windows server 2008 environment
DESCRIPTION
serverTRANSCRIPT
1
2
To my loving wife of more than 9 years, who continues to provide me love
and encouragement even when I don’t deserve it.
3
Acknowledgments
No book is written alone. Instead, there is a wealth of people working behind the scenes
to help make a book the best possible. I‟m grateful for the hard work put in behind the
scenes by several people. Kamal Harmoni, Kharizan, Hj. Shukri, Fadhlina, Ruslan,
Azzahari, Alanto, and Nor Izwan, all provided a significant amount of work that helped
produce this book. I‟m grateful to each of them.
About the Author
Zulfadli Mohd Saad has been teaching Microsoft networking concepts since the DOS
days and has been teaching a myriad of other topics since many years before then. He‟s
been a Malaysia Skills Competition Coach for trade IT PC/Network Support since 2003
and holds many other certifications, including Certified Ethical Hacker, National
Industrial Specialist (IT02-00 Information & Communication Technology), National
Industrial Specialist Instructor (IT02-00 Information & Communication Technology),
Certificate of Excellent MySkills-ASEAN 2009 (IT PC/Network Support), Diploma of
Excellent MySkills 2008 (IT PC/Network Support) and Bronze Medal MySkills 2010 (IT
PC/Network Support)
Zulfadli has developed several video training courses for People Trust Council (Majlis Amanah Rakyat) and has written and co-authored several other technical books. He has a passion for teaching and enjoys sharing knowledge in the classroom as much as he does through books.
He currently works full-time on a government contract providing a wide array of technical training to government personnel in support of a network operations support center. He moonlights as an adjunct instructor at a local college (MARA Vocational Institute) teaching Network System Administration courses.
Zulfadli lives with his wife and four children in Ipoh, Perak, but on most weekends they can‟t be found because they always travel. He‟s found that configuring networks is a piece of cake compared to building a good house and happy family, but he hasn‟t given up yet.
4
Table Of Contents
Title Page
Exercise 1 Installing Windows Server 2008 6
Exercise 2 Initial Configuration
17
Exercise 3 Installing And Configuring DNS
29
Exercise 4 Installing Active Directory
55
Exercise 5 Creating Organization Units And Users
74
Exercise 6 Configuring Client Computer
96
Exercise 7 Viewing Computers In Active Directory
106
Exercise 8 Delegating Management Of Users
124
Exercise 9 Exploring Group Scopes and Types
141
Exercise 10 Creating And Applying Group Policies
155
Exercise 11 Creating And Sharing Resources
174
Exercise 12 Logon Scripts
208
5
Table Of Contents Title Page
Exercise 13 Home Directories 226
Exercise 14 Disk Quotas 247
Exercise 15 Managing Software Applications
261
Exercise 16 Viewing Events
319
Exercise 17 Auditing
327
Exercise 18 Installing And Configuring Printer 367
Exercise 19 Other Administrative Tools
399
Exercise 20 Installing And Configuring DHCP Server 453
Exercise 21 Installing And Configuring Web Server 481
Exercise 22 Installing And Configuring FTP Server 519
6
Exercise 1
Installing Windows Server 2008
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
7
Exercise 1 : Installing Windows Server 2008 In this section, you should be able to :
Describe the different editions of Server 2008 Describe the requirements for a full installation Get a free evaluation copy of Windows Server 2008 (if you don‟t already have
one) and how to install it. Perform Full Installation of Server 2008
Hardware Requirements Table 1.1 lists the basic system requirements for Windows Server 2008 editions.
Standard Enterprise Datacenter
Processor (min) 1 GHz (x86) 1.4 GHz (x64)
1 GHz (x86) 1.4 GHz (x64)
1 GHz (x86) 1.4 GHz (x64)
Processor (recommended) 2 GHz or faster 2 GHz or faster 2 GHz or faster
Memory (min) 512 MB 512 MB 512 MB
Memory (recommended) 2 GB or more 2 GB or more 2 GB or more
Memory (max) 4 GB (32 bit) 32 GB (64 bit)
64 GB (32 bit) 2 TB (64 bit)
64 GB (32 bit) 2 TB (64 bit)
Disk space (min) 10 GB 10 GB 10 GB
Disk space (recommended) 40 GB 40 GB 40 GB
TABLE 1.1 Hardware requirements for Windows Server 2008 editions. Hardware resources would need to be increased for any systems using Hyper-V technology and running virtual machines. For example, if you‟re running three virtual servers within a Windows Server 2008 Enterprise edition, you would need additional processing power, more memory, and more disk space.
How to Obtain a Copy of Windows Server 2008? It‟s common for Microsoft to provide free evaluation copies of Server operating systems for use. Currently, you can download Windows Server 2008 30-day and 60-day evaluation editions free of charges at : http://www.micosoft.com/windowsserver2008/en/us/trial-software.aspx
8
Beware, though. These files are quite large. If you‟re using a slower dial-up link, you might want to see whether Microsoft is currently offering an evaluation DVD via regular mail. There‟s a nominal cost involved with this option, but it‟s better than trying to download more than 2GB at 56KB. The download is an .iso image of the actual DVD. Search with your favorite search engine for Download Windows Server 2008, and you‟ll find the link. Once you download the .iso image, you can burn it to a DVD. If you don‟t have the software needed to burn it to DVD, you can use one of many freeware utilities (such as ImgBurn) to burn the .iso image to your DVD. EXERCISE 1.1 Installing Windows Server 2008 1. Insert the Windows Server 2008 DVD into your DVD drive. Boot your PC using
Windows Server 2008 DVD.
2. Language and Keyboard Options.
This allows you to specify your language and your keyboard layout. By default, text input language and method is : US Keyboard layout (Figure 0001).
Figure 0001 : Language and Keyboard Options
2.1. Click Next to continue.
9
3. Windows Server 2008 Setup You are presented with options to Install, brief information about Server 2008 or repair (Figure 0002).
Figure 0002 : Windows Server 2008 Setup
3.1 Click Install now to start setup Windows Server 2008 on this computer.
4. Product Key and Activation
Figure 0003 : Product Key and Activation
4.1 Enter your "Product Key" for activation now or you can enter it later (Figure
0003).
10
4.2. Click Next to continue.
Figure 0004 : Product Key Warning
4.3. If you leave the product key box blank, the warning window will appear (Figure
0004); just click No to continue.
5. Windows Server Version
5.1. Select Windows Server 2008 Enterprise (Full Installation), (as shown in the
Figure 0005).
Figure 0005 : Windows Version
5.2. Tick the box of I have selected the edition of Windows that I purchased.
5.3. Click Next.
11
6. Windows Server 2008 License Agreement
6.1. Read the terms of the license agreement.
If you accept (which, of course, you have to do to continue installation), tick the box of I accept the license terms (Figure 0006).
Figure 0006 : Windows Server 2008 License Agreement
6.2. Click Next to continue.
12
7. Installation Options. You are presented with options to Upgrade or Custom (advanced). Click Custom (advanced), (Figure 0007).
Figure 0007 : Installation Options
8. Partition Options
8.1. Click Drive options (advanced), (Figure 0008).
Figure 0008 : Drive options
13
8.2. Click New, (Figure 0009).
Figure 0009 : New Partition
8.3. Change the size to 40,000 MB, (Figure 0010).
Figure 0010 : Partition Size
8.4. Click Apply.
14
8.5. Select Disk 0 Partition 1 (Figure 0011).
Figure 0011 : Partition
8.6. Click Next. The partition will be formatted with NTFS as part of the installation. At this point, take a break. The installation will continue on its own.
Figure 0012 : Installing Windows
15
9. First Time Login When you first time login, the windows warning will appear ask you to change the user password before logging on for the first time (Figure 0013).
Figure 0013 : First time login
9.1 Click OK.
10. Change Administrator Password. 4.1 Enter a new password in the two test boxes (Figure 0014). Enter
Pr@ctice in this exercise. It meets complexity requirements and doesn‟t require you to remember multiple passwords. Don‟t use this password on a production server.
Figure 0014 : Change Administrator password
10.2 Hit Enter button after the passwords are entered.
16
Figure 0015 : Password changed successfully
10.3 Once the password has been changed, the screen indicates success
(Figure 0015). Click OK. Congratulation! You have finish install the Windows Server 2008.
Summary In this section you installed Windows Server 2008 on a computer. In the following exercises you will setting time zone, install Active Directory and other services, creating a small network for you to administer.
17
Exercise 2
Initial Configuration
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
18
Exercise 2 : Initial Configuration In this section, you should be able to :
Complete the Initial Configuration Tasks Setup time zone for your server. Configure networking on your server Change your server name
Setting Time Zone In this section, you‟ll learn how to setup time zone for your server. EXERCISE 2.1 Setting Time Zone
1. In Initial Configuration Tasks, select Set time zone (Figure 0016).
Figure 0016 : Set time zone
2. Click Change time zone (Figure 0017).
Figure 0017 : Change time zone
19
3. Select time zone appropriate for your location.
e.g. (GMT+08:00) Kuala Lumpur, Singapore (Figure 0018).
Figure 0018 : Time zone
4. Click OK.
5. Click OK again (Figure 0019).
Figure 0019 : Change time zone
20
Configuring Network In this section, you‟ll learn how to configure networking on your server. Make sure you have hook up your server to the network before you start. EXERCISE 2.2 Configuring Network
1. In Initial Configuration Tasks, select Configure networking (Figure 0020).
Figure 0020 : Configure networking
2. Double-click Local Area Connection (Figure 0021).
Figure 0021 : Local Area Connection
21
3. Click Properties button (Figure 0022).
Figure 0022 : Local Area Connection Properties
4. Uncheck Internet Protocol Version 6 (TCP/IPv6), because we only use
TCP/IPv4 only (Figure 0023).
Figure 0023 : TCP/IPv6
22
5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button
(Figure 0024).
Figure 0024 : TCP/IPv4
6. Now set your server IP address, and ensure that you are using a static IP
address. For this exercise, I‟m using number 21 as my server station number (Figure 0025).
Tips:
Use the following IP address:
IP address : 192.168.2.SN (server station number)
Subnet mask : 255.255.255.0
Default gateway : 192.168.2.ISIP (internet server IP address)
Use the following DNS server address:
Preferred DNS server : 192 . 168 . 2 . DNS (1st DNS server IP address) Alternate DNS server : ___ . ___ . ___ . ___ (2nd DNS server IP address)
23
Figure 0025 : Static IP address
7. Click Advanced button after complete setting your IP address (Figure 0025).
8. Select the DNS tab (Figure 0026).
Figure 0026 : Advanced TCP/IP Setting
9. Specify myserver.com as the DNS suffix for this connection (Figure 0026).
10. Tick Use this connection’s DNS suffix in DNS registration box (Figure 0026).
24
11. Click OK (Figure 0026).
12. Click OK again.
13. Click Close button to close Local Area Connection Properties (Figure 0027).
Figure 0027 : Local Area Connection Properties
14. Click Close button to close Local Area Connection Status. 15. Close Network Connection properties (Figure 0028).
Figure 0028 : Network Connection properties
25
Changing Computer Name In this section, you‟ll learn how to change your server name. EXERCISE 2.3 Changing Computer Name
1. In Initial Configuration Tasks, select Provide computer name and domain
(Figure 0029).
Figure 0029 : Provide computer name and domain
2. Click Change... button (Figure 0030).
Figure 0030 : System Properties
26
3. Key-in your server name at Computer name: box. In this exercise I user
server21 as my computer name (Figure 0031). And click OK.
Figure 0031 : Computer Name
4. Windows remind you to restart your computer to apply the changes. Click OK.
Figure 0032 : Computer Name – Restart Reminder
27
5. Click Close button on System Properties dialog box (Figure 0033).
Figure 0033 : System Properties
6. Click Restart Now to reboot your computer (Figure 0034).
Figure 0034 : Restart Computer
28
7. After restart, login your server as Administrator (Figure 0035)
Figure 0035 : Login
Summary In this section you have configure Time Zone, Networking and Computer Name for your Server 2008. In the following exercises you will install Active Directory and other services for you to administer.
29
Exercise 3
Installing and Configuring DNS
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
30
Exercise 3 : Installing and Configuring DNS Installing Domain Name System (DNS) Services Role
In this section, you‟ll learn how to implement a domain name server for your network. Domain Name System (DNS) provides a standard method for associating names with numeric Internet addresses. This makes it possible for users to refer to network computers by using easy-to-remember names instead of a long series numbers.
Windows DNS services can be integrated with Dynamic Host Configuration Protocol (DHCP) services on Windows, eliminating the need to add DNS records as computers are added to the network.
The first step is required to ensure that you are using a static IP address and that the DNS settings on the computer have been correctly configured. Make sure your have hook up your PC to the network and you are using a static IP address before you start. EXERCISE 3.1 Installing Domain Name System (DNS) Services Role
1. Launch Server Manager. Click Start ►Administrator Tools ► Server Manager (Figure 0036).
Figure 0036 : Launch Server Manager
31
2. In Server Manager, select Roles (Figure 0037).
Figure 0037 : Roles
3. Select Add Roles (Figure 0038).
Figure 0038 : Add Roles
4. On the Before You Begin page, review the requirements, and click Next (Figure
0039).
Figure 0039 : Add Roles – Before You Begin
32
5. On the Select Server Role page, select the check box next to DNS Server, and click Next (Figure 0040).
Figure 0040 : Server Roles – DNS Server
6. On the DNS Server page, review the information, and click Next (Figure 0041).
Figure 0041 : DNS Server
33
7. On the Confirm Installation Selections page, click Install (Figure 0042).
Figure 0042 : Confirm Installation Selections
Please wait. This operation will take a few minutes.
Figure 0043 : Installation Progress
34
8. On the Installation Result page, review the information. Click Close to continue (Figure 0044).
Figure 0044 : Installation Result
35
EXERCISE 3.2 Configuring Domain Name System (DNS)
9. Launch DNS Manager. Click Start ►Administrator Tools ► DNS (Figure 0045)
Figure 0045 : Launch DNS Manager
10. Double-click on the computer icon to expand the DNS Server (Figure 0046).
Figure 0046 : DNS Manager
36
EXERCISE 3.2.1 Configuring Forward Lookup Zones
11. Click on Forward Lookup Zones first, and then right-click on it.
12. Select New Zone (Figure 0047)
Figure 0047 : Create New Zone
13. New Zone welcome wizard appear. Click Next to continue (Figure 0048).
Figure 0048 : New Zone Welcome Wizard
37
14. Select Primary zone and click Next button (Figure 0049).
Figure 0049 : Zone Type
15. The New Zone Wizard dialog box requests the name for the zone. Enter the
name that has been assigned to your domain (this example uses myserver.com). (Figure 0050).
Figure 0050 : Zone Name
16. Once you have entered the correct name for the zone name, click Next button to
continue.
38
17. The dialog box now displays the name that will be used to the new zone file. Leave the filename as suggested, then click Next (Figure 0051).
Figure 0051 : Zone File
18. Select the option "Allow both nonsecure and secure dynamic updates". Click
Next to continue (Figure 0052).
Figure 0052 : Dynamic Update
39
19. Click Finish to close the wizard and create the new zone (Figure 0053).
Figure 0053 : Successfully Completed the New Zone Wizard
40
EXERCISE 3.2.2
Creating Forward Lookup Zones New Host
20. Double click to expand Forward Lookup Zones.
21. Right click myserver.com and select New Host (Figure 0054).
Figure 0054 : Create New Host
22. Enter IP address for DNS server (myserver.com) and click Add Host (Figure 0055).
Figure 0055 : New Host
23. Click OK button.
24. Click Done button to exit New Host Wizard.
41
25. After finish configuring Forward Lookup Zones, recheck myserver.com must have minimum three(3) types resource record – (SOA), (NS) and (A). (Figure 0056).
Figure 0056 : Forward Lookup Zones
42
EXERCISE 3.3
Configuring Reverse Lookup Zones
26. Click on Reverse Lookup Zones.
27. Right click Reverse Lookup Zones and select New Zone (Figure 0057).
Figure 0057 : Add a New Zone
28. New Zone welcome wizard appear. Click Next to continue (Figure 0058)
Figure 0058 : New Zone Welcome Wizard
43
29. Select Primary zone and click Next button (Figure 0059)
Figure 0059 : Zone Type
30. Select IPv4 Reverse Lookup Zone and click Next to continue (Figure 0060).
Figure 0060 : Reverse Lookup Zone Name
44
31. A reverse zone maps IP addresses to computer names, so it has to know what range of IP addresses it will be responsible for. Enter the first 3 octets of the IP address that has been allocated to your network domain (Figure 0061).
Figure 0061 : Network ID
32. After entering the network ID, click Next button to continue.
33. The wizard will display the name of the reverse zone file that it will create. Leave
the filename as suggested, then click Next (Figure 0062).
Figure 0062 : Zone File
45
34. Select the option "Allow both nonsecure and secure dynamic updates". Click Next to continue (Figure 0063)
Figure 0063 : Dynamic Updates
35. Click Finish to close the wizard and create the new zone (Figure 0064).
Figure 0064 : Successfully Completed the New Zone Wizard
46
EXERCISE 3.3.1
Creating Reverse Lookup Zones New Pointer (PTR)
36. In the DNS manager window, double-click the computer icon and expand the Reverse Lookup Zone field.
37. Expand the subnet field.
38. Right-click the subnet field and select New Pointer (Figure 0065).
Figure 0065 : Create New Pointer
39. Enter the IP address of your domain server (Figure 0066).
Figure 0066 : Host IP Address
40. Click Browse button to browse for host name.
47
41. Double click your server icon (Figure 0067).
Figure 0067 : Browse Host Name - Domain
42. Double click Forward Lookup Zones (Figure 0068).
Figure 0068 : Browse Host Name - Forward Lookup Zones
48
43. Double click your domain (Figure 0069).
Figure 0069 : Browse Host Name – Domain.com
44. Double click Host (A) record (Figure 0070).
Figure 0070 : Browse Host Name – Host (A)
49
45. Click OK to create new pointer (Figure 0071).
Figure 0071 : New Pointer Complete Data
46. After finish configuring Reverse Lookup Zones, recheck the subnet field. The subnet field must have minimum three(3) types resource record – (SOA), (NS) and (PTR). (Figure 0072).
Figure 0072 : Reverse Lookup Zones
50
EXERCISE 3.4
Testing The DNS Server
In this section you verify that the DNS Server is installed, running, and correctly configured.
47. In the DNS manager window, right-click the computer icon and select properties (Figure 0073).
Figure 0073 : DNS Manager – Server Properties
48. Click the Monitoring tab (Figure 0074).
Figure 0074 : DNS Server Properties
51
49. Enable both tests and click Test Now button (Figure 0075).
Figure 0075 : DNS Server Properties - Monitoring
Do not proceed till the test results for Simple Query indicate Pass. Your recursive query result will indicate Fail because we did not configure our DNS to query to other DNS server.
50. Click OK to continue
51. Close the DNS Manager.
52
EXERCISE 3.5
Testing The DNS Server Using NSLOOKUP To Query DNS In this exercise you will use a client tool to check the operation of the DNS server. You will query both a forward and reverse lookup.
52. Launch Run. Click Start ►Run (Figure 0076).
Figure 0076 : Launch RUN
53
53. Enter nslookup and click OK (Figure 0077).
Figure 0077 : Launch Nslookup Program
54. A command prompt DOS window will appear with the program nslookup running in it (Figure 0078). The default server name and IP address of the DNS server will be shown.
Figure 0078 : Running Nslookup
55. To perform a forward lookup (resolve a computer name to an IP address) enter the name of the computer (e.g. myserver.com) (Figure 0079).
Figure 0079 : Query Forward Lookup
54
56. Press ENTER. Your query result will be same as Figure 0080 below.
Figure 0080 : Query Forward Lookup Result
57. To perform a reverse lookup (resolve an IP address to a computer name), enter the IP address given in step 56 and press ENTER (Figure 0081).
Figure 0081 : Query Reverse Lookup
58. Close the command prompt windows (Figure 0082).
Summary
The DNS server is a database that manages computer names and their IP addresses. Zone files are used to store this information. Within a zone, a forward lookup resolves computer names to IP addresses. A reverse zone resolves IP addresses to computer names.
A client tool such as NSLOOKUP can be used to test the operation of a DNS server.
55
Exercise 4
Installing Active Directory
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
56
Exercise 4 : Installing Active Directory In this exercise you will install active directory services (ADS) and change to native mode (where the server acts purely with ADS). Once ADS is installed, you will be able to take advantage of many of the new features of Windows 2008 in managing users, computers and sites.
Adding Active Directory Domain Services Role In this section, you‟ll learn how to adding Active Directory Domain Services Role. EXERCISE 4.1 Adding Active Directory Domain Services Role
1. Launch Server Manager. Click Start ►Administrator Tools ► Server Manager (Figure 0082).
Figure 0082 : Launch Server Manager
57
2. In Server Manager, select Roles (Figure 0083).
Figure 0083 : Roles
3. Select Add Roles (Figure 0084).
Figure 0084 : Add Roles
4. On the Before You Begin page, review the requirements, and click Next (Figure 0085).
Figure 0085 : Add Roles – Before You Begin
58
5. On the Select Server Role page, select the check box next to Active Directory
Domain Services, and click Next (Figure 0086).
Figure 0086 : Server Roles
6. On the Active Directory Domain Services page, review the information, and click
Next (Figure 0087).
Figure 0087 : Active Directory Domain Services
59
7. On the Confirm Installation Selections page, click Install (Figure 0088).
Figure 0088 : Confirm Installation Selections
Please wait. This operation will take a few minutes.
Figure 0089 : Installation Progress
60
8. On the Installation Result page, review the information.
Click Close (Figure 0090).
Figure 0090 : Installation Result
Note : You still must run the Active Directory Domain Services Installation Wizard (DCPromo) to make the server a fully functional domain controller.
61
Installing Active Directory Domain Services In this section, you‟ll learn how to installing Active Directory Domain Services. EXERCISE 4.2 Installing Active Directory Domain Services
9. Logon into a Windows Server 2008 server as Administrator.
10. Click Start ►Run. At the Run line, enter DCPromo, and click OK (Figure 0091).
Figure 0091 : Run dcpromo
11. On the Welcome screen, click Next (Figure 0092).
Figure 0092 : Welcome Screen
62
12. On the Operating System Compatibility screen, review the information, and click Next (Figure 0093).
Figure 0093 : Operating System Compatibility Screen
13. On the Choose a Deployment Configuration screen, select Create a New Domain in a New Forest. Click Next (Figure 0094).
Figure 0094 : Choose a Deployment Configuration Screen
63
If your computer were part of an existing forest, you could create a replica domain controller within an existing domain. However, this exercise is assuming your server will be the first domain controller in the forest.
14. On the Name the Forest Root Domain screen, enter MYServer.com as the fully qualified domain name.
Click Next (Figure 0095).
Figure 0095 : Name the Forest Root Domain Screen
15. If Domain NetBIOS Name page appears, accept the default of MYSERVER.
16. On the Set Forest Functional Level screen, select the Forest functional level of
Windows Server 2008. This ensures that any new domains created in this forest will automatically operate at the Windows Server 2008 domain functional level, which does provide unique features. If you had a network that has a Windows 2000 Remote Access Server, you would select the compatible option (Figure 0096).
Figure 0096 : Set Forest Functional Level Screen
64
17. Click Next to continue.
18. On the Additional Domain Controller Options screen, note that both the DNS
server and the global catalog are selected as options. Active Directory Domain Services requires DNS, and if not available on the network, DCPromo will give you the option of installing it. Additionally, the first domain controller within a domain is a global catalog server.
Figure 0097 : Additional Domain Controller Options Screen
Note : If you have dynamically assigned IP addresses, a warning will appear indicating you must assign static IP addresses for both IPv4 and IPv6. Either assign static IP addresses or click Yes; the computer will use a dynamically assigned IP address and configure static IP addresses later. As a best practice, domain controllers should use statically assigned IP addresses. Click Next to continue (Figure 0097).
65
19. If this server is on an isolated network without other DNS servers, a warning
dialog box will appear indicating that a delegation for this DNS server can‟t be created and other hosts may not be able to communicate with your domain from outside the domain. This is normal when installing DNS for the first domain controller in a forest. Click Yes to continue (Figure 0098).
Figure 0098 : Warning Dialog Box
20. On the Location for Database, Log Files, and SYSVOL screen, accept the defaults. Click Next (Figure 0099).
Figure 0099 : Location for Database, Log Files, and SYSVOL Screen
66
21. On the Directory Services Restore Mode Administrator Password screen, enter @xercisE in both the Password and Confirm password boxes. This password is needed if you need to restore Active Directory Domain Services. On a production domain controller, a more secure password would be required. Click Next (Figure 0100).
Figure 0100 : Directory Services Restore Mode Administrator Password Screen
22. On the Summary screen, review your selections, and click Next (Figure 0101). Active Directory Domain Services will be installed.
Figure 0101 : Summary Screen
67
23. After a few minutes, the wizard will complete (Figure 0102).
Figure 0102 : AD Installation Progress
24. If a warning message appeared same as below, just click OK. This message appeared because we already created the DNS zone before (Figure 0103).
Figure 0103 : Warning Message
25. On the Completion screen, click Finish (Figure 0104).
Figure 0104 : Completion Screen
68
26. On the Active Directory Domain Services dialog box, click Restart Now (Figure 0105). Once your system reboots, Active Directory Domain Services will be installed.
Figure 0105 : Restart Confirmation Screen
27. After restart, login your server as Administrator (Figure 0106).
Figure 0106 : Login
69
EXERCISE 4.3
Recheck Network Configuration
Now you need to recheck your network configuration because sometime after installing Active Directory Domain Services, the network configurations change to localhost setting.
28. Launch Network and Sharing Center. Click Start ► Right click Network ►
Properties (Figure 0107).
Figure 0107 : Network Properties
70
29. Under myserver.com (Domain network), click View status (Figure 0108).
Figure 0108 : View Network Status
30. Click Properties button to open Local Area Connection Properties (Figure 0109).
Figure 0109 : Local Area Connection Status
71
31. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button (Figure 0110).
Figure 0110 : Local Area Connection Properties
Figure 0111 : Internet Protocol Version 4 (TCP/IPv4) Properties
72
32. Check your network configurations; make sure the configurations correct (Figure
0112).
Figure 0112 : Network Configurations
33. Now click the Advanced button (Figure 0112).
34. Select the DNS tab (Figure 0113).
35. Specify myserver.com as the DNS suffix for this connection (Figure 0113).
36. Tick Use this connection’s DNS suffix in DNS registration box (Figure 0113).
37. Click OK (Figure 0113).
38. Click OK again.
73
Figure 0113 : Advanced TCP/IP Setting
39. Close all remaining windows.
Summary
Windows Server 2008 brings a lot of new features and benefits that will drive a lot of migrations to the new operating system. This chapter presented many of these new additions.
One of the significant benefits of Windows Server 2008 is virtualization. Three editions (Windows Server 2008 Standard with Hyper-V, Windows Server 2008 Enterprise with Hyper-V, and Windows Server 2008 Datacenter with Hyper-V) support virtualization.
Each edition can be purchased with or without Hyper-V, which is the technology that supports virtualization. The Standard edition supports one virtual server, the Enterprise edition supports as many as four virtual servers, and the Datacenter edition supports an unlimited number of virtual servers. Virtualization is supported only on 64-bit operating systems.
In this chapter, you learned about the new features of Windows Server 2008. These included Server Manager, Server Core, PowerShell, Windows Deployment Services, and read-only domain controllers.
Exercises led you through the process of installing Windows Server 2008 on a PC. After reviewing many of the basics of Active Directory Domain Services, you learned how to promote the server to a domain controller.
74
Exercise 5
Creating Organization Units
And Users
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
75
Exercise 5 : Creating Organizational Units And Users In this section, you‟ll use active directory to view the default settings that apply to user accounts when they are created. These settings can be overridden for a particular user, a group of users, or all users. You will create a number of organizational units. An OU acts as a container that holds objects such as users.
Creating Organization Units In the following exercise, you will create some organizational units that will act as containers for some users. These organizational units model the departments within a small organization.
EXERCISE 5.1 Creating Organization Units
1. Logon server as administrator.
2. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0114)
Figure 0114 : Run Active Directory Users and Computers
76
3. Click on the myserver.com icon to select it (Figure 0115).
Figure 0115 : Expand Domain
4. On the menu bar, click Action, New, Organizational Unit (Figure 0116).
Figure 0116 : Create New Organization Unit
77
5. Enter Stkm as the name for the new organizational unit (Figure 0117).
6. Uncheck Protect container from accidental deletion (Figure 0117).
7. Click OK (Figure 0117).
Figure 0117 : Create Organization Unit
8. Repeat step 3 to 7 to create the organizational units Sted and Sklr (Figure 0118).
Figure 0118 : Organization Unit
Creating organizational units lets you place users directly into units and assign permissions and rights based on these units. This leads to better administration and delegation control than if you placed users directly into the user container.
When users move from one department to another, it is a simple matter to move the user to the corresponding organizational unit. In this way, they inherit all the new features and rights and of the new organizational unit, ensuring they have full access to all the resources they are entitled to.
78
EXERCISE 5.2 Creating Users within Organizational Units
For proper control, it is better to create users within an OU rather than the Users container. In the following exercise you will create a number of users, modify their properties, and move them from one organizational unit to another.
9. Click the Stkm OU to highlight it (Figure 0119).
Figure 0119 : Stkm OU
Creating new user accounts for Zul
10. Right click Stkm and select New ► User from the menu (Figure 0120).
Figure 0120 : Stkm OU
79
11. Enter the following details for Zul (Figure 0121).
First Name Last Name Full Name User logon name
Zul Zcomby Zul Zcomby zul.zcomby
Figure 0121 : Create New User
12. Click Next.
13. Enter the password as comby. Check the boxes “User cannot change password” and “Password never expires”, then click Next (Figure 0122).
Figure 0122 : Create Password
80
14. Click Finish to create the new user Zul (Figure 0123).
Figure 0123 : New User Account Confirmation
15. The warning below will appear. This warning appears because your password does not meet the password policy requirements. Click OK to continue (Figure 0124).
Figure 0124 : Password Policy Warning
16. Click Cancel to close new user account confirmation window (Figure 0125).
Figure 0125 : New User Account Confirmation
81
EXERCISE 5.2 Configuring Password Policy
17. To disable password policy requirements; launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy Management (Figure 0126)
Figure 0126 : Launch Group Policy Management
82
18. Double click to expand Forest: myserver.com.
19. Expand Domains.
20. Expand myserver.com.
21. Click Default Domain Policy (Figure 0127).
Figure 0127 : Group Policy Management
22. If any warning box appeared; just click OK (Figure 0128).
Figure 0128 : Group Policy Management Console Warning
83
23. Right click Default Domain Policy and select Edit (Figure 0129).
Figure 0129 : Group Policy Management – Default Domain Policy
24. Double click to expand Policies (Figure 0130).
25. Expand Windows Settings.
26. Expand Security Settings (Figure 0130).
Figure 0130 : Group Policy Management – Security Settings
84
27. Double click to expand Account Policies (Figure 0131).
Figure 0131 : Group Policy Management – Password Policy
28. Click Password Policy (Figure 0132).
29. Double click Password must meet complexity requirements under Password Policy to open Password must meet complexity requirements Properties.
Figure 0132 : Group Policy Management - Password Must Meet Complexity Requirements
85
30. Select Disabled under Security Policy Setting tab (Figure 0133).
Figure 0133 : Password Must Meet Complexity Requirements Properties
31. Click OK.
32. Double click Minimum password length under Password Policy to open Minimum password length Properties (Figure 0134).
Figure 0134 : Group Policy Management - Minimum Password Length
86
33. Set No password required to 0 characters (Figure 0135).
Figure 0135 : Minimum Password Length Properties
34. Click OK.
35. Recheck your configuration. Your configuration should be same as figure below (Figure 0136).
Figure 0136 : Group Policy Management - Password Policy
36. Close all windows and RESTART your server. After restarting server, login as Administrator and start create user Zul Zcomby again (follow step 10 to 14). There should be no problem anymore.
87
Creating Users within Organizational Units (Continue)
37. Now create the new user Ocah in the Stkm OU using the following properties (Figure 0137).
First Name Ocah
Last Name Blue
Full Name Ocah Blue
User logon name ocah.blue
Password ocah
User cannot change password
Password never expires
Figure 0137 : Ocah Blue Properties
38. Create the following user account in the Sted OU (Figure 0138).
First Name Ahmad
Last Name Akmal
Full Name Ahmad Akmal
User logon name zul.akmal
Password akmal
User cannot change password
Password never expires
Figure 0138 : Ahmad Akmal Properties
39. Create the following user account in the Sklr OU.
First Name Ain
Last Name Syahmi
Full Name Ain Syahmi
User logon name ain.syahmi
Password ain
User cannot change password
Password never expires
Figure 0139 : Ain Syahmi Properties
88
First Name Ali
Last Name Uddin
Full Name Aliuddin
User logon name ali.zul
Password ali
User cannot change password
Password never expires
Figure 0140 : Aliuddin Properties
First Name Wan
Last Name Saad
Full Name Md Saad
User logon name wan.saad
Password masuri
User must change password at next logon
Account is disabled
Figure 0141 : Md Saad Properties
40. Note the down arrow that appears on the icon for the user Md Saad, indicating this account has been disabled (Figure 0142).
Figure 0142 : AD Users and Computers – User Disabled
89
EXERCISE 5.3 Moving Users within Organizational Units
41. It is easy to delete, rename or move a user from an organization unit. In the above exercise the user Md Saad was inadvertently placed in the wrong OU. Right-click the user Md Saad and select move from the list (Figure 0143).
Figure 0143 : Move Users
42. Click Stkm as the destination OU (Figure 0144).
Figure 0144 : Move Users – Stkm OU
43. Click OK
90
44. Expand the Stkm OU to confirm that the user Md Saad is now a member of Stkm OU (Figure 0145).
Figure 0145 : Stkm OU Members
You have now created a number of users within the organizational units created earlier. At this stage, you cannot see the benefits of doing this. However, the later exercises will start to illustrate why this has been done, by allocating resources to organizational units. Thus, a user will get access to a resource based on their OU membership properties. If a user moves from one organizational unit to another, they will inherit all the resources associated with the new OU.
91
EXERCISE 5.4 Updating User Information In this exercise we will look at default user properties such as logon times and how often they need to change their passwords. Active Directory allows organizations to store significantly more information than in previous versions of Windows. For example, you can store telephone and office information in the Active Directory with the user information.
45. Double click the user Md Saad in the Stkm OU (Figure 0146).
Figure 0146 : User Properties
46. Enter the following details (Figure 0147).
Office Integration
Telephone Number 012-5740157
E-Mail [email protected]
Job Title (Organization) Senior Instructor
Department Computer Technology
Company IKM
Figure 0147 : User Details
92
Figure 0148 : Md Saad Properties - General
Figure 0149 : Md Saad Properties - Organization
47. Click OK to apply the changes.
93
EXERCISE 5.5 Restrict User Logon Hours
48. Double click the user Md Saad in the Stkm OU (Figure 0150).
Figure 0150 : Md Saad Properties
49. Click Account tab (Figure 0151).
Figure 0151 : Md Saad Properties - Account
94
50. Click the Logon Hours button (Figure 0152).
Figure 0152 : Logon Hours
51. Select all areas and click Logon Denied (Figure 0153).
Figure 0153 : Logon Hours for Md Saad – Logon Denied
Restrict the logon hours (under Account Tab) to Monday-Friday, 8am-5pm.
52. Select the areas Monday to Friday and 8am to 5pm (Figure 0154).
Figure 0154 : Logon Hours for Md Saad – Select Areas
95
53. Select Logon Permitted (Figure 0155).
Figure 0155 : Logon Hours for Md Saad – Set Logon Permitted
54. Click the OK button.
55. Click the OK button again. In the above exercise you assigned some organizational information to a user. You also explored some of the properties that can be applied.
96
Exercise 6
Configuring Client Computer
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
97
Exercise 6 : Configuring a Client Computer In this section you will configure Windows XP Professional on the other computer that will be part of your network. This computer will act as a client computer that users of your network can use to access shared resources such as files, software and printers. Make sure that the Windows Server 2008 previously installed is running. Please refer to the following table for client configuration.
Name of This Computer clientxpSN
Name of Organization IKM
Role of This Computer Client Workstation
Name of Installer Administrator
Domain Name same domain name as you did for the Server
TCP/IP Address 192.168.2.SN
TCP/IP Subnet mask 255.255.255.0
TCP/IP Gateway 192.168.2.ServerNumber
Preferred DNS server 192.168.2.ServerNumber
Note : SN = Station Number
Use the same domain name as you did for the Server.
98
EXERCISE 6.1 Network Setting (Windows XP)
1. Run Network Connections application program. Click Start ► All Programs ►Accessories ►Communications ►Network Connections (Figure 0156).
Figure 0156 : Run Network Connections
2. Right click Local Area Connection (Figure 0157).
Figure 0157 : Local Area Connection
3. Select Properties (Figure 0157).
99
4. Double click Internet Protocol (TCP/IP) (Figure 0157).
Figure 0158 : Local Area Connection Properties
5. Now set your client (Windows XP) IP address, and ensure that you are using a
static IP address. For this exercise, I‟m using number 61 as my Windows XP client station number (Figure 0159).
Use the following IP address:
IP address : 192.168.2.SN (client station number)
Subnet mask : 255.255.255.0
Default gateway : 192.168.2.ServerNumber (server IP address)
Use the following DNS server address: Preferred DNS server : 192 . 168 . 2 . ServerNumber (1st server IP address) Alternate DNS server : ___ . ___ . ___ . ___ (2nd server IP address)
100
Figure 0159 : Internet Protocol (TCP/IP) Properties
7. Click the “OK” button (Figure 0159).
Figure 0160 : Local Area Connection Properties
8. Click “OK” button (Figure 0160) and close all remaining windows.
101
EXERCISE 6.2 Joining Domain (Windows XP client)
9. Click Start ►Right-click My Computer (Figure 0161).
Figure 0161 : My Computer
10. Select Properties. (Figure 0162).
Figure 0162 : My Computer - Properties
102
11. Click the Computer Name tab, and then click Change. (Figure 0163).
Figure 0163 : System Properties
12. Click the More button. (Figure 0164).
Figure 0164 : Computer Name Changes - Workgroup
103
13. Specify yourdomain.com as the Primary DNS Suffix for This Computer (Figure 0165).
Figure 0165 : DNS Suffix and NetBIOS Computer Name
14. Click the OK button.
15. Change Computer Name to clientxpSN (Figure 0166).
16. Select "Member of ....... Domain" and enter the name of your Domain (Figure 0166).
Figure 0166 : Computer Name Changes - Domain
17. Click the OK button.
104
18. Now Domain Server will prompt you for Username and Password. Enter any username and password you have created before. (Figure 0167).
Figure 0167 : Join Domain Verification
19. If you get this welcome message : Windows : "Computer Name Changes" - Welcome to the ....... domain"; it means you are successfully joining a domain. (Figure 0168).
Figure 0168 : Domain Welcome Message
20. Since joining a domain is a major change in the security configuration of your system, you will be reminded that you have to restart your system. Click OK (Figure 0169).
Figure 0169 : Restart Reminder
105
21. You will be back in the System Properties, where you are now listed as being part of a domain (Figure 0170).
Figure 0170 : System Properties – Computer Name
22. Click OK to close the remaining dialog boxes (Figure 0170).
23. Click YES to restart the computer. (Figure 0171).
Figure 0171 : Restart Confirmation
.
.
106
Exercise 7
Viewing Computer In Active Directory
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
107
Exercise 7 : Viewing Computer In Active Directory
In this section you will use Active Directory Users and Computers to view information for computers and servers.
When a client workstation is installed using Windows XP Professional or Windows 2000 Professional or Windows Vista or Windows 7, it has its own accounts database and rights. When that client computer joins a domain or Windows Server 2008 network, this means that the domain wide accounts are available for use at the workstation. When a user logs on using the client computer, any policies are applied to the client computer.
Client workstations running Windows XP Professional have their own local accounts database. This means it is possible for an administrator on the workstation to create a local workstation account, which is not the same as the domain account, and allow users to logon to the local computer rather than the domain.
Currently, you should have the Windows Server 2008 and a Windows XP Professional client workstation running.
Log on as administrator to the Windows Server 2008.
EXERCISE 7.1
Viewing Computers and Servers in Active Directory In this exercise, you will use Active Directory Users and Computers to view the workstations and servers in the domain.
1. Log on the Windows Server 2008 as administrator.
2. Launch Active Directory Users and Computers. Click Start ► Administrative
Tools ► Active Directory Users and Computers (Figure 0172)
108
Figure 0172 : Launch Active Directory Users and Computers
3. Expand the domain icon (Figure 0173).
Figure 0173 : AD – myserver.com
109
4. Click on the Computers folder from the list (Figure 0174).
Figure 0174 : AD – Computers
You can see CLIENTXP61 listed under Computer folder.
5. Double-click on the CLIENTXP61 to display its properties (Figure 0175).
Figure 0175 : CLIENTXP61 Properties
Now you can see the general information about CLIENTXP61 including it DNS name and it role.
110
6. Click on the Operating System tab (Figure 0176).
Figure 0176 : CLIENTXP61 Properties - Operating System
Here you can find information about Operating System, version and service pack using by client.
7. Click OK to close the properties box.
8. Click on the Domain Controllers folder under myserver.com (Figure 0177)
Figure 0177 : AD - Domain Controllers
111
9. Double-click on the domain controllers to display its properties (Figure 0178).
Figure 0178 : SERVER21 Properties
10. Click on the Operating System tab (Figure 0179.)
Figure 0179 : SERVER21 Properties - Operating System
Here you can find information about Operating System, version and service pack using by server.
11. Click OK to close the properties box and close all remaining dialog box.
In this exercise you viewed properties of workstations and servers in your network using Active Directory.
112
EXERCISE 7.2
Using the Local Workstation Account
In this exercise you will log on the Windows XP Professional workstation using a local administrator account.
12. Log on the Windows XP Professional as administrator (Figure 0180).
Figure 0180 : Log on to Windows XP
13. Log off the client computer. Click Start ► Shutdown and select Logoff Administrator (Figure 0181).
Figure 0181 : Log off Windows XP
113
14. Click OK (Figure 0182).
Figure 0182 : Log off Windows XP Administrator
EXERCISE 7.3
Using Domain wide account at the client computer
In this exercise you will log on the client computer using a domain account.
15. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0183).
Figure 0183 : Windows XP Logon
114
16. Log on the Windows XP Professional as zul.zcomby and comby as password (Figure 0184).
Figure 0184 : Log on to Windows XP
17. Click OK.
18. You will receive a Logon Message. Why? (Figure 0185) Because zul.zcomby not created on the local client account, it was created in the server active directory account. Just now, you were tried to logon to the client using active directory user account.
Figure 0185 : Logon Message
19. Click OK to dismiss the dialog box.
115
20. Now, look at the logon box. There is an extra field displayed, called Logon to: (Figure 0186).
Figure 0186 : Log on to Windows XP
21. Click the Logon to: box, and select MYSERVER (Figure 0187)
Figure 0187 : Log on to server
116
22. Enter the same user credentials as previously (Figure 0188).
Figure 0188 : Log on to server using client workstation
23. Click OK.
What happened? Could you log on? It should be no problem.
24. Log off the client computer. But leave it running Windows XP Professional (do not shut the computer down yet).
25. If you are currently logged in to the Windows Server 2008, log off.
26. Attemp to log on to the server as zul.zcomby.
26.1. Click Switch User button (Figure 0189).
Figure 0189 : Switch User button
26.2. Click Other User button (Figure 0190).
Figure 0190 : Other User button
117
26.3. Enter user as zul.zcomby and password as comby (Figure 0191).
Figure 0191 : Logon to server using user account
26.4. Press ENTER.
27. What happened? Could you log on? A error message appeared (Figure 0192).
Figure 0192 : Logon Error Message
Why? Because the user account you are using to login into server do not have permission to login into server directly.
28. Click OK.
29. Logon to the server as administrator.
118
30. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0193).
Figure 0193 : Launch Active Directory Users and Computers
31. Click on the Stkm Organizational Unit (Figure 0194).
Figure 0194 : Active Directory Users and Computers - Stkm
119
32. Double-click on the user Zul Zcomby to display the properties box (Figure 0195).
Figure 0195 : Zul Zcomby Properties
33. Click the Member Of tab (Figure 0196).
Figure 0196 : Zul Zcomby Properties - Member Of
120
34. Click Add… button (Figure 0197).
Figure 0197 : Add Button
35. Click Advanced button (Figure 0198).
Figure 0198 : Select Groups
36. Click Find Now button (Figure 0199).
Figure 0199 : Select Groups - Advanced
121
37. Double-click Server Operators from the list (Figure 0200).
Figure 0200 : Select Groups – Find Now
38. Click OK.
39. Click OK (Figure 0201).
Figure 0201 : Select Groups
122
40. Click OK (Figure 0202).
Figure 0202 : Zul Zcomby Properties - Member Of
41. Log off server. Click Start ► Log Off (Figure 0203).
Figure 0203 : Log Off Server
42. Attemp to log on to the server as zul.zcomby.
42.1. Press Ctrl + Alt + Del.
42.2. Click Switch User button (Figure 0204).
Figure 0204 : Switch User button
123
42.3. Click Other User button (Figure 0205).
Figure 0205 : Other User button
42.4. Enter user as zul.zcomby and password as comby (Figure 0206).
Figure 0206 : Logon to server using user account
42.5. Press ENTER.
What happened? Could you log on? It should be no problem.
Summary Servers do not allow normal users to logon locally. Servers run the network and provide resources, which users connect to remotely across a network. Servers are not designed to have users physically sitting at their keyboards trying to log on and run programs. Users actually logon to a client computer in the network and access resources using a network connection.
Client computers running Windows XP Professional have their own accounts database.
124
Exercise 8
Delegating Management Of
Users
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
125
Exercise 8 : Delegating Management Of Users In this exercise you will create new local groups and look at assigning managers to users and organizational units. EXERCISE 8.1 DelegatingControl
In this portion of the exercise you will make zul.zcomby a manager of the Stkm organizational unit. Once he is a manager, he will be able to modify user accounts within the Stkm OU.
1. Log on the Windows Server 2008 as administrator.
2. Launch Active Directory Users and Computers. Click Start ► Administrative
Tools ► Active Directory Users and Computers (Figure 0207)
Figure 0207 : Launch Active Directory Users and Computers
126
3. Expand the domain icon (Figure 0208).
Figure 0208 : AD – myserver.com
4. Right click the Stkm OU and select Delegate Control (Figure 0209).
Figure 0209 : AD – Stkm
5. This starts the Delegation of Control Wizard (Figure 0210).
Figure 0210: Delegation of Control Wizard
127
6. Click Next (Figure 0210).
7. Click the Add… button (Figure 0211).
Figure 0211: Delegation of Control Wizard – Users or Groups
8. Click the Advanced… button (Figure 0212).
Figure 0212: Select Users, Computers, or Groups
128
9. Click the Find Now button (Figure 0213).
Figure 0213: Select Users, Computers, or Groups – Advanced
10. Select Zul Zcomby account (Figure 0214).
Figure 0214: Select Users, Computers, or Groups – Find Now
129
11. Click OK (Figure 0214).
12. Click OK (Figure 0215).
Figure 0215: Select Users, Computers, or Groups – User Added
13. Click Next (Figure 0216).
Figure 0216: Delegation of Control Wizard – Users Added
130
14. Delegate the following tasks as illustrated (Figure 0217).
Figure 0217: Task to Delegate
15. Click Next (Figure 0217).
16. Click Finish (Figure 0218).
Figure 0218: Delegation of Control Wizard – Finish
131
17. Log off server. Click Start ► Log Off (Figure 0219).
Figure 0219 : Log Off Server
132
EXERCISE 8.2 Managing Users In this portion of the exercise you will log on to server as zul.zcomby and attempt to manage users.
18. Attemp to log on to the server as zul.zcomby.
18.1. Press Ctrl + Alt + Del.
18.2. Click Switch User button (Figure 0220).
Figure 0220 : Switch User button
18.3. Click Other User button (Figure 0221).
Figure 0221 : Other User button
18.4. Enter user as zul.zcomby and password as comby (Figure 0222).
Figure 0222 : Logon to server using user account
18.5. Press ENTER.
133
19. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0223).
Figure 0223: Launch Active Directory Users and Computers
20. You will be asked to reenter your password for security measure. Just reenter
password for zul.zcomby (Figure 0224).
Figure 0224: User Account Control Permission
134
21. Expand the domain icon (Figure 0225).
Figure 0225: Active Directory Users and Computers - Domain
22. Click on the Stkm OU (Figure 0226).
Figure 0226: Active Directory Users and Computers - Stkm
23. Double-click the user Ocah Blue (Figure 0227).
Figure 0227: Active Directory Users and Computers – User
135
24. Click the Account tab (Figure 0228).
Figure 0228: Ocah Blue Properties
25. Click the Logon Hours… button (Figure 0229).
Figure 0229: Logon Hours button
136
26. Select all areas and click Logon Denied (Figure 0230).
Figure 0230 : Logon Hours for Ocah Blue – Logon Denied
Change Ocah’s the logon hours (under Account Tab) to Monday-Friday, 8am-5pm.
27. Select the areas Monday to Friday and 8am to 5pm (Figure 0231).
Figure 0231 : Logon Hours for Ocah Blue – Select Areas
137
28. Select Logon Permitted (Figure 0232).
Figure 0232 : Logon Hours for Ocah Blue – Set Logon Permitted
29. Click OK.
30. Click OK again.
31. Click the Sklr OU (Figure 0233).
Figure 0233: Active Directory Users and Computers – Sklr
138
32. Double-click Ain Syahmi user account to display the properties of this user (Figure 0234).
Figure 0234: Active Directory Users and Computers – User
33. Attemp to change the logon hours of this user. Click Account tab (Figure 0235).
Figure 0235: Ain Syahmi Properties
139
34. Click the Logon Hours… button (Figure 0236).
Figure 0236: Logon Hours Button
35. A warning message will be displayed (Figure 0237). Why do you think you are not able to modify this account?
Figure 0237: AD Error Message
Because Zul Zcomby only have permission to modify user under Stkm OU only. He only have read permissioin for other OU‟s.
36. Click OK to close the message (Figure 0237).
37. Close all remaining windows except Active Directory Users and Computers.
38. Click the Stkm OU (Figure 0238).
Figure 0238: Active Directory Users and Computers – Stkm
140
39. Right-click Ocah Blue account and select Reset Password… from the list (Figure 0239).
Figure 0239: AD – Ocah Blue – Reset Password
This display a reset password box that will allow the password to be changed.
40. Click Cancel (Figure 0240).
Figure 0240: Reset Password
41. Close all remaining windows.
42. Log off the server.
In the above exercise you delegated control of an Organizational Unit to a user. You then modified account details of users belonging to that OU as the designated manager of the OU.
Delegating control of users using the delegation control wizard is simple. When control of users and groups is delegated, administrators can be relieved of simple administrative tasks such as resetting passwords and modification of user accounts.
141
Exercise 9
Exploring Group Scopes and Types
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
142
Exercise 9 : Exploring Group Scopes and Types EXERCISE 9.1 Exploring Group Scopes and Types In the following exercise you will create a number of groups. These groups will be used to demonstrate group scope. From the notes, group scope determines who can be a member and where that group can be used in the enterprise.
Group Type
Scope
Local User accounts, Global groups and Universal groups from any domain in the forest, as well as local groups from the same domain.
Global User accounts and global groups from the same domain.
Universal User accounts, global groups and universal groups from any domain in the forest.
The recommended strategy for using groups in Windows Server 2008 is to use both global and domain local groups. Place users into global groups and then place the global groups into domain local groups and assign permissions to the domain local groups.
Global groups have access to accounts in the local domain. Where the enterprise consists of more than one domain, local groups allow the use of accounts across all the domains. Where the enterprise has combined a number of domains into a forest, Universal groups provide access to any accounts in the forest.
1. Log on server as Administrator (Figure 0241).
Figure 0241 : Administrator Login
143
2. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0242).
Figure 0242 : Launch Active Directory Users and Computers
3. Right-click the domain icon and select New - Group from the list (Figure 0243).
Figure 0243 : Active Directory Users and Computers – New Group
144
4. Create a global group called Technical Support (Figure 0244).
4.1 Key-in Technical Support in the Group name: box 4.2 Verify Group scope set to Global. 4.3 Verify the Group type is set to Security.
Figure 0244 : New Object - Group
5. Click OK (Figure 0244).
6. Add Ali Uddin as a member of Technical Support. 6.1 Double-click Technical Support (Figure 0245).
Figure 0245 : Active Directory Users and Computers – Technical Support
145
6.2 Click Members tab (Figure 0246).
Figure 0246 : Technical Support Properties
6.3 Click Add … button (Figure 0247).
Figure 0247 : Add button
6.4 Click Advanced … button (Figure 0248).
Figure 0248 : Select Users, Contacts, Computers, or Group box
146
6.5 Click Find Now button (Figure 0249).
Figure 0249 : Select Users, Contacts, Computers, or Group - Advanced
6.6 Select Ali Uddin user account (Figure 0250).
Figure 0250 : Select Users, Contacts, Computers, or Group – Find Now
147
6.7 Cick OK (Figure 0250).
6.8 Cick OK (Figure 0251).
Figure 0251 : Select Users, Contacts, Computers, or Group
6.9 Cick OK (Figure 0252).
Figure 0252 : Technical Support Properties
148
7. Create a new Domain Local group called Intranet Users (Figure 0253). 7.1. Right-click the domain icon and select New - Group from the list (Figure
0253).
Figure 0253 : Active Directory Users and Computers – New Group
7.2. Key-in Intranet Users in the Group name: box (Figure 0254).
7.3. Verify Group scope set to Domain Local (Figure 0254). 7.4. Verify the Group type is set to Security (Figure 0254).
Figure 0254 : New Object - Group
7.5. Click OK (Figure 0254).
149
8 Double-click Intranet Users (Figure 0255).
Figure 0255: Active Directory Users and Computers
9 Add the Intranet Users group as a Member Of Technical Support.
9.1. Click Member Of tab (Figure 0256).
Figure 0256 : Intranet Users Properties
9.2. Click Add … button (Figure 0257).
Figure 0257 : Add Button
150
9.3. Click Advanced … button (Figure 0258).
Figure 0258 : Select Groups - Add
9.4. Click Find Now button (Figure 0259).
Figure 0259 : Select Groups - Advanced
151
9.5. Select Technical Support. What happened? (Figure 0260).
Figure 0260 : Select Groups – Search Results
Can you find Technical Support? Why do you think this happened?
9.6. Close all windows except Active Directory Users and Computers.
10 Now try adding the Technical Support group as a Member Of Intranet Users.
10.1. Double-click Technical Support group (Figure 0261).
Figure 0261 : Active Directory Users and Computers - Technical Support
152
10.2. Click Member Of tab (Figure 0262).
Figure 0262 : Technical Support Properties
10.3. Click Add … button (Figure 0263)
Figure 0263 : Add Button
10.4. Click Advanced … button (Figure 0264)
Figure 0264 : Select Groups - Add
153
10.5. Click Find Now button (Figure 0265)
Figure 0265 : Select Groups - Advanced
10.6. Select Intranet Users and click OK button (Figure 0266).
Figure 0266 : Select Groups – Search Result
What happened?
154
10.7. Click OK button (Figure 0267).
Figure 0267 : Select Groups – Intranet Users Group Added
Can you add the Technical Support group as a Member Of Intranet Users? Why do you think this is so?
11 Click OK button (Figure 0268).
Figure 0268 : Technical Support Properties – Member Of Intranet Users
12 Log off Administrator.
Summary
Windows Server 2008 running in native mode supports the use of different group types. Global groups have access to user accounts and other global groups in the same domain. Local groups allow you to access accounts outside the current domain, and universal groups provide access across organizations (forests).
155
Exercise 10
Creating And Applying Group
Policies
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
156
Exercise 10 : Creating And Applying Group Policies In this exercise you will create a new group policy and apply it to users within an organizational unit.
Group Policies Group policies are settings or configurations that can be applied to users, groups, organizational units and domains. An administrator can create a group policy that configures the computer or user settings, such as menu and desktop settings, folder locations and default password settings.
Windows NT 4 and Windows 98 introduced system policies. Windows 2000, 2003 and 2008 extends these further using group policies. EXERCISE 10.1 Creating a Group Policy
1. Log on server as Administrator (Figure 0269).
Figure 0269 : Administrator Login
157
2. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy Management (Figure 0270).
Figure 0270 : Launch Group Policy Management
3. Expand the Forest (Figure 0271).
Figure 0271 : Group Policy Management - Forest
158
4. Expand the Domains (Figure 0272).
Figure 0272 : Group Policy Management – Domains
5. Expand your domain.com (Figure 0273).
Figure 0273 : Group Policy Management – myserver.com
Now, you will create a new group policy for the Stkm OU. This new policy will apply to all members of the Stkm OU though in another exercise that follows, you will override this.
6. Right-click the Stkm OU and select the Create a GPO in this domain, and
Link it here… (Figure 0274).
Figure 0274 : Group Policy Management – Create new GPO
159
7. Rename the policy as STKM Group Policy (Figure 0275).
Figure 0275 : Create New GPO
8. Click OK to continue (Figure 0275).
9. Right-click the STKM Group Policy and select Edit (Figure 0276).
Figure 0276 : Default Domain Policy - Edit
10. The group policy editor allows you to specify user and computer settings. In the following steps, you will change some of these settings (Figure 0277).
Figure 0277 : Group Policy Management Editor
160
11. Expand User Configuration (Figure 0278).
Figure 0278 : Group Policy Management Editor – User Configuration
12. Expand the Policies folder (Figure 0279).
Figure 0279 : Group Policy Management Editor – Policies
13. Expand the Administrative Templates folder (Figure 0280).
Figure 0280 : Group Policy Management Editor – Administrative Templates
14. Click the Start Menu and Taskbar folder (Figure 0281).
Figure 0281 : Group Policy Management Editor – Start Menu and Taskbar
161
15. A large list of selections is available. Double click the option Add Logoff to the
Start Menu (Figure 0282).
Figure 0282 : Group Policy Management Editor – Add Logoff to the Start Menu
16. The Add Logoff to the Start Menu Properties appears. Click the Disabled button to disable this setting (Figure 0283).
Figure 0283 : Add Logoff to the Start Menu Properties
17. Click OK to apply setting (Figure 0283).
18. The setting now displays as Disabled in the Group Policy Editor (Figure 0284).
Figure 0284 : Add Logoff to the Start Menu – Disabled
162
19. Configure the following settings. Remove Run menu from Start Menu – Enabled Remove Clock from the system notification area – Enabled Desktop\Desktop\Enable Active Desktop – Enabled Desktop Wallpaper – Enabled
Wallpaper Name : C:\WINDOWS\Web\Wallpaper\Autumn.jpg Wallpaper Style : Stretch (This uses wallpaper from the Windows XP Pro installed on C drive of client PC)
20. Close the group policy editor.
21. Refresh the Group Policy Management. On the Menubar; click Action ► Refresh (Figure 0285).
Figure 0285 : Group Policy Management – Refresh
22. Close the Group Policy Management windows.
163
Update Group Policy
23. Launch the Run application. Click Start ► Run… (Figure 0286).
Figure 0286 : Launch the Run Application
24. Key-in gpupdate in the Open : box (Figure 0287).
Figure 0287 : Run Windows
25. Click OK to run the gpupdate (Figure 0288).
Figure 0288 : Updating Policy
26. Log off the server.
164
EXERCISE 10.2 Test the Group Policy The group policy has been applied to members of the Stkm Organizational Unit. There are two members; Zul Zcomby and Ocah Blue. You will now test this policy to see if it works.
27. Log on the server as zul.zcomby.
27.1. Press Ctrl + Alt + Del.
27.2. Click Switch User button (Figure 0289).
Figure 0289 : Switch User button
27.3. Click Other User button (Figure 0290).
Figure 0290 : Other User button
27.4. Enter user as zul.zcomby and password as comby (Figure 0291).
Figure 0291 : Logon to server using user account
27.5. Press ENTER.
165
28. Do you have the RUN command on the Start Menu? YES / NO
29. Do you have Clock on the system notification area? YES / NO
Now verify that the settings are also applied to the client computer. Log on to the Client computer as ocah.blue.
30. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0292).
Figure 0292 : Windows XP Logon
31. Log on the client computer as ocah.blue and ocah as password (Figure 0293).
Figure 0293 : Log On To Server Using Client Workstation
166
32. Do you have the RUN command on the Start Menu? YES / NO
33. Do you have Clock on the system notification area? YES / NO
34. Were the wallpaper displayed on the client computer? YES / NO
35. All the group policy setting should be applied (Figure 0294).
Figure 0294 : Client Computer – Ocah Blue
36. Log off the client computer.
37. Log off the Server.
167
Log on to client computer as zul.akmal 38. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0295).
Figure 0295 : Windows XP Logon
39. Log on the Windows XP Professional as zul.akmal and akmal as password (Figure 0296).
Figure 0296 : Log On To Server Using Client Workstation
40. Were the group policy setting applied?
YES / NO
41. If not, why do you think this is so?
Because zul.akmal not a member of the Stkm OU. The group policy applied only to the members of the Stkm OU.
42. Log off the client computer.
168
EXERCISE 10.3
Disabling The Group Policy
In this exercise you will disable the group policy of Stkm OU.
43. Log on server as Administrator (Figure 0297).
Figure 0297 : Administrator Login
44. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy Management (Figure 0298).
Figure 0298 : Launch Group Policy Management
169
45. Expand the Forest (Figure 0299).
Figure 0299 : Group Policy Management - Forest
46. Expand the Domains (Figure 0300).
Figure 0300 : Group Policy Management – Domains
47. Expand your domain.com (Figure 0301).
Figure 0301 : Group Policy Management – myserver.com
170
You are now going to disable the policy of Stkm OU. This is a better option than removing the policy, as if you decide to re-implement the policy at a later date, it will still be there.
48. Expand the Stkm OU (Figure 0302).
Figure 0302 : Group Policy Management – Stkm
49. Click the Stkm Group Policy (Figure 0303).
Figure 0303 : Group Policy Management – STKM Group Policy
50. A warning box appears. The Group Policy Management remind you that you have selected a link to a GPO and changes you make will impact all other locations linked with the GPO (Figure 0304).
Figure 0304 : Group Policy Management Console – Warning
51. Click OK to continue (Figure 0304).
171
52. Right-click the Stkm Group Policy and select Link Enabled (Figure 0305).
Figure 0305 : STKM Group Policy – Details
53. Now you can see under Link Enabled; the status Yes have changed to No (Figure 0306).
Figure 0306 : STKM Group Policy – GPO Status
54. Close the Group Policy Management windows.
172
Update Group Policy
55. Launch the Run application. Click Start ► Run… (Figure 0307).
Figure 0307 : Launch the Run Application
56. Key-in gpupdate in the Open : box (Figure 0308).
Figure 0308 : Run Windows
57. Click OK to run the gpupdate (Figure 0309).
Figure 0309 : Updating Policy
58. Log off the server.
173
Now verify that the group policy is disabled. Log on to the Client computer as zul.zcomby.
59. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0310).
Figure 0310 : Windows XP Logon
60. Log on the Windows XP as zul.zcomby and comby as password (Figure 0311).
Figure 0311 : Log On To Server Using Client Workstation
61. Were the policies now disabled?
YES / NO
62. Log off the client computer.
Summary
In this exercise you created a group policy and applied it to an organizational unit. Only a fraction of the available settings were explored. Applying a group policy is a way of controlling security and configuring groups of users with common settings. This can help reduce the cost of ownership and the level of administrator support by restricting what users can do or change on their computers.
174
Exercise 11
Creating And Sharing Resources
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
175
Exercise 11 : Creating And Sharing Resources One important aspect of a Windows Domain is the ability to share applications, files, printers and other resources on the network. Resources created on Windows Server computers are available to all users in the domain, and it is a simple administration task to allocate permissions to users.
Preliminary Setup
Add zul.akmal, ocah.blue and ain.syahmi to the Intranet Users group.
1. Log on server as Administrator (Figure 0312).
Figure 0312 : Administrator Login
2. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0313).
Figure 0313 : Launch Active Directory Users and Computers
176
3. Click myserver.com (your domain.com) and double-click the Intranet Users
group from the list (Figure 0314).
Figure 0314 : Active Directory Users and Computers – Intranet Users Group
4. Click the Members tab (Figure 0315).
Figure 0315 : Active Directory Users and Computers – Intranet Users Properties
5. Add Ocah Blue as a member of Intranet Users.
5.1 Click Add … button (Figure 0316).
Figure 0316 : Add button
177
5.2 Click Advanced … button (Figure 0317).
Figure 0317 : Select Users, Contacts, Computers, or Group box
5.3 Click Find Now button (Figure 0318).
Figure 0318 : Select Users, Contacts, Computers, or Group - Advanced
178
5.4 Select Ocah Blue user account (Figure 0319).
Figure 0319 : Select Users, Contacts, Computers, or Group – Find Now
5.5 Cick OK (Figure 0319).
5.6 Cick OK (Figure 0320).
Figure 0320 : Select Users, Contacts, Computers, or Group
179
5.7 You can see Ocah Blue is added as a member of Intranet Users group (Figure 0321).
Figure 0321 : Intranet Users Properties
6. Now repeat steps 5 to add zul.akmal and ain.syahmi as a member of Intranet Users group.
7. After finish adding all the user to Intranet Users group, your Intranet Users properties should be same as figure below (Figure 0322).
Figure 0322 : Active Directory Users and Computers – Intranet Users Properties
8. Cick OK to finish added members to Intranet Users group (Figure 0322).
180
EXERCISE 11.1 Creating and Sharing a Resource Using Windows Explorer In this exercise, you will use Windows Explorer to create a folder and verify the NTFS file permissions. The folder will then be shared and permissions assigned. You will then access this shared resource from the client computer.
1. Log on to the server as Administrator (Figure 0323).
Figure 0323 : Administrator Login
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0324).
Figure 0324 : Launch Windows Explorer
181
3. Access D: drive (Figure 0325). (Make sure your D drive are NTFS formatted. If not, you have to convert or format it to NTFS)
Figure 0325 : Windows Explorer – D Drive
4. Create a folder named tempSN (SN represents you‟re Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be temp21. 4.1. Right-click D drive ► select New ► Folder (Figure 0326).
Figure 0326 : Windows Explorer – Create New Folder
182
4.2. Rename the folder as temp21 (Figure 0327).
Figure 0327 : Rename Folder
5. Open the temp21 folder properties. Right-click temp21 folder ► select Properties (Figure 0328).
Figure 0328 : Open the temp21 folder properties
6. Click the Security tab. A list of security permissions is displayed. Note that the group Administrators is given Full Control access at the folder level (Figure 0329).
Figure 0329 : temp21 Folder Properties
183
When users access a folder across the network, both the share and NTFS permission lists define the user permissions.
7. Click the Sharing tab (Figure 0330).
Figure 0330 : temp21 Folder Properties - Sharing
8. Click Advanced Sharing… button (Figure 0331).
Figure 0331 : Advanced Sharing… button
9. Enable the Share this folder option (Figure 0332).
Figure 0332 : Advanced Sharing
184
10. Specify the share name as Common (Figure 0333).
Figure 0333 : Advanced Sharing – Share name
11. Click the Permissions button (Figure 0334).
Figure 0334 : Permissions button
Now you will restrict permissions at the share level. Remember that user permissions to a network resource are made up of the share permissions and the NTFS permissions.
12. Remove the Everyone group.
12.1. Select the Everyone group from the list (Figure 0335).
Figure 0335 : Permissions for Common
185
12.2. Click the Remove button (Figure 0336).
Figure 0336 : Remove button
13. Click the Add… button (Figure 0337).
Figure 0337 : Add… button
14. Add the Tech Support group with permissions of Full Control. 14.1. Click the Advanced… button (Figure 0338).
Figure 0338 : Advanced… button
14.2. Click the Find Now button (Figure 0339).
Figure 0339 : Find Now button
14.3. Select the Technical Support from the list of Search results (Figure 0340).
Figure 0340 : Search Results
14.4. Click OK button (Figure 0340).
186
14.5. Click OK button to add Technical Support (Figure 0341).
Figure 0341 : Select Users, Contacts, Computers, or Group
14.6. Click the Full Control allow box to enable the Full Control permission (Figure 0342).
Figure 0342 : Permission for Common – Full Control
15. Repeat steps 13 to 14 to add the Intranet Users group with Read permissions.
16. The share permissions should look like same as figure below (Figure 0343).
Figure 0343 : Permission for Common
187
17. Once you have set the permissions as describe, click OK button to close the dialog box (Figure 0343).
18. Click OK to close the advanced sharing dialog box for folder temp21 (Figure 0344).
Figure 0344 : Advanced Sharing
19. Click Close button to close temp21 properties (Figure 0345).
Figure 0345 : temp21 Properties
188
20. In the Explorer window you will note a small double head icon on the folder D:\temp21, which indicates the folder is now shared (Figure 0346).
Figure 0346 : Windows Explorer – temp21 Folder
21. Log off the server.
22. Log on the client computer as ali.zul and ali as password (Figure 0347).
Figure 0347 : Log On To Server Using Client Workstation
189
23. Launch My Computer. Start My Computer (Figure 0348).
Figure 0348 : Launch My Computer
24. Click the My Network Places (Figure 0349).
Figure 0349 : My Computer
190
25. Click the Entire Network (Figure 0350).
Figure 0350 : Entire Network Link
26. Double-click the Microsoft Windows Network (Figure 0351).
Figure 0351 : Entire Network
27. Double-click the Myserver workgroup (Figure 0352).
Figure 0352 : Microsoft Windows Network
191
28. Double-click the Server21 and view the available resources (Figure 0353).
Figure 0353 : Myserver Workgroup
29. You should see the Common resource listed (Figure 0354).
Figure 0354 : Server21 Resources
30. Double-click the Common resources so that you are connected to it (Figure 0354).
31. A new window will open up and display the contents of the folder (it will be empty as there are no files in the folder) (Figure 0355).
Figure 0355 : Common Folder on Server21
192
32. Attempt to create a new text file. 32.1. Right-click in the windows and select New Text Document (Figure 0356).
Figure 0356 : Create New Text Document
32.2. Could you create the file? YES / NO
32.3. Log off the client computer.
33. Log on the client computer as ocah.blue (Figure 0357).
Figure 0357 : Log On To Server Using Client Workstation
193
34. Launch My Computer. Start My Computer (Figure 0358).
Figure 0358 : Launch My Computer
35. Click the My Network Places (Figure 0359).
Figure 0359 : My Computer
194
36. Click the Entire Network (Figure 0360).
Figure 0360 : Entire Network Link
37. Double-click the Microsoft Windows Network (Figure 0361).
Figure 0361 : Entire Network
38. Double-click the Myserver workgroup (Figure 0362).
Figure 0362 : Microsoft Windows Network
195
39. Double-click the Server21 and view the available resources (Figure 0363).
Figure 0363 : Myserver Workgroup
40. You should see the Common resource listed (Figure 0364).
Figure 0364 : Server21 Resources
41. Double-click the Common resources so that you are connected to it (Figure 0364).
42. A new window will open up and display the contents of the folder (Figure 0365).
Figure 0365 : Common Folder on Server21
196
43. Attempt to create a new text file. 43.1. Right-click in the windows and select New Text Document (Figure 0366).
Figure 0366 : Create New Text Document
43.2. Could you create the file?
YES / NO If NO, why do you think this happened? Before we begin this exercise, we have done some preliminary setup.
We add mad.akmal, ocah.blue and ain.syahmi to the Intranet Users group
and we set permissions to the folder temp21 as Read only for Intranet
Users. But for Tech Support group, we set Full Control permissions.
In the earlier exercise, we add ali.zul as member of the Tech Support
group. That‟s why user ali.zul can create new text document in the
Common folder on the Server21.
44. Log off the client computer.
197
EXERCISE 11.2 Creating Network Drive Mapping
Instead of using My Network Places, you can map a drive letter to the resource. This is an alternative way of accessing the resource, but requires that you know the location of the resource (you can use My Network Places to view the available resources, so you don‟t really need to know the location)
45. Log on the client computer as ali.zul and ali as password (Figure 0367).
Figure 0367 : Log On To Server Using Client Workstation
46. Launch Map Network Drive wizard. Start right-click My Computer Map Network Drive… (Figure 0368).
Figure 0368 : Launch Map Network Drive Wizard
198
47. Select Z as drive and enter the location of the network resource in the Folder:
box (Figure 0369). You must specify the name of the server and the share name. In this exercise, it is \\Server21\Common.
Figure 0369 : Map Network Drive Wizard
48. Click Finish button to apply.
49. A new window will open up and display the contents of the Common folder (Figure 0370).
Figure 0370 : Common Folder on „Server 21‟
199
50. Attempt to create a new test file (Figure 0371).
50.1. Right-click in the windows and select New Text Document (Figure 0371).
Figure 0371 : Create New Text Document
50.2. Could you create the file?
YES / NO
51. Log off the client computer.
200
EXERCISE 11.3 Publishing a Shared Resource in Active Directory One of the problems of publishing shares in the way you have just done (which is the way they done in NT 4 or 98) is that you have to browse the network or know which server the resource is located on in order to find it. This can be time-consuming and frustrating for users. Resources can be published in Active Directory, making them easy to find. In the next exercise you will publish the resource into Active Directory.
52. Log on to the server as Administrator (Figure 0372).
Figure 0372 : Administrator Login
53. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0373).
Figure 0373 : Launch Active Directory Users and Computers
201
54. Right-click domain (myserver.com) and select New ► Shared Folder (Figure 0374).
Figure 0374 : Launch Shared Folder Wizard
55. Enter the name as Common Files and the Network path as your server name and share name – in this exercise it is \\Server21\Common (Figure 0375).
Figure 0375 : Shared Folder Wizard
56. Click OK button to finish.
57. The new shared folder appears in the right windows pane of Active Directory (Figure 0376).
Figure 0376 : Active Directory Users and Computer
58. Close Active Directory Users and Computer windows.
202
EXERCISE 11.4 Locating a Shared Resource in Active Directory Now that the shared folder is published in Active Directory, it is easy for users to locate and connect to the resource.
59. Log on to the client computer as ocah.blue (Figure 0377).
Figure 0377 : Log On To Server Using Client Workstation
60. Launch My Computer. Start My Computer (Figure 0378).
Figure 0378 : Launch My Computer
203
61. Click the My Network Places (Figure 0379).
Figure 0379 : My Computer
62. Click the Search Active Directory (Figure 0380).
Figure 0380 : My Network Places
204
63. In the Find drop box, select Shared Folders and in the In drop box, select you domain - myserver (Figure 0381).
Figure 0381 : Find Shared Folders
64. Click Find Now button (Figure 0382).
Figure 0382 : Find Now button
65. A list of shared folders available is displayed (Figure 0383).
Figure 0383 : Find Shared Folders – Find Now
205
66. Right-slick the Common Files shared folder from the list and select Map Network Drive (Figure 0384).
Figure 0384 : Find Shared Folders - Map Network Drive
67. Select U as drive and enter the location of the network resource in the Folder: box (Figure 0385). Note how the location for the server share is filled in automatically.
Figure 0385 : Map Network Drive Wizard
68. Click Finish button to apply.
69. Close all remaining windows.
206
70. Launch My Computer. Start My Computer (Figure 0386).
Figure 0386 : Launch My Computer
71. There are now one additional drive appears at the bottom (Figure 0387).
Figure 0387 : Network Drive
207
72. Log off the client computer.
Summary Permissions are assigned at the SHARE and at the File system level. By default,
Windows Server 2003 places every use created into the group EVERYONE, and, when
creating a new directory or share, automatically assigns rights to that resource so the
group EVERYONE can access it.
If you want to secure any resources by restricting access, you should ensure that the
appropriate permissions have been set at both the share and file system level.
Publishing shared folders in Active Directory simplifies the task of locating resources.
208
Exercise 12
Logon Scripts
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
209
Exercise 12 : Logon Scripts In this exercise you will create logon and logoff scripts and apply these to users in an organizational unit. You will specify a network home directory for users and arrange for this directory to be mapped when the user logs on. Finally, you will specify disk space restrictions for specific users. EXERCISE 12.1 Logon Scripts A logon script is a sequence of commands that executes when a user logs onto the network.
1. Log on server as Administrator (Figure 0388).
Figure 0388 : Administrator Login
210
2. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy Management (Figure 0389).
Figure 0389 : Launch Group Policy Management
3. Expand the Forest (Figure 0390).
Figure 0390 : Group Policy Management - Forest
211
4. Expand the Domains (Figure 0391).
Figure 0391 : Group Policy Management – Domains
5. Expand your domain.com (Figure 0392).
Figure 0392 : Group Policy Management – myserver.com
6. Right-click the STKM Group Policy and select Edit (Figure 0393).
Figure 0393 : STKM Group Policy - Edit
212
7. The group policy editor allows you to specify user and computer settings. In the following steps, you will change some of these settings (Figure 0394).
Figure 0394 : Group Policy Management Editor
8. Expand User Configuration (Figure 0395).
Figure 0395 : Group Policy Management Editor – User Configuration
9. Expand the Policies folder (Figure 0396).
Figure 0396 : Group Policy Management Editor – Policies
213
10. Expand the Windows Setting folder (Figure 0397).
Figure 0397 : Group Policy Management Editor – Windows Setting
11. Click the Scripts (Logon/Logoff) (Figure 0398).
Figure 0398 : Group Policy Management Editor – Scripts (Logon/Logoff)
12. Double-click Logon (Figure 0399).
Figure 0399 : Group Policy Management Editor – Logon
214
13. In the Logon Properties windows, click Show Files… button (Figure 0400).
Figure 0400 : Logon Properties
14. Create new text document. Right-click inside the new windows and select New ► Text Document (Figure 0401).
Figure 0401 : Create New Text Document
215
15. Double-click the text document. This will load the Notepad editor. Type the following text into the file (Figure 0402). echo off cls echo This is a log on script for the Stkm OU echo Welcome %USERNAME% , member of the Stkm OU pause
Figure 0402 : Notepad editor – New Text Document
16. Save the file as Stkm.cmd
16.1. From Menu bar, click File ► Save As… (Figure 0403).
Figure 0403 : Menu bar - Save As…
16.2. Enter Stkm.cmd in the “File name:” box (Figure 0404).
Figure 0404 : Save As – File Name
216
16.3. Select All Files from the “Save as type:” drop menu (Figure 0405).
Figure 0405 : Save As Type – All Files
16.4. Click Save button (Figure 0406).
Figure 0406 : Save Button
17. Close the Notepad editor.
18. Close the Script windows by clicking the X button at the right top corner of the windows (Figure 0407).
Figure 0407 : Script Windows
217
19. On the Logon Properties window, click Add… button (Figure 0408).
Figure 0408 : Logon Properties – Add…
20. Click Browse… button on the Add a Script window (Figure 0409).
Figure 0409 : Add a Script – Browse…
218
21. Select Stkm.cmd file from the list (Figure 0410).
Figure 0410 : Browse – Stkm.cmd
22. Click Open button (Figure 0411).
Figure 0411 : Open Button
23. Now you can see the Stkm.cmd appear in the “Script Name:” box. Click OK button to continue (Figure 0412).
Figure 0412 : Add a Script Window
219
24. Stkm.cmd now listed under Logon Properties Script. Click OK button to close the Logon Properties window (Figure 0413).
Figure 0413 : Logon Properties window
25. Close the Group Policy Management Editor window.
26. On the Group Policy Management window, right-click STKM Group Policy and uncheck all options except Link Enabled (Figure 0414).
Figure 0414 : Link Enabled
220
27. Open STKM Group Policy. Right-click the STKM Group Policy and select Edit (Figure 0415).
Figure 0415 : STKM Group Policy - Edit
28. In the Group Policy Management Editor, expand User Configuration (Figure 0416).
Figure 0416 : Group Policy Management Editor – User Configuration
29. Expand the Policies folder (Figure 0417).
Figure 0417 : Group Policy Management Editor – Policies
221
30. Expand the Administrative Templates folder (Figure 0418).
Figure 0418 : Group Policy Management Editor – Administrative Templates
31. Expand the System folder (Figure 0419).
Figure 0419 : Group Policy Management Editor – System
32. Click the Scripts folder (Figure 0420).
Figure 0420 : Group Policy Management Editor – Scripts
222
33. Double-click the Run logon scripts visible option (Figure 0421).
Figure 0421 : Group Policy Management Editor – Run logon scripts visible
34. The Run logon scripts visible Properties appear. Click the Enabled button to enable this setting (Figure 0422).
Figure 0422 : Run logon scripts visible Properties
35. Click OK to apply setting (Figure 0422).
36. In the same folder, double-click the Run logon scripts synchronously option (Figure 0423).
Figure 0423 : Group Policy Management Editor – Run logon scripts synchronously
223
37. The Run logon scripts synchronously Properties appear. Click the Enabled button to enable this setting (Figure 0424).
Figure 0424: Run logon scripts visible Properties
38. Click OK to apply setting (Figure 0424).
39. The setting now displays as Enabled in the Group Policy Editor (Figure 0425).
Figure 0425 : Run logon scripts visible – Enabled
40. Close the Group Policy Management Editor.
41. On Group Policy Management, click Refresh button and close the Group Policy Management window.
224
Update Group Policy
42. Launch the Run application. Click Start ► Run… (Figure 0426).
Figure 0426 : Launch the Run Application
43. Key-in gpupdate in the Open : box (Figure 0427).
Figure 0427 : Run Window
44. Click OK to run the gpupdate (Figure 0428).
Figure 0428 : Updating Policy
45. Log off the server.
225
Test The Logon Script
46. Log on to the client computer as ocah.blue (Figure 0429).
Figure 0429 : Log On To Server Using Client Workstation
47. The logon script should appear same as figure below (Figure 0430).
Figure 0430 : Logon Script
48. Press ENTER or any key to continue.
49. Log off the client computer.
Summary Scripts allow for both user and computer environments to be configured. The four scripts
available are startup, shutdown, logon and logoff.
226
Exercise 13
HOME DIRECTORIES
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
227
Exercise 13 : Home Directories In this exercise, you will create a shared folder on the server that will be used for user home directories. You will map a home directory for a specific user, so that when they log on to the network, they will have a drive mapped to their home directory on the server. EXERCISE 13.1 Create Sharing Folder
1. Log on to the server as Administrator (Figure 0431).
Figure 0431: Administrator Login
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0432).
Figure 0432 : Launch Windows Explorer
228
3. Access D: drive (Figure 0433). (Make sure your D drive are NTFS formatted. If not, you have to convert or format it to NTFS)
Figure 0433: Windows Explorer – D Drive
4. Create a folder named UserSN (SN represents you‟re Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be User21. 4.3. Right-click D drive ► select New ► Folder (Figure 0434).
Figure 0434 : Windows Explorer – Create New Folder
229
4.4. Rename the folder as User21 (Figure 0435).
Figure 0435: Rename Folder
5. Open the User21 folder properties. Right-click User21 folder ► select Properties (Figure 0436).
Figure 0436: Open The User21 Folder Properties
230
6. Click the Sharing tab (Figure 0437).
Figure 0437 : User21 Folder Properties - Sharing
7. Click Advanced Sharing… button (Figure 0438).
Figure 0438 : Advanced Sharing… button
8. Enable the Share this folder option (Figure 0439).
Figure 0439 : Advanced Sharing
231
9. Specify the share name as Users (Figure 0440).
Figure 0440 : Advanced Sharing – Share name
Set Sharing Folder Permissions
10. Click Permissions button (Figure 0441).
Figure 0441 : Permissions button
11. Select Everyone and click Remove button to remove Everyone from the “Group or user names:” list (Figure 0442).
Figure 0442 : Remove Everyone
232
12. Click Add… button (Figure 0443).
Figure 0443 : Add button
13. Click the Advanced… button (Figure 0444).
Figure 0444 : Select Users, Computers, or Groups
14. Click the Find Now button (Figure 0445).
Figure 0445 : Select Users, Computers, or Groups – Advanced
233
15. Select Ahmad Akmal account from the list (Figure 0446).
Figure 0446 : Select Users, Computers, or Groups – Find Now
16. Click OK (Figure 0446).
17. Click OK (Figure 0447)
Figure 0447 : Select Users, Computers, or Groups – User Added
234
18. Tick Allow box for Full Control permission. This will give Ahmad Akmal full control over the folder User21. So he can read and write to the User21 folder on the myserver.com server (Figure 0448).
Figure 0448: Folder Permissions For Users
19. Now we add Administrator account to give Administrator permission to manage the shared folder. Click Add… button (Figure 0449).
Figure 0449 : Add button
20. Click the Advanced… button (Figure 0450).
Figure 0450 : Select Users, Computers, or Groups
235
21. Click the Find Now button (Figure 0451).
Figure 0451 : Select Users, Computers, or Groups – Advanced
22. Select Administrator user account from the list (Figure 0452).
Figure 0452 : Select Users, Computers, or Groups – Find Now
236
23. Click OK (Figure 0452).
24. Click OK (Figure 0453)
Figure 0453 : Select Users, Computers, or Groups – User Added
25. Tick Allow box for Full Control permission. This will give Administrator full control over the folder User21. So the Administrator can manage the User21 folder on the myserver.com server (Figure 0454).
Figure 0454 : Folder Permissions For Users
26. Click OK (Figure 0454).
237
27. Click OK for Advanced Sharing window (Figure 0455).
Figure 0455 : Advanced Sharing window
28. Click OK again for User21 Properties window (Figure 0456).
Figure 0456 : User21 Properties window
29. Click Close all remaining windows.
238
Set User Home Directories
30. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0457).
Figure 0457 : Launch Active Directory Users and Computers
31. Expand myserver.com (Figure 0458).
Figure 0458 : Active Directory Users and Computers – domain
32. Click the Sted Organization Unit (Figure 0459).
Figure 0459 : Active Directory Users and Computers – Sted OU
239
33. Right-click Ahmad Akmal and select Properties (Figure 0460).
Figure 0460 : Active Directory Users and Computers – Ahmad Akmal
34. Click Profile tab (Figure 0461).
Figure 0461 : Ahmad Akmal Properties - Profile
240
35. Select drive L: connect to \\Server21\Users\zul.akmal under Home folder section (Figure 0462). (Specify the name of your server instead of Server21 as in this example).
Figure 0462: Ahmad Akmal Properties – Home Folder
36. Click OK (Figure 0462).
37. Click Sted OU and click Refresh button .
38. Close Active Directory Users and Computer window.
39. Log off server.
241
Test User Home Directories
40. On the client computer, press CTRL+ALT+DEL to display the logon dialog box (Figure 0463).
Figure 0463: Windows XP Welcome Window
41. Log on the Windows XP Professional as zul.akmal and akmal as password
(Figure 0464).
Figure 0464 : Log On To Server Using Client Workstation
242
42. Launch My Computer. Start ► My Computer (Figure 0465).
Figure 0465 : Launch My Computer
43. There are now one additional drive appears at the bottom (Figure 0466).
Figure 0466 : My Computer
243
44. Double-click the Network Drives to access the zul.akmal folder on the server
(Figure 0467). The folders are empty.
Figure 0467 : Ahmad Akmal Home Directory
50. Create new text document. Right-click inside the new windows and select New ► Text Document (Figure 0468).
Figure 0468 : Create New Text Document
244
45. Rename the file as Test (Figure 0469).
Figure 0469: Computer
46. Log off the client computer.
Checking The Users Home Directories
47. Log on to the server as Administrator (Figure 0470).
Figure 0470 : Administrator Login
245
48. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore
(Figure 0471).
Figure 0471 : Launch Windows Explorer
49. Expand D: drive (Figure 0472).
Figure 0472 : Windows Explorer – D: Drive
50. Expand User21 folder (Figure 0473).
Figure 0473 : Windows Explorer – User21 Folder
246
51. You can see the folder zul.akmal is automatically created. Click zul.akmal folder (Figure 0474).
Figure 0474 : Windows Explorer – zul.akmal Folder
What are the contents of the zul.akmal folder? Are there any files on it? You should see the Test.txt file (created earlier from the client computer) listed in the zul.akmal home directory.
52. Log off the server.
Summary
Home directories allow users to store their files on the network. This is especially suited
to roaming users.
247
Exercise 14
DISK QUOTAS
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
248
Exercise 14 : Disk Quotas In this exercise you will apply disk space restrictions to users. EXERCISE 14.1 Create Disk Quotas
1. Log on to the server as Administrator (Figure 0475).
Figure 0475 : Administrator Login
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0476).
Figure 0476 : Launch Windows Explorer
249
3. Right-click D: drive and select Properties (Figure 0477).
Figure 0477 : Windows Explorer – D Drive Properties
4. Click the Quota tab (Figure 0478).
Figure 0478 : Quota Tab
250
5. Enable the check box Enable quota management (Figure 0479).
Figure 0479 : Enable quota management
6. Enable the check box Deny disk space to users exceeding quota limit (Figure 0479).
7. Select Limit disk space to option and set to 25 MB (Figure 0480).
8. Set the Set warning level to option to 5 MB (Figure 0480).
Figure 0480 : Limit Disk Space
251
Add Quota Entries
9. Click the Quota Entries… button (Figure 0481).
Figure 0481 : Quota Entries… button
10. A list of quota entries will be displayed (Figure 0482).
Figure 0482 : Quota Entries
11. On the Menu Bar, click Quota ► New Quota Entry… (Figure 0483).
Figure 0483 : Add New Quota Entry
252
12. Key-in zul.akmal and click Check Names button (Figure 0484).
Figure 0484 : Select Users
13. After button Check Names are clicked, Active Directory will locate all matching or similar object names for zul.akmal. If there are matching or similar object names found, the complete name with email will be shown (Figure 0485).
Figure 0485 : Select Users – Ahmad Akmal
14. Click OK button to confirm (Figure 0485).
253
15. Set the following parameters for zul.akmal quota entry (Figure 0486).
Select the option Limit disk space to and set the value to 10MB. Set the value for Set warning level to option to 8MB.
Figure 0486 : Add New Quota Entry
16. Click OK (Figure 0486).
17. Now there is a new quota entries added to the Quota Entries list for zul.akmal (Figure 0487).
Figure 0487 : Quota Entries For D: Drive
18. Close the Quota Entries window.
254
19. Click OK button to close the Local Disk (D:) Properties window (Figure 0489).
Figure 0489 : Local Disk (D:) Properties window
20. The Disk Quota confirmation message appear, just click OK to enable the quota system now (Figure 0490).
Figure 0490 : Disk Quota Confirmation Message
255
Test The Quota Setting
21. Log on the client computer as zul.akmal and akmal as password (Figure 0491).
Figure 0491 : Log On To Server Using Client Workstation
22. Launch My Computer. Start ► My Computer (Figure 0492).
Figure 0492 : Launch My Computer
256
23. View Home Directory capacity. Right-click on L: drive and select Properties
(Figure 0493).
Figure 0493 : My Computer
24. The zul.akmal Home Directory properties appear. Look at the directory capacity, it only 10 MB. Same as the Disk Quota Entry we set earlier (Figure 0494).
Figure 0494 : Ahmad Akmal Home Directory Properties
257
25. Click OK button to close (Figure 0494).
26. Launch Windows Explorer. Start ► right-click My Computer ► Explore (Figure 0495).
Figure 0495 : Launch My Computer
27. Access the C:\WINDOWS\Web\Wallpaper sub-folder (Figure 0496).
Figure 0496 : C:\WINDOWS\Web\Wallpaper sub-folder
258
28. Copy Bliss.bmp file. Right-click Bliss.bmp file and select Copy (Figure 0497).
Figure 0497 : Copy Bliss.bmp file
29. Paste the Bliss.bmp file into zul.akmal home directory on L: drive. Right-click L: drive and select Paste (Figure 0498).
Figure 0498 : Paste Bliss.bmp file
259
30. Copy and Paste another file into zul.akmal home directory on L: drive until the
disk quota warning appears (Figure 0499).
Figure 0499 : Disk Quota Warning
Why this happen?
31. Click OK button to close the warning message (Figure 0499).
32. Right-click on L: drive and select Properties (Figure 0500).
Figure 0500 : My Computer
260
33. The zul.akmal Home Directory properties appear. Look at the Used space: size, you have used almost 10 MB. The home directory almost full (Figure 0501).
Figure 0501 : Ahmad Akmal Home Directory Properties
34. Click OK button to close (Figure 0501).
35. Log off the client computer.
36. Log off the server.
Summary Disk quotas allow administrators to restrict disk space to users so that disk space can be effectively managed.
261
Exercise 15
MANAGING SOFTWARE
APPLICATIONS
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
262
Exercise 15 : Managing Software Applications In this exercise you will deploy software to a Windows 2008 client computer. You will deploy WinZip, a file compression program that does not have an associated MSI file. This means you will need to create a ZAP file in order to publish the application. In the second part of this exercise you will publish this software to members of the Sklr OU, and then test the deployment of the software. EXERCISE 15.1 Establish a Software Distribution Point
To support this exercise, you will need a shared folder on the network that contains the software applications that will be deployed.
1. Log on to the server as Administrator (Figure 0502).
Figure 0502 : Administrator Login
263
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0503).
Figure 0503 : Launch Windows Explorer
3. Access D: drive (Figure 0504). (Make sure your D drive are NTFS formatted. If not, you have to convert or format it to NTFS)
Figure 0504: Windows Explorer – D Drive
4. Create a folder named SoftDistSN (SN represents you‟re Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be SoftDist21.
264
4.1. Right-click D drive ► select New ► Folder (Figure 0505).
Figure 0505 : Windows Explorer – Create New Folder
4.2. Rename the folder as SoftDist21 (Figure 0506).
Figure 0506 : Rename Folder
265
EXERCISE 15.2 Sharing The SoftDist21 Folder
5. Open the SoftDist21 folder properties. Right-click SoftDist21 folder ► select
Properties (Figure 0507).
Figure 0507: Open The SoftDist21 Folder Properties
6. Click the Sharing tab (Figure 0508).
Figure 0508 : SoftDist21 Folder Properties - Sharing
7. Click Advanced Sharing… button (Figure 0509).
Figure 0509 : Advanced Sharing… button
266
8. Enable the Share this folder option (Figure 0510).
Figure 0510 : Advanced Sharing
9. Specify the share name as ESoftware (Figure 0511).
Figure 0511 : Advanced Sharing – Share name
267
EXERCISE 15.3
Set Sharing Folder Permissions
Set read access to the share folder for the Sklr OU users and Administrator.
10. Click Permissions button (Figure 0512).
Figure 0512 : Permissions button
11. Select Everyone and click Remove button to remove Everyone from the “Group or user names:” list (Figure 0513).
Figure 0513: Remove Everyone
12. Click Add… button (Figure 0514).
Figure 0514 : Add button
268
13. Click the Advanced… button (Figure 0515).
Figure 0515 : Select Users, Computers, or Groups
14. Click the Find Now button (Figure 0516).
Figure 0516 : Select Users, Computers, or Groups – Advanced
269
15. First, we add first user of Sklr OU. Select Ain Syahmi account from the list (Figure 0517).
Figure 0517 : Select Users, Computers, or Groups – Find Now
16. Click OK button (Figure 0517).
17. Click OK button (Figure 0518).
Figure 0518 : Select Users, Computers, or Groups – User Added
270
18. Tick Allow box for Read permission. This will give Ain Syahmi Read permission
over the folder SoftDist21. So she can read from the SoftDist21 folder on the
myserver.com server (Figure 0519).
Figure 0519 : Folder Permissions For Users
19. Click Apply button(Figure 0519).
20. Now we add second user of Sklr OU. Click Add… button (Figure 0520).
Figure 0520 : Add button
21. Click the Advanced… button (Figure 0521).
Figure 0521 : Select Users, Computers, or Groups
271
22. Click the Find Now button (Figure 0522).
Figure 0522 : Select Users, Computers, or Groups – Advanced
23. Select Aliuddin account from the list (Figure 0523).
Figure 0523 : Select Users, Computers, or Groups – Find Now
24. Click OK button (Figure 0523).
272
25. Click OK button (Figure 0524).
Figure 0524 : Select Users, Computers, or Groups – User Added
26. Tick Allow box for Read permission. This will give Aliuddin Read permission
over the folder SoftDist21. So she can read from the SoftDist21 folder on the
myserver.com server (Figure 0525).
Figure 0525 : Folder Permissions For Users
27. Click Apply button (Figure 0525).
28. Now we add Administrator account to give Administrator permission to manage the shared folder. Click Add… button (Figure 0526).
Figure 0526 : Add button
273
29. Click the Advanced… button (Figure 0527).
Figure 0527 : Select Users, Computers, or Groups
30. Click the Find Now button (Figure 0528).
Figure 0528 : Select Users, Computers, or Groups – Advanced
274
31. Select Administrator user account from the list (Figure 0529).
Figure 0529 : Select Users, Computers, or Groups – Find Now
32. Click OK button (Figure 0529).
33. Click OK button (Figure 0530)
Figure 0530 : Select Users, Computers, or Groups – User Added
275
34. Tick Allow box for Full Control permission. This will give Administrator full
control over the folder SoftDist21. So the Administrator can manage the
SoftDist21 folder on the myserver.com server (Figure 0531).
Figure 0531 : Folder Permissions For Users
35. Click OK (Figure 0531).
36. Click OK button to close Advanced Sharing window (Figure 0532).
Figure 0532 : Advanced Sharing window
276
37. Click Close button to close SoftDist21 Properties window (Figure 0533).
Figure 0533 : SoftDist21Properties window
38. Click Close all remaining windows.
277
EXERCISE 15.4
Copy Software Application files to the Software Distribution Point
The next step is to copy some software applications to the distribution share.
39. Download file WinRar 3.9.3 from site below:
http://zcomby-server2008.blogspot.com under Downloads section and save to the software distribution share point (or download it from the internet from http://www.rarlab.com) .
40. Download file Sample.rar from site below:
http://zcomby-server2008.blogspot.com under Downloads section and save to the software distribution share point (or create a rar file that has a readme.txt file in the achive).
EXERCISE 15.5
Create a ZAP file for the application
To deploy the WinRar application, you will need to create a ZAP file, as no MSI file is available.
41. Create New text document inside E:\SoftDiskx, and rename the text document
as winrar.zap. 41.1 Launch Notepad. Click Start ► All Programs ► Accessories ► Notepad
(Figure 0534).
Figure 0534: Launch Notepad
278
41.2 Click File ► Save As… (Figure 0535).
Figure 0535: Notepad
41.3 Change the file name to winrar.zap and select All Files for “Save as
type:” box (Figure 0536).
Figure 0536 : Notepad – Save As
41.4 Click Browse Folders button (Figure 0536).
279
41.5 Click Computer ► double click Local Disk (D:) ► double click SoftDist21 folder (Figure 0537).
Figure 0537 : Notepad – Save As – Browse Folders
41.6 Click Save button to confirm save location (Figure 0537).
42. Key-in the following text into the winrar.zap file (Figure 0538).
Figure 0538: winrar.zap
43. After finish insert the text, save and close the winrar.zap file.
280
EXERCISE 15.6
Publish the Software Application to Users of the Production OU
In this step, you will edit the group policy for the Sklr OU and specify a new software installation for users.
44. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy Management (Figure 0539)
Figure 0539 : Launch Group Policy Management
45. Expand Forest: myserver.com (Figure 0540).
Figure 0540 : Group Policy Management - Forest
281
46. Expand the Domains (Figure 0541).
Figure 0541 : Group Policy Management – Domains
47. Expand your domain.com (Figure 0542).
Figure 0542 : Group Policy Management – myserver.com
48. Right-click the Sklr OU and select the Create a GPO in this domain, and Link it here… (Figure 0543).
Figure 0543 : Group Policy Management – Create new GPO
282
49. Rename the policy as SKLR Group Policy (Figure 0544).
Figure 0544 : Create New GPO
50. Click OK button to continue (Figure 0544).
51. Right-click the SKLR Group Policy and select Edit (Figure 0545).
Figure 0545 : Default Domain Policy - Edit
52. Expand User Configuration (Figure 0546).
Figure 0546 : Group Policy Management Editor – User Configuration
283
53. Expand the Policies folder (Figure 0547).
Figure 0547 : Group Policy Management Editor – Policies
54. Expand the Software Settings folder (Figure 0548).
Figure 0548 : Group Policy Management Editor – Software Settings
55. Right-click Software installation and select New ► Package… (Figure 0549).
Figure 0549 : Software installation – New - Package
284
56. Browse the network and locate the winrar.zap file.
56.1 Click the Network (Figure 0550).
Figure 0550 : Network
56.2 Double-click your server icon (Figure 0551).
Figure 0551 : Network – Server21
285
56.3 Double-click the ESoftware folder (Figure 0552).
Figure 0552 : Network – Server21 - ESoftware
56.4 Click file types drop-down box and select ZAW Down-level application packages (*.zap) (Figure 0553).
Figure 0553 : Network – Server21 – ESoftware – File types
286
56.5 Select the winrar.zap file and click Open button (Figure 0554).
Figure 0554 : Network – Server21 – ESoftware – winrar.zap
57. Select Published (Figure 0555).
Figure 0555 : Deploy Software
58. Click OK button (Figure 0555).
287
59. Now you can see the Win Rar package are listed under “Software installation” policy (Figure 0556).
Figure 0556 : SKLR Group Policy
60. Close all remaining windows.
Update Group Policy
61. Launch the Run application. Click Start ► Run… (Figure 0557).
Figure 0557 : Launch the Run Application
62. Key-in gpupdate in the Open : box (Figure 0558).
Figure 0558 : Run Windows
288
63. Click OK to run the gpupdate (Figure 0559).
Figure 0559 : Updating Policy
64. Log off the server.
289
EXERCISE 15.7
Test the software deployment
In this step, you will log on to the client computer and test to see if the software can be deployed. In order for the software to install however, the user needs sufficient rights on the local computer. 65. Log on the client computer (Windows XP Professional) as local Administrator
65.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0560).
Figure 0560 : Windows XP Logon
65.2 Key-in “User name:” as Administrator and select Log on to: CLIENT (this computer) (Figure 0561).
Figure 0561 : Log on to Windows XP
65.3 Click OK button (Figure 0561).
290
66. Launch Control Panel. Start ►Control Panel (Figure 0562).
Figure 0562 : Launch Control Panel
67. Click Performance and Maintenance (Figure 0563).
Figure 0563 : Control Panel
291
68. Click Administrative Tools (Figure 0564).
Figure 0564 : Performance and Maintenance
69. Double-click Computer Management icon (Figure 0565).
Figure 0565 : Administrative Tools
292
70. Expand System Tools ►Local Users and Groups ►Groups (Figure 0566).
Figure 0566 : Computer Management
71. Double-click Power Users (Figure 0566).
72. Click Add… button (Figure 0567).
Figure 0567 : Power Users Properties
293
73. Key-in ain.syahmi in the box and click Check Names button (Figure 0568).
Figure 0568 : Select Users, Computers, or Groups
74. Enter username as ain.syahmi and her password [ain] (Figure 0569).
Figure 0569 : Enter Network Password
294
75. Click OK button (Figure 0570).
Figure 0570 : Select Users, Computers, or Groups
76. Click OK button for the “Power User Properties” (Figure 0571).
Figure 0571 : Power User Properties
77. Close all the remaining windows.
78. Log off the client computer.
295
79. Log on to the server from client computer as ain.syahmi.
79.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0572).
Figure 0572 : Windows XP Logon
79.2 Key-in “User name:” as ain.syahmi and ain as password. (Figure 0573).
Figure 0573 : Log on to Windows XP
79.3 Select Log on to: MYSERVER (Figure 0573).
79.4 Click OK button (Figure 0573).
296
80. Copy the file sample.rar from Server.
80.1 Launch My Computer. Start My Computer (Figure 0574).
Figure 0574 : Launch My Computer
80.2 Click the My Network Places (Figure 0575).
Figure 0575 : My Computer
297
80.3 Click the Entire Network (Figure 0576).
Figure 0576 : Entire Network Link
80.4 Double-click the Microsoft Windows Network (Figure 0577).
Figure 0577 : Entire Network
80.5 Double-click the Myserver workgroup (Figure 0578).
Figure 0578 : Microsoft Windows Network
298
80.6 Double-click the Server21 and view the available resources (Figure
0579).
Figure 0579 : Myserver Workgroup
80.7 You should see the ESoftware resource listed (Figure 0580).
Figure 0580 : Server21 Resources
80.8 Double-click the ESoftware to view the available resources (Figure 0580).
299
80.9 Copy Sample.rar file. Right-click on Sample.rar file ►select Copy (Figure
0581).
Figure 0581 : ESoftware on Server21
80.10 Paste on the client PC desktop. Right-click on Desktop ►Select Paste (Figure 0582).
Figure 0582 : Windows XP Desktop
300
81. Double-click the sample.rar file. What happened?
WinRar installation wizard appeared. Install the WinRar (Figure 0583).
Figure 0583 : WinRar installation wizard
82. After finish install WinRar, close all remaining windows. And then double-click the sample.rar file. The Sample.rar now opened with WinRar program. Now you can read or extract contents of the Sample.rar file (Figure 0584).
Figure 0584 : Sample.rar opened with WinRar
83. Log off the client computer.
301
EXERCISE 15.8
Installing Application with MSI support In this exercise you will deploy Microsoft FrontPage 2003.
84. Log on to the server as Administrator (Figure 0585).
Figure 0585 : Administrator Login
85. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0586).
Figure 0586 : Launch Windows Explorer
302
86. Access D: drive (Figure 0587).
Figure 0587 : Windows Explorer – D Drive
87. Access D:\SoftDist21 folder (Figure 0588).
Figure 0588 : Windows Explorer – D:\SoftDist21 folder
303
88. Create subfolder called FrontPage.
88.1. Right-click D drive ► select New ► Folder (Figure 0589)
Figure 0589 : Windows Explorer – Create New Folder
88.2. Rename the folder as FrontPage (Figure 0590).
Figure 0590 : Windows Explorer – Rename Folder
304
89. Insert the Microsoft Office 2003 AIO CD and copy all files and folders in the FrontPage folder to the D:\SoftDistx\FrontPage folder 89.1. Select the CD drive (Figure 0591).
Figure 0591 : Windows Explorer – CD Drive
89.2. Copy the FRONTPAGE folder. Right-click FRONTPAGE folder ►Copy
(Figure 0592).
Figure 0592 : Windows Explorer – Copy FRONTPAGE Folder
305
89.3. Expand the SoftDist folder. Right-click the FrontPage folder ►Paste (Figure
0593).
Figure 0593 : Windows Explorer – Paste Folder
89.4. Click the FrontPage folder to confirm all files are copied (Figure 0594).
Figure 0594 : Windows Explorer – FrontPage Contents
306
90. Launch Group Policy Management. Click Start ► Administrative Tools ► Group
Policy Management (Figure 0595)
Figure 0595 : Launch Group Policy Management
91. Expand Forest: myserver.com (Figure 0596).
Figure 0596 : Group Policy Management - Forest
307
92. Expand the Domains (Figure 0597).
Figure 0597 : Group Policy Management – Domains
93. Expand your domain.com (Figure 0598).
Figure 0598 : Group Policy Management – myserver.com
94. Right-click the SKLR Group Policy and select Edit (Figure 0599).
Figure 0599 : Default Domain Policy - Edit
308
95. Expand User Configuration (Figure 0600).
Figure 0600 : Group Policy Management Editor – User Configuration
96. Expand the Policies folder (Figure 0601).
Figure 0601 : Group Policy Management Editor – Policies
97. Expand the Software Settings folder (Figure 0602).
Figure 0602 : Group Policy Management Editor – Software Settings
309
98. Right-click Software installation and select New ► Package… (Figure 0603).
Figure 0603 : Software installation – New - Package
99. Browse the network and locate the FP11.msi file.
99.1 Click the Network (Figure 0604).
Figure 0604 : Network
310
99.2 Double-click your server icon (Figure 0605).
Figure 0605 : Network – Server21
99.3 Double-click the ESoftware folder (Figure 0606).
Figure 0606 : Network – Server21 - ESoftware
311
99.4 Double-click the FrontPage folder (Figure 0607).
Figure 0607: Network – Server21 – ESoftware – FrontPage
99.5 Double-click the FRONTPAGE folder (Figure 0608).
Figure 0608 : Network – Server21 – ESoftware – FrontPage – FRONTPAGE
99.6 Select the FP11.msi file and click Open button (Figure 0609).
Figure 0609 : Network – Server21 – ESoftware – FP11.msi
312
100. Select Advanced (Figure 0610).
Figure 0610 : Deploy Software
101. Click OK button (Figure 0610).
102. Click the Deployment tab and select Assigned (Figure 0611).
Figure 0611 : Assigned Software
103. Click OK button (Figure 0611).
313
104. Now you can see the Microsoft Office FrontPage package are listed under “Software installation” policy (Figure 0612).
Figure 0612 : SKLR Group Policy
105. Close all remaining windows.
Update Group Policy
106. Launch the Run application. Click Start ► Run… (Figure 0613).
Figure 0613 : Launch the Run Application
107. Key-in gpupdate in the Open : box (Figure 0614).
Figure 0614 : Run Windows
314
108. Click OK to run the gpupdate (Figure 0615).
Figure 0615 : Updating Policy
109. Log off the server.
315
EXERCISE 15.9
Test the software deployment
Now you will test the deployment of FrontPage 2003 by logging onto the client computer as a member of the Sklr OU.
110. Log on to the server from client computer as ain.syahmi.
110.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0616).
Figure 0616 : Windows XP Logon
110.2 Key-in “User name:” as ain.syahmi and ain as password. (Figure 0617).
Figure 0617: Log on to Windows XP
110.3 Select Log on to: MYSERVER (Figure 0617).
110.4 Click OK button (Figure 0617).
316
111. Click Start ► All Programs ► Microsoft Office ► Microsoft Office FrontPage
2003. Note how FrontPage appears on the start menu (Figure 0618).
Figure 0618 : Start Menu - Microsoft Office FrontPage 2003
112. The installation process will begin. When requested, enter the CD key and click Next button (Figure 0619).
Figure 0619 : Microsoft Office FrontPage 2003 - Setup
317
113. Click Next button until reach the Summary windows (Figure 0620).
Figure 0620 : Microsoft Office FrontPage 2003 - Install
114. Click the Install button (Figure 0620).
115. Wait until the installations complete (Figure 0621).
Figure 0621 : Setup Completed
116. Click Finish button to complete the FrontPage 2003 installation (Figure 0621).
117. After running FrontPage 2003, log off the client computer.
118. Log on to the client computer as zul.akmal.
318
119. Is FrontPage 2003 available on the Start menu? YES NO
Your answer must be NO. Why? Because we zul.akmal were member of Sted OU not the Sklr OU. We only deployed a software application to a Sklr OU users.
120. Log off the client computer.
121. Log off the server.
Summary
In this exercise you deployed a software application to a group of users. The application was not supported by Windows Installer so required you to create a ZAP file.
The software application and Zap file were placed on a network share. This software was then associated with a group policy for the Sklr Organizational Unit. The software deployment was then tested when a user of the Sklr OU logged onto a client computer.
In installing software on the client computer, the installer needed the required permissions. In this exercise, the users were made members of the Power Users group to enable the installation of the software. In actual use, members would be set up with the required permissions, rather than perhaps being made a member of this group on the local computer.
Managing the software distribution can simply the administration of the network and ensure that users only get the applications that have been assigned to them.
319
Exercise 16
VIEWING EVENTS
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
320
Exercise 16 : Viewing Events In this exercise you will look at events generated on the server. This is important because when there is a problem, often the cause is logged by the system. The event logs are a good source to look for problems in configuration or access. EXERCISE 16.1 Running Event Viewer
1. Log on to the server as Administrator (Figure 0622).
Figure 0622 : Administrator Login
321
2. Launch Event Viewer. Click Start ►Administrative Tools ►Even Viewer (Figure 0623).
Figure 0623 : Launch Event Viewer
3. Expand Windows Logs ►System. The Event Viewer windows displays the current
event logs. There are a number of logs available (Figure 0624).
Figure 0624 : Even Viewer windows
322
EXERCISE 16.2 Viewing the Different Log Files
To view events, you need to select a specific log file. 4. Under Windows Logs, click the Security log.
Note the large number of events that are listed in the middle windows (Figure 0625).
Figure 0625 : Even Viewer – Security Logs
5. All events have a Source and Task Category. Note these two columns in the
window (Figure 0625). It is handy to sometimes restrict the events being viewed to just those events that are of interest.
323
EXERCISE 16.3 Filtering Events
In this exercise you will use the filtering function to display only those events of interest. Often the event log has hundreds of events listed, so you need the ability to look for only those events that are relevant to what you are trying to resolve.
6. On the right window, click the Filter Current Log… (Figure 0626).
Figure 0626 : Even Viewer – Security Logs
7. Select all Event level: (Figure 0627).
Figure 0627 : Filter Current Log window - Event level
324
8. In Event sources: drop-down menu, select Microsoft Windows security auditing
(Figure 0628).
Figure 0628 : Filter Current Log window - Event sources
9. Set the Task category: to Logon (Figure 0629).
Figure 0629 : Filter Current Log window - Task category
325
10. Click OK button (Figure 0630).
Figure 0630 : Filter Current Log window
11. Note that only Microsoft Windows security auditing events with Logon task
category are now listed (Figure 0631).
Figure 0631 : Even Viewer – Security events
12. Double-click the first event to see the event properties (Figure 0631).
326
13. The event properties of the first event appeared. The dialog box gives an indication
of the event [including the event ID, which is helpful when exploring your server as to possible problems] (Figure 0632).
Figure 0632 : Event Properties
14. Click Close button (Figure 0632).
15. Close the event viewer.
16. Log off the server.
Summary Windows Server 2008 logs activity to event logs. These events can be viewed with Event Viewer. Typical events are printing, security, auditing, logon and logoff, as well as other events generated by application software or other services such as DNS. Events are helpful in determining problems with configuration or security.
327
Exercise 17
AUDITING
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
328
Exercise 17 : Auditing In this exercise, you shall look at enabling auditing on selected resources, so that their usage and access can be monitored. You will use event viewer to view the logged accesses. Often, if you find that you cannot resolve problems in user access, enabling auditing and viewing the audit logs with event viewer can help you determine the cause of the problem. EXERCISE 17.1 1. Log on to the server as Administrator (Figure 0633).
Figure 0633 : Administrator Login
2. Launch Group Policy Management. Click Start ► Administrative Tools ► Group
Policy Management (Figure 0634).
Figure 0634 : Launch Group Policy Management
329
3. Expand Forest: myserver.com (Figure 0635).
Figure 0635 : Group Policy Management - Forest
4. Expand the Domains (Figure 0636).
Figure 0636 : Group Policy Management – Domains
5. Expand your domain.com (Figure 0637).
Figure 0637 : Group Policy Management – myserver.com
330
6. Edit the Default Domain Policy. Right-click Default Domain Policy ►Edit (Figure 0638).
Figure 0638 : Edit the Default Domain Policy.
7. Expand Computer Configuration (Figure 0639).
Figure 0639 : Expand Computer Configuration.
8. Expand Policies (Figure 0640).
Figure 0640 : Expand Policies.
331
9. Expand Windows Settings (Figure 0641).
Figure 0641 : Expand Windows Settings.
10. Expand Security Settings (Figure 0642).
Figure 0642 : Expand Security Settings.
11. Expand Local Policies (Figure 0643).
Figure 0643 : Expand Local Policies.
332
12. Expand Audit Policy (Figure 0644).
Figure 0644 : Expand Audit Policy.
13. Open Audit logon events properties. Right-click Audit logon events ►Properties (Figure 0645).
Figure 0645 : Open Audit logon events properties.
14. Enable the Success and Failure attempts (Figure 0646).
Figure 0646 : Define policy settings.
333
15. Click Apply button (Figure 0646).
16. Click OK button to close (Figure 0646). 17. Enable the following events (Figure 0647):
i. Audit account logon events – Success ii. Audit account management – Success iii. Audit directory service access – Success iv. Audit logon events – Success, Failure v. Audit object access - Success, Failure vi. Audit policy change – Success vii. Audit system events - Success
Figure 0647 : Group policy management editor.
18. Close the group policy management editor.
19. Close all remaining windows.
334
Update Group Policy
20. Launch the Run application. Click Start ► Run… (Figure 0648).
Figure 0648 : Launch the Run Application
21. Key-in gpupdate in the Open : box (Figure 0649).
Figure 0649 : Run Windows
22. Click OK to run the gpupdate (Figure 0650).
Figure 0650 : Updating Policy
23. Log off the server.
335
EXERCISE 17.2 Set Auditing at the file object level. 1. Log on to the server as Administrator (Figure 0651).
Figure 0651 : Administrator Login
2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0652).
Figure 0652 : Launch Windows Explorer
336
3. Access D: drive (Figure 0653).
Figure 0653 : Windows Explorer – D Drive
4. Right-click D: drive and select Properties (Figure 0654).
Figure 0654 : Windows Explorer – Properties
337
5. Select Security tab; and then click the Advanced button (Figure 0655).
Figure 0655 : D: drive properties
338
6. Select Auditing tab (Figure 0656).
Figure 0656 : Advanced Security Settings for Local Disk (D:).
7. Click the Edit … button (Figure 0656).
8. Click Add … button (Figure 0657).
Figure 0657 : Advanced Security Settings for Local Disk (D:) – Auditing tab.
339
9. Key-in zul.zcomby in the box, and click Check Names button (Figure 0658).
Figure 0658 : Select User, Computer, or Group.
10. Click OK button (Figure 0659).
Figure 0659 : Select User, Computer, or Group – Check Names.
340
11. Enable the following options (Figure 0660):
List folder read data – Successful and Failed
Create files / write data - Successful and Failed
Figure 0660 : Auditing Entry for Local Disk (D:).
12. Click OK button (Figure 0660).
341
13. Click OK button (Figure 0661).
Figure 0661 : Advanced Security Settings for Local Disk (D:) – Auditing tab.
14. Click OK button (Figure 0662).
Figure 0662 : Advanced Security Settings for Local Disk (D:)
342
15. Click OK button (Figure 0663).
Figure 0663 : D: drive properties
16. Log off the server.
343
EXERCISE 17.3 Access the resource to generate the audit event. Now it is time to test the auditing. What you did in the previous exercise was setup a group policy for domain controllers. You enabled auditing on the server using Local Security Policy. Next, you enabled auditing on the files and sub-folder D:\tempx. In the next step you will log on and access this resource, thus generating an audit event.
17. Log on to the server computer as zul.zcomby.
17.1. Press Ctrl + Alt + Del.
17.2. Click Switch User button (Figure 0664).
Figure 0664 : Switch User button
17.3. Click Other User button (Figure 0665).
Figure 0665 : Other User button
17.4. Enter user as zul.zcomby and password as comby (Figure 0666).
Figure 0666 : Logon to server using user account
17.5. Press ENTER.
344
18. Launch Notepad. Click Start ►All Programs ►Accessories ►Notepad.
19. Write your name (Figure 0667).
Figure 0667 : Notepad
20. Press Ctrl + S to save the files.
21. Click the Browse Folder button (Figure 0668).
Figure 0668 : Save As - Browse Folder
22. Access the Local Disk (D:). Click Computer ►double-click Local Disk (D:) (Figure 0669).
Figure 0669 : Save As - Access the Local Disk (D:)
345
23. Double-click the D:\tempx folder (Figure 0670).
Figure 0670 : Save As – D:\tempx folder
24. Set the files name as Readme and click the Save button (Figure 0671).
Figure 0671 : Save As – Readme.txt
25. Close the Notepad editor.
26. Log off the server.
346
EXERCISE 17.4 View the audit events. In the last exercise, you accessed the resource and this would have generated an audit event. These events are stored in the security log and are viewed with event viewer.
27. Log on to the server as Administrator (Figure 0672).
Figure 0672 : Administrator Login
28. Launch Event Viewer. Click Start ►Administrative Tools ►Even Viewer (Figure 0673).
Figure 0673 : Launch Event Viewer
347
29. Expand Windows Logs ►Security. The Event Viewer window displays the current
event logs. There are a number of logs available (Figure 0674).
Figure 0674 : Even Viewer windows
30. On the right window, click the Filter Current Log… (Figure 0675).
Figure 0675 : Even Viewer – Security Logs
348
31. Now configure the Filter Current Log. Please refer to the following table for
configuration (Figure 0676).
Logged: Any time
Event level: Information
Event sources: Microsoft Windows security auditing.
Task category: File System
Keywords: Audit Success
User: <All Users>
Computer(s): <All Computer>
Figure 0676 : Filter Current Log window
32. Click OK button (Figure 0676).
349
33. Note that only Microsoft Windows security auditing events with File System task
category are now listed (Figure 0677).
Figure 0677 : Even Viewer – Security events
34. Double-click the first event to see the event properties (Figure 0677).
35. The event properties of the first event appeared. The dialog box gives an indication
of the event [including the event ID, which is helpful when exploring your server as to possible problems] (Figure 0678).
Figure 0678 : Event Properties
36. You will notice from Account Name: section, there are user name zul.zcomby are
login into the server (Figure 0678).
350
37. Drag the right-hand side scroll bar until you see the Process Information: section (Figure 0679).
Figure 0679 : Event Properties
38. From this section, you can see the process or application zul.zcomby run while he login to the server. As you can see, zul.zcomby are launch Notepad application software. Maybe he writing something or maybe he open a text file (Figure 0679).
39. Click Close button (Figure 0679). 40. Now let find the location of the text file zul.zcomby opened. Double-click the second
event to see the event properties (Figure 0680)
Figure 0680 : Even Viewer – Security events
351
41. Scroll until you find the Object: section. As you can see the log reports same as the first event (Figure 0681).
Figure 0681 : Event Properties
42. Click the Close button (Figure 0681).
43. Now try double-click the third event to see the event properties (Figure 0682).
Figure 0682: Even Viewer – Security events
352
44. Scroll until you find the Object: section. Can you find the differences between third
event and the first event? In the third event there is extra information under Object: section. Object Type: and Object Name: (Figure 0683). Object Type: state the type of the object. Object Name: state the object name.
Figure 0683: Even Viewer – Security events
From this event log, you can trace and viewed the security log. You can check what happened to the server behind the screen or while you were gone. This also can help you to determine the cause of the problem in user access.
45. Click the Close button (Figure 0683). 46. Close the event viewer.
353
EXERCISE 17.5 Disable Auditing Auditing places a performance penalty overhead on the computer. In this step, you will disable auditing. 47. Launch Group Policy Management. Click Start ► Administrative Tools ► Group
Policy Management (Figure 0684).
Figure 0684 : Launch Group Policy Management
48. Expand Forest: myserver.com (Figure 0685).
Figure 0685 : Group Policy Management - Forest
354
49. Expand the Domains (Figure 0686).
Figure 0686 : Group Policy Management – Domains
50. Expand your domain.com (Figure 0687).
Figure 0687 : Group Policy Management – myserver.com
51. Edit the Default Domain Policy. Right-click Default Domain Policy ►Edit (Figure
0688).
Figure 0688 : Edit the Default Domain Policy.
355
52. Expand Computer Configuration (Figure 0689).
Figure 0689 : Expand Computer Configuration.
53. Expand Policies (Figure 0690).
Figure 0690 : Expand Policies.
54. Expand Windows Settings (Figure 0691).
Figure 0691 : Expand Windows Settings.
356
55. Expand Security Settings (Figure 0692).
Figure 0692 : Expand Security Settings.
56. Expand Local Policies (Figure 0693).
Figure 0693 : Expand Local Policies.
57. Expand Audit Policy (Figure 0694).
Figure 0694 : Expand Audit Policy.
357
Change auditing to No Auditing.
58. Open Audit logon events properties. Right-click Audit logon events ►Properties
(Figure 0695).
Figure 0695 : Open Audit logon events properties.
59. Disable the Success and Failure attempts; uncheck both boxes (Figure 0696).
Figure 0696 : Define policy settings.
60. Click Apply button (Figure 0696).
61. Click OK button to close (Figure 0696).
358
62. Change auditing to No Auditing the following events (Figure 0697):
i. Audit account logon events ii. Audit account management iii. Audit directory service access iv. Audit logon events v. Audit object access vi. Audit policy change vii. Audit privilege use viii. Audit process tracking ix. Audit system events
Figure 0697 : Group policy management editor.
63. Close the group policy management editor.
64. Close all remaining windows.
359
Update Group Policy
65. Launch the Run application. Click Start ► Run… (Figure 0698).
Figure 0698 : Launch the Run Application
66. Key-in gpupdate in the Open : box (Figure 0699).
Figure 0699 : Run Windows
67. Click OK to run the gpupdate (Figure 0700).
Figure 0700 : Updating Policy
360
Remove User From Auditing Entry.
68. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore
(Figure 0701).
Figure 0701 : Launch Windows Explorer
69. Access D: drive (Figure 0702).
Figure 0702 : Windows Explorer – D Drive
361
70. Right-click D: drive and select Properties (Figure 0703).
Figure 0703 : Windows Explorer – Properties
71. Select Security tab; and then click the Advanced button (Figure 0704).
Figure 0704 : D: drive properties
362
72. Select Auditing tab and select Zul Zcomby (Figure 0705).
Figure 0705 : Advanced Security Settings for Local Disk (D:).
73. Click the Edit … button (Figure 0705).
74. Select Zul Zcomby and click Remove button (Figure 0706).
Figure 0706 : Advanced Security Settings for Local Disk (D:) – Auditing tab.
75. Click OK button (Figure 0706).
363
76. Click OK button (Figure 0707).
Figure 0707 : Advanced Security Settings for Local Disk (D:)
77. Click OK button (Figure 0708).
Figure 0708 : D: drive properties
364
EXERCISE 17.6 Clear the Security Log Events In this exercise you will clear all the events in the Security log.
78. Launch Event Viewer. Click Start ►Administrative Tools ►Even Viewer (Figure 0709).
Figure 0709 : Launch Event Viewer
365
79. Expand Windows Logs ►Security. The Event Viewer window displays the current event logs. There are a number of logs available (Figure 0710).
Figure 0710 : Even Viewer windows
80. Right-click Security log and select Clear Log… (Figure 0711).
Figure 0711 : Even Viewer window
366
81. Click Clear button so that the events are not saved (Figure 0712).
Figure 0712 : Even Viewer – Clear Log
82. Close Even Viewer.
83. Log off the server.
Summary
Both Directories and Files can be audited. When auditing is enabled, events that are specified are written to an event log, which can be viewed in Event Viewer. It is possible to apply a filter when viewing events to be more selective. Applying auditing creates an overhead penalty on the server, and can fill the event logs quickly.
367
Exercise 18
INSTALLING AND CONFIGURING
PRINTER
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
368
Exercise 18 : Installing and Configuring Printer In this exercise, you shall look at creating a local printer on the Server and access that printer remotely from the client computer. This exercise used an HP Color LaserJet
CP1515n printer, attached to the network. EXERCISE 18.1 1. Log on to the server as Administrator (Figure 0713).
Figure 0713 : Administrator Login
2. Open the Control Panel. Click Start ► Control Panel (Figure 0714).
Figure 0714 : Open Control Panel
369
3. Double-click Printer icon (Figure 0715).
Figure 0715 : Control Panel - Printer
4. Click Add a printer button to run the Add Printer wizard (Figure 0716).
Figure 0716 : Printer – Add a printer
370
5. Click Add a local printer (Figure 0717).
Figure 0717 : Add Printer wizard - Add a local printer
6. Select Create a new port. And select Standard TCP/IP Port from the “Type of port:” drop down menu (Figure 0718).
Figure 0718 : Add Printer wizard – Create new port
7. Click Next button (Figure 0718).
371
8. Now select Device type: as TCP/IP Device and enter your printer IP address in the
Hostname or IP address: box. For this exercise, my printer IP address is 192.168.2.254 (Figure 0719).
Figure 0719 : Add Printer wizard – Printer IP address
9. Click Next button (Figure 0719). 10. Wait until the detecting of the TCP/IP port process finish. After finish the detection
process, the windows will automatically move to the next page (Figure 0720).
Figure 0720 : Add Printer wizard – TCP/IP port detection process
372
11. Click Next button (Figure 0721).
Figure 0721 : Add Printer wizard – Port type
12. Now the Add Printer wizard will try to detect the printer driver. The Add Printer wizard will automatically move to the next page after the detection process done (Figure 0722).
Figure 0722 : Add Printer wizard – Printer driver detection
373
13. In the list of Manufacturer, select HP.
And in the list of Printer, select your printer model. But if your printer is not listed, consult your printer documentation for compatible printer driver or just select the nearest model or select the Family or common driver. In this exercise, my printer is not listed under the printer list. So I will select the Family Driver of my printer; HP Color LaserJet Family Driver PCL5 (Figure 0723).
Figure 0723 : Add Printer wizard – Install printer driver
14. Click Next button (Figure 0723). 15. Enter your printer name. Normally same as printer model. So here I enter my printer
model; HP Color LaserJet CP1515n as printer name (Figure 0724).
Figure 0724 : Add Printer wizard – Printer name
16. Click Next button (Figure 0724).
374
17. Enter HPCP1515n as the shared printer name and STKM for the Location field
(Figure 0725).
Figure 0725 : Add Printer wizard – Printer sharing
18. Click Next button (Figure 0725).
19. Click Finish button to complete the adding printer process (Figure 0726).
Figure 0726 : Add Printer wizard – Finish
375
EXERCISE 18.2 Assign a Print Manager For The Printer In this exercise, you will assign a user to manage the printer. This printer manager will be able to delete jobs and perform other administrative tasks. 20. Right-click the installed printer and select Sharing… (Figure 0727).
Figure 0727 : Printer – Sharing
21. You will see that Windows Server 2008 has already shared the printer on the network, but the printer not listed in the Active Directory. To list the printer in the Active Directory, tick the List in the directory option (Figure 0728).
Figure 0728 : Printer Properties – Sharing tab
376
22. Click the Security tab (Figure 0728).
23. The current security setting for the printer is similar to the Figure 0729. You will note that everyone (all users) has print access, whilst Administrators have all rights. Print Operators also have all rights.
Figure 0729 : Printer Properties – Security tab
24. Click the Add… button (Figure 0729).
377
25. Click Advanced… button (Figure 0730).
Figure 0730 : Add Users, Computers, or Groups wizard
26. Click Find Now button (Figure 0731).
Figure 0731 : Add Users, Computers, or Groups wizard - Advanced
378
27. Select Ocah Blue from the list and click OK button (Figure 0732).
Figure 0732 : Add Users, Computers, or Groups wizard – Find Now
28. Click OK button (Figure 0733).
Figure 0733 : Add Users, Computers, or Groups wizard
379
29. Give Ocah Blue full rights to this printer. This effectively makes her a manager for
this printer (Figure 0734).
Figure 0734 : Printer Properties
30. After setting the rights as indicated, click OK button (Figure 0734).
31. Close the Printers window.
380
EXERCISE 18.3 Locating Printers using Active Directory In this exercise, you will use Active Directory to locate printers.
32. Launch Active Directory Users and Computers. Click Start ► Administrative Tools
► Active Directory Users and Computers (Figure 0735).
Figure 0735 : Launch Active Directory Users and Computers
33. From the Menu bar, click Action ►Find (Figure 0736).
Figure 0736 : Active Directory Users and Computers
34. Choose Printers in the Find: list, and enter STKM in the Location: field (Figure 0737).
Figure 0737 : Find Printer wizard
381
35. Click the Find Now button (Figure 0737).
36. The search results will display all the printers installed and listed in your Active Directory. In the previous exercise, you have installed one printer and set the printer to be listed in the Active Directory. So the search results display only one printer founded (Figure 0738).
Figure 0738 : Find Printer wizard – Search results
37. Close the Find Printers wizard (Figure 0738).
38. Close the Active Directory Users and Computers.
39. Log off the server.
382
EXERCISE 18.4 Accessing The Printer From The Client Computer In this exercise, you will log on to the client computer and set up access to the shared printer on the server.
40. Log on to the client computer as ocah.blue (Figure 0739).
Figure 0739 : Log On To Server Using Client Workstation
41. Open Printers and Faxes. Click Start ► Printers and Faxes (Figure 0740).
Figure 0740 : Open Printers and Faxes
383
42. Click the Add a printer icon to run the Add Printer Wizard (Figure 0741).
Figure 0741: Printers and Faxes
43. Click Next button (Figure 0742).
Figure 0742 : Add Printer Wizard
384
44. Select A network printer, or ……… to another computer and click Next button
(Figure 0743).
Figure 0743 : Add Printer Wizard – Type of printer
45. Select Find a printer in the directory and click Next button (Figure 0744).
This option makes finding a printer easier as you do not need to know the name of the server on which the printer is located.
Figure 0744 : Add Printer Wizard – Specify a Printer
385
46. Enter STKM in the Location: field and click Find Now button (Figure 0745).
Figure 0745 : Find Printer wizard
47. Select your printer from the search results list and click OK button (Figure 0746).
Figure 0746 : Find Printer wizard - Search results
386
48. Click Finish button (Figure 0747).
Figure 0747: Add Printer Wizard - Finish
387
EXERCISE 18.5 Printing a File In this exercise, you will print a page to the printer. 49. Right-click the printer icon and select Properties (Figure 0748).
Figure 0748 : Printers and Faxes
50. Click the Print Test Page button (Figure 0749).
Figure 0749 : Printer Properties
388
51. Click OK button (Figure 0750).
Figure 0750 : Print Test Page
52. Click OK button (Figure 0751).
Figure 0751 : Printer Properties
389
EXERCISE 18.6 Managing The Printer In this exercise, you will manage the printer by deleting all print jobs, and then pausing the printer.
53. Make the printer ERROR (open the printer tonner compartment door).
54. Launch Notepad. Click Start ► All Programs ► Accessories ► Notepad (Figure 0752).
Figure 0752 : Launch Notepad
390
55. Key-in your name in the Notepad text editor (Figure 0753).
Figure 0753 : Notepad text editor
56. Print the file. Click File ► Print… (Figure 0754).
Figure 0754 : Notepad – File ►Print
57. Select your printer and click Print button (Figure 0755).
Figure 0755 : Notepad - Print
391
58. Open Printers and Faxes. Click Start ► Printers and Faxes (Figure 0756).
Figure 0756 : Open Printers and Faxes
59. Right-click the printer icon and select Pause Printing (Figure 0757).
Figure 0757 : Printers and Faxes – Pause Printing
392
60. Right-click the printer icon and select Cancel All Documents (Figure 0758).
Figure 0758 : Printers and Faxes – Cancel All Documents
61. Click Yes button to confirm (Figure 0759).
Figure 0759 : Cancel Printing Confirmation
62. Log off the client computer.
393
63. Log on to the client computer as zul.akmal with akmal as his password (Figure
0760).
Figure 0760 : Notepad
64. Open Printers and Faxes. Click Start ► Printers and Faxes (Figure 0761).
Figure 0761 : Open Printers and Faxes
394
65. Click the Add a printer icon to run the Add Printer Wizard (Figure 0762).
Figure 0762 : Printers and Faxes
66. Click Next button (Figure 0763).
Figure 0763 : Add Printer Wizard
395
67. Select A network printer, or ……… to another computer and click Next button
(Figure 0764).
Figure 0764 : Add Printer Wizard – Type of printer
68. Select Find a printer in the directory and click Next button (Figure 0765).
This option makes finding a printer easier as you do not need to know the name of the server on which the printer is located.
Figure 0765 : Add Printer Wizard – Specify a Printer
396
69. Enter STKM in the Location: field and click Find Now button (Figure 0766).
Figure 0766 : Find Printer wizard
70. Select your printer from the search results list and click OK button (Figure 0767).
Figure 0767 : Find Printer wizard - Search results
397
71. Click Finish button (Figure 0768).
Figure 0768 : Add Printer Wizard - Finish
72. Right-click the printer icon and select Resume Printing (Figure 0769).
Figure 0769 : Printers and Faxes – Resume Printing
398
73. What was the message displayed? (Figure 0770).
Figure 0770 : Printers and Faxes – Access denied
74. Why do you think this happened? Because in the previous exercise, you give Ocah Blue full rights to this printer. This effectively makes her a manager for this printer. Whilst other users (everyone) only has print access.
75. Log off the client computer.
Summary
In this exercise you established a network printer and connected to it using a client computer. A print manager responsible for the printer was established and you tested the printer and management functions. You also learnt to locate a printer using the search function of active directory.
399
Exercise 19
OTHER ADMINISTRATIVE
TOOLS
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
400
Exercise 19 : Other Administrative Tools In this exercise you will look at other administrative tools.
Backup Restore Disk Management – Chkdsk and Defrag Safe Mode Directory Service Repair Mode
Backup In this exercise you will use the Backup utility provided with Windows Server 2008 to perform a selective backup of files. EXERCISE 19.1 Installing Windows Server Backup.
1. Log on to the server as Administrator (Figure 0771).
Figure 0771 : Administrator Login
401
2. Launch the Server Manager. Click Start ► Administrative Tools ► Server Manager
(Figure 0772).
Figure 0772 : Launch Server Manager.
3. Click Features ► Add Features (Figure 0773).
Figure 0773 : Server Manager - Add Features
402
4. Select Windows Server Backup Features (Figure 0774).
Figure 0774 : Add Features Wizard - Select Features
5. Click Next button (Figure 0774).
6. Click Install button (Figure 0775).
Figure 0775 : Add Features Wizard - Install
403
7. After finish installation of Windows Server Backup, the Add Features Wizard
show the installation results. Make sure the result is success, if not you have to reinstall the features.
Click Close button to continue (Figure 0776).
Figure 0776 : Add Features Wizard - Installation Results
8. Close all the remaining windows
404
EXERCISE 19.2 Full Server Backup
9. Launch the Windows Server Backup. Click Start ► Administrative Tools ► Windows Server Backup (Figure 0777).
Figure 0777 : Launch the Windows Server Backup.
10. Click Backup Once… (Figure 0778).
Figure 0778 : Windows Server Backup
405
11. Select Different options and click Next button (Figure 0779).
Figure 0779 : Backup Once Wizard
12. Select Full server (recommended) option and click Next button (Figure 0780).
Figure 0780 : Backup Once Wizard – Backup configuration
406
13. Select Local drives option and click Next butoon (Figure 0781).
Figure 0781 : Backup Once Wizard – Type of storage
14. Select drive D as your backup destination, but make sure the drive is NTFS
formatted (Figure 0782).
Figure 0782 : Backup Once Wizard – Backup destination
15. Click Next button (Figure 0782).
407
16. Select VSS full backup option and click Next button (Figure 0783).
Figure 0783 : Backup Once Wizard – Advanced option
17. Check you backup configuration, make sure the backup items and the backup
destination are correct. Click Backup button to start backup (Figure 0784).
Figure 0784 : Backup Once Wizard – Confirmation
408
18. After all files have been archived, the Backup Wizard displays a completion
summary. Click Close button to close the Backup Wizard (Figure 0785).
Figure 0785 : Backup Once Wizard – Backup progress
19. Close the Windows Server Backup window (Figure 0786).
Figure 0786 : Windows Server Backup window
409
EXERCISE 19.3 Restore Files and Folders In this exercise you will use the Backup utility provided with Windows Server 2008 to perform a restore of files and folder.
20. Launch the Windows Server Backup. Click Start ► Administrative Tools ► Windows
Server Backup (Figure 0787).
Figure 0787 : Launch the Windows Server Backup.
21. Click Recover… (Figure 0788).
Figure 0788 : Windows Server Backup
410
22. Select This server option and click Next button (Figure 0789).
Figure 0789 : Recovery Wizard
23. The Recovery Wizard will show the entire available backup. Backups are available for dates shown in bold. Select the date of a backup to use for recovery. Select the latest backup available (Figure 0790).
Figure 0790 : Recovery Wizard – Select backup date
24. Click Next button (Figure 0790).
411
25. Select Files and folders option to restore files and folders. This option only can restore selected files and folder (Figure 0791).
If you want to restore the entire volume, select Volumes option.
Figure 0791 : Recovery Wizard – Select recovery type
26. Click Next button (Figure 0791). 27. Browse the folders tree to find the files or folders that you want to recover. Click
an item to select it for recovery. Let try recover Common Files folder. Select Common Files folder and click Next button (Figure 0792).
Figure 0792 : Recovery Wizard – Select items to recover
412
28. Select Original location for the “Recovery destination” option and select
Overwrite existing files with recovered files for the “When this wizard finds files and folders in the recovery destination” option (Figure 0793).
Figure 0793 : Recovery Wizard – Specify recovery options
29. Click Next button (Figure 0793). 30. Click Recover button to start your recovery (Figure 0794).
Figure 0794 : Recovery Wizard – Confirmation
413
31. After all files have been restored, the Recovery Wizard displays a completion
summary. Click Close button to close the Recovery Wizard (Figure 0795).
Figure 0795 : Recovery Wizard – Finish
32. Close the Windows Server Backup window (Figure 0796).
Figure 0796 : Windows Server Backup
414
EXERCISE 19.4 Restore Volume In this exercise you will perform a restore an entire volume (all data stored on C: drive).
33. Insert the Windows Server 2008 DVD into your DVD drive. 34. Restart your Server. Click Start ► Restart (Figure 0797).
Figure 0797 : Restart Server.
415
35. Select Hardware: Maintenance (Planned) and click OK button (Figure 0798).
Figure 0798 : Shutdown Event Tracker
36. Boot your PC using Windows Server 2008 DVD. 37. Language and Keyboard Options. Select your language and keyboard; and
click Next button to continue (Figure 0799).
Figure 0799 : Language and Keyboard Options
416
38. Windows Server 2008 Setup You are presented with options to Install, brief information about Server 2008 or repair (Figure 0800).
Click Repair your computer to start System Recovery Wizard on this computer. (Figure 07).
Figure 0800 : Windows Server 2008 Setup
39. Select an operating system to repair and click Next button (Figure 0801).
Figure 0801 : System Recovery Options
417
40. Click Windows Complete PC Restore option to restore entire server from a
backup image (Figure 0802).
Figure 0802 : System Recovery Options – Choose a recovery tool
41. Select Use the latest available backup (recommended) option and click the Next button (Figure 0803).
Figure 0803 : Windows Complete PC Restore wizard
418
42. Click the Next button (Figure 0804).
Figure 0804 : Windows Complete PC Restore wizard – restore options
43. Click the Finish button to start restore (Figure 0805).
Figure 0805 : Windows Complete PC Restore wizard – Start restore
44. Tick the I confirm that ……… restore the backup option and click the OK button (Figure 0806).
Figure 0806 : Windows Complete PC Restore wizard – Confirm to restore
419
45. At this point, take a break. The restoring process will continue on its own. This will take several minutes (Figure 0807).
Figure 0807 : Windows Complete PC Restore wizard – Restoring process
46. Windows will automatically reboot your system after the restoring process complete. Press CTRL + ALT + DELETE to log on to your server (Figure 0808).
Figure 0808 : Windows log on
420
47. Log on to the server as Administrator (Figure 0809).
Figure 0809 : Administrator Login
48. Log off the server.
Congratulation! You have finish restore the Windows Server 2008
421
COMPUTER MANAGEMENT This is an administrative tool that allows you view the physical drives, file systems, partitions, and logical drives on the computer. This tool can also be used to check the file systems and defragment. EXERCISE 19.5 In this exercise you will use Computer Management to check the file system. If files are currently in use, Windows Server 2008 is unable to check the state of the file system, and will flag the file system for checking on the next reboot.
1. Log on to the server as Administrator (Figure 0810).
Figure 0810 : Administrator Login
422
2. Launch Computer Management. Click Start ► Administrative Tools ►
Computer Management (Figure 0811).
Figure 0811 : Launch Computer Management
3. Expand the Storage folder and select the Disk Management (Figure 0812).
Figure 0812 : Computer Management window
423
4. Right click C: drive and select Properties (Figure 0813).
Figure 0813 : Computer Management – Disk Management
5. From the Properties window, click the Tools tab (Figure 0814). This tab displays options for you to check the file system, defragment the drive or backup files.
Figure 0814 : Local Disk (C:) Properties
424
6. Click the Check Now… button to check the drive for errors (Figure 0814).
7. Tick the option Automatically fix file system errors and click Start button (Figure 0815).
Figure 0815 : Check Disk Local Disk (C:)
8. If C: drive is not in use, check disk will now scan the drive for errors. If the drive is in use, you will be presented with the option to schedule the disk check when the computer is restarted. Click Schedule disk check to continue (Figure 0816).
Figure 0816 : Schedule disk check option
425
9. Use the same procedure to scan D: drive.
Right click D: drive and select Properties (Figure 0817).
Figure 0817 : Computer Management – Disk Management
10. From the Properties window, click the Tools tab. Then click the Check Now… button to check the drive for errors (Figure 0818).
Figure 0818 : Local Disk (D:) Properties
426
11. Tick the option Automatically fix file system errors and click Start button
(Figure 0819).
Figure 0819 : Check Disk Local Disk (D:)
12. If D: drive is not in use, check disk will now scan the drive for errors. If the drive is in use, you will be presented with the option to schedule the disk check when the computer is restarted. Click Schedule disk check to continue (Figure 0820).
Figure 0820 : Schedule disk check option
427
13. Restart your Server. Click Start ► Restart (Figure 0821).
Figure 0821 : Restart Server
428
14. Select Hardware: Maintenance (Planned) and click OK button (Figure 0822).
Figure 0822 : Shutdown Event Tracker
You will be able to observe the process of checking the file system occurring once the computer restarts (Figure 0823).
Figure 0823 : File system checking process
Once this process has finish, the computer will restart and load Windows Server 2008. The file system should be checked on a regular basis for integrity by running Check disk. Unfortunately, this process often requires restarting the server.
15. Close all remaining windows.
16. Log off the server.
429
DEFRAGMENTING THE FILE SYSTEM Over a period of time, portions of files can become scattered over the surface of the disk and this makes accessing files slower. The process of defragmenting a disk involves moving the portions of each file back together so they are all next to each other. EXERCISE 19.6 In this exercise you will use Computer Management to defragment the current drive.
1. Log on to the server as Administrator (Figure 0824).
Figure 0824 : Administrator Login
430
2. Launch Computer Management. Click Start ► Administrative Tools ►
Computer Management (Figure 0825).
Figure 0825 : Launch Computer Management
3. Expand the Storage folder and select the Disk Management (Figure 0826).
Figure 0826 : Computer Management window
431
4. Right click C: drive and select Properties (Figure 0827).
Figure 0827 : Computer Management – Disk Management
5. From the Properties window, click the Tools tab (Figure 0828). This tab displays options for you to check the file system, defragment the drive or backup files.
Figure 0828 : Local Disk (C:) Properties
432
6. Click Defragment Now… button (Figure 0828).
7. Click Defragment now… button (Figure 0829).
Figure 0829 : Disk Defragmenter window
8. Select all disks for defragment and click OK button (Figure 0830).
Figure 0830 : Disk Defragmenter : Defragment Now
433
9. After the drive has been defragmented, click the Close button to close the Disk
Defragmenter window (Figure 0831).
Figure 0831 : Disk Defragmenter window
Defragmenting the file system should occur on a regular basis to ensure files can be accessed and loaded quickly. Files in use cannot be defragmented, so administrators should schedule this to occur during periods of inactivity. A heavily fragmented file system is often the cause of poor performance.
434
SAFE MODE Safe mode provides a means of recovering from loading device drivers that do not work properly. For instance, an administrator might install a new graphics card, and rather than let Windows Server 2008 install the appropriate drivers, may select an alternative driver. This can result in a system that results in an unreadable screen display. To recover from such a possibility, Windows Server 2008 provides Safe mode. EXERCISE 19.7 In this exercise you will restart the computer in Safe Mode. This is a special mode only available when the computer is restarted and you press F8 before the computer starts loading Windows Server 2008.
1. Log on to the server as Administrator (Figure 0832).
Figure 0832 : Administrator Login
435
2. Restart your Server. Click Start ► Restart (Figure 0833).
Figure 0833 : Restart Server
436
3. Select Operating System: Reconfiguration (Planned) and click OK button
(Figure 0834).
Figure 0834 : Shutdown Event Tracker
4. When the computer restarts, repeatedly press the F8 key while it displays the boot sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0835).
Figure 0835 : Boot Screen
437
5. Select the Safe Mode option and press Enter (Figure 0836).
Figure 0836 : Advanced Boot Options
6. Log on to the server as Administrator (Figure 0837).
Figure 0837 : Administrator Login
438
7. When your computer in safe mode, you‟ll see the word Safe Mode in the corners
of the display (Figure 0838).
Figure 0838 : Safe Mode
439
8. After the computer has started in safe mode, shut the computer down. Click Start
► Shut Down (Figure 0839).
Figure 0839 : Shut Down Server
440
ACTIVE DIRECTORY SERVICE REPAIR MODE The active directory database is stored in the file ntds.dit in the folder NTDS. As changes occur to Active Directory over time, the database file becomes fragmented. An administrator should perform a backup of the Active Directory database file. In this exercise you will boot the computer using a startup option by pressing F8 at startup. This will allow you to enter a mode where you can repair the Active Directory files, or back-up and restore Active Directory.
9. Switch ON your server and repeatedly press the F8 key while it displays the boot
sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0840).
Figure 0840 : Boot Screen
441
10. Select the Directory Services Restore Mode option and press Enter (Figure 0841).
Figure 0841 : Advanced Boot Options
11. Press CTRL + ALT + DELETE and log on to the server as Administrator with Active Directory password you set in the earlier exercise - @xercisE (Figure 0842).
Figure 0842 : Administrator Login
442
Backup Active Directory Service EXERCISE 19.8 In this exercise you will back-up Active Directory.
12. Launch the Run application. Click Start ► Run… (Figure 0843).
Figure 0843 : Launch the Run Application
13. Key-in cmd in the Open : box and click the OK button to launch the Command Prompt application (Figure 0844).
Figure 0844 : Run Windows
14. Access the C:\Windows\ntds folder Type the following command in command prompt: 14.1. cd\ and press Enter (Figure 0845).
Figure 0845 : Command Prompt – cd\
443
14.2. cd c:\windows\ntds and press Enter (Figure 0846).
Figure 0846 : Command Prompt – cd c:\windows\ntds
14.3. dir/w and press Enter (Figure 0847).
Figure 0847 : Command Prompt – dir/w
444
15. Backup the Active Directory Service database by copying the ntds.dit file to a
new file named ntdsbackup.dit Key-in the following command to back-up the ntds.dit file:
copy ntds.dit ntdsbackup.dit and press Enter (Figure 0848).
Figure 0848 : Command Prompt – copy file
16. Reconfirm the backup file is successfully created by typing the following
command:
dir/w and press Enter (Figure 0849).
Figure 0849 : Command Prompt – display directory contents
445
Create The Active Directory Service Error
EXERCISE 19.9 In this exercise you will create Active Directory error by deleting the Active Directory Service database file.
17. Delete the ntds.dit file by execute the following command:
del ntds.dit and press Enter (Figure 0850).
Figure 0850 : Command Prompt – delete file
18. Restart your Server. Click Start ► Restart (Figure 0851).
Figure 0851 : Restart Server
446
19. Select Operating System: Reconfiguration (Planned) and click OK button
(Figure 0852).
Figure 0852 : Shutdown Event Tracker
Could you log on to the server? Why this happened? This problem happened normally because the server cannot find the Active Directory Service database file or maybe the Active Directory Service database file is corrupted. In the earlier exercise you have deleted the Active Directory database file (ntds.dit) to create this problem.
20. Press CTRL + ALT + DELETE to restart your server.
447
21. When the computer restarts, repeatedly press the F8 key while it displays the
boot sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0853).
Figure 0853 : Boot Screen
22. Select the Directory Services Restore Mode option and press Enter (Figure 0854).
Figure 0854 : Advanced Boot Options
448
Restore Active Directory Service EXERCISE 19.10 In this exercise you will restore Active Directory.
23. Press CTRL + ALT + DELETE and log on to the server as Administrator with
Active Directory password you set in the earlier exercise - @xercisE (Figure 0855).
Figure 0855 : Administrator Login
24. Launch the Run application. Click Start ► Run… (Figure 0856).
Figure 0856 : Launch the Run Application
449
25. Key-in cmd in the Open : box and click the OK button to launch the Command
Prompt application (Figure 0857).
Figure 0857 : Run Windows
26. Access the C:\Windows\ntds folder Type the following command in command prompt: 26.1. cd\ and press Enter (Figure 0858).
Figure 0858 : Command Prompt – cd\
26.2. cd c:\windows\ntds and press Enter (Figure 0859).
Figure 0859 : Command Prompt – cd c:\windows\ntds
450
26.3. dir/w and press Enter (Figure 0860).
Figure 0860 : Command Prompt – dir/w
27. Restore the Active Directory Service by copying the ntdsbackup.dit file to ntds.dit file Key-in the following command to restore the ntds.dit file:
copy ntdsbackup.dit ntds.dit and press Enter (Figure 0861).
Figure 0861 : Command Prompt – copy file
451
28. Reconfirm the file is successfully restore by typing the following command:
dir/w and press Enter (Figure 0862).
Figure 0862 : Command Prompt – display directory contents
29. Restart your Server. Click Start ► Restart (Figure 0863).
Figure 0863 : Restart Server
452
30. Select Operating System: Reconfiguration (Planned) and click OK button
(Figure 0864).
Figure 0864 : Shutdown Event Tracker
What happen? Could you log on to the server?
31. Log off the server.
Summary In this exercise you learn how to make a backup copy of the Active Directory database by copying it to another file. You also learn how to recover and restore the Active Directory database.
453
Exercise 20
INSTALLING AND CONFIGURING DHCP SERVER
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
454
Exercise 20 : Installing And Configuring DHCP Server "Dynamic Host Configuration Protocol (DHCP) is an IP standard designed to reduce the complexity of administering IP address configurations." - Microsoft's definition. A DHCP server would be set up with the appropriate settings for a given network. Such settings would include a set of fundamental parameters such as the gateway, DNS, subnet masks, and a range of IP addresses. Using DHCP on a network means administrators don't need to configure these settings individually for each client on the network. The DHCP would automatically distribute them to the clients itself. In this exercise you will set DHCP server and deploy DHCP to a Windows Server 2008 client computer. You will configure DHCP service and limit it to 3 hosts. Preliminary Setup To support this exercise, you will need to change your network cable from straight cable to cross cable and hook-up cross cable to your server and your client.
EXERCISE 20.1 Installing DHCP Service. This will serve as a step-by-step guide on how to setup a DHCP server.
1. Log on to the server as Administrator (Figure 0865).
Figure 0865 : Administrator Login
455
2. Launch the Server Manager. Click Start ► Administrative Tools ► Server Manager
(Figure 0866).
Figure 0866 : Launch Server Manager.
3. In Server Manager, select Roles (Figure 0867).
Figure 0867 : Server Manager - Roles
456
4. Select Add Roles (Figure 0868).
Figure 0868 : Add Roles
5. On the Before You Begin page, review the requirements, and click the Next (Figure 0869).
Figure 0869 : Add Roles – Before You Begin
457
6. On the Select Server Roles page, select the check box next to DHCP Server,
and click the Next button (Figure 0870).
Figure 0870 : Server Roles – DHCP Server
7. On the DHCP Server page, review the information, and click the Next button (Figure 0871).
Figure 0871 : DHCP Server page
458
8. On the Network Connection Binding page, select your server IP address and
click the Next button (Figure 0872).
Figure 0872 : Select Network Connection Binding page
9. On the IPv4 DNS Server Settings page, review the information. Make sure all the information is correct. Click the Next button to continue (Figure 0873).
Figure 0873 : Select IPv4 DNS Server Settings page
459
10. Select WINS is required for applications on this network option, and enter your server IP address in the Preferred WINS Server IP Address box. Click the Next button to continue (Figure 0874).
Figure 0874 : Specify IPv4 WINS Server Settings page
11. Create DHCP Scopes. Just click the Next button, we will create the DHCP scopes later (Figure 0875).
Figure 0875 : Add or Edit DHCP Scopes page
460
12. In this exercise you only use IPv4, so select Disable DHCPv6 stateless mode
for this server option and click the Next button to continue (Figure 0876).
Figure 0876 : Configure DHCPv6 Stateless Mode page
13. Select the Use current credentials option and click the Next button (Figure 0877). This option specifies the credentials of the current user will be used to authorize the DHCP server in AD DS.
Figure 0877 : Authorize DHCP Server
461
14. On the Confirm Installation Selections page, click Install button (Figure 0878).
Figure 0878 : Confirm Installation Selections
Please wait. This operation will take a few minutes.
Figure 0879 : Installation Progress
462
15. On the Installation Result page, review the information.
Click Close to continue (Figure 0880).
Figure 0880 : Installation Result
16. Close the Server Manager.
463
EXERCISE 20.2 Creating a Range of Address: DHCP Scopes. In this exercise you will specify range of IP address
17. Launch the DHCP manager. Click Start ► Administrative Tools ► (Figure 0881).
Figure 0881 : Launch the DHCP manager
18. Double-click on the server icon to expand the domain (Figure 0882).
Figure 0882 : DHCP manager
464
19. Click the IPv4 server icon (Figure 0883).
Figure 0883 : DHCP manager - IPv4
20. On the Action menu, click New Scope to start New Scope wizard (Figure 0884).
Figure 0884 : DHCP manager - New Scope
465
21. New Scope Wizard window. Click the Next button to continue (Figure 0885).
Figure 0885 : New Scope Wizard
22. Scope Name. Enter DHCP 1 – 3 as the Name of the scope and DHCP range for 3 host as the Description (Figure 0886).
Figure 0886 : New Scope Wizard – Scope Name
23. Click the Next button to continue (Figure 0886).
466
24. Specifying IP Address Range.
Now you will configure DHCP service and limit it to 3 hosts. Define the scope address range as following (Figure 0887): Start IP address : 192.168.2. Server Number End IP address : 192.168.2. Server Number + 2
Figure 0887 : New Scope Wizard – IP Address Range
25. Configure the Length and Subnet mask as the following (Figure 0887): Length : 24 Subnet mask : 255.255.255.0 You can specify the subnet mask by length or as an IP address. A subnet mask defines how many bits of an IP address to use for the network/subnet IDs and how many bits to use for the host ID. In this exercise we use class C default subnet (255.255.255.0), which is equal to 24 bit length. You can learn more about this under “IP address Subnetting” topic.
26. Click the Next button to continue (Figure 0887).
467
27. IP Address Exclusions.
IP Address Exclusions are addresses or a range of addresses that are not distributed by the DHCP server. In your DHCP IP address range, you set a range for 3 hosts. If you notice, the first IP address is your server IP address. If you not exclude your server IP address, the DHCP server will distribute all the IP address in the range including your server IP address. Later you will faces with the IP conflict problem. To prevent this, you have to exclude your server IP address. To exclude a single address, type an address in “Start IP address” only. So, enter your server IP address at the Start IP address: box to exclude it IP from distributed by the DHCP server and click the Add button (Figure 0888).
Figure 0888 : New Scope Wizard – IP Address Exclusions
468
28. Click the Next button to continue (Figure 0889).
Figure 0889 : New Scope Wizard – IP Address Exclusions
29. Lease Duration. The lease duration specifies how long a client can use an IP address from scope. Lease durations should typically be equal to the average time the computer is connected to the same physical network. Let set the lease duration to 8 hours this equal to 8 hour working time per day. Click the Next button to continue (Figure 0890).
Figure 0890 : New Scope Wizard – Lease Durations
469
30. DHCP Options.
DHCP can provide default values for a whole host of TCP/IP parameters, including these basic items:-
o Default Gateway o Domain Name o DNS Server o WINS Server
Select Yes, I want to configure these options now and click the Next button to start configure the DHCP options (Figure 0891).
Figure 0891 : New Scope Wizard – Configure DHCP Options
470
31. Router (Default Gateway)
In the previous exercise I use another server as the router (192.168.2.25). You can use the same router or you can use your server router or another router to be distributed by this scope. I will use the same router for this scope in this exercise (192.168.2.25). To add an IP address for a router used by client, enter the address in the IP address: box and click the Add button (Figure 0892).
Figure 0892 : New Scope Wizard – Router (Default Gateway)
32. Click the Next button to continue (Figure 0893).
Figure 0893 : New Scope Wizard – Add Router (Default Gateway)
471
33. Domain Name and DNS Servers.
33.1. Set the Parent domain: same as your domain name. In this exercise, my
domain name is myserver.com (Figure 0894). 33.2. Set the Server name: same as your DNS server name (myserver.com) and
click the Resolve button to resolve the DNS server IP address (Figure 0894).
Figure 0894 : New Scope Wizard – Parent domain and Server name
33.3. Click the Add button to add the DNS server IP address to the DNS server
IP address list (Figure 0895).
Figure 0895 : New Scope Wizard – DNS server IP address
472
33.4. Click the Next button to continue (Figure 0896).
Figure 0896 : New Scope Wizard – Domain Name and DNS Servers
473
34. WINS Servers. Computers running Windows can use WINS servers to convert NetBIOS computer names to IP address. Entering WINS server IP address here enables Windows clients to query WINS before they use broadcasts to register and resolve NetBIOS names. 34.1. Set the Server name: same as your WINS server name (myserver.com)
and click the Resolve button to resolve the WINS server IP address (Figure 0897).
Figure 0897 : New Scope Wizard – WINS server name
34.2. Click the Add button to add the WINS server IP address to the WINS
server IP address list (Figure 0898).
Figure 0898 : New Scope Wizard – WINS server IP address
474
34.3. Click the Next button to continue (Figure 0899).
Figure 0899 : New Scope Wizard – WINS Servers
35. Activate Scope.
This is the last configuration for the new scope. Clients can obtain address leases only if a scope is activated. Select Yes, I want to activate this scope now and click the Next button (Figure 0900).
Figure 0900 : New Scope Wizard – Activate Scope
475
36. Completing the New Scope Wizard.
Click the Finish button to close the New Scope Wizard (Figure 0901).
Figure 0901 : New Scope Wizard – Finish
Congratulation! You have successfully completed creating the New DHCP Scope (Figure 0902).
Figure 0902 : DHCP Manager
37. Close the DHCP manager.
38. Log off the server.
476
EXERCISE 20.3 Testing The DHCP Server. In this exercise you will test your DHCP server functionality.
39. Log on to the client computer using a local administrator account. Enter the User
name: as Administrator and select Log on to : CLIENTXP61 (this computer) and click the OK button to log on (Figure 0903).
Figure 0903 : Windows XP Log On Screen
40. Launch Network Connections application program. Click Start ► All Programs ►Accessories ►Communications ►Network Connections (Figure 0904).
Figure 0904 : Launch Network Connections
477
41. Right click Local Area Connection and select Properties (Figure 0905).
Figure 0905 : Local Area Connection
42. Double click Internet Protocol (TCP/IP) (Figure 0906).
Figure 0906 : Local Area Connection Properties
478
43. Set your client to get IP address automatically from DHCP server by selecting the Obtain an IP address automatically option and Obtain DNS server address automatically option (Figure 0907).
Figure 0907 : Internet Protocol (TCP/IP) Properties
44. Click the OK button to save the setting (Figure 0907).
45. Click the OK button (Figure 0908) and close all the remaining windows.
Figure 0908 : Local Area Connection Properties
479
46. Launch the Run application. Click Start ► Run… (Figure 0909).
Figure 0909 : Launch the Run Application
47. Key-in cmd in the Open : box and click the OK button to launch the Command Prompt application (Figure 0910).
Figure 0910 : Run Window
480
48. List the client computer IP configuration by typing the following command:
ipconfig and press Enter (Figure 0911).
Figure 0911 : Command Prompt – ipconfig
This will display the IP address, subnet mask and default gateway for your ethernet adapter (Figure 0912).
Figure 0912 : Command Prompt – IP Configuration
Now your client computer is set to obtain an IP address automatically from DHCP server. So you can see the IP address has changed accordingly to the IP range you have set in the DHCP server setting earlier.
49. Log off the client computer.
Summary In this exercises, you are setting up a DHCP server. The DHCP server provides you with an easy way of assigning IP addresses to workstations on your network. You were shown how to install and configure a DHCP Server and how to avoid overlapping scopes.
481
Exercise 21
INSTALLING AND CONFIGURING WEB SERVER
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
482
Exercise 21 : Installing And Configuring WEB Server In this exercises, you will install and configure your server to run as Web Server. This exercise also describes the basics of managing a Web site's infrastructure, from setting a site home directory and default Web Page, to redirecting requests and dynamically altering Web pages. Web Server Overview
Web servers are computer that have specific software that allow them to accept requests from client computers and return responses to those requests. Web servers let you share information over the internet or through intranet and extranets. The Web server role in Windows Server 2008 lets you share information with users on the internet, an intranet, or an extranet. Windows Server 2008 delivers IIS 7.0, which is a unified Web platform that integrates IIS, ASP.NET and Windows Communication Foundation. The key features and improvements in IIS 7.0 include the following:
A unified Web platform that delivers a single, consistent Web solution for both administrators and developers.
Enhanced security and the ability to customize the server to reduce the attack surface.
Simplified diagnostic and troubleshooting features to aide in resolution of problems.
Improved configuration and support for server forms.
Delegated administration for hosting and enterprise workloads. Installing IIS and Web Server
When you install IIS initially, the service is installed in a highly secure mode. Because IIS only serves static content by default, you must enable features such as ASP, ASP.NET, Common Gateway Interface (CGI), Internet Server Application Programming Interface (ISAPI), and Web Distributed Authoring and Versioning (WebDAV), if you need them. During installation, IIS installs optional components such as common files and IIS Manager. You can choose not to install the optional components. However, if you do not install specific components, you can decrease IIS functionality or disable IIS services. If you are unfamiliar with the optional components and how they affect IIS, install IIS with the default settings.
483
EXERCISE 21.1 Installing Internet Information Services (IIS).
1. Log on to the server as Administrator (Figure 0913).
Figure 0913 : Administrator Login
2. Launch the Server Manager. Click Start ► Administrative Tools ► Server Manager (Figure 0914).
Figure 0914 : Launch Server Manager.
484
3. In Server Manager, select Roles (Figure 0915).
Figure 0915 : Server Manager - Roles
4. Select Add Roles (Figure 0916).
Figure 0916 : Add Roles
485
5. On the Before You Begin page, review the requirements, and click the Next
(Figure 0917).
Figure 0917 : Add Roles – Before You Begin
6. On the Select Server Roles page, select the check box next to the Web Server (IIS) (Figure 0918).
Figure 0918 : Server Roles – Web Server (IIS)
486
7. If you are asked to add features for Web Server (IIS), just click the Add
Required Features button to add the features. You cannot install Web Server (IIS) unless the required features are also installed (Figure 0919).
Figure 0919 : Add Roles – Add Required Features
8. Click the Next button to continue (Figure 0920).
Figure 0920 : Server Roles – Web Server (IIS)
487
9. On the Web Server (IIS) page, review the information, and click the Next button
(Figure 0921).
Figure 0921 : Web Server (IIS) page
10. Role Services. Just use the default setting and click the Next button to continue (Figure 0922).
Figure 0922 : Add Roles Wizard – Select Role Services
488
11. On the Confirm Installation Selections page, click Install button (Figure 0923).
Figure 0923 : Confirm Installation Selections
Please wait. This operation will take a few minutes.
Figure 0924 : Installation Progress
489
12. On the Installation Result page, review the information.
Click Close to continue (Figure 0925).
Figure 0925 : Installation Result
13. Close the Server Manager.
490
Configuring Web Server. IIS creates a default Web site configuration on your hard disk at the time of installation. You can use the C:\inetpub\wwwroot directory to publish your Web content, or create any directory or virtual directory you choose. Creating a Web site using IIS Manager does not create content, but merely creates a directory structure and configuration files from which to publish the content. EXERCISE 21.2 Use the default Web site.
14. Log on to the server as Administrator (Figure 0926).
Figure 0926 : Administrator Login
491
15. Launch the Internet Information Services (IIS) Manager. Click Start ►
Administrative Tools ► Internet Information Services (IIS) Manager (Figure 0927).
Figure 0927 : Launch Internet Information Services (IIS) Manager
16. In the Internet Information Services (IIS) Manager, expand your server (Figure 0928).
Figure 0928 : Internet Information Services (IIS) Manager
492
17. Expand the Sites folder (Figure 0929).
Figure 0929 : Internet Information Services (IIS) Manager - Sites
You can see, IIS already create a default Web site on your hard disk. The default folder for the default Web site is set to the C:\inetpub\wwwroot folder.
18. View the default web page. Click Default Web Site and click the Browse *:80 (http) link (Figure 0930).
Figure 0930 : IIS Manager - Default Web Site
493
19. The windows will launch the Internet Explorer. You can see the address on the
address bar is http://localhost/ and a picture with the word IIS7 at the middle of the page. This means your Web Server and your Default Web Site is running successfully (Figure 0931).
Figure 0931 : Web Server – Default Web page
20. Close the Internet Explorer window.
494
21. View contents of the default web folder. On the IIS Manager, click the Explore link (Figure 0932).
Figure 0932 : IIS Manager - Default Web Folder
22. The Windows Explorer shows the path of the Default Web Folder. There are only two files listed under C:\inetpub\wwwroot folder (Figure 0933):
iisstart.htm - HTML document welcome.png - image file
Figure 0933 : Windows Explorer - Default Web Folder
23. Close the Windows Explorer.
495
EXERCISE 21.3 Change the Default Web Folder. In this exercise you will change the default Web folder from C:\inetpub\wwwroot to D:\mywebserver.
24. Click Default Web Site and click the Basic Settings… link (Figure 0934).
Figure 0934 : IIS Manager - Default Web Site
25. Click the … button to browse for folder (Figure 0935).
Figure 0935 : IIS Manager – Edit Site
496
26. Select Local Disk (D:) and click the Make New Folder button (Figure 0936).
Figure 0936 : Edit Site - Browse For Folder
27. Rename the folder name to mywebserver and click the OK button (Figure
0937).
Figure 0937 : Edit Site - Browse For Folder - Make New Folder
497
28. Make sure the Physical path: is D:\mywebserver. If correct, click the OK button
to continue (Figure 0938).
Figure 0938 : Edit Site - Physical path:
498
EXERCISE 21.4 Create a Simple Web page. In this exercise you will create a simple web page to act as your first web page and the file to the D:\mywebserver folder.
29. Launch Notepad Editor. Click Start ► All Programs ► Accessories ► Notepad (Figure 0939).
Figure 0939 : Launch Notepad Editor
499
30. Type the following text into the file (Figure 0940):
<html> <head> <title>Web Server</title> </head> <body> <p><h1>Welcome To My Web Server</h1></p> </body> </html>
Figure 0940 : Notepad Editor
31. Save document as index.htm. 31.1. Click File ►Save As… (Figure 0941).
Figure 0941 : Notepad Editor - Save As
500
31.2. Browse to the D:\mywebserver folder (Figure 0942).
Figure 0942 : Notepad Editor - Save As
31.3. Select Save as type: All Files (Figure 0943).
Figure 0943 : Notepad Editor - Save as type:
501
31.4. Key-in index.htm in the File name: box (Figure 0944).
Figure 0944 : Notepad Editor - Save As
31.5. Click the Save button to save (Figure 0944).
31.6. Close the Notepad Editor (Figure 0945) and log off the server.
Figure 0945 : Notepad Editor – index.htm
502
EXERCISE 21.5 Test the Web Server. In this exercise you will test the functionality of your Web server using client workstation.
32. Log on to the client computer as Administrator (Figure 0946).
Figure 0946 : Windows XP Log On Screen
33. Launch Internet Explorer. Click Start ►All Programs ►Internet Explorer (Figure 0947).
Figure 0947 : Launch Internet Explorer
503
34. On the Address box, key-in http://yourdomain.com (e.g. http://myserver.com)
and click the Go button (Figure 0948).
Figure 0948 : Internet Explorer - http://myserver.com
35. Your webpage will appear in the browser (Figure 0948).
504
EXERCISE 21.6 Create a New Web Site. In this exercise you will create a new Web site for your web server.
36. Log on to the server as Administrator (Figure 0949).
Figure 0949 : Administrator Login
37. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0950).
Figure 0950 : Launch Windows Explorer
505
38. Access D: drive (Figure 0951).
Figure 0951 : Windows Explorer – D Drive
39. Create a new folder named newwebSN (SN represents you‟re Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be newweb21. 39.1. Right-click D drive ► select New ► Folder (Figure 0952).
Figure 0952 : Windows Explorer – Create New Folder
506
39.2. Rename the folder as newweb21 (Figure 0953).
Figure 0953 : Rename Folder
40. Launch Notepad Editor. Click Start ► All Programs ► Accessories ► Notepad
(Figure 0954).
Figure 0954 : Launch Notepad Editor
507
41. Type the following text into the file (Figure 0955):
<html> <head> <title>New Web Site</title> </head> <body> <p><h1 align="center">Welcome To My New Web Site</h1> <h3 align="right">Hosted by My <font color="#FF0000">Web Server</font></h3></p> </body> </html>
Figure 0955 : Notepad Editor
42. Save document as default.htm. 42.1. Click File ►Save As… (Figure 0956).
Figure 0956 : Notepad Editor - Save As
508
42.2. Browse to the D:\newweb21 folder (Figure 0957).
Figure 0957 : Notepad Editor - Save As
42.3. Select Save as type: All Files (Figure 0958).
Figure 0958 : Notepad Editor - Save as type:
509
42.4. Key-in default.htm in the File name: box (Figure 0959).
Figure 0959 : Notepad Editor - Save As
42.5. Click the Save button to save (Figure 0959).
42.6. Close the Notepad Editor (Figure 0960) and all remaining window.
Figure 0960 : Notepad Editor – default.htm
510
43. Launch the Internet Information Services (IIS) Manager. Click Start ►
Administrative Tools ► Internet Information Services (IIS) Manager (Figure 0961).
Figure 0961 : Launch Internet Information Services (IIS) Manager
44. In the Internet Information Services (IIS) Manager, expand your server (Figure 0962).
Figure 0962 : Internet Information Services (IIS) Manager
511
45. Right-click the Sites folder and select Add Web Site… (Figure 0963).
Figure 0963 : IIS Manager – Add Web Site
46. In the Site name: box, type the name of your site (e.g. Tutorial Site) (Figure 0964).
Figure 0964 : Add Web Site window - Site name
512
47. In the Physical path: box, type or browse to the directory that contains the site content (D:\newweb21) (Figure 0965).
Figure 0965 : Add Web Site window - Physical path
48. Select your Web server IP address from IP Address: drop-down menu (Figure 0966).
Figure 0966 : Add Web Site window – IP address
513
49. Enter Host name: as www.myserver.com for this site, and click the OK button (Figure 0967).
Figure 0967 : Add Web Site window
50. On IIS Manager, Select the new web site (Tutorial Site) and click the Start button to start the new web site service (Figure 0968).
Figure 0968 : page
514
EXERCISE 21.7 Configure DNS Service for Host Name. In this exercise you will configure host name for your new Web site.
51. Launch DNS Manager. Click Start ►Administrator Tools ► DNS (Figure 0969).
Figure 0969 : Launch DNS Manager
52. Double-click the computer icon to expand the DNS Server (Figure 0970).
Figure 0970 : DNS Manager
515
53. Expand the Forward Lookup Zones; right click myserver.com and select New Host (A or AAAA)… (Figure 0971).
Figure 0971 : Create New Host
54. In the Name box, type www (Figure 0972).
55. Enter IP address for your Web server (www.myserver.com) and make sure you select the Create associated pointer (PTR) record option (Figure 0972).
Figure 0972 : New Host
56. Click Add Host (Figure 0972).
57. Click the OK button (Figure 0973).
Figure 0973 : Host Record Successfully Created Message
516
58. Click Done button to exit New Host Wizard (Figure 0974).
Figure 0974 : New Host Wizard
59. Click the Refresh button and close the DNS Manager (Figure 0975).
Figure 0975 : DNS Manager
60. Log off the server.
517
EXERCISE 21.8 Test the New Web Site on Web Server In this exercise you will test the functionality of your New Web Site from client workstation.
61. Log on to the client computer as Administrator (Figure 0976).
Figure 0976 : Windows XP Log On Screen
62. Launch Internet Explorer. Click Start ►All Programs ►Internet Explorer (Figure 0977).
Figure 0977 : Launch Internet Explorer
518
63. On the Address box, key-in http://www.yourdomain.com
(e.g. http://www.myserver.com) and click the Go button (Figure 0978).
Figure 0978 : Internet Explorer - http://www.myserver.com
64. Your new web site page will appear in the browser (Figure 0978).
65. Log off the client computer.
Summary Whether your site is on an intranet or the Internet, the principles of providing content are the same. You place your Web files in directories on your server so that users can establish an HTTP connection and view your files with a Web browser. But beyond simply storing files on your server, you must manage how your site is deployed, and more importantly, how your site evolves. Today, an engaging Web site is seldom a static collection of pages. Most successful Web administrators are kept busy accommodating ever changing Web content. Each Web site must have a home directory. The default Web site home directory is LocalDrive:\inetpub\wwwroot. You can change a Web site home directory using IIS Manager.
519
Exercise 22
INSTALLING AND CONFIGURING FTP SERVER
Zulfadli Bin Mohd Saad
Computer Engineering Technology, Department of Electronic
MARA Vocational Institute, Lumut, Perak.
520
Exercise 22 : Installing And Configuring FTP Server In this exercises, you will install and configure your server to run as FTP Server. This exercise also describes installation of the FTP service, and changing default FTP settings globally and for specific FTP sites. File Transfer Protocol (FTP) is a protocol used to transfer files over the internet. People commonly use FTP to make files available for others to download, but you can also use FTP to upload webpages for building a website or for putting digital photos on a picture sharing site. IIS includes the File Transfer Protocol (FTP) service for publishing and managing files. This version of IIS includes FTP user isolation to help administrators (particularly Internet hosting providers) efficiently secure and commercialize FTP services for their customers. The FTP service is not installed by default. To set up an FTP site, you must first install the FTP service through the Server Manager. Installing the FTP service creates a default FTP site, which you can then customize to your needs using IIS Manager.
EXERCISE 22.1 Installing FTP Server.
1. Log on to the server as Administrator (Figure 0979).
Figure 0979 : Administrator Login
521
2. Launch the Server Manager. Click Start ► Administrative Tools ► Server Manager
(Figure 0980).
Figure 0980 : Launch Server Manager.
3. In Server Manager, select Roles (Figure 0981).
Figure 0981 : Server Manager - Roles
522
4. Scroll down until you reach the Web Server (IIS) section (Figure 0982).
5. Click the Add Role Services at the Role Services: section (Figure 0982).
Figure 0982 : Add Role Services
523
6. On the Select Role Services page, select the check box next to the FTP
Publishing Service (Figure 0983).
Figure 0983 : Role Services – FTP Server
7. If you are asked to add role services for FTP Publishing Service, just click the Add Required Role Services button to add the role services. You cannot install FTP Publishing Service unless the required role services are also installed (Figure 0984).
Figure 0984 : Add Role Services – Add Required Role Services
524
8. Click the Next button to continue (Figure 0985).
Figure 0985 : Role Services – FTP Publishing Service
9. On the Confirm Installation Selections page, click Install button to start installation process (Figure 0986).
Figure 0986 : Confirm Installation Selections
525
Please wait. This operation will take a few minutes.
Figure 0987 : Installation Progress
10. On the Installation Result page, review the information. Click Close to continue (Figure 0988).
Figure 0988 : Installation Result
11. Close the Server Manager.
526
Configuring FTP Server IIS creates a default FTP site configuration on your hard disk at the time of installation. You can use the C:\inetpub\ftproot directory to store your FTP files, or create any directory or virtual directory you choose. Setting up the FTP service for the first time involves first setting global FTP settings, then settings for the default FTP site, and finally adding the content to the FTP site. IIS uses an inheritance model, which means that settings on higher levels are automatically inherited by lower levels. Settings at lower levels can be edited individually to override inherited settings from the next level up. If you change a setting at a lower level, then later change a setting at a higher level that conflicts with the lower-level setting, you will be prompted to choose whether you want to change the lower-level setting to match the new higher-level setting. EXERCISE 22.2 Change the Default FTP Site Setting.
12. Log on to the server as Administrator (Figure 0989).
Figure 0989 : Administrator Login
527
13. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start ►
Administrative Tools ► Internet Information Services (IIS) 6.0 Manager (Figure 0990).
Figure 0990 : Launch Internet Information Services (IIS) 6.0 Manager
14. In the Internet Information Services (IIS) 6.0 Manager, expand your server (Figure 0991).
Figure 0991 : Internet Information Services (IIS) Manager
528
15. Expand the FTP Sites folder (Figure 0992).
Figure 0992 : Internet Information Services (IIS) 6.0 Manager – FTP Sites
You can see, IIS already create a default FTP site on your hard disk. The default folder for the default FTP site is set to the C:\inetpub\ftproot folder.
16. Right-click the Default FTP Site and select Properties (Figure 0993).
Figure 0993 : IIS 6.0 Manager - Default FTP Site
529
17. On the FTP Site tab, under FTP site description, type the name of your FTP
site in the Description: box. (e.g. Server 21 FTP Site) and select IP address for your FTP site (Figure 0994).
Figure 0994 : Default FTP Site Properties
18. Click the OK button. The name of the new site appears in IIS 6.0 Manager (Figure 0995).
Figure 0995: IIS 6.0 Manager – Server 21 FTP Site
19. Click the Refresh button and close the IIS 6.0 Manager.
530
EXERCISE 22.3 Change the FTP Site Home Directories.
Each FTP site on a computer must have its own home directory. The default home directory for the default FTP site is LocalDrive:\inetpub\ftproot. There are two ways to change the home directory of an FTP site:
Use IIS Manager Edit the MetaBase.xml file directly.
But in this exercise we only use IIS Manager.
20. Make sure you are log on to the server as Administrator.
21. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start ► Administrative Tools ► Internet Information Services (IIS) 6.0 Manager (Figure 0996).
Figure 0996 : Launch Internet Information Services (IIS) 6.0 Manager
531
22. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 0997).
Figure 0997 : Internet Information Services (IIS) Manager
23. Expand the FTP Sites folder (Figure 0998).
Figure 0998 : Internet Information Services (IIS) 6.0 Manager – FTP Sites
24. Make sure the FTP Site service is stop. Right-click the Server 21 FTP Site and select Stop (Figure 0999).
Figure 0999 : IIS 6.0 Manager – Server 21 FTP Site
532
25. Right-click the Server 21 FTP Site again, and select Properties (Figure 1000).
Figure 1000 : IIS 6.0 Manager – Server 21 FTP Site
26. Click the Home Directory tab (Figure 1001).
Figure 1001 : Server 21 FTP Site Properties – Home Directory
533
27. Select the A directory located on this computer option, and enter the location
of your ftp home directory in the Local path: box (e.g. D:\newweb21) or press the Browse… button to find the location of your ftp home directory (Figure 1002).
Figure 1002 : Server 21 FTP Site Properties – Home Directory
Note: If you select a directory on a network share, you might need to enter a user name and password to access the resource. IUSR_computername is the default account used if another account is not specified. If you use an account with administrative credentials on the server, clients can gain access to server operations. This seriously jeopardizes the security of your network. For more information on security see, Security Best Practices in Windows Help.
28. Click the OK button (Figure 1002).
534
29. Right-click the FTP site you‟ve just configured, and select Start (Figure 1003).
Figure 1003 : IIS 6.0 Manager – Server 21 FTP Site
30. Click the Yes button to start the FTP Server service (Figure 1004).
Figure 1004 : IIS 6.0 Manager – Start Server 21 FTP Site
31. Click the Refresh button and close the IIS 6.0 Manager.
535
EXERCISE 22.4 Create a Text Document in FTP Home Directory.
32. Launch the Windows Explorer and go to the FTP Home Directory (e.g. D:\newweb21) (Figure 1005).
Figure 1005 : Windows Explorer - D:\newweb21
33. Create a new text document inside FTP Home Directory and rename the text document as testing.txt.
33.1. Right-click in the windows and select New Text Document (Figure 1006).
Figure 1006 : Create New Text Document
536
34. Right click testing.txt file and select Edit. This will load the Notepad Editor
(Figure 1007).
Figure 1007 : Edit Text Document
35. Type the following text into the file (Figure 1008):
This only test document to test the FTP server.
Figure 1008 : Notepad Editor
36. Save the file by pressing Ctrl + S key and close the file.
37. Close all the remaining window.
38. Log off the server.
537
EXERCISE 22.5 Test The FTP Site.
39. Log on to the client computer as Administrator (Figure 1009).
Figure 1009 : Windows XP Log On Screen
40. Launch Internet Explorer. Click Start ►All Programs ►Internet Explorer (Figure 1010).
Figure 1010 : Launch Internet Explorer
538
41. On the Address box, key-in ftp://www.yourdomain.com
(e.g. ftp://www.myserver.com) and click the Go button (Figure 1011).
Figure 1011 : Internet Explorer - ftp://www.myserver.com
42. Your FTP site will appear in the browser (Figure 1011).
43. Attempt to create a new folder (right click in the window and select New ► Folder) (Figure 1012).
Figure 1012 : ftp://www.myserver.com – Create New Folder
Could you create the folder? YES / NO
539
If NO, why do you think this happened? This happened because you log on to the FTP server as guest (anonymous user). By default, FTP server only allow read permission to anonymous user. And we also not configure the FTP server to allow any user to have write permission on the FTP server.
44. Close all window.
45. Log off the client computer.
540
EXERCISE 22.6 Configure The FTP Server to Allow User to Upload or Modify File and Directory.
46. Log on to the server as Administrator (Figure 1013).
Figure 1013 : Administrator Login
47. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start ► Administrative Tools ► Internet Information Services (IIS) 6.0 Manager (Figure 1014).
Figure 1014 : Launch Internet Information Services (IIS) 6.0 Manager
541
48. In the Internet Information Services (IIS) 6.0 Manager, expand your server
(Figure 1015).
Figure 1015 : Internet Information Services (IIS) Manager
49. Expand the FTP Sites folder (Figure 1016).
Figure 1016 : Internet Information Services (IIS) 6.0 Manager – FTP Sites
50. Right-click the Server 21 FTP Site again, and select Properties (Figure 1017).
Figure 1017 : IIS 6.0 Manager – Server 21 FTP Site
542
51. Click the Home Directory tab. Under the FTP site directory, tick the Write
option (Figure 1018).
Figure 1018 : Server 21 FTP Site Properties – Home Directory
52. Click the OK button (Figure 1018).
53. Click the Refresh button and close the IIS 6.0 Manager.
543
EXERCISE 22.7 Test The FTP Site.
54. Log on to the client computer as Administrator (Figure 1019).
Figure 1019 : Windows XP Log On Screen
55. Launch Internet Explorer. Click Start ►All Programs ►Internet Explorer (Figure 1020).
Figure 1020 : Launch Internet Explorer
544
56. On the Address box, key-in ftp://www.yourdomain.com
(e.g. ftp://www.myserver.com) and click the Go button (Figure 1021).
Figure 1021 : Internet Explorer - ftp://www.myserver.com
57. Your FTP site will appear in the browser (Figure 1021).
58. Attempt to create a new folder (right click in the window and select New ► Folder) (Figure 1022).
Figure 1022 : ftp://www.myserver.com – Create New Folder
Could you create the folder? YES / NO
545
59. Now try copy any file and paste it to this FTP site.
Could you paste any files? YES / NO Why do you think this is so? You should be could paste a files to the FTP site because you have given permission to everyone to read and write to the FTP site.
60. Close all window.
61. Log off the client computer.
546
Create New FTP Site Using Multiple IP Address.
You can create multiple FTP sites using multiple IP addresses and multiple ports. While creating multiple sites with multiple IP addresses is a common and recommended practice, it can be more complicated because, by default, clients call port 21 when using the FTP protocol. Therefore, if you create multiple FTP sites using multiple ports, you need to inform users of the new port number so their FTP clients can locate and connect to the port. If you create a new site using the same port as an existing site with the same IP address, the new site will not start. The general rule is that you can have multiple sites using the same IP and port, but only one site from this group can run at a time. If you try to start another site from this group, you receive an error message. Before you start create multiple FTP site using multiple IP address, you need to make sure your server have set with multiple IP address. If not, you have to set your server to use multiple IP address. EXERCISE 22.8 Creating Multi IP Address in Single NIC
1. Log on to the server as Administrator (Figure 1023).
Figure 1023 : Administrator Login
547
2. Launch Network and Sharing Center. Click Start ► Right click Network ►
Properties (Figure 1024).
Figure 1024 : Network Properties
3. Under myserver.com (Domain network), click View status (Figure 1025).
Figure 1025 : View Network Status
548
4. Click Properties button to open Local Area Connection Properties (Figure 1026).
Figure 1026 : Local Area Connection Status
5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button (Figure 1027).
Figure 1027 : Local Area Connection Properties
549
6. Now click the Advanced button (Figure 1028).
Figure 1028 : Network Configurations
7. Select the IP Settings tab (Figure 1029).
8. Under IP addresses field, click Add… button (Figure 1029).
Figure 1029 : Advanced TCP/IP Setting - IP Settings
550
9. Enter second IP address for your server [e.g. 192.168.2.24] (Figure 1030).
Figure 1030 : TCP/IP Address
10. Enter your subnet mask number (e.g. 255.255.255.0) and click the Add button
(Figure 1030).
11. As you can see, now your server has 2 IP address (Figure 1031).
Figure 1031 : Advanced TCP/IP Setting - IP Settings
12. Click the OK button (Figure 1031).
551
13. Click the OK button (Figure 1032).
Figure 1032 : Network Configurations
14. Click the Close button (Figure 1033).
Figure 1033 : Local Area Connection Properties
552
15. Click the Close button (Figure 1034).
Figure 1034 : Local Area Connection Status
16. Close all remaining windows.
553
EXERCISE 22.8.1 Creating New FTP Site for Specific User Using Multiple IP Address. FTP Site can be set to be login only by specific user. You can allow specific users to establish an FTP connection and transfer files with an FTP client or FTP-enabled Web browser. But beyond simply storing files on your server, you must manage how your site is deployed, and more importantly, how your site evolves. This section presents the basics of managing the infrastructure of an FTP site, from securing your site to hosting multiple sites. This exercise to help administrators, and particularly Internet hosting providers, efficiently secure and commercialize the FTP services for their customers. Let's say we want to set Ain Syahmi as administrator for the Student FTP Site.
17. Log on to the server as Administrator (Figure 1035).
Figure 1035 : Administrator Login
554
18. Launch Windows Explorer. Click Start ► Right-click Computer ► select
Explore (Figure 1036).
Figure 1036 : Launch Windows Explorer
19. Access D: drive (Figure 1037).
Figure 1037 : Windows Explorer – D Drive
555
20. Create a new folder named StudentSN (SN represents you‟re Station Number).
In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be Student21. 20.1. Right-click D drive ► select New ► Folder (Figure 1038).
Figure 1038 : Windows Explorer – Create New Folder
20.2. Rename the folder as Student21 (Figure 1039).
Figure 1039 : Rename Folder
556
21. View the default permission of your Student21 folder. Right-click D:\Student21 folder, and select Properties (Figure 1040).
Figure 1040 : Windows Explorer – D:\Student21
22. Click the Security tab. You should see your default folder security setting permissions for your new Student21 folder (Figure 1041).
Figure 1041 : Student21 Properties
557
23. Delete all users except Administrator. 23.1. Click the Advanced button (Figure 1042).
Figure 1042 : Student21 Properties
23.2. Click the Edit… button (Figure 1043).
Figure 1043 : Advanced Security Setting for Student21
558
23.3. Uncheck the check box Include inheritable ….. object’s parent (Figure
1044).
Figure 1044 : Advanced Security Setting for Student21 - Permissions
23.4. Windows Security warnings appear, click Remove button to confirm
remove the inheritable permission (Figure 1045).
Figure 1045 : Windows Security warning
559
23.5. Click the OK button (Figure 1046).
Figure 1046 : Advanced Security Setting for Student21 - Permissions
23.6. Click the OK button (Figure 1047).
Figure 1047 : Advanced Security Setting for Student21
560
24. Add Ain Syahmi and set her permissions.
24.1. Click the Edit… button (Figure 1048).
Figure 1048 : Student21 Properties
24.2. Click the Add… button (Figure 1049).
Figure 1049 : Permissions for Student21
561
24.3. Key-in Ain Syahmi to add Ain Syahmi and click Check Names button.
(Figure 1050).
Figure 1050 : Select Users, Computer, or Groups window
24.4. Click the OK button (Figure 1051).
Figure 1051 : Select Users, Computer, or Groups – Ain Syahmi
562
24.5. Give Ain Syahmi Full Control of this FTP site because we want her to act as administrator for the Student FTP Site. Click the OK button after finish configure (Figure 1052).
Figure 1052 : Permissions for Student21 – Ain Syahmi
24.1. Click the OK button to close the Student21 Properties (Figure 1053).
Figure 1053 : Student21 Properties
25. Close all the remaining windows.
563
EXERCISE 22.8.2 Creating New FTP Site – Student FTP Site.
26. Make sure you‟re log on to the server as Administrator.
27. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start ► Administrative Tools ► Internet Information Services (IIS) 6.0 Manager (Figure 1054).
Figure 1054 : Launch Internet Information Services (IIS) 6.0 Manager
28. In the Internet Information Services (IIS) 6.0 Manager, expand your server (Figure 1055).
Figure 1055 : Internet Information Services (IIS) Manager
564
29. Right-click the FTP Sites folder, and select New ► FTP Site… (Figure 1056).
Figure 1056 : Internet Information Services (IIS) 6.0 Manager – FTP Sites
30. FTP Site Creation Wizard appears. Click the Next button (Figure 1057).
Figure 1057 : FTP Site Creation Wizard
565
31. FTP Site Description dialog boxes appear. Key-in Student FTP Site in the
Description: box and click the Next button (Figure 1058).
Figure 1058 : FTP Site Creation Wizard - FTP Site Description
32. Now the wizard asking for IP Address and Port Setting, key-in your server
second IP address (e.g. 192.168.2.24) and use the TCP port default setting (Default = 21) . Click the Next button to continue (Figure 1059).
Figure 1059 : FTP Site Creation Wizard - IP Address and Port Setting
566
33. In the FTP User Isolation dialog box, select Do not isolate users, and click
Next button (Figure 1060).
Figure 1060 : FTP Site Creation Wizard - FTP User Isolation
34. Set the FTP Site Home Directory. Under the Path: field, key-in the FTP site home directory (e.g. D:\Student21) and click he Next button (Figure 1061).
Figure 1061 : FTP Site Creation Wizard - FTP Site Home Directory
567
35. Set the FTP Site Access Permissions to Read and Write to allow user upload
and modify the FTP site contents, and then click the Next button to continue (Figure 1062).
Figure 1062 : FTP Site Creation Wizard - FTP Site Access Permissions
36. Click the Finish button to close the FTP Site Creation Wizard (Figure 1063).
Figure 1063 : FTP Site Creation Wizard - Finish
37. Log off the server.
568
EXERCISE 22.8.3 Configure DNS Service for Host Name. In this exercise you will configure host name for your new FTP site (Student FTP Site).
38. Launch DNS Manager. Click Start ►Administrator Tools ► DNS (Figure 1064).
Figure 1064 : Launch DNS Manager
39. Double-click the computer icon to expand the DNS Server (Figure 1065).
Figure 1065 : DNS Manager
569
40. Expand the Forward Lookup Zones (Figure 1066).
Figure 1066 : DNS Manager - Forward Lookup Zones
41. Right click myserver.com and select New Host (A or AAAA)… (Figure 1067).
Figure 1067 : Create New Host
570
42. In the Name box, type ftpstudent (Figure 1068).
43. Enter IP address for your Student FTP Site (ftpstudent.myserver.com) and make
sure you select the Create associated pointer (PTR) record option (Figure 1068).
Figure 1068 : New Host
44. Click Add Host (Figure 1068).
45. Click the OK button (Figure 1069).
Figure 1069 : Host Record Successfully Created Message
571
46. Click Done button to exit New Host Wizard (Figure 1070).
Figure 1070: New Host Wizard
47. Click the Refresh button and close the DNS Manager (Figure 1071).
Figure 1071 : DNS Manager
48. Log off the server.
572
EXERCISE 22.8.4 Test FTP Site for Specific User Using Internet Browser.
49. Log on to the client computer as Administrator (Figure 1072).
Figure 1072 : Windows XP Log On Screen
50. Launch Internet Explorer. Click Start ►All Programs ►Internet Explorer (Figure 1073).
Figure 1073 : Launch Internet Explorer
573
51. On the Address bar, key-in ftp://ftpstudent.yourdomain.com
(e.g. ftp://ftpstudent.myserver.com) and click the Go button (Figure 1074).
Figure 1074 : Internet Explorer - ftp://ftpstudent.myserver.com
52. You will be asking for username and password. Key-in ain.syahmi as username and ain for password. Click the Log On button (Figure 1075).
Figure 1075 : FTP Log On window
574
53. Your FTP site will appear in the browser (Figure 1076).
Figure 1076 : ftp://ftpstudent.myserver.com
54. Use Windows explorer to access the C:\Windows\Web\Wallpaper folder.
55. Click on the file Azul.bmp; drag and drop it into the Student FTP Site window (Figure 1077).
Figure 1077 : ftp://www.myserver.com – Drag and Drop
575
56. Now try copy any files and paste it to this FTP server.
Could you paste any files? YES / NO
57. Try to delete the Azul.bmp file (Figure 1078).
Figure 1078 : ftp://www.myserver.com – Delete File
What happen? Could you delete the files? YES / NO You should can copy and delete files in this FTP site because you have given permission to Ain Syahmi with Full Control permissions.
58. Log off the client computer.
576
EXERCISE 22.8.5 Test FTP Site for Specific User Using Command Prompt.
59. Launch the Run application. Click Start ► Run… (Figure 1079).
Figure 1079 : Launch the Run Application
60. Key-in cmd in the Open : box and click the OK button to launch the Command Prompt application (Figure 1080).
Figure 1080 : Run Window
577
61. At command prompt, key-in ftp ftpstudent.yourdomain.com
(e.g. ftp ftpstudent.myserver.com) and press Enter (Figure 1081).
Figure 1081 : Command Prompt – ftp log on
62. You'll be asking to enter the username. Key-in ain.syahmi as username and ain for password (Figure 1082).
Figure 1082 : Command Prompt – ftp ain.syahmi log in
63. Key-in ls and press Enter to display contents of the Student FTP site contents (Figure 1083).
Figure 1083 : Command Prompt – ftp content list
578
64. Attempt to upload file from C:\Windows\Web\Wallpaper\Ascent.jpg to the
Student FTP Site. Use the following command to upload the file (Figure 1084):
put C:\Windows\Web\Wallpaper\Ascent.jpg and press Enter.
Figure 1084 : Command Prompt – upload file to FTP server
65. Key-in ls and press Enter to display contents of the Student FTP site contents (Figure 1085).
Figure 1085 : Command Prompt – ftp content list
You can see the file is successfully uploaded to the FTP server.
579
66. Now attempt to change the name of the Ascent.jpg file to AaBbCc.jpg in the
Student FTP Site. Use the following command to rename the file (Figure 1086):
rename Ascent.jpg AaBbCc.jpg and press Enter.
Figure 1086 : Command Prompt – rename file
67. Key-in ls and press Enter to display contents of the Student FTP site contents (Figure 1087).
Figure 1087 : Command Prompt – ftp content list
You can see the Ascent.jpg file is successfully renamed to AaBbCc.jpg.
68. Now attempt to download AaBbCc.jpg file from the Student FTP Site. Use the following command to download (Figure 1088):
get AaBbCc.jpg and press Enter.
Figure 1088 : Command Prompt – download file from FTP server
580
69. Key-in Bye and press Enter to logout from FTP server (Figure 1089).
Figure 1089 : Command Prompt – logout from FTP server
70. Close the Command Prompt.
71. Lunch the Windows Search application. Click Start ► Search (Figure 1090).
Figure 1090 : Lunch the Windows Search application
581
72. Click All files and folders (Figure 1091).
Figure 1091 : Windows Search application
73. Key-in the filename you want to search (e.g. AaBbCc.jpg) in the All or part of the file name: box and click the Search button (Figure 1092).
Figure 1092 : Windows Search application
582
74. You should got one file name AaBbCc after finish the search process. If you want to know the location of the file, place your mouse pointer on the top of the file and the short summary about the file will appear (Figure 1093).
Figure 1093 : Search Results
Normally, all the download files are store in the user home folder.
75. Close all windows and log off the client computer.
Summary
In this exercise you have learn how to:
Changing FTP Site Home Directories: Describes the concept of a home directory and methods for changing the home directory of an FTP site.
Naming FTP Sites: Describes assigning a descriptive name to an FTP site.
Stopping and Starting FTP Sites: Describes why you would need to stop and restart your FTP sites and how to perform these actions.
Changing Default FTP Site Settings: Describes how to change default settings globally or on an individual site.
Creating Multiple FTP Sites: Describes how to use IP addresses or port numbers to differentiate multiple FTP sites.
Adding FTP Sites to Your Server: Describes the process of adding a new FTP site to a server running IIS.
Securing FTP Sites: Describes some of the misconceptions about FTP security and how to establish a secure FTP site.
Isolating FTP Users: Describes the concept of FTP user isolation and which type of isolation to use to restrict users to their own directories.