8/2/2019 2 - Windows Server 2
1/30
Intro to Systems Administration
WINDOWS SERVER 2003
8/2/2019 2 - Windows Server 2
2/30
Table of Content
Creating User Accounts
Creating Group accounts Creating Computer Accounts
Group Policy
Disk Space, Sharing and Permissions Disk Management
8/2/2019 2 - Windows Server 2
3/30
Creating User Accounts
In the Active Directory Users and Computers, one can manage or
change the settings of user accounts.
How to?
1.Click start -> Administrative Tools ->Active Directory Users andComputers.
2. Right click the users container -> New, and click User.
3. Enter Name and Last name, and then enter the User Logon name,
e.g. petruss/ spetrus4. Ensure that your domain is correct then click Next.
5. Enter your password twice to confirm it. (Complex Password)
6. Can choose then if user should change password at next Logon, or
not.
8/2/2019 2 - Windows Server 2
4/30
Group Accounts
Group accounts help to minimize the administrative effort associated with
assigning rights and permissions to users with common needs.
You have two different types in Windows Server 2003
1) Security Groups
q A Security Identifier (SID) that allows groups assigned permissions to
resources as well as rights to perform various tasks defines this group.
2) Distribution Groups
q Are used when sending an e-mail to a group, which then sends it to allmembers of that group.
8/2/2019 2 - Windows Server 2
5/30
Group Accounts : Scope Whether a group is a security group or a
distribution group, it is characterized by a
scope.
The Scope identifies the extent to which thegroup is applied in the domain tree or forest.
Different Scopes
Universal
Global
Domain Local
8/2/2019 2 - Windows Server 2
6/30
Creating Group Objects
1.Click start -> Administrative Tools -> Active Directory Users andComputers.
2. Right click the users container -> New, and click on Group.
3.Enter the New Group Name in the box, select the group scope,local or global, and then choose the Group type, Security or
Distribution, then click OK to create the group.
4.Then double click the group name to view its properties, click the
members tab.Use add button to add users or other groups to the group created,
then click OK to close properties box.
8/2/2019 2 - Windows Server 2
7/30
To create and manage Computer
accounts.Computers are also required to have accounts in Active Directory
1. Click start, select Administrative Tools, and click on Active
Directory Users and Computers.
2. Right-click the computers container and then select New, then
click Computer.
3. Enter the workstation name, and then click Next.
4. In the Managed screen, click Next.5. Then Click Finish and the new computer will appear in
Computers container.
6. Right-Click the new Computer name, and click properties to view
and change the settings of new computer.
8/2/2019 2 - Windows Server 2
8/30
Group Policy
Administrators use Group Policy to define options
for managing configurations of servers, desktops,
and groups of users. Local policy settings can be applied to all
machines, and for those that are part of a domain,
an administrator can use Group Policy to setpolicies that apply across a given site, domain, or
range of organizational units (OUs) in the Active
DirectoryIntroduction to Group Policy in Windows Server 2003 Microsoft Corporation Published: April 2003
8/2/2019 2 - Windows Server 2
9/30
Group Policies
Group policies deal with account lockouts, passwords and Kerberos etc.
Lockout: - Number of times a user can try to login before being locked out.
Passwords: - Enforce password history, defines the number of passwords to
be unique before a user can reuse an old password. (After how many days
should a user change their password.)
Kerberos: - Enforce user logon restrictions using Key Distribution Center
(KDC.
To view group policies:1. Right Click the Domain object in Active Directory Users and Computers,
then click on Properties.
2. Click on the Group Policy tab, and then click on the Edit button to show
account policies.
8/2/2019 2 - Windows Server 2
10/30
Managing file access, disks and
disk Storage
Why have a network?
The Sharing of network resources
Network resources need to be secured
Restrictions and permissions
Administrator can limit certain groups and give completecontrol to others. (Windows Server 2003).
8/2/2019 2 - Windows Server 2
11/30
Shared folders
These are data sources that have been made
available over the network to authorized users.
Centralized network resources through the useof shared folders
There are two ways of creating shared folders:
Creating a shared folder using Windows Explorer Creating a shared folder using Computer Management
Console
8/2/2019 2 - Windows Server 2
12/30
Creating a shared folder using
Windows Explorer1. Open Windows explorer and create a new folder under c:drive,
2. Right click on folder -> Sharing and Security.
3. In the sharing tab, click the share this folder radio button, and
the name of the share in the text box.
4. Then Click OK, and folder should be shared.
5. To verify browse to your network folder and view shared folder.
C ti h d f ld i
8/2/2019 2 - Windows Server 2
13/30
Creating a shared folder using
Computer Management Console
1. Right click on My Computer and click on Manage.
2. Click the + Symbol next to Shared Folders, and click on Shares
3. Right click the Shares folder and click New Share
4. At folder path, type in folder or browse location, then click Next
5. If folder does not exist you will be prompted to create byclicking Yes.
6. At Permissions screen choose permission type for folder then
click finish.
8/2/2019 2 - Windows Server 2
14/30
Implementing Shared Folder
Permissions
1. Under Sharing and Security of folder click on
Permissions.
2. Click on Add to select users, computer or groups to add.
3. Then select permissions Full Control, Read, or Change.
4. Then click Apply and OK.
8/2/2019 2 - Windows Server 2
15/30
Windows Server 2003 supports 3
types of file systemsa) FAT File System:
Used by DOS and is supported by all Windows OS since.
Win Server 2003 supports partitions for FAT up to 4GB of space.
FAT has a partition size limitation, and it has no security features.
b) FAT32 File System: Supports much larger partitions up to 2Terabytes.
Does not have any advanced security features e.g. permissions onfiles and folders resources.
c) NTFS File System:
Introduced in Win NT OS. Supports in practice from 2Terabytes to16Terabytes, but is capable of addressing up to 16 Exabytes.
Comes with better performance, greater scalability, supports forActive Directory, and has the ability to configure security permissions.It has support for remote Storage, and has recovery logging of diskactivities.
8/2/2019 2 - Windows Server 2
16/30
NTFS Permissions
These permissions can only be applied on files andfolders that exist in partitions formatted with NTFS file
system. NTFS permissions are configured through the Security
tab, and its cumulative, that means if a user is member ofdifferent groups, his permissions are all permissions put
together. It can be set at file or folder level, and child folders and
files inherit permissions unless otherwise specified.
I l i NTFS P i i
8/2/2019 2 - Windows Server 2
17/30
Implementing NTFS Permissions
1. Under the Sharing and Security of Folder, select the Security tab
2. Click the Add button to add user, computer and groups.
3. Then select permission for different users, either Full Control, Modify, Read &Execute, Read, Write etc.
4. Click the advanced button, to specify inheritable properties.
5. To remove any Groups or Users, click on Remove.
6. Then Click Apply and the OK.
For special permissions, click advanced button and modify Permissions for users
and groups. When Shared folder and NTFS permissions are combined: -
Over a network the most restrictive permission of the two becomes the effectivepermission.
When a file is accessed locally, only NTFS permissions apply.
8/2/2019 2 - Windows Server 2
18/30
Disk Management :Windows 2003 Server supports two data storage types
Basic Disks Uses traditional Disk management Techniques and contains primary and
extended partitions and logical drives, any can be configured with FAT,
FAT32 and NTFS.
Each partition acts as a separate storage on the disk. If more then one primary partition is configured, only one can be marked as
the active partition.
Dynamic Disks
Does not use partitions, but volumes instead, because they provide additionalfeatures and capabilities.
Provides a new flexibility, as there are basically no restrictions to the number
of volumes that can be implemented on the disk.
Not restricted to the size initially configured.
8/2/2019 2 - Windows Server 2
19/30
Basic DisksPrimary Partitions: -
There are at least one configured on a drive
Usually contain the operating system start-up files at the beginning of thepartition.
The active primary partition is where the computer looks for the hardware
specific files to start the OS.
Extended Partitions: -
Created from space that is not yet partitioned, meaning space that is leftafter primary partition has been created.
Can only be one extended partition on a standard basic Disk. It is not formatted or does not have a drive letter assigned.
Once created, it can be further divided into logical drives each getting theirdrive letter. The disk is described as logicalbecause it does not actuallyexist as a single physical entity in its own right
8/2/2019 2 - Windows Server 2
20/30
Dynamic Disks Volume Types
Simple volume: - Is dedicated and formatted portion of disk space, which can beextended by adding, unallocated space to the volume later.
Note!! Only if formatted with NTFS, can it be extended.
Spanned volume: - Consist of space of combining from 2 to 32 Dynamic Disks and treatall as single volume, thus reducing the number of drive letters.
Any new disks added then the spanned volume can be extended to include it.
Note!! If one disk fails, the entire volume is inaccessible.
Striped Volume: - Extends the life of the hard disk drive by spreading data equally over
two or more drives, thus one drive does not work more then the other.Also increases performance, because read and writing to disks is faster as it would havebeen with only one drive, thus it is useful when storing large databases and datareplication from one volume to another.
Note!! Data can be lost if one or more disks in striped volume fail.
8/2/2019 2 - Windows Server 2
21/30
Managing partitions and volumes
Managing your Disk properties using Disk Management Tool.
1. Right-Click My Computer and click Manage.
2. Expand Storage, and click Disk Management.3. To check your drive properties, right click the drive and click properties.
4. Here you have different options like, Tools, Hardware, Sharing, ShadowCopies, Quota and Security to configure your drive.
5. In the lower right pane, right Click Disk 0 and click Properties, showing theproperties page for the disk drive.
6. The Policies tab is used to configure write caching and safe removalsettings.
7. The Volumes tab lists all partitions configured on the Disk
8. The Driver tab allows you to view details about currently installed driver.
Creating and Deleting a Primary
8/2/2019 2 - Windows Server 2
22/30
Creating and Deleting a Primary
Partition.
1. In Disk Management, right click Disk 0, and click NewPartition.
2. Click Next, at New Partition Wizard.
3. Then select the Primary Partition radio button and clickNext.
4. Specify the size of the partition in MB, and click Next.
5. Then assign the drive letter and click Next.
6. Then check Perform a Quick format and click Next and theFinish.
7. To Delete Partition, right Click the Volume and select DeletePartition.
8/2/2019 2 - Windows Server 2
23/30
Creating an extended Partition
1. In Disk Management, right click Disk 0, and click New Partition.
2. Click Next, at New Partition Wizard.
3. Then select the Extended Partition radio button and click Next.
4. Specify the size of the partition in MB, and click Next and then
Finish
8/2/2019 2 - Windows Server 2
24/30
Creating a logical Drive
1. In Disk Management, right click Disk 0, and click NewLogical Drive.
2. Click Next, at New Partition Wizard.
3. Then select the Create new logical drive option and clickNext.
4. Then specify the size in MB, and click Next.
5. Select the drive letter and click Next.
6. Then select Format this partition with the following settings,type in the Volume label, and click Next and then Finish.
8/2/2019 2 - Windows Server 2
25/30
Converting a Basic Disk to a
Dynamic Disk.
1. Right-Click My Computer and click Manage.
2. Expand Storage, and click Disk Management.
3. Right Click Disk 0 and click Convert to Dynamic Disk
4. Then click OK, and click on Convert.5. If Disk Management Dialog appears the click Yes.
6. Then Click Yes to confirm that the file systems on disk will bedismounted
7. Then computer will be rebooted when done.
Note !! To go back to basic disk, all volumes will have to be deleted, soback-up your dynamic disk, and restore from backups later.
8/2/2019 2 - Windows Server 2
26/30
Disk Management:
Fault Tolerant disk Strategies
Allows setup of the system to recover from hardware and softwarefailure.
Windows 2003 Server allows this fault tolerance through software
RAID (Redundant Array of Independent Disks):- which is a set ofstandards for lengthening disk life, preventing data loss andenabling relatively uninterrupted access to data.
RAID is setup depending on level of fault tolerance. Your Server willinclude either 2-3 harddrives with RAID controllers.
The Harddrives are controlled through these controllers dependingon how it has been setup, whether it be for backup, or for speed.
Lets look at the different levels of RAID setup.
8/2/2019 2 - Windows Server 2
27/30
RAID Levels
1) RAID level 0: - Striping (Striped Volumes) with no otherredundancy features, it is just for extending disk life and improveperformance.
2) RAID level 1: - Used for simple mirroring, providing a means ofduplicating the operating systems files in the event of disk failure.It places the backup on a different controller that is used by maindisk. This RAID is much slower as all data has to be written twice.
3) RAID level 2: - Uses an array of disks whereby the data isstriped across all disks in the array, and it contains error-correcting information on each to reconstruct data from a faileddisk.
8/2/2019 2 - Windows Server 2
28/30
Raid levels
4) RAID level 3: - Same as level 2, but stores the error correcting infoonly on one drive, so if that drive fails cannot reconstruct the data.
5) RAID level 4: - Same as level 2, but can perform checksum
verification, which is the sum of bits on a file. So when disk fails and datais reconstructed, the reconstructed file size is compared the checksumsize, and if the two dont match then files might be corrupted.
6) RAID level 5: - Includes striping, error correction and checksum
verification, and all are spread across all of the disks. However this RAIDuses more memory then others. Recovery for this RAID provides sameguarantee as with disk mirroring (level 1), and has much faster readaccess then Level 1.
8/2/2019 2 - Windows Server 2
29/30
Disk Maintenance and
Management UtilitiesThere are a variety of Utilities apart from the Disk Management Tool, which youaccess by opening the properties of a drive.
To name a few:
Check Disk: Allows for scanning of disk for bad sectors and file system errors.
CONVERT: Command line utilities for converting file systems from FAT FAT32or volumes to the NTFS file system.
DISK Cleanup: For removing of temporary internet files, downloaded programs,files in Recycle bin, windows temporary files and installed programs no longerused.
Disk Defragmenter: - locates fragmented folders and files and move them to a
location on the physical disk in a contiguous order.
8/2/2019 2 - Windows Server 2
30/30
References
MCSE (Exam 70-294) Planning, Implementing, and Maintaining a Microsoft
Windows Server 2003 Active Directory Infrastructure 2nd Edition, Published by
Microsoft Press 2006. Jill Spealman, Kurt Hudson, and Melissa Craft with
Anthony Steven of Content Master, ISBN: 0-7356-2286-8
Windows Server 2003 Weekend Crash Course Published by Wiley Publishing2003. Don Jones, ISBN: 0-7645-4925-1
Active Directory Cookbook Published By OReilly 2003. Robbie Allen, ISBN: 0-
596-00464-8