Intro to Systems Administration

WINDOWS SERVER 2003

Table of Content
Creating User Accounts Creating Group accounts Creating Computer Accounts Group Policy Disk Space, Sharing and Permissions Disk Management

Creating User Accounts

In the Active Directory Users and Computers, one can manage or change the settings of user accounts. How to?
1.Click start -> Administrative Tools ->Active Directory Users and Computers. 2. Right click the users container -> New, and click User. 3. Enter Name and Last name, and then enter the User Logon name, e.g. petruss/ spetrus 4. Ensure that your domain is correct then click Next. 5. Enter your password twice to confirm it. (Complex Password) 6. Can choose then if user should change password at next Logon, or not.

Group Accounts
Group accounts help to minimize the administrative effort associated with assigning rights and permissions to users with common needs. You have two different types in Windows Server 2003 1) Security Groups q A Security Identifier (SID) that allows groups assigned permissions to resources as well as rights to perform various tasks defines this group. 2) Distribution Groups q Are used when sending an e-mail to a group, which then sends it to all members of that group.

Group Accounts : Scope

Whether a group is a security group or a distribution group, it is characterized by a scope. The Scope identifies the extent to which the group is applied in the domain tree or forest. Different Scopes
Universal Global Domain Local

Creating Group Objects

1.Click start -> Administrative Tools -> Active Directory Users and
Computers. 2. Right click the users container -> New, and click on Group. 3.Enter the New Group Name in the box, select the group scope, local or global, and then choose the Group type, Security or Distribution, then click OK to create the group. 4.Then double click the group name to view its properties, click the members tab. Use add button to add users or other groups to the group created, then click OK to close properties box.

To create and manage Computer accounts.

Computers are also required to have accounts in Active Directory 1. Click start, select Administrative Tools, and click on Active Directory Users and Computers. 2. Right-click the computers container and then select New, then click Computer. 3. Enter the workstation name, and then click Next. 4. In the Managed screen, click Next. 5. Then Click Finish and the new computer will appear in Computers container. 6. Right-Click the new Computer name, and click properties to view and change the settings of new computer.

Group Policy
Administrators use Group Policy to define options for managing configurations of servers, desktops, and groups of users. Local policy settings can be applied to all machines, and for those that are part of a domain, an administrator can use Group Policy to set policies that apply across a given site, domain, or range of organizational units (OUs) in the Active Directory
Introduction to Group Policy in Windows Server 2003 Microsoft Corporation Published: April 2003

Group Policies
Group policies deal with account lockouts, passwords and Kerberos etc. Lockout: - Number of times a user can try to login before being locked out. Passwords: - Enforce password history, defines the number of passwords to be unique before a user can reuse an old password. (After how many days should a user change their password.) Kerberos: - Enforce user logon restrictions using Key Distribution Center (KDC. To view group policies: 1. Right Click the Domain object in Active Directory Users and Computers, then click on Properties. 2. Click on the Group Policy tab, and then click on the Edit button to show account policies.

Managing file access, disks and disk Storage

Why have a network?
The Sharing of network resources Network resources need to be secured Restrictions and permissions Administrator can limit certain groups and give complete control to others. (Windows Server 2003).

Shared folders

These are data sources that have been made available over the network to authorized users. Centralized network resources through the use of shared folders There are two ways of creating shared folders:
Creating a shared folder using Windows Explorer Creating a shared folder using Computer Management Console

Creating a shared folder using Windows Explorer

1. Open Windows explorer and create a new folder under c:drive, 2. Right click on folder -> Sharing and Security. 3. In the sharing tab, click the share this folder radio button, and the name of the share in the text box. 4. Then Click OK, and folder should be shared. 5. To verify browse to your network folder and view shared folder.

Creating a shared folder using Computer Management Console

1. Right click on My Computer and click on Manage. 2. Click the + Symbol next to Shared Folders, and click on Shares 3. Right click the Shares folder and click New Share 4. At folder path, type in folder or browse location, then click Next 5. If folder does not exist you will be prompted to create by clicking Yes. 6. At Permissions screen choose permission type for folder then click finish.

Implementing Shared Folder Permissions

1. Under Sharing and Security of folder click on Permissions. 2. Click on Add to select users, computer or groups to add. 3. Then select permissions Full Control, Read, or Change. 4. Then click Apply and OK.

Windows Server 2003 supports 3 types of file systems

a) FAT File System: Used by DOS and is supported by all Windows OS since. Win Server 2003 supports partitions for FAT up to 4GB of space. FAT has a partition size limitation, and it has no security features. b) FAT32 File System: Supports much larger partitions up to 2Terabytes. Does not have any advanced security features e.g. permissions on files and folders resources. c) NTFS File System: Introduced in Win NT OS. Supports in practice from 2Terabytes to 16Terabytes, but is capable of addressing up to 16 Exabytes. Comes with better performance, greater scalability, supports for Active Directory, and has the ability to configure security permissions. It has support for remote Storage, and has recovery logging of disk activities.

NTFS Permissions
These permissions can only be applied on files and folders that exist in partitions formatted with NTFS file system. NTFS permissions are configured through the Security tab, and its cumulative, that means if a user is member of different groups, his permissions are all permissions put together. It can be set at file or folder level, and child folders and files inherit permissions unless otherwise specified.

Implementing NTFS Permissions

1. Under the Sharing and Security of Folder, select the Security tab 2. Click the Add button to add user, computer and groups. 3. Then select permission for different users, either Full Control, Modify, Read & Execute, Read, Write etc. 4. Click the advanced button, to specify inheritable properties. 5. To remove any Groups or Users, click on Remove. 6. Then Click Apply and the OK.
For special permissions, click advanced button and modify Permissions for users and groups. When Shared folder and NTFS permissions are combined: Over a network the most restrictive permission of the two becomes the effective permission. When a file is accessed locally, only NTFS permissions apply.

Disk Management :
Windows 2003 Server supports two data storage types

Basic Disks
Uses traditional Disk management Techniques and contains primary and extended partitions and logical drives, any can be configured with FAT, FAT32 and NTFS. Each partition acts as a separate storage on the disk. If more then one primary partition is configured, only one can be marked as the active partition.

Dynamic Disks
Does not use partitions, but volumes instead, because they provide additional features and capabilities. Provides a new flexibility, as there are basically no restrictions to the number of volumes that can be implemented on the disk. Not restricted to the size initially configured.

Basic Disks
Primary Partitions: There are at least one configured on a drive Usually contain the operating system start-up files at the beginning of the partition. The active primary partition is where the computer looks for the hardware specific files to start the OS. Extended Partitions: Created from space that is not yet partitioned, meaning space that is left after primary partition has been created. Can only be one extended partition on a standard basic Disk. It is not formatted or does not have a drive letter assigned. Once created, it can be further divided into logical drives each getting their drive letter. The disk is described as logical because it does not actually exist as a single physical entity in its own right

Dynamic Disks Volume Types

Simple volume: - Is dedicated and formatted portion of disk space, which can be extended by adding, unallocated space to the volume later. Note!! Only if formatted with NTFS, can it be extended.
Spanned volume: - Consist of space of combining from 2 to 32 Dynamic Disks and treat all as single volume, thus reducing the number of drive letters. Any new disks added then the spanned volume can be extended to include it. Note!! If one disk fails, the entire volume is inaccessible. Striped Volume: - Extends the life of the hard disk drive by spreading data equally over two or more drives, thus one drive does not work more then the other. Also increases performance, because read and writing to disks is faster as it would have been with only one drive, thus it is useful when storing large databases and data replication from one volume to another. Note!! Data can be lost if one or more disks in striped volume fail.

Managing partitions and volumes

Managing your Disk properties using Disk Management Tool. 1. 2. 3. 4. 5. 6. 7. 8. Right-Click My Computer and click Manage. Expand Storage, and click Disk Management. To check your drive properties, right click the drive and click properties. Here you have different options like, Tools, Hardware, Sharing, Shadow Copies, Quota and Security to configure your drive. In the lower right pane, right Click Disk 0 and click Properties, showing the properties page for the disk drive. The Policies tab is used to configure write caching and safe removal settings. The Volumes tab lists all partitions configured on the Disk The Driver tab allows you to view details about currently installed driver.

Creating and Deleting a Primary Partition.

1. In Disk Management, right click Disk 0, and click New Partition. 2. Click Next, at New Partition Wizard. 3. Then select the Primary Partition radio button and click Next. 4. Specify the size of the partition in MB, and click Next. 5. Then assign the drive letter and click Next. 6. Then check Perform a Quick format and click Next and the Finish. 7. To Delete Partition, right Click the Volume and select Delete Partition.

Creating an extended Partition

1. In Disk Management, right click Disk 0, and click New Partition. 2. Click Next, at New Partition Wizard.

3. Then select the Extended Partition radio button and click Next.
4. Specify the size of the partition in MB, and click Next and then Finish

Creating a logical Drive

1. In Disk Management, right click Disk 0, and click New Logical Drive. 2. Click Next, at New Partition Wizard. 3. Then select the Create new logical drive option and click Next. 4. Then specify the size in MB, and click Next. 5. Select the drive letter and click Next. 6. Then select Format this partition with the following settings, type in the Volume label, and click Next and then Finish.

Converting a Basic Disk to a Dynamic Disk.

1. 2. 3. 4. 5. 6. Right-Click My Computer and click Manage. Expand Storage, and click Disk Management. Right Click Disk 0 and click Convert to Dynamic Disk Then click OK, and click on Convert. If Disk Management Dialog appears the click Yes. Then Click Yes to confirm that the file systems on disk will be dismounted 7. Then computer will be rebooted when done.
Note !! To go back to basic disk, all volumes will have to be deleted, so back-up your dynamic disk, and restore from backups later.

Disk Management:
Fault Tolerant disk Strategies
Allows setup of the system to recover from hardware and software failure. Windows 2003 Server allows this fault tolerance through software RAID (Redundant Array of Independent Disks):- which is a set of standards for lengthening disk life, preventing data loss and enabling relatively uninterrupted access to data. RAID is setup depending on level of fault tolerance. Your Server will include either 2-3 harddrives with RAID controllers. The Harddrives are controlled through these controllers depending on how it has been setup, whether it be for backup, or for speed. Lets look at the different levels of RAID setup.

RAID Levels
1) RAID level 0: - Striping (Striped Volumes) with no other redundancy features, it is just for extending disk life and improve performance. 2) RAID level 1: - Used for simple mirroring, providing a means of duplicating the operating systems files in the event of disk failure. It places the backup on a different controller that is used by main disk. This RAID is much slower as all data has to be written twice.

3) RAID level 2: - Uses an array of disks whereby the data is striped across all disks in the array, and it contains errorcorrecting information on each to reconstruct data from a failed disk.

Raid levels
4) RAID level 3: - Same as level 2, but stores the error correcting info only on one drive, so if that drive fails cannot reconstruct the data. 5) RAID level 4: - Same as level 2, but can perform checksum verification, which is the sum of bits on a file. So when disk fails and data is reconstructed, the reconstructed file size is compared the checksum size, and if the two dont match then files might be corrupted. 6) RAID level 5: - Includes striping, error correction and checksum verification, and all are spread across all of the disks. However this RAID uses more memory then others. Recovery for this RAID provides same guarantee as with disk mirroring (level 1), and has much faster read access then Level 1.

Disk Maintenance and Management Utilities

There are a variety of Utilities apart from the Disk Management Tool, which you access by opening the properties of a drive. To name a few: Check Disk: Allows for scanning of disk for bad sectors and file system errors. CONVERT: Command line utilities for converting file systems from FAT FAT32 or volumes to the NTFS file system. DISK Cleanup: For removing of temporary internet files, downloaded programs, files in Recycle bin, windows temporary files and installed programs no longer used. Disk Defragmenter: - locates fragmented folders and files and move them to a location on the physical disk in a contiguous order.

References
MCSE (Exam 70-294) Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure 2nd Edition, Published by Microsoft Press 2006. Jill Spealman, Kurt Hudson, and Melissa Craft with Anthony Steven of Content Master, ISBN: 0-7356-2286-8 Windows Server 2003 Weekend Crash Course Published by Wiley Publishing 2003. Don Jones, ISBN: 0-7645-4925-1 Active Directory Cookbook Published By OReilly 2003. Robbie Allen, ISBN: 0596-00464-8