Documente Academic
Documente Profesional
Documente Cultură
DAY 1
NETWORK
NETWORK: A Network is an Interconnection of Devices
NETWORKING: It is the communication between the interconnected devices
basically to share the network resources.
Types of Networks
LAN
WAN
MAN
Classification is done based upon the network it spans.
LAN: It spans a limited geographical area. And it provides a maximum bandwidth
of 100 Mbps. In LAN we have full time connectivity.
WAN: Wide area network. It spans over larger geographical area, either you can
go for full time or part time connectivity. It provides maximum of 2 Mbps.
MAN: This kind of network will work on DQDB (Distributed Queue Dual Bus). It
provides a Bandwidth of 55-150 Mbps. And it cannot span more than 30 Miles.
NETWORK DEVICES:
1.
2.
3.
4.
HUB
SWITCH
ROUTER
NIC
HUB: A Hub is a device into which you can connect all devices on a home
network so that they can communicate to each other.
SWITCH: A Switch is also a device into which you can connect all the devices on
a home network. So that they can communicate each other
ROUTER: It is a device which allows communication between two different
networks.
Nic: It forms a Interface between the networked device (Computer) and the
LAN.
-1-
LOGICAL TOPOLOGIES
WORKGROUP MODEL or PEER TO PEER)
DOMAIN or CLIENT SERVER MODEL
Workgroup Model: It is a logical grouping of systems where you cannot find
centralized database or centralized administration.
DOMAIN: It is a Logical grouping of systems where you can find centralized
management and centralized database.
HISTORY OF MICROSOFT NETWORK OPERATING SYSTEMS:
WIN NT 3.1
1993
WIN NT 3.5
1994
WIN NT 4.0
1997
WIN NT 5.0
OR WIN 2000
WIN 2003 SERVER OR .NET SERVER
-2-
DAY 2
ACTIVE DIRECTORY
Active Directory is a Directory service which contains information of all user
accounts and shared resources on a network.
Active Directory is a Centralized Hierarchical Directory.
RESOURCES
Control
Centralized Management
Single Point Management
PURPOSE OF ACTIVE DIRECTORY
1. Provides User Logon & Authentication, for authentication KERBEROS
Version 5 Protocol is responsible. Authentication is nothing but proving
your identity or validation.
2. To organize or Manage
User Accounts
Computers
Groups & Network Resources
3. Enables Authorized users to easily locate network resources.
Authorization is checking permissions & privileges.
FEATURES OF ACTIVE DIRECTORY FOR WIN 2000 & 2003
1.
2.
3.
4.
-3-
Start
Run
dcpromo
Welcome > Next
Next
Domain Controller > Next
Domain in a New Forest > Next
DNS Name ( With extension like .com or .net)
Active Directory is integrated with DNS. (DNS Server can be separate
server)
DNS follows with extension.
9. Domain Net Bios Name
Net Bios name is used for backward compatibility like win98 or win NT or
win95. And Net Bios uses Flat Names.
10. Storing the Database File
Database File is saved in NTDS folder.
NTDS: New Technology Directory Service
In NTDS Directory NTDS.DIT file is saved.
DIT= Directory Information Tree.
This NTDS Directory can be saved in any secondary drive but the drive
should be formatted with NTFS.
11. System volume
It is one of the default share folder responsible for replication between DC
to ADC or ADC to DC.
12. Install DNS & Configure
-4-
13. Permissions
First Option (Enables you to work with old Win OS like Win 98, 95, NT)
Second Option (Enables you to work with Win 2000 or Win 2003)
14. Directory Service Restore Mode Admin Password.
(Leave it Blank)
15. Summary
It shows all information of Active Directory Service.
16. Next > It Installs Active Directory Service in to the Computer.
ACTIVE DIRECTORY FOLLOWS NAMING CONVENTION AS FOLLOWS:
1. NET BIOS: These are flat names which will not follow extensions. (For
Example: Prakash)
2. DNS NAME SPACE: Active Directory follows DNS name space with
which you can find names with Extensions ( For Example: .com,
Prakash.net or prakash.edu)
TO IDENTIFY DOMAIN CONTROLLER OR
DIRECTORY SERVICES IN COMMAND PROMPT
TO
CONFIRM
ACTIVE
1. NET ACCOUNTS
2. GETTYPE
NET ACCOUNTS: If we type this command in Command Prompt it shows
PRIMARY if Active Directory Service is installed.
If Active Directory Service is not installed it shows SERVER.
GETTYPE: If we type this command in Command Prompt it shows DOMAIN
CONTROLLER if Active Directory Service is installed.
If Active Directory Service is not installed it shows as SERVER.
AFTER INSTALLING ACTIVE DIRECTORY SERVICE
OPERATING SYSTEM YOU WILL FIND 5 NEW CONSOLES
1.
2.
3.
4.
5.
-5-
IN
SERVER
Start
Run
dcpromo
Welcome > Next
Next
Additional Domain Controller > Next
Type Administrator Password of the Server System.
-6-
FLEXIBILITY
In Windows NT Primary Domain Controller is configured while installing
Operating System. And if we want to remove Primary Domain Controller we have
to format the whole operating system.
In Win 2000 & 2003
We have a flexibility of installing or Uninstalling Active Directory services on the
server operating system.
-7-
DAY 3
HOW DIRECTORY SERVICES ARE EVOLVED
DAP: Directory Access Protocol is based on OSI Layers.
LDAP: Light weight Directory Access Protocol is based on TCP/IP Layers.
DAP was introduced in BANYAN VINES
It named the Database as STREET TALK
LDAP: Is introduced by NOVELL
It named the Database as NDS (Network Directory Services)
LOGICAL STRUCTURE OF ACTIVE DIRECTORY
DOMAINS
TREES
FOREST
DOMAINS
Active Directory is made up of one or more domains.
Creating the initial domain controller in a network also creates the domain.
You cannot have a domain without at least one domain controller.
Each domain in the directory is identified by a DNS domain name.
You use the Active Directory Domains and Trusts tools to manage
domains.
Run
DCPROMO
Next
Next
Domain Controller for a New domain > Next
Child Domain in an existing domain > Next
Administrator, Password & Domain (DC Credentials)
Parent Domain : Microsoft.com
Child Domain : mcse
9. NET BIOS: MCSE
-8-
10. Database folder (You can save this folder in any drive where NTFS
formatting is done)
11. SYSVOL
12. Summary It shows and confirms the settings.
To confirm child domain in command prompt use the command NET
ACCOUNTS. Even Child Domain Controller will display as PRIMARY.
The other way to confirm is go to Administrator Tools then click on Active
Directory Domain & Trusts. And then expand the parent domain.
TREE
In Win 2003 operating system, A Tree is a set of one or more domains
with contiguous names.
If more than one domain exists, you can combine the multiple domains
into hierarchical tree structures.
The first domain created is the root domain and tree are child domains.
A domain immediately above another domain in the same domain tree is
its parent.
Example:
Microsoft.com
Child.Microsoft.com
grandchild.Microsoft.com
-9-
TREE
CISCO.COM
MCSE.COM
CHILD.CISCO.COM
IP SETTINGS FOR DOMAIN CONTROLLER, ADDITIONAL DOMAIN
CONTROLLER, CHILD DOMAIN CONTROLLER & NEW TREE IN EXISTING
FOREST.
DC
IP: 10.0.0.1
DNS: 10.0.0.1
ADC
IP: 10.0.0.2
DNS: 10.0.0.1
CDC
IP: 10.0.0.3
DNS: 10.0.0.1
- 10 -
NTEF
IP: 10.0.0.4
DNS: 10.0.0.1
1.
2.
3.
4.
5.
6.
7.
8.
Run
DCPROMO
Next
Domain Controller for New forest > Next
Domain tree in Existing Forest > Next
Admin Credentials
DNS Name
Rest same as before.
- 11 -
DAY 4
FSMO ROLES OR FIZZ-MOE
FSMO = Flexible Single Master Operations
They are 5 FSMO Roles. The exact difference between Domain Controller and
Additional Domain Controller is these 5 FSMO Roles.
In Windows NT Domain model Replication will always take place from PDC to
BDC. Because of which it is called Single Master Replication.
In Windows 2000 or 2003 Server Domain model Replication will take place from
Domain Controller to Additional Domain Controller. Here it is known as Multi
Master Replication.
ROLES OF ACTIVE DIRECTORY
Global Catalog Server
OPERATION MASTERS
DOMAIN NAMING MASTER: It is of the important role which will check the
unique of the domains, with the help of Domain Naming Master you can create
remove or rename the domains. It checks for the DNS conflicts, in the entire
forest Domain Naming Master is present on first domain controller or root
domain.
Domain Naming Master is common in the entire forest since it is known as Forest
Wide Role.
SCHEMA MASTER: Schema is the design or Architecture of Active Directory it
forms a template for Active Directory objects with the help of schema we can
create and manipulate different objects. Schema is further divided into 2
classifications.
Classes = Objects or Users
Attributes= Properties of Objects or Information on Objects
- 12 -
Schema is common for the entire forest, since it is known as Forest Wide Role.
RID MASTER:
First before knowing about RID Master we have to know about SID.
SID is a collection of RID & DID
SID = Security Identifier
RID = Relative Identifier
DID= Domain Identifier
SID
RID
DID
If the Objects are created in the same domain DID will be same.
Each and every object is assigned by one SID and security principle objects are
(Users, Groups & Computers) is also assigned by one SID.
SID is a collection of DID & RID. RID will check the uniqueness of the objects.
DID will give the information about domains and is common for all the domains
(Ex: 500).
RID is common for its individual domain. Since it is called Domain Wide Role.
To know SID for Administrator in command prompt is as follows:
WHOAMI /USER
Userna m e
Zoo m/ad min
SID
5-1-5-21-275462 2 8 6 6- 35347 12 6 1- 24858 9 4 7 6 6- 500
DID
RID
PDC EMULATOR
It is responsible for password updations in 2003 (Native mode). In mixed mode
PDC Emulator will act as a PDC for BDC. In the entire forest PDC is present on
to all the domains since it is called domain wide role.
- 13 -
- 14 -
Administrative Tools
Active Directory User and Computers
Right click on the Domain (Like zoom.com)
Select Connect to Domain Controller
From the list select sys2 (The ADC where you want to transfer the DC)
even check current Domain Controller.
6. Right click on Domain Controller (Like zoom.com)
7. Operation Master
8. Continue Change for all the roles
To Transfer Schema Master
1. REGSVR32 SCHMMGMT.DLL (First Register the File with the command
this command in Start > Run)
2. Start
3. Run
4. MMC (Microsoft Management Console)
5. File Menu
6. Add / Remove Snap in
7. Add
8. (Select) Active Directory Schema
9. Add
10. Close
11. ok
12. (Select) & Right Click on Active Directory Schema
13. Change Domain Controller
14. Check Specify name
15. Assign the server name as sys2 (The Name of the computer you want to
change ADC to DC)
16. ok
- 15 -
- 16 -
Day 5
FUNCTIONAL LEVELS
Forest and Domain Functional Levels
Functional level determines
- Supported domain controller operating system.
- Active Directory features available.
2003
2000
NT
- 17 -
2003
2000
2000
2003
2003
NT
2003
2003
2003
- 18 -
Function Levels are important when you are planning to upgrade the operating
system or for establishing trust relationship.
To check Functional levels
1. Active Directory Domains & Trusts
2. Right Click on the domain name (Ex: zoom.com)
3. Click on the Function level or Forest Function Level
TRUST RELATIONSHIP
CISCO.COM
(Trusting)
CHILD.CISCO.COM
(Trusted)
- 19 -
Non Transitive Trust: Domain A trust Domain B, In the same way Domain B
trusts Domain C but Domain C will not trust Domain A. It is known as Non
Transitive Trust Relationship.
A
Incoming
DatabaseServer
Zoom.com
Yahoo.com
- 20 -
Types of Trust:
Default: Two ways transitive trust Kerberos trusts (Intra-Forest)
Shortcut: One or two way transitive Kerberos trusts (Intra-Forest)
- Reduce Authentication requests.
Forest: One or two way transitive Kerberos trust
- Windows Server 2003 Forest Windows 2000 does not support
forest trusts.
- Only between Forest Roots
- Creates transitive domain relationship
External: One way Non-Transitive NTLM trusts.
- Used to connect to/from Windows NT or External 2000 domains
- Manually Created
REALM: One or two way non-transitive Kerberos trusts connect to/from UNIX
MIT Kerberos Realms.
Satyam.com
SBI.com
IP: 10.0.0.1
PDNS: 10.0.0.1
SDNS: 10.0.0.2
IP: 10.0.0.2
PDNS: 10.0.0.2
SDNS: 10.0.0.1
- 21 -
5. To raise forest functional level right click on Active Directory Domains &
trust Raise forest function Level
6. Select windows Server 2003 and raise it.
7. Follow the same in other domain even to raise the functional levels.
8. To establish a trust between two different forest for example in SBI.com
open the console Active Directory Domains & Trusts
9. Right Click on the domain SBI.com
10. Select next tab trust
11. And Click on new trust
12. Assign the DNS name of other domain for example satyam.com
13. Check Forest trust
14. Select 2 way
15. Check Both this domain and specified Domain > Next
16. Assign the credentials as admin & Password > Next
17. Check Forest wide Authentication
18. Check Forest wide Authentication
19. Next
20. Next
21. Next
22. Yes > Next
23. Yes > Next
24. Finish.
We have to give permissions from the server side also to logon.
1. To give permissions for users/ admin/ Groups
2. Admin Tools
- 22 -
- 23 -
DAY 6
PHYSICAL COMPONENTS
Logical Components of Window 2003 Server is Forest & Trees.
Physical Components:
Domain Controllers
Sites
Domain Controller is a system which is loaded with Active Directory Services in
Windows 2000 or Windows 2003 server operating system.
-
Sites are areas of good connectivity it is one of the Physical component of the
Active Directory Services.
Sites are associated with subnet mask. Subnet Mask is a Sub Division of IP
Network.
A Site can span multiple domains. A domain can span multiple sites.
Example for Sites:
INDIA
USA
Servers
DC
Servers
WAN LINK
Clients
DC
Clients
REPLICATION TOPOLOGY
They are classified into 2 sites
1. Intra Site Replication
2. Inter Site Replication
- 24 -
Intra Site Replication: The replication which is taking place within a single site
between DC to ADC is called Intra Site Replication.
For Replication KCC (Knowledge Consistency Checker) service is responsible.
Inter Site Replication: The Replication which is taking place between 2 different
sites is called Inter Site Replication.
BRIDGE HEAD SERVER: The server is responsible for gathering the information
from one Domain Controller. So that it can replicate to another Domain Controller
(ADC)
By Default DC & ADC serves will get updated in default first site name. In site by
default one site link also configured.
Configuring Sites:
1.
2.
3.
4.
5.
6.
7.
8.
9.
- 25 -
Select IP Folder
Double click newly created site link
Click on change schedule
set the schedule
NTDS.DIT
SCHEMA
CONFIGURATION
DOMAIN
APPLICATION
Schema Partition
Configuration Partition
Domain Partition
Application Partition
- 26 -
- 27 -
DAY -7
USERS & PERMISSIONS
Client Operating Systems: Win 95, Win 98, Win2000 Professional, Win XP
Server Operating Systems: Windows 2000 & 2003 Server
MEMBER SERVER: Member server is a server which can host services like
DNS, DHCP, IIS, etc. The system which is running server operating system and
it is a part of the domain.
Member server is also configured for even load balancing.
TO CONFIGURE MEMBER SERVER
1. Check the preferred DNS
2. Right Click on MY COMPUTER
3. Select Properties
4. Select Tab COMPUTER NAME
5. Click on CHANGE
6. Check the option MEMBER OF DOMAIN
7. And Specify the domain name
8. OK
9. Assign the Credentials
10. To confirm either member of clients in Domain Controller open
Administrator console USER & COMPUTERS
11. Expand Domain & Select Computers
12. To confirm Member Server in Command prompt use the command
GETTYPE
In Member Server login as Domain Administrator to perform Administrative Task
or to Access Active Directory Consoles.
The Below given shortcuts are to access Active Directory Services from Domain
Controller:
1. To open Active Directory Users & Computers => DSA.MSC
2. DOMAINS & TRUST => DOMAIN.MSC
3. SITES & SERVICES => DSSITE.MSC
To know more about shortcuts of consoles type *.msc in search
- 28 -
LOCAL USERS:
You can create local users in work group or Member servers.
Local users can login locally onto there respected systems. They cannot login
from the domain.
PROCEDURE TO CREATE LOCAL USER IN MEMBER SERVER
1.
2.
3.
4.
5.
6.
7.
- 29 -
- 30 -
DAY8
PERMISSIONS
PERMISSIONS: Privileges to access and Manipulate resource objects such as
Folders, Files and Printers.
For Example: Privilege to read file, Delete a file or create a file.
Types of permissions:
1. Security Level Permissions:
- Only implemented on NTFS Partition
- Applies to Local NTFS Drives only
- NTFS Permissions can be set on drives, files and folders.
2. Share Level Permissions:
- Can be implemented on NTFS and FAT partitions.
- Applies to share folders only and can be accessed from the
network.
- Share permissions can be set only on Drives & Folders
File System provides hierarchical structure to store files or directories, where
operating system can identify and retrieve the files back. There are two types of
file systems FAT & NTFS
FAT: File Allocation Table onto this files systems you can apply only share level
permissions. It doesnt support security level permissions.
NTFS: New Technology File System
Where it provides extra functionalities comparing to FAT file system on to NTFS
you can apply both levels of permissions sharing and security.
ACCESS CONTROL LIST
DACL
ACCESS CONTROL
ENTRY
- 31 -
- 32 -
MODIFY:
Permission will allow the user to create, delete, rename and modify the files and
folders but in Modify user cannot change the permissions or add the new users in
Access Control list where as in full permissions to edit the object as well as
change the existing permissions.
PROCEDURE TO TAKE OWNERSHIP:
The Access control List if Administrator doesnt have the permission or in the
Access Control List if the Administrator has been deleted then you need to take
ownership.
1.
2.
3.
4.
5.
6.
7.
8.
- 33 -
- 34 -
DAY -9
PROFILES
-Profiles is a User-State Environment.
-Profile is a Unique identity where user can perform all his task operations.
Profile is a collection of Desktop Icons, Background, Start Menu, Task Bar, Etc.
DEFAULT USER:
It is one of the important folder which is responsible for providing new profiles. It
is even called as template.
NTUSER.DAT:
You can change the work environment by changing the position of Task Bar,
Desktop icons as well as screen savers.
These modifications will store in NTUSER.DAT. It contains collection of settings
and configurations where you can manipulate for user profile.
DIFFERENT TYPES OF PROFILES:
1. Local Profile
2. Roaming Profile
3. Mandatory Profile
1. Local Profile: Local profiles will not travel along with the user, and it is
going to be stored in the Local machines. A local user profile is created to
a computer, Any changes made to local user profile are specific to the
computer on which we have made the changes.
TO CONFIRM LOCAL PROFILE:
1.
2.
3.
4.
5.
6.
7.
8.
In Domain Controller
Create a Domain User
In Member Server login as a domain user and change the profile
To confirm the type of profile
Right Click on My Computer
Properties
Select Tab Advanced
Click on user profile settings
- 35 -
2. Roaming Profile:
(//sys1/user/a1) is called as Universal Naming Convention (UNC)
A Roaming user profile is created by an Administrator and it is stored on
the server. Roaming profile will travel along with the users.
Configure roaming profile to make the work environment common for the
particular user.
Changes made to the roaming profile will be saved on the server.
Configuring a Roaming Profile:
1.
2.
3.
4.
5.
- 36 -
- 37 -
DAY 10
DFS
DFS= Distributed File System or File Storage Architecture
Distributed file system (DFS) allows Administrators to make it easier for users to
access and manage files that are physically distributed across the network.
With DFS you can make files distributed across multiple servers. It may appear
for user that files actually reside in one place (Computer) on the network.
DFS ROOT
DIRECTORY1
System1
DIRECTORY 2
System2
DIRECTORY3
System3
You can find DFS service in Workgroup Systems, Domain Controller and
Member server.
Shortcut to Open DFS Console: DFSGUI.MSC
DFS ROOT:
DFS Root is the beginning of a hierarchy of DFS links that points to shared
folders.
DFS Link:
A Link from a DFS Root to one or more shared files or folders.
- 38 -
- 39 -
- 40 -
DAY11
GROUP POLICIES-1
Group Policy:
Group Policy is a collection of settings which can be applied on computers and
users.
With Group policy Administrator can centrally manage the Computer and users.
Ease Administration using Group Policy.
In Window NT there is no concept of Group Policy. In Win NT system policies are
used, which are not much powerful comparing to Group policies. Windows NT
does not support Group Policies.
The Window which is used to apply or edit the policy is POLEDIT.
Group policies are associated with levels:
1. Site Level
2. Domain Level
3. Organizational Unit Level (OU Level)
1. Site Level: Apply the policy on site level which is going to be common for
multiple Domains in a single forest.
2. Domain Level: Apply the policy on Domain Level which is common
Domain Controllers and Client systems.
3. OU Level: Apply the policy on OU Level which will be common for users
and computer objects.
OU is a smallest Administrative Unit, It is also referred as sub-tree or sub
container. It is one of the logical component of Active Directory.
It contains different objects which is maintained in a domain. OU can
contain Groups of Users or Groups of Computers.
PROCEDURE TO APPLY THE POLICY ON OU LEVEL
To Restrict Internet Explorer Icon from the Desktop
1. Open the Admin Console
2. Active Directory Users & Computers
- 41 -
3. To Create a OU
Right Click on the Domain
For Example: Zoom.com
4. Select New > Organizational Unit
5. Specify the Name > Ok
6. In OU create some Domain Users
7. To Apply the policy Right click on OU > Properties > Select Group Policy
8. Create a New Policy and Label it
9. Click EDIT
10. In User configuration expand Administrative templates
11. Select Desktop from the list applies any policy by making the option
enable.
Restricting the Applications:
1. Open the Admin Console
2. Active Directory Users & Computers
3. To Create a OU
Right Click on the Domain
For Example: Zoom.com
4. Select New > Organizational Unit
5. Specify the Name > Ok
6. In OU create some Domain Users
7. Create a New Policy or edit the existing policy.
8. Click on EDIT
9. Expand> ADMINISTRATIVE TEMPLATES
10. Select > System
11. Double click the policy > Do Not run specified windows application.
12. Check > Enable
13. Click on > Show
14. Add
15. Specify > IEXPLORER.EXE
16. Ok>Ok>Ok
17. Login as a user from client of Member server and access internet
Explorer.
GPMC Service Pack= To make Group Policies to default settings.
TO ALLOW THE POLICY FOR ONE OF THE USER FROM THE GROUP
POLICY WINDOW
1.
2.
3.
4.
5.
6.
- 42 -
- 43 -
DOMAIN POLICIES:
To apply the policy on Domain Level:
1.
2.
3.
4.
5.
6.
7.
8.
9.
SITE LEVEL:
To apply the policy in Site Level:
1. Open the console Active Directory Sites & Services
2. Right Click on > Default First Site Name
3. Properties
4. Select Group Policy Tab and Apply any Policy.
BLOCK POLICY INHERTANCE:
This Policy is to prevent or to block the policies which are applied on to the
Domain level to the OU level.
Configuring BLOCK POLICY INHERITANCE to block the policies from Domain to
OU level or from site to Domain level.
1.
2.
3.
4.
Right Click on OU
Properties
Select > Group Policy
Check > Block Policy Inheritance.
NO OVERRIDE:
Use No Override to apply the policy of Site Level or Domain Level forcefully.
Comparing to Block Policy Inheritance No Override has the highest priority.
1. Apply one policy on OU Level as well as Domain Level
2. On OU Level check Block Policy Inheritance, In the Domain Level check
the option No Override from Group Policy window.
- 44 -
- 45 -
DAY 12
GROUP POLICY -2
Software Deployment
Folder Redirection
Scripts
Software Deployment: You can use Software Deployment to make the software
available for few groups of users, rather then installing normally on to individual
system use group policy 2 even you can restrict the users to user a particular
application.
Group policies will not support EXE Files in order to convert from .EXE to >MSI
the third party tool is used which is WININSTALLLE. It is not a Microsoft
product it is produced by Veritas.
To convert from EXE to MSI in win installle follow these steps:
Before Snap Shot
Installing Application
After Snapshot
Before Snap Shot: The only difference between Before Snap Shot and After
Snap Shot is newly installed application.
In this procedure it converts from EXE to MSI (Microsoft Software Installer)
The file size of Win installLe is 12466KB
1.
2.
3.
4.
5.
6.
7.
5. Next
6. Specify the Application with UNC Path
7. Click on Browse
8. My Network Places
9. Entire Network
10. Open the Share Folder from the system where you want to save
11. Specify the application name as Acrobat.MSI
12. Open > Next > Next
13. Add all the drives
14. Next > Next > Next
15. Finish
1.
2.
3.
4.
5.
To Apply policy and deploy the software create OU as well as new users.
1. Right Click on Properties
2. Select Group Policy
3. Create a New Policy and Label it
4. Click on edit
5. In User Configuration
6. Expand Software settings
7. Right Click on Software Installation.
8. Select New Package
9. And Apply Network path
10. Open My Network Places
11. Entire Network
12. Windows Network
13. Open the Domain
- 47 -
14. Server
15. Double Click the Share folder
16. Select the application
17. Acrobat.msi
18. Give > Open
19. And Check Assigned
20. OK
21. Login as a user
22. And check the policy
Importance of Deployment Method
Published: Select Publish to Advertise the software in Control Panel. The User
has to install the application normally from control panel.
Assigned: This option will Advertise the software in Start Menu Desktop and in
control panel. User can open the application directly.
Advanced: Choose advanced to perform modifications or updating in existing
software.
FOLDER REDIRECTION
You can use folder redirection to redirect the user profile to the main server. With
folder redirection Administrator can update the information of the user profile.
1. Create a shared folder
2. Open Active Directory Users & Computers
3. In the Group Policy Window create a New Policy
4. Edit
5. Expand Window Settings
6. Folder Redirection
7. Select Desktop
8. In the list select Basic Redirect to everyone folder in the same location.
9. In the next block select redirect to following path
10. Click on Browse
11. Give UNC Path
12. Open the shared folder
13. ok
14. In the path specify %Username%
15. In Member server login as a user
16. Onto the Desktop create New directories for files and logoff.
17. In Sys1 which is domain controller open the shared folder take the owner
ship to access the user folder.
- 48 -
Normal
Incremental
Differential
Copy
Daily
Normal: In Normal Backup you can take the backup of all files. It will not check
for Archive Bit, Normal Backup is Irrespective or Irrelevant of Archive Bit. After
taking the Backup it will uncheck Archive status or Bit.
Practical:
1. Create a folder as well as new files in it.
2. To take the backup in Start > Run (Specify) > NTBACKUP
3. Next
4. Check Back Up Files and Settings
5. Next
6. Let me chose what to backup
7. Next
8. Select the Drive and check the folder
9. Next
10. Browse
11. Change the drive and save the backup
12. Next > Finish
- 49 -
After taking the Backup open the folder and check Archive Bit.
Incremental: This type of Backup will check for Archive status and it will take the
Backup of only those files where ever it is finding Archive Bit on. Even in
Incremental. After taking backup Archive Bit will be unchecked. Prefer
Incremental Backup in the existing folder if files are modified or added newly.
Practical:
1. Open the same existing folder
2. Modify the files
3. And Add New Files
4. To take the Backup
5. Start > Run > NTBACKUP
6. Next > Check Backup Files
7. Next > Let me chose to backup
8. Next > Expand My Computer and Drive
9. Check the folder
10. Next
11. Save the type of Backup by choosing Browse
12. Next
13. Click on Advanced
14. From the List Select Incremental
15. Next
16. Check the option Verify Data After Backup
17. Next
18. Check Append
19. Next
20. Select NOW > Next & Finish
DIFFERENTIAL:
The basic difference between Incremental and Differential is after Backup.
Differential Backup will check for Archive Bit, Once after taking the backup
Archive Bit will be checked.
RESTORING
Practical
1. Open the Original Folder
2. Remove all the files
3. To restore either select the drive > Open backup or continue with
NTBACKUP
- 50 -
4.
5.
6.
7.
8.
9.
Next
Check > Restore Files
Next > From the list Select the Backup Type
Expand
And Check the drive letter
Next > Finish
If objects are removed or deleted from the database, for these deleted objects
one ID is assigned which is nothing but Ghost ID. It will be a period of sixty days
even this duration is known as Tomb Stone Period.
Practical to take System State Backup:
1.
2.
3.
4.
5.
6.
7.
8.
9.
- 51 -
Note: You cannot Restore System State Backup in Active Mode (Normal Mode).
Restoring is possible only in DSRM Mode.
5. Start > Run > NTBACKUP
6. Next
7. Check Restore Files
8. Next > Expand System State Backup
9. And Check System State
10. Next > Next > Finish
After Restoring Continue with No which is similar to Authoritative Restore. In
Authoritative restore you can restore Active Directory objects back. In NonAuthoritative restore you cannot retrieve Active Directory Objects.
AUTHORITATIVE RESTORE
1.
2.
3.
4.
Command Prompt
NTDSUTIL
Authoritative Restore
Restore Database
- 52 -
DAY 14
DHCP
DHCP: Dynamic Host Configuration Protocol
It gives IP Address Automatically to the clients who is requesting for a Dynamic
IP Address.
DHCP users a Client /Server Model where the DHCP Server will maintain
centralized management of IP Address that is used on the network.
DHCP PROCESS
DHCP DISCOVER
DHCP CLENT
DHCP OFFER
DHCP SERVER
DHCP REQUEST
DHCP ACKNOWLEDGEMENT
DHCP DISCOVER: The Client system request DHCP Server to release one IP
Address. This request is known as DHCP Discover.
DHCP OFFER: The DHCP server check the respond from the client system and
offer pool of IP Address. This process is known as DHCP OFFER.
DHCP Request: The Client System once again request the DHCP server from
the pool of IPs to provide one IP to the Client System.
DHCP Acknowledgement: Finally DHCP Server check for the IP Address
whether it is provided to the client system.
This process or Mechanism is known as Four Way Hand Shaking Process.
Practical:
1.
2.
3.
4.
5.
6.
7.
8.
You can configure DHCP in DC, Member Server or Work Group Systems.
The Shortcut to Access DHCP from RUN > DHCPMGMT.MSC
TO CREATE A SCOPE:
1. Open DHCP in Admin Console
2. Before creating a Scope Authorize DHCP Server
3. Right Click on DHCP
4. Select Manage Authorized Services
5. Click on Authorize
6. Assign the name of the server or IP Address
7. Close the window and refresh
8. To create a Scope Right Click on the Server.
9. Select New Scope
10. Next
11. Specify the Scope name
12. Next
13. Assign the IP Address from Starting to End
14. Next
15. Add Exclusions in the list.
16. Next > Next
17. Yes > Next
18. Next
19. Specify the domain name as well as server name
20. Click on Resolve
21. And Add in the List
22. Next > Next
23. Yes > Next > Finish
In System 2
24. Remove Static IP Address
25. From Command Prompt use Command
IPCONFIG /RELEASE (To Remove Existing IP Address)
IPCONFIG /RENEW (To automatically assign IP address from the DHCP
Server)
IPCONFIG /ALL (To Show all the details about the system Network)
GET MAC (To get the Mac address of the current system)
ARP A (To Know the Mac address of other systems)
Address resolution protocol
- 54 -
- 55 -
- 56 -
TO CHECK APIPA
1. In the IP Address Window
2. Check Obtain an IP Address Automatically
3. Select Next Tab > Alternate Configuration
- 57 -
DAY 15
DNS
Domain Naming System / Server
Defines a hierarchical name space where each level of name space is
separated by
- 58 -
- 59 -
DAY-16
yahoo
com
1= Root Server
2= Top Level Domain
3= Second Level Domain
4= Sub Level Domain
Root server will maintain the information about Top Level Domains.
Top Level Domains like Com or Org will maintain the information about
second level domains and second level domains will maintain the information
about Sub-Level Domains.
They are 13 Root Servers all over the world:
1. Asia
2. Japan
3. And the most of root servers are located in USA.
ISP DNS SERVER
Yahoo.com 203.54.92.64
Google.com 204.66.54.89
Rediff.com 17.34.68.2
Yahoo.com
203.54.92.64
1
3
Google.com
204.66.54.89
2
Client typed
www.yahoo.com
Rediff.com
17.34.68.2
- 60 -
Local DNS
ISP DNS
ROOT Server
ITERATIVE QUERY
Top Level Domain
RECURSIVE QUERY
Sub Level Domain
- 61 -
Second level
Domain
Forward Lookup
DNS
IP ADDRESS
Reverse Lookup
IP ADDRESS
Client
DNS
USER FRIENDLY NAME
DOMAIN NAME
FQDN
- 62 -
DC1
Mcse.com
IP: 10.0.0.25
PDNS: 10.0.0.40
DNS
10.0.0.40
CLIENT
IP: 10.0.0.10
PDNS: 10.0.0.40
DC2
Zoom.com
IP: 10.0.0.26
PDNS: 10.0.0.40
Note: (To remove the cache files use this command in cmd prompt :
IPCONFIG /FLUSHDNS )
ZONES
There are 4 types of Zones:
1.
2.
3.
4.
Primary Zone
Secondary Zone
Stub Zone
Primary Zone Integrated with Active Directory
Zone is a storage database which maintains the information about its domain or
Multiple domains. It maintains the file by default in the local system. In a single
zone you can find collection of records which is going to map IPs to Names or
Names to IPs.
- 63 -
TO CREATE ALIAS
1. Right click on the same zone
2. New Alias
3. Specify the alias name (WWW)
4. Browse
5. Double Click Sys1
6. Forward Lookup
7. Double Click the Zone
8. Select Sever Name
9. OK > OK
10. To check the resolution in command prompt
Type PING SYS1. GOOGLE.COM or PING WWW.GOOGLE.COM
- 64 -
SECONDARY ZONE: is a read only copy where you cannot modify the records.
And always it replicates from Primary to Secondary to maintain one more DNS
server for fault tolerance or for load balancing.
TO CREATE A SECONDARY ZONE:
1. In DNS create a Primary Zone with resource records
2. DNS2 Create a Secondary Zone
3. Right Click on Forward Lookup Zone
4. New Zone
5. Check Secondary Zone
6. Next
7. Specify the Zone name of Master Copy
8. Next
9. Assign the IP address of DNS1
10. Add in the list
11. Next and Finish
TO TRANSFER THE RECORDS FROM PRIMARY TO SECONDARY
1.
2.
3.
4.
5.
6.
7.
8.
9.
In DNS 1
Right Click on Primary Zone
Properties
Zone Transfer
Check allow zone transfer (Only to the following service)
Add IP address of Second DNS Server
OK
In DNS2 Right Click on the Secondary Zone Select Transfer from Master
Continue with Finish
- 65 -
DAY 17
PRIMARY ZONE INTEGRATED WITH ACTIVE DIRECTORY:
In Domain Controller by default DNS is configured DNS is one of the important
service which will advertise or publish about Domain controller in the network.
In this DNS by default a zone is configured by the domain name. And only in this
zone you can find Six Service Records for example: The Zone name is
zoom.com
1.
2.
3.
4.
5.
6.
MSDCS
SITES
TCP
UDP = User Datagram Protocol
Domain DNS Zone
Front DNS Zone
AND
PRIMARY
ZONE
- 66 -
- 67 -
STUB ZONE
It is also called as Incremental Zone Transfer. Configure Stub Zone to forward
the Query from one DNS to another DNS. Stub Zone will make a fast naming
resolution or it will create a shortcut zone or a index zone.
Practical:
1. In DNS 1 create a Primary Zone with Resource Records
2. In DNS 2 create a Stub Zone
3. Right Click on Forward Lookup Zone
4. New Zone
5. Next
6. Check the Option Stub Zone
7. Specify the name of the zone of the Master Copy
8. Next > Next
9. Assign the IP Address of DNS 1
10. Next > Next
TO REPLICATE THE RECORDS FROM PRIMARY TO STUB ZONE:
1.
2.
3.
4.
5.
6.
Before creating a stub zone check the IP address of DNS 2 and also check the
resolution in the command prompt.
RESOURCE RECORDS
There are 4 types of Resource Records:
1. Start of Authority (SOA)
2. Name Server (NS)
3. Host Records
4. Alias Records
SOA: Start of Authority serial number will get updated based upon the
modifications done in the existing zone. In a Individual Zone you can add the
Records as well as delete them.
NA: Name Server will give the information about Authoritative DNS Server or the
DNS Server which maintains different mappings of Records.
- 68 -
- 69 -
Create few more zones with different extensions like OU.EDU, HP.ORG, and
USA.NET etc
Refresh the root and check Top Level Domains.
- 70 -
DAY -18
TO CREATE A BACKUP COPY FOR PRIMARY ZONE INTEGRATED WITH
ACTIVE DIRECTORY
1. In DNS 1
2. Check the Zone (Which is created by the Domain name) with 6 SRV
Records
3. In DNS 2
4. Create a Primary Zone with same Domain Name
5. To Display all Six Service Records
Start > Run > Specify the UNC Path
\\sys1\c$
6. Double click windows Folder
7. System 32
8. Config
9. Right Click on NETLOGON.DNS
10. Open with Notepad
11. Copy the Content in that
12. In Sys2 open
C:\windows\system32\dns
13. Open the zone file for ex: Zoom.com.dns
14. And paste the content below the matter
15. From services Restart the DNS Server & Net Logon
16. And Check the result in DNS2 Server
TO TAKE A BACKUP OF PRIMARY ZONES IF THERE IS ONLY ONE DNS
SERVER. THROUGH REGISTRY
1. Open DNS Console
2. Create few zones with Resource Records
TO TAKE THE BACKUP OF ZONES
3. in Run > REGEDIT
4. In the Registry window Expand
HKEY LOCAL MACHINE >
Software>
Microsoft>
Windows NT>
Current Version>
5. Right Click on DNS Server
6. Select Export
7. Select a different drive create a folder named Backup and save the
registry
- 71 -
CONDITIONAL FORWARDERS:
Configure Forwarders to forward the Query from One DNS to Multiple DNS
servers. In 2003 forwarders are known as Conditional Forwarders.
Configure then even for Load Balancing.
Practical:
In DNS one
1. Create few Zones with resource records
In DNS two
2. Change the Preferred DNS to the same system IP Address
3. Open the DNS Console
4. Right Click on the Server
5. Properties
6. Forwarders
7. And Assign the IP Address of DNS One
To check the naming resolution.
In Command Prompt Ping with the created zones in DNS one.
- 72 -
ROUND ROBIN:
Is a one of the best feature in the DNS Server. Configure Round Robin for Load
Balancing Mechanism which is used in DNS Server. For Sharing and Distributing
Network Resources.
IN DNS1
1. Create a zone called Yahoo.com with Resource Records
2. Create 2 or more hosts records. By specifying the server name with
different IP Address
For Ex:
Sys1
10.20
Sys1
10.30
Sys1
10.40
3. Add the IP address in the IP Address Window
4. Click on Advanced
In DNS to confirm or to check Round Robin
1.
2.
3.
4.
To check the Resolution in cmd prompt ping with the zone name.
To Clear the History files or cache use the command IPCONFIG \FLUSH DNS
And once again check with Ping Command the Zone name and check the IP
Address.
- 73 -
DAY-19
IIS
Internet Information Services
IIS VERSIONS
WINDOWS NT
2000 SERVER
2003 SERVER
WINDOWS 98
2.0
5.0
6.0
Personal Web Manager
HTTP
FTP
NNTP
SMTP
It is one of the windows components used for hosting websites with the help of
this service you can publish the data over internet world. IIS is introduced in Win
NT Version 2.0 in Windows 2000 Server Ver 5.0 and 2003 Server Ver 6.0. The
Basic difference between 2000 & 2003 is in 2000 Server O.S. IIS is by installed
by default where as in 2003 Server OS it is not configured with O.S. But in 2003
it provides additional features like:
When you configure IIS it will install with additional services or protocols:
1. HTTP: HYPER TEXT TRASFER PROTOCOL
It is used to publish the data over Internet you can easily manage and
configure websites with this protocol. It uses default port as 80
Note: Port Numbers are logical services from 1 to 1024 numbers are
allotted only for port numbers.
2. FTP: FILE TRANSFER PROTOCOL
To Transfer the files from one location to another or for downloading or
uploading the files we use this protocol. It uses default port as 21
- 74 -
TO INSTALL IIS:
1.
2.
3.
4.
5.
6.
7.
8.
Control Panel
Add / Remove Programs
Add Remove Windows Components
Check Application Services
Click on Details
Check IIS
Ok
Next > Finish
Open IIS
Expand the server & Websites folder
Right Click on websites folder
New websites
Next
Specify the description of any website name
Next
Assign the IP from the List (All Unassigned: Giving a choice of assigning
multiple Ip addresses)
9. In the Host Header SPECIFY THE FORMAT THE WAY YOU ACCESS
THE WEBSITES for ex: www.google.com
10. Next
- 75 -
11. Assign the path of the web pages folder by clicking on browse
12. Next
13. Check Browse
14. Next & Finish
Open DNS Create a primary zone by the website name with Host Records and
Alias.
TO CREATE A HOME PAGE FOR EXISTING WEBSITE:
1. In IIS Select the created website
2. In the Right click on the website name and select the name of the file for
ex: google.htm
3. Copy the Text or name with extension
4. Right Click on the website
5. Properties
6. Select the tab Documents
7. Click on Add and paste the text.
8. Give OK and remove the existing pages
9. Apply OK
10. Open Internet Explorer and access the website www.google.com
BACK UP FOR TAKING HTTP OR FTP SITES:
(XML = Extensible Markup Language)
To take the back of websites
1.
2.
3.
4.
5.
6.
7.
- 76 -
VIRTUAL DIRECTORY
To access sub links or sub WebPages create a Virtual Directory. By configuring
virtual directory you can make the task easy or there is a shortcut way to access
sub pages.
1. Open IIS
2. Right Click on the existing website
3. New
4. Virtual Directory
5. Next
6. Specify the alias name for example: Mail or Messenger
7. Next
8. Assign the path of WebPages
9. Next
10. Check Browse
11. Next and Finish
TO CREATE A HOMEPAGE FOR VIRTUAL DIRECTORY
1.
2.
3.
4.
5.
6.
7.
8.
9.
- 77 -
DAY 20
REDIRECTING WEBSITE
In IIS configure redirection either to block or to restrict websites for client systems
with the help of redirection you can block a single website.
Practical:
1.
2.
3.
4.
Open IIS
Host to Websites
And Create the zones in DNS Server
Access both the websites in Internet Explorer
TO PERFORM REDIRECTION
5. Right click on one of the website
6. Properties
7. Select the tab HOME DIRECTORY
8. Check REDIRECTION TO A URL
9. And specify the format of another website
10. Give Apply > OK
11. To confirm Redirection
12. Open Web Browser (IE) for ex: Specify wwww.zoom.com Automatically it
will redirect to Yahoo.com
DOCUMENT FOOTER
Configure Document Footer to enable Licensing mode for the existing website.
To Publish or to advertise DISCLAIMER PERMISSION use Document Footer.
TO CREATE DOCUMENT FOOTER
1.
2.
3.
4.
5.
6.
7.
- 78 -
In WEB SERVER
Right click on existing website
Properties
Select the tab DIRECTORY SECURITY
Select EDIT (IP Address and Domain Name)
Check Granted Access and Add the IP Address of the client system you
want to Deny.
7. OK > Apply > OK
8. In system2 Open IE and Access the website.
FTP:
To Configure FTP in IIS
1. Control Panel
2. Add/Remove Programs
3. Add / Remove Windows Components\
4. Select Application Server
5. Details
6. Select IIS
7. Click on Details
8. And Check FTP
9. OK and Continue the Wizard
TO CREATE A FTP SITE:
1. Create a Folder
2. Arrange HTML and other files
3. To Create a FTP Site open IIS
4. Right click on FTP site folder
5. New FTP site
6. Next
7. Description : NAME
8. Next
9. Assign the IP
10. Next
11. Do not Isolate Users
12. Give the path of the newly created directory
13. Check Read / Write
Read = Downloading
Write = Uploading
14. Next and Finish
Open Internet Explorer and specify IP address (FTP://11.0.0.1)
- 79 -
- 80 -
Practical:
1. In one of the Drive Create a folder by the name ROOT
2. Inside the Root folder create a folder by the Domain Name
3. Inside the Domain folder create users folder
ROOT
DOMAIN
NAME
FOLDER
USER1
USER2
- 81 -
Username
Directory
- 82 -
DAY 21
ROUTING
SOFTWARE ROUTING
Router: It is a device for enabling the communication between the two different
networks.
Router will make the communication possible between 2 different networks.
There are of 2 types of routers.
1. Software Router
2. Hardware Router
1. Software Router : It is configured with operating system like 2000 and
2003 server in software router even you can configure other services it is
very easy to setup and less expensive.
2. Hardware Router: These are devices specifically used to perform Routing
they provide more efficiency and reliable.
PHYSICAL CONNECTION
SYSTEM1
IP:10.0.0.2
GW:10.0.0.1
SOFTWARE
ROUTER
NIC1
IP:10.0.0.1
SYSTEM2
IP: 11.0.0.2
GW:11.0.0.1
NIC2
IP:11.0.0.1
PRACTICALS:
1. Assign the IP address for 10.0.0.2 network with default gateway 10.0.0.1
follow the same for the 11.0.0.2 network and default gateway 11.0.0.1.
2. In the Software Router Assign the IP address for the both interfaces as
10.0.0.1 and in another one 11.0.0.1.
3. In the software router in Administrator Tools Open the Console Routing
and Remote Access.
4. Right Click on the Server
5. Select Configure and Enable Routing
- 83 -
6. Next
7. Check > Custom Configuration
8. Check > Lan Routing
9. Next > Finish
After configuring Software Router check the communication between 10.0.0.2
to 11.0.0.2.
DHCP RELAY AGENT
DHCP RELAY AGENT is used for assigning dynamic IP address. It converts the
broadcast done by the DHCP & Client to Unicast. Like Assume DHCP Server is
in network A and the client is in network B with this protocol the DHCP Server
can allot a dynamic IP address to the client system which is in Network B.
DHCP SERVER
IP: 10.0.0.2
GW: 10.0.0.1
SOFTWARE ROUTER
IP: 10.0.0.1
CLIENT
IP: 11.0.0.10
GW: 10.0.0.2
DHCP
RELAY
AGENT
Scope Created:
11.0.0.10 to 11.0.0.50
1.
2.
3.
4.
5.
IP: 11.0.0.1
NAT
NETWORK ADDRESS TRANSLATION
Note: NAT is going to work only with static IP address.
NAT is a basic firewall used for tanslating the Private IP to Public IP, thus
providin the security using NAT, one way communication is possible i.e., Private
can access the Public but Public cannot access the Private Network.
By Configuring NAT you can even differentiate Public Network and Private
Network
Private Network
IP: 10.0.0.2
GW: 10.0.0.1
Software Router
Public
10.1
NAT
11.1
INTERNET
NIC
Practicals:
Configure 11.1 Network as a Public and 10.1 as Private Network.
TO CONFIGURE NAT
1. Open Routing & Remote Access
2. Expand IP Routing
3. Select NAT Basic Firewall
4. Right Click on it
5. New Interface
6. Select 10.1
7. OK
8. And Check Private Interface
9. OK
10. Right Click on NAT
11. Select New Interface
12. Select 11.1 Network
13. OK
14. Check PUBLIC INTERFACE and Enable NAT
15. Check the Result by pinging in command prompt
IMP: NAT does not support Dynamic IPs.
- 85 -
DAY22
RAS
REMOTE ACCESS SERVER
Remote Access is a feature that enables Client Computer to use Dial-Up and
VPN connection to connect to a Remote Access Server. A Remote Access
Server is a windows server computer that runs the routing and remote access
service and is configured to provide remote access. There is no difference in
Network functionality for the remote access client execpt the speed of the link is
often much slower then a client connection to Lan.
WAN LINKS
MODEM
PHONE
TELE-EX
TELE-EX
RAS
SERVER
PHONE
MODEM
REMOTE
CLEINT
- 86 -
- 87 -
RAS SERVER
INTERNET
- 88 -
REMOTE CLIENT
- 89 -
DAY 23
TERMINAL SERVICES
Terminal Services
Terminal services is a Windows 2003 component that provides terminal
emulation to network clients. This means that the network clients can access a
terminal server, begin a session with it, and run application from the terminal
server as though the application were installed locally on the users computer.
Terminal Server is a service which is used to name server environment on the
Client PCs, without upgrading the system or the hardware in order to run some
application or to perform some task terminal services are used.
In 2000 Terminal Services works in Relax Mode and Application Server Mode.
In 2003 Terminal Services works in Relax Mode and Full Security Mode.
Remote Administration Mode
Remote Application Mode
REMOTE ADMINISTRATION MODE:
SYS1
Domain Controller
SYS2
Internet
SERVER ADMIN
MEMBER SERVER
In Remote Administration Mode only two users can establish the session in order
to access server desktop. In this mode they cannot access any applications from
server.
Pracs:
1.
2.
3.
4.
5.
- 90 -
Login as a User
Right Click MY COMPUTER
Click on Properties
Remote
Check Allow Users
- 91 -
CLIENT
2
CLIENT
3
- 92 -
In Remote Application Mode more then two users can establish the session to
get Server Environment on their own Thin Client PCs. And even they can access
application from the server.
Practicals:
1. Open Control Panel
2. Add/Remove Programs
3. Add/Remove Windows Components
4. Select Terminal Services
5. Next
Installs the Terminal Services
6. Next
7. Check Full Security
8. Next & Finish
System will Restart
TO PROVIDE GROUP OF APPLICATIONS FOR USERS
In System1
1.
2.
3.
4.
Open MY COMPUTER
One of Drive
Create a Text Document
And Specify some applications like WINWORD.EXE, NOTEPAD.EXT,
CALULATOR.EXE
5. And save the file with extension as BAT
To assign the path
6. Open Terminal Services Configuration
7. Right Click on RDP
8. Properties
9. Select the tab Environment
Ex: C:\GROUP.BAT
IN SYSTEM2 LOGIN AS A USER AND ESTABLISH A SESSION
Login as a User Automatically you can find different application one after one
TO INSTALL REMOTE DESKTOP CONNECTION
1. C:\windows\system32\clients\tsclients\win32\setup.exe
- 93 -
DAY 24
ISA
Internet Security and Acceleration Services
ISA is called as a Software Router
ISA Server
ISA Server is a upgraded version of Microsoft Proxy 2.0 with built-in Firewall
PROXY
FIREWALL
FIREWALL: Firewall is a device which will secure and protect network resources
it forms network between the gateway and ensures only authorized users to
access valuable data. ISA is a software Firewall.
Proxy Server: Proxy server will emulate like a web server. The benefit is for
speed up the respond time and also for faster internet access.
CLIENT
192.168.1.2
PROXY SERVER
INTERNET
192.168.1.1
Hacking: Taking over your resources or attempt to bring down your server.
Types of Attack:
1. Foot Printing: The way to know the Operating System and IP of the Server
2. Scanning: Scanning System for bugs and loopholes.
3. Dos Attack: Denial of Service
- 94 -
SOFTWARE ROUTER
ISA
1
1 NIC=
IP: 10.0.0.2
DG:10.0.0.1
DNS: 202.153.32.2
2 NIC=
IP: 10.0.0.1
DNS: 202.153.32.2
3NIC=
IP: 202.153.32.1
DNS: 202.153.32.2
4NIC =
IP: 202.153.32.2
GW:202.153.32.1
DNS: 202.153.32.2
WEBSERVER
Practicals:
In System 3
1.
2.
3.
4.
5.
- 95 -
In System2
1. Install ISA by opening one of the Drive ISA2K Standard > ISA > Setup.exe
2. Click on continue twice
3. And Provide the CD Key as all ones
4. Select on I Agree
5. Full Installation
6. Integrated Mode
7. Continue
8. Select the Drive and Give OK
9. Add the IP Address of the Private Network.
10. Add in the list
11. Give OK for twice
TO INSTALL SERVICE PACK
1.
2.
3.
4.
5.
Practicals:
TO ALLOW CLIENT SYSTEM TO ACCESS THE WEBSITES
IN SYSTEM2
1. Open ISA Management
2. Expand Services and Arrays
3. Expand the Server
- 96 -
In ISA management
Express Policy Elements
Right Click on Destination Set
New Set
- 97 -
5. Give Name
6. Click on Add
7. Check Destination
8. And Specify the website name
9. Expand Access Policy
10. Right Click on the Site and Content Rule
11. New Rule
12. Specify the Name
13. Next
14. Check Deny Access based on Destination
15. Next
16. From the list select SPECIFIED DESTINATION SET
17. And select it from the name list
18. Next & Finish
In system1 open internet explorer and try to access the website which you have
blocked.
REDIRECTING WEBSITE:
To redirect a particular website
1. Remote Existing Destination Set
2. And Site and Content Rule
3. Create a Destination Set by Right clicking on
4. Give set name as yahoo redirection
5. click on Add
6. Check Destination
7. Assign website name
8. Expand Access Policy
9. Site and Content Rule
10. Create a new rule
11. Specify the name
12. Next
13. Check (HTTP Request) and specify the website name following http for
ex: http://something.com
14. Next > Check Deny Access based on destination
15. Next
16. Specified Destination Set
17. Select it from the list
18. Next and Finish
In System1 try to open internet explorer and try to access yahoo website and
it will redirect you to another website.
- 98 -
DAY 25
RIS
TO CREATE A IMAGE
1. Create a Primary Partition with 2 GB formatted with NTFS
To take the Image, from Admin Tools select RIS Services Setup
2. Next
3. Assign the CD Drive Path
4. Next
- 99 -
5.
6.
7.
8.
Next (WINDOWS)
Next (USER FRIENDLY DESCRIPTION)
It shows you summary
Next & Finish
RIS PROCESS
REQUESTING FOR IP
DHCP
SERVER
DNS
DHCP
CLIENT
REQUESTING FOR DC IP
GIVING DC IP TO THE CLIENT
REQUESTING FOR RIS IP
DOMAIN
CONTROLLER
RIS
This whole process is known as BINL, this one of the service of RIS Server they
are three RIS services.
BINL
TFTP
SIS
BINL: Boot Information Negotiation Layer
It manages the overall RIS Process. It makes the client to boot through the
network sequential order as above given diagram.
TFTP: Trivial File Transfer Protocol
It transfers Image files from RIS Server to Client. TFTP basically transfers Client
Installation Wizard. It also saves time to resume the installation during power
failure.
- 100 -
Prestaging
By prestaging the client, the administrator can define a specific computer
name, and optionally, the RIS server that can service the client:
1.
2.
3.
4.
In the next dialog box, you are prompted for either the
globally unique identifier (GUID) or universally unique
identifier (UUID) of the computer itself and whether you
intend to use this computer as a managed (Remote OS
Installation-enabled) client. Enter either the GUID or UUID,
- 101 -
DHCP SERVICE
DNS SERVICE
RIS SERVICE
SIS
TFTP
- 102 -
4.
5.
6.
7.
8.
4. Edit
[USER DATA]
After COMPUTER NAME
type
PRODUCT ID = 4587-4587-4545-4597 (product key)
[REMOTE INSTALL]
REPARTITION = NO
USEWHOLE DISK = NO
5. Save the File
CREATING A ANSWER FILE THROUGH SETUPMGR.EXE
1. Insert the OS CD
2. Open the CD Drive where the image is created
3. Follow the path
Support\tools\Deploy. cab
4. Right Click
5. Select Extract
6. While extracting give the path either Desktop or My Documents
7. On Desktop you can find the file SETUPMGR.EXE
8. From the Menu Create a New Answer file
9. And follow the steps according to the questions
10. Finally save the file in the below given path.
Remoteinstall\Setup\English\Images\Windows\i386\Templates
- 103 -
- 104 -
DAY-26
DISK MANAGEMENT
Disk Management: it is a tool or utility which will help to manage the hard disk
more efficiently.
The new hard disk is called RAW HARD DISK or PRE FORMATTED HARD
DISK.
You cannot store the data directly on the Raw Hard Disk.
First you need to create the partitions and format it.
Partitioning is dividing the Hard Disk and Formatting is creating file systems on
the Hard Disk which is identified by the Operating System.
File System provides hierarchical structure to store files or directories, where
operating system can identify and retrieves the files back.
For Example:
FAT 16
FAT 32
NTFS = New Technology File System
EFS = Encrypted File System
EFS is not a file system it is one of the feature of NTFS file system
TYPES OF DISK
There are 2 types of DISK
BASIC & DYNAMIC
BASIC: Basic Disk is a disk which will follow industrial standards while
partitioning and formatting it. The storage unit in the basic disk is called partition.
And it supports all types of file system.
In 2000 and 2003 you can create 4 Partitions, either 3 Primary and 1 Extended.
DISK PART
To extend the size or to allocate extra space for the existing partitions use
Diskpart.
- 105 -
CONVERT D:/FS:NTFS
Drive Letter
MOUNTING
Create Mounting in the Basic Disk, in case if all the Drive letters are assigned
you can use Mounting.
PROCEDURE TO CREATE MOUNTING:
1. In the existing Drive create a folder and Rename it.
2. Open Computer Management
3. Right Click in Unallocated Space
4. New Partition
5. Next
6. Check Primary Partition
7. Allocate the space
8. Next
9. Check (MOUNT IN THE FOLLOWING EMPTY NTFS FOLDER)
10. Click on Browse
11. Expand the Drive
12. Select the folder which is created newly
13. Give ok
14. Next & finish
To confirm open My Computer and open the drive where you have created
the folder you will find the directory changed as Drive.
- 106 -
DYNAMIC DISK
DYNAMIC: Dynamic Disk is a disk which will not follow industrial standards while
formatting or partitioning it. The Storage unit in Dynamic Disk is called Volume.
And it supports only NTFS file system.
On to the Dynamic Disk you cannot install Operating System. You can convert
from Basic to Dynamic without loss of Data, but you cannot convert from
Dynamic to Basic if done there will be loss of data.
TYPES OF VOLUMES
1. Simple Volume
2. Spanned Volume
3. Stripped Volume
4. Mirror Volume
5. Raid -05 Volume
No Fault Tolerance
SIMPLE VOLUME: You can create simple volume on to the Dynamic Disk. It
cannot span or utilize the space onto one more Dynamic Disk.
Requirements
Minimum 1 Disk
Maximum 1 Disk
- 107 -
Fault Tolerance
NO
Normal
Simple volumes can be mirrored and even extend the size or space.
Procedure to Create Simple Volume
1.
2.
3.
4.
5.
6.
7.
8.
SPANNED VOLUME
If the Simple Volume is extended to another Dynamic Disk it is known as Span
Volume.
Requirements
Minimum
Maximum
Fault Tolerance
NO
:
:
2 Disks
32 Disks
Normal
Disk 2
Disk 32
Fault Tolerance
NO
Fast
- 108 -
Minimum
Maximum
Normal
Fault Tolerance
Yes
2 Disks
2 Disks
RAID-05
RAID = Redundant Array of Independent Device
Data Mode in Raid-05
A
AD
CD
AB
- 109 -
6.
7.
8.
9.
- 110 -
Day-27
Advanced Topics
RSOP
Resultant Set of Policy
(For More Console which are not shown normally in Admin Tools type this
command: ADMINPAK.MSI)
To view the list of policies which is applied on any individual level, either Domain
Level or OU Level, with the help of RSOP you can find the list of policies which is
applied on any container, but you cannot edit or modify the policies.
Procedure:
1.
2.
3.
4.
5.
6.
7.
In RSOP window expand Administrative Templates and Select the list of Policies.
To add RSOP Console in Admin Tools. Add it from MMC
GPMC:
GROUP POLICY MANAGEMENT CONSOLE
It is a third party tool from Microsoft.
GPMC comparing to RSOP it has all additional features like creating New
Policies, Modify the existing Policies, etc.
Procedure:
Before installing GPMC apply the policy on Site Level, Domain Level and on OU
Level.
- 111 -
To Install GPMC
1.
2.
3.
4.
5.
6.
- 112 -
- 113 -
SCRIPTS
Scripts are used to give messages or intimation to the users within the Domain.
Procedure:
1. Create a Shared Folder
2. Create a Text Document and Add WSCRIPT.ECHO YAHOO(Add any
message you want to intimate to the users)
3. Save the file with the extensions .VBS or .VBE
4. Before applying the policy execute the program
5. To Apply the Policy
6. Right Click on OU
7. Properties
8. Select Group Policy
9. Create a New Policy
10. Click on EDIT
11. Expand Windows Settings
12. Select Scripts Logon / Logoff
13. Double click one of them from the list
14. Click on Add
15. Specify the UNC Path
16. Using Browse or Assign the UNC Path Manually
17. To Confirm the Scripts
18. Login as a User
19. And you will find a popup window with Yahoo
- 114 -
VSC
Volume Shadow Copy
Create volume shadow copy to maintain the backup of share folders or even to
update day to day information in Volume Shadow Copy. It is one of the new
features in 2003.
Procedure:
To Create Volume Shadow Copy
1.
2.
3.
4.
5.
6.
7.
8.
9.
- 115 -
DISK QUOTA
You can give disk quotas on drives formatted with NTFS file system to monitor
and limit the amount of disk space available to individual users.
It is only for Individual System
Procedure:
To Apply Disk Quotas for Individual Users.
1. Right Click on one of the Drive
2. Properties
3. Select the Tab Quota
4. Check Enable Quota Management
5. Check Disable Disk Space
6. Click on Quota Entries
7. Click on Quota Menu
8. Click on New Quota Entry
9. Add the user
10. Click on Check Names
11. Give the Entry
12. Check the Limit Disk Space and Warning Level
13. After allocating the space to the user
14. Login as a user and Confirm it from MY COMPUTER
- 116 -
MBSA
MICROSOFT BASELINE SECURITY ANALYSER
It is a third party tool provided by Microsoft.
It is used to scan the entire system or even another system in the network
To scan the information of any system which is in the Network, the minimum
requirements is Computer Name or IP Address.
MBSA will scan all the Lope Poles of the Current System or another System
Procedure:
1.
2.
3.
4.
5.
6.
7.
***********************
- 117 -