active Directory sites & services.3. Expand Sites4. Right Click on site folder5. New Site6. Mention the name of the site7. And Select Default site link8. ok9. To Add the servers expand the newly created sight default first sight name
Expand servers.10.Right click on the server11.Select and move from the list select new site12.OK13.Create one more site by following the same steps
TO CONFIGURE SITE LINKS
1. Expand Inter site transport2. Right Click on IP3. Select New site link4. Specify the name of the site link5. Add them in the list 6. Ok
- 25 -
TO SET THE REPLICATION SCHEDULE
1. Select IP Folder2. Double click newly created site link3. Click on change schedule4. set the schedule
ACTIVE DIRECTORY PARTITIONS
NTDS
NTDS.DIT
SCHEMA CONFIGURATION DOMAIN APPLICATION
Active Directory Service Database is stored in NTDS.DIT. This database further logically divided into four partitions.
1. Schema Partition2. Configuration Partition3. Domain Partition4. Application Partition
1. Schema Partition: Schema is a design or architecture of Active Directory, where it is built on. It provides set of rules to create or manipulate different objects only schema administrators can modify the schema. You can modify schema partition only when you are planning to upgrading or installing active directory applications.
Schema is also known as forest wide replication.
2. Configuration Partition: It is one of the logical partition which maintains the information about structure of the forest. It contains information like Domain Controller, Sites, Sites Links and Trust relationship.
Configuration partition is the road map of Active Directory because of which users are easily able to locate network objects. It is also called forest wide replication.
- 26 -
3. Domain Partition: Will maintain the information about domains specific objects. It is a domain wide replication
4. Application Partition: It is configurable partition either it can be forest wide replication or Domain wide replication. It maintains the information about the DNS.
- 27 -
DAY -7
USERS & PERMISSIONS
Client Operating Systems: Win 95, Win 98, Win2000 Professional, Win XP
Server Operating Systems: Windows 2000 & 2003 Server
MEMBER SERVER: Member server is a server which can host services like DNS, DHCP, IIS, etc. The system which is running server operating system and it is a part of the domain.
Member server is also configured for even load balancing.
TO CONFIGURE MEMBER SERVER
1. Check the preferred DNS2. Right Click on MY COMPUTER3. Select Properties4. Select Tab COMPUTER NAME 5. Click on CHANGE6. Check the option MEMBER OF DOMAIN7. And Specify the domain name8. OK9. Assign the Credentials10.To confirm either member of clients in Domain Controller open
Administrator console USER & COMPUTERS11.Expand Domain & Select Computers12.To confirm Member Server in Command prompt use the command
GETTYPE
In Member Server login as Domain Administrator to perform Administrative Task or to Access Active Directory Consoles.
The Below given shortcuts are to access Active Directory Services from Domain Controller:
1. To open Active Directory Users & Computers => DSA.MSC2. DOMAINS & TRUST => DOMAIN.MSC3. SITES & SERVICES => DSSITE.MSC
To know more about shortcuts of consoles type *.msc in search
- 28 -
LOCAL USERS:
You can create local users in work group or Member servers.
Local users can login locally onto there respected systems. They cannot login from the domain.
PROCEDURE TO CREATE LOCAL USER IN MEMBER SERVER
1. Right Click on My Computer2. Select Manage3. Expand Local Users & Groups4. Right Click on USER FOLDER5. NEW USER6. Specify the User Name and Password7. By providing user name password in LOGON TO SELECT THIS
COMPUTER
CREATING A DOMAIN USER
You can create Domain Users in Domain Controller, Additional Domain Controller & Member Server
1. In Domain Controller open the console Active Directory Users & Computers
2. Expand the Domain3. Check USERS FOLDERS4. NEW USER5. Specify the User Name and Logon name6. Give Password7. Next > Finish
Domain users can login any where from the network.
Login as domain user (Member Server) users doesn’t have some of the privileges as given below:
1. They cannot change IP address2. Cannot share the folder3. Cannot Create one more new user4. They cannot shutdown computer.
- 29 -
TO ALLOW LOGON PERMISSIONS FOR DOMAIN USERS
1. Domain Controller Security Policy2. Local Policies3. User Right Assignments4. Allow Logon Locally5. Add User6. Browse7. Specify the User Name Click on check names8. ok > ok > ok9. To update Default policies Go to > Start > Run
Type “GPUPDATE”
Login as a Domain user from Domain Controller
PASSWORD POLICY
1. Domain Security Policy2. Account Policies3. Password Policies4. Start > Run > GPUPDATE
TO RESTORE DEFAULT SETTING FOR THE ACCOUNT POLICIES
DCGPOFIX in Command Prompt.
TO CONVERT THE FILE SYSTEM FROM FAT TO NTFS
CONVERT D: /FS: NTFS
- 30 -
DAY8
PERMISSIONS
PERMISSIONS: Privileges to access and Manipulate resource objects such as Folders, Files and Printers.
For Example: Privilege to read file, Delete a file or create a file.
Types of permissions:
1. Security Level Permissions: - Only implemented on NTFS Partition- Applies to Local NTFS Drives only- NTFS Permissions can be set on drives, files and folders.
2. Share Level Permissions:- Can be implemented on NTFS and FAT partitions.- Applies to share folders only and can be accessed from the
network.- Share permissions can be set only on Drives & Folders
File System provides hierarchical structure to store files or directories, where operating system can identify and retrieve the files back. There are two types of file systems FAT & NTFS
FAT: File Allocation Table onto this files systems you can apply only share level permissions. It doesn’t support security level permissions.
NTFS: New Technology File SystemWhere it provides extra functionalities comparing to FAT file system on to NTFS you can apply both levels of permissions sharing and security.
ACCESS CONTROL LIST
DACL
ACCESS CONTROL ENTRY
- 31 -
DACL = DISCREATIONARY ACCESS CONTROL LIST
SACL = SYSTEM ACCESS CONTROL LIST
You can apply different levels of permissions for the Network objects. The windows where you can give different permissions for different domain users is access control list. It will determine which object has a permission and at what level they can access the object.
In the Access Control List individual entry is known as Access Control Entry (ACE). Further ACL is classified into 2 types
1. DACL 2. SACL
1. DACL: Discretionary Access Control list it determines different levels of permissions for an individual object or network object.
2. SACL: System Access Control List. Here you can apply audit policies as well as system policies.
PROCEDURE TO GIVE SECURITY LEVEL PERMISSIONS:
1. Create Domain Users For Example: a1, a2 & a3
2. Open MY COMPUTER
3. In one of the Drive create a folder with new files.
TO GIVE DIFFERENT LEVEL PERMISSIONS
4. Right Click on the Folder which is created
5. Click on Sharing & Security
6. Select tab SECURITY
7. Before applying the permissions remove inheritance which is propagating from existing drives.
8. To Remove Inheritance from the Security Tab
9. Select Advance
10.Allow inheritable permissions
- 32 -
11.For Administrator set full control
12.And add individual users set different levels of permissions.
13.To Check security level permissions login as a USER
14.Open the Drive Letter and access the folder.
MODIFY:
Permission will allow the user to create, delete, rename and modify the files and folders but in Modify user cannot change the permissions or add the new users in Access Control list where as in full permissions to edit the object as well as change the existing permissions.
PROCEDURE TO TAKE OWNERSHIP:
The Access control List if Administrator doesn’t have the permission or in the Access Control List if the Administrator has been deleted then you need to take ownership.
1. Right click on respected folder2. Properties3. Select Security Tab4. Advanced5. Select owner6. Select Admin7. Check and Replace owner on Sub containers and objects8. Once you take the ownership only administrator will be the owner of the
object.
SHARE LEVEL PERMISSIONS:
Share level permissions will apply over the network
1. In one of the drive create a folder with new files in it.2. To share the folder Right click on the folder3. Sharing & Security 4. Select the Tab Security5. Check Share this folder6. Click on permissions7. Either add the user or give the permissions for everyone full control8. To check share level permissions
- 33 -
9. For Ex: Sys2 Login as Domain User10.To Access the share folder open MY NETWORK PLACES 11.Windows Network12.Double Click the domain13.Open Sys1 and access the share folder14.Security level permission will apply locally
Security level permission will apply locally.
Share level permissions will apply across the network.
- 34 -
DAY -9
PROFILES
-Profiles is a User-State Environment.
-Profile is a Unique identity where user can perform all his task operations.
Profile is a collection of Desktop Icons, Background, Start Menu, Task Bar, Etc.
DEFAULT USER:
It is one of the important folder which is responsible for providing new profiles. It is even called as template.
NTUSER.DAT:
You can change the work environment by changing the position of Task Bar, Desktop icons as well as screen savers.
These modifications will store in NTUSER.DAT. It contains collection of settings and configurations where you can manipulate for user profile.
DIFFERENT TYPES OF PROFILES:
1. Local Profile2. Roaming Profile3. Mandatory Profile
1. Local Profile: Local profiles will not travel along with the user, and it is going to be stored in the Local machines. A local user profile is created to a computer, Any changes made to local user profile are specific to the computer on which we have made the changes.
TO CONFIRM LOCAL PROFILE:
1. In Domain Controller2. Create a Domain User3. In Member Server login as a domain user and change the profile4. To confirm the type of profile5. Right Click on My Computer6. Properties7. Select Tab Advanced8. Click on user profile settings
- 35 -
2. Roaming Profile: (//sys1/user/a1) is called as Universal Naming Convention (UNC)
A Roaming user profile is created by an Administrator and it is stored on the server. Roaming profile will travel along with the users.
Configure roaming profile to make the work environment common for the particular user.
Changes made to the roaming profile will be saved on the server.
Configuring a Roaming Profile:
1. In Domain Controller or Sys12. Create a folder3. And apply share level permissions4. Create a Domain user5. To convert from local to roaming assign the network path which is
called UNC path (Universal Naming Convention)6. To Assign the path7. Right Click on the user8. Properties 9. Select the tab profile10.Assign the path of the share folder
//sys3/sharedfolder/username11. In sys2 login as a Domain user change the work environment and
create new documents on to it.12.Log off to save the changes13.And from sys1 login as a same user and check the profile
To set the profile for more than one user with in a single folder\\sys1\roam\%username%
3. MANDATORY PROFILE:In Mandatory Profile user object cannot change the work environment. Convert from Roaming to Mandatory to Standard Desktop or Fixed Environment.
1. Open Share folder2. Open users folder3. If your not able to access users folder take the ownership.4. To take the owner ship Right Click on the user5. Sharing & Security6. Security Tab7. Advanced8. Owner9. Administrator
- 36 -
10.Check ( REPLACE OWNER ON SUBCONTAINERS & OBJECTS)11.Open user profile12.Change NTUSER.DAT to NTUSER.MAN13.To Apply the permissions to the parent folder (Shared Folder)14.Right click on Properties15.Select Security16.Advanced17.Check REPLACE PERMISSIONS18.To confirm Mandatory profile Login as a user and change the
profile.
HOME FOLDER:
Home folder is a centralized location of the user personal files.
Home directories and My Documents make it easier for an Administrator to Backup user files and Manage User Accounts, By collecting the information from one central location.
TO CONFIGURE HOME FOLDER:
1. Create a Share Folder2. Open Active Directory Users & Computers3. Right Click on One user4. Properties5. Select the tab “Profile”6. In Home Folder check “Connect”7. Assign the Drive letter and specify UNC Path8. Login as a Domain user from sys2.9. Open My Computer as well as home directory10.Create few new files in it 11. In sys1 to check the home directory for a user12. Open the shared folder as well as user’s folder.
- 37 -
DAY 10
DFS
DFS= Distributed File System or File Storage Architecture
Distributed file system (DFS) allows Administrators to make it easier for users to access and manage files that are physically distributed across the network.
With DFS you can make files distributed across multiple servers. It may appear for user that files actually reside in one place (Computer) on the network.
DFS ROOT
DIRECTORY1 System1
DIRECTORY 2 System2
DIRECTORY3 System3
You can find DFS service in Workgroup Systems, Domain Controller and Member server.
Shortcut to Open DFS Console: DFSGUI.MSC
DFS ROOT:
DFS Root is the beginning of a hierarchy of DFS links that points to shared folders.
DFS Link:
A Link from a DFS Root to one or more shared files or folders.
- 38 -
PROCEDURE TO CONFIGURE DFS ROOT
1. Create a Shared folder (For Example: DFS ROOT)2. And one more share folder “Sales”3. While Creating the shared folder even check the type of file system4. To Create DFS ROOT from administrator tools open DFS5. Right Click on DFS6. New Root7. Next8. Check Domain Root9. Next10.Specify the server name “BROWSE”11.Select the Server name from the list.12.Next13.Specify the root name has DFS Root14.Next15.Finish
To create a link or a pointer
1. Right click on existing root2. Select New Link3. Specify the link name as SALES4. Assign the Network Path5. Browse6. Entire Network7. Windows Network8. Expand the domain as well as server9. And select the shared folder SALES10.OK > OK
After configuring DFS Root to access the Root in system2. In Start Run specify the Root name as given below example
Ex: 0
It will display the number of links or shared folders
ROOT TARGET:
The mapping destinations of DFS Root or Links which corresponds to a physical folder that has been shared.
- 39 -
Procedure to Create Target:
For Example: In System2 create a shared folder by the name Root Target.
In sys1 open DFS where Root is already configured.
1. Right click on the existing root2. Select New Root Target3. Browse from the list select SYS24. Next5. Select The Shared Folder by clicking on Browse6. Expand the Drive and select the share folder7. ok8. To confirm the Backup Server9. In Sys2 open DFS expand the root10.This Backup server will maintain the information about existing root as well
as links.
LINK TARGET:
To Create a Link Target
For Example:
1. In sys2 create a shared folder by the sales target2. To configure link target3. In sys1 Right click on existing link4. New target5. Browse6. Assign the New Path of sys2 (Where sales target is created)7. ok8. YesTo Configure Replication9. Next 10.Select Sys1 in the list11.Select the Topology as Ring12.Next13.Finish
To Configure the Replication between DFS1 & 2
1. Restart 2 Services from Admin tools2. Open Services Console3. Restart DFS & File Replication Services.
- 40 -
DAY11
GROUP POLICIES-1
Group Policy:
Group Policy is a collection of settings which can be applied on computers and users.
With Group policy Administrator can centrally manage the Computer and users.
Ease Administration using Group Policy.
In Window NT there is no concept of Group Policy. In Win NT system policies are used, which are not much powerful comparing to Group policies. Windows NT does not support Group Policies.
The Window which is used to apply or edit the policy is POLEDIT.
Group policies are associated with levels:
1. Site Level2. Domain Level3. Organizational Unit Level (OU Level)
1. Site Level: Apply the policy on site level which is going to be common for multiple Domains in a single forest.
2. Domain Level: Apply the policy on Domain Level which is common Domain Controllers and Client systems.
3. OU Level: Apply the policy on OU Level which will be common for users and computer objects.
OU is a smallest Administrative Unit, It is also referred as sub-tree or sub container. It is one of the logical component of Active Directory.
It contains different objects which is maintained in a domain. OU can contain Groups of Users or Groups of Computers.
PROCEDURE TO APPLY THE POLICY ON OU LEVEL
To Restrict Internet Explorer Icon from the Desktop
1. Open the Admin Console2. Active Directory Users & Computers
- 41 -
3. To Create a OURight Click on the DomainFor Example: Zoom.com
4. Select New > Organizational Unit5. Specify the Name > Ok6. In OU create some Domain Users7. To Apply the policy Right click on OU > Properties > Select Group Policy8. Create a New Policy and Label it9. Click EDIT10. In User configuration expand Administrative templates11. Select Desktop from the list applies any policy by making the option
enable.
Restricting the Applications:1. Open the Admin Console2. Active Directory Users & Computers3. To Create a OU
Right Click on the DomainFor Example: Zoom.com
4. Select New > Organizational Unit5. Specify the Name > Ok6. In OU create some Domain Users7. Create a New Policy or edit the existing policy.8. Click on EDIT9. Expand> ADMINISTRATIVE TEMPLATES10.Select > System11.Double click the policy > Do Not run specified windows application.12.Check > Enable13.Click on > Show14.Add15.Specify > IEXPLORER.EXE16.Ok>Ok>Ok17.Login as a user from client of Member server and access internet
Explorer.
“GPMC Service Pack”= To make Group Policies to default settings.
TO ALLOW THE POLICY FOR ONE OF THE USER FROM THE GROUP POLICY WINDOW
1. Select the Policy 2. Properties3. Security4. Add user5. Check Names > Add The User6. And Apply Group Policy (DENY)
- 42 -
7. To Confirm login as a user and check the application or policy.
RESTRICTING DRIVES
1. Open the Admin Console2. Active Directory Users & Computers3. To Create a OU
Right Click on the DomainFor Example: Zoom.com
4. Select New > Organizational Unit5. Specify the Name > Ok6. In OU create some Domain Users7. Open Group Policy Window8. Create a New policy and label it9. Click on Edit10.Expand > Admin Templates11.Windows Component12.Windows Explorer13.Open the Policies > Hide these specified Drives from MY COMPUTER14.Check > The List15.Select one of the Drive16.OK17.Check the result by logging as user.
DELEGATE CONTROL
Delegate Control (Giving Partial permissions from the Administrator)
With the help of Delegate control. Admin can give partial permissions for Domain users to perform Administrative Task with out specifying Admin Credentials.
PROCEDURE TO CREATE DELGATE CONTROL:
1. Right Click on OU2. Select > Delegate Control3. Add the User4. Next5. Check the option >Create Delete & Manage user Accounts6. Next > Next > Finish7. To Confirm Delegate Control 8. Login as a user9. Open Active Directory Users and Computers10.Right Click on OU & Create a user
- 43 -
DOMAIN POLICIES:
To apply the policy on Domain Level:
1. Right Click on the Domain2. Properties3. Select Tab > Group Policy4. Create a New Policy5. Edit6. Expand Admin Templates7. Select > Start Menu and Task Bar8. Double Click on the policy and make the option enable9. Login as a user or an Admin to check domain level policy is activated.
SITE LEVEL:To apply the policy in Site Level:
1. Open the console Active Directory Sites & Services2. Right Click on > Default First Site Name3. Properties4. Select Group Policy Tab and Apply any Policy.
BLOCK POLICY INHERTANCE:
This Policy is to prevent or to block the policies which are applied on to the Domain level to the OU level.
Configuring BLOCK POLICY INHERITANCE to block the policies from Domain to OU level or from site to Domain level.
1. Right Click on OU2. Properties3. Select > Group Policy4. Check > Block Policy Inheritance.
NO OVERRIDE:
Use No Override to apply the policy of Site Level or Domain Level forcefully. Comparing to Block Policy Inheritance No Override has the highest priority.
1. Apply one policy on OU Level as well as Domain Level
2. On OU Level check Block Policy Inheritance, In the Domain Level check the option No Override from Group Policy window.
- 44 -
RESTRICTING ACCESS TO DRIVES FOR DOMAIN USERS
1. Apply the policy on OU Level 2. Create a New Policy and label it3. Click on Edit4. Expand Administrative Templates5. Windows Components6. Windows Explorer7. Double Click the Policy “PREVENT ACCESS TO DRIVES FROM MY
COMPUTER”8. Apply the Policy9. Login as a user10.And try to Access the Drive.
- 45 -
DAY 12
GROUP POLICY -2
Software Deployment Folder Redirection Scripts
Software Deployment: You can use Software Deployment to make the software available for few groups of users, rather then installing normally on to individual system use group policy 2 even you can restrict the users to user a particular application.
Group policies will not support EXE Files in order to convert from .EXE to >MSI the third party tool is used which is “WININSTALLLE”. It is not a Microsoft product it is produced by Veritas.
To convert from EXE to MSI in win installle follow these steps:
Before Snap Shot Installing Application After Snapshot
Before Snap Shot: The only difference between Before Snap Shot and After Snap Shot is newly installed application.
In this procedure it converts from EXE to MSI (Microsoft Software Installer)
The file size of Win installLe is 12466KB
1. Install Winstallle from the Application folder2. Next > Next3. Specify Read Information4. Next 5. Next > Finish6. Share Name (Leave it blank)7. Next > Finish
To Perform Before Snap Shot
Create a Share Folder and apply full control sharing
1. After Installing the tool2. Open WININSTALLLE from Programs Menu3. Right Click on Window Installer Packages4. Select Run Discover
- 46 -
5. Next6. Specify the Application with UNC Path7. Click on Browse8. My Network Places9. Entire Network10.Open the Share Folder from the system where you want to save11.Specify the application name as “ Acrobat.MSI”12.Open > Next > Next13.Add all the drives14.Next > Next > Next15.Finish
1. Confirm the file which is created is converted from EXE to MXI2. Open the shared folder and check the file3. Install the application from application folder4. Double click on Acrobat.exe and install it5. You can install the application from the Application folder or from the
Application programs which is continuing Before Snap Shot.
To Perform After Snapshot
1. Open the same window WININSTALLLE2. Right Click on Windows Installer Packages3. Select Run Discover4. Next5. Check After Snap Shot6. Next > Finish7. Open the share folder and check the file formats which is converted from
EXE to MSI .
To Apply policy and deploy the software create OU as well as new users.
1. Right Click on Properties2. Select Group Policy3. Create a New Policy and Label it4. Click on edit5. In User Configuration 6. Expand Software settings7. Right Click on Software Installation.8. Select New Package9. And Apply Network path10.Open My Network Places11.Entire Network12.Windows Network13.Open the Domain
- 47 -
14.Server15.Double Click the Share folder16.Select the application17.Acrobat.msi18.Give > Open19.And Check Assigned20.OK21.Login as a user22.And check the policy
Importance of Deployment Method
Published: Select Publish to Advertise the software in Control Panel. The User has to install the application normally from control panel.
Assigned: This option will Advertise the software in Start Menu Desktop and in control panel. User can open the application directly.
Advanced: Choose advanced to perform modifications or updating in existing software.
FOLDER REDIRECTION
You can use folder redirection to redirect the user profile to the main server. With folder redirection Administrator can update the information of the user profile.
1. Create a shared folder2. Open Active Directory Users & Computers3. In the Group Policy Window create a New Policy4. Edit5. Expand Window Settings6. Folder Redirection 7. Select Desktop8. In the list select Basic Redirect to everyone folder in the same location.9. In the next block select redirect to following path10.Click on Browse11.Give UNC Path12.Open the shared folder13.ok 14. In the path specify %Username%15.In Member server login as a user16.Onto the Desktop create New directories for files and logoff.17. In Sys1 which is domain controller open the shared folder take the owner
ship to access the user folder.
- 48 -
BACKUP & RECOVERY
Backup is a utility or tool which will protect the data from accidental loss. Either it can be systems Hardware problem or storage media with the help of Backup we can create a duplicate copy of the same data and retrieve it back. You can take a Backup of User Data and System State Data.
User Data: User generated files or folders are called User Data.
System State Data: System Generated Data like Operating System files, Boot files, Registry files as well as Active Directory database.
ARCHIVE BIT: It is one of the file Attribute which determine the status of the files or folders with the help of this property you can confirm whether backup is created or not. In 2000 and 2003 NTBACKUP Tool is used. In Win NT you can take backup only in Tape Drives.
USER DATA: In User Data is once again classified into five different types of backups:
1. Normal2. Incremental3. Differential4. Copy5. Daily
Normal: In Normal Backup you can take the backup of all files. It will not check for Archive Bit, Normal Backup is Irrespective or Irrelevant of Archive Bit. After taking the Backup it will uncheck Archive status or Bit.
Practical:
1. Create a folder as well as new files in it.2. To take the backup in Start > Run (Specify) > “NTBACKUP”3. Next4. Check “Back Up Files and Settings”5. Next6. Let me chose what to backup7. Next8. Select the Drive and check the folder9. Next10.Browse11.Change the drive and save the backup12.Next > Finish
- 49 -
After taking the Backup open the folder and check Archive Bit.
Incremental: This type of Backup will check for Archive status and it will take the Backup of only those files where ever it is finding Archive Bit on. Even in Incremental. After taking backup Archive Bit will be unchecked. Prefer Incremental Backup in the existing folder if files are modified or added newly.
Practical:
1. Open the same existing folder2. Modify the files3. And Add New Files4. To take the Backup5. Start > Run > NTBACKUP6. Next > Check Backup Files7. Next > Let me chose to backup8. Next > Expand My Computer and Drive9. Check the folder10.Next11.Save the type of Backup by choosing Browse12.Next13.Click on Advanced14.From the List Select Incremental15.Next 16.Check the option “Verify Data After Backup”17.Next18.Check “Append”19.Next20.Select “NOW” > Next & Finish
DIFFERENTIAL:
The basic difference between Incremental and Differential is after Backup. Differential Backup will check for Archive Bit, Once after taking the backup Archive Bit will be checked.
RESTORING
Practical
1. Open the Original Folder2. Remove all the files3. To restore either select the drive > Open backup or continue with
NTBACKUP
- 50 -
4. Next5. Check > Restore Files6. Next > From the list Select the Backup Type7. Expand8. And Check the drive letter9. Next > Finish
COPY & DAILY BACKUPS:
These two different backups will not check for Archive Status, either before taking the backup or after. You can use copy backup to maintain the same copy of data. Daily Backup is used to maintain the information up to date.
SYSTEM STATE DATA:
USN: Update Sequence Number
Each and every object is assigned by one USN value this value will gradually increase when the object is modified or while changing password.
To Check USN Value:
1. Open Active Directory Users & Computers2. Select View Menu3. Check Advanced Features4. Right Click on the existing user5. Properties6. Select the tab object.
If objects are removed or deleted from the database, for these deleted objects one ID is assigned which is nothing but Ghost ID. It will be a period of sixty days even this duration is known as Tomb Stone Period.
Practical to take System State Backup:
1. Create a Organizational Unit and New Users2. To take System State Backup3. Start > Run > NTBACKUP4. Click on Advanced Mode5. Backup Wizard6. Next7. Check “ONLY BACKUP SYSTEM STATE DATA”8. Save the Location9. Next and finish
- 51 -
TO RESTORE SYSTEM STATE BACKUP
After taking System State Backup from OU remove few users.
1. Restart the system2. Press F83. From the list select DIRECTORY SERVICE RESTORE MODE4. And Login as a Administrator
Note: You cannot Restore System State Backup in Active Mode (Normal Mode). Restoring is possible only in DSRM Mode.
5. Start > Run > NTBACKUP6. Next7. Check Restore Files8. Next > Expand System State Backup9. And Check “System State”10.Next > Next > Finish
After Restoring Continue with “No” which is similar to Authoritative Restore. In Authoritative restore you can restore Active Directory objects back. In Non-Authoritative restore you cannot retrieve Active Directory Objects.
AUTHORITATIVE RESTORE
1. Command Prompt2. NTDSUTIL3. Authoritative Restore4. Restore Database
TO RESTORE INDIVIDUAL OBJECT:
1. NTDSUTIL2. Authoritative Restore3. Restore Subtree CN=u1 (Username), OU=OU1 (Organizational Unit
Name), Dc=Zoom (Domain Controller first name), DC= Com(Cn=Canonical Name)
- 52 -
DAY 14
DHCP
DHCP: Dynamic Host Configuration Protocol
It gives IP Address Automatically to the clients who is requesting for a Dynamic IP Address.
DHCP users a Client /Server Model where the DHCP Server will maintain centralized management of IP Address that is used on the network.
DHCP PROCESS
DHCP DISCOVER
DHCP CLENT DHCP OFFER DHCP SERVER
DHCP REQUEST
DHCP ACKNOWLEDGEMENT
DHCP DISCOVER: The Client system request DHCP Server to release one IP Address. This request is known as DHCP Discover.
DHCP OFFER: The DHCP server check the respond from the client system and offer pool of IP Address. This process is known as DHCP OFFER.
DHCP Request: The Client System once again request the DHCP server from the pool of IP’s to provide one IP to the Client System.
DHCP Acknowledgement: Finally DHCP Server check for the IP Address whether it is provided to the client system.
This process or Mechanism is known as Four Way Hand Shaking Process.
Practical:
1. Install Sys1 Configure DHCP2. From Control Panel3. Add/Remove Programs4. Add/Remove Windows Components5. From the list select Networking Services6. Click Details7. And Check DHCP8. Give Ok > Next > Finish
- 53 -
You can configure DHCP in DC, Member Server or Work Group Systems.
The Shortcut to Access DHCP from RUN > DHCPMGMT.MSC
TO CREATE A SCOPE:
1. Open DHCP in Admin Console2. Before creating a Scope Authorize DHCP Server3. Right Click on DHCP 4. Select Manage Authorized Services5. Click on Authorize6. Assign the name of the server or IP Address7. Close the window and refresh8. To create a Scope Right Click on the Server.9. Select New Scope10.Next11.Specify the Scope name12.Next13.Assign the IP Address from Starting to End14.Next15.Add Exclusions in the list.16.Next > Next17.Yes > Next18.Next19.Specify the domain name as well as server name20.Click on Resolve21.And Add in the List22.Next > Next23.Yes > Next > Finish
In System 2
24.Remove Static IP Address25.From Command Prompt use Command
IPCONFIG /RELEASE (To Remove Existing IP Address)IPCONFIG /RENEW (To automatically assign IP address from the DHCP Server)IPCONFIG /ALL (To Show all the details about the system Network)GET MAC (To get the Mac address of the current system)ARP –A (To Know the Mac address of other systems)Address resolution protocol
- 54 -
SCOPE: It’s a Range of IP address which is assigned to computers requesting for a Dynamic IP Address.
AUTHORIZATON: It’s a security precaution that ensures that only Authorized DHCP servers can run in the network, to avoid computers running illegal DHCP server in the Network.
Non-Authorized DHCP Servers are also called as “ROGUE SERVERS”.
EXCLUSIONS: From the pole of IP Address. In a single scope, use exclusions if IP Addresses are used for example: DHCP Servers, DNS or Domain Controller. Once if these Static IP Address are added in Exclusions the DHCP server will Assign the IP Address apart from Exclusions.
RESERVATIONS: Configure Reservations to reserve a particular IP address from the Pool of IP addresses to the particular computer. Comparing to Dynamic IP’s Reservation is having the highest priority. Through Reservation you can Assign a dynamic IP which is in the Static Mode.
Practical:
1. Expand Scope2. To know the Mac address of the current system in command prompt type
“GET MAC”3. To know the Mac Address of other system first make a communication
between both the system by giving ping command to the IP address of other system when it responds type the command “ARP –A” (Address Resolution Protocol)
4. To copy the Mac Address Right Click on Physical address select Mac and mark the physical address and give Enter.
To Create Reservations
5. Right Click on Reservations6. New Reservation7. Specify the name and IP address from the Range8. Right Click on the Mac Address and paste9. Check DHCP only and click on Add and close the window
From the Client Side use the command in command prompt.
10. IPCONFIG /RELEASE11. IPCONFIG /RENEW
- 55 -
TO CREATE A SUPER SCOPE
To group more then one scope in the DHCP Server create Super Scope. Super Scope is a collection of Multiple Scopes.
Practical:
1. In the DHCP Server2. Create 2 Scopes3. For Example: Scope1 as 10.0.0.1
Scope2 as 10.0.11.1
4. Right Click on the server select New Super Scope5. Next6. Select 2 Scopes together7. Next > Finish
To get an IP Address from 2nd Scope
1. Deactivate the first scope2. From Sys2 check the result by following the commands or add exclusions
in the first scope.3. Expand the scope4. Right Click on Address Pole5. Select New Exclusion Range6. And Assign the IP from Starting to Ending 7. Once if all the IP address is used or leased from the first scope the
identification will be exclamation it means IP Address are exhausted.
SCOPE OPTIONS: Configure Scope options to provide Additional Information like preferred DNS, Default Gateway, Etc. It is common only for individual scope.
SCREEN OPTIONS: Configure Server options to provide additional information along with all the dynamic IP’s It is common for multiple scopes.
APIPA = Automatic Private IP Address
In absence of DHCP server APIPA will provide IP address for the Client Systems. If the DHCP is not authorized then it can’t provide IP address to the Client Systems.
- 56 -
TO CHECK APIPA
1. In the IP Address Window2. Check “Obtain an IP Address Automatically”3. Select Next Tab > Alternate Configuration
- 57 -
DAY 15
DNS
Domain Naming System / Server
Defines a hierarchical name space where each level of name space is
separated by “.” Provides resolution of names to IP Address and resolution of IP Address
to names.
NETBIOS
BROADCAST:
The first naming convention was broadcast.
The first method of resolving names to IP or IP to names was broadcast. In Broadcast it generates network traffic and more over router will drop Broadcast packets.
LM HOST FILES:
LAN Manager Host Files
To Map names to IP or IP to names the second method of naming convention was LM Host files.
In a single network if any system wants to communicate then it has to check LM Host table. It contains system names and corresponding IP address. In LM Host you can communicate between two different networks. But only the draw back is manually we have to update the entries.
The way to find out LM HOST FILESC:\WINDOWS\SYSTEM32\DRIVERS\ETC
WINS
Windows Internet Naming Server or Service
It’s a DYNAMIC SERVICE
Microsoft came up with one more Dynamic service which is nothing but WINS. WINS Server will register client systems NETBIOS with corresponding IP
- 58 -
Address Automatically because of this reason it is known as Dynamic service. But it doesn’t follow naming hierarchy in Windows NT Win Server is configured to map names to IP or IP to names. In 2000 or 2003 DNS is a Dynamic Service which is used. It maintains standard Internet naming conventions.
You can configure DNS in Workgroup, Member Server or Domain Controller. It requires a Server Operating System CD
To open DNS START > RUN > DNSMGMT.MSC
- 59 -
DAY-16
Mail yahoo com .
1= Root Server2= Top Level Domain3= Second Level Domain4= Sub Level Domain
Root server will maintain the information about Top Level Domains.
Top Level Domains like “. Com “ or “. Org” will maintain the information about
second level domains and second level domains will maintain the information about Sub-Level Domains.
They are 13 Root Servers all over the world:
1. Asia2. Japan3. And the most of root servers are located in USA.
ISP DNS SERVER
Yahoo.com 203.54.92.64 Google.com 204.66.54.89 Rediff.com 17.34.68.2 Yahoo.com
203.54.92.64
1 3
Google.com
2 204.66.54.89 Client typed www.yahoo.com
Rediff.com17.34.68.2
- 60 -
1. Client request ISP DNS for resolving www.yahoo.com2. DNS Server gives the IP address of yahoo.com to the client3. In the third point client get the IP address of yahoo.com and
communicates directly with yahoo server.
QUERY TYPES:
Iterative Query: The DNS server returns an answer to the query or a pointer to other DNS servers.
Recursive Query: The DNS returns a complete answer to the query not a pointer to another DNS Server.
Client Local DNS ISP DNS ROOT Server
ITERATIVE QUERY Top Level Domain
RECURSIVE QUERY
Sub Level Domain Second level Domain
Client to DNS = Recursive QueryDNS to DNS = Iterative Query
LOOKUP TYPES:
Forward Lookup: Requests Name to address resolution
Reverse Lookup: Request Address to Name Resolution.
- 61 -
Forward Lookup
USER FRIENDLY NAME Client DNS IP ADDRESS
Reverse Lookup
IP ADDRESS
Client DNS USER FRIENDLY NAME
FULLY QUALIFIED DOMAIN NAME (FQDN)
Identifies a Host name within the DNS Name Space Hierarchy Host Name Plus DNS Domain = FQDN
HOST DOMAIN NAME
FQDN
SYS1 . MCSE . COM
- 62 -
DNS TAKING PLACE IN LOCAL LAN
DC1 Mcse.com
IP: 10.0.0.25 DNS CLIENT PDNS: 10.0.0.40 10.0.0.40 IP: 10.0.0.10
PDNS: 10.0.0.40
DC2 Zoom.com
IP: 10.0.0.26 PDNS: 10.0.0.40
Note: (To remove the cache files use this command in cmd prompt : IPCONFIG /FLUSHDNS )
ZONES
There are 4 types of Zones:
1. Primary Zone2. Secondary Zone3. Stub Zone4. Primary Zone Integrated with Active Directory
Zone is a storage database which maintains the information about its domain or Multiple domains. It maintains the file by default in the local system. In a single zone you can find collection of records which is going to map IP’s to Names or Names to IP’s.
- 63 -
There are 4 types of Resource Records:1. Start of Authority (SOA)2. Name Server (NS)3. Host Records4. Alias Records
Primary Zone: is a master copy where you can modify or edit records.
Practical:
TO CREATE A PRIMARY ZONE:
1. Open DNS Console2. Expand the Server3. Forward Lookup Zone4. Right Click on Forward Lookup Zone5. New Zone6. Next7. Check Primary Zone8. And Uncheck the Last option9. Next10.Specify the zone name (For Ex: google.com)11.Next > Next12. Check 2nd Option13.Next > Finish
TO CREATE HOST RECORD
1. Right click on the newly created zone2. Select New Host3. Specify the system name with IP address4. Click on Add Host
TO CREATE ALIAS
1. Right click on the same zone2. New Alias3. Specify the alias name (WWW)4. Browse5. Double Click Sys16. Forward Lookup 7. Double Click the Zone8. Select Sever Name9. OK > OK10.To check the resolution in command prompt
Type PING SYS1. GOOGLE.COM or PING WWW.GOOGLE.COM
- 64 -
SECONDARY ZONE: is a read only copy where you cannot modify the records. And always it replicates from Primary to Secondary to maintain one more DNS server for fault tolerance or for load balancing.
TO CREATE A SECONDARY ZONE:
1. In DNS create a Primary Zone with resource records2. DNS2 Create a Secondary Zone3. Right Click on Forward Lookup Zone4. New Zone5. Check Secondary Zone6. Next7. Specify the Zone name of Master Copy8. Next9. Assign the IP address of DNS110.Add in the list11.Next and Finish
TO TRANSFER THE RECORDS FROM PRIMARY TO SECONDARY
1. In DNS 12. Right Click on Primary Zone3. Properties4. Zone Transfer5. Check allow zone transfer (Only to the following service)6. Add IP address of Second DNS Server7. OK8. In DNS2 Right Click on the Secondary Zone Select Transfer from Master9. Continue with Finish
- 65 -
DAY 17
PRIMARY ZONE INTEGRATED WITH ACTIVE DIRECTORY:
In Domain Controller by default DNS is configured DNS is one of the important service which will advertise or publish about Domain controller in the network.
In this DNS by default a zone is configured by the domain name. And only in this zone you can find Six Service Records for example: The Zone name is zoom.com
1. MSDCS2. SITES3. TCP 4. UDP = User Datagram Protocol5. Domain DNS Zone6. Front DNS Zone
MSDCS: It maintains the information about different Domain Controllers configured in the forest.
SITES: It contains the information about sites which is configured in the forest.
TCP & UDP: These are two important protocols
Domain DNS Zone: It maintains the information about Domain wide replications.
Forest DNS Zone: It maintains the information about forest wide replications.
With the help of 6 Service Records DNS Server is able to identify Domain Controller.
DIFFERENCE BETWEEN PRIMARY ZONE AND PRIMARY ZONE INTEGRATED WITH ACTIVE DIRECTORY
Primary Zone Primary Zone Integrated with Active Directory
We can create N number of Primary Zone in one DNS Server Like: Yahoo.com, google.com
In this Zone is linked with the Domain Controller Domain Name where it maintains all the records of the Domain Controller
The Data is saved in Local Hard Disk The Data of this zone is saved in Application Partition.
- 66 -
TO CREATE A PRIMARY ZONE INTEGRATED WITH ACTIVE DIRECTORY
1. Right click on forward lookup zone2. New Zone3. Next > Check Primary Zone and the Last option INTEGRATED WITH
ACTIVE DIRECTORY4. Next5. Check to all Domain Controller in Active Directory Domain “ZOOM.COM”6. Next7. Specify the zone name which is related to the Domain Name for ex:
zoom.com8. Next9. Check “Allow Only Secure Dynamic Updates”10.Next > Finish
To get all six service records open services console and restart 2 services that is DNS Server & Netlogon.
The Zone which is integrated with Active Directory will store in Application Partition.
(TIP: “IPCONFIG /REGISTER DNS” to register DNS)
DYNAMIC UPDATES:
ALLOW ONLY SECURE DYNAMIC UPDATES:
This option will support the zone which is created or Integrated with Active Directory.
It supports Dynamic updates of Member servers. Dynamic updates also follows operating system like 2000 or 2003 the system which is running 2000 or 2003 the information regarding client systems will get updated automatically in the DNS Server. The system which is running 95 or 98 operating system cannot use the command “IPCONFIG /REGISTER DNS” to register the information about these systems in DNS Server. DCHP Server will take responsibility to update the information in DNS Server.
Practicals:
In DHCP Server:
1. Right click on the server2. Properties3. Select the DNS4. And check last option DYNAMICALLY UPDATED.
- 67 -
STUB ZONE
It is also called as Incremental Zone Transfer. Configure Stub Zone to forward the Query from one DNS to another DNS. Stub Zone will make a fast naming resolution or it will create a shortcut zone or a index zone.
Practical:
1. In DNS 1 create a Primary Zone with Resource Records2. In DNS 2 create a Stub Zone 3. Right Click on Forward Lookup Zone4. New Zone5. Next6. Check the Option Stub Zone7. Specify the name of the zone of the Master Copy8. Next > Next9. Assign the IP Address of DNS 110.Next > Next
TO REPLICATE THE RECORDS FROM PRIMARY TO STUB ZONE:
1. Right Click on the Primary Zone in DNS12. Properties3. Select the Zone Transfer4. Assign the IP Address of DNS25. Right Click on the Stub Zone in DNS26. Select transfer from Master
Before creating a stub zone check the IP address of DNS 2 and also check the resolution in the command prompt.
RESOURCE RECORDS
There are 4 types of Resource Records:1. Start of Authority (SOA)2. Name Server (NS)3. Host Records4. Alias Records
SOA: Start of Authority serial number will get updated based upon the modifications done in the existing zone. In a Individual Zone you can add the Records as well as delete them.
NA: Name Server will give the information about Authoritative DNS Server or the DNS Server which maintains different mappings of Records.
- 68 -
REVERSE LOOKUP ZONE
Practical:Create a Forward Lookup Zone with Resource Records
TO CREATE REVERSE LOOK UP ZONE
1. Right Click on Reverse Lookup Zone2. New Zone3. Next4. Check Primary Zone5. Next 6. Assign the Network ID7. Next8. Next > Next9. Allow Both Non Secure & Secure Dynamic Updates10.Next & Finish
TO CREATE A POINTER
1. Right Click on Newly created Zone2. New Pointer3. Assign Host IP4. Browse5. System Name6. Double click on the server7. Forward Look Up Zone8. Double Click on the Zone9. Select the Server10.Ok > Ok
To check the resolution from IP to names in Command prompt use the command “NSLOOKUP”
For ex: NSLOOKUP 10.0.0.1
TO CREATE A ROOT SERVER1. Right Click on Forward Lookup Zone2. New Zone3. Primary Zone4. Zone name Assign “.” (Dot)5. Next > Next6. Check ALLOW NON SECURE AND SECURE DYNAMIC UPDATES7. NEXT > Finish
- 69 -
Create few more zones with different extensions like “OU.EDU, HP.ORG, and USA.NET etc”
Refresh the root and check Top Level Domains.
- 70 -
DAY -18
TO CREATE A BACKUP COPY FOR PRIMARY ZONE INTEGRATED WITH ACTIVE DIRECTORY
1. In DNS 12. Check the Zone (Which is created by the Domain name) with 6 SRV
Records3. In DNS 24. Create a Primary Zone with same Domain Name5. To Display all Six Service Records
Start > Run > Specify the UNC Path\\sys1\c$
6. Double click windows Folder7. System 328. Config9. Right Click on “NETLOGON.DNS”10.Open with Notepad11.Copy the Content in that12. In Sys2 open
C:\windows\system32\dns13.Open the zone file for ex: Zoom.com.dns14.And paste the content below the matter15.From services Restart the DNS Server & Net Logon16.And Check the result in DNS2 Server
TO TAKE A BACKUP OF PRIMARY ZONES IF THERE IS ONLY ONE DNS SERVER. THROUGH REGISTRY
1. Open DNS Console2. Create few zones with Resource Records
TO TAKE THE BACKUP OF ZONES3. in Run > REGEDIT4. In the Registry window Expand
HKEY LOCAL MACHINE >Software>Microsoft>Windows NT>Current Version>
5. Right Click on DNS Server6. Select Export7. Select a different drive create a folder named Backup and save the
registry
- 71 -
8. From the same registry window once again expandHKEY LOCAL MACHINE>SYSTEM>CURRENT CONTROL SET>SERVICES
9. Right Click on DNS and Select Export10.And save the second registry in the same Backup Directory11.Copy even the files from local system which is belonging to the zones
C:\windows\system32\dns12.And copy zone files and paste in the directory where registry files are
stored.
TO RESTORE THE PRIMARY ZONE FROM REGISTRY.
1. In DNS Server delete all the Primary Zones2. Open the Back up files3. Right click on the First Registry and select Merge4. Follow the same for the second Registry also5. And restart the services6. DNS Server & NET LOGON from the services console.7. And check the result in the DNS Server if it restored
CONDITIONAL FORWARDERS:
Configure Forwarders to forward the Query from One DNS to Multiple DNS servers. In 2003 forwarders are known as Conditional Forwarders.
Configure then even for Load Balancing.
Practical:
In DNS one
1. Create few Zones with resource records
In DNS two2. Change the Preferred DNS to the same system IP Address3. Open the DNS Console4. Right Click on the Server5. Properties6. Forwarders7. And Assign the IP Address of DNS One
To check the naming resolution.
In Command Prompt Ping with the created zones in DNS one.
- 72 -
ROUND ROBIN:
Is a one of the best feature in the DNS Server. Configure Round Robin for Load Balancing Mechanism which is used in DNS Server. For Sharing and Distributing Network Resources.
IN DNS1
1. Create a zone called Yahoo.com with Resource Records2. Create 2 or more hosts records. By specifying the server name with
different IP AddressFor Ex: Sys1 10.20
Sys1 10.30Sys1 10.40
3. Add the IP address in the IP Address Window4. Click on Advanced
In DNS to confirm or to check Round Robin
1. Right Click on the sever2. Properties3. Advanced4. And Check Enable Round Robin
To check the Resolution in cmd prompt ping with the zone name.
To Clear the History files or cache use the command “IPCONFIG \FLUSH DNS”
And once again check with Ping Command the Zone name and check the IP Address.
- 73 -
DAY-19
IIS
Internet Information Services
IIS VERSIONS
WINDOWS NT 2.02000 SERVER 5.02003 SERVER 6.0WINDOWS 98 Personal Web Manager
Protocols Installed Under IIS
1. HTTP2. FTP3. NNTP4. SMTP
It is one of the windows components used for hosting websites with the help of this service you can publish the data over internet world. IIS is introduced in Win NT Version 2.0 in Windows 2000 Server Ver 5.0 and 2003 Server Ver 6.0. The Basic difference between 2000 & 2003 is in 2000 Server O.S. IIS is by installed by default where as in 2003 Server OS it is not configured with O.S. But in 2003 it provides additional features like:
Provides full Security Isolation for users Backup and Restoration It supports even Ip version 6
When you configure IIS it will install with additional services or protocols:
1. HTTP: HYPER TEXT TRASFER PROTOCOLIt is used to publish the data over Internet you can easily manage and configure websites with this protocol. It uses default port as 80
Note: Port Numbers are logical services from 1 to 1024 numbers are allotted only for port numbers.
2. FTP: FILE TRANSFER PROTOCOLTo Transfer the files from one location to another or for downloading or uploading the files we use this protocol. It uses default port as 21
- 74 -
3. NNTP: NETWORK NEWS TRANSFER PROTOCOLThis is used to publish the data over news groups or news agencies. It uses default port as 119.
4. SMTP: SIMPLE MAIL TRANSFER PROTOCOLIt is used for sending mails or configuring mail servers. It uses default port as 25.
REQUIREMENT OF IIS
1. 2000 or 2003 Server Operating System (Enterprise or Web Edition)2. Public IP / Private Ip3. Domain Name4. DNS Server5. Designed Websites
TO INSTALL IIS:
1. Control Panel2. Add / Remove Programs3. Add Remove Windows Components4. Check Application Services5. Click on Details6. Check IIS7. Ok8. Next > Finish
Short cut to open IIS from Start > RunINETMGR
TO HOST WEBSITES:
1. Open IIS2. Expand the server & Websites folder3. Right Click on websites folder4. New websites5. Next6. Specify the description of any website name7. Next8. Assign the IP from the List (All Unassigned: Giving a choice of assigning
multiple Ip addresses)9. In the Host Header “SPECIFY THE FORMAT THE WAY YOU ACCESS
THE WEBSITES” for ex: www.google.com10.Next
- 75 -
11.Assign the path of the web pages folder by clicking on browse12.Next13.Check Browse14.Next & Finish
Open DNS Create a primary zone by the website name with Host Records and Alias.
TO CREATE A HOME PAGE FOR EXISTING WEBSITE:
1. In IIS Select the created website2. In the Right click on the website name and select the name of the file for
ex: google.htm3. Copy the Text or name with extension4. Right Click on the website5. Properties6. Select the tab Documents7. Click on Add and paste the text. 8. Give OK and remove the existing pages9. Apply OK10. Open Internet Explorer and access the website www.google.com
BACK UP FOR TAKING HTTP OR FTP SITES:
(XML = Extensible Markup Language)
To take the back of websites
1. Right Click on the existing website2. All Task 3. Save Configuration4. Select Browse5. Specify the path by selecting the drive6. Give OK7. Assign file Name
TO RESTORE THE WEBSITES:1. Remove the Existing websites2. Right Click on websites folder3. New4. Website (From File)5. Click on browse give the path of the backup file6. And open the file7. Click on load file and then give ok
- 76 -
VIRTUAL DIRECTORY
To access sub links or sub WebPages create a Virtual Directory. By configuring virtual directory you can make the task easy or there is a shortcut way to access sub pages.
1. Open IIS2. Right Click on the existing website3. New4. Virtual Directory5. Next6. Specify the alias name for example: Mail or Messenger7. Next8. Assign the path of WebPages9. Next10.Check Browse11.Next and Finish
TO CREATE A HOMEPAGE FOR VIRTUAL DIRECTORY
1. From the list Remove yahoo mail2. Copy the text of file name with extension3. Expand the website4. Right Click on the virtual directory5. Properties6. Select the tab documents7. Click on add and paste the copied text8. Add move the main page up and give ok9. Open Internet Explorer and access the website with Virtual Directory
- 77 -
DAY 20
REDIRECTING WEBSITE
In IIS configure redirection either to block or to restrict websites for client systems with the help of redirection you can block a single website.
Practical:
1. Open IIS2. Host to Websites3. And Create the zones in DNS Server4. Access both the websites in Internet Explorer
TO PERFORM REDIRECTION5. Right click on one of the website6. Properties7. Select the tab HOME DIRECTORY8. Check “REDIRECTION TO A URL”9. And specify the format of another website10.Give Apply > OK11.To confirm Redirection12.Open Web Browser (IE) for ex: Specify wwww.zoom.com Automatically it
will redirect to Yahoo.com
DOCUMENT FOOTER
Configure Document Footer to enable Licensing mode for the existing website. To Publish or to advertise “DISCLAIMER PERMISSION” use Document Footer.
TO CREATE DOCUMENT FOOTER
1. Right Click on the existing website2. Properties3. Select the Tab DOCUMENT4. And check enable Document Footer5. Click on Browse6. And give the path of the HTML file7. To confirm Document Footer Open Internet Explorer and access the
website.8. In the Web Browser you can find 2 different websites for ex: The bottom
website is the licensing mode.
- 78 -
TO RESTRICT WEBSITE TO INDIVIDUAL CLIENT SYSTEMS
1. In WEB SERVER2. Right click on existing website3. Properties4. Select the tab DIRECTORY SECURITY5. Select EDIT (IP Address and Domain Name)6. Check Granted Access and Add the IP Address of the client system you
want to Deny.7. OK > Apply > OK8. In system2 Open IE and Access the website.
FTP:
To Configure FTP in IIS 1. Control Panel2. Add/Remove Programs3. Add / Remove Windows Components\4. Select Application Server5. Details6. Select IIS7. Click on Details8. And Check FTP9. OK and Continue the Wizard
TO CREATE A FTP SITE:
1. Create a Folder2. Arrange HTML and other files3. To Create a FTP Site open IIS4. Right click on FTP site folder5. New FTP site6. Next7. Description : “NAME”8. Next9. Assign the IP10.Next11.Do not Isolate Users12.Give the path of the newly created directory13.Check Read / Write
Read = DownloadingWrite = Uploading
14.Next and FinishOpen Internet Explorer and specify IP address (FTP://11.0.0.1)
- 79 -
TO COPY THE CONTENT
In Command Prompt
1. FTP2. Open3. TO “IP ADDRESS”
OR GIVE FTP “IP ADDRESS”
4. User : anonymous 5. Password: Press Enter6. LS to list the files
TO DOWNLOAD A SINGLE FILE USE
7. GET Google.htm (or any file)8. And check the downloaded files in the local drives9. To quit FTP 10.Type BYE
TO UPLOAD FILES THROUGH COMMAND PROMPT
Create a some new files at C drive
Through command prompt after connecting to FTP use the command
PUT
For example: PUT RICH.TXT
To confirm in Internet Explorer access FTP site and check the new modification.
ISOLATING USERS IN FTP
Isolate Users:
Create Isolate users for local users or Domain users which will provide security. More over you can allow permissions for specific users to download and upload the files.
- 80 -
Practical:
1. In one of the Drive Create a folder by the name ROOT2. Inside the Root folder create a folder by the Domain Name3. Inside the Domain folder create users folder
ROOT
DOMAIN USER1 NAME
FOLDER
USER2
4. Create Domain users with password5. Open IIS6. Right Click FTP site7. New FTP Site8. Specify the Description9. Assign the IP10.Check Isolate Users11.Give the path of the ROOT Directory12.Next > Check Read & Write13.Next > Finish
For Isolate users you will get a Logon screen to specify the Username and Password for downloading or uploading files.
TO BROWSE THE SITE
1. Open Explorer2. And Access FTP
- 81 -
ISOLATE USERS FOR ACTIVE DIRECTORY
It will provide more security comparing to isolate users. You can configure Isolate Users with Active Directory only for Domain Users.
Practical1. In one of the Drive2. Create a folder3. By the Domain name and sub folders for the users.4. Arrange documents in each sub directory5. Create Domain users with password6. Create a FTP site by selecting Isolate users with Active Directory.7. In command prompt for setting the Database for Individual users.
TYPE
Set AD Properties Username Directory
iisftp /setadprop a1 ftproot c:\zoom
iisftp /setadprop a1 ftpdir a1
- 82 -
DAY 21
ROUTING
SOFTWARE ROUTING
Router: It is a device for enabling the communication between the two different networks.
Router will make the communication possible between 2 different networks. There are of 2 types of routers.
1. Software Router2. Hardware Router
1. Software Router : It is configured with operating system like 2000 and 2003 server in software router even you can configure other services it is very easy to setup and less expensive.
2. Hardware Router: These are devices specifically used to perform Routing they provide more efficiency and reliable.
PHYSICAL CONNECTION
SYSTEM1 SOFTWARE SYSTEM2IP:10.0.0.2 ROUTER IP: 11.0.0.2GW:10.0.0.1 GW:11.0.0.1
NIC1 NIC2IP:10.0.0.1 IP:11.0.0.1
PRACTICALS:
1. Assign the IP address for 10.0.0.2 network with default gateway 10.0.0.1 follow the same for the 11.0.0.2 network and default gateway 11.0.0.1.
2. In the Software Router Assign the IP address for the both interfaces as 10.0.0.1 and in another one 11.0.0.1.
3. In the software router in Administrator Tools Open the Console Routing and Remote Access.
4. Right Click on the Server5. Select Configure and Enable Routing
- 83 -
6. Next7. Check > Custom Configuration8. Check > Lan Routing9. Next > FinishAfter configuring Software Router check the communication between 10.0.0.2 to 11.0.0.2.
DHCP RELAY AGENTDHCP RELAY AGENT is used for assigning dynamic IP address. It converts the broadcast done by the DHCP & Client to Unicast. Like Assume DHCP Server is in network A and the client is in network B with this protocol the DHCP Server can allot a dynamic IP address to the client system which is in Network B.
DHCP SERVER SOFTWARE ROUTER CLIENT
IP: 10.0.0.2 IP: 10.0.0.1 IP: 11.0.0.10 GW: 10.0.0.1 GW: 10.0.0.2 DHCP RELAY AGENT Scope Created: 11.0.0.10 to 11.0.0.50 IP: 11.0.0.1
1. In 10.0.02 Network Install DHCP Server 2. Authorize the Server3. Create a Scope for 11.0.0.1 Network 4. In the scope add the Router IP Address as default gateway (10.0.0.1)5. Add this default gateway as Router IP address
IN THE SOFTWARE ROUTER1. Open Routing and Remote Access2. Expand the Server3. IP Routing4. Right click on General5. New Routing Protocol6. Select > “DHCP RELAY AGENT” from the menu7. OK8. Right Click on DHCP Relay Agent9. Select Properties10.Add the IP address of DHCP Server (10.0.0.2)11.Right click on DHCP Relay Agent12.Select New Interface13.Add both Interfaces in the list 10.0.0.1 and 11.0.0.114. In 11.0.0.1 network make the IP address Dynamic15. In command prompt use the Command
“IPCONFIG /RELEASE” &“IPCONFIG /RENEW”
- 84 -
NAT
NETWORK ADDRESS TRANSLATION
Note: NAT is going to work only with static IP address.
NAT is a basic firewall used for tanslating the Private IP to Public IP, thus providin the security using NAT, one way communication is possible i.e., Private can access the Public but Public cannot access the Private Network.
By Configuring NAT you can even differentiate Public Network and Private Network
Private Network Software Router Public IP: 10.0.0.2 10.1 GW: 10.0.0.1 NAT 11.1 INTERNET
NICPracticals:
Configure 11.1 Network as a Public and 10.1 as Private Network.
TO CONFIGURE NAT1. Open Routing & Remote Access2. Expand IP Routing 3. Select NAT Basic Firewall4. Right Click on it5. New Interface6. Select 10.1 7. OK8. And Check Private Interface9. OK10.Right Click on NAT11.Select New Interface12.Select 11.1 Network13.OK14.Check “PUBLIC INTERFACE” and Enable NAT15.Check the Result by pinging in command prompt
IMP: NAT does not support Dynamic IP’s.
- 85 -
DAY22
RAS
REMOTE ACCESS SERVER
Remote Access is a feature that enables Client Computer to use Dial-Up and VPN connection to connect to a Remote Access Server. A Remote Access Server is a windows server computer that runs the routing and remote access service and is configured to provide remote access. There is no difference in Network functionality for the remote access client execpt the speed of the link is often much slower then a client connection to Lan.
WAN LINKS
MODEM PHONE TELE-EX TELE-EX PHONE MODEM
RAS REMOTE SERVER CLEINT
NOTE: REMOTE ACCESS SERVER CAN BE CONFIGURED ONLY IN DOMAIN CONTROLLER.
Pracs:
1. In RAS Server2. Install the Modem3. From Control Panle4. Phone and Modem Options5. Select the Tab Modem6. Click on Add7. Check “Don’t Detect”8. Next9. Select “Standard 56kbps Modem”10.Next11.Select the Port12.Next and Finish
- 86 -
TO CONFIGURE REMOTE ACCESS SERVER1. Open Routing & RAS2. Right Click on the Server3. Select Configure - Enable Routing & RAS4. Next5. Check Remote Access6. Next7. Check Dail Up8. Next9. Next10.Check from specified Range of Address11.Click on New12.Add the range of IP address13.OK14.Next15.Check NO16.Next & Finish
(Select the Option YES to configure Radius Server. It is a Authenticated Server which will manage if you have Multiple RAS Servers.)
Open Active Directory Users & Computers Console and Create a User
To allow the permissions1. Right Click on the User2. Properties3. And Select the Tab “Dail-in”4. Check “Allow Access”
REMOTE CLIENT 1. Install the Modem from the control Panel
To establish the connection to RAS Server
2. Right Click on My Network Places3. Properties4. Double Click New Connection Wizard5. Next6. Check the Option Connect to the Network at My Work Place7. Check Dailup Connection8. Assign the Company Name 9. Give RAS Server Phone Number10.Check “My Use Only”11.Next & Finish
In the Logon Screen Specify the Username and Select Dail-In
- 87 -
ONCE AFTER ESTABLISHING THE CONNECTION. TO KNOW THE SERVER AND CLIENT IP
1. Right Click on Newly established connection
2. Select Status
VPN
Virtual Private Network
Virtual Private Network connection is a virtual connection that is funneled inside of an existing TCP/IP network connection. VPN connection can be established by using either PPTP and L2TP are commonly used between two computers that communicate over the internet.
VPN NETWORK
RAS SERVER INTERNET REMOTE CLIENT
PPTP = POINT TO POINT TUNELLING PROTOCOLPPP= POINT TO POINT PROTOCOLL2TP= LAYER 2 TUNELLING PROTOCOL
TO CONFIGURE VPN SERVER
1. Open Routing & Remote Access2. Next3. Check Custom Configuration4. Check VPN Access5. Next & Finish
TO ESTABLISH VPN CONNECTION
1. Right click on My Network Places2. Double Click New Connection Wizard3. Next4. Check Connect to the Network at my work place5. Check Virtual Private Network Connection
- 88 -
6. Specify the Company Name7. Check Automatically8. Specify the Host name or IP address for example: sys19. Next10.My Use Only11.Next & Finish
In the Logon screen specify the user name and connect
TO ASSIGN THE IP IN VPN SERVER
1. Right Click on the Server2. Select Properties3. Select the Tab IP4. And Check Static Address Pole5. Click on Add6. And Add the IP address.
- 89 -
DAY 23
TERMINAL SERVICES
Terminal Services
Terminal services is a Windows 2003 component that provides terminal emulation to network clients. This means that the network clients can access a terminal server, begin a session with it, and run application from the terminal server as though the application were installed locally on the users computer.
Terminal Server is a service which is used to name server environment on the Client PC’s, without upgrading the system or the hardware in order to run some application or to perform some task terminal services are used.
In 2000 Terminal Services works in Relax Mode and Application Server Mode.In 2003 Terminal Services works in Relax Mode and Full Security Mode.
Remote Administration Mode Remote Application Mode
REMOTE ADMINISTRATION MODE:
SYS1 SYS2
Domain Controller Internet SERVER ADMIN MEMBER SERVER
In Remote Administration Mode only two users can establish the session in order to access server desktop. In this mode they cannot access any applications from server.
Pracs:
1. In Sys1 Right Click on MY COMPUTER2. Properties3. Select the Tab Remote 4. And check Allow Remote Desktop Users5. Create a user
- 90 -
TO ALLOW THE PERMISSION FOR THE USER
1. Open Console Terminal Services configuration SHORTCUT: TSCC.MSC
2. Right Click on RTP / TCP3. Properties4. Permissions (Tab)5. Add the user for which you want to give permissions
IN SYSTEM 2
1. Login as a User2. Right Click MY COMPUTER 3. Click on Properties4. Remote5. Check Allow Users
TO ESTABLISH A SESSION FROM CLIENT
1. Programs > Accessories > Communication> Remote Desktop Connection2. Specify the System Name as Sys1 and connect3. At the same time once after establishing the session you can find 2
Desktops on your screen
IN SYS1 IF ADMINISTRATOR WANTS TO MONITOR HIS DESKTOP OR USER DESKTOP
TO ESTABLISH THE SESSION FROM ADMIN TO USER
1. From Accessories > Communication > Remote Desktop Connection\2. Specify Sys13. Connect4. Maximize the session5. And Open the Console Terminal Services Manager
SHORTCUT: TSADMIN.EXE6. Right Click on the User7. Select Remote Control8. Set the HOT KEY9. Give OK
MOVE ONTO SYSTEM 2
10.Create some files onto the Desktop11.And check some changes on Sys1
- 91 -
INTERACT WITH THE SESSION
Before giving the permissions or changing it from view to Interact first disconnect the sessions from both the systems.1. In System1 to change from View to Interact2. Open the Console Terminal Services Configuration3. Right Click on RDP4. Select Properties5. Select the tab REMOTE CONTROL6. And Check Interact with the session7. In Sys2 login as a user8. Establish a session with System1
TO CHECK INTERACT SESSION
1. In system12. Establish a session by specifying System13. Logon as a Administrator4. Open Terminal Services Manager5. Select Remote Control6. Once after establishing the connection7. In System28. Open MY COMPUTER and respected drives9. In System110.Try to open or close the folder windows.
REMOTE APPLICATION MODE:
SERVER
RUNNING ADATABASEAPPLICATION
CLIENT CLIENT CLIENT 1 2 3
Clients are Thin Clients Running with VXL Chipset
Thin Clients are the computers with low hardware configuration, OS is not installed and they boot from the network.
Thick Clients are the computers which work on OS and have good configuration.
- 92 -
In Remote Application Mode more then two users can establish the session to get Server Environment on their own Thin Client PC’s. And even they can access application from the server.
Practicals:
1. Open Control Panel2. Add/Remove Programs3. Add/Remove Windows Components4. Select Terminal Services5. NextInstalls the Terminal Services6. Next7. Check Full Security8. Next & FinishSystem will Restart
TO PROVIDE GROUP OF APPLICATIONS FOR USERS
In System1
1. Open MY COMPUTER2. One of Drive3. Create a Text Document4. And Specify some applications like WINWORD.EXE, NOTEPAD.EXT,
CALULATOR.EXE5. And save the file with extension as “BAT”To assign the path6. Open Terminal Services Configuration7. Right Click on RDP8. Properties9. Select the tab Environment
Ex: C:\GROUP.BAT
IN SYSTEM2 LOGIN AS A USER AND ESTABLISH A SESSION
Login as a User Automatically you can find different application one after one
TO INSTALL REMOTE DESKTOP CONNECTION1. C:\windows\system32\clients\tsclients\win32\setup.exe
- 93 -
DAY 24
ISA
Internet Security and Acceleration Services
ISA is called as a Software Router
ISA Server
ISA Server is a upgraded version of Microsoft Proxy 2.0 with built-in Firewall
PROXY FIREWALL
FIREWALL: Firewall is a device which will secure and protect network resources it forms network between the gateway and ensures only authorized users to access valuable data. ISA is a software Firewall.
Proxy Server: Proxy server will emulate like a web server. The benefit is for speed up the respond time and also for faster internet access.
CLIENT PROXY SERVER INTERNET
192.168.1.2 192.168.1.1
Hacking: Taking over your resources or attempt to bring down your server.
Types of Attack:
1. Foot Printing: The way to know the Operating System and IP of the Server
2. Scanning: Scanning System for bugs and loopholes.
3. Dos Attack: Denial of Service
- 94 -
4. Exploits: Writing scripts to bring down server
5. Trojans: Sending Viruses to Steal Data
6. Port Scan: Scanning Ports for getting into application etc.
CLIENT SOFTWARE ROUTER WEBSERVER ISA
1 2 3 4
1 NIC= IP: 10.0.0.2DG:10.0.0.1DNS: 202.153.32.2
2 NIC= IP: 10.0.0.1DNS: 202.153.32.2
3NIC= IP: 202.153.32.1DNS: 202.153.32.2
4NIC = IP: 202.153.32.2GW:202.153.32.1DNS: 202.153.32.2
Practicals:
In System 3
1. Install IIS with DNS Service2. Host Websites3. And Create the Zones in DNS4. In System2 configure Software Routing and access the websites5. In System1 check the IP Address with Default Gateway and Preferred
DNS6. Access the websites
- 95 -
In System2
1. Install ISA by opening one of the Drive ISA2K Standard > ISA > Setup.exe2. Click on continue twice3. And Provide the CD Key as all one’s4. Select on “I Agree”5. Full Installation 6. Integrated Mode7. Continue8. Select the Drive and Give OK9. Add the IP Address of the Private Network.10.Add in the list11.Give OK for twice
TO INSTALL SERVICE PACK
1. Open the Folder “ISA 2K STANDARD”2. ISA Service Pack 23. Update4. Update.exe5. Next > Next > Finish
ISA SERVER REQUIREMENTS
1. Member Server or Domain Controller or Work Group2. Service Pack 1 or above3. Two interface (Public and Private)4. Pentium III 300 Mhz or above5. 256 Mb Ram or above6. 20 MB of HDD Space with NTFS 5.0 partition
Practicals:
TO ALLOW CLIENT SYSTEM TO ACCESS THE WEBSITES
IN SYSTEM2
1. Open ISA Management2. Expand Services and Arrays3. Expand the Server
- 96 -
TO CREATE CLIENT ADDRESS SET4. Expand Policy Elements5. Right Click on Client Address Set6. New Set7. Specify the Name8. Click on Add and Add the Range of IP Address of Private Network for Ex:
10.0.0.1
TO CREATE A PROTOCOL RULE
9. Expand Access Policy10.Right Click on Protocol Rule11.New Rule12.Specify the Rule Name13.Next14.Check Allow15.Next16.From the List select the selected Protocols17.And check HTTP18.Next19.Next20.Check Specific Computers21.Next22.Click on Add23.Add the list > OK24.Next & Finish
IN SYSTEM1 BEFORE ACCESSING WEBSITES CONFIGURE PROXY CLIENT.
25.Open Explorer26.Select Tools Menu27. Internet Options28.Select the Tab Connection29.LAN Settings30.And check “USE PROXY SERVER”31.Assign the IP Address as 10.0.0.1 Port 808032.Open the website and access websites.
TO RESTRICT THE WEBSITES
1. In ISA management2. Express Policy Elements3. Right Click on Destination Set4. New Set
- 97 -
5. Give Name6. Click on Add7. Check Destination8. And Specify the website name9. Expand Access Policy10.Right Click on the Site and Content Rule11.New Rule12.Specify the Name13.Next14.Check Deny Access based on Destination15.Next16.From the list select “SPECIFIED DESTINATION SET”17.And select it from the name list18.Next & Finish
In system1 open internet explorer and try to access the website which you have blocked.
REDIRECTING WEBSITE:
To redirect a particular website
1. Remote Existing Destination Set2. And Site and Content Rule3. Create a Destination Set by Right clicking on 4. Give set name as yahoo redirection5. click on Add6. Check Destination7. Assign website name8. Expand Access Policy9. Site and Content Rule10.Create a new rule11.Specify the name12.Next13. Check (HTTP Request) and specify the website name following http for
ex: http://something.com14.Next > Check Deny Access based on destination15.Next16.Specified Destination Set17.Select it from the list18.Next and Finish
In System1 try to open internet explorer and try to access yahoo website and it will redirect you to another website.
- 98 -
DAY 25
RIS
Remote Installation Service
It is used to deploy operating systems to the RIS Client Systems.
Requirements for configuring a RIS Server
1. Windows 2000 or 2003 Server Operating System
2. Minimum of 2GB of Primary Partition with NTFS format
3. 1 OS CD (It could be Windows XP Home or Professional or Windows 2000 Professional or Win 2000 or 2003 server Operating System)
4. DHCP SERVER, DNS SERVER & DOMAIN CONTROLLER
Requirements for configuring a RIS Client
1. Boot Floopy or CD or NIC card with PXE ROMRBFG.EXE
REMOTE BOOT FLOOPY GENERATOR
This file is used to create Boot Floopy or a CD
To know the path for RBFG.EXE
1. Open Newly Created Drive in RIS Server2. Remote Install Folder3. Admin4. i3865. RBFG.exe
TO CREATE A IMAGE
1. Create a Primary Partition with 2 GB formatted with NTFS
To take the Image, from Admin Tools select RIS Services Setup
2. Next 3. Assign the CD Drive Path4. Next
- 99 -
5. Next (WINDOWS)6. Next (USER FRIENDLY DESCRIPTION)7. It shows you summary8. Next & Finish
RIS PROCESS
REQUESTING FOR IP DHCP SERVER GIVING DYNAMIC IP WITH P.DNS CLIENT
DNS REQUESTING FOR DC IP DHCP GIVING DC IP TO THE CLIENT
REQUESTING FOR RIS IP DOMAIN
CONTROLLER GIVING RIS SERVER IP ADDRESS
RIS REQUESTING FOR OS IMAGE GIVING O.S. IMAGE TO CLIENT
This whole process is known as BINL, this one of the service of RIS Server they are three RIS services.
BINL TFTP SIS
BINL: Boot Information Negotiation Layer
It manages the overall RIS Process. It makes the client to boot through the network sequential order as above given diagram.
TFTP: Trivial File Transfer Protocol
It transfers Image files from RIS Server to Client. TFTP basically transfers Client Installation Wizard. It also saves time to resume the installation during power failure.
- 100 -
SIS: Single Instance Storage
This is responsible to monitor the partition where the image has been stored. Whenever a duplicate file or existing file is copying it is going to create a pointer and this saves disk space.
AFTER TAKING IMAGE IN RIS SERVER
In DHCP create a scope with DNS Information In DNS Server check the zone where you have all 6 SRV Records
TO CONFIRM THE IMAGE AT DOMAIN CONTROLLER
Either open newly created drive with sub folders or open Active Directory Users & Computers from DC Administrator Console.
1. Expand the Domain2. Select Domain Controller3. Right Click on Server4. Select Properties5. Select the tab “Remote Install”6. Click on Advanced Settings7. Select the Next Tab “IMAGES”8. There you can find RIS server if it is installed.
Prestaging
By prestaging the client, the administrator can define a specific computer name, and optionally, the RIS server that can service the client:
1. Locate the container in the Active Directory service in which you want your client accounts to be created.
2. Right-click the container, click New, and then click Computer. The New Object-Computer dialog box is displayed.
3. Enter the computer name and authorize domain-join permissions for the user or security group that contains the user who is going to use the computer that this computer account represents.
4.In the next dialog box, you are prompted for either the globally unique identifier (GUID) or universally unique identifier (UUID) of the computer itself and whether you intend to use this computer as a managed (Remote OS Installation-enabled) client. Enter either the GUID or UUID,
- 101 -
and then click to select the This is a managed computer check box.
The GUID or UUID is a unique 32-character number that is supplied by the manufacturer of the computer, if it is a assembled PC add 20 zero’s in front of the MAC address of your NIC card, and is stored in the system basic input/output system (BIOS) of the computer. This number is written on the case of the computer, or on the outside of the box that the computer had been shipped in. If you cannot locate this number, run the system BIOS configuration utility. The GUID is stored as part of the system BIOS. Contact your OEM for a VBScript (created with Visual Basic Scripting Edition) that can be used to prestage newly purchased clients in Active Directory for use with Remote OS Installation.
The next screen prompts you to indicate the RIS server that this computer is serviced by. This option can be left blank to indicate that any available RIS server can answer and service this client. If you know the physical location of the specific RIS server and where this computer can be delivered, you can use this option to manually load clients in the RIS servers in your organization as well as segment the network traffic. For example, if a RIS server had been located on the fifth floor of your building, and you are delivering these computers to users on that floor, you can assign this computer to the RIS server on the fifth floor.
TROUBLE SHOOTING POINT:
If RIS Client not able to contact DHCP server or other services.
1. Open DHCP in the Address Lease2. Remove the IP Address3. And Refresh the scope
From Admin Tools Open services console
And Restart these services.
1. DHCP SERVICE2. DNS SERVICE3. RIS SERVICE4. SIS 5. TFTP
TO REFRESH THE IMAGE
Open Active Directory Users and Computers1. Select Domain Controller2. Right Click on the Server3. Properties
- 102 -
4. Select the Tab Remote Install5. Properties6. Select the Tab Remote Install7. Click on Verify server8. Next > Next & Finish
TO CREATE A ANSWER FILE
1. Open the New Drive created to create Image2. Follow this Path
REMOTE INSTALL\SETUP\ENGLISH\IMAGES\WINDOWS\i386\TEMPLATES
3. Double Click on RISTNDRD.SIF
RIS STANDARD SETUP INFORMATION FILE4. Edit
[USER DATA]
After “COMPUTER NAME”typePRODUCT ID = 4587-4587-4545-4597 (product key)
[REMOTE INSTALL]
REPARTITION = NOUSEWHOLE DISK = NO
5. Save the File
CREATING A ANSWER FILE THROUGH SETUPMGR.EXE
1. Insert the OS CD2. Open the CD Drive where the image is created3. Follow the path
Support\tools\Deploy. cab4. Right Click5. Select “Extract”6. While extracting give the path either Desktop or My Documents7. On Desktop you can find the file SETUPMGR.EXE8. From the Menu Create a New Answer file9. And follow the steps according to the questions10.Finally save the file in the below given path.
Remoteinstall\Setup\English\Images\Windows\i386\Templates
- 103 -
- 104 -
DAY-26
DISK MANAGEMENT
Disk Management: it is a tool or utility which will help to manage the hard disk more efficiently.
The new hard disk is called RAW HARD DISK or PRE FORMATTED HARD DISK.
You cannot store the data directly on the Raw Hard Disk.
First you need to create the partitions and format it.
Partitioning is dividing the Hard Disk and Formatting is creating file systems on the Hard Disk which is identified by the Operating System.
File System provides hierarchical structure to store files or directories, where operating system can identify and retrieves the files back.
For Example: FAT 16FAT 32NTFS = New Technology File SystemEFS = Encrypted File System
EFS is not a file system it is one of the feature of NTFS file system
TYPES OF DISK
There are 2 types of DISK
BASIC & DYNAMIC
BASIC: Basic Disk is a disk which will follow industrial standards while partitioning and formatting it. The storage unit in the basic disk is called partition. And it supports all types of file system.
In 2000 and 2003 you can create 4 Partitions, either 3 Primary and 1 Extended.
DISK PART
To extend the size or to allocate extra space for the existing partitions use Diskpart.
- 105 -
PROCEDURE FOR DOING DISKPART
1. Open Computer Management2. Create the Partition following with respected file system3. In Command Prompt give the commands as given below:
A) DISKPARTB) LIST VOLUMEC) SELECT VOLUME 1 (You will find the list of volume in numeric
way, give the number of that drive which you want to extend)D) EXTEND SIZE = 500 (Give which ever size as per your
requirement and un-allotted disk space in MB)E) Check the Drive size by going to My Computer and right click on it.
COMMAND CONVERT FROM FAT TO NTFS
CONVERT D:/FS:NTFS Drive Letter File System Format
MOUNTING
Create Mounting in the Basic Disk, in case if all the Drive letters are assigned you can use Mounting.
PROCEDURE TO CREATE MOUNTING:
1. In the existing Drive create a folder and Rename it.2. Open Computer Management3. Right Click in Unallocated Space 4. New Partition 5. Next6. Check Primary Partition7. Allocate the space8. Next9. Check (MOUNT IN THE FOLLOWING EMPTY NTFS FOLDER)10.Click on Browse11.Expand the Drive12.Select the folder which is created newly13.Give ok14.Next & finish
To confirm open My Computer and open the drive where you have created the folder you will find the directory changed as Drive.
- 106 -
REMOTE HARD DISK
You can use Remote Hard Disk to connect remotely to another system either to create partition or logical drive.
Procedure
1. Open Computer Management2. Right Click on Computer Management3. Connect to another Computer4. Check another computer5. And specify the system name and Give OK6. After Connecting to sys27. Expand storage and select Disk Management.
DYNAMIC DISK
DYNAMIC: Dynamic Disk is a disk which will not follow industrial standards while formatting or partitioning it. The Storage unit in Dynamic Disk is called Volume. And it supports only NTFS file system.
On to the Dynamic Disk you cannot install Operating System. You can convert from Basic to Dynamic without loss of Data, but you cannot convert from Dynamic to Basic if done there will be loss of data.
TYPES OF VOLUMES
1. Simple Volume2. Spanned Volume No Fault Tolerance3. Stripped Volume
4. Mirror Volume5. Raid -05 Volume Fault Tolerance is Available
SIMPLE VOLUME: You can create simple volume on to the Dynamic Disk. It cannot span or utilize the space onto one more Dynamic Disk.
Requirements : Minimum 1 DiskMaximum 1 Disk
- 107 -
Fault Tolerance : NO
Read Write Speed : Normal
Simple volumes can be mirrored and even extend the size or space.
Procedure to Create Simple Volume
1. Convert Basic to Dynamic2. Right Click on the Dynamic Disk Select New Volume3. Next4. Check Simple Volume > Next5. Allocate the space > Next6. Assign the Drive Letter > Next7. Check Perform a Quick Format8. Next & Finish
SPANNED VOLUME
If the Simple Volume is extended to another Dynamic Disk it is known as Span Volume.
Requirements : Minimum : 2 DisksMaximum : 32 Disks
Fault Tolerance : NO
Read Write Speed : Normal
STRIPPED VOLUME OR RAID-0
Strip Volume is a volume which will occupy equal amount of disk space. And the Data Methodology is known as Stripping. In Strip Volume the Read Write Speed is fast. Because the data which is written onto the Strip Volume will be simultaneously on another disk.
Requirements : Disk 2Disk 32
Fault Tolerance : NO
Read Write Speed : Fast
- 108 -
MIRROR VOLUME OR RAID-01
In Mirror Volume you can find fault tolerance because the data which is writtern onto the 1st Dynamic Disk, It will synchronies onto another Dynamic Disk.
Requirements : Minimum 2 DisksMaximum 2 Disks
Read Write speed : Normal
Fault Tolerance : Yes
RAID-05
RAID = Redundant Array of Independent Device
Data Mode in Raid-05
A A CD
B AB C
AD B D
To create Raid -5 volume the Minimum Requirement is 3 Dynamic Disks. Even in Raid-5 you can find Fault Tolerance with the help of Parity Bit. Parity Bit is nothing but which will maintain the information about other two Dynamic Disks.
Procedure to Create Raid 05 Volume
1. Convert all three Disks from Basic to Dynamic2. Right Click on Unallocated Space3. New Volume4. Check Raid 055. Add all the Disks in the list
- 109 -
6. Allocate the space7. Next8. Check Perform Quick Format9. Next & Finish
- 110 -
Day-27
Advanced Topics
RSOP
Resultant Set of Policy
(For More Console which are not shown normally in Admin Tools type this command: ADMINPAK.MSI)
To view the list of policies which is applied on any individual level, either Domain Level or OU Level, with the help of RSOP you can find the list of policies which is applied on any container, but you cannot edit or modify the policies.
Procedure:
1. Create a Organizational Unit and apply few policies2. Using Group Policy Object to perform RSOP3. Right Click on OU4. All Task5. Select “Resultant Set of Policy”6. Continue the Wizard with Next7. Give Finish
In RSOP window expand Administrative Templates and Select the list of Policies.
To add RSOP Console in Admin Tools. Add it from MMC
GPMC:
GROUP POLICY MANAGEMENT CONSOLE
It is a third party tool from Microsoft.
GPMC comparing to RSOP it has all additional features like creating New Policies, Modify the existing Policies, etc.
Procedure:
Before installing GPMC apply the policy on Site Level, Domain Level and on OU Level.
- 111 -
To Install GPMC
1. Select one of the Drive where GPMC.MSI file is present2. Double Click on GPMC.MSI3. After installing GPMC4. Open the console to view or to Modify Existing Policies5. Expand the Domains6. And Select the Domain from the List
To View Site Level Policies
7. Right Click on the Sites folder8. Show Sites and check “Default First Site Name”
To create a New Policy at Site Level
9. Right Click on Default First Site Name10.Select Link and Existing GPO11.And from the list Select “Create New Group Policy Object”12.And Label or Rename it13.Right Click on the Policy14.Select Edit15.And Edit the Policy.
- 112 -
SEIZING THE ROLES
With the help of Seizing you can copy the Roles forcefully onto Additional Domain Controller.
If you have only ADC which is the Backup Server then opt for seizing.
Procedure:
1. In Command Prompt2. NTDSUTIL3. Roles4. Connections5. Connect to Server Sys16. Quit7. Seize Domain Naming Master8. Seize Schema Master9. Seize RID Master10.Seize PDC11.Seize Infrastructure Master12.Quit13.Quit14.Net accounts
- 113 -
SCRIPTS
Scripts are used to give messages or intimation to the users within the Domain.
Procedure:
1. Create a Shared Folder2. Create a Text Document and Add WSCRIPT.ECHO “YAHOO”(Add any
message you want to intimate to the users)3. Save the file with the extensions .VBS or .VBE4. Before applying the policy execute the program5. To Apply the Policy6. Right Click on OU7. Properties8. Select Group Policy9. Create a New Policy10.Click on EDIT11.Expand “Windows Settings”12.Select “Scripts Logon / Logoff”13.Double click one of them from the list14.Click on Add15.Specify the UNC Path16.Using Browse or Assign the UNC Path Manually17.To Confirm the Scripts18.Login as a User19.And you will find a popup window with Yahoo
- 114 -
VSC
Volume Shadow Copy
Create volume shadow copy to maintain the backup of share folders or even to update day to day information in Volume Shadow Copy. It is one of the new features in 2003.
Procedure:
To Create Volume Shadow Copy
1. In One of the Drive2. Create a Shared Folder with some files in it 3. To Enable Volume Shadow Copy4. Right Click on the Drive5. Select Properties6. Select the Tab Shadow Copy7. From the List select Drive8. Click on Enable9. Give OK
To restore the files from the Shared Folder
1. Open My Network Places2. Windows Network3. Double Click the Domain as well as the server4. Right Click on the Shared Folder5. Properties6. Select the Tab “Previous Version”7. And use “Restore”
Restoring Volume Shadow Copy is not possible if shared folder is deleted or removed.
After adding the contents to the existing share folder to update even this information, from Shadow Copy Window select CREATE NOW.
- 115 -
DISK QUOTA
You can give disk quotas on drives formatted with NTFS file system to monitor and limit the amount of disk space available to individual users.
It is only for Individual System
Procedure:
To Apply Disk Quotas for Individual Users.
1. Right Click on one of the Drive2. Properties3. Select the Tab “Quota”4. Check Enable Quota Management5. Check Disable Disk Space6. Click on Quota Entries7. Click on Quota Menu8. Click on New Quota Entry9. Add the user10.Click on Check Names11.Give the Entry12.Check the Limit Disk Space and Warning Level13.After allocating the space to the user14.Login as a user and Confirm it from MY COMPUTER
- 116 -
MBSA
MICROSOFT BASELINE SECURITY ANALYSER
It is a third party tool provided by Microsoft.
It is used to scan the entire system or even another system in the network
To scan the information of any system which is in the Network, the minimum requirements is Computer Name or IP Address.
MBSA will scan all the Lope Poles of the Current System or another System
Procedure:
1. Open one of the Drive where MBSA.MSI is saved2. Double Click on MBSI.MSI3. After Installing 4. Open MBSA Console5. From Programs6. Select MBSA7. Select Scan a Computer either specify the system IP address and click on
Scan a Computer.
* * * * * * * * * * * * * * * * * * * * * * *
- 117 -
