COMP2221COMP2221

Networks in OrganisationsNetworks in Organisations

Richard HensonRichard Henson

NovemberNovember 20122012

Week 7:Week 7:Windows Services…Windows Services…

Objectives:Objectives: Explain the mechanism for control of user and Explain the mechanism for control of user and

system settings on networked machinessystem settings on networked machines Explain the role of the registry in desktop Explain the role of the registry in desktop

configuration, usability, and securityconfiguration, usability, and security Explain the mechanisms typical TCP/IP-based Explain the mechanisms typical TCP/IP-based

network servicesnetwork services Use appropriate software tools for network services, Use appropriate software tools for network services,

system/network monitoring and troubleshootingsystem/network monitoring and troubleshooting

Rapid Boot-up with Rapid Boot-up with Windows 7 (1)Windows 7 (1)

Huge improvements in time to logon Huge improvements in time to logon screen…screen…32-bit colour animation appears at an early 32-bit colour animation appears at an early

stagestage» driven by the CPU (& using Intel EFI)driven by the CPU (& using Intel EFI)

graphics card not yet initiatedgraphics card not yet initiated……

meanwhile, operating system's kernel and meanwhile, operating system's kernel and critical device drivers are loading into critical device drivers are loading into memory in the background…memory in the background…

Rapid Boot-up with Rapid Boot-up with Windows 7 (2)Windows 7 (2)

Early stage of boot process bound to i/o:Early stage of boot process bound to i/o:loading the kernelloading the kerneldevice driver filesdevice driver filesother system component filesother system component files

Dimensions of the boot animation limited Dimensions of the boot animation limited to a small region of the screento a small region of the screenavoids i/o delay loading animation images avoids i/o delay loading animation images

during the early stage of boot…during the early stage of boot…

Rapid Boot-up with Rapid Boot-up with Windows 7 (3)Windows 7 (3)

Changes to the boot “architecture”Changes to the boot “architecture” Windows 7 animation happens as the process Windows 7 animation happens as the process

moves alongmoves along» contrast with Vista, where the pear animation comes only contrast with Vista, where the pear animation comes only

after the boot sequence is complete…after the boot sequence is complete…

fewer transitions in graphics mode during fewer transitions in graphics mode during initialisation of the graphics subsystem and initialisation of the graphics subsystem and Windows shellWindows shell

» again, c.f. Vista, where screen flashes black a few times..again, c.f. Vista, where screen flashes black a few times..

Sound plays BEFORE user login starts…Sound plays BEFORE user login starts…

BUT…BUT… The user in an organisation then needs The user in an organisation then needs

to log on…to log on…endless loading of policy files…endless loading of policy files…subsequent configuration to accommodate subsequent configuration to accommodate

settings into the local registry…settings into the local registry…

Policy Files: Controlling User Policy Files: Controlling User and System Settings…and System Settings…

Arguably the most Arguably the most important part of a network important part of a network manager’s jobmanager’s job get it right: happy users, get it right: happy users,

happy managershappy managers

get it wrong: frustrated get it wrong: frustrated users, angry managersusers, angry managers

Even at remote locations (!)Even at remote locations (!)

General principle of no access at all General principle of no access at all without logon…without logon…

Policies determine the desktops and Policies determine the desktops and services available when users logon services available when users logon right access the (enterprise) networkright access the (enterprise) network

User/System Policy SettingsUser/System Policy Settings

Different types of system?Different types of system?»different registry settings neededdifferent registry settings needed

System settings for computer may System settings for computer may need to be changed for particular users need to be changed for particular users »e.g. lower screen refresh rate required for e.g. lower screen refresh rate required for

epilepticsepileptics

Groups and Group PolicyGroups and Group Policy

Convenient for users to be put into Convenient for users to be put into groupsgroupsSettings for group provides particular Settings for group provides particular

access to data & servicesaccess to data & services Problems…Problems…

user in wrong group(s)user in wrong group(s)group has wrong settingsgroup has wrong settings

Users and ConvenienceUsers and Convenience Windows Networks provide storage Windows Networks provide storage

space on Server for user data:space on Server for user data:mandatory profilesmandatory profiles

» no storage for desktop settings all same no storage for desktop settings all same desktop settings!desktop settings!

roaming profilesroaming profiles» desktop settings preserved on Server between desktop settings preserved on Server between

user sessionsuser sessions but takes extra spacebut takes extra space and makes logon even longer!and makes logon even longer!

The all-important RegistryThe all-important Registry Hierarchical store of system and user settingsHierarchical store of system and user settings Five basic subtrees:Five basic subtrees:

HKEY_LOCAL_MACHINEHKEY_LOCAL_MACHINE : local computer info. : local computer info. Does not change no matter which user is logged onDoes not change no matter which user is logged on

HKEY_USERSHKEY_USERS : default user settings : default user settings HKEY_CURRENT_USERHKEY_CURRENT_USER : current user settings : current user settings HKEY_CLASSES_ROOTHKEY_CLASSES_ROOT : software config data : software config data HKEY_CURRENT_CONFIGHKEY_CURRENT_CONFIG : “active” hardware : “active” hardware

profileprofile

Each subtree contains one or more subkeysEach subtree contains one or more subkeys

Location…Location… C:\windows\system32\configC:\windows\system32\config Six files (no extensions):Six files (no extensions):

SoftwareSoftware System – hardware settingsSystem – hardware settings Sam, SecuritySam, Security

» not viewable through regedt32not viewable through regedt32

Default – default userDefault – default user Sysdiff – HKEY USERS subkeysSysdiff – HKEY USERS subkeys

Also: ntuser.dat fileAlso: ntuser.dat file user settings that override default useruser settings that override default user

Emergency Recovery if Emergency Recovery if Registry is damagedRegistry is damaged

Backup registry files created during text-Backup registry files created during text-based part of windows installationbased part of windows installationalsoalso stored in: stored in:

» C:\windows\system32\configC:\windows\system32\config» distinguished by .sav suffixdistinguished by .sav suffix

only used to update registry if “R” option is only used to update registry if “R” option is chosen during a windows recovery/reinstallchosen during a windows recovery/reinstall

Emergency Recovery if Emergency Recovery if registry completely ruined…registry completely ruined…

Another NEVER UPDATED backup is Another NEVER UPDATED backup is saved to C:\windows\repairsaved to C:\windows\repaircontains no user and software settingscontains no user and software settingsreboots back to the point: reboots back to the point:

» ““Windows is now setting up”Windows is now setting up”

Backing up the RegistryBacking up the Registry Much forgotten…Much forgotten…

can be copied to tape, USB stick CD/DVD, or diskcan be copied to tape, USB stick CD/DVD, or disk rarely more than 100 Mbrarely more than 100 Mb

Two options;Two options; Use third-party backup toolUse third-party backup tool

» e.g e.g http://www.acronis.co.uk

Use windows “backup”Use windows “backup”» not recommended by experts!not recommended by experts!» already there & it does work!already there & it does work!» when choosing backup options, “system state” should be when choosing backup options, “system state” should be

selectedselected

Editing “Live” Registry SettingsEditing “Live” Registry Settings Registry data that is loaded into memory can Registry data that is loaded into memory can

also be overwritten by data:also be overwritten by data: from local profiles (ntconfig.pol)from local profiles (ntconfig.pol) downloaded across the network… downloaded across the network…

Contents should not be changed manually Contents should not be changed manually unless you really know what you are doing!!!unless you really know what you are doing!!!

Special command line tool available for Special command line tool available for editing individual system settings:editing individual system settings: REGEDT32 REGEDT32

Policy FilesPolicy Files Collection of registry settings in a text fileCollection of registry settings in a text file

downloaded from the domain controller during downloaded from the domain controller during logonlogon

settings depend on the user or group logging onsettings depend on the user or group logging on Can overwrite:Can overwrite:

local machine registry settingslocal machine registry settings current user registry settingscurrent user registry settings

Policies should therefore only be created and Policies should therefore only be created and used by those who know what they are used by those who know what they are doing!!!doing!!!

Group Policy FilesGroup Policy Files

Local Computer (local policy)Local Computer (local policy)read from local machineread from local machine

Domain Controllers (domain policy)Domain Controllers (domain policy)downloaded across the networkdownloaded across the network

Read by CPU on local machine during Read by CPU on local machine during logon procedurelogon proceduresubsequently written to registrysubsequently written to registrycontrol user desktopcontrol user desktop

The Redirector The Redirector (OSI Level 5)(OSI Level 5)

Client-server Client-server serviceservice

Provides file and Provides file and print connectivity print connectivity between between computerscomputers one end must be one end must be

“server”“server” provides the provides the

service…service…

server client

may be logged on

Server Providesservice

redirector requests service

Redirector Redirector (“Workstation” i.e. client-end)(“Workstation” i.e. client-end)

Implemented as a file system driverImplemented as a file system driveronly called if local file system cannot find only called if local file system cannot find

the file or servicethe file or servicesends request to active directory to locate sends request to active directory to locate

the data object via Transport Driver the data object via Transport Driver Interface (TDI)Interface (TDI)» communicates directly with transport protocols communicates directly with transport protocols » allows independence of networking allows independence of networking

components in OSI layers 2-4components in OSI layers 2-4

Redirector Redirector (Workstation Service)(Workstation Service)

Adherence to OSI layers…Adherence to OSI layers… Can independently add or remove: Can independently add or remove:

» transport protocols (layers 3 & 4)transport protocols (layers 3 & 4)» network cards (layers 1 & 2)network cards (layers 1 & 2)

without reconfiguring the whole systemwithout reconfiguring the whole system

Completely transparent in redirection of i/o Completely transparent in redirection of i/o calls not serviced locallycalls not serviced locally esp. important when applications are being usedesp. important when applications are being used

Server ServiceServer Service

Server end of redirector:Server end of redirector: implemented as a file system driverimplemented as a file system driver communicates with lower layers via TDIcommunicates with lower layers via TDI

Supplies the network connections Supplies the network connections requested by the client redirectorrequested by the client redirector

Receives requests via adapter card Receives requests via adapter card drivers, transport protocol (e.g. TCP/IP), drivers, transport protocol (e.g. TCP/IP), and TDIand TDI

Running Client-Server Running Client-Server ApplicationsApplications

Client process & server process provide a Client process & server process provide a mechanism for:mechanism for: pipes to link processes that need bi-directional pipes to link processes that need bi-directional

communicationcommunication mailslots to link processes only requiring one-mailslots to link processes only requiring one-

directional communicationdirectional communication running Winsock to manage the communication running Winsock to manage the communication

channelchannel RPCs (Remote Procedure Calls) allowing RPCs (Remote Procedure Calls) allowing

distributed applications to call procedures distributed applications to call procedures anywhere on the networkanywhere on the network

File and Print SharingFile and Print Sharing

Shared resource access requires use ofShared resource access requires use of redirectorredirector server service…server service…

Multiple UNC Provider allows connection to a Multiple UNC Provider allows connection to a resource on any computer that supports UNC resource on any computer that supports UNC Universal Naming Convention) namesUniversal Naming Convention) names FilesFiles \\server\shared folder[\sub-folder]\filename) PrintersPrinters \\server\shared printer

Multiple Provider Router supports multiple Multiple Provider Router supports multiple redirectorsredirectors

Network BindingNetwork Binding

Binding is about linking network components Binding is about linking network components working at different OSI levels together to working at different OSI levels together to enable communicationenable communication

Windows binding is about linking the Windows binding is about linking the redirector & server service with the transport redirector & server service with the transport protocol and (via NDIS) adapter card driversprotocol and (via NDIS) adapter card drivers happens automatically when:happens automatically when:

» there is a change of protocol, or protocol settingsthere is a change of protocol, or protocol settings» different network adapter drivers are installeddifferent network adapter drivers are installed» existing adapter card settings are alteredexisting adapter card settings are altered

WINS (Windows Internet WINS (Windows Internet Names Service)Names Service)

Client-server protocol like DNS, DHCPClient-server protocol like DNS, DHCP used on first Windows TCP/IP networks to enable used on first Windows TCP/IP networks to enable

computer devices to communicate using IPcomputer devices to communicate using IP manages a dynamic database of IP addresses and manages a dynamic database of IP addresses and

local network (NetBIOS) nameslocal network (NetBIOS) names clients request IP addresses for particular NetBIOS clients request IP addresses for particular NetBIOS

names names WINS server provides that informationWINS server provides that information

Historical, but NETBIOS names still used in Historical, but NETBIOS names still used in some placessome places

Terminal ServicesTerminal Services Allows any PC running a version of Allows any PC running a version of

Windows to remotely run a Windows Windows to remotely run a Windows serverserveruses a copy of the server’s desktop on the uses a copy of the server’s desktop on the

client machineclient machine Client tools must be installed first, but Client tools must be installed first, but

the link can run with very little bandwidththe link can run with very little bandwidthpossible to remotely manage a server possible to remotely manage a server

thousands of miles away using a phone thousands of miles away using a phone connection…connection…

More about the www service

Provided by Microsoft’s Web Server (IIS)Provided by Microsoft’s Web Server (IIS) links to TCP port 80links to TCP port 80 can also provide:can also provide:

» ftp service (port 21)ftp service (port 21)» smtp service (port 25)smtp service (port 25)

Purpose of www service:Purpose of www service: Works with http protocol make html pages Works with http protocol make html pages

available:available:» across the network as an Intranetacross the network as an Intranet» across trusted external users/domains as an Extranetacross trusted external users/domains as an Extranet

Features of IISFeatures of IIS

Provides server end program execution Provides server end program execution environment:environment: runs server-scriptsruns server-scripts

Sets up its own directory structure on the Sets up its own directory structure on the Server for developing Intranets, Extranets, Server for developing Intranets, Extranets, etc.etc.

Sets up communication via TCP port 80 in Sets up communication via TCP port 80 in response to client requestresponse to client request

Client end:Client end: browser HTML display environment on clientbrowser HTML display environment on client

““Static” web page serviceStatic” web page service

client (browser) requests information (HTML page)

server (IIS, web server) processes the request, sends HTML page back to the client…

CLIENT SERVER

RESPONSE

Send RequestRead Results

Process RequestSend Back Results

ClientProgram

REQUEST

ServerProgram

More Features of IISMore Features of IIS

Access to any client-server service can Access to any client-server service can be restricted using username/password be restricted using username/password security at the server endsecurity at the server endor could bypass security with “anonymous or could bypass security with “anonymous

loginlogin» uses a “guest” account – access granted only uses a “guest” account – access granted only

to files that make up the Intranetto files that make up the Intranet» prevents worries about hacking in through prevents worries about hacking in through

guessing passwords of existing usersguessing passwords of existing users

Client-Server Web ApplicationsClient-Server Web Applications Associated with “dynamic” web pagesAssociated with “dynamic” web pages Web servers provides a server-side Web servers provides a server-side

environment that can allow browser data to environment that can allow browser data to query remote online databases using SQL…query remote online databases using SQL… processing takes place at the server endprocessing takes place at the server end centralised and secure!centralised and secure!

Some recent challenges to client-server Some recent challenges to client-server applicationsapplications apps using local processing, even storage (!)apps using local processing, even storage (!) again…issue of availability v securityagain…issue of availability v security

Troubleshooting ResourcesTroubleshooting Resources Task ManagerTask Manager

Applications tab just gives the name and status of Applications tab just gives the name and status of each application that is loaded into memoryeach application that is loaded into memory

Processes tab:Processes tab:» all system processesall system processes» Memory usage of eachMemory usage of each» % CPU time for each% CPU time for each» Total CPU time since boot upTotal CPU time since boot up

Performance tabPerformance tab» Total no. of threads, processes, handles runningTotal no. of threads, processes, handles running» % CPU usage% CPU usage

Kernel modeKernel mode User modeUser mode

» Physical memory available/usagePhysical memory available/usage» Virtual memory available/usageVirtual memory available/usage

Troubleshooting ResourcesTroubleshooting Resources Event viewerEvent viewer

System events recorded into “event log” files System events recorded into “event log” files » Three by default: system, auditing, applicationThree by default: system, auditing, application» customisable customisable

Three types of events:Three types of events:» InformationInformation» WarningWarning» ErrorError

More information for each event obtained by More information for each event obtained by double-clickingdouble-clicking

Event management also required…Event management also required…» E.g. new files daily, old ones archived? dumped? when? E.g. new files daily, old ones archived? dumped? when? » how often to check event files?how often to check event files?» Important to detect security issues and potential failures Important to detect security issues and potential failures

Troubleshooting ResourcesTroubleshooting Resources System Monitor (perfmon.msc)System Monitor (perfmon.msc)

monitormonitor many aspects of system performance many aspects of system performance e.g. capture, filter, or analyses frames or packets sent over e.g. capture, filter, or analyses frames or packets sent over

the network, or capture data from hardware devicesthe network, or capture data from hardware devices» either display current data graphically, in real-timeeither display current data graphically, in real-time» or log data at regular intervals to get a longer term or log data at regular intervals to get a longer term

picturepicture AlertsAlerts

» notify when a particular threshold value has been reachednotify when a particular threshold value has been reached

System Recovery…System Recovery… If a fatal error occurs:If a fatal error occurs:

» immediate dump of system memory is madeimmediate dump of system memory is made can be used for identifying the cause of the problemcan be used for identifying the cause of the problem

» alerts are sent to usersalerts are sent to users» system is restarted automaticallysystem is restarted automatically