M.C.S.E
Microsoft Citified System Engineer
Net Work (01-03-2008)
A net work is an inter connection of devices
Net working
Net working is the communication between the inter connection of devices
Type of Networking
LAN
MAN
WAN
LAN: - Local area net work
Operate with in a limited geographical location. Provides full time connectivity to local services
MAN: - metropolitan area network
Spans with in a city provides full time & part time connectivity
WAN: - wide area net work
Operate over large geographical location .provides full time & port time connectivity
Requirements for N/W
1. system guided
2. media
unguided
3. n/w deviser
a. nic
b. hub
c. switch
d. router
4. OS
5. IP Address
6. Topologies
Net work Divices
Nic :- net work interface card
1. Mac (media access card)
2. The n/w interface card is frequently called a nic it forms an interface between the networked device (computer)and the Ethernet (LAN)
Hub:-it is generally used to connect old devices on a network so that they can communicate with each other. It always do broadcasting.
Switch: - like hub. It is also used to connect all devices on a network so that they can communicate with each other, but first time it will do broadcast and from second time on wards it will do unicast
Router :-Router is device which allows communication between two or more different networks present in different geographical location
Operating System: - the O/S is interface between user and hardware.
1. client O.S ex. XP,98,2000XP,vista
2. server O.S ex.NT,2000S,2003S
The history of N/W O.S
Windows N.T 3.1 Released in 1993
Windows N.T 3.5 released in 1994
Windows N.T 4.0 released in 1996
Windows N.T 5.0 was released as windows 2000
Windows N.T 5.2 was released as windows 2003
Windows 2000 flavors
• windows 2000 professional
• windows 2000 server
Microsoft windows 2003 flavors
• Microsoft windows server 2003 standard edition
• Microsoft windows server 2003 enterprise edition
• Microsoft windows server 2003 data center edition
• Microsoft windows server 2003 web edition
If installation 2003 windows
Requirement Standard edition Enterprise edition Data center edition Web edition
Recommended CPU speed 550 MHz 733 MHz 733 MHz 500 MHz
Recommended minimum RAM 256 MB 256 MB 01 GB 256 MB
Maximum RAM 4 GB 32 GB for *86-based computers.64GB for intanium based computers 64 GB for *86-based computer.512GB for i.b.c 2 GB
Multiprocessor support UP to 04 Up to 08 Minimum 08-way
Maximum 64 Up to 02
Disk space for set up 1.5 GB 1.5GB for *86-based computer.2.0GB for i.b.c 1.5 GB for*86-based computer 2.0 for i.b.c 1.5 GB
Features of windows 2003
• Built on NT technology
• 32/64 bit operating system
• Availability
• Scalable
• Easy installation
• Larger hardware support supports plug and play.
• Inbuilt terminal services
• Active directory
• Secondary log on services
• Remote installation service
Improved security
• Kerberos version 5
• Internet protocol security
• Support for smart card
• Distributed file system
• Centralized deployment of application
• DNS dependency (domain naming service)
• Backup on any media
• Supports FAT16,FAT32,NTFS (EFS)
• Volume shadow copy
• Disk quotas
IP Addressing
o IPv04 32 bit addressing
o IPv06 128 bit addressing
IPv04 (32bit)
Bit (0-1)
Decimal (0-255)
Total IP Addressing schema is divided in to 05class
o Class A
o Class B Lan & Wan
o Class C
o Class D Multicasting
o Class E Research & Development
The IP Address schema the range of IP Address 0-255 class range
Class A Range 0.0.0.0 -127.255.255.255
Class B Range 128.0.0.0 -191.255.255.255
Class C Range 192.0.0.0 -223.255.255.255
Class D Range 244.0.0.0 -239.255.255.255
Class E Range 240.0.0.0 -255.255.255.255
Private IP Address
10.0.0.0 10.255.255.255
176.16.0.0 176.16.255.255
192.168.0.0 192.168.255.255
Types of IP Address
o Private IP it is a IP Address. We can provide on our Network
o Public IP Address it is the IP Address we can get this IP Address from the ISP. (Internet services provide)
o The IP Address divided in to network & host portion
network host
Common unique
Class A is written as N.H.H.H
Class B is written as N.N.H.H
Class C is written as N.N.N.H
Class D is written as N.N.N.N
Class E is written as H.H.H.H
o The network is common to all the system in a network
o The host passion is unique each and every system in a network
Logical Topologies
Topologies is two types
Physical topologies (bus, ring, star, mesh, tree)
Logical topologies (workgroup model peer-to peer model, domain modal or client/server modal)
Workgroup modal & Peer-to-Peer:-U1 log in our system is available. U1 log in U2 system it is not available work group modal it is a logical grouping of computers basic for two sere network resources each and every system meaning it won database
Client /Server network modal
Client server modal it is a logical grouping of computer basic two sere network resources and centralized management is available.
Tools of Active Directory (04-03-08)
• Active directory Domains & Trusts ( ADDT)
• Active directory Site & Services (ADSS)
• Active directory Users & Computers (ADUC)
• Domain controller security policy (DCSP)
• Domain security policy (DSP)
Member server & client
Once we installed A.D.S then that system we call as domain controller
The collocation of domain controller, client, members server we call as domain
Member server
In a network if any system having server O.S, than join system in to Domain then we call at as member server
Client
In a network if any system having client O.S, than join system in to Domain then that system we call at as client
If it is client we call at as install any service Ex. DNS, DHCP, IIS.
If it I member server we can install any services Ex.DNS, DHCP, IIS
How configure member server client
Requirement
• DC,DNS
• Workgroup system
• IP Address
After setting the IP Address on workgroup or client O.S or server O.S.
• Workgroup system
• Properties
• Click tab computer name
• Click change select domain
• Provide domain name (zoom.com)
• Click ok
• Provide user name, password
• Domain controller and is password
• Ok
• Ok
• Click yes to restart computer.
User Management
Types of user
1. local users
2. domain users
Local users:-local user or the users in which the user account is available in that system he can login he can’t log in any other system
We can able to create local system in workgroup system ,member servers
Domain users:-domain users we can create in domain controller domain users can able to log in any system in my domain
How to create local users
On member server
• my computer
• manage
• eapain local user and groups
• user
• new user
o provide user name
o provide password
o provide conform password
o remove check box (un check )
o user must change password next log on
o click create
o close
• log off administrator
• log in as user in other system we can’t as other system
Local user only member server
How to create domain user
On domain controller
• start program
• administrative tools
• active directory users & computers
• select users
• right click on users
• select new user
• provide name
• next
• provide password and conform password un check the box
• user must password and the next log on
• next
• ok
On member server log in as domain user we should log in as member server
On domain controller log in as domain user we can’t log in as domain user by difficult
Given the permission users to log in as domain controller
• log in administrator
• start program
• administrative tools
• domain controller security policy (DCSP)
• expain local policy
• select user rights assignment
• select allow log on locally
• select properties
• click add user or group
• click browse
• provide user name
• check name
• ok
• ok
• apply
• ok start run
• type GPUPDATE
• ok
On domain controller log off administrator and log in user new we can able to login as user in domain controller
Password policy
By difficult same password policy or available because of password policy we can’t able to create or any password
How to apply password policy or how change password policy
On domain controller
• start programs
• administrative tools
• domain security policy
• expain account policy ‘select password policy on right side panel
• right click on minimum password leant
• go to properties change in to ‘0’ characters
• apply
• ok
• right click on password must meet complexity requirement
• go to properties select
• disable
• apply
• ok
• start run type GPUPDATE
On domain controller go to active directory user and computer user account with out any password we can able to create a user with out password or any password.
PERMISSION (05-03-08)
• Permission defines the type of access granted to a user, group, or computer to access resource objects.
• Permission can be applied to resource objects such as file, folders and prints like privilege to read a file, delete a file, or to create a new file in folder.
• Permission can be assigned to user and group in active directory or on a local computer.
• What are shared folders you can share only folders not files.
• Default permission on shared folder in every one read when you copy or move a shared folder the folder is no longer shared.
• To hide a shared folder, include a $ after the name of the shared folder
• Users access hidden shares by typing the UNC path.
(Universal Naming Conversation)
Type of Permission
1. Share Level Permission.
2. Security Level Permission.
Share Level Permission
• Can be implemented on NTFS and FAT partitions.
• Applies to share folders only and can be access from network.
• Share permission can be set only on drives and folder
• Different share permissions are read, change, and full control.
How to apply to share level permission.
1. go to start click program
2. select administrator tools and computers
3. create some users
4. create a folder in any one of the drives ( FAT or NTFS )
5. create some files in a folder
6. right click on folder select sharing and security
7. select share this folder
8. click permission
9. apply
10. ok
Verification
On member server log on as user
1. my net work please
2. click on entire network
3. click on Microsoft window network
4. click on domain
5. click on system
6. open share folder
7. open any file
(Try to modified data, save the file and also we can’t rename this file, delete this file) we can read only this folder.
How to give fully control to specific user.
1. click on share folder
2. select sharing and security
3. click permission
4. click add
5. entire the user name
6. click check name the box
7. ok
8. check the box fully control for box user
9. apply
10. ok
Verification
On member server log on as user and verified the permission on share
Security Level Permission
• can be implemented only on NTFS partition
• applies to local NTFS drives only
• NTFS permission can be set on drives, file and folders
• Different permission are full control, modify, read & execute, write, read, list folder contents
• File permission override folder permissions
• Creates of file and folder are there owners
How to apply security level permission
1. create a folder in any one of the NTFS drive
2. create some file in the folder
3. right click on select sharing and security
4. click tab select security
5. go to advanced
6. un check box
7. allow inherit form the permission
8. click remove
9. apply
10. ok
11. select administrator
12. and give file control
13. click add
14. enter the user name
15. click check name box
16. apply
17. ok
Verification
On domain controller log in as user to open folder from my computer and access just we can read the file.
Security O/P
1. read Read file only
2. read /write Read / Write
3. write Denied access
4. modify Read ,write, save the file delete and rename(but user is not a owner)
5. full controller Read, write, save, delete, rename,
(user is a owner)
Share security net working local
Full controller read read read
Read full controller read Full controller
Full controller modify modify modify
Read write access denied access denied
Profiles (06-03-08)
• Profile is a user state environment
• Profile contains personal setting of the user
Like: - 01.Document & Setting
02. Desktop setting
03. Start menu icons
04. Shortcurts
05. Application data
06. Internet setting
07. Fovarites etc…
• Type of profile
1. Local profile
2. Roaming profile
3. Mandatory profile
• Local profile :- a local profile user profile is create the first time you log on to a computer and is stored on a computer’s local hard disk any changes made to your local user profile are specific to the computer on which mode the change.
1. create a user in Active directory users and computers
2. Log in as users a one of the system and create some files on the desktop.
Verification
1. go to my computer properties
2. Click on advance under user profile
3. Click on setting and abusers’ type, status of user.
Local profile part is system drive document and setting we can find the data.
• Roaming profile:- a roaming profile is create by your system administrator and is stored on a server this profile is available every time you log on to any computer on the network change made to your roaming user profile are updated on the system
For single user
\\ System name \shared folder\user name.
Ex:-\\sys13\profile\a
For multiple user
\\System name\shared folder\%user name%
Ex:-\\sys13\profile\%user Name%
Roaming profile
1. go to my computer create share folder
2. every on to fully control
3. go to A.D.U.C create a user
4. go to profile
5. click profile path
6. enter the single user code
Ex:-\\sys13\profile\a
7. Apply
8. Ok
Verification
1. go to as user
2. go to my computer properties
3. click advance under user profile
4. click setting
See the type & status of user it should be roaming.
Verification
1. after log in as user
2. create some files and folders on the desktop
Once log off and log in as anther system we can get those files
This is over roaming profile
• Mandatory profile:- a mandatory user profile is a roaming profile that can be used to specific particular setting for individuals or an entire group of user only system administrator can make change to mandatory user profiles.
1. create a roaming profile
2. open roaming profile share folder
3. right click on user folder and properties
4. click security advanced
5. click owner
6. select administrators
7. check the box
8. replace owner
9. ok
10. apply
11. ok
12. open user folder convert
13. Select NTUSER.DAT (change NTUSER.MAN come back user folder)
14. right click on folder
15. properties security
16. add user
17. give full control to the users
18. apply
19. click on the box Repleased permission
20. apply
21. ok
Verification
Log on as user in any system check the profile (type & Status) of the user shored be mandatory
Log in as user and create some files on the desktop once log off those files are going to deleted if you log in gain pavers file we can’t desktop.
Home Folder
Home folder is a centralized location of the user personal files (data)
Home directories and my documents make it easier for an administrator to back up user files and manage user accounts by collecting many or all of a user’s files in one location
As a user I can’t store files in any one of the system drives with the help of roaming or mandatory profiles because of that region we going for home folder or net work drive
How to create home folders
• Create a share folder with full control
• Go to A.D.U.C create a users
• Right click on users
• Go to properties
• Click profile
• Select connect
• Select drive letter
• Home letter (Ex: \\system name \home\user name)
• Apply
• ok
Verification
-Log in as user
-open my computer we can find the net work drive
Additional Domain Controller (07-03-08)
How to configure A.D.C
D.C A.D.C
Ip:-10.0.0.1 10.0.0.2
Pdns: 10.0.0.1 10.0.0.1
• Go to workgroup system
• Assign the IP address and P DNS
• Start run “dc promo”
• Next
• Next
• Select Additional domain control
• Proved user name, password and domain name
• Next
• Browse select domain name
• Click next
• Next
• Next
• Next
• Finish
• Restart computer
• Go to start
• Run
• Type cmd
• Type net accounts
It well display “back up” in 2003 D.C changes A.D.C both or Drivers copy
Active directory in types
1. Tree
2. forest
• Tree :- tree is a set of one or more domain with contiguous names
• In more then one domain exists you can combine the multiple domains in to hierarchical tree structures
• The first domain created is the root domain of the first tree
• Their domains in the some domain tree are child domain
• A domain immediately above anther domain in the same domain tree is its parent.
(Parent domain) Zoom.com
(Child domain) Mcse.zoom.com
(Grand child domain) Mcp.mcse.zoom.com
• The first domain in the tree we call it as route of the tree.
How configure child domain
• Go to start run
• Type ‘dc promo’
• After ‘dc promo’
• Next
• Next
• Select domain control for a new domain
• Next
• Select child domain tree
• Next
• Proved user name, password and parent domain name
• Next
• Enter the parent domain name
• Provide child domain name
• Next
• Next finish
• Restart the computer
Verification
After restart the computer (or) child domain
• Go to run
• Type cmd
• Type net accounts
It will display “primary”.
-go to A.D.D.T
- There we can find child domain name under parent domain name.
Forest
• Multiple domain tree with in a single forest do not from a contiguous name space
• Although tree in a forest do not share a name space, a forest will have a single root domain called the forest root domain
• The forest root domain created in the forest
• These forest wide predefined groups reside in forest root domain enterprise adimins schema adimins
• The schema adimin and enterprise is available in root of the forest in the root of the forest where we have to find this two
zoom.com soft.com
Tree Tree
Mcse.zoom.com mcse.soft.com
Forest
How to configure a new domain in an existing forest
• Select run ‘de promo’
• Ok
• Next again next
• Select domain tree in an existing forest
• Next
• Proved user, password domain name (zoom.com)
• Next
• Next
• Proved new domain name (soft.com)
• Next
• Next
• Next
• Next
• Finish
Restart the computer.
Verification
• After restarting the computer
• Go to run
• Type net space
• It will refresh primary
In order to differentiate from the root of the computer go to A.D/D.C user and computer and domain name go to aective directory domains and trust there you can find parent domain are root of the forest, child domain and NDES (new domain existing forest)
(08-03-08)
Terminology 2003 NT
Server DC & ADC PDC & BDC
Directory A.D NTDS
Authentication Kerberos -5 NYCM
Database name NTDS.Dit Sam(security accounts manage)
Database size 12MB 40 MB
No Object 16millian 4000 only
Name resolution DNS WINS(window internet name server)
Domain DNS NetBIOS (flat names)
Roles of Active Directory
The A.D having six roles
Operation master
1. Domain naming master
2. Schema master
3. RID master
4. PDC master
5. Infrastrution master
6. Global catalog
First five Flexible single master operations
Six one is multi master
Fist two Forest wide roles
3, 4, and 5 we call at as Domain wide roles
Domain naming master
Checks and maintain the uniqueness of the domain names in the wide forest it is responsible for adding removing and renaming the domain name in the whole forest
The DNM is forest wide roles the domain naming master is available in route of the forest
Location of domain naming master
• In domain controller
• Go to A.D.D.T
• Right click on A.D.D.T
• Select operation master
and we can see the DNM locations
• Close
Schema master
Schema master is a set of rules which is used to define the structure of A.D. Schema contains definitions of all the objects which are stored in A.D
The schema is dived in two types
1. classes
2. attributes
Classes
Classes is a template which is used to create an object
Attributes
Attributes are properties of an object
The schema is available in route of the forest
Location of schema master in domain controller
• start run
• type REGSVR32 SCHMMGMT.Dll
• then we can get the message OK and then
• go to run
• MMC (Microsoft management control)
• Ok
• Click file
• Select add or remove
• Select add
• Select A.D schema
• Click add
• Click close
• Again ok
• Ok
• Expain A.D schema
• And class and attributes
• Right click on A.D.S
• Select Operations master and see the location of schema master
• Close
• Again window close is no
RID Master
Allocates pool of relative IDs (RIDS) to all domain controller. It assigns IDs to the objects which are created in the domain
How to find the RID Master
• Go to start run
• Type CMD
• Type whoami /user
• Ok
How to find the RID specific master
• Go to CMD
• Type deget users cn=username, cn=users, dc=zoom, dc=com-sid
• Enter
PDC Emulator
• Acts as a PDC windows NT4.0 BDC in the Domain
• Process all passwords updating for clients not running active directory client software
• Receive immediate updates from other domain controllers when a users password is changed
• It synchronized time between this domain controller
Infrastructure master
Infrastructure master maintains and updated the universal group membership information
It used for inter-domain operations
Location of RID Master, PDC Emulator, Infrastructure Master
• In Domain controller
• Go to A.D.U.C
• Right click on domain
• Select operations masters
Find the RID, PDC, Infrastructure Location
• Close
Global catalog
• The global catalog contains complete information of Host domain & partial information of other domains in a forest
• By searching against the GC, individual domains do not have to be queried in most cases GC can resolve
• Servers that hold a copy the global catalog are called global catalog servers
Location of global catalog
• In domain controller
• Go to A.D.site and services
• Expain sites
• Expain default first-site –name
• Expain servers
• Expain system
• Right click on NTDS settings
• Go to properties
and see global catalog
• Ok
How to Transfer roles from DC to ADC
• In domain controller
• Go to CMD
• Type net accounts
• Ntdsutil
• Roles
• Connections
• Connect to server system name
• Quit
• Transfer domain naming master
• Click yes
• Transfer schema master
• Click yes
• Transfer RID master
• Click yes
• Transfer PDC
• Click yes
• Transfer infrastructure master
• Click yes
• Quit
• Quit
• Net accounts
Then we can get back up
Verification
After transferring the roles
• Go to CMD in DC, ADC
• Type net accounts
We can abuser the deference between DC, ADC
In DC --------------backup
In ADC-------------primary
Trust (10-03-08)
Trust Relation ship
-server communication pults that allow objects in one domain to be anthen ticated and accepted in other domain
-some trust are automatically created parent child trusts
Type of trust
Default
Two –way – Transitive Kerberos trust (intra forest)
Shortcut
One or two-way transitive Kerberos trust (intra forest) reduce authentication request
External
One way non –transitive NTLM trusts used to connect to from window NT or external 2000 domain manually created
Forest
One or two- way transitive Kerberos trust only between 2003 forest root creates transitive domain relation ship
Realm
One or two –way not transitive Kerberos trust connect to or from unique Kerberos realm
Trust directions
One –way incoming trust
One -way outgoing trust
Two –way trust
Trust – categories
Transitive trusts
Non transitive trusts
Functional level
Functional level determine
-supported domain controller operating system
- Active directory features will be available
Domain functional level can be raised independently of other domain
Raising forest functional level is performed by enterprise admin
Requires all domain functional level to be at window 2000 or window server 2003 functional level
Two types of functional levels
domain functional level
Forest functional level
Domain functional level
Windows 2000 mixed mode (NT windows2000or window 2003 DC’S)
Window 2000 net hive mode No
Windows server 2003 internal mode (windows 200DC’S)
Windows server 2003 server level (all window 2003 DC’S)
Forest functional level
Forest functional level Domain functional level
Window 2000 ( default) Windows NT4.0,window2000, window 2003
Window server 2003 in team Window NT4.0 ,windows server 2003
Windows server2003 server Window server 2003
How to raise functional levels
First we should raise the domain functional level and then raise the forest functional level
How to raise domain functional levels
• Go to active directory domains and trusts
• Right click on domain name
• Select “raise domain functional level”
• Select windows server 2003 domain functional level
• Click on raise
• Click ok
• Ok
How to raise forest functional levels
• Go to active directory domains and truest
• Right click on ‘Active directory domains and trust’
• Select ‘raise forest functional level’
• Select ‘window server 2003’
• Forest functional level
• Click raise
• Click ok
• Click ok
Raise this domain functional level and forest functional level on both the root of the forest
How to create a trust relation ship (forest trust)
IP settings D.C M.S
IP:-10.0.0.1 10.0.0.2
PDNS: 10.0.0.1 10.0.0.2
ADNS 10.0.0.1
• Configure two domain forest with different names
Ex.zoom.com, ibm.com
• Raise domain functional levels and forest functional level and both the domains
• Go to active directory domains and trust in any one of the domain(zoom.com or ibm.com)
• Right click on domain name
• Go to properties
• Click the tab trust
• Click new trust
• Next
• Provide other root forest domain name
• Click next
• Select forest trust
• Click on next
• Select two-way
• Select both this domain
• Provide “administrator and password” of other domain
• Click next
• Select forest wide authentication
• Click next
• Select forest wide authentication
• Click next
• Again next
• Next
• Select yes, conform the incoming trust
• Click next
• Finish
Verification
• Log off admin
• At the time of log in just observed the log on to
• We can get two domain names
• Create one user in any one of the domain and give permission for user in another controller after giving the permission trying in as user in other domain
Group policy (11-03-08)
• Group policy is a collection of settings which can be applied on computers and users
• With group policy administrator can centrally manage the computers and users
• Ease administrator using group policy
• Group policy can be applied on three levels
1. O U ( organizational unit )
2. domain
3. site
• O U
-it is a logical container which contain active directory object (users, groups, ou & other objects)
-it is also called as sub tree
-It is used for manumitting administrator tasks
-it is used for organizing and managing the active directory objects
-it is used for delegating the control to one or more users
How to create Organizational Unit
In domain controller
• Go to active directory users and computers
• Right click on domain name
• New Organizational unit
• Provide any name for OU
• Click ok
How to apply the Group policy at OU level
• Create on OU
• Create same Users in OU
• Right click on the OU
• Go to properties
• Select group policy
• Click on new
• Provide name (ex: hide i.e.)
• Click edit
• Under user configuration
• Expain administrative templates
• Select desktop
• Go to propertied
• Select .enabled
• Apply
• Ok
Verification
On member server or domain controller or client login as user and observe the desktop icons we can’t find the internet explorer icon on the desktop. Like this we can restrict any icon
How to restrict those applications
• Right click on OU
• Go to properties
• Click the tab GP
• Click new
• Provide name (don’t run i.e.)
• Click edit
• Under user configuration
• Expain administrative templates
• Select system
• Go to right side panel
• Right click on don’t run specified window application
• Go to properties
• Select .enabled
• Click show
• Click add
• Type “iexplore.exe”
• Click ok
• Click ok
• Apply
• Ok
Verification
On member server log as user and try to access inter explorer we can’t access the inter explorer
No override
Condition: when ever these is a conflict at the same level, the polices will be applied from bottom to top and the top policy has the higliest priority
Case 1.
OU hide i.e.
U1 remove my bump
U2 show i.e.
If show has to be applied move show up or right clock show and select
No Override
Case 02.
OU remove recycle bin
U1 remove run form start Manu
U2 don’t run i.e.
Domain level group policy
Once we applied the group policy at domain then that can be applied to all the domain objects (Ou’s, Users, and Computers) even administrator
How to apply group policy at domain level
• Go to A.D.U.C
• Right click on domain name
• Go to properties
• Click group policy
• Click new
• Provide name
• Click edit
• Under user configuration
• Expain administrative templates
• Select desktop
• Go to right side panel
• Right click on remove recycle bin icon on the desktop
• Go to properties
• Select enabled
• Apply
• Ok
Verification
On member server or DC or Client login as user or administrator we can’t get recycle bin icon on the desktop
Case 03. Remove my computer
Remove my documents
Remove run
Case 04. Remove my computer
Remove run
Show my computer
Hide i.e.
Condition
If these is conflict at different levels the policy will be applied from top to bottom and their respective level policies will be applied
Block policy inheritance
Remove run
Block policy inheritance
Through block policy inheritance we can restrict the group policy at specific level (for specific OU)
Steps for block policy
• Go to group policy of the OU
• Click the box click policy inheritance and
• Click ok
Verification
Log in as Specified OU user and then the specified policy not applied to specific OU users
What is Delegation of control
• The process of delegation management of OU
• Assigning management of an organizational unit to another or group
• Delegated administration
• Ease administration by distributing routine administrative tasks
• Provides users or group more control over local network resources
• Eliminates the need for multiple administrative accounts
How to give delegation of control to specific OU user
• Go to A.D.U.C
• Right click on OU
• Select Delegate control
• Click next
• Click add
• Enter user name
• Click check names
• Click ok
• Click next
• Check the box ‘create, delete and manage user accounts’
• Click next
• Click finish
Verification
• Log in as user
• Try to create user accounts
• Go to run
• Type dsa.msc
• Click ok
• We can get the A.D.U.C
Group Policy (12-03-08)
Software deployment
The application can be deployed for the users from the server with the help of group polices
Note: - we have to go for software deployment because the users can not install any applications to install any application administrator accounts is required.
.exe files are not supported for deployment so .exe files have to be converted to .msi using third party software called “wininstallle” that is windows installer
Three steps have to be perform to convert from .exe to .msi
1. Before snapshot
2. Run the application
3. After snapshot
After converting from .exe to .msi the application can be deployed on the users by publishing are assigning
Publishing:- if the application has been publishing the application to be manvally installed by the user from settings control panel add remove programs
Assign:- if the application has been assign whenever the user log in the application is automatically installed
How to installed wininstallle
• Go to my computer
• Select drive
• Open application folder
• Double click on wininstallle.exe
• Next
• Next
• Next
• I accept the agreement
• Next
• Next
• Next
• Finish
How to perform before
• Create a share folder with full control in any one of the NTFS file
• Start programs
• Wininstallle
• Right click on window installer package
• Select run discover
• Click ok
• Next
• Type in specific the name of the application “win zip”
• Provide path .msi
\\sys01\share folder name \winzip.msi
• Next
• Next
• Click add all
• Next
• Next
• Next
• Finish
• Ok
Run the application
• Select my computer
• Go to application drive
• Open application folder
• Run the application
(Click specific application)
After snapshot
• Go to wininstallle
• Right click on windows install packages
• Select run discover
• Click ok
• Select perform after snapshot
• Next
• Ok
Apply the group policies for software deployment
• Go to A.D.U.C
• Create user in O.U
• And keep some user with in the O.U
• Right click on O.U
• Go to properties
• Select group policies
• Click new
• Provide name for policies
• Click edit
• User configuration
• Expain software setting
• Right click on software installation
• Select new packages
• Select my net work places
• Entire network
• Select Microsoft window network
• Click on domain name
• Select system
• Click on share folder
• Select winzip.msi
• Open
• Select published
• Ok
Verification
• On member server log in user
• Go to controller panel
• Add or remove program
• Click add new
• Click add to install application
• Ok
Scripts
Scripts can be user for intimation he user to preferment’s particular task, we should save the scripts file ( .vbs or .vbe )
• Create a share folder with full control in one of the NTFS drive
Creation of scripts file
• Go to note pad
• Type wscript.echo “wish you a happy new year”
• Go to file click save
• Open share folder
• Provide file name
• Scripts .vbe
• Click save
Apply scripts throw group policies
• Go to A.D.U.C
• Right click ok O.U
• Go to properties
• Click G.P
• Click new
• Provide name for polocies
• Edit
• User configuration
• Expain window settings
• Select scripts
• Right click on log on properties
• Click add
• Provide path
Ex \\system \share folder name\scripts file name.
• Ok
• Apply
• Ok
Verification
On member server log on as user we can get the massage.
Folder Redirection
• Redirection to folder on the local computer or on a network share
• Folder on a server appear as it they are located on the local drive
• Fastens the user log on process in case if the profile is large
How to folder that can be redirection
• My documents
• Application data
• Desktop
• Start menu
• Create a share folder with full control in any of the NTFS drive
• Go to A.D.U.C
• Right click on O.U
• Go to properties
• Select G.P
• New
• Provide name for policies
• Edit
• Under user configuration
• Expain window setting
• Expain folder redirection
• Right click on desktop
• Go to properties
• Select basic redirect every one
• Provide root path
\\system\share folder name
• Apply
• Ok
Verification
Log on as user
• Go to my documents
• Create some files or folders
• Go to administrator
• Cheek the redirection files
In the server the data is going to store in redirection share folder
Back up and Recovery (13-03-08)
Copy data to alternate media
Prevent data loss
Which files need back up
Only administrator can backup the data
Backup
User –state backup
System –state backup
User state backup
Back up’s all user data
Files
Folders
System state backup
System specific data that must be backed
Registry
Boot files, including system files
Active directory
Sysvol directory
Archive bit
It is a property of files which indicates whether the file is backed up or not
Type of backup’s
Normal backup
Backup all selected files and folders after backup it remove archive bit
Incremental backup
Backup all selected files and folders which are created or modified after last backup, after backup it removes archive bit
Differential backup
Backup all select files and folders which are created or modified after last backup after backup it does not remove archive bit
Copy backup
Backup all select files and folders after back up in will not remove archive
bit
Daily backup
Backup all select files and folders which are created or modified daily basic after backup it does not remove archive bit
How to create normal backup
Create one folder in one of the driver and create some files with in the folder
Start run
Type NTBACKUP
Click ok
Click advance
Click backup wizard
Next
Select backup
Select drives or network data
Next
Expain my computer
Check the box
Click next
Browse select a please to save your backup
click browse desktop
provide file name click save
Next
Advance
Select the type of back up
Next
Check the box
Select disable volume shadow copy
Next
Next
Next
Finish
How to restore normal backup
Remove source file and source file some location
Click on backup file
Click advance
Next
Expain file
Expain specific backup file
Expain drive
Check the folder and select
Next
Finish
How to tack system store backup
Create one OU
Create some users with in the OU
Start run
Type NTBACKUP
Click advance
Click backup wizard
Next
Select only backup the system state data
Next
Browse and select a please to save your backup
Click browse select desktop
Provide file name
Click save
Close the bracket
Next
Go to advance
Normal
Next
Next
Next
Next
Finish
How to restore system state backup
Whenever A.D.Services one running we can’t perform restoration of system state backup
Delete one user in A.D.U.C in OU or USER
Restart computer
While booting system (continually press F8 for safe mode)
Select directory service restore mode
Enter
Enter
Log in as Administrator
Click on system state backup file
Click advance
Select system state backup file
Expain check the box system state
Select system state
Next
Finish
Ok
Close
No ( don’t restart computer)
Go to cmd
o NTDSUTIL
o Authoritative Restore
o Restore sub tree CN=user name, OU=mcse, DC=zoom, Dc=com
o Restore data base
Restart P.C in Normal mode
Go to A.D.U.C
Verification the User
DHCP (14-03-08)
IP give IP address automatically to the clients who is requesting for an IP address
Centralized IP address management
DHCP prevent IP address configure and helps conserve the use of client address on the network
DHCP reduces the complexity and amount of administrative work by assigning TCP/IP configuration client IP configuration is updated automatically
IP address
Static IP Address
Address that are manually assigned and do not change over time
Dynamic IP Address
Address that are automatically assigned for a specific provide of time and might change
Authorization
It is a security precaution that ensure that only authorized DHCP server can run in the network to avoid computer running Illegal DHCP servers in the network
When ever authorized the DHCP server the server information is going to store in our A.D. Database
How to create DHCP
D.C, DNS, member server
Operating system C.D
Start
Setting go to control panel
Add or remove windows components
Select network services
Click detailes
Check the box Dynamic host configuration protocol
Ok
Next
Finish
Verification
Start program
A.D. tools
DHCP
How to Authorized DHCP server
Right click on sys name
Select authorized
Again select sys name
Click refresh
Scope
A scope is a range of IP address that are available to released to clients
How create Scope
Go to DHCP
Right click on sys name
Select new scope
Click next
Provide scope name
Next
Provide IP address range(10.0.0.1, 10.0.0.254)
Next
Provide exclusions with in the bracket
Ex :-10.0.0.1 or 10.0.0.10
Click add
Next
Next
Next
Next
Provide domain name
Provide server name
Click add
Next
Next
Next
Finish
Client configuration
Go to my network please properties
Go to properties of local area connection
Select TCP/IP
Click properties
Select
Obtain an IP address automatically again
Select obtain DNS server address automatically
Ok
Close
Go to CMD
Type IPCONFIG /RELEASE
Or
Type IPCONFIG /RENEW
What is a DHCP RESERVATION?
A reservation is a specific IP address with in a scope that is permanently reserved to a specific DHCP client
How to get MAC
Address of the other system
Go to CMD
Type getmac /sysname
Get Mac address our sys detailes
Go to CMD
IPCONFIG /ALL
Get Mac only use system
Go to CMD
Type ARP-A
How to create reservation
Go to DHCP
Expain scope
Right click on reservation
Click new reservation
Provide reservation name(any name)
Provide IP address ex:- 10.0.0.50
Provide MAC address of DHCP client
Select DHCP
Click add
Close
Verification
Go to client or member server
Go to CMD
Type IPCONFIG /RELEASE
Or
Type IPCONFIG /RENEW
Super scope
In over network more then systems or available at the time we should go for super scope
How to create new super scope
Create a new two scopes
Right click on sys name in DHCP
Select new super scope
Next
Next
Provide name for super scope
Next
Select the scopes
Next
Finish
Verification
Go to client
CMD
Type IPCONFIG /RELEASE
Or
Type CONFIG /RENEW
Terminal Server (15-03-08)
Terminal service is a service which allows the users to established connections with the help of remote desktop connections to get connected to the server for accessing the application.
In 2003 the terminal service is available inbull
In 2000 and NT this terminal service not available we need to per change the license separately
Modes of terminal services
Remote administrator mode
-only though connections are supported
-license is not required
Application server mode
-specially designed to use multiply applications from terminal server
-unlimited connections supported
-license should be purchased
Terminal services licensing
Domain license
-it the user is accessing terminal which is with in the some domain
Enterprise license
-it the user is accessing terminal which is different domain
Terminal manager
-user session can be monitored
-user can be forced to log off or disconnect sessions
-lets you see all users and session on a server from one location
Remote session
Disconnect session
-if the session is disconnected all the program will continue to run in the background & the user can reconnect to same session
Log off session
-if the session is logged off than all program will be closed and next time new session will be established
How to establish a remote desktop connect
D.C / T.S M.S / Client
Ip:-10.0.0.1 Ip:-10.0.0.2
Pdns:-10.0.0.1 Pdns:-10.0.0.1
We should perform this one both the system (server & member server)
• Go to my computer properties
• Click tab on the remote
• Check the box
• Select (allow users to connect remote to this computer)
• Ok
• Apply
• Ok
Under domain control on member server
1. submit ip address in sys 1. submit Ip address in sys
2. create one user in A.D.U.C 3. log in as user through Terminal server(start →run→type MSTSC→ok→provide T.S ip→click connect
*the user connect log in because local polices off the system
4. go to start →program →administrator →D.C.Security polices →local polices →user right assignment →allow log on through T.S →go to properties →define these policy setting →click add user or group →add the user →apply →ok, go to start →run →type GPUPDATE → ok 5.log in as user through T.S the user can’t log in because
log on message “ you do not have access to log on to this session”
6. go to →T.S configuration →right click on RDP-TCP → go to properties → click the tab →permission → select the add the user 7. log in as user through T.S the user can able to log in
8. log in as administrator →go to→ T.S configuration → right click on RDP-TCP →go to properties →click the tab →permission →select the add the user →remote control → select (use remote control with the following settings) →select view session →apply →ok 10. accept the request clicking yes
Try to some thing on desktop D.M.C
9.go to → T.S manager → right click on user →select remote control → select hot key as nay (Letter) check the box → select “ctrl” →ok →ok 11. The administrator does not anything on desktop he can observe on the system.
*come out from the user session as a administrator just press ‘hot key’ { you submitting the hot key }
How to go to Terminal Server graphical made
• start programs
• select accessories
• select communication
• remote desktop
How to configure application server mode in Terminal Server
• start
• select setting
• select control panel
• add or remove
• add or remove window components
• select Terminal Server
• click next
• next
• next
• select relaxed security
• next
• finish
Restart the computer
• yes
• yes
Giving the permission to the user to access application
For single application
• go to A.D.U.C
• right click on user
• go to properties
• click the tab
• select environment
• check the box
• select start the following program at log on
• provide file name
Ex:-note pad.exe
• apply
• ok
Verification
• log in user trough T.S
• the user can able to access only note pad (you provide the file only )
For malt full application
• open note pad
• type note pad.exe
• clalc.exe
• mspaint.exe
• Save the file with name file. bat (any file name)
• save the file in any one of the drive
• save
• go to T.S.C
• right click on RDP-TCP
• go to properties
• click the tab
• select environment
• check the box
• Provide drive letter: \file name. bat
• apply
• ok
Verification
• log in as user trough Terminal Server
The user can able to access only specific application.
Domain Naming Sever (17-03-08)
Domain name service/ domain name system
Provide resolution of names to ip address and resolution of ip address names
Computer running DNS server can be
Microsoft ®, window ®, server 2003, window 2000, Microsoft windows®, NT04, UNIX, linux, NetWare etc………
How to names are mapped
10.0.0.2 Name resolution service
Sys 01?
-- Sys 01
- - - - - - - - - - - - - - - - - - - - -> .
Domain name server namespace
.
Query Types
Recursive queries
A query made from a client to a DNS server in which the server assumes full workload DNS server returns either a complete answer or negative answer
Iterative queries
Receiving server may return an answer a negative response or referral to other DNS servers give me an answer or refer me to somebody else, who can help obtain resolution
Issued by DNS server
Authoritative & Non-Authoritative DNS Server
Authoritative DNS Server
An authoritative DNS server will either
• Return the requested Ip address
• Return an authoritative ‘No’
Non-Authoritative DNS Server
A non authoritative DN Server will either
• Check its cache
• Use forwarders
• Use root hints
*Fully qualified Domain name (FQDN)
• Identifies a host’s name with in the DNS name space hierarchy
• Host name plus DNS domain name=FQDN
o Ex: FQDN=host name + DNS domain name
= sys 15.zoom.com
*zone
Zone is a storage database which contains all zone records
• Forward look up zone
-used for resolving host name to IP address
- if maintains host to IP address mapping information
• Reverse look up zone
-used for resolving
-IP address to host mapping information
Type of Records
1. Resoures records
2. Service records
• Resources Records
-SOA Records (start of authority)
The first record in any zone file
-NS Records (Name Server)
Indentifies the DNS Server for each zone
-Host Records
Resolvers a host to an IP Address
-Alias Records
Resolvers an Alias name to host name
-Pointer Records
Resolvers an IP Address to a host name
-MX Records
Use by the mail server
-SRV Records
Resolver of servers providing services
• Service Records
-SRV Records allow DNS clients to locate TCP/IP based
SRV Records are used when
-a domain controller needs to replicate
-a client searches active directory
-a user attempts to change her password
-an administrator modifies active directory
• Zone Types
• Standard Primary
-It is the master copy of all the one information it is read / writes copy.
• Standard Secondary
-it is back up to primary zone it is read only
• Stub zone
-it contains only NS, SOA & Possibly Glve (A) records which are used to locate name services
• Active Directory Integrated
-It store the Information of zone in A.D.Database
How to install of DNS
IP Setting D.C M.S
IP:-10.0.0.1 10.0.0.2
PDNS: 10.0.0.1 10.0.0.1
• On member server
• Go to control penal
• Add or remove program
• Select add or remove window components
• Select net working service
• Click details
• Check the box DNS
• Ok
• Next
• Finish
Creations of Stranded Primary zone
• Go to DNS
• Expain SYS name
• Expain forward zone
• Right click on forward zone
• Select new zone
• Select primary zone
• Un check the box
(Store the zone in A.D)
• Next
• Provide zone name (yahoo.com)
• Next
• Next
• Select (allow both non secure and secure dynamic up date)
• Next
• Finish
Creations of host records
• Right click on zone
• Select new host
• Provide sys name
• Provide IP address
• Add host
• Done
Creations of alias
• Right click on zone
• Select new alias
• Provide alias name (WWW)
• Click Browse
• Click sys name
• Click forwards look up
• Click zone
• Again select sys
• Ok
Verification
• Go to start
• Select run
• Type cmd
• Type “ping www.yahoo.com”
How to create secondary zone
IP Setting
D.C M.S
IP:-10.0.0.1 10.0.0.2
PDNS: 10.0.0.1 10.0.0.1
• In D.C Create a primary zone with host & Alias records
• On M.S
• Go to DNS
• Create secondary zone
• Right click on forward zone
• Select new zone
• Next
• Select secondary zone
• Click next
• Provide name (same as primary zone)
• Next
• Provide master DNS Server IP (10.0.0.1)
• Click add
• Next
• Finish
• On D.C
• Go to Primary zone Properties
• Select zone transfers
• Check the box (allow zone Transfers)
• Select on to following services
• Provide IP (10.0.0.2)
• Click add
• Apply
• Ok
• Go to secondary zone
• Right click
• Select Transfer from Master
The Service Record (18-03-08)
1. MSDCS
2. SITES
3. TCP
4. UDP
5. Domain DNS zones
6. Forest DNS zones
How to get 06 service records
The zone should be A.D integrated zone and zone name should be Domain name. Than we can get the 06service records
• in D.C
• go to DNS
• create a primary zone with Domain name and A.D.I.Z
• select the zone and refresh than we can the 06 service records
o suffuse we are not get in the 06 service records
• go to services in A.D.Tools
• select net log on services and restart
• go to DNS Refresh, than we can get the 06 services records
How to get 06 service records in member server
• IP setting
• In DC create a primary zone with A.D.I.Z with name Domain name
• On MS go to DNS create a secondary zone with name of primary zone name
• In DC go to primary zone properties
• Click zone transfer
• Check the box (allow zone transfer)
• Select only following server
• Provide IP setting (10.0.0.2)
• Click add
• Click notefiy
• Provide IP address (10.0.0.2)
• Click add
• Ok
• Apply
• Ok
• Go to MS
• Right click on secondary zone
• Select transfer form master
• Refresh
Note: - in MS if you are get in the 06 services records then restart net log on services
Stub zone
It contains only NS, SOA & possibly giue (A) records which are used to locate name services
How to create stub zone
• IP setting
• In DC create a primary zone with host and alias records
• Go to MS create a stub zone with primary zone name
Verification
• On MS remove alter DNS (ADS)
• Go to CMD
• Type ‘ping www.domain name’
• If we are not get in the reply
• Type ‘IPCONFIG /FLUSHDNS
This for DNS cache
Forwarders
A forwarders is a DNS server designated to resolve external DNS domain names
Two type of Forwarders
01. Forwarders
02. Conditional Forwarders
How to create forwarders
• IP setting
• In DNS create some zones with host and alias
Ex:- gmail.com,yahoo.com,google.com
• In DNS2 create forwarders
• Go to CMD
• Type ‘ping www.domain.names’
We can get the reply
How to create forwarders setting
How to create forwarders
• On MS
• Go to DNS
• Right click on sys name
• Click the tab forwarders
• Provide IP address (10.0.0.1)
• Click add
• Apply
• Ok
Conditional Forwarders
If want give the permission for any specific zone just create a conditional forwarders then we can access only that specific zone we can’t access other zones
How to create conditional forwarders
• On MS go to DNS
• Select sys name
• Go to properties
• Click the tab forwarders
• Click new
• Provide the DNS domain (www.google.com)
• Click ok
• Provide IP Address of other DNS server (10.0.0.1)
• Click add
• Apply
• Ok
How to create reverse lookup zone
• IP setting
• Create a primary forwarders lookup zone with host and alias (www.bbc.com)
• Create a reveres lookup zone
• Right click on reveres lookup zone
• New zone
• Next
• Select primary
• Next
• Next
• Provide Network IP (10.0.0.X)
• Next
• Select allow both non securer ,securer dynamic up date
• Next
• Finish
New pointer records
• Right click on 10.0.0.X
• Select new pointer
• Provide host IP number (X.X.X.1)
• Browse and host name
• Click ok
Verification: - go to CMD, type NSLOOKUP 10.0.0.1
I I S (internet information service) (19-03-08)
IIS is a service which is used to host the information over the internet
It provides integrated reliable, scalable and manageable web server capabilities over an internet internet and extranet.
Version of IIS
• IIS 2.0 in WIN NT 4.0 operating system
• IIS 4.0 in WIN NT 4.0 ( with SP3)
• IIS 5.0 in 2000 O.S
• IIS 6.0 in 2003 O.S
Web servers in other O.S
IIS is also present in
• 2000 professional ,XP professional (HTTP & FTP)
• Millennium edition (HTTP & FTP)
• In 98 O.S personal web manager is present serving as web server
• In the world famous web server is APACHE server which is working on Linux platform
• Window server 2003 supports web edition to compete with APACHE server
New features of IIS 6.0
• Supports IPv6
• Backup & restoring web content is easy
• Isolation of users
• More secure environment
IIS 6.0 services
• World wide web (www) publishing service (HTTP)
• File transfer protocol (FTP)
• Network news Transfer service protocol (NNTP)
• IIS admin service
HTTP (hyper test transfer protocol)
• World wide web (www) publishing service
• http service is used to publish data to world web quickly & easily
• this protocol is easily configurable and reliable and it supports security and encryption to protect sensitive data
• default port no is 80
FTP (file transfer protocol)
• It is a protocol used to download & upload the files over the internet
• Default port no is 21
o Total port no 01……..65, 536.
o Reserved port no 01…….1024
Requirement to Host web server
How configure web server
With help of requirement
• Static IP address (public IP to published over internet)
• Domain name (resisted domain name 1st published over internet
• Name resolution service like DNS
• Home Directory
o Required for each WWW or FTP site
o Central location of published pages
How to configure web services
• Install IIS services
• Create a web site “how to host a web site”
• Create a zone in DNS
How to install IIS Services
• Go to control panel
• Add or remove programs
• Add or remove window conference
• Select application server
• Click details
• Check the box (Inter net Information Services IIS)
• Click details
• Check the box ( FTP)
• Check the box world wide web service
• Ok
• Ok
• Next
• Instant O.S ,CD
• Click ok
Shortcuts of IIS go to run, type INETMGR
How to host a web site
• Go to IIS
• Right click web sites
• New web sites
• Next
• Next
• Provide “web sites”
• Next
• Select IP address
• Provide host header for this web site
Ex:-www.yahoo.com
• Next
• Select browse
• Select web pages
• Ok
• Next
• Check the box browse
• Next
• Finish
How to add contain web pages to the web sites
• Go to right panel
• Right on .htm file (webpages.htm)
• Rename and copy
• Go to web site properties
• Click documents tab
• Click add
• Right click past
• Ok
• Move up
• Apply
• Ok
o Creation of DNS store for web site
o Create a primary zone with host and alias( in stop crate host & alias just host record with name WWW)
Verification
• Right click on web site in IIS
• Select browse
• We can get the web site
• Go to internet explorer
• Type www. website .com
How to Redirector a web site
• In IIS create two web site ( 01.yhaoo.com ,02.my.yahoo.com)
• Go to properties WWW
• Click tab select home director
• Select a redirection to URL
• Provide the path (http://www.my.yahoo.com)
• Check the box the exact URL entered above
• Apply
• Ok
Verification
• Go to inter net explorer
• Type www.yahoo.com
o Then we can get the redirection to the my.yahoo.com
Virtual directory
Virtual directories are sub directories of the root of the site. By using virtual directory we can create alias or pointer to a directory some where else in the system or other system on the network. IIS define virtual directory as pointing to one their
Benefits
• They simplify the web site structure from the users point of view
• They permit great flexibility in organizing content
• They can provide anther layer of security because the user can’t tell where the content is actually stored
How to configure virtual directory
• Go to IIS
• Create a web site or host a web site
• Go to web site
• Right click on web site
• Select new
• Select virtual directory
• Provide alias name (we can give any name)
• Browse and select web pages next
• Check the box browse
• Next
• Finish
• Right click on V.D
• Go to properties
• Paste the pages
• Move up
• Add
• Apply
• Ok
Verification: - go to internet explorer type http://www.my.yahoo.com\main
Back up & Restore of web site
To back up
• Go to IIS
• Right click on web site
• Select all task
• Same configuration to a file
• Provide path to save your back up file
• Click browse
• Select desktop
• Click ok
• Ok
To restore
• Go to IIS
• Delete web site
• Right click on web sites
• New website from file
• Click browse
• Select back up file of web site
• Open
• Click read file
• Select
• Location
• Ok
And abuser the web site in IIS
F T P (20-03-08)
File Transfer protocol (FTP) Service
It is a protocol used to download and up load the files over the internet
Requirements to host FTP server
• Static IP address (public IP if published over internet)
• Home Directory
o Requires for each FTP site
o Cancel location of published pages
Types of FTP user Isolation
• Do not isolate user
• Isolate user
• Isolate user using active directory
Do not isolate user
• All users can access FTP home directory of other users
• Anonymous access will be allowed
Isolate user
• Users can’t view of modify files or directories of other users
• They are confined to access their own home directory
• User home directory must be present with in the root of the site
How to install FTP service
• Go to control panel
• Select Add or remove
• Select add or remove window components
• Select application sever
• Click details
• Check the box IIS
• Click details
• Check the box FTP
• ok
• ok
• next
• insert O.S, CD
• finish
How to create do not isolate user FTP side
• in D.C Create a folder in any drive and create some files with in the folder
• Go to A.D.U.C create some users (U1, U2, U3, U4...)
• Go to IIS
• Expain sys name
• Right click on FTP side
• Select new FTP side
• Next
• Provide name (any name )
• Next
• Select IP address
• Next
• Select do not isolate users
• Next
• Browse and select home directory
• Select folder
• Next
• Check the box
• Write
• Next
• Finish
Verification
• Right click on FTP side
• Click browse
• Log in as user
• Go to internet
• Type FTP://sys IP
Note: while create the FTP file, if you change poet number
• Type FTP://sys IP
How to create isolate users FTP side
• Go to A.D.U.C
• Create some user
• In any drive create a folder with name root with in the folder
• Create folder with name domain NetBIOS name with in the domain folder create some users folder with name U1, U2…
• Under users folder cerate some files
• go to IIS
• Expain sys name
• Right click on FTP sites
• Select new FTP sites
• Provide name
• Next
• Select isolate user
• Browse and select
• Root folder (home directory)
• Check the box write
• Next
• Finish
Verification
01.
• Right click on FTP site
• Click browse
• Provide user ID, Password
• Enter
02.
• Log in as user
• Open internet
• Type FTP://Sys IP
The user can’t access only specific
The user can’t access other user’s data
Isolate user’s active directory
• User can’t view or modify files or directories of other users
• This option simplifies administrator of the FTP site & permits, home directories to exist in multiple locations
• Only the user whose directory properties are defined can log on to FTP server
• To set A.D properties type the following commands
o Syntax
o //SFTP/setdropuser FTPdirhomedirectoryname
Ex: IISFTP-isolatedropU1FTPdir-folderFTP or anything
How to configure isolate user using A.D, FTP side
• Go to A.D.U.C
• Create some users with passwords
• Create a folder in any drive and create some files with in the folder
• Go to IIS
• Expain sys name
• Right click on FTP
• Select new FTP site
• Next
• Provide name (any name)
• Next
• Select IP Address
• Next
• Select isolate users using A.D
• Next
• Provide user name
• Password
• Provide domain name
• Next
• Re enter the password
• Ok
• Check the box write
• Next
• Finish
o Go to cmd type IIS FTP/setadprop username FTPdir home folder home
o IISFTP/setadprop user name FTProot fil
Verification
Right click on FTP side
Click browse
Provide user name and password
Log in as user
Go to inter net
Type FTP://sys IP
SITE
Physical components of A.D
Domain controllers
Sites
A site of well caonnected IP subnets
Site can be generally used for locating services (log on)
Replication group policy application
Site an connected with site links
A site can span multiple domain
A domain can span multiple sites
How to create a site
• Go to A.D.S.S
• Right click on sites
• Select new sites
• Provide name for site (USA)
• Ok
• Rename the default first name (rename india)
How to create site links
• Under sites
• Expain inter –site transfer
• Right click on IP
• Select new site link
• Provide name (india –USA)
• Ok
Verification
• Under sites
• Expain inter-sites-transports
• Select IP
Right side abuser the line
We can move the server’s one site to anther site
• Right click on the server
• Select move
• Select on the another site name
• Ok
Routing (21-03-08)
Rout
It is advice used to communication between two different networks
Routing
It is process of sending the data packets through the best path to reach the destination
Default gateway
It is gives the exit point or entry point to reach the destination
Type of router
Hardware router
Software router
Hardware router
The hardware router is a device which used to connect multiple networks this is expensive
Software router
In the system we are going to configure as a software router that system must having the more them one NIC
If any system having more then one NIC that system we call at as multi home PC
Static routing
Static routing is a routing which is used to configure manually to the routing table
Dynamics routing is a routing in this no need to configure the routing table manually automatically it will update routing table
Set up
10.0.0.2 10.0.0.1 11.0.0.2 12.0.0.2
11.0.0.1 12.0.0.1
Private network
1. Ping 10.0.0.1 we can get yes reply
2. Ping 11.0.0.1 we can get no reply
3. Ping default gateway IP address (10.0.0.1)
4. Ping 11.0.0.1 we can get the reply
13. Ping 12.0.0.2 we can get the reply
Public network
5. Ping 12.0.0.1 we can get yes reply
6. Ping 11.0.0.2 we can get no reply
7. Provide default gateway IP address (12.0.0.1)
8. Ping 11.0.0.2 we can get yes reply
14. Ping 10.0.0.2 we can get the reply
Router 01
9. Enable routing
11. Configure static routing
Interface 11.0.0.1
Destination 12.0.0.0 (network)
N/W mask 255.0.0.0
D/G 11.0.0.2
Router 02
10. Enable routing
12. Configure static routing
Interface 11.0.0.2
Destination 10.0.0.0 (network)
N/W mask 255.0.0.0
D/G 11.0.0.1
How to enable routing
We should enable the routing in both routing (r1, r2)
• Go to routing and remote access
• Right click on sys name
• Select configure and enable routing and remote access
• Next
• Check the LAN routing
• Finish
• Yes
How to configure static routing
• Go to routing and remote access
• Expain sys name
• Expain IP routing
• Right click on static routing
• Select new static route
• Provide interface destination network mask, default getaway
What is network address translation?
• Provides access to the internet from protected private address range
• Translates private IP’s to public IP’s & vice – versa for outing and in coming traffic
• Hides private IP address range from the internet
• Can be used with DHCP or can be configured to assign IP to client
Net set up
Under private
1. Ping 12.0.0.2 we can get the reply
2. go to internet explorer type www.whatismyip.com
Under public
3. Ping 10.0.0.2 we can get in the reply
4. go to internet explorer type www.wahtismyip.com
Under Router
5. to configure NAT
• go to routing and remote access
• under IP routing
• right click on NAT /basic firewall
• select new interface
• select (10.0.0.1)
• click ok
• select provide interface
• ok
• again right click on NAT /basic firewall
• select new inter face
• select (11.0.0.1)
• click ok
• select public interface
• check the enable NAT
• apply
• ok
Under private
6. Ping 12.0.0.2 we can yes reply
7. go to internet explorer type www.whatismyip.com
Under Public
8. Ping 10.0.0.2 we can get the no reply
9. go to internet explorer type www.whatismyip.com
What DHCP reply agent
A DHCP reply agent is a computer or routers that listens for DHCP broadcasts from DHCP clients and then reply those massages to DHCP servers
DHCP relay agent set up
Under private
1. configure DHCP server with 12.0.0.0 network (ex:- 12.0.0.1 to 12.0.0.100)
While configure in scope we should provide router IP (12.0.0.1)
Under router 02
• go to routing and remote access
• expain sys
• expain IP routing
• right click on general
• select new routing protocol
• select DHCP reply agent
• click ok
• right click on DHCP relay agent
• select new interface
• select 11.0.02
• click ok
• click ok
• again right click on DHCP relay agent
• select new interface
• select 12.0.0.1
• click ok
• again ok
• right click on DHCP relay agent
• go to properties
• provide DHCP server IP (10.0.0.2)
• click add
• apply
• ok
Under public
• go to TCP /IP properties
• select obtain and IP address automatically
• select obtain and automatically
• go to CMD
o type ipconfig /release
o type ipconfig /renew
Note: - if NAT is configure in router 01.We are not going to the output remove NAT in router 01
ISA (22-03-08)
It is a proxy server & wed caching server
It is a firewall designed to ensure all unwanted traffic from the internet is kept out of the organization’s network (privet network)
Proxy server
It is a server which emulates as a web server
Fire wall
Fire wall protects networked computer from intentional hostile intrusions
Fire wall two types
Software firewall
Hardware firewall
Software fire wall
ISA server, smooth wall, check point, clavister firewall
Hardware firewall
Cisco, fix, watch guard, multiform, Ethernet III…..
Version of ISA
ISA server 2000
ISA server 2004
ISA server 2006
Flavors of ISA server
ISA server standard edition
ISA server enterprise edition
Standard edition
Standard edition is used in you deploy a single ISA server for a specific role that is proxy server or firewall etc….
Standard edition store it is configuration in the local registry
Standard edition doesn’t support arry policy
Enterprise edition
Enterprise edition is used if you deploy multiple ISA server in each role
Enterprise edition store it’s configuration is it’s store in active directory application mode
Enterprise edition supports cache array routing protocol
Arrays
Arrays are group of ISA server that share the some array policy
Arrays are used for providing
Local balancing
Fault tolerance
Scalability
All the servers in the array should be in same domain
How ISA server works as a firewall
ISA server 2004 user’s three types of filtering roles to block or allow the N/W traffic
Packet filtering
State full filtering
Application filtering
Packet filtering
Packets are allowed and dropped based on source and destination IP or sources and destination ports
When a packets is arrived ISA server checks source IP destination IP & port information against it firewall rules, if it packet allowed to the dentition or else it is dropped
State full filtering
State full filtering user a more through examination of network packet to make decisions when ether to forwards it or not
When ISA server use state full inspection it examines IP & TCP headers of previous packets that have passed through ISA server or of TCP session
Application layer filtering
Application layer filtering examines the actual content of a packet to determine if the packet can be forwarded through the firewall
Application filter opens the entire packet examines the actual data in it before making a forwarding decision
How to ISA server works as proxy & cache server
Proxy
o ISA server works as proxy server by acting as a web server to the internal clients
o It also cache the information thus providing faster internet access to the clients
Cache
• Forward caching
Forward caching occurs when the user on the corporate network makes a request for the web content located on the internet web server
• Reverse caching
It occurs when the users on the internet request for the web content present on corporate N/W
How to install ISA server 2004
Requirements
D.C, M.S or W.G
Multi home with static IP’S
IIS service with SMTP & NNTP
How to enable IIS with SMTP & NNTP
• Go to control panel
• Add or remove programs
• Add or remove windows components
• Select application server
• Click details
• Check the box NNTP service & SMTP service
• Ok
• Ok
• Next
• Provide O.S. CD
• Click ok
• Ok
• Finish
How to Install ISA server
• Go to my computer
• Open ISA server 2004 folder
• Click on ISA autorun.exe.
• Click install ISA server 2004
• Next
• Select I accept
• Next
• Next
• Select complete
• Next
• Click add
• Select network adapter
• Uncheck the box add the following private ranges
• Check the box 10.0.0.1
• Click ok
• Ok
• Next
• Next
• Next
• Install
• Finish
And restart the computer
Verification
• Start programs
• ISA server 2004
• ISA server manage
(24-03-08)
How allow access in Order to access the Internet
IP Setting IP 10.0.0.2 10.0.0.1 11.0.0.2
D/G 10.0.0.1 11.0.01 11.0.0.1
P DNS 10.0.0.2 11.0.0.2
A DNS 11.0.0.2
In the ISA server
• Start program
• Select Microsoft ISA
• ISA server management
• Right click on fire wall policy
• New access rule
• Provide name
• Next
• Select allow
• Next
• Next
• Click add
• Expain net works
• Select internal
• Click add
• Close
• Next
• Click add
• Expain networks
• Select external
• Add
• Close
• Next
• Next
• Finish
• Click apply
• Ok
Verification
• Go to private network
• Go to internet explorer
• Try to access the website
Ex:- type www.yahoo.com
How to deny a single web site
• Go to ISA server
• Right click on fire wall policy
• New access rule
• Provide any name
• Next
• Select deny
• Next
• Next
• Click add
• Expain network
• Select external
• Add
• Close
• Next
• Click add
• Click new
• Select URL set
• Provide any name
• Click new
• Type http://www.google.com
• Click ok
• Expain URL set
• Select one option
• Click add
• Close
• Next
• Next
• Finish
• Apply
• Ok
Verification
• Go to private network
• Go to internet explorer
• Try to access the deny web site
Ex:- www.google.com
How deny the images
• Go to ISA server
• Right click on deny web site
• Go to properties
• Select content types
• Select selected content typew
• Check the box images
• Apply
• Ok
• Apply
• Ok
Verification
• Go to private network
• Go to internet explorer
• Type www.google.com
We can get only text we can’t get image
How to Redirection the web site
1. deny a web site ex :- google.com
• right click on deny web site
• go to properties
• click the tab action
• check the box redirection http requests to the web page
• type http://www.iana.org
• apply
• ok
• apply
• ok
Verification
• go to private network
• go to internet explorer
• type http://www.google.com
We can get www.iana.org
Publishing Rules
o server publishing rules
o web server publishing rules
o secure web publishing rules
o mail server publishing rules
Web server publishing rules
Web publishing rules map http or https request to appropriate web server located on the network protected by ISA server
Secure web publishing rules
Secure web publishing provides an additional layer of security when publishing an option to use SSL (secure socket layer) to encrypt all network traffic to and from web site
Mail server Publishing rules
Mail server publishing rules are given to security publish the mail server present in the internal network
Server publishing rules
Server publishing rules are used to enable access to inter application that use other protocol
Server publishing is a secure and textile way to publish the content or services provided by internal service to the internet.
How to create & apply web server publishing rules
• go to ISA server
• right click on firewall policy
• new web server publishing rule
• provide any name
• click next
• select allow
• next
• provide IP address of web server (10.0.0.2)
• next
• accept the request for select any domain
• next
• new provide any name
• next
• check the box external
• next
• next
• finish
• select web listener
• next
• next
• finish
• apply
• ok
Verification
• go to public network
• go to internet explorer
• type http://11.0.0.1
We can access the internal web sever
How to apply server publishing rules
• go to ISA server
• right click on fire wall policy
• new
• server publishing rule
• provide name ( any name)
• next
• type internal server IP (10.0.0.2)
• next
• select the protocol RDP server
• next
• check the box external
• next
• finish
• apply
• ok
Verification
• go to public
• start run
• type MSTSC
• click ok
• type ISA server publishing interface IP (11.0.0.1)
• connect
• log in as administrator
RAS (Remote Access Services) (25-03-08)
Remote Access service provide two types of connections one is Dial up connection and other one is virtual private network (VPN)
It is a server which will allow remote clients or dial up clients to access private network resources
How to dial up network access works
Dial up clients make a temporary connection to remote access server by using a telecommunication provider
ISDN (Integrated Services Digital)
PSTN (Public Switch telephone network)
D link (Digital link)
How to enable modem phone
• Go to control panel
• Click on phone and modem
• Click modem tab
• Click add
• Check the box ( don’t delete my modem)
• Next
• Next
• Select communications cable between two computers
• Click next
• Select computer
• Next
• Finish
• Ok
How to create a user and to allow Dial up permission
• Go to
• A.D.U.C
• Right click on user
• Go to properties
• Click dial in tab
• Select allow access
• Apply
• Ok
How to enable routing and remote access
• Start programs
• A.D. Tools
• Routing and remote access
• Right click on sys name
• Select configure and enable routing and remote access
• Next
• Select remote access (dial VPN)
• Next
• Check the box dial Up
• Next
• Next
• Select from a specified range of address
• Next
• Click new
• Provide IP address range (15.0.0.1 to 15.0.0.50)
• Ok
• Next
• Next
• Finish
• Ok
• Ok
How to create RAS clients
How enable modem
How to establish a dial log connection
• Go to my network pleases properties
• Right click on new connection wizard
• New connation
• Next
• Select set up and advance connection
• Next
• Connect directory to anther computer
• Next
• Select gust
• Next
• Provide computer name (any name)
• Next
• Next
• Select my use only
• Next
• Finish
• Provide user name and password
• Click dial
Verification
1. right click on the connection
Click stature
Click details add abuser the RAS clients IP and RAS server IP
2. after dial up connection give D/G in private network (10.0.0.1)
Go to run
Type \\sys name or \\ip address \drive letter $
we can access the private network ‘e’ drive.
How to work VPN connection
A VPN extends a private network across ahared or public network such as the internet
In the RAS server
• First create dial up connection eatable dial up
• Go to my net work pleases
• Right click on new connection wizard
• New connection
• Next
• Select connect to the network at my work please
• Next
• Select VPN connection
• Next
• Provide computer name
• Next
• Provide IP address of RAS server (10.0.0.1)
• Next
• Select my use only
• Next
• Finish
• Provide user name and password
• Connect
Verification
Try to access the private network information’s through UNC path
(Universal Naming Conversation)
RIS (Remote Installation Server) (26-03-08)
It is the process of Installation O.S. Remotely
Image: - a copy of O.S files
Requirement for RIS
Two type of requirement in the RIS
Server side
Client side
Server side requirement
1. Active directory
2. DNS with 06 service
3. DHCP with the scope
4. RIS server
5. Separate partition of at least 02GB formatted with NTFS
6. O.S CD’S
Client side requirement
1. PXE -Rom NIC card
2. PRE –boot execution environment
3. Bootable CD
4. Bootable Floppy
How two install RIS service
• Go to control panel
• Add or remove program
• Add or remove window components
• Check the box RIS
• Next
• Insert O.S CD
• Click ok
• Finish
• Restart computer
• Yes
How to take the image
• Start program
• Admin tools
• Remote installations services set up
• Next
• Type the drive letter :\remote install
• Next
• Check the box respond to client computer requesting service
• Next
• Browse and select CD –Ram drive
• Insert CD in the CD –Ram
• Next
• Next
• Next
• Finish
• Done
RIS Services
BINL ( Boot Information Negotiation Layer)
Responsible for RIS process informs the sequence of servers to all clients
TFTP (Trivial File Transfer Protocol)
Responsible for downloading OS files from server to clients
SIS ( Single Instance Stores)
Responsible for saving all common files of multiple images in single folder called SIS common store
Type of Installations
Attended
If we manually attend the client to answer all questions like name, org name product key, time setting etc…..
Unattended
If we don’t attend the client to answer those questions instead of us answer file will answer all questions
How to create answer file
Insert OS CD in the CD –ROM
• Go to my computer
• Right click on expain CD-ROM drive
• Click on seaport
• Click on tools
• Click on deploy cab
• Right on set up mgr.exe
• Select extract
• Select desktop
• Click extract
• Go to desktop
• Click on setup mgr.exe
• Next
• Select create new
• Next
• Select RIS
• Next
• Select window server 2003.enterpise editions
• Next
• Select fully automatic
• Next
• Check the box I accept
• Next
• Provide name and organization
• Next
• Next
• Next
• Provide product key
• Next
• “
• “
• Finish
• Click browse
• Select my comport
• Select RIS folder or image drive
• Click on remote install folder
• Setup English image windowi386 templates
• Click save
• Click ok
• Click cancel
Troubleshooting points
In the client side sea pose we are not getting the proper
• Start
• Programs
• A.D tools
Services
• Select DHCP restart
• Select DNS restart
• Net log on restart
• RIS start
• SIS restart
• TFTP restart
Go to A.D.U.C
• Select domain controllers under domain
• Right click on the sys name
• Go to properties
• Click tab remote install
• Click verify server
• Next
• Finish
• Done
• Ok
Types of clients
Known clients
In the client information GUID is present in A.D
Unknown clients
In the client information GUID is not present in A.D
GUID:-global unique indentified
UUID: - universal unique indentified
How to create Know clients
• Go to A.D.U.C
• Right click on computers
• New computer
• Provide computer name ( any name)
• Next
• Check the box this is a managed computer
• Provide GUID of computer ( the GUID is 32 bits)
• Next
• Next
• Finish
In the client side
• Restart client computer
• Press F12
• Provide administrator ,password
• Select window server 2003 enterprise
• Press F03
(28-03-08)
1. Off line files
2. Disk quota
3. VSS
4. GPMC
5. DFS
Off line files
Off line files is a document –management feature that provides the user with consistent online and off line access to network file
Advantages of using offline files
Support for mobile users
Automatic synchronization etc…
How to create offline files
• In sys01 create a share folder in any of the NTFS drive
• And create some files with in the folder
• In sys02 open my computer
• Click tools tab
• Select folder optation
• Click offline files
• Check the box enable offline files
• Check the box synchronization all offline
• Apply
• Ok
• Sys02 access the share folder from my network pleases
• Right click on share folder
• Select make available offline
• Next
• Next
• Finish
• Disable LAN after try to access the share folder from my network please
• My network pleases
• Open share folder
• Modify or delete data with in the file
• Connect in to the sys 02in the LAN
Synchronize: - The notification before the time setting one small monitor icon is available
Right click on icon
Click synchronize
Go to sys01 and abuser the score folder files
Disk Quota: - you can use disk quotas on drives formatted with the NTFS file system to monitor and limit the amount of disk space available to individual users
Disk quota tracks and control disk space usage for NTFS partitions prevent further disk space use and log on event when a user exceeds a specified disk space limit
How to apply disk quota
• Create some user in A.D.U.C
• Create one share folder with full control in any NTFS drive
• Go to A.D.U.C apply home folder to specific user
• Right click on user
• Go to properties
• Click profile tab
• Select connect options select the drive letter as H
• Type the Path \\sysname \share folder name \user name
• Apply
• Ok
Verification
• Log in as user
• Open my computer
• And abuser the network drives
How to space disk quota
• Open my computer for disk quota
• Go to properties of share folder drive
• Click quota
• Check the box enable quota management
• Check the box deny
• Select limit space to 10MB
• Select warring level to 05MB
• Click quota enteric
• Click quota
• Select new quota entry
• Enter the user names
• Check names
• Ok
• Select limit disk space to 10MB
• Select warring leval to 05MB
• Ok
• Close
• Ok
Verification
• Log in as user
• Open my computer
And abuser the space of network drive
GPMC (Group Policy Management Console)
The group policy management console it is Microsoft. we can get GPMC.MIS files from the Microsoft free of cast
With the help of GPMC we can get to management all group policy
Installations of GPMC
• Click on GPMC.MSI
• Select accept agreement
• Next
• Finish
The path of gpmc
• Start programs
• A.D. tools
• Group policy management
VSS
The VSS is new feature 200 O.S. we can apply VSS only share folder VSS option available in NTFS drive only
How to apply VSS
• Create a share folder with full control in any one of the NTFS drive
• Create some files with in the folder
• Go to folder
• Go to share folder
• Drive properties
• Click shadow copies
• Select the drive
• Click enable
• Ok
To restore VSS
• Modify or Delete in files
• Access the share folder from my network pleases
• Go to properties of share folder
• Click per vice version
• Select specific per vies version
• Click restore
• Apply
• Ok
Verification
• Go to my computer
• Add abuser the share folder files
DFS
• Distributed file system (DFS) allows administrators to make it easier for users to access and manage file across a network
• With DFS you can make files distribute across multiple servers it actually reside in one please (computer) on the network
How to create DFS work
• In sys01 create a folder in any one of the drive name it as main root in sys01 go to DFS in A.D. Tools
• Right click on DFS
• New root
• Next
• Select domain root
• Next
• Next
• Browse and select sys01
• Next
• Provide root name ( any name)
• Next
• Browse and select folder next
• Finish
Under sys02
• Create 03 share folder names it as (s1, s2, s3) and create some files. With in the folders with full permission
Under sys01
• In sys01 go to DFS
• Right click on root
• New line
• Provide link name as s1
• Click browse and access the entire the network
• Select s1 share folder
• Click
• ok
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment