W I N D O W S 2003
Common Feature of 2000 Server and 2000 Professional
1) NTFS file system
a) File and Folder Level Security
b) Disk quota
c) File and Folder Encryption (EFS)
d) Compression
2) Group Policy
a) Restrict Users from Desktop Changes, Icon Changes, Start Menu Changes Option etc…
b) Used to Display / Permit to install Software on Client PC.
3) Management
a) Fault Tolerance by Using Dynamic Disk
b) RAID (Redundant Access Interconnected Disk ) Level
4) Terminal Services
a) Accessing Desktop of Server from Client Side or allow to Administer the Server Remotely
b) Use Server’s Desktop in Application Mode.
5) DFS (Distributed File System)
Used to, Recollect all Files Which Are Distributed in Different Server in A Network.
6) ADS (Active Directory Installation)
It is a hierchical Database Structure.
Extra Feature of Windows XP & 2003 Server
1) Roll Back Driver ( Related to Hardware in PC)
Used to Load Back Previous Version Driver of any Hardware
O R
Used to Degradation of a Device Driver from its Upgraded Version.
2) Remote Desktop
This feature is used to Access desktop of PC from another PC (In case of XP, Which Desktop is opened their user will automatically logoff, but in 2003 Server User will not logoff.)
3) Remote Assistance
Using this Feature we can Chat, Talk, and Send files from one PC to Another PC and take full control of PC.
4) ASR (Automatic System Restore)
It creates Image File of System configuration.
Which is used Recover the Operating System along with its Settings at Disaster.
5) Shadow Copy
Used to Create Multiple Images of a Single File with Changes done in that file, File u want can be restore.
6) SUS ( Software Update Services)
The SUS helps to Download Updated Patches and fixes from the Microsoft Update Server and distribute it to all the Clients PC.
Forest is a collection of tree.
Installation
Win XP Hardware Requirement Win2003 Ser Hardware Requirement
Pentium- 233 MHz Pentium- 133 MHz
RAM- 64 MB RAM- 128 MB
Disk Space- 1.5 GB Disk Space- 2 GB
Server Edition
1) Standard Edition
2) Enterprise Edition
3) Web Edition
4) Data Center Edition
Options
• Per server number of concurrent connections:-
To register for license of no of clients which is going to connect with this server i.e? License of how many users are required
• Per Device of per user:-
This is selected if this server or device going to connect with how many Server (Domain).
Note: Per server can be converted in to per device (seat) but per seat cannot be converted in to per server.
ACTIVE DIRECTORY SERVICE
Installation of Active Directory
Requirement:
i) Windows 2003 Server
Configuration:
Start-Run-Type “dcpromo”-Press ‘Enter’-Press ‘Next’-Select Domain Controller Type:
o Domain Controller For a new domain ()
o Additional domain controller for a existing domain.
Note: Second option (if selected) will delete all local accounts n this server. Second Option selection means replication of existed domain.
Click ‘Next’- Select domain Type:
o Domain in a new forest ()
o Child domain in an existing domain tree
o Domain tree in a existing forest
‘Next’ – Type DNS name (E.g. Jetking.com) - ‘Next’- Domain Net
BIOS name will appear automatically (Jetking) – Click ‘Next’- You can give path of Active Directory Database (as per hard disk space):
Data Base folder:
Log Folder:
(Keep it default path given)
Click ‘Next’- You can give path of “Sysvol” folder
Note: It should be on NTFS partition
Click ‘Next’-It will display registration Diagnostics with three Options below:
o I have corrected problem. Perform the DNS diagnostic test again
o Install and configure the DNS server on this computer()
o I will correct the problem later by configuring DNS manually (Advanced)
Click on ‘Next’- Permission Dialog box will display:
o Permission compatible with pre-window 2000 server operating system
o Permissions compatible only with win2000 or win2003 operating system.
Click on ‘Next’- Directory service Restore mode password dialog box will display
Note: This password will use in restore mode of 2003.
Click on ‘Next’- Summary – then Process will start – Click on ‘Finish’-Then it will ask u “Restart Now”- Restart system for effect.
Five New Option will Add In Administrative Tools
1) Active Directory domain and trust
2) Active Directory Sites and Services
3) Active Directory Users and Computers
4) Domain Controller Security Policy
5) Domain Security Policy
Uninstall Active Directory
Requirement:
i) Windows 2003 with Active directory installed
Configuration:
Start – Run – Type “dcpromo” –Click on ‘Next’ – Another Dialog box will appear of Global Catalog server – Click ‘Ok’ – Check box of “This sever is the last domain controller in the domain” – ‘Next’ –Application Directory partitions dialog box will appear – ‘Next’ – Check box of “ Delete all application directory partition on this domain controller” – ‘Next’ – It will ask for new password (You can change password or keep it blank ) – ‘Next’ – Summary will display- Process will start- click on ‘Finish’ – Restart now dialog box will appear – click on it.
Setting Done Security Policy After DC Promo to Perform Different Practical
1) Domain Controller Security Policy :- a) Local Policy – User rights assignment (Double Click) – In right pane, allow logon locally (Double Click) – Click on “Add user or Group” – Add ‘everyone’ or Type ‘everyone’ in box – ‘Apply’ – ‘Ok’
2) Domain Security Policy :- a) Account Policy ( In Security Setting )
i) Password History (Make it zero)
ii) Minimum password length (Make it Zero)
iii) Password must meet complexity requirement (Make it Disable)
b) Local Policy (Below) –Click on ‘ User rights assignment’ – Double click on “ Allow logon locally” –Check box of “ Define these Policy Settings “ – Add ‘Everyone’ and ‘Administrators’ group or type in box “ everyone ; administrators “ By clicking on ‘ Add User or Group’ . – ‘Apply ‘– ‘Ok’
To get effect of these changes go to Start – Run – Type “ gpupdate “ – Click ‘Ok’ to make changes enable ( Sometime you have to do this for more than two times)
Joining A client PC to a Domain Controller
Requirement: i) Windows 2003 Server O.S. with Active Directory Installed ( E.g. Jetking.com
ii) Windows 2000 professional / Windows XP as a Client
Configuration:
From Client Side :
Select ‘My computer’ – Right click ‘ My computer’ - ‘Properties’ – Select ‘ computer Name ‘ Tab – Click on ‘Change’ – Select ‘Domain ‘ Radio button –Type Domain controller name without extension ( E.g. Jetking) – Give username and password of 2003 server – Click on ‘ Ok’ – After sometime you will see display of “ Welcome to Jetking domain” – It will ask to restart
How to Check No of Clients:
In Server go to Active Directory users and computers – Click on plus (+) sign followed by Domain Name – Click on ‘Computers ‘below – You will see name of Client computers on right hand side.
PROFILE
i) Local Profile: User Created in local machine (Without Active directory Installed). By logging in to local machine with this user will create Local Profile.
ii) Roaming Profile: User can login from any machine in network created by Administrator. User can change setting and save it
iii) Mandatory Profile: To impose restriction on User, this profile is created. In this User can change setting (like Background, fonts, appearance etc..) but can’t save it.
Requirement:
i) Windows 2003 Server with or without Active directory
Configuration:
How to Create Roaming Profile
i) Create folder ( E.g. ABC) in any partition, share it and give full control to ‘everyone’
ii) Select local user ( E.g. Ranvir) from admin tools to whom Roaming profile is to be applied- Right Click on it- Select ‘ Properties’ –Select ‘ Profile’ Tab – Type in “ Profile path”
\\machinename\SharedFoldername\Username (E.g. \\pc1\abc\ranvir)
- ‘Apply’ – click on ‘Ok’
How to Check:
Login as a user ( E.g. Ranvir) – My computer- Right click- ‘Properties’- Select ‘advanced’ tab- Click on Middle ‘Setting’ button of ‘User Profile’
How to Create Mandatory Profile (Local Profile to Mandatory)
i) Create folder (E.g. Man) in any partition, share it and give full control to ‘everyone’.
ii) Create any user (E.g. Ravi) in domain or local machine and login by that user.
iii) Logout from that user and login by administrator.
iii) Right click that user (Ravi) – Select ‘Properties’ – Select ‘Profile’ Tab- Type in “Profile Path”
\\machinename\SharedFoldername\Username (E.g. \\pc1\man\ravi)
iv) Double click to Drive where O.S. is installed – You will find folder “Documents and Settings” – In that folder you will find folder name of the user (E.g. Ravi) -
Go into that folder- Unhide folder and files in that folder by
a) Go to Tools menu – Select Folder options – Click on ‘View’ tab- Select “Show hidden files and folder”
- You will find some files and folder in that user name folder- Check out one file “NTUSER(DAT file) “ (not ntuser.dat text file of 1kb) – Rename that file “NTUSER “ to “NTUSER.MAN” file – Login by that user
How to Create Mandatory Profile from Roaming Profile
i) Login by that user which already have “Roaming Profile”-Go to that drive in which u have created folder and share it (That folder which path is given in profile path of user)-You will find one folder on the name of user-Go to that folder-You will find different folder and files if you have selected
“Show all hidden files and folder”-
And Uncheck box of “Hide Extension for all know types”
“Hide protected Operating system files”
From tools - folder option - view menu.
You will find one file of NTUSER.DAT (Not file of 1kb) –Change the extension of that file to NTUSER.MAN.-Close all window and login by user again.
How to Check:
Login as a user ( E.g Ravi) – My computer- Right click- ‘Properties’- Select ‘advanced’ tab- Click on Middle ‘Setting’ button of ‘User Profile’ – you will find Mandatory Profile followed by username
For network which has more than one Sever. It is used to recollect files stored in different server i.e. client of any server can access any file using this application. This Service will allow access to all important files from place which is stored in different server at one location.
.
How To Perform DFS(Distributed File System)
Requirement:
1) All should have 2003 Server
2) Server1 and Server2 should be member server of Server1
3) All Pc should be Domain.
Note: Point 1 and 2 are not necessary. You can perform practical without these points also.
STEPS TO BE PERFORMED
DFS Configuration: (In Server 1)
Start – Administrative tools- DFS (Distributed File System) – Box of DFS Will open- On left side right click on “Distributed File System” – Different Options will be displayed- Click on “New Root” – Click ‘Next’- You will find two options
o Domain Root (Select if Active Directory is installed)()
o Stand alone Root (Select if machine is local machine)
Suppose your machine is domain ( i.e. Active directory is installed)-Select first Point – Click on ‘Next’- It will display domain name of machine in which you are performing practical- Click on ‘Next’- It will ask for Server - type server name (E.g. pc2.heaven.com) – ‘Next’- Next dialog box will be of root name- Type “dfsshare” as a root name (Note: You can also type another name) – ‘Next’ – Next box will ask you for folder where you DFS data will be stored-Create folder by clicking on “New Folder” in any Drive or give path of already created folder using “Browse” button- ‘Next’ – Click on ‘Finish’- You will find “\\pc2\dfsshare” in right pane and in left pane “ \\heaven.com\dfsshare”
Create Link of Files( which u want to see at a time)
Right click on \\heaven.com\dfsshare - Select “New Link” – Dialog box will be displayed- In first Bar type Any Link name (E.g. File A) – Click on “Browse” button and give path of the folder which you want to link from any of the Sever for e.g. Server 2(Using Network Places – Entire Network – Microsoft Windows Network – Any Domain name) –After Selecting particular folder Click on “OK”
You can also link other folders (for e.g File B and File C) same by selecting “New Link”
Note: If there is no Active Directory (dcpromo), link folder by IP address (e.g. \\192.168.0.1\foldername)
How to check from Client (or Any of the Server1, Server2, Server3):
Start-Run-Type “\\pc1\dfsshare (Where Pc1 is server where DFS is installed and dfsshare is root name which was given)
DNS (DOMAIN NAME SERVER)
This service is used to resolve from IP Address to Hostname and Host name to IP Address. When you are aware about hostname of client, you can identify its IP Address or vice versa.
Installing DNS (With no Active Directory)
Start- Control panel- Add Remove program- Windows setup- Networking Services- Check box of DNS
1) To Create Primary DNS ( For Host name to IP Address or IP Address to Host name Resolution )
A) (For Host name to IP Address resolution)
Administrative tools-DNS-Click on Plus(+) sign followed by machine name in left pane- Click on Plus(+) sign followed by Forward Lookup Zone- Select “Forward Lookup Zone”-Right Click-Select “New Zone” –“Next”-You will See Options :
o Primary zone()
o Secondary zone
o Stub zone
Select Primary zone-“Next”-Next will ask about zone name (E.g. Red.com) i.e. DNS name – “Next”- Next box will display zone name –“Next”-Next box will display different updates –Select “Dynamic Updates” Options
o Allow Both non secure and secure dynamic updates()
o Do not allow dynamic updates
Select First Option- Click “Next” –“Finish”
Create Host of DNS
Right click on above created DNS zone (Red.com) – Select “New Host” – Give Host name (e.g. pc2) and give it respective IP Address.
B) (for IP Address to Host name resolution)
In Same DNS dialog box – Click on Plus(+) sign followed by “Reverse Lookup Zone” –Select “Reverse Lookup Zone” –Right click-Select “New Zone”- “Next”-You will See :
o Primary zone()
o Secondary zone
o Stub zone
Select first option- Click on “Next”- Next box will be of network address (Give network id 192.168.0) – It will show you zone name (Keep it as it is) – “Next”-It will ask for dynamic updates as above – “Finish”
2) To Create Secondary DNS (To perform same function performed by Primary. We can only read copy of primary)
Requirement:
1) Name of Secondary DNS is same as Primary DNS
2) Takes data from Primary DNS
3) Used to reduce network traffic and load on Primary DNS
Note: Use two different machines. One has Primary DNS and Install Secondary DNS in another. In Secondary DNS give IP Address of Primary DNS.
Secondary DNS (In another Server):
Start-Administrative tools-DNS-Right click on machine name-Select configure server-“Next”-You will see Options
o Create forward lookup zone (for small network)
o Create forward And reverse lookup zone (for large network)( )
o Configure root hints only
Select Second option- “Next”-Next dialog box will display options
o Yes, Create forward lookup zone()
o No, Don’t create forward lookup zone
Select First option – “Next”- Give zone same as Primary DNS name (Red.com) – “Next”- Master DNS Services
Give IP Address, Where primary zone is created – Click on “Add”- “Next”-You will find two options of reverse lookup zone
o Yes, Create ()
o No, Don’t create
“Next” – Select Secondary zone – “Next”-Give network address- Give IP Address of Primary DNS Server- It will ask for Query forwarder(You can give name of Another DNS Server otherwise)-“Next” – It will Process –“Click on “Finish”
Different Settings which is to be done on Both Primary and Secondary DNS:
Right click on Created Zone – “Properties” – Dialog box will display – Select zone transfer tab – Check box of “Allow Zone Transfer” – “Apply” –“OK”
Configuration performed on Client Side:
My network places –Right click – “Properties”-Local Area Network- Right click “Local Area Network”-“Properties” – Double click on TCP/IP-Add IP Address of Primary DNS in “Preferred DNS Server”-“OK” –“Apply” – “OK”
How to Check From Client:
Go to Command prompt – type nslookup hostname. Primary DNS name ( E.g. pc2.Red.com ) –“Enter”
WINS (Windows Internet Naming Systems)
This feature is mainly used to resolve NetBIOS name to IP Address and IP Address to NetBIOS. It is used in mixed mode and to reduce Broadcast traffic in the network.
Requirement:
i) Windows 2003 Server
Installing WINS:
Control panel- Add-remove program-Setup windows components-Networking Services – Check box of WINS- “Next” “Ok”
Configuration:
Server side:
i) Add clients IP address and NetBIOS name in LM host file (d:/Windows/System32/Driver/etc/LM host)
ii) Share etc folder
Client side:
i) Go to TCP/IP Properties – Click on “Advanced” tab – click on “WINS” tab- Select box of “Enable NetBIOS over TCP”.
ii) Click on “Import LM host” And select Server’s Shared LM host file –“OK”
How to Check:
Go to command prompt and type arp -a
Note: Use command “nbtstat” to view status in command prompt
DHCP (Domain Host Configuration Protocol)
This service is used to automatically allocate IP Address to its clients when client machine starts.
Requirement:
i) Windows 2003 Server
Installing DHCP
Start-Setting-control panel-Add remove programs- windows Setup – Networking services –check box of DHCP –“OK”- “Next” –“Finish”
Configuration: (Without Active Directory Installed)
Administrative tools- DHCP- Right click on “machine name” – “Next” –Next will be of DHCP name, Give any name (e.g. Rose.com) – “Next”- Give IP Address range which you want to allocate to Clients (e.g. 192.168.0.1 to 192.168.0.10)
Note: IP Address range should be in same network address of machine (In which you are going to install DHCP)
“Next” – Next dialog box will display about Router ip address if you are connected with Router Give ip address of Router otherwise click “Next” – In next dialog box give Domain Name and DNS Server ( E.g. domain name Jetking.com(If Active directory is installed) or pc1, and IP Address of your machine, same DNS name) – “Next”- Next box will be of WINS Server(Type Details of WINS Server if you have installed ) otherwise –“Next” –Next dialog box will be of Activate scope with options
o Yes, I want to active scope()
o No , I will activate this scope late
Select first option – “Finish”
Configuration on Client Side:
In network place- Double click on TCP/IP – Select radio button of “Obtain an IP Address Automatically”
How to Check DHCP( From Client Side)
Start- Run –Type “ipconfig /all”
IIS (Internet Information Service)
This Service is used to create Small Website in Local Area Network.
Requirement:
i) Windows 2003 Server
Installing IIS:
Setting – Control panel- Add remove program- Windows setup- Application server- IIS –“OK”- “Next” –“Finish”
Configuration:
i) Create one folder anywhere-Create HTML file in it (E.g.Web.htm)
ii)Administrative tools-Internet Information Services(IIS)-Click on Plus(+) sign followed by websites folder-Right click on default website-Select “New” option- Select “Website” And click on it-“Next”-Give any Description(E.g. website.com)-It will display dialog box of IP address and Port setting (Select IP address of Local machine and keep port setting 80 default)-“Next”-Next dialog box will be to select path of folder which contains HTML file(Select that folder)-“Next”-Next dialog box will be of Web access permission to user(Keep it by default)-“Next”-“Finish”
iii) Right click on created website (E.g.website.com)-“Properties”-Dialog box will display-Select “Documents” tab-Click on “Add” button(Add name of Previously created HTML page e.g. web.htm)-Move that HTML file up using “UP” button-“Apply”-“OK”
Shadow Copy
This features helps user to regain a previous copy of a modified file. If the file has been edited and changes have been saved, it saves all copy with different changes. It stores 64 copy of file and required 100MB of disk space.
Shadow copy helps to take the backup of open files or files which are in use.
Requirement:
i) In Server Active directory should be installed (2003 Server)
ii) Second machine should be client of Server (WinXP or 2003 Server)
Configuration:
Server side:
i) Right click on Any NTFS partition-“Properties”-Box will displayed-Select “Shadow copy” tab-Select particular drive and enable shadow copy by clicking on “Enable” button (it will take time to enable)-“OK”
ii) Create folder in which you have enabled shadow copy and create any file in it. Share it and give permission of “change”
iii) Share the ‘twclient’ folder in d:\windows\system32\clients
Client side:( XP or 2003)
i) Make any PC client of above server and login by administrator
ii) Right click on “My network Places”-“Properties”-“Entire Network”-“Windows network”-Go to Above Server-Find Shared “twclient” folder-Install file in “twclient” as per processor type (x86 is for Intel)
iii) Right click on File created in “Shadow copy” enabled drive.-you will find one extra tab of “Previous version”
How to Check:
i) In Server, make changes in file and save it-Right click on “shadow copy” enable-“Shadow copy”-Click on “Create “ to manually create copy-“OK”
ii) In Client, Go to that file through “Network neighborhood”-Right click that file-Select “Previous Version”-It will show you different copies. You can see different button for different effect.
Remote Administration Tool
Manage Server remotely using web browser
Requirement:
ii) One machine should server with Active directory Installed
iii) Second machine can be of any Operating System with browser.
Installation of Remote Admin Tools:
Add remove program-Windows components-Application Server-IIS-World Wide Web service-Remote Administration.
How to check:
Administrative tools-Web interface for Remote Administration (For same Machine)
Or
From Another machine:
In browser type “https://mc2:8098 “
i) It will ask you password of Opposite Server with which you want to connect.
ii) Box of security alert will display. Click on “Add”, again another “Add” button will display. Click on it. –“close”
iii)
Remote Desktop using Web connection
Using this feature we can share Desktop of other using Web browser.
Requirement:
i) Windows 2003 Server with Internet Connections
Installation of Remote Desktop Using Web connection:
Add remove program-Application Server-IIS-World Wide Web Service-Remote Desktop Web Connection
Setting should be check before see effect:
Administrative tools-Internet information Service (IIS)-Start default Service by right clicking
Right click on “Default Website”-“Properties” –Select IP Address of machine
How to check:
In Browser type
http://machinename/tsweb
Hardware Profile
This feature Used to operate system in different hardware configuration. This feature is mostly used in Laptops.
Requirement:
i) Windows 2003 with different hardware installed (like LAN card, Modem)
How to Create Hardware Profile:
Right click on “My Computer”-“Properties”-“Hardware”-Click on “Hardware Profile”-Click on “Copy” tab-Give Profile name-In below there are two Radio buttons of:
o Wait Until I select hardware profile()
o Select the first profile listed if I don’t select profile in
Sec
-“Apply” –“OK”- Restart your System
It will display Created Profile- Select that Profile-Login-Add/remove driver and enable/ disable Devices as per requirement.
Now your system load driver as per Profile selected during Booting.
Offline Folder
This feature is mostly used to make available any important shared file any time, In case Host machine I s up or down.
How to Perform Offline Folder:
Requirement:
i) Two machine with 2000 Server or 2003 Server Installed
ii) Both machine should have “Remote Desktop” Disabled
Configuration:
In First Machine (Host Machine):
i) Double click on “My Computer”-Select “Tools” menu from menu bar-From drop down menu select “Folder Option”-Dialog box will display-Select “Offline Tab”-Enable Offline by Checking box of “Enable Offline Files”-“Apply”- “OK”
In Second Machine:
i) Perform same functions as above first machine
ii) Go to any shared folder using “My Network Places” or UNC path of First Machine-Right Click any shared folder-You will find Option “Make available Offline”-Click on that option
How to Check:
Shutdown the Host machine (Which have Shared file)-Go to “My computer”-Select “Tools” and “Folder Options” from “Tools” Drop down menu-In Dialog box appeared select “Offline”-Click on “View” tab located below-You will find your shared file.
Remote Assistance
This feature is mainly used to talk, chat and transfer file from one pc to another pc. We can also share desktop of other user.
Requirement:
i) Windows XP or Windows 2003 Server
From User Side (Who want Help) PC1
1) Check this
a) My Computer –Right click- Select “Remote” tab- Check box followed by “Remote Assistance”.
2)
a) In “Run”, type ‘gpedit.msc’ – “Enter”
b) Group Policy object editor will be displayed
c) In left hand pane select Computer Configuration -Click on (+) sign followed by Administrative Templates – Click on (+) sign followed by System- Select Remote Assistance given below-You will see two options on right hand side pane-Double click on Offer Remote Assistance-Select “Enable”-Click on “Show” tab to select helpers –Add helper username (E.g. Administrator or administrator@pc1)-“Apply”-“OK”.
d) Close all windows.
3)
a) Start-Programs-Remote Assistant
b) Help and support box will be displayed.
c) In Right pane click on Invite Someone to Help you
d) User messenger to sign in if you have internet connection otherwise use “Outlook Express” for LAN. First create account in Outlook Express:
i) In first dialog box give any name
ii) In Second dialog box type E-mail address of user (like administrator@pc1)
iii) In Third dialog box type user’s machine name and machine’s IP Address.
iv) In Fourth dialog box type username and password of user.
v) Click “Finish”
e) Type an email address of helper like administrator@pc2 – Click on “Invite this person” Tab below – “In Second dialog box set invite time and Uncheck the box followed by Require Recipient to use Password – Click on “Send Invitation” – Again click on “Send” button.
From Helper’s Side (Who give Help)PC2
1) Repeat steps 1 and 2 of user’s side
2)
a) In Start Select Help and Support - In Search type “Offer Remote Assistance” –Click on “Search” tab – Help topics will be displayed – Select Second Option Help and Support Centre Tools from help topics – you will see Offer Remote Assistance in right pane – Select Offer Remote Assistance – Type IP Address of User (E.g. administrator@pc1) – Click on “Connect” tab – Again Click on “Start Remote Assistance” tab
Note: If in any Pc u couldn’t find System folder (Group Policy Editor/ Computer configuration/Administrative templates) just right click on Administrative templates-Select Add/remove template-One dialog box will be displayed-Click on “Add” button –From list select “System.adn” file- “OK”
Routing and Remote Access
This feature include VPN (Virtual Private Network) and Dial up. VPN Requires Internet Connection and Dial up requires only Telephone Line.
VPN: (Using LAN)
Requirement:
i) TwoWindows2003 Server in LAN.
Configuration:
i) Main Server PC1 (Where Resources are Stored)
Right click on “My Network Places”- “Properties”-Double Click on “New connection Wizard” - “Next” – “New Connection Type” Box will display
o Connect to the Internet
o Connect to the network at my workplace
o Setup an advanced connection ()
“Next” – Next dialog box will display
o Accept Incoming connections ()
o Directly connect with computer
Next box will of selection of Device for Incoming connection (Select both)- “Next” – Next dialog box will display
o Allow virtual private connection ()
o Do not allow virtual private connection
“Next” – Next box will display list of users (Select user which you want to allow) – “Next” – “Next” – “Finish”.
ii) Second Server PC1 (Which Required Resources)
Right click on “My Network Places” – “Properties”- Double click on “New Connection Wizard” – “Next” - “New Connection Type” Box will display
o Connect to the Internet
o Connect to the network at my workplace()
o Setup an advanced connection
“Next”- Next Dialog box will display
o Virtual Private network connection ()
o
“Next” – Type any name – Give IP Address of Main Server – Next box will display users – Select user for this connection – “Finish”
Note: If Second server is unable to connect to Main Server the go to Routing and Remote access (admin tools) – Right click on Server Status – Select “Add server”- And Server name of Main Server.
Dial up (Using Null Modem):
Requirement:
i) Two Servers with Null modem Installed
Configuration:
i) Main Server PC1:
Administrative tools – Routing and Remote Access – Right click on Server name (E.g. PC1 ) – Click on “Configure and Enable Routing and Remote Access”-“Next” – Next Dialog box will display :
ڤ VPN
ڤ Dail up()
Next box of IP Address Assignment will display
o Automatically (If use DHCP)
o From Specified range of IP Address ()
In Next box Click on “New” and give IP Address which you machine have – Next box of Managing Multiple Remote Access Server with Options
o No, use Routing and Remote Access to authenticate ()
o Yes, setup this Server to work with RADIUS Server
“Next”- “Finish”- You will receive message about DHCP – “OK”- Process will start
ii) Client Side PC2:
In “My Network Places” Double click on “Add new connection Wizard” – Next box will display:
o Connect to the internet
o Connect to the network at my workplace
o Setup an advanced connection ()
Next box will display Advanced connection Options:
o Accept Incoming connection
o Connect directly to another computer()
Next box will display options:
o Host
o Guest ()
Next box will ask Connection name (Give any) – Next box will be of Device box (select Communication cable between computers) – Next box will display
o Only this account user
o Anyone’s use ()
“Next” – “Finish”
Internet Printing
Requirement:
i) Windows 2003Server with IIS installed
ii) Local Printer should be installed in Windows 2003 Server
Installing Internet Printing:
Add remove program-Windows components-Application Server-IIS-Internet Printing.
How to check:
From other machine type in Internet Explorer Browser
http://pc1/Printers
It will ask password where Local printer is installed.
Note: If Client is in workgroup user should be Anonymous(It will not ask password).
SUS (Software Update Service)
This feature is used to download updated files of windows2003 through internet and distribute that update files automatically to all clients.
Requirement:
Server Side :( Win2003 Server)
i) Active Directory
ii) IIS
iii) Software Update Service Software(Install using sus10sp1.exe file)
iv) Internet Connection
v) Group Policy
Client Side :( WinXP, Win2000Prof)
i) Install wuau22.msc (Download from Website)
Note: Above File will upgrade wuaueng.dll of client.
Configuration:
Server Side:
i) Administrative tools – Microsoft update service – Select Synchronize Server from left pane – Right hand side click on Synchronize now – It will try to connect to Microsoft update site
ii) Next Option below Synchronize Server is Approve Update to select different downloaded Update file which you want to distribute to Clients.
iii) Next Option below Approve Update is Set Updates if all clients are directly connected with Server.
iv) Go to Active directory users and computer through Administrative tools – Right Click domain name – “Properties”- Select “Group Policy” tab – Click on “Edit” button to Open Group Policy Editor- Computer Configuration – Administrative Templates – Windows Components – Window Updates – Right hand you will see four Options – Double click on first option – One Dialog box will be displayed -Enable it – Click on “Next Setting” button below – Second box will be displayed – Enable it and give name of SUS (E.g. http://pc1) – “Next Setting”- Third Box , Enable it – “Next Setting” – Enable it - “OK”.
Run- Type “gpupdate”
How to check:
Run-Regedit -Hkey_Local Machine – Software – Policies – Microsoft Windows – Windows Update /AV
This portion will be added after connecting with domain (After Making Client of domain)
Terminal Service
This service is used to manage Server from remote place.
Installing Terminal Server:
Add remove program- Windows components – Terminal Server Licensing.
Note: To allow user to use terminal server it should be a member of Remote Desktop user and he should have permission to use server (Give permission to user “Allow logon through terminal Service” through “Domain Controller Security Policy”
To use Remote Desktop in Win98/ Win2kProf:
Install “tsclient” software from 2003 server in 98 / Prof Machine.
Backup
This feature is used to backup data, active directory and Configuration of Operating system.
Active Directory Backup and Restore
Requirement:
i) Windows 2003 server with active directory installed.
Configuration:
Backup:
Start – Programs – Accessories – System tools – Backup – Welcome screen of backup will display – Click on Advanced Mode On welcome screen – Another box with different options display – Click on “Backup” – In right pane you will find different drives – In my computer options, last option is System State – Click on Box followed by System State – Left bottom side there is button of “Browse” to select where you want to store backup – After selecting backup place Click on “Start Backup” (Right Bottom of the box) – Box of different setting is displayed – Again click on “Start Backup” – Process – “Close”
Restore:
Select Startup menu by pressing “F8” key – Start up will display with different options like
Safe mode
Safe mode with networking
.
Select Directory restore mode – Login box will come – Supply User name and password (Which was give during active directory installation) – You can select any restore method.
i) Authoritative Restore:
Start – Run – Type ntdsutil – Enter – Prompt will display – Type ntdsutil help to view different command – You can select any command (E.g. Type Authoritative restore or Restore Backup)
ii) Non-Authoritative Restore:
Start – Run – Type ntbackup – Select “Restore” tab
iii) Primary Restore:
Start – Run – Type ntbackup – Select “Restore” tab
Active Directory Backup and Restore
This feature is used to Restore Crashed Operating System configuration.
Requirement:
i) Formatted Floppy
ii) Installation CD of Windows 2003 Server.
iii) Any backup drive or minimum 100MB hard disk space.
Configuration:
How to Take Backup: Run – Type ‘ntbackup’ – Dialog box will be displayed – Click on ASR – In next dialog box give path where you want to store backup – “Finish” – Process will start – It will ask for floppy, insert floppy- this will store three files(asr.sif , asrpnp.sif, setuplog.txt)
How to Restore Backup: Boot your System with Installation CD – Read instruction given below in blue screen of Installation – Press “F2” to start ASR
IAS (Internet Authentication Service) using RADIUS Protocol
Configuration:
RADIUS Server PC2:
i) Control Panel – Add remove program – Networking services – Internet authentication services.
ii) Administrative tools – Internet authentication services – Select RADIUS client – Right click – Select New RADIUS client – Give Friendly name(give any name) – Give IP Address – “Next” – Select RADIUS Standard – Give password in Shared secret (Same password given in Server e.g. 1234)
RADIUS Client PC1:
i) Administrative tools – Routing and Remote Access – Right click on Server name (E.g. PC1 ) – Click on Configure and Enable Routing and Remote Access-“Next” – Next Dialog box will display :
ڤ VPN
ڤ Dail up()
Next box of IP Address Assignment will display
o Automatically (If use DHCP)
o From Specified range of IP Address ()
In Next box Click on “New” and give IP Address which you machine have – Next box of Managing Multiple Remote Access Server with Options
o No, use Routing and Remote Access to authenticate ()
o Yes, setup this Server to work with RADIUS Server
“Next”- “Finish”- You will receive message about DHCP – “OK”- Process will start
ii) Administrative tools – Routing and remote access – Right click on Machine name – Properties – In dialog box select Security – In Box below change Windows authentication to Radius Authentication – Select below Radius Accounting – Click on “Configure” above - Give server name ( pc) and Password – Same thing do in “Configure” button below
Check log file in PC2:
Drive in which O.S. is installed windows/system32/logfiles
Note: RADIUS: Remote Access Dial In User Service
Software Routing
This feature enables 2003 server to use as a Router.
Requirement:
i) 2003 Server with two LAN card with different IP Address
Configuration: (Server side)
Dynamic Routing:
i) Administrative tools – Routing and remote access – Right click on Machine name ( PC1(local)) - Click on Configure and enable routing and remote access – “Next” – Welcome Screen – “Next” – Box of “configuration “ will Display
o Remote access (dial up or VPN)
o Network Address Translation (NAT)
o Virtual Private Network (VPN) access & NAT
o Secure Connection between Private networks
o Custom configuration ()
“Next” –Box of configuration will display options:
o VPN access
o Dial up access
o Demand dial connections (used for branch office routing)
o NAT and basic firewall
o LAN routing ()
– “Finish” – Message will be display of “Do you want to start the Service?” – Click on “Yes”
ii) In same windows click on plus (+) sign followed by IP routing , Different options will be displayed - Select General – Right click – Select New Routing Protocol – Select Open shortest path (OSPF) or
RIP version 2 for internet protocol
– “OK” – Selected protocol will be added below in list - Right click on Protocol – Select Interfaces – It will show u two LAN card – Select one – click “OK” – Click “OK” again – Again Right click on Protocol – Select Interfaces – It will show u only one LAN card – Select it – click “OK” – Click “OK” again
Static Routing:
Routing and remote access- Select Static Routes – Right click – New Static Routing – Fill Detail.
In Machine which are in Network:
Go to TCP/ IP properties – Add IP address of Router (Server) in Default gateway box
Note: Dynamic Routing uses RIP, OSPF, and IGRP
Network Address Translation (NAT)
Requirement:
i) Windows 2003 Server with internet connection
ii) All client machine should be in same network
Configuration:
i) Administrative tools – Routing and remote access – Right click on Machine name ( PC1(local)) - Click on Configure and enable routing and remote access – “Next” – Welcome Screen – “Next” – Box of “configuration “ will Display
o Remote access (dial up or VPN)
o Network Address Translation (NAT) ()
o Virtual Private Network (VPN) access & NAT
o Secure Connection between Private networks
o Custom configuration
“Next” – Box of ‘NAT internet connection’ will be displayed (Keep it as it is, Radio button and box checked) – “Next” – Box of ‘Name and Address Translation Service’ will display
o Enable basic name and service ()
o I will setup name and address service later
Next box will display ‘Address Assignment Range’ – “Next” – “Next” – Process will start – Next box will be of ‘Welcome to the Demand dial Interface wizard’ – “Next” – Box of ‘Interface name’ will be displayed – Keep default name Remote Router ( You can give any name) – Next box of ‘Connection type’ will display:
o Connect using modem, ISDN adapter or other physical device ()
o Connect using Virtual Private Network (VPN)
o Connect using PPP over Ethernet (PPP0E)
- “Next” – Select device box will display modem name – “Next” – In Phone number box give phone number of ISP (e.g. 172306) – Next box of ‘Protocol and security’ will display :
o Route IP packets on this interface ()
o Add a user account so a remote router can dial in
o Send a plain-text password if that is the only way to connect
o Use scripting to complete the connection with the remote router
“Next” – In Next box of Dial up Credential fill
User name
Password
Given by ISP – “Next” – Finish
ii) Find Option NAT/Basic firewall – Right click – Properties – Select Name resolution tab – Check both box – Select given wizard name from below ( E.g. Remote router)
iii) Find Network Interface – Select Network Interface – In right hand pane you will find Remote router (Interface name) – Right click Interface name – Properties – Select “Security Tab” from box – Change Allow secured password to
Allow unsecured password.
To Connect to Internet:
Select Network Interface – In right hand pane you will find Remote router (Interface name) – Right click Interface name – Click on Connect.
Certificate Services
This feature is used to provide some extraordinary rights to user by providing software certificates. There are different certificates for different purpose (Rights).
Installing of Certificate Service:
Control panel – Add remove program – Add remove Windows components – Certificate Services- “Next” – Select
o Enterprise root CA()(if active directory is installed)
o Enterprise subordinate CA
o Standalone root CA(without Active directory)
o Standalone subordinate CA
“Next” – In next box give certificate (give any name) – “Next” – Box of Certificate Database will be displayed – “Next” – Box of temporary stop IIS will display (If IIS is installed) – Click “Yes” – Process – Another page of “Want to enable Active Server page” will be displayed – Click “Yes” – “Finish”
Requirement: (for IIS Service)
i) Windows 2003 Server with Active directory Installed
ii) Windows 2003 with IIS installed
Configuration: (for IIS Service)
Go to IIS service – Right click on Default website – Properties – From that box select “Directory Security” tab –Click on “Server Certificate” – Box will display click on “Next” – Select first option
o Create new certificate
Select second option from two
o Send request immediately to an online certificate authority
Next box will ask you to give name to certificate (give any name) – “Next” – “Next” – Next box will prompt you to fill regional information (fill information) – “Next” – “Next” – “Finish”
Click on “Edit” button give below “Server Certificate” –Check box of
i) Require secure channel
ii) Require 128 bit encryption
iii) Require client certificate
“OK”
ISSU CERTIFICATE TO ADMINISTRATOR:
In browser type “ https://192.168.0.1/certsrv “ - Security related Message box will display , agree with that – Select a task Require Certificate –In next box select User Certificate – Click on “Submit” tab – “Yes” – Process will start – At the end of process, Click on Install this certificate – Complete installation message will diplay.
How to Check: Select Properties of Internet Explorer – Select “Content” tab from box – Click on “Certificate” – You will find here one certificate.
Note: You can make any site not available to any user who doesn’t have certificate. That is possible by right click that site and select all options specified in second paragraph of configuration.
Configuration: (for Encrypted File Recovery)
Scenario: To give permission to u2 to open file encrypted by user u1
Create two user u1 and u2 – Login by user u1 and encrypt one file – Login by administrator –
Start – Run – Type mmc – Microsoft management console will open – Click on File and Add-remove snap in – Add Certificates – You can see Certificates in left pane – Click on plus (+) sign followed by Certificates – Click on plus (+) sign followed by Personal folder – You will find Certificate with description in right pane – Right click on that certificate – All task – Export – “Next” – In next box you will find:
o Yes, export the private key ()
o No , do not export the private key
“Next” – Box of Export file format (Keep it default) – “Next” – Box of password will be displayed (give password if you want it will be asked during import) – “Next” – Box of “File to export “Where you want to save the file – Click on “Browse” to specify the path – Give any name in File name box below (e.g. 1) – Click on “Save” – “Next” – “Finish” – Message will display of “The export was successful” – Close all window.
Login by user u2 (whom you want to give permission to decrypt file) - Start – Run – Type mmc – Microsoft management console will open – Click on File and Add-remove snap in – Add Certificates – You can see Certificates in left pane – Click on plus (+) sign followed by Certificates – Click on plus (+) sign followed by Personal folder – Right click on Personal folder – Select All task – Select Import – Welcome screen will be displayed – “Next” – Box of File to import, click on Browse to select file – Select All file from files of type: : below (Exported file will be displayed ) ,Select file and click on “Open” – “Next” – Box of “Password” will be displayed – “Next” – Box of “Certificate to store “ will be displayed – “Finish”
SMALL BUT IMPORTANT
HOW TO REMOVE RECOVERY CONSOLE :
I) Remove “cmldr” file from c: drive
II) Remove entry from boot.ini
HOW TO ADD USER IN CMD:
dsadd user “ch=t1 , ou=tech , dc=fresh , dc=com” –disabled no
No comments:
Post a Comment