Upload
rachael-wale
View
220
Download
2
Tags:
Embed Size (px)
Citation preview
Slide 1
MODULE 1:INSTALLING OR UPGRADING TO WINDOWS 2000Overview:Preparing For Installation2:Installing windows 2000 Professional Compact Disc.3. Installing Windows 2000 Advance Server from a Compact disc.4: Upgrading to Windows 2000 Professional5: Upgrading to Windows 2000 Advance Server6: identifying Setup Errors.Preparing For Installation:1: Determining Which Operating System to Use.2: Identifying System Requirements3: Determining Disk Partition Options4: Determining Which File System To Select5: Determining Which Licensing Mode to Select6: Determining Whether to Join A Workgroup or Domain7: Completing a Pre-InstallationIdentifying System RequirementsCPUDISPLAYOTHER DRIVESMEMORY
WINDOWS 2000PRO 64MBRECOMMANDWIN 2000 SER128 MB SUPPORT256 RECOMAND20 GBHARD DISK SPACEACCESSORIESNETWORKING
Determining Disk Partition OptionsCreate New Partition Unpartitioned Hard DiskCreate New Partition onPartitioned Hard DiskInstall On Existing PartitionDelete Existing Partition to Disk Space AvailableDetermining Which File System To SelectNTFSFile and Folder-Level Security File Compression Disk Quotas File EncryptionFAT, FAT32 Supports Dual Boot Configurations No File And Folder Level SecurityDetermining Which Licensing Mode to Select
EACH CLINET REUIRES A CALPER SEAT LICENSING
CALCALEACH CONNECTION REQIRES A CALPER SERVER LICENSINGCALCALDetermining Whether to Join A Workgroup or DomainSAMSAMSAMWorkgroupDomainSingle user AccountActive DirectoryCompleting a Pre-InstallationDetermine the Operating system to InstallVerify Hardware SupportedVerify That Hardware Meets Minimum RequirementsVerify 2GB or More of available Disk SpaceSelect File System for the Windows 2000 PartitionSelect Licensing Mode for Windows 2000 Advance serverDetermine Domain or WorkgroupCerate Domain Computer Account in The DomainCreate Password for the Local Administrator Account
2:Installing windows 2000 Professional Compact Disc.Running the Setup ProgramCompleting the Setup WizardInstalling network ComponentsRunning the Setup ProgramStart The Computer from the Compact Disc
Select To Install A New Copy of Windows 2000
Read and Accept The Licensing Agreement
Select the Partition on Which to Install
Select the File SystemCompleting the Setup Wizard Change Regional Setting (If Necessary) Enter Your Name and Organization Enter The Computer Name and Password For Local Administrator Account Select Date And Time SettingInstalling network Components Choose A Network Setting Provide a Workgroup or Domain Name Click Finish to Restart the Computer Configure the Network ID for the Computer3. Installing Windows 2000 Advance Server from a Compact disc1: Running the Setup Program2: Completing the Setup Wizard3: Installing Network Components4: Configuring the Server
Running the Setup Program Start the Computer from the Compact DiscSelect To Install A New Copy of Windows 2000Read and Accept The Licensing AgreementSelect the Partition on Which to InstallSelect the Partition on Which to InstallSelect the File SystemCompleting the Setup Wizard Change Regional Setting (If Necessary)
Enter Your Name and Organization
Select The Licensing ModeEnter The Computer Name and Password For Local Administrator Account
Select Windows 2000 Optional ComponentsSelect Date And Time SettingInstalling Network ComponentsChoose a Network SettingProvide a Workgroup or Domain NameEnter Local Administrator Account PasswordUpgrading to Windows 2000 ProfessionalIdentifying Client Upgrade pathsUpgrading Clients Running Windows 95 0r Windows 98Upgrading Clients Running Windows NT Workstation 4.0Installing the Directory Service ClientsIdentifying Client Upgrade PathsWindows 95Windows 98Windows 2000ProfessionalWindows NTWorkstation 3.5.1 o4 4.0Windows 2000ProfessionalWindows Workgroup3.1Windows NTWorkstation 3.5.1 o4 4.0Windows 2000Professional
Upgradding Clients Running Windows 95 Or Win 98Windows 95 AndWindows 98Generate A Compatibility reportRun the Setup Program to InstallWindows 2000 Specifying Update Packets Reviewing Upgrade reportsWindows 2000Professional
Upgrading Clients Running Windows Nt Workstation 3.5.1 or 4.0Windows NTWorkstation 3.51 or 4.0Windows 2000Professional
Same Registry Same Application Support Same Device Support Easiest Upgrade to Windows 200 Professional
Installing the Directory Services ClientThe Directory Services Clients Allows ComputersRunning Windows 95, windows 98 That Cannot Run Windows 200 To: Use Domain-Base Dfs Search Active Directory Change Password or Any Domain Controller
5: Upgrading to Windows 2000 Advance Server Identifying Server Upgrade Paths Backing Up Critical Data Files And SettingIdentifying Server Upgrade PathsDomainControllersPDC Or BDCWin NT 3.5 or 4.0Domain ControlWin 2000MemberServerWin NTMember Server Win 2000Domain ControlWin 2000MemberServerWin 2000Win NT 3.5 or 4.0
Win NT 3.5OR 3.1Win Nt 3.1Or 3.5Backing Up Critical Data Files And SettingPerform the Following Tasks to Back Up Critical FilesAnd Setting: Fix Errors Listed In Event Viewer Back Up All Drives Back Up Registry Update Emergency Repair Disk Remove Virus Scanners, Third Party Network Services, Or Clients Software Disconnect Serial Cables to UPS Reserve IRQs For Non-Plug And Play Isa Devices6: identifying Setup Errors.ErrorMedia ErrorsErrorNon-Supported CD-ROM DriveErrorInsufficient Disk SpaceErrorFailure of Dependency Service To StartErrorInability To Connect to the Domain ControllerErrorFailure of Windows 2000 to Install or StartModule 2:Creating And Managing 'User And AccountsOverview: Introduction to User AccountsGuidelines For New User AccountsCreating Local Use AccountsCreating And Configuring Domain user AccountsSetting Propties for Domain User AccountsCustomizing for Setting With User ProfilesBest PracticesIntroduction to User AccountsLocal User Account Enable User to log on And Access Resources on a Specific Reside in SamDomain User Accounts Enable Users To Perform Administrative Tasks or join Access to Network Reside in Active DirectoryAdministratorAnd GuestBuilt-in User Accounts Enable user to perform Administrative Task or join Temporary Access To Network Reside in Sam (Local Built-in Use Accounts) Reside In Active Directory (Domain User Accounts)Guidelines For New User Accounts Naming Conventions
Password Guidelines
Account OptionNaming Conventions: User Logon Names And Full Names must be Unique. User Logon Name. Can Contain up to 20 Characters Can Include a Combination of Special Alphanumeric Characters A Naming Convention Should. Accommodates Duplicate employee Names Identifies temporary EmployeesPassword Guidelines Assign a Password for the Administrator Account Determine Who Has Control Over Password Educate User on How to Use Passwords Avoid Obvious Associations, Such As a Family Name Use Long Passwords Use a Combination Of Uppercase and Lowercase CharactersAccount Option Set Logon Hours to Match Users Work Hours Specify the Computers from Which a User Can Log On Domain Users can log on at any computer in the Domain, By default Domain Users Can be restricted to Specific Computers to increase Security Specify When a User Account ExpiresCreating Local User AccountLocal User Account Are: Created On Computers Running Windows 2000 Professional. Created in Stand- Alone or Member Server Running Win 2000 Server or Win 2000 adv server. Reside in SAM
Creating And Configuring Domain user Accounts Installing Windows 2000 Administration Tools
Creating A Domain User Account
Setting Password Requirements
Managing User Data by Creating Home FoldersInstalling Windows 2000 Administration Tools Active Directory Domain And Trust Active Directory Sites and Services Active Directory Users and Computers Components Services Computer Management DHCP DNS Domain Controller Security Policy Event Viewer Internet Services Manger Local Security Policy Services Routing and Remote Access
Creating A Domain User Account
Setting Password requirments
Managing User Data by creating Home Folders
Home
User 1User 2User 3 Consider the following when You Create a home Folder: Backup and Restore capability Sufficient space on the server Sufficient space on user Computers Network performance To create a home Folder:Create a shared folder on a serverAssign the appropriate permissionProvide a Path for the user AccountSetting Propties for Domain User Accounts Setting personal properties
Setting accounts properties
Specifying logon option
Coping domain user accounts
Creating user account templates Setting personal properties Add personal information about users As store in active directory
use personal properties to search Active directory
Active directoryNetWorkSetting accounts properties
Specifying logon option
Copying Domain User AccountsCopying an Existing Domain User Account to Simply the Process of creating a New Domain User Account.
Domain User AccountUser 1Domain User AccountUser 2Copy
Domain User 1Domain User 2
Creating User account templatesCustomizing user Setting With user Profiles User Profile types
creating roaming And Mandatory user Profiles User Profile types
ModifyDisplayRegional Setting
Mouse
SoundUserProfile Default user Profile Serves as the bases for all User profiles Local User Profiles Created the first time a user logs on to a Computer
stored on a computers Local hard disk Roaming User profile Created by the System Administrator Store on a Server Mandatory user profile Created by the System Administrator Store on a ServerDisplayRegional Setting
Mouse
Sound
Win 2000 ClientWin 2000 ClientWin 2000 ClientProfile ServerCreating Roaming and mandatory roaming User ProfilesCreating Roaming User ProfileCreate a Shared folder on the Server Specify the shared Folder in Path InformationCreate a Mandatory user profileCreate a shared Folder on the Server with aUser profile folder insideSet up a configured roaming user ProfileRename Ntuser.dat to ntuser.manModule 3:Managing Access to Resources By Using GroupsOverview Introduction to Windows 2000 Groups
Implementing Groups In a Workgroup
Implementing Groups In a Domain
Best Practices
Introduction to Windows 2000 Groups
How Windows 2000 Groups Work
Groups in Workgroups And DomainHow Windows 2000 Groups WorkPermissions AssignedOnce for a groupPermissions AssignedOnce for Each User AccountGroupPermissionsPermissions UserPermissions User Group Members Have the Rights and Permissions Granted to the Group User can Be Members of Multiple Groups Groups And Computers Can Also Be Members of Group
Groups in Workgroups And DomainSAM
MemberServerClientComputer
Domain Controller Created in Computers That are not Domain Controllers Reside in SAM Used to Control Access to Resources for the Computer Created on Domain Controller Reside in Active Directory Used to Control Resources in the Domain
SAMImplementing Groups In a Workgroup
Local group
Built-in Local groups
the Strategy for using Local Groups in a Workgroup
Creating Local Groups
Local Groups: The Guidelines for a Local Groups: Use Local groups on computers that do not belong to a Domain Use Local Groups to control Access to resources and and who can perform System tasks on the Local Computer Membership Rules for Local Groups: Local groups can only contain local user account that are on the local Computer Local Groups cannot be a member of any other group Members of the Administration group or Account Operators Group on the Local Computers can Create Local GroupsBuilt-in Local groupsBuilt-in Groups Have a Predetermined set of rightsAnd they can not be deleted
Built-in Local Groups: Members have rights to perform system tasks
User accounts can be added Special Identities (Special Groups) Organize users for system Use
Have automatic membership that cannot be ModifiedThe Strategy for using Local Groups in a Workgroup
ALPALP
ALPALPAddAssignWin 2000professionalWin 2000professionalWin 2000professionalWin 2000Server
User AccountALocal GroupLPermissionsPAddAddAddAssignAssignAssignWorkgroup Creating Local GroupsComputer ManagementAction View TreeComputer ManagementSystem toolsEvent ViewerSystem informationShared FolderDevice MangerLocal User User Group
New GroupRefreshHelpNew GroupGroup NameDescription:Members:AddRemoveCreateClose
Implementing groups In a Domain Group Types And Scopes
Built-in and Predefined groups in Domain
The Strategy for using groups in a Single Domain
Guidelines for Creating Domain Groups
Creating and Deleting Domain Groups
Group Types And ScopesGroup typesSecurity GroupsDistribution Groups Used to assign Permission can be used As an e-main Distribution List
Can not Used to assign Permissioncan be used As an e-main Distribution List
Group ScopesGlobal groupDomain Local Group Universal groupUsed to organize users who share Similar network access requirementsUsed to Assign permissions to domainResources.Used to assign Permissions to relatedResources in multiple DomainsBuilt-in and Predefined groups in Domain Built-in Domain Local Groups Give user predefined Rights and Permissions to Perform tasks: On Domain Controllers
In Active Directory Special Identities: Organize users for System use
Membership in automatic and can cont be modified Predefined Global groups give Administrators Control Of Domain Resources The Strategy for using groups in a Single DomainA G DL P Strategy forGroups in a Domain
User AccountGlobal GroupDomain Local groupAGDL
PAddAddGuidelines for Creating Domain Groups Determine Which Group Scope To use
Determine Whether you Have Permissions to Create Groups
Determine the Name of the group Creating and Deleting Domain Groups You are Active Directory Users And Computers to Create And Delete Group When you Delete a Group Its: Right and Permission are Removed
Members are not Deleted SID in Never Used Again
Group NameAdding Members to domain Groups
SelectAddModule 4:Managing Data ByUsing NTFSOverwiew: Introduction to NTFS Permission
How Windows 2000 Applies NTFS Permissions
Using NTFS Permissions
Using Special NTFS Permissions
Compressing Data on an NTFS partition
Configuring Disk Quotas On NTFS Partitions
Securing Data By Using EFSINtroduction To NTFS PermissionsUser1User2ReadACL
Group 1Full ControlUser 1ReadGroup 1Full Control
No Access
How Windows 2000 Applies NTFS Permissions Multiple NTFS Permissions
NTFS Permissions Inheritance
Copying and Moving Files and Folders
Class Discussion: Apply NTFS PermissionsMultiple NTFS Permissions NTFS Permissions Are Cumulative File Permission override Folder Permission Deny Overrides Other Permission
Group BWrite
Group ADeny Write to File 2
User 1ReadRead/ Write
Folder AFile 1File 2NTFS PartitionNTFS Permissions InheritanceNTFS Permissions Inheritance
Read/Write
Folder AFile 1Prevent Inheritance
Read/Write
Folder AFile 1Access to File 1No Access to File 1
Copying And Moving Files and FoldersNTFS PartitionD:\NTFS PartitionC:\CopyMoveNTFS PartitionE:\Copy or Move All copying inherits Permissions Only Moving to the Same Partition Retains PermissionsClass Discussion:Applying NTFS Permissions
User group
User 1
Sales GroupUser Group 1 Write to Folder1
Sales Group Read to Folder 1Users Group Read to Folder 1
Sales Group Write to folder 22User Group Modify to folder 1 File 2 should only be Accessible to sales Group, and only for Read access3
Folder 1File 1
Folder 2File 1 Using NTFS Permissions Granting NTFS Permissions
Setting Permission Inheritance
Best Practices For Granting NTFS permissions Granting NTFS Permissions
Setting Permission Inheritance
Best Practices For Granting NTFS permissions grant permissions to Groups As Opposed to Users
Group resources to simplify Administration
Only Allow Users the Level of Access That they Require
Create Groups According to The Access that the Group Members Require
Grant read & Execute Permissions for application Folders
grant Read & Execute and Write Permissions for data Folders Using NTFS Permissions Introduction to Special NTFS Permissions
Granting Special NTFS Permissions Introduction to Special NTFS Permissions
OwnerAdministrator------------------------------Permission toChange Permissions& take ownership
User, GroupsChange PermissionsTake ownershipReadStandard permissionsSpecial Access PermissionsRead DataRead AttributesRead PermissionsRead extended attributes
Granting special NTFS Permissions
Compressing Data on an NTFS partition Introduction to Compressed files and Folder
Compressing files and folders
Copying and Moving Compressed files and folder
Best practices for compressing dataFile AFile BNTFS Partition Space Allocation Compression State Display Color Access to Compressed Files Through Applications
Compressing files and folders
CopyInheritsANTFS PartitionCopy
RetainsBNTFS PartitionCopyCopy
InheritsNTFS PartitionNTFS PartitionCD Copying and Moving Compressed files and folderBest practices for compressing data Determine Which File Types to Compress
Do Not Compress Already Compressed files
Use different Display Colors For compressed files and Folders
Compress static Data Rather Than Data That Changes FrequentlyConfiguring Disk Quotas On NTFS Partitions Using Disk Quotas
Setting Disk Quotas Using Disk Quotas Usage Calculation based on file and folder ownership
Compression Ignored when Calculating Usage
Free Space for Applications Based on Quota Limit
Disk Quotas tracked for Each NTFS Partition Setting Disk QuotasOptionDescriptionEnable Quota ManagementEnable Quota ManagementDeny disk space to usersExceeding quota limitUser cannot write to volume when they exceed theirHard disk space allocationDo not limit disk usageNo hard disk space limit for usersSet warning level toSpecify amount of disk space users can fill before Event is loggedLimit disk space toSpecify amount of disk space user can useQuota entriesAdd entries, delete entries, view properties for entriesUser 1100 MBUser 2 35 MBNTFS Partition Securing Data By Using EFS Introduction to EFS
Encrypting a Folder or File
Decrypting a Folder or File
Recovering an Encrypted Folder or file Introduction to EFS Key features of EFS: Operates in the background
In Accessible Only to an Authorized User Provides built-in Data Recovery Support
Requires at Least One Recovery Agent....
Encrypting a Folder or File
..................Encrypt ContentsTo Secure DataOpen File in FolderWhen file is saved, It is encrypted byUsing file encryptedKeys
File encrypted Keys areStored in the data decryption Field and the Data recovery field In the file header
Decrypting a Folder or File.........EFS automatically detectsEncryption And Locates User certificate and Assoc tiedPrivate Key
.........Your Private Key isApplied to the DDF.........File Content AppearsOn Screen In PlainText
Recovering an Encrypted Folder or file.........Owners Key is Unavailable.........Recovery agent uses HisPrivate key to recover file
Module 5:Configuring And Managing DisksOverview: Windows 2000 Disk Types
Creating partitions on basic Disk
Creating volumes on a dynamic disk
Performing Common disk Management Task
Best Practices Windows 2000 Disk TypesFDECBASIC DISKDYNAMIC DISKBASIC DISKFEDCGFEDCORPRIMARYPARTITIONSEXTENDEDPARTITION WITHLOGICAL DRIVES A Basic is the default storage medium for Windows 2000 the Characteristics of Basic Disks Are That: It can have up to Four partitions It is compatible with other types of Disk storage The Partition types Are: Primary Extended Logical DrivesDYNAMIC DISK A Dynamic Disk Can Include Noncontiguous space on Any Available Disk There is No Limit on the number of volumes per Disk
windows 2000 Stores disk configuration information on The Dynamic diskSimple VolumeStriped VolumeSpanned VolumeMirrored volRaid-5Creating partitions on basic Disk
Creating volumes on a dynamic disk upgrading from a Basic Disk To a Dynamic Disk
Creating Simple Volumes
Extending Simple Volumes Upgrading from a Basic Disk To a Dynamic Disk
BasicBasicDynamicSystem and Boot PartitionsPrimary and extendedPartitions, and Logical DrivesVolume set ( Win NT 4.0)Stripe set (win NT 4.0)Mirror Set ( Win NT 4.0)Stripe Set with Parity(Win NT 4.0)Simple VolumeSimple VolumeSpanned VolumeStriped VolumeMirrored VolumeRAID-5 VolumeDynamicVolume Version To Revert to a Basic Disk, All Data and Volume must be Removed Creating Simple VolumesA SIMPLE VOLUME: Contains space on Single disk
Has Less Restrictions than a Basic Disk Partition
Can Use the NTFS, FAT, or FAT32 File system
Can Be Mirrored to Provide Fault Tolerance
Is Created by Using the Create Volume WizardPerforming Common Disk Management tasks Repairing and deleting Partitions And Volumes
Adding Disk
Managing drive Letters and Paths
Managing disks remotely
Defragmenting partitions Repairing and deleting Partitions And Volumes
Repair a Disk WhenThe Partition orVolume is MarkedMissing Or Offline Adding Disk
Adding Disk From other computers
Importing Incomplete volume Produces Status Message: Failed: Incomplete volume Failed Redundancy
For Drive Letters You Can: Use Only 25 Letters Assign, remove or Modify Drive Letters For Drive Paths You Can Have More Than 26 drives Mount and remove Mount Points You Can Change drive letters to other Letters or Mount Points Managing drive Letters and Paths
Managing disk Remotely Defragmenting partitions
Module: 6Introduction to Active DIrectoryin Windows 2000Overview: Introduction to Active Directory
Active Directory Structure
Active Directory physical structure
Methods for Administering A Windows 2000
NetworkIntroduction to Active Directory What is Active Directory?
Active directory Objects
Active directory Schema
lightweight directory access protocol (LDAP) What is Active Directory?
Directory Servicefunctionality Organize
Manage
ControlResourcesCentralized Management Single point of Administration Full User access to directory Resources by a single Logon Active directory ObjectsObjectsPrintersAttributesPrinter NamePrinter Location
UsersAttributesFirst NameLast NameLogon nameActive directoryPrintersPrinter1Printer2Printer3Users
Don HallSuzan FineAttributeValue Objects Represent Network Resources
Attributes Store information About an Object Active directory Schema ObjectsClass ExamplesComputers
UsersPrinters
Arrtibutes of UserMight contain:Account expiresDepartmentDistinguished nameMiddle NameList of AttributesAccount ExpiresDepartmentDistinguished nameDirect ReportsDns Host NameOperating systemReps formMiddle Name
AttributesExamplesActive Directory Schema is: Dynamically Available Dynamically Updateable Protected By DACLs
Lightweight directory Access Protocol (LDAP) LDAP provides a Way to Communicate with Active Directory by Specifying Unique naming Paths for Each Object in the Directory.
LDAP Naming Paths Include: Distinguished NamesCN= Suzan Fine OU= Sales DC= Contoso DC= Msft Relative Distinguished NamesActive Directory Logical Structure Domains
Organizational Units
Trees and Forest
Global catalog Domains A Domain is a Security Boundary A domain Administrator can Administer only within the Domain, Unless Explicitly granted Administration Rights In Other Domain A Domain is a Unit of replication Domain Controllers in a Domain Participate in Replication and contain a complete copy of the directory information for their domain
Windows2000 DomainReplicationOrganizational UnitsNetwork Administrative Model
SalesUsersComputersOrganizational structure
VancouverSales Repair Use OUs to group Objects into a Logical Hierarchy that Best suits the Needs of your Organization Delegate administrative control over the Objects within an OU by assigning specific permissions to users and Groups Trees and Forest
Syed.ComAsia.syed.comAsia.syed.comTreeSyed.ComRootAsia.syed.comAsia.syed.comTwo-Way Transitive trustForestTwo-Way Transitive trust Global catalogSubset of theAttributes of all Objects
Global CatalogGlobal Catalog Server
DomainDomainDomainDomainDomainDomainQueriesGroup MembershipWhen User Logs on
Active Directory physical structure Domain Controllers
SitesDomain ControllersDomain Controllers Participate in Active Directory Replication Perform Single Master Operations Roles in a Domain
ReplicationDomainDomainControllerDomainController
= A Writeable copy of the Active directory databaseSeattleLos AngelesChicagoNew YorkSiteIpSubnetIpSubnetSites: Optimize replication traffic
Enable Users to Log on to a Domain controller by Using A reliable, High-speed connection Methods for Administering A Windows 2000 Network Using Active directory for centralized Management
Managing the User environment
Using Active directory for centralized Management
SearchDomainOU1OU2
User 1
User2Printer 1Active directory: Enables a Single Administrator to centrally Mange Resources Allows Administrators to Easily Locate Information Allows Administrators to group objects into Ous Uses Group Policy to specify Policy-based setting
Computer Managing the User environment
Apply GroupPolicy OnceWindows 2000Enforces continuallyOU1OU2OU3DomainUse Group Policy: Control and Lock Down What user can Do Centrally Manage software installation, repairs, Updates and removal Configure user data to follow Users Whether they are Online or OfflineModule 7:Creating A Windows 2000 DomainOverview Introduction to Creating a Windows 2000 Domain
Installing Active Directory
The Active Directory Installation Process
Examining the Default Structure of Active Directory
Performing Post Active Directory Installing Tasks
Troubleshooting the Installation of Active Directory
Removing Active Directory
Best Practices Introduction to Creating a Windows 2000 Domain Domains Are the Core Administrative Unit
The First Domain Created is the Root Domain of Entire Forest or the Forest Root
Using The Active Directory Installation Wizard, you Can Create Domain And Domain ControllersNew ForestFirst Domain Controller
Forest Root (First Domain)
Additional DomainController (Replica) Installing Active Directory Preparing to Install Active Directory
Creating the First Domain
Adding a Replica Domain Controller
Using an Unattended Setup Script to Install Active Directory Preparing to Install Active DirectoryActive Directory Installation Requirements Computer Running Windows 2000 Server, Window 2000 Advance Server , Or 2000 Datacenter Server
Minimum Disk Space of 200 MB for Active Directory and 50 MB for Log Files
Partition or Volume That is Formatted With The NTFS File System
TCP/IP Installed And Configured to Use DNS
Appropriate Administrative Privileges For Creating a Domain in An Existing Network Creating the First Domain Start the Active Directory Installation Wizard Select The Domain Controller and Domain Type Specify the Required Information
Domain, DNS, And NetBIOS Names Database, Log, and Shared System Volume Locations Select To Weaken Permission Specify a Password to use in Directory Services Restore Mode The Active Directory Installation Wizard: Installs Active Directory Converts the Computer to a Domain Controller Adding a Replica Domain Controller Fault Tolerance Requires a Minimum of Two Domain Controllers in A Single Domain
More than one Domain Controller in a Domain Also Ensure that a single Domain Controller in Not Overloaded
Run Dcpromo to Add a Domain Controller to an Existing Domain
The Active Directory Installation Wizard: Converts the computer to a domain controller
Replicates Active directory from an existing domain ControllerUsing an Unattended Setup Script to Install Active DirectoryAn answer File: Contains all of the parameters needed for an unattended Session of Installing active directory contains only the (dc install) section of the unattended setup parameters file
Can be run After windows 2000 server setup has been completed and a user has logged on to the computer
dcpromo /answer:Notepad (unattended) (dc install)Answer file The Active Directory Installation Process configuring Parameters
Site Configuration
Directory services configuration
Services and Security configuration
Additional Active Directory Installation Operations configuring ParametersChecks Performed By the Active DirectoryInstallation Wizard Before Installing Active Directory Verifies User Interface Parameters
Verifies NetBIOS Name And Server Name
Verifies TCP/IP Configuration
Validates the DNS and NetBIOS Domain Name
Verifies User Credentials
Verifies File Locations Site Configuration The Domain Controller is Added to the Site that is Assoctied with its Subnet
The Server is Placed in the Default-First-site-Name Site if No Subnet Object is Found
The Active Directory Installation Wizard Creates a server Objects.
Directory services configurationDirectory Service Configuration Operations Operations for All types of Installation creates the Required Registry Set up performance counters for Active directory Configures the server to automatically enroll for an x.509 Domain Controller certificate Starts the Keyboards V5 Authentication service Set the Local Security Authority (LSA) Policy Installs shortcuts to Administration Tools in Active directory
Directory Partitions configuration Creates the Schema directory Partition Create the configuration directory Partition Create the domain directory Partition Services and Security configurationConfiguration Services and Security Setting services to start Automatically Remote Procedure Call (RPC) Locator Net Logon KDC Intersite Messaging Distributed Link Tracking server Windows Time Setting Security Sets Security for the directory services and the file Replication folders
Configures default DACLs on the file and object in Active directory
Configures default group Policy by using the security templates Additional Active Directory Installation OperationsAdditional Operations Sets Computer DNS root Domain Name
Determine whether the server computer is a members of the Domain
Creates a Computer Account in the Domain Controllers OU
Applies the User-provide Password for the Administrator Account
Creates a Cross-Reference Object in the Configuration Controller
Add Shortcuts
Create the SYSVOL Folder
Create Schema And Configuration Contains
Examining the Default Structure of Active Directory
Hold the Default Win2000 Security groupsDefault Location for Computer AccountsDefault Location for Domain ComputerAccountsHolds Security IdentifyFrom external, trust DomainDefault Location of user And Group Accounts Performing Post Active Directory Installing Tasks Verifying the Active directory Installation
Implementing Active directory Integrated Zones
Securing Updates for Active Directory Integrated Zones
Changing The Domain Mode
Implementing An Organizational Unit Structure Verifying the Active directory InstallationVerifying the Active directory Installation Verify SRV Resource Records
Verify SYSVOL
Verify the Directory Database and Log Files
Verify the installation Results by Examining the Event Logs
SYSVOLDNSDatabaseAnd LogsFiles Implementing Active directory Integrated Zones Use DNS to Integrate a DNS Zone with Active Directory
Implement a Forward Lookup Zone
Implement a Reverse Lookup Zone
DNSServer Contoso.msftZoneDatabaseActive DirectoryIntegrated Zone Securing Updates for Active Directory Integrated Zones Use DNS to secure Update for Active directory Integrated Zones
Secure the Active directory Integrated Zones to Enable You to control Access to Zones and Resource Records
ZoneDatabase
Client DNSServer Contoso.msftActive DirectoryIntegrated ZoneSecure Update Changing The Domain Mode Active directory Installs in Mixed Mode to Provide Support for Existing Domain Controllers
Group Nesting and Universal Security groups Requires A Domain to be in Native ModeDomain Controller (Win 2000)Domain Controller Win NT 4.0AndMixed ModeDomain Controller (Win 2000 Only) Implementing An Organizational Unit Structure Implement an OU Structure if You Want To: Enhance Administrative Control Delegate Administrative control over Network Resources
Group similar Network Resources under one OU Simplify Object Administration, and control Visibility of Network Resources
Make Resources Administration More Efficient Create and OU in a Domain or within Another OU by Using Active Directory Users and Computers Troubleshooting the Installation of Active DirectoryErrorAccess Denied While Creating or Adding Domain ControllersErrorDNS or NetBIOS Domain Names are not UniqueErrorDomain Cannot Be ContactedErrorInsufficient Disk Space Removing Active Directory Remove Active Directory by: Using the Active Directory Installation wizard
Providing Appropriate Administrative Credentials The Active Directory Installation Wizard perform specific Removal Operations Depending on the type of Domain
Provide Credentials: Enterprise admin group member Domain Admin group MemberRemove Active DirectoryModule 8:Automating IP AddressAssignment B Using DHCPOverview: Overview of DHCP
Installing the DHCP Service
Authorizing The DHCP Service
Creating and Configuring A Scope
Customizing DHCP Functionality
Configuring DHCP in A Routed Network
Supporting DHCP Overview of DHCP Manual vs. Automatic TCP/IP Configuration
DHCP Operation
The DHCP Lease Generation Process
The DHCP Lease Renewal Process
Requirements for DHCP Servers and Clients Manual vs. Automatic TCP/IP ConfigurationManual TCP/IP ConfigurationIP Address Entered ManuallyOn Each Client ComputerPossibility of Entering InCorrect or Invalid IP AddressIncorrect Configuration canLead to Communication andNetwork ProblemsAdministrative Overload onNetworks where computersAre Frequently MovedDisadvantagesAutomatic TCP/IP ConfigurationadvantagesIP Address are SuppliedAutomatically to Client ComputersEnsures that Clients AlwaysUse Correct Configuration InformationElimination of common Source of Network ProblemsClient Configuration UpdatedAutomatically to Reflect Changes in Network Structure DHCP Operation
Non-DHCP Client: Static IP ConfigurationDHCP ServerIP Address 2IP Address 1DHCP Client:IP Configuration From DHCP ServerDHCP Client:IP Configuration From DHCP ServerDHCPDatabaseIP Address 1IP Address 2IP Address 3 The DHCP Lease Generation Process
DHCP ClientDHCP Servers1IP Lease Request23IP Lease OfferIP Lease SelectionIP LeaseAcknowledgement4 The DHCP Lease Renewal ProcessDHCP RequestSource IP Address= 192.168.0.77Dest. IP Address = 192.168.0.108Requested IP Address= 192.168.0.77Hardware Address= 08004-------
DHCP ClientDHCP ServerDHCPCKSource IP Address= 192.168.0.108Dest. IP Address = 192.168.0.77Offered IP Address= 192.168.0.77Client Hardware Address= 08004---Subnet Mask = 255.255.255.0Length Of Lease= 8 DaysServer Identifier= 192.168.0.108DHCP Option: Router= 192.168.0.1 Requirements for DHCP Servers and Clients DHCP Server Requirements (Windows 2000 Server) The DHCP Service Static IP Address, Subnet Mask, Default Gateway Range of Valid IP Address DHCP Clients Windows 2000 Professional or Windows 2000 Server Windows NT Server or Workstation 3.51 Or later Windows 95 or Windows 98 Windows for Workgroup 3.11, Running TCP/IP Microsoft Network Client 3.0 for MS-DOS LAN Manger 2.2c Non-Microsoft Operating System
Installing the DHCP Service Authorizing The DHCP Service
DHCP ServerDHCP ServerClientsDomain Controller/ DHCP ServerDHCP ServicesChecks forAuthorization If authorized the Service starts Properly
If unauthorized, the Service Logs an error and will not respond to Clients Overview Of ScopesDHCP Server
IP Address Available Lease to client ComputersScope192.168.1.0192.168.1.1192.168.1.2192.168.1.3192.168.1.4 Using the New Scope WizardYou Use the New Scope Wizard to: Configure Scope Parameters
Change the Default Lease Duration
Activate a Scope Configuring a Scope with OptionsScope Options Supported by DHCP Include: IP Address of a Router
IP Address of a DNS Server
DNS Domain Name
IP Address of WINS Server
Type of NetBIOS over TCP/IP Name Resolution Customizing the Use of Scope OptionScope OptionsServer LevelScope LevelClass LevelReserved Client Level
Reserving IP Address for Clients Computers Customizing DHCP Functionality Using Option classes
Combining Scopes by Using Super Scopes
Issuing Multicast Address by Using Multicast Scopes Using Option classes Vendor-Defined classes manage DHCP Options Identified by Operating System vender Type
User-Defined Classed Manage DHCP Option With Common Configuration RequirementsDHCP Server
Configuration AConfiguration BConfiguration CClient 1Client 2Client 3 Combining Scopes by Using Super ScopesSuper Scope AScope 1192.168.1.1192.168.1.254Scope 2192.168.2.1192.168.2.254DHCP Server
192.168.1.1192.168.1.254192.168.2.1192.168.2.254 Issuing Multicast Address by Using Multicast Scopes DHCP Server
Computer 2Computer 3Computer 4Computer 1Multicast GroupRequest forMulticast addressMulticast addressAssigned Configuring DHCP in A Routed Network Routed Network configuration Options
Using a DHCP Relay Agent Routed Network configuration Options
DHCP ClientDHCPRelay AgentWindows 2000 ServerRouterRouterDHCP ServerDHCP ClientNon RFCCompliantRFCCompliant
Using a DHCP Relay Agent
DHCP ClientDHCP Relay AgentSubnet 1RouterDHCP ServerSubnet 2 Supporting DHCP Monitoring the DHCP Server Services
Troubleshooting DHCP Database Problems
Removing A DHCP Server from service Monitoring the DHCP Server ServicesWhen you Enable Logging, the DHCP Server Creates
Log Files Called DHCPSrvlog. The DHCP Server Stores
These Files in the DHCP Database Directory
DHCPDatabaseDhcp Srvlog DHCPDatabaseStoreSystemroot\system32\dhcpStoreSystemroot\system32\dhcp\backup\jet\new Troubleshooting DHCP Database Problems Removing A DHCP Server from serviceBefore Removing a DHCP Server for Service Set short Lease Durations For Clients
Ensure New Lease for Clients
Record Any Reserved Addresses
Large Address Pool In Other DHCP Servers
Transfer IP Address to the New ScopeModule 9:Implementing Name ResolutionBy Using DNS Overview Of the DNS Query ProcessQuery TypesIterative QueryRecursive QueryThe DNS Server return the Best answerThat it can Provide With out help formOther serverThe DNS server return a complete answerTo the query, not a pointer to anotherDNS ServerLookup TypesForward LookupReverse LookupRequires Name-to-Address resolutionRequires Address-to-Name resolution Installing the DNS Server Service
IP Address can beProvide by a DHCPServer or ManuallyConfigured
Configuring Name Resolution for Client Computers Creating Zones Identifying Zone Types
Examining the zone File
Creating Lookup Zones Identifying Zone TypesChangePrimary ZoneSecondary ZoneZone TransferStandard ZoneChangeChangeChangeZone TransferActive directory Integrated zones Examining the Zone FileResources Record in a zone file can contain a computers FQDN IP Address AliasRecord@ NS casablanca.africa.nwtrades.msft.Casablanca A 192.168.11.1Marrakech CNAME casablanca.africa.nwtrades.msft.1.11.168.192. in-add.arpa. PTR casablanca.africa.nwtrades.msft.
ZoneDatabase FileZoneDNS Server Creating Lookup Zones
Forward LookupIP Address for Khan.com ?
IP Address 192.168.1.50Reverse LookupName Of 192.168.1.50 ?Name = khan.comDNS ServerDNS Server Configuring Standard Zones
Zone Transfer Process
Configuring Zone transfers
Creating A Sub domain
configuring Active directory Integrated Zones
Migrating zones to the windows 2000 DNS server Service Configuring Zones Configuring Standard Zones You can Configure A DNS Server to host standers primary Zones, Strand Secondary Zones, or any Combination of Zones.
You can designate a primary server or a Secondary server as a master server for a standers Secondary zoneAPrimary ZoneBSecondary ZoneMaster DNS ServerDNS Server ACSecondary ZoneMaster DNS ServerDNS Server ADNS Server ADNS Server BDNS Server C ZoneInformation Zone Transfer Process A master DNS server send Notification of zone Changes to The Secondary server or Servers
The Secondary server queries a master DNS Server for changes to the zone FileDNS Server (Master)DNS ServerPrimary ZoneDatabase FileSecondary ZoneDatabase FilenwtradersSupportTrainingZone 1
Configuring Zone transfers Creating A Sub domain Create a Sub Domain to Better Organize you Namespace
Delegate Authority of a Sub Domain To Delegate Management of Portions of the Namespace Delegate Administration tasks of Maintaining on Large DNS DatabaseOrg.Org.Com.Edu.Au.Microsoft.comTraining.microsoft.comTraining.microsoft.comRootTop-level DomainSecond-level DomainSub Domain configuring Active directory Integrated ZonesActive Directory Integrated zone Data Is Stored as an Active directory Object Replicated as part of Domain ReplicationDNS ServerNwtradres.msftActive Directory Integrated zone
Active directory Migrating zones to the windows 2000 DNS server ServiceFiles in the windows 2000 DNS server serviceDomain_name.dnsThe forward Lookup file that is used toTranslate Host Names to IP Addressz.y.x.w.in-addr.arpaThe Reverse Lookup file that is used toTranslate IP Address to Host NamesCache.dnsContains the required Host information forResolving Names outside authoritative BootControl How the DNS Server service Start configure a Root Zone on a DNS Server When: your Intranet is not connected to the internet you are using a proxy to gain access to the internetOrg.Com.Edu.Au.ComMicrosoft.comDelegate
Microsoft.comPrivate NetworkInternet Root domainCom.Delegate
Microsoft.com
Microsoft.com
Record forComMicrosoft.comRoot DomainProxyServerPrivate Network Configuring DNS for Internal Use Integrating DNS and DHCP Overview of Dynamic Update
Configuring Dynamic Updates
Securing Dynamic Updates Overview of Dynamic Update
Computer 1Request for IP AddressAssign IP AddressOf 192.168.120.133Dynamic UpdateDynamic UpdateComputer 1192.168.120.133DNS ServerZone databaseDHCP Server Configuring Dynamic Updates Configure the DNS Server to Allow Dynamic Updates
Configure the DHCP Server for Dynamic Updates
Configure windows 2000 Based clients Dynamic Updates Securing Dynamic Updates
Active directoryIntegrated zoneSecureDynamic Update Maintaining and troubleshooting DNS Servers Reducing Network traffic by Using caching-Only Server
Maintaining DNS Zones
Monitoring DNS Servers
Verifying Resources Records by Using NSlookup
Troubleshooting Name Resolution Problems Reducing Network traffic by Using caching-Only ServerCaching-Only Servers Perform name Resolution on behalf of client computers and cache the results
Can be used to reduce DNS-related traffic across a WAN
ClientClientClientCaching-Only ServersRemote OfficeDNS Server SlowWan LinkCorporate Headquarters Maintaining DNS Zones
Monitoring DNS Servers
Verifying Resources Records by Using NSlookupUse Nslookup to verify that the information contained in Resources records is correct
Troubleshooting Name Resolution Problems Troubleshooting Name Resolution Problems troubleshooting Name resolution on Clients computers
Registering Client Computers
Troubleshooting Zone transfer ProblemsModule 10:Introduction toISA Server 2000Overview: Introduction ISA Server
Using Caching
Using Firewalls
Deployment scenarios for ISA Server Introduction ISA Server ISA Server Editions
Benefits of ISA Server
Installation Modes ISA Server Editions ISA Server Standard Edition
ISA Server Enterprise edition Benefits of ISA ServerAccelerationFast web access with a High performance CacheSecuritySecure Internet connectivity a MultilayeredFirewallManagementUnified Management with Integrated AdministrationExtensibilityExtensible and open platform Installation Modes Cache Mode
Firewall Mode
Integrated Mode
Features Available with Each Mode Using Caching The Caching Process
Types of cachingCache The Caching ProcessISA ServerInternet2 GET www.nwtraders.msftClient 1Client 2Cache1 GET www.nwtraders.msft4 GET www.nwtraders.msft3 Object is sent from internet
5 object is sent from cache
Types Of CachingForwardCachingCacheInternetReverseCachingCacheInternetDistributedCachingInternal NetworkWeb ServerInternal NetworkCacheCacheCacheInternet
Using Firewalls Firewall Overview
Bastion Host
Perimeter network with Three-Homed firewall
Perimeter Network with Back-to-Back Firewalls
Filters and Network Access Firewall Overview A firewall is:
Controlled point of access for all traffic that enters the internet Network
A Controlled Point of Access for all Traffic that Leaves the internet network Bastion HostInternetFirewallInternal Network
Perimeter network with Three-Homed firewallInternetPerimeter NetworkInternal NetworkFirewall
Perimeter Network with Back-to-Back Firewalls
Internal FirewallExternalFirewall Filters and Network AccessAccess PolicyAllowHttpAll destinationsStreaming MediaStreaming MediaSTMPSTMPDNS IntrusionFirewallInternal NetworkExternal Network Deployment scenarios for ISA Server Branch Office/Small Business Cache Server
Branch Office/Small Business Firewall
Enterprise Cache
Enterprise Firewall Branch Office/Small Business Cache ServerMain OfficeCacheBranch OfficeISA ServerCacheISA ServerSmall businessInternet
Branch Office/Small Business FirewallInternetISA ServerActual ConnectionBranch Office orSmall BusinessPerceived connection
Enterprise Cache ServerCacheCacheCacheInternetISA Server ArrayCorporate Network
ISA ServerISA ServerPerimeter NetworkInternet Enterprise Firewall