WINDOWS SERVER 2003

W I N D O W S 2003


 Common Feature of 2000 Server and 2000 Professional

1) NTFS file system
a) File and Folder Level Security
b) Disk quota
c) File and Folder Encryption (EFS)
d) Compression

2) Group Policy
a) Restrict Users from Desktop Changes, Icon Changes, Start Menu Changes Option etc…
b) Used to Display / Permit to install Software on Client PC.

3) Management
a) Fault Tolerance by Using Dynamic Disk
b) RAID (Redundant Access Interconnected Disk ) Level

4) Terminal Services
a) Accessing Desktop of Server from Client Side or allow to Administer the Server Remotely
b) Use Server’s Desktop in Application Mode.

5) DFS (Distributed File System)
Used to, Recollect all Files Which Are Distributed in Different Server in A Network.

6) ADS (Active Directory Installation)
It is a hierchical Database Structure.



 Extra Feature of Windows XP & 2003 Server

1) Roll Back Driver ( Related to Hardware in PC)
Used to Load Back Previous Version Driver of any Hardware

O R

Used to Degradation of a Device Driver from its Upgraded Version.







2) Remote Desktop
This feature is used to Access desktop of PC from another PC (In case of XP, Which Desktop is opened their user will automatically logoff, but in 2003 Server User will not logoff.)

3) Remote Assistance
Using this Feature we can Chat, Talk, and Send files from one PC to Another PC and take full control of PC.

4) ASR (Automatic System Restore)
It creates Image File of System configuration.
Which is used Recover the Operating System along with its Settings at Disaster.

5) Shadow Copy
Used to Create Multiple Images of a Single File with Changes done in that file, File u want can be restore.

6) SUS ( Software Update Services)
The SUS helps to Download Updated Patches and fixes from the Microsoft Update Server and distribute it to all the Clients PC.


Forest is a collection of tree.





 Installation


Win XP Hardware Requirement Win2003 Ser Hardware Requirement

Pentium- 233 MHz Pentium- 133 MHz
RAM- 64 MB RAM- 128 MB
Disk Space- 1.5 GB Disk Space- 2 GB



Server Edition
1) Standard Edition
2) Enterprise Edition
3) Web Edition
4) Data Center Edition

Options

• Per server number of concurrent connections:-
To register for license of no of clients which is going to connect with this server i.e? License of how many users are required

• Per Device of per user:-
This is selected if this server or device going to connect with how many Server (Domain).

Note: Per server can be converted in to per device (seat) but per seat cannot be converted in to per server.

ACTIVE DIRECTORY SERVICE

 Installation of Active Directory

Requirement:
i) Windows 2003 Server

Configuration:
Start-Run-Type “dcpromo”-Press ‘Enter’-Press ‘Next’-Select Domain Controller Type:
o Domain Controller For a new domain ()
o Additional domain controller for a existing domain.
Note: Second option (if selected) will delete all local accounts n this server. Second Option selection means replication of existed domain.


Click ‘Next’- Select domain Type:
o Domain in a new forest ()
o Child domain in an existing domain tree
o Domain tree in a existing forest
‘Next’ – Type DNS name (E.g. Jetking.com) - ‘Next’- Domain Net
BIOS name will appear automatically (Jetking) – Click ‘Next’- You can give path of Active Directory Database (as per hard disk space):
Data Base folder:
Log Folder:
(Keep it default path given)

Click ‘Next’- You can give path of “Sysvol” folder
Note: It should be on NTFS partition
Click ‘Next’-It will display registration Diagnostics with three Options below:

o I have corrected problem. Perform the DNS diagnostic test again
o Install and configure the DNS server on this computer()
o I will correct the problem later by configuring DNS manually (Advanced)
Click on ‘Next’- Permission Dialog box will display:
o Permission compatible with pre-window 2000 server operating system
o Permissions compatible only with win2000 or win2003 operating system.
Click on ‘Next’- Directory service Restore mode password dialog box will display

Note: This password will use in restore mode of 2003.

Click on ‘Next’- Summary – then Process will start – Click on ‘Finish’-Then it will ask u “Restart Now”- Restart system for effect.


 Five New Option will Add In Administrative Tools
1) Active Directory domain and trust
2) Active Directory Sites and Services
3) Active Directory Users and Computers
4) Domain Controller Security Policy
5) Domain Security Policy


 Uninstall Active Directory

Requirement:
i) Windows 2003 with Active directory installed

Configuration:
Start – Run – Type “dcpromo” –Click on ‘Next’ – Another Dialog box will appear of Global Catalog server – Click ‘Ok’ – Check box of “This sever is the last domain controller in the domain” – ‘Next’ –Application Directory partitions dialog box will appear – ‘Next’ – Check box of “ Delete all application directory partition on this domain controller” – ‘Next’ – It will ask for new password (You can change password or keep it blank ) – ‘Next’ – Summary will display- Process will start- click on ‘Finish’ – Restart now dialog box will appear – click on it.



 Setting Done Security Policy After DC Promo to Perform Different Practical


1) Domain Controller Security Policy :- a) Local Policy – User rights assignment (Double Click) – In right pane, allow logon locally (Double Click) – Click on “Add user or Group” – Add ‘everyone’ or Type ‘everyone’ in box – ‘Apply’ – ‘Ok’

2) Domain Security Policy :- a) Account Policy ( In Security Setting )

i) Password History (Make it zero)
ii) Minimum password length (Make it Zero)
iii) Password must meet complexity requirement (Make it Disable)

b) Local Policy (Below) –Click on ‘ User rights assignment’ – Double click on “ Allow logon locally” –Check box of “ Define these Policy Settings “ – Add ‘Everyone’ and ‘Administrators’ group or type in box “ everyone ; administrators “ By clicking on ‘ Add User or Group’ . – ‘Apply ‘– ‘Ok’

To get effect of these changes go to Start – Run – Type “ gpupdate “ – Click ‘Ok’ to make changes enable ( Sometime you have to do this for more than two times)



 Joining A client PC to a Domain Controller


Requirement: i) Windows 2003 Server O.S. with Active Directory Installed ( E.g. Jetking.com
ii) Windows 2000 professional / Windows XP as a Client


Configuration:
From Client Side :
Select ‘My computer’ – Right click ‘ My computer’ - ‘Properties’ – Select ‘ computer Name ‘ Tab – Click on ‘Change’ – Select ‘Domain ‘ Radio button –Type Domain controller name without extension ( E.g. Jetking) – Give username and password of 2003 server – Click on ‘ Ok’ – After sometime you will see display of “ Welcome to Jetking domain” – It will ask to restart

How to Check No of Clients:
In Server go to Active Directory users and computers – Click on plus (+) sign followed by Domain Name – Click on ‘Computers ‘below – You will see name of Client computers on right hand side.


PROFILE

i) Local Profile: User Created in local machine (Without Active directory Installed). By logging in to local machine with this user will create Local Profile.
ii) Roaming Profile: User can login from any machine in network created by Administrator. User can change setting and save it
iii) Mandatory Profile: To impose restriction on User, this profile is created. In this User can change setting (like Background, fonts, appearance etc..) but can’t save it.


Requirement:
i) Windows 2003 Server with or without Active directory

Configuration:

 How to Create Roaming Profile

i) Create folder ( E.g. ABC) in any partition, share it and give full control to ‘everyone’
ii) Select local user ( E.g. Ranvir) from admin tools to whom Roaming profile is to be applied- Right Click on it- Select ‘ Properties’ –Select ‘ Profile’ Tab – Type in “ Profile path”
\\machinename\SharedFoldername\Username (E.g. \\pc1\abc\ranvir)
- ‘Apply’ – click on ‘Ok’

How to Check:
Login as a user ( E.g. Ranvir) – My computer- Right click- ‘Properties’- Select ‘advanced’ tab- Click on Middle ‘Setting’ button of ‘User Profile’

 How to Create Mandatory Profile (Local Profile to Mandatory)

i) Create folder (E.g. Man) in any partition, share it and give full control to ‘everyone’.
ii) Create any user (E.g. Ravi) in domain or local machine and login by that user.
iii) Logout from that user and login by administrator.
iii) Right click that user (Ravi) – Select ‘Properties’ – Select ‘Profile’ Tab- Type in “Profile Path”
\\machinename\SharedFoldername\Username (E.g. \\pc1\man\ravi)
iv) Double click to Drive where O.S. is installed – You will find folder “Documents and Settings” – In that folder you will find folder name of the user (E.g. Ravi) -
Go into that folder- Unhide folder and files in that folder by
a) Go to Tools menu – Select Folder options – Click on ‘View’ tab- Select “Show hidden files and folder”

- You will find some files and folder in that user name folder- Check out one file “NTUSER(DAT file) “ (not ntuser.dat text file of 1kb) – Rename that file “NTUSER “ to “NTUSER.MAN” file – Login by that user



 How to Create Mandatory Profile from Roaming Profile

i) Login by that user which already have “Roaming Profile”-Go to that drive in which u have created folder and share it (That folder which path is given in profile path of user)-You will find one folder on the name of user-Go to that folder-You will find different folder and files if you have selected
“Show all hidden files and folder”-
And Uncheck box of “Hide Extension for all know types”
“Hide protected Operating system files”
From tools - folder option - view menu.
You will find one file of NTUSER.DAT (Not file of 1kb) –Change the extension of that file to NTUSER.MAN.-Close all window and login by user again.

How to Check:
Login as a user ( E.g Ravi) – My computer- Right click- ‘Properties’- Select ‘advanced’ tab- Click on Middle ‘Setting’ button of ‘User Profile’ – you will find Mandatory Profile followed by username





For network which has more than one Sever. It is used to recollect files stored in different server i.e. client of any server can access any file using this application. This Service will allow access to all important files from place which is stored in different server at one location.

.






















 How To Perform DFS(Distributed File System)

Requirement:
1) All should have 2003 Server
2) Server1 and Server2 should be member server of Server1
3) All Pc should be Domain.

Note: Point 1 and 2 are not necessary. You can perform practical without these points also.


STEPS TO BE PERFORMED

DFS Configuration: (In Server 1)
Start – Administrative tools- DFS (Distributed File System) – Box of DFS Will open- On left side right click on “Distributed File System” – Different Options will be displayed- Click on “New Root” – Click ‘Next’- You will find two options
o Domain Root (Select if Active Directory is installed)()
o Stand alone Root (Select if machine is local machine)
Suppose your machine is domain ( i.e. Active directory is installed)-Select first Point – Click on ‘Next’- It will display domain name of machine in which you are performing practical- Click on ‘Next’- It will ask for Server - type server name (E.g. pc2.heaven.com) – ‘Next’- Next dialog box will be of root name- Type “dfsshare” as a root name (Note: You can also type another name) – ‘Next’ – Next box will ask you for folder where you DFS data will be stored-Create folder by clicking on “New Folder” in any Drive or give path of already created folder using “Browse” button- ‘Next’ – Click on ‘Finish’- You will find “\\pc2\dfsshare” in right pane and in left pane “ \\heaven.com\dfsshare”

Create Link of Files( which u want to see at a time)
Right click on \\heaven.com\dfsshare - Select “New Link” – Dialog box will be displayed- In first Bar type Any Link name (E.g. File A) – Click on “Browse” button and give path of the folder which you want to link from any of the Sever for e.g. Server 2(Using Network Places – Entire Network – Microsoft Windows Network – Any Domain name) –After Selecting particular folder Click on “OK”

You can also link other folders (for e.g File B and File C) same by selecting “New Link”

Note: If there is no Active Directory (dcpromo), link folder by IP address (e.g. \\192.168.0.1\foldername)

How to check from Client (or Any of the Server1, Server2, Server3):
Start-Run-Type “\\pc1\dfsshare (Where Pc1 is server where DFS is installed and dfsshare is root name which was given)



DNS (DOMAIN NAME SERVER)

This service is used to resolve from IP Address to Hostname and Host name to IP Address. When you are aware about hostname of client, you can identify its IP Address or vice versa.



 Installing DNS (With no Active Directory)
Start- Control panel- Add Remove program- Windows setup- Networking Services- Check box of DNS


1) To Create Primary DNS ( For Host name to IP Address or IP Address to Host name Resolution )

A) (For Host name to IP Address resolution)
Administrative tools-DNS-Click on Plus(+) sign followed by machine name in left pane- Click on Plus(+) sign followed by Forward Lookup Zone- Select “Forward Lookup Zone”-Right Click-Select “New Zone” –“Next”-You will See Options :
o Primary zone()
o Secondary zone
o Stub zone
Select Primary zone-“Next”-Next will ask about zone name (E.g. Red.com) i.e. DNS name – “Next”- Next box will display zone name –“Next”-Next box will display different updates –Select “Dynamic Updates” Options
o Allow Both non secure and secure dynamic updates()
o Do not allow dynamic updates
Select First Option- Click “Next” –“Finish”

Create Host of DNS

Right click on above created DNS zone (Red.com) – Select “New Host” – Give Host name (e.g. pc2) and give it respective IP Address.

B) (for IP Address to Host name resolution)
In Same DNS dialog box – Click on Plus(+) sign followed by “Reverse Lookup Zone” –Select “Reverse Lookup Zone” –Right click-Select “New Zone”- “Next”-You will See :
o Primary zone()
o Secondary zone
o Stub zone
Select first option- Click on “Next”- Next box will be of network address (Give network id 192.168.0) – It will show you zone name (Keep it as it is) – “Next”-It will ask for dynamic updates as above – “Finish”

2) To Create Secondary DNS (To perform same function performed by Primary. We can only read copy of primary)

Requirement:
1) Name of Secondary DNS is same as Primary DNS
2) Takes data from Primary DNS
3) Used to reduce network traffic and load on Primary DNS

Note: Use two different machines. One has Primary DNS and Install Secondary DNS in another. In Secondary DNS give IP Address of Primary DNS.

Secondary DNS (In another Server):
Start-Administrative tools-DNS-Right click on machine name-Select configure server-“Next”-You will see Options
o Create forward lookup zone (for small network)
o Create forward And reverse lookup zone (for large network)( )
o Configure root hints only
Select Second option- “Next”-Next dialog box will display options
o Yes, Create forward lookup zone()
o No, Don’t create forward lookup zone
Select First option – “Next”- Give zone same as Primary DNS name (Red.com) – “Next”- Master DNS Services
Give IP Address, Where primary zone is created – Click on “Add”- “Next”-You will find two options of reverse lookup zone
o Yes, Create ()
o No, Don’t create
“Next” – Select Secondary zone – “Next”-Give network address- Give IP Address of Primary DNS Server- It will ask for Query forwarder(You can give name of Another DNS Server otherwise)-“Next” – It will Process –“Click on “Finish”

Different Settings which is to be done on Both Primary and Secondary DNS:
Right click on Created Zone – “Properties” – Dialog box will display – Select zone transfer tab – Check box of “Allow Zone Transfer” – “Apply” –“OK”

Configuration performed on Client Side:
My network places –Right click – “Properties”-Local Area Network- Right click “Local Area Network”-“Properties” – Double click on TCP/IP-Add IP Address of Primary DNS in “Preferred DNS Server”-“OK” –“Apply” – “OK”

How to Check From Client:
Go to Command prompt – type nslookup hostname. Primary DNS name ( E.g. pc2.Red.com ) –“Enter”



WINS (Windows Internet Naming Systems)
This feature is mainly used to resolve NetBIOS name to IP Address and IP Address to NetBIOS. It is used in mixed mode and to reduce Broadcast traffic in the network.


Requirement:
i) Windows 2003 Server


 Installing WINS:
Control panel- Add-remove program-Setup windows components-Networking Services – Check box of WINS- “Next” “Ok”

Configuration:

Server side:
i) Add clients IP address and NetBIOS name in LM host file (d:/Windows/System32/Driver/etc/LM host)

ii) Share etc folder

Client side:
i) Go to TCP/IP Properties – Click on “Advanced” tab – click on “WINS” tab- Select box of “Enable NetBIOS over TCP”.
ii) Click on “Import LM host” And select Server’s Shared LM host file –“OK”

How to Check:
Go to command prompt and type arp -a

Note: Use command “nbtstat” to view status in command prompt



DHCP (Domain Host Configuration Protocol)

This service is used to automatically allocate IP Address to its clients when client machine starts.

Requirement:
i) Windows 2003 Server

 Installing DHCP
Start-Setting-control panel-Add remove programs- windows Setup – Networking services –check box of DHCP –“OK”- “Next” –“Finish”


Configuration: (Without Active Directory Installed)
Administrative tools- DHCP- Right click on “machine name” – “Next” –Next will be of DHCP name, Give any name (e.g. Rose.com) – “Next”- Give IP Address range which you want to allocate to Clients (e.g. 192.168.0.1 to 192.168.0.10)

Note: IP Address range should be in same network address of machine (In which you are going to install DHCP)

“Next” – Next dialog box will display about Router ip address if you are connected with Router Give ip address of Router otherwise click “Next” – In next dialog box give Domain Name and DNS Server ( E.g. domain name Jetking.com(If Active directory is installed) or pc1, and IP Address of your machine, same DNS name) – “Next”- Next box will be of WINS Server(Type Details of WINS Server if you have installed ) otherwise –“Next” –Next dialog box will be of Activate scope with options
o Yes, I want to active scope()
o No , I will activate this scope late
Select first option – “Finish”

Configuration on Client Side:
In network place- Double click on TCP/IP – Select radio button of “Obtain an IP Address Automatically”



How to Check DHCP( From Client Side)
Start- Run –Type “ipconfig /all”





IIS (Internet Information Service)
This Service is used to create Small Website in Local Area Network.


Requirement:
i) Windows 2003 Server

 Installing IIS:
Setting – Control panel- Add remove program- Windows setup- Application server- IIS –“OK”- “Next” –“Finish”

Configuration:
i) Create one folder anywhere-Create HTML file in it (E.g.Web.htm)
ii)Administrative tools-Internet Information Services(IIS)-Click on Plus(+) sign followed by websites folder-Right click on default website-Select “New” option- Select “Website” And click on it-“Next”-Give any Description(E.g. website.com)-It will display dialog box of IP address and Port setting (Select IP address of Local machine and keep port setting 80 default)-“Next”-Next dialog box will be to select path of folder which contains HTML file(Select that folder)-“Next”-Next dialog box will be of Web access permission to user(Keep it by default)-“Next”-“Finish”
iii) Right click on created website (E.g.website.com)-“Properties”-Dialog box will display-Select “Documents” tab-Click on “Add” button(Add name of Previously created HTML page e.g. web.htm)-Move that HTML file up using “UP” button-“Apply”-“OK”


Shadow Copy
This features helps user to regain a previous copy of a modified file. If the file has been edited and changes have been saved, it saves all copy with different changes. It stores 64 copy of file and required 100MB of disk space.
Shadow copy helps to take the backup of open files or files which are in use.

Requirement:
i) In Server Active directory should be installed (2003 Server)
ii) Second machine should be client of Server (WinXP or 2003 Server)

Configuration:

Server side:
i) Right click on Any NTFS partition-“Properties”-Box will displayed-Select “Shadow copy” tab-Select particular drive and enable shadow copy by clicking on “Enable” button (it will take time to enable)-“OK”
ii) Create folder in which you have enabled shadow copy and create any file in it. Share it and give permission of “change”
iii) Share the ‘twclient’ folder in d:\windows\system32\clients





Client side:( XP or 2003)
i) Make any PC client of above server and login by administrator
ii) Right click on “My network Places”-“Properties”-“Entire Network”-“Windows network”-Go to Above Server-Find Shared “twclient” folder-Install file in “twclient” as per processor type (x86 is for Intel)
iii) Right click on File created in “Shadow copy” enabled drive.-you will find one extra tab of “Previous version”

How to Check:
i) In Server, make changes in file and save it-Right click on “shadow copy” enable-“Shadow copy”-Click on “Create “ to manually create copy-“OK”
ii) In Client, Go to that file through “Network neighborhood”-Right click that file-Select “Previous Version”-It will show you different copies. You can see different button for different effect.

Remote Administration Tool

Manage Server remotely using web browser


Requirement:
ii) One machine should server with Active directory Installed
iii) Second machine can be of any Operating System with browser.


 Installation of Remote Admin Tools:
Add remove program-Windows components-Application Server-IIS-World Wide Web service-Remote Administration.

How to check:
Administrative tools-Web interface for Remote Administration (For same Machine)

Or

From Another machine:
In browser type “https://mc2:8098 “
i) It will ask you password of Opposite Server with which you want to connect.
ii) Box of security alert will display. Click on “Add”, again another “Add” button will display. Click on it. –“close”
iii)

Remote Desktop using Web connection
Using this feature we can share Desktop of other using Web browser.

Requirement:
i) Windows 2003 Server with Internet Connections


 Installation of Remote Desktop Using Web connection:
Add remove program-Application Server-IIS-World Wide Web Service-Remote Desktop Web Connection

Setting should be check before see effect:
Administrative tools-Internet information Service (IIS)-Start default Service by right clicking
Right click on “Default Website”-“Properties” –Select IP Address of machine

How to check:
In Browser type
http://machinename/tsweb



Hardware Profile
This feature Used to operate system in different hardware configuration. This feature is mostly used in Laptops.

Requirement:
i) Windows 2003 with different hardware installed (like LAN card, Modem)




How to Create Hardware Profile:

Right click on “My Computer”-“Properties”-“Hardware”-Click on “Hardware Profile”-Click on “Copy” tab-Give Profile name-In below there are two Radio buttons of:
o Wait Until I select hardware profile()
o Select the first profile listed if I don’t select profile in

Sec
-“Apply” –“OK”- Restart your System

It will display Created Profile- Select that Profile-Login-Add/remove driver and enable/ disable Devices as per requirement.

Now your system load driver as per Profile selected during Booting.


Offline Folder
This feature is mostly used to make available any important shared file any time, In case Host machine I s up or down.

 How to Perform Offline Folder:

Requirement:
i) Two machine with 2000 Server or 2003 Server Installed
ii) Both machine should have “Remote Desktop” Disabled

Configuration:

In First Machine (Host Machine):
i) Double click on “My Computer”-Select “Tools” menu from menu bar-From drop down menu select “Folder Option”-Dialog box will display-Select “Offline Tab”-Enable Offline by Checking box of “Enable Offline Files”-“Apply”- “OK”

In Second Machine:
i) Perform same functions as above first machine
ii) Go to any shared folder using “My Network Places” or UNC path of First Machine-Right Click any shared folder-You will find Option “Make available Offline”-Click on that option




How to Check:
Shutdown the Host machine (Which have Shared file)-Go to “My computer”-Select “Tools” and “Folder Options” from “Tools” Drop down menu-In Dialog box appeared select “Offline”-Click on “View” tab located below-You will find your shared file.



Remote Assistance

This feature is mainly used to talk, chat and transfer file from one pc to another pc. We can also share desktop of other user.

Requirement:
i) Windows XP or Windows 2003 Server

From User Side (Who want Help) PC1

1) Check this
a) My Computer –Right click- Select “Remote” tab- Check box followed by “Remote Assistance”.

2)
a) In “Run”, type ‘gpedit.msc’ – “Enter”
b) Group Policy object editor will be displayed
c) In left hand pane select Computer Configuration -Click on (+) sign followed by Administrative Templates – Click on (+) sign followed by System- Select Remote Assistance given below-You will see two options on right hand side pane-Double click on Offer Remote Assistance-Select “Enable”-Click on “Show” tab to select helpers –Add helper username (E.g. Administrator or administrator@pc1)-“Apply”-“OK”.
d) Close all windows.

3)
a) Start-Programs-Remote Assistant
b) Help and support box will be displayed.
c) In Right pane click on Invite Someone to Help you
d) User messenger to sign in if you have internet connection otherwise use “Outlook Express” for LAN. First create account in Outlook Express:

i) In first dialog box give any name
ii) In Second dialog box type E-mail address of user (like administrator@pc1)
iii) In Third dialog box type user’s machine name and machine’s IP Address.
iv) In Fourth dialog box type username and password of user.
v) Click “Finish”

e) Type an email address of helper like administrator@pc2 – Click on “Invite this person” Tab below – “In Second dialog box set invite time and Uncheck the box followed by Require Recipient to use Password – Click on “Send Invitation” – Again click on “Send” button.


From Helper’s Side (Who give Help)PC2
1) Repeat steps 1 and 2 of user’s side

2)
a) In Start Select Help and Support - In Search type “Offer Remote Assistance” –Click on “Search” tab – Help topics will be displayed – Select Second Option Help and Support Centre Tools from help topics – you will see Offer Remote Assistance in right pane – Select Offer Remote Assistance – Type IP Address of User (E.g. administrator@pc1) – Click on “Connect” tab – Again Click on “Start Remote Assistance” tab

Note: If in any Pc u couldn’t find System folder (Group Policy Editor/ Computer configuration/Administrative templates) just right click on Administrative templates-Select Add/remove template-One dialog box will be displayed-Click on “Add” button –From list select “System.adn” file- “OK”


Routing and Remote Access
This feature include VPN (Virtual Private Network) and Dial up. VPN Requires Internet Connection and Dial up requires only Telephone Line.

 VPN: (Using LAN)

Requirement:
i) TwoWindows2003 Server in LAN.

Configuration:
i) Main Server PC1 (Where Resources are Stored)
Right click on “My Network Places”- “Properties”-Double Click on “New connection Wizard” - “Next” – “New Connection Type” Box will display
o Connect to the Internet
o Connect to the network at my workplace
o Setup an advanced connection ()
“Next” – Next dialog box will display
o Accept Incoming connections ()
o Directly connect with computer
Next box will of selection of Device for Incoming connection (Select both)- “Next” – Next dialog box will display
o Allow virtual private connection ()
o Do not allow virtual private connection
“Next” – Next box will display list of users (Select user which you want to allow) – “Next” – “Next” – “Finish”.

ii) Second Server PC1 (Which Required Resources)
Right click on “My Network Places” – “Properties”- Double click on “New Connection Wizard” – “Next” - “New Connection Type” Box will display
o Connect to the Internet
o Connect to the network at my workplace()
o Setup an advanced connection
“Next”- Next Dialog box will display
o Virtual Private network connection ()
o
“Next” – Type any name – Give IP Address of Main Server – Next box will display users – Select user for this connection – “Finish”

Note: If Second server is unable to connect to Main Server the go to Routing and Remote access (admin tools) – Right click on Server Status – Select “Add server”- And Server name of Main Server.


 Dial up (Using Null Modem):

Requirement:
i) Two Servers with Null modem Installed

Configuration:
i) Main Server PC1:
Administrative tools – Routing and Remote Access – Right click on Server name (E.g. PC1 ) – Click on “Configure and Enable Routing and Remote Access”-“Next” – Next Dialog box will display :
ڤ VPN
ڤ Dail up()
Next box of IP Address Assignment will display
o Automatically (If use DHCP)
o From Specified range of IP Address ()
In Next box Click on “New” and give IP Address which you machine have – Next box of Managing Multiple Remote Access Server with Options
o No, use Routing and Remote Access to authenticate ()
o Yes, setup this Server to work with RADIUS Server
“Next”- “Finish”- You will receive message about DHCP – “OK”- Process will start

ii) Client Side PC2:
In “My Network Places” Double click on “Add new connection Wizard” – Next box will display:
o Connect to the internet
o Connect to the network at my workplace
o Setup an advanced connection ()
Next box will display Advanced connection Options:
o Accept Incoming connection
o Connect directly to another computer()
Next box will display options:
o Host
o Guest ()
Next box will ask Connection name (Give any) – Next box will be of Device box (select Communication cable between computers) – Next box will display
o Only this account user
o Anyone’s use ()
“Next” – “Finish”


Internet Printing

Requirement:
i) Windows 2003Server with IIS installed
ii) Local Printer should be installed in Windows 2003 Server


Installing Internet Printing:
Add remove program-Windows components-Application Server-IIS-Internet Printing.

How to check:
From other machine type in Internet Explorer Browser
http://pc1/Printers
It will ask password where Local printer is installed.

Note: If Client is in workgroup user should be Anonymous(It will not ask password).



SUS (Software Update Service)
This feature is used to download updated files of windows2003 through internet and distribute that update files automatically to all clients.

Requirement:
Server Side :( Win2003 Server)
i) Active Directory
ii) IIS
iii) Software Update Service Software(Install using sus10sp1.exe file)
iv) Internet Connection
v) Group Policy

Client Side :( WinXP, Win2000Prof)
i) Install wuau22.msc (Download from Website)

Note: Above File will upgrade wuaueng.dll of client.


Configuration:

Server Side:
i) Administrative tools – Microsoft update service – Select Synchronize Server from left pane – Right hand side click on Synchronize now – It will try to connect to Microsoft update site
ii) Next Option below Synchronize Server is Approve Update to select different downloaded Update file which you want to distribute to Clients.
iii) Next Option below Approve Update is Set Updates if all clients are directly connected with Server.
iv) Go to Active directory users and computer through Administrative tools – Right Click domain name – “Properties”- Select “Group Policy” tab – Click on “Edit” button to Open Group Policy Editor- Computer Configuration – Administrative Templates – Windows Components – Window Updates – Right hand you will see four Options – Double click on first option – One Dialog box will be displayed -Enable it – Click on “Next Setting” button below – Second box will be displayed – Enable it and give name of SUS (E.g. http://pc1) – “Next Setting”- Third Box , Enable it – “Next Setting” – Enable it - “OK”.

Run- Type “gpupdate”

How to check:
Run-Regedit -Hkey_Local Machine – Software – Policies – Microsoft Windows – Windows Update /AV

This portion will be added after connecting with domain (After Making Client of domain)



Terminal Service
This service is used to manage Server from remote place.

Installing Terminal Server:
Add remove program- Windows components – Terminal Server Licensing.


Note: To allow user to use terminal server it should be a member of Remote Desktop user and he should have permission to use server (Give permission to user “Allow logon through terminal Service” through “Domain Controller Security Policy”
To use Remote Desktop in Win98/ Win2kProf:
Install “tsclient” software from 2003 server in 98 / Prof Machine.


Backup
This feature is used to backup data, active directory and Configuration of Operating system.



 Active Directory Backup and Restore

Requirement:
i) Windows 2003 server with active directory installed.

Configuration:

Backup:
Start – Programs – Accessories – System tools – Backup – Welcome screen of backup will display – Click on Advanced Mode On welcome screen – Another box with different options display – Click on “Backup” – In right pane you will find different drives – In my computer options, last option is System State – Click on Box followed by System State – Left bottom side there is button of “Browse” to select where you want to store backup – After selecting backup place Click on “Start Backup” (Right Bottom of the box) – Box of different setting is displayed – Again click on “Start Backup” – Process – “Close”


Restore:
Select Startup menu by pressing “F8” key – Start up will display with different options like
Safe mode
Safe mode with networking
.
Select Directory restore mode – Login box will come – Supply User name and password (Which was give during active directory installation) – You can select any restore method.

i) Authoritative Restore:
Start – Run – Type ntdsutil – Enter – Prompt will display – Type ntdsutil help to view different command – You can select any command (E.g. Type Authoritative restore or Restore Backup)
ii) Non-Authoritative Restore:
Start – Run – Type ntbackup – Select “Restore” tab
iii) Primary Restore:
Start – Run – Type ntbackup – Select “Restore” tab






 Active Directory Backup and Restore
This feature is used to Restore Crashed Operating System configuration.

Requirement:
i) Formatted Floppy
ii) Installation CD of Windows 2003 Server.
iii) Any backup drive or minimum 100MB hard disk space.


Configuration:
How to Take Backup: Run – Type ‘ntbackup’ – Dialog box will be displayed – Click on ASR – In next dialog box give path where you want to store backup – “Finish” – Process will start – It will ask for floppy, insert floppy- this will store three files(asr.sif , asrpnp.sif, setuplog.txt)

How to Restore Backup: Boot your System with Installation CD – Read instruction given below in blue screen of Installation – Press “F2” to start ASR


IAS (Internet Authentication Service) using RADIUS Protocol












Configuration:

RADIUS Server PC2:
i) Control Panel – Add remove program – Networking services – Internet authentication services.
ii) Administrative tools – Internet authentication services – Select RADIUS client – Right click – Select New RADIUS client – Give Friendly name(give any name) – Give IP Address – “Next” – Select RADIUS Standard – Give password in Shared secret (Same password given in Server e.g. 1234)

RADIUS Client PC1:
i) Administrative tools – Routing and Remote Access – Right click on Server name (E.g. PC1 ) – Click on Configure and Enable Routing and Remote Access-“Next” – Next Dialog box will display :
ڤ VPN
ڤ Dail up()
Next box of IP Address Assignment will display
o Automatically (If use DHCP)
o From Specified range of IP Address ()
In Next box Click on “New” and give IP Address which you machine have – Next box of Managing Multiple Remote Access Server with Options
o No, use Routing and Remote Access to authenticate ()
o Yes, setup this Server to work with RADIUS Server
“Next”- “Finish”- You will receive message about DHCP – “OK”- Process will start
ii) Administrative tools – Routing and remote access – Right click on Machine name – Properties – In dialog box select Security – In Box below change Windows authentication to Radius Authentication – Select below Radius Accounting – Click on “Configure” above - Give server name ( pc) and Password – Same thing do in “Configure” button below



Check log file in PC2:
Drive in which O.S. is installed windows/system32/logfiles

Note: RADIUS: Remote Access Dial In User Service



Software Routing
This feature enables 2003 server to use as a Router.


Requirement:
i) 2003 Server with two LAN card with different IP Address


Configuration: (Server side)
Dynamic Routing:
i) Administrative tools – Routing and remote access – Right click on Machine name ( PC1(local)) - Click on Configure and enable routing and remote access – “Next” – Welcome Screen – “Next” – Box of “configuration “ will Display
o Remote access (dial up or VPN)
o Network Address Translation (NAT)
o Virtual Private Network (VPN) access & NAT
o Secure Connection between Private networks
o Custom configuration ()
“Next” –Box of configuration will display options:
o VPN access
o Dial up access
o Demand dial connections (used for branch office routing)
o NAT and basic firewall
o LAN routing ()
– “Finish” – Message will be display of “Do you want to start the Service?” – Click on “Yes”

ii) In same windows click on plus (+) sign followed by IP routing , Different options will be displayed - Select General – Right click – Select New Routing Protocol – Select Open shortest path (OSPF) or
RIP version 2 for internet protocol
– “OK” – Selected protocol will be added below in list - Right click on Protocol – Select Interfaces – It will show u two LAN card – Select one – click “OK” – Click “OK” again – Again Right click on Protocol – Select Interfaces – It will show u only one LAN card – Select it – click “OK” – Click “OK” again

Static Routing:
Routing and remote access- Select Static Routes – Right click – New Static Routing – Fill Detail.

In Machine which are in Network:
Go to TCP/ IP properties – Add IP address of Router (Server) in Default gateway box

Note: Dynamic Routing uses RIP, OSPF, and IGRP



Network Address Translation (NAT)


Requirement:
i) Windows 2003 Server with internet connection
ii) All client machine should be in same network



Configuration:
i) Administrative tools – Routing and remote access – Right click on Machine name ( PC1(local)) - Click on Configure and enable routing and remote access – “Next” – Welcome Screen – “Next” – Box of “configuration “ will Display
o Remote access (dial up or VPN)
o Network Address Translation (NAT) ()
o Virtual Private Network (VPN) access & NAT
o Secure Connection between Private networks
o Custom configuration
“Next” – Box of ‘NAT internet connection’ will be displayed (Keep it as it is, Radio button and box checked) – “Next” – Box of ‘Name and Address Translation Service’ will display
o Enable basic name and service ()
o I will setup name and address service later
Next box will display ‘Address Assignment Range’ – “Next” – “Next” – Process will start – Next box will be of ‘Welcome to the Demand dial Interface wizard’ – “Next” – Box of ‘Interface name’ will be displayed – Keep default name Remote Router ( You can give any name) – Next box of ‘Connection type’ will display:
o Connect using modem, ISDN adapter or other physical device ()
o Connect using Virtual Private Network (VPN)
o Connect using PPP over Ethernet (PPP0E)
- “Next” – Select device box will display modem name – “Next” – In Phone number box give phone number of ISP (e.g. 172306) – Next box of ‘Protocol and security’ will display :
o Route IP packets on this interface ()
o Add a user account so a remote router can dial in
o Send a plain-text password if that is the only way to connect
o Use scripting to complete the connection with the remote router
“Next” – In Next box of Dial up Credential fill
User name
Password
Given by ISP – “Next” – Finish

ii) Find Option NAT/Basic firewall – Right click – Properties – Select Name resolution tab – Check both box – Select given wizard name from below ( E.g. Remote router)

iii) Find Network Interface – Select Network Interface – In right hand pane you will find Remote router (Interface name) – Right click Interface name – Properties – Select “Security Tab” from box – Change Allow secured password to
Allow unsecured password.



To Connect to Internet:
Select Network Interface – In right hand pane you will find Remote router (Interface name) – Right click Interface name – Click on Connect.




Certificate Services
This feature is used to provide some extraordinary rights to user by providing software certificates. There are different certificates for different purpose (Rights).


Installing of Certificate Service:
Control panel – Add remove program – Add remove Windows components – Certificate Services- “Next” – Select
o Enterprise root CA()(if active directory is installed)
o Enterprise subordinate CA
o Standalone root CA(without Active directory)
o Standalone subordinate CA
“Next” – In next box give certificate (give any name) – “Next” – Box of Certificate Database will be displayed – “Next” – Box of temporary stop IIS will display (If IIS is installed) – Click “Yes” – Process – Another page of “Want to enable Active Server page” will be displayed – Click “Yes” – “Finish”

Requirement: (for IIS Service)
i) Windows 2003 Server with Active directory Installed
ii) Windows 2003 with IIS installed

 Configuration: (for IIS Service)

Go to IIS service – Right click on Default website – Properties – From that box select “Directory Security” tab –Click on “Server Certificate” – Box will display click on “Next” – Select first option
o Create new certificate
Select second option from two
o Send request immediately to an online certificate authority
Next box will ask you to give name to certificate (give any name) – “Next” – “Next” – Next box will prompt you to fill regional information (fill information) – “Next” – “Next” – “Finish”

Click on “Edit” button give below “Server Certificate” –Check box of
i) Require secure channel
ii) Require 128 bit encryption
iii) Require client certificate
“OK”

ISSU CERTIFICATE TO ADMINISTRATOR:
In browser type “ https://192.168.0.1/certsrv “ - Security related Message box will display , agree with that – Select a task Require Certificate –In next box select User Certificate – Click on “Submit” tab – “Yes” – Process will start – At the end of process, Click on Install this certificate – Complete installation message will diplay.

How to Check: Select Properties of Internet Explorer – Select “Content” tab from box – Click on “Certificate” – You will find here one certificate.

Note: You can make any site not available to any user who doesn’t have certificate. That is possible by right click that site and select all options specified in second paragraph of configuration.

 Configuration: (for Encrypted File Recovery)

Scenario: To give permission to u2 to open file encrypted by user u1

Create two user u1 and u2 – Login by user u1 and encrypt one file – Login by administrator –
Start – Run – Type mmc – Microsoft management console will open – Click on File and Add-remove snap in – Add Certificates – You can see Certificates in left pane – Click on plus (+) sign followed by Certificates – Click on plus (+) sign followed by Personal folder – You will find Certificate with description in right pane – Right click on that certificate – All task – Export – “Next” – In next box you will find:
o Yes, export the private key ()
o No , do not export the private key
“Next” – Box of Export file format (Keep it default) – “Next” – Box of password will be displayed (give password if you want it will be asked during import) – “Next” – Box of “File to export “Where you want to save the file – Click on “Browse” to specify the path – Give any name in File name box below (e.g. 1) – Click on “Save” – “Next” – “Finish” – Message will display of “The export was successful” – Close all window.

Login by user u2 (whom you want to give permission to decrypt file) - Start – Run – Type mmc – Microsoft management console will open – Click on File and Add-remove snap in – Add Certificates – You can see Certificates in left pane – Click on plus (+) sign followed by Certificates – Click on plus (+) sign followed by Personal folder – Right click on Personal folder – Select All task – Select Import – Welcome screen will be displayed – “Next” – Box of File to import, click on Browse to select file – Select All file from files of type: : below (Exported file will be displayed ) ,Select file and click on “Open” – “Next” – Box of “Password” will be displayed – “Next” – Box of “Certificate to store “ will be displayed – “Finish”

SMALL BUT IMPORTANT

HOW TO REMOVE RECOVERY CONSOLE :
I) Remove “cmldr” file from c: drive
II) Remove entry from boot.ini

HOW TO ADD USER IN CMD:
dsadd user “ch=t1 , ou=tech , dc=fresh , dc=com” –disabled no

WIN XP COMMAND LINE

An A-Z Index of the Windows NT/XP command line
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes

BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info

CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSVDE Import or Export Active Directory data

DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory

ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files

FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR /F Loop command: against a set of files
FOR /F Loop command: against the results of another command
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations

GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line

HELP Online Help
HFNETCHK Network Security Hotfix Checker

IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP

KILL Remove a program from memory

LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file

MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files

NET Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights

PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory

QGREP Search file(s) for lines that match a given pattern.

RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Read, Set or Delete registry keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)

SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration

TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file

USRSTAT List domain usernames and last login

VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label

WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands

XCACLS Change file permissions
XCOPY Copy files and folders

Microsoft Help pages: Windows XP - 2003 Server

Links to other Sites, books etc...
________________________________________

Simon Sheppard
SS64.com

COMMAND-MANUAL

Network command manual
1. Configure network
2. telnet - user interface to the TELNET protocol
3. ftp - ARPANET file transfer program
4. rdate - get the date and time via the network
ifconfig
Add a new ip address to existing interface
ifconfig eth0:0 202.144.157.211 \
broadcast 202.144.157.223 \
netmask 255.255.255.240
route add -host 202.144.157.211 dev eth0:0

Configure network
Sample Network
IP Address
1 192.168.1.0 Network Address
2 192.168.1.2 Red Hat Linux Server DNS, E-Mail, etc
3 192.168.1.3 Windows Assign from DHCP
...........
• /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=ns
DOMAINNAME=rim
GATEWAY=
GATEWAYDEV=
NISDOMAIN=""
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
IPADDR=192.168.1.2
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ONBOOT=yes
/etc/hosts
127.0.0.1 localhost localhost.localdomain
192.168.1.2 ns ns.grape-info.com
/etc/resolv.conf
search grape-info.com
/etc/resolv.conf
search grape-info.com
nameserver 192.168.1.2
nameserver 202.144.129.34
nameserver 202.144.128.200
Notice
DNS Server's IP Address
1 nameserver 192.168.1.2 DNS Server
2 nameserver 202.144.129.34 ISP DNS Server
3 nameserver 202.144.128.200 ISP DNS Server
telnet - user interface to the TELNET protocol
The telnet command is used for interactive communication with another host using the TELNET protocol.
telnet [host] [port]
host Specifies a host to contact over the network.
port Specifies a port number or service name to contact. If not specified, the telnet port (23) is used.
• Connect to another host
[root@myhost /]# telnet hostname
Trying xxx.xxx.xxx.xxx...
Connected to localhost.
Escape character is '^]'.

Red Hat Linux release 5.2(J) (crimson)
Kernel 2.0.36 on an i586
login: hoge
Password:
Last login: Sun Aug 29 22:22:55 from hoge
[hoge@hostname hoge]$
• Connect to news server
[root@myhost /root]# telnet localhost nntp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
200 myhost.grape-info.com InterNetNews server INN 1.7.2 08-Dec-1997 ready
LIST
215
control 0000000000 0000000001 y
junk 0000000000 0000000001 y
test 0000000000 0000000001 y
to 0000000000 0000000001 y
.
QUIT
205 .
Connection closed by foreign host.
ftp - ARPANET file transfer program
Ftp is the user interface to the ARPANET standard File Transfer Protocol. The program allows a user to transfer files to and from a remote network site.
• ftp [host]
[root@myhost /root]# ftp hostname
Connected to hostname.
220 hostname.grape-info.com FTP server (Version wu-2.5.0(1) Tue Jun 8 11:19:44 EDT 1999) ready.
Name (hostname:username): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
total 6
drwxr-xr-x 6 root root 1024 Aug 28 01:08 .
drwxr-xr-x 6 root root 1024 Aug 28 01:08 ..
d--x--x--x 2 root root 1024 Aug 28 01:08 bin
d--x--x--x 2 root root 1024 Aug 28 01:08 etc
drwxr-xr-x 2 root root 1024 Aug 28 01:08 lib
dr-xr-sr-x 2 root ftp 1024 Sep 11 1998 pub
226 Transfer complete.
! [command [args]] Invoke an interactive shell on the local machine. If there are arguments, the first is taken to be a command to execute directly, with the rest of the arguments as its arguments.
account [passwd] Supply a supplemental password required by a remote system for access to resources once a login has been successfully completed. If no argument is included, the user will be prompted for an account password in a non-echoing input mode.
ascii Set the file transfer type to network ASCII. This is the default type.
binary Set the file transfer type to support binary image transfer.
bye Terminate the FTP session with the remote server and exit ftp. An end of file will also terminate the session and exit.
cd remote-directory Change the working directory on the remote machine to remote directory.
get remote-file [local-file] Retrieve the remote-file and store it on the local machine. If the local file name is not specified, it is given the same name it has on the remote machine, subject to alteration by the current case, ntrans, and nmap settings. The current settings for type, form, mode, and structure are used while transferring the file.
hash Toggle hash-sign (``#'') printing for each data block transferred. The size of a data block is 1024 bytes.
ls [remote-directory] [local-file] Print a listing of the contents of a directory on the remote machine. The listing includes any system-dependent information that the server chooses to include; for example, most UNIX systems will produce output from the command `ls -l'. (See also nlist.) If remote-directory is left unspecified, the current working directory is used. If interactive prompting is on, ftp will prompt the user to verify that the last argument is indeed the target local file for receiving ls output. If no local file is specified, or if local-file is `-', the output is sent to the terminal.
open host [port] Establish a connection to the specified host FTP server. An optional port number may be supplied, in which case, ftp will attempt to contact an FTP server at that port. If the autologin option is on (default), ftp will also attempt to automatically log the user in to the FTP server (see below).
put local-file [remote-file] Store a local file on the remote machine. If remote-file is left unspecified, the local file name is used after processing according to any ntrans or nmap settings in naming the remote file. File transfer uses the current settings for type, format, mode, and structure.
pwd Print the name of the current working directory on the remote machine.
quit A synonym for bye.
user user-name [password] [account] Identify yourself to the remote FTP server. If the password is not specified and the server requires it, ftp will prompt the user for it (after disabling local echo). If an account field is not specified, and the FTP server requires it, the user will be prompted for it. If an account field is specified, an account command will be relayed to the remote server after the login sequence is completed if the remote server did not require it for logging in. Unless ftp is invoked with ``auto-login'' disabled, this process is done automatically on initial connection to the FTP server.
rdate - get the date and time via the network
• SYNOPSIS
rdate [-p] [-s] [host...]
• DESCRIPTION
Rdate uses TCP to retrieve the current time of another machine using using the protocol described in RFC 868. The time for each system is returned in ctime(3) format. The following is an example:
% rdate uci mc
[uci] Sun Mar 24 20:35:41 1985
[mc] Sun Mar 24 20:36:19 1985
• OPTIONS
-p Print the time retrieved from the remote machines. This is the default mode.
-s Set the local system time from the time retrieved from the remote machine. This, quite naturally, is only effective for root.

NETWORKING

Network Command-line utilities
This section covers:
• Viewing configuration by using ipconfig /all
• Refreshing configuration by using ipconfig /renew
• Managing DNS and DHCP class IDs by using ipconfig
• Testing connections by using ping
• Troubleshooting hardware addresses by using arp
• Troubleshooting NetBIOS names by using nbtstat
• Displaying connection statistics by using netstat
• Tracing network connections by using tracert
• Testing routers by using pathping
Viewing configuration by using ipconfig /all
When you troubleshoot a TCP/IP networking problem, begin by checking the TCP/IP configuration on the computer that is experiencing the problem. You can use the ipconfig command to get host computer configuration information, including the IP address, subnet mask, and default gateway.
Note
• For Windows 95 and Windows 98 clients, use the winipcfg command instead of ipconfig.
When you use the ipconfig command with the /all option, a detailed configuration report is produced for all interfaces, including any configured serial ports. With ipconfig /all, you can redirect command output to a file and paste the output into other documents. You can also use this output to confirm the TCP/IP configuration of each computer on the network or to further investigate of TCP/IP network problems.
For example, if a computer is configured with an IP address that is a duplicate of an existing IP address, the subnet mask appears as 0.0.0.0.
The following example shows the output of the ipconfig /all command on a computer that is configured to use the DHCP server for automatic TCP/IP configuration, and WINS and DNS servers for name resolution.
Windows 2000 IP Configuration

Node Type . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . : No
WINS Proxy Enabled. . . . . : No

Ethernet adapter Local Area Connection:

Host Name . . . . . . . . . : host.grape-info.com
DNS Servers . . . . . . . . : 10.1.0.200
Description . . . . . . . . : 3Com 3C90x Ethernet Adapter
Physical Address. . . . . . : 00-60-08-3E-46-07
DHCP Enabled. . . . . . . . : Yes
Autoconfiguration Enabled . : Yes
IP Address. . . . . . . . . : 192.168.0.112
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.0.2
DHCP Server . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . : 192.168.0.1
Secondary WINS Server . . . : 192.168.0.3
Lease Obtained. . . . . . . : Wednesday, September 02, 1998 10:32:13 AM
Lease Expires . . . . . . . : Friday, September 18, 1998 10:32:13 AM
If no problems appear in the TCP/IP configuration, the next step is testing the ability to connect to other host computers on the TCP/IP network.
Refreshing configuration by using ipconfig /renew
When you troubleshoot a TCP/IP networking problem, begin by checking the TCP/IP configuration on the computer that is experiencing the problem. If the computer is DHCP-enabled and is using a DHCP server to obtain configuration, you can initiate a refresh of the lease by using the ipconfig /renew command.
When you use ipconfig /renew, all network adapters on the computer that uses DHCP (except those that are manually configured) try to contact a DHCP server and renew their existing configuration or obtain a new configuration.
You can also use the ipconfig command with the /release option to immediately release the current DHCP configuration for a host.
Note
• For Windows 95 and Windows 98 DHCP-enabled clients, use the release and renew options of the winipcfg command instead of ipconfig /release and ipconfig /renew to perform manual release or renewal of the IP configuration lease for a client.
Managing DNS and DHCP class IDs by using ipconfig
You can also use the ipconfig command to:
• Display or reset the DNS cache.
• Refresh registered DNS names.
• Display the DHCP class IDs for an adapter.
• Set the DHCP class IDs for an adapter.
Testing connections by using ping
The ping command helps to verify IP-level connectivity. When troubleshooting, you can use ping to send an ICMP echo request to a target host name or IP address. Use ping whenever you need to verify that a host computer can connect to the TCP/IP network and network resources. You can also use ping to isolate network hardware problems and incompatible configurations.
It is usually best to verify that a route exists between the local computer and a network host by first using the ping command and the IP address of the network host to which you want to connect. Try pinging the IP address of the target host to see if it responds, as follows:
ping IP_address
You should perform the following steps when using ping:
1. Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer.
ping 127.0.0.1
2. Ping the IP address of the local computer to verify that it was added to the network correctly.
ping IP_address_of_local_host
3. Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network.
ping IP_address_of_default_gateway
4. Ping the IP address of a remote host to verify that you can communicate through a router.
ping IP_address_of_remote_host
The ping command uses Windows Sockets–style name resolution to resolve a computer name to an IP address, so if pinging by address succeeds, but pinging by name fails, then the problem lies in address or name resolution, not network connectivity.
If you cannot use ping successfully at any point, confirm that:
• The computer was restarted after TCP/IP was installed and configured.
• The IP address of the local computer is valid and appears correctly on the General tab of the Internet Protocol (TCP/IP) Properties dialog box.
• IP routing is enabled and the link between routers is operational.
You can use different options with the ping command to specify the size of packets to use, how many packets to send, whether to record the route used, what Time-to-Live (TTL) value to use, and whether to set the "don't fragment" flag. You can type ping –? to see these options.
The following example illustrates how to send two pings, each 1,450 bytes in size, to IP address 192.168.0.1:
C:\>ping -n 2 -l 1450 192.168.0.1
Pinging 192.168.0.1 with 1450 bytes of data:

Reply from 192.168.0.1: bytes=1450 time<10ms TTL=32
Reply from 192.168.0.1: bytes=1450 time<10ms TTL=32

Ping statistics for 192.168.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate roundtrip times in milli-seconds:
Minimum = 0ms, Maximum = 10ms, Average = 2ms
By default, ping waits 1,000 ms (1 second) for each response to be returned before displaying the "Request Timed Out" message. If the remote system being pinged is across a high-delay link, such as a satellite link, responses may take longer to be returned. You can use the –w (wait) option to specify a longer time-out.
Troubleshooting hardware addresses by using arp
The Address Resolution Protocol (ARP) allows a host to find the media access control address of a host on the same physical network, given the IP address of the host. To make ARP efficient, each computer caches IP–to–media access control address mappings to eliminate repetitive ARP broadcast requests.
You can use the arp command to view and modify the ARP table entries on the local computer. The arp command is useful for viewing the ARP cache and resolving address resolution problems.
Troubleshooting NetBIOS names by using nbtstat
NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses. TCP/IP provides many options for NetBIOS name resolution, including local cache lookup, WINS server query, broadcast, DNS server query, and Lmhosts and Hosts file lookup.
Nbtstat is a useful tool for troubleshooting NetBIOS name resolution problems. You can use the nbtstat command to remove or correct preloaded entries:
• nbtstat –n displays the names that were registered locally on the system by programs such as the server and redirector.
• nbtstat –c shows the NetBIOS name cache, which contains name-to-address mappings for other computers.
• nbtstat –R purges the name cache and reloads it from the Lmhosts file.
• nbtstat –RR releases NetBIOS names registered with a WINS server and then renews their registration.
• nbtstat –a name performs a NetBIOS adapter status command against the computer specified by name. The adapter status command returns the local NetBIOS name table for that computer plus the media access control address of the adapter.
• nbtstat –S lists the current NetBIOS sessions and their status, including statistics, as shown in the following example:
• NetBIOS connection table
•
• Local name State In/out Remote Host Input Output
• ------------------------------------------------------------------
• CORP1 <00> Connected Out CORPSUP1<20> 6MB 5MB
• CORP1 <00> Connected Out CORPPRINT<20> 108KB 116KB
• CORP1 <00> Connected Out CORPSRC1<20> 299KB 19KB
• CORP1 <00> Connected Out CORPEMAIL1<20> 324KB 19KB
CORP1 <03> Listening
Displaying connection statistics by using netstat
You can use the netstat command to display protocol statistics and current TCP/IP connections. The netstat –a command displays all connections, and netstat –r displays the route table plus active connections. The netstat –e command displays Ethernet statistics, and netstat –s displays per-protocol statistics. If you use netstat –n, addresses and port numbers are not converted to names. The following shows sample output for netstat:
C:\>netstat -e
Interface Statistics

Received Sent
Bytes 3995837940 47224622
Unicast packets 120099 131015
Non-unicast packets 7579544 3823
Discards 0 0
Errors 0 0
Unknown protocols 363054211

C:\>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP myhost:1572 192.168.0.2:nbsession ESTABLISHED
TCP myhost:1589 192.168.0.2:nbsession ESTABLISHED
TCP myhost:1606 192.168.0.10:nbsession ESTABLISHED
TCP myhost:1632 192.168.0.11:nbsession ESTABLISHED
TCP myhost:1659 192.168.0.12:nbsession ESTABLISHED
TCP myhost:1714 192.168.0.13:nbsession ESTABLISHED
TCP myhost:1719 192.168.0.14:nbsession ESTABLISHED
TCP myhost:1241 192.168.0.15:nbsession ESTABLISHED
UDP myhost:1025 *:*
UDP myhost:snmp *:*
UDP myhost:nbname *:*
UDP myhost:nbdatagram *:*
UDP myhost:nbname *:*
UDP myhost:nbdatagram *:*
C:\>netstat -s
IP Statistics

Packets Received = 5378528
Received Header Errors = 738854
Received Address Errors = 23150
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 4616524
Output Requests = 132702
Routing Discards = 157
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMP Statistics
Received Sent
Messages 693 4
Errors 0 0
Destination Unreachable 685 0
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echoes 4 0
Echo Replies 0 4
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0

TCP Statistics

Active Opens = 597
Passive Opens = 135
Failed Connection Attempts = 107
Reset Connections = 91
Current Connections = 8
Segments Received = 106770
Segments Sent = 118431
Segments Retransmitted = 461

UDP Statistics

Datagrams Received = 4157136
No Ports = 351928
Receive Errors = 2
Datagrams Sent = 13809
Tracing network connections by using tracert
Tracert (Trace Route) is a route-tracing utility that is used to determine the path that an IP datagram takes to reach a destination. The tracert command uses the IP Time-to-Live (TTL) field and ICMP error messages to determine the route from one host to another through a network.
How tracert works
The Tracert diagnostic utility determines the route taken to a destination by sending Internet Control Message Protocol (ICMP) echo packets with varying IP Time-to-Live (TTL) values to the destination. Each router along the path is required to decrement the TTL on a packet by at least 1 before forwarding it. When the TTL on a packet reaches 0, the router should send an "ICMP Time Exceeded" message back to the source computer.
Tracert determines the route by sending the first echo packet with a TTL of 1 and incrementing the TTL by 1 on each subsequent transmission until the target responds or the maximum TTL is reached. The route is determined by examining the "ICMP Time Exceeded" messages sent back by intermediate routers. Some routers silently drop packets with expired TTLs and are invisible to the Tracert utility.
The tracert command prints out an ordered list of the near-side interface of the routers in the path that returned the "ICMP Time Exceeded" message. If the –d option is used, the Tracert utility does not perform a DNS lookup on each IP address.
In the following example, the packet must travel through routers (192.168.0.2, 202.144.158.206, 202.144.159.195 and 202.144.129.2) to get to host 202.144.128.22. The default gateway of the host is 192.168.0.2 and the IP address of the router on the 192.168.0.0 network is 192.168.0.2.
C:\>tracert 202.144.128.22
Tracing route to 202.144.128.22 over a maximum of 30 hops:
1 6 ms 2 ms 2 ms 192.168.0.2
2 4 ms 3 ms 4 ms 202.144.158.206
3 78 ms 78 ms 78 ms 202.144.159.195
4 78 ms 78 ms 78 ms 202.144.129.2
5 227 ms 163 ms 83 ms 202.144.128.220
Trace complete.
Troubleshooting with tracert
You can use the tracert command to determine where a packet stopped on the network. In the following example, the default gateway has determined that there is not a valid path for the host on 192.168.10.99. There is probably a router configuration problem or the 192.168.10.0 network does not exist (a bad IP address).
C:\>tracert www.grape-info.com
Tracing route to www.grape-info.com [202.144.128.220]
over a maximum of 30 hops:
1 6 ms 2 ms 2 ms 192.168.0.2
2 4 ms 3 ms 4 ms gw.grape-info.com [202.144.158.206]
3 tpu-gw1.grape-info.com [202.144.159.195] reports: Destination net unreachable.
Trace complete.
The Tracert utility is useful for troubleshooting large networks where several paths can be taken to arrive at the same point.
Tracert command-line options
The tracert command supports several options, as shown in the following table.
tracert [–d] [–h maximum_hops] [–j host-list] [–w timeout] target_name
Option Description
–d Specifies that IP addresses are not resolved to host names.
–h maximum_hops Specifies the number of hops to allow in tracing a route to the host named in target_name.
–j host-list Specifies the list of router interfaces in the path taken by the Tracert utility packets.
–w timeout Waits the number of milliseconds specified by timeout for each reply.
target_name Name or IP address of the target host.
Testing routers by using pathping
The pathping command is a route tracing tool that combines features of the ping and tracert commands with additional information that neither of those tools provides. The pathping command sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to determine which routers or links might be causing network problems. A number of options are available, as shown in the following table.
Option Name Function
–n Hostnames Does not resolve addresses to host names.
–h Maximum hops Maximum number of hops to search for target.
–g Host-list Loose source route along host list.
–p Period Number of milliseconds to wait between pings.
–q Num_queries Number of queries per hop.
–w Time-out Waits this many milliseconds for each reply.
-T Layer 2 tag Attaches a layer-2 priority tag (for example, for IEEE 802.1p) to the packets and sends it to each of the network devices in the path. This helps in identifying the network devices that do not have layer-2 priority configured properly. The -T switch is used to test for Quality of Service (QoS) connectivity.
-R RSVP test Checks to determine whether each router in the path supports the Resource Reservation Protocol (RSVP), which allows the host computer to reserve a certain amount of bandwidth for a data stream. The -R switch is used to test for Quality of Service (QoS) connectivity.
The default number of hops is 30, and the default wait time before a time-out is 3 seconds. The default period is 250 milliseconds, and the default number of queries to each router along the path is 100.
The following is a typical pathping report. The compiled statistics that follow the hop list indicate packet loss at each individual router.
D:\>pathping www.grape-info.com

Tracing route to www.grape-info.com [202.144.128.220]
over a maximum of 30 hops:
0 hoge.grape-info.com [192.168.0.24]
1 192.168.0.2
2 gw-dit.grape-info.com [202.144.158.206]
3 tpu-gw1.grape-info.com [202.144.159.195]
4 e0-0.tpu-br2.grape-info.com [202.144.129.2]
5 w3ext.grape-info.com [202.144.128.220]

Computing statistics for 125 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 hoge.grape-info.com [192.168.0.24]
0/ 100 = 0% |
1 3ms 0/ 100 = 0% 0/ 100 = 0% 192.168.0.2
0/ 100 = 0% |
2 4ms 0/ 100 = 0% 0/ 100 = 0% gw-dit.grape-info.com [202.144.158.206]
13/ 100 = 13% |
3 140ms 0/ 100 = 0% 1/ 100 = 1% tpu-gw1.grape-info.com [202.144.159.195]
0/ 100 = 0% |
4 126ms 0/ 100 = 0% 3/ 100 = 3% e0-0.tpu-br2.grape-info.com [202.144.129.2]
0/ 100 = 0% |
5 155ms 0/ 100 = 0% 0/ 100 = 0% aw3ext.grape-info.com [202.144.128.220]
Trace complete.
When pathping is run, you first see the results for the route as it is tested for problems. This is the same path that is shown by the tracert command. The pathping command then displays a busy message for the next 125 seconds (this time varies by the hop count). During this time, pathping gathers information from all the routers previously listed and from the links between them. At the end of this period, it displays the test results.
The two rightmost columns—This Node/Link Lost/Sent=Pct and Address—contain the most useful information. The link between gw-dit.grape-info.com (hop 2), and tpu-gw1.grape-info.com (hop 3) is dropping 13 percent of the packets. All other links are working normally. The routers at hops 3 and 4 also drop packets addressed to them (as shown in the This Node/Link column), but this loss does not affect their forwarding path.
The loss rates displayed for the links (marked as a | in the rightmost column) indicate losses of packets being forwarded along the path. This loss indicates link congestion. The loss rates displayed for routers (indicated by their IP addresses in the rightmost column) indicate that those routers' CPUs might be overloaded. These congested routers might also be a factor in end-to-end problems, especially if packets are forwarded by software routers.