windows 2000 server and windows server 2003
TRANSCRIPT
Windows 2000 ServerWindows 2000 Serverandand
Windows Server 2003Windows Server 2003
Chapter 8Chapter 8
History of Microsoft NOS’sHistory of Microsoft NOS’s
Windows for Workgroups 3.11Windows for Workgroups 3.11 2000/2003 line started with Windows NT 2000/2003 line started with Windows NT
3.03.0 Evolved to first widespread use in NT 3.51Evolved to first widespread use in NT 3.51 NT 4.0 included Windows 95-like interfaceNT 4.0 included Windows 95-like interface Windows 2000 followed introducing Active Windows 2000 followed introducing Active
DirectoryDirectory Windows 2003 builds on 2000’s strengthsWindows 2003 builds on 2000’s strengths
Introduction to Windows Introduction to Windows 2000/2003 Server2000/2003 Server
Based on Windows NT technologyBased on Windows NT technology Advanced directory serviceAdvanced directory service Built-in internet and LAN servicesBuilt-in internet and LAN services Several flavors based on needs:Several flavors based on needs:
StandardStandard Enterprise (adds clustering, higher RAM, greater Enterprise (adds clustering, higher RAM, greater
SMP)SMP) Datacenter (higher RAM, greater SMP over Datacenter (higher RAM, greater SMP over
Enterprise)Enterprise) Web (low-end for web serving only)Web (low-end for web serving only)
Some Benefits of Windows Some Benefits of Windows 2000/2003 Server NOS2000/2003 Server NOS
Advanced system of organizing and managing Advanced system of organizing and managing network objects, called Active Directorynetwork objects, called Active Directory
Multiple, integrated services manageable from a Multiple, integrated services manageable from a graphical interfacegraphical interface
Support for multiple, modern protocols and Support for multiple, modern protocols and security standards (Kerberos, LDAP)security standards (Kerberos, LDAP)
Integration with other NOSsIntegration with other NOSs Simple, centralized management of multiple Simple, centralized management of multiple
clientsclients Flexible, customizable network management Flexible, customizable network management
interfaceinterface Single management tool called MMCSingle management tool called MMC Installation ServicesInstallation Services Enterprise-wide management capabilitiesEnterprise-wide management capabilities
Active DirectoryActive Directory
Standards-based directory serviceStandards-based directory service Stores basic user info and provides Stores basic user info and provides
authenticationauthentication Extensible to fit needs of organizationExtensible to fit needs of organization Database-likeDatabase-like
Active DirectoryActive Directory
SchemaSchema Set of Set of
definitions of definitions of kinds of kinds of objects and objects and information information associated associated with those with those objects that objects that the Active the Active Directory Directory database can database can containcontain
Figure 8-10: Active Directory and a simple user schema
AD AttributesAD Attributes
KeyKey AttributeAttribute
CNCN Common NameCommon Name
LL LocalityLocality
STST State or ProvinceState or Province
OO OrganizationOrganization
OUOU Organizational UnitOrganizational Unit
CC CountryCountry
STREETSTREET Street AddressStreet Address
DCDC Domain ComponentDomain Component
UIDUID UseridUserid
Example: ldap://cn=Mickel, Jason T (mickelj),ou=Administration,dc=juniata,dc=edu
DomainsDomains
Group of Group of users, users, servers, and servers, and other other resources resources that share a that share a database of database of account and account and security security informationinformation
Figure 8-12: Multiple domains in one organization
DomainsDomains
Domain controllerDomain controller Windows 2000/2003 server that contains a Windows 2000/2003 server that contains a
replica of the Active Directoryreplica of the Active Directory Member serverMember server
Does not hold directory information and, Does not hold directory information and, therefore, cannot authenticate userstherefore, cannot authenticate users
ReplicationReplication Process of copying Active Directory data to Process of copying Active Directory data to
multiple domain controllersmultiple domain controllers
DomainsDomains
Figure 8-13: A Windows 2000/2003 domain model network
Organizational UnitsOrganizational Units
Container Container within an NOS within an NOS directory used directory used to group to group objects with objects with similar similar characteristics characteristics or privilegesor privileges
Figure 8-14: A tree with multiple domains and OUs
Domain Layout at JuniataDomain Layout at Juniata
juniata.edu(Domain)
Administration(Users)
Faculty(Users)
Students(Users)
Computers Graduates Groups Guests
Student Faculty Administration Shares Mailboxes
Active Directory Active Directory Beyond Usernames & PasswordsBeyond Usernames & Passwords
AD stores limitless information about users, AD stores limitless information about users, computers, printers, etc.computers, printers, etc.
Built-in fields include:Built-in fields include: Address/telephoneAddress/telephone DepartmentDepartment SupervisorSupervisor
Extended by applications to store other infoExtended by applications to store other info Exchange mailboxesExchange mailboxes
Can be extended manually to include Can be extended manually to include organization specific dataorganization specific data uPortal groups and grad yearuPortal groups and grad year
Most configuration data has a home in ADMost configuration data has a home in AD
User TypesUser Types
The The GuestGuest account is a predefined user account is a predefined user account with limited privileges that allows a account with limited privileges that allows a user to log onto the computeruser to log onto the computer
The The AdministratorAdministrator account is a predefined account is a predefined user account that has the most extensive user account that has the most extensive privileges for resources both on the computer privileges for resources both on the computer and on the domain it controlsand on the domain it controls
A A local accountlocal account only has rights on the only has rights on the server they are logged ontoserver they are logged onto
A A domain accountdomain account has rights throughout has rights throughout the domainthe domain
Group TypesGroup Types
A A domain local groupdomain local group is one that allows its is one that allows its members access to resources within a single members access to resources within a single domaindomain
A A global groupglobal group allows its members access to allows its members access to resources within a single domainresources within a single domain
A A universal groupuniversal group is one that allows its is one that allows its members to access resources across multiple members to access resources across multiple domains and forestsdomains and forests
Services on Services on Windows 2000/2003 ServerWindows 2000/2003 Server
File/Print Server (Windows, UNIX, File/Print Server (Windows, UNIX, Macintosh)Macintosh)
Networking (DNS, DHCP, WINS, RAS, VPN)Networking (DNS, DHCP, WINS, RAS, VPN) Mail (SMTP, POP3, IMAP)Mail (SMTP, POP3, IMAP) Web (HTTP, HTTPS, ASP)Web (HTTP, HTTPS, ASP) File System (DFS)File System (DFS) Security (Certificate Authority)Security (Certificate Authority) Streaming MediaStreaming Media
Windows 2000/2003 @ JCWindows 2000/2003 @ JC AD Domain controllers (3)AD Domain controllers (3)
DNS, DHCP, WINSDNS, DHCP, WINS Exchange e-mail/groupware (Webmail)Exchange e-mail/groupware (Webmail) VPNVPN
Outside accessOutside access Wireless authenticationWireless authentication
File/Print ServerFile/Print Server Shares and user directoriesShares and user directories Public and shared office printersPublic and shared office printers
Tape BackupTape Backup SQL Database ServerSQL Database Server Systems Management ServerSystems Management Server Miscellaneous…Miscellaneous…
Techniques and Tools to Manage It Techniques and Tools to Manage It AllAll
Microsoft Management Console (MMC)Microsoft Management Console (MMC) Event LogsEvent Logs Windows Management Instrumentation (WMI)Windows Management Instrumentation (WMI) Command Prompt (cmd)Command Prompt (cmd) Batch/Command FilesBatch/Command Files ScriptingScripting Group PolicyGroup Policy Remote Installation ServicesRemote Installation Services Systems Management Server (SMS)Systems Management Server (SMS)
MMCMMC
GUI Framework to add in all management GUI Framework to add in all management toolstools
Tools are called “snap-ins”Tools are called “snap-ins” Can add any MMC-aware snap-in from Can add any MMC-aware snap-in from
Microsoft or third partyMicrosoft or third party MMC Demo…MMC Demo…
Event LogsEvent Logs
Information about your server and processesInformation about your server and processes All servers have:All servers have:
Application – applications and processesApplication – applications and processes Security – user and computer login informationSecurity – user and computer login information System – services and boot processesSystem – services and boot processes
Domain Controllers have DNS, File Replication Domain Controllers have DNS, File Replication Service, and Directory Service logsService, and Directory Service logs
Best place to check first when problems ariseBest place to check first when problems arise
WMIWMI
Service that contains all computer-specific Service that contains all computer-specific infoinfo CPU, Memory, Drives, Services, etc.CPU, Memory, Drives, Services, etc.
Can be queried from batch files and scriptsCan be queried from batch files and scripts Instrumental to SMS and any other Instrumental to SMS and any other
inventory processinventory process Built-in to all Windows 2000, XP, 2003 Built-in to all Windows 2000, XP, 2003
installationsinstallations
Command PromptCommand Prompt
This is where it all started!This is where it all started! Most Windows commands can be run from Most Windows commands can be run from
cmdcmd Some are cmd onlySome are cmd only Quick way to get info and run commands Quick way to get info and run commands
vs. stepping through the GUIvs. stepping through the GUI Despite GUI, Windows has a powerful Despite GUI, Windows has a powerful
command languagecommand language
Batch/Command FilesBatch/Command Files
Series of commands that the server should Series of commands that the server should executeexecute
Quick to write, but…Quick to write, but… Not very sophisticatedNot very sophisticated
Simple programming languageSimple programming language
ScriptingScripting
Windows Scripting HostWindows Scripting Host Sophisticated programming languageSophisticated programming language Based on Visual Basic/VBScriptBased on Visual Basic/VBScript Interfaces with WMI and other Windows Interfaces with WMI and other Windows
internalsinternals Automate TasksAutomate Tasks
User/Group creation, modification, or deletionUser/Group creation, modification, or deletion Computer inventoryComputer inventory Manage sharesManage shares
Group PolicyGroup Policy
Centralized management tool for all or part of the Centralized management tool for all or part of the enterpriseenterprise
Collection of user and computer configuration settingsCollection of user and computer configuration settings Ability to make configuration changes from a central Ability to make configuration changes from a central
location to all machines and userslocation to all machines and users Enforce common security standards and configurationsEnforce common security standards and configurations Simplify PC deployment processSimplify PC deployment process Handles:Handles:
Registry, software deployment, disk quotas, folder redirection, Registry, software deployment, disk quotas, folder redirection, software settings (IE, Office, etc.), software restrictionssoftware settings (IE, Office, etc.), software restrictions
RISRIS
Centralized method of deploying WindowsCentralized method of deploying Windows Can be as manual or automatic as desiredCan be as manual or automatic as desired Simplifies process of installing and Simplifies process of installing and
configuring PCsconfiguring PCs Third party methods available such as Third party methods available such as
Symantec GhostSymantec Ghost
SMSSMS
The ultimate Microsoft management tool!The ultimate Microsoft management tool! Allows centralized:Allows centralized:
Hardware/Software inventoryHardware/Software inventory Remote software installationRemote software installation Patch managementPatch management Help desk PC takeoverHelp desk PC takeover
Planning for Installation:Planning for Installation:Preinstallation DecisionsPreinstallation Decisions
How many, how large, and what kind of How many, how large, and what kind of partitions will the server requires?partitions will the server requires?
What type of file system will the server What type of file system will the server use?use?
What will the server’s name be?What will the server’s name be? Which protocols and network services Which protocols and network services
should the server use?should the server use? What will the Administrator password be?What will the Administrator password be?
Planning for Installation:Planning for Installation:Preinstallation DecisionsPreinstallation Decisions
Should the network use domains or Should the network use domains or workgroups, and, if so, what will they be workgroups, and, if so, what will they be called?called?
Will the server support additional services?Will the server support additional services? Which licensing mode should I choose?Which licensing mode should I choose?
Per serverPer server Per seatPer seat
How can I remember all of this How can I remember all of this information?information?
CreditsCredits
Allen, Robbie, Allen, Robbie, Active Directory, 2Active Directory, 2ndnd Edition Edition, , O’Reilly, 2003.O’Reilly, 2003.