Words: 4597
This directory service enables administrators to create and manage users and groups, set network-wide user and computer policies, manage security, and organize network resources.
Provides a single point of administration of network resources, such as users, groups, shared printers, hared files, servers, and workstations. Provides centralized authentication and authorization of users to network resources. Along with DNS, provides domain-naming services and management for a Windows domain. Enables administrators to assign system policies, deploy software to client computers, and assign permissions and rights to users of network resources. ROD is read only domain controller used in remote locations such as branch office Terminal server allows remote desktop applications.
Groups- Backup Operators, Administrators and Domain Administrators, remote desktop users, Domain users print Operators, Server Operators, SIS seers, Network Configuration Operators Hyper-V feature that comes with Standard, Enterprise, and Decanter editions. Server versions- Standard Edition supports up to four processors. Standard Edition is available in 32-bit and 64-bit versions. The 32-bit version supports up to 4 KGB RAM, and the 64- bit version supports up to 32 KGB RAM. Clustering and support for more processors, are reserved for higher-end editions.
Users of the 64-bit Standard Edition can install one virtual instance of Server 2008 Standard Edition with Hyper-V. Enterprise, Enterprise Edition supports up to eight processors and 4 KGB RAM in the 32-bit version and up to 2 TAB of RAM in the 64-bit version. Server clustering is the most notable feature in Enterprise Edition that isn’t available in Standard Edition. Enterprise Edition permits up to 16 cluster nodes. Another fault-tolerance feature in this edition is hot-add memory. The 64-bit Enterprise Edition permits up to four virtual instances per purchased license with Hyper-V.
Decanter, Decanter Edition includes all the features of Enterprise Edition with support for 32 processors in the 32-bit version and up to 64 processors in the 64-bit version. In addition, Decanter Edition has hose fault-tolerance features: hot-add memory, hot-replace memory, hot- add processors, and hot-replace processors. Decanter Edition can’t be purchased as individual licenses; it must be purchased through volume licensing agreements or from Memos, preinstall on server hardware. The number of virtual instances allowed with the 64-bit Decanter Edition is unlimited.
Microsoft has also released Titanium Edition, designed to run on Intel Titanium processors. This edition is comparable to Decanter Edition, sup-I ports up to 64 IA processors, allows only eight cluster nodes, and doesn’t include Hyper-V. Webster 4 CAP]. Windows Web Server 2008 is designed to operate as a single-purpose Web server running Internet Information Services (IIS) 7. 0. This edition provides hardware support similar to Standard Edition but has no fertilization support and can’t be installed as a domain controller. Windows Server 2008 provides SIS 7. For building both public Web servers and private intranet Web servers. It lacks many features of other editions, such as remote access and Terminal Services. Global Catalog server located on first domain controller. The Shadow Copies service enables users to restore a deleted file or a revises version of a file in a shared folder Fat 16 2 KGB partition. The main reason to use FAT or FATTY on a Windows computer today is if the volume will be used by an older Windows version, such as Windows 98, or by another SO that might not support NUTS.
Fat 32 started at 32 G then increased to 2 Tab FAT/FATTY, which has no user access controls. NETS New Technology File System (NUTS) was introduced in Windows NT 4. 0. Perhaps the most important feature of NUTS is the capability to set user and group permissions on both folders and files. With this feature, administrators can specify which seers can access a file and what users can do with a file if they’re granted access. Max file size is 4 KGB. HOPS high performance file system SO warp Win NT 3. 5. EXT 2 Linux EXT 3 Linux with journaling Permissions Share, Read, Change, Full Control (review permissions) NUTS permissions Read, Read and Execute, List folders, Write, Modify, full control special permissions Compression is blue Encryption is green GPO order Local computer, site, domain update automatic 5 min or manual GPO update /force Hyper V 64 bit Standard Enterprise and decanter. A server running a 64-bit processor with fertilization support and hardware ATA execution protection. Typical processors include Intel Core 2 Duo processors and Intel Core 2 Extreme processors.
MAD offers the Patron 1 000, 4000, and 8000 series processors and Phenol processors. CPU Intel-VT and MAD-V Min 16 SO to SO Upgrade 32 to 32 bit and 64 bit to 64 bit Schema AD objects/ attributes of objects all domains within a forest. Multi forest uses multiple- schema Domain directory Partition will contain OIC, users, groups, and computer. A domain controller is a Windows server that has Active Directory installed and is responsible for allowing client computers access to domain resources. The core component of a Windows domain is Active Directory.
Tools ping, tracer, unspoken, neatest, anabas, ARP-a, dig, patching Profiles roaming, mandatory, local, template, NT users. Data The Active Directory Certificate Services (AD CSS) role provides services for creating, issue? inning, and managing digital certificates that users and computers can use to provide verification of their identities when engaging in secure transactions over a network. Active Directory Federation Services (AD FSP) Active Directory Lightweight Directory Services (AD L IDS) Active Directory Rights Management Services (AD ARMS)
CNN – common name OIL- organizational unit DC- domain controller UDF- distributed File system AD makes it easier to manage servers makes for easy backup authoritative and non authoritative backups. Storage area networks (SANs) Server Message Block (SMB) Secure Socket Tunneling Protocol (EST.). Windows Deployment Services (WADS) updates Remote Installation Services, available in earlier versions of Windows Server. WADS is designed to make unattended network installation of Windows JOSS (in particular, Windows Server 2008 and Vista) easier and faster.
ADSM Directory service restore ode page 1 88 command line (review) Disk quotas limits and warning and deny on exceeded limit CSS hidden share for admit Hardware recommended hardware 2 KGB min ram 512 Max depends on SO install File server resources are used to manage storage space, manage quotas, create reports SITS inter-site topology generator File Compression and Encryption File compression and encryption on an NUTS volume are implemented as file attributes, like the Read-only and Hidden attributes. One caveat: These attributes are mutually exclusive, so a file can’t be both compressed and encrypted.
You can set only one bothers two tributes. Files can be compressed and accessed without users needing to take any explicit action to uncompress them. When a compressed file is opened, the SO uncompress it automatically. On NUTS volumes, you can enable file compression on the entire volume, a folder and its contents, or a file. You can enable compression on an entire volume at the time you format it or by clicking the “Compress this drive to save disk space” option in the General tab of the volume’s Properties dialog box. If you compress a drive when you format it, all files stored on the volume are compressed.
When you empress a volume after it has been formatted, you’re asked whether you want to compress only the root of the drive or the root of the drive plus all suborders and files. If you compress just the root, only new files placed in the root of the volume are compressed. If you compress all suborders and files, all existing files plus new files are compressed on the entire volume. You can compress a single folder as well. The same rules for the volume apply to a folder. If you compress only a folder, only new files added to the folder are compressed, and existing folders and files are left alone.
If you apply changes o this folder, suborders, and files, all new and existing files in the folder and its suborders are compressed. By default, compressed folders and files can be identified by their blue filenames. A single file can be compressed by setting its compression attribute. When copying or moving files, you should be aware of these rules for compression behavior: Files copied to a new location inherit the compression attribute from the parent container. So whether a file is compressed or not, if it’s copied to a folder or volume that has the compression attribute set, the file is compressed.
If the destination’s impression attribute is not set, the file isn’t compressed F . Lies moved to a new location on the same volume retain their current compression attributes. Files moved to a different volume inherit the compression attribute from the parent container. This behavior happens because files moved to a different volume are actually copied to the new volume and deleted from the original volume, so the behavior is the same as with copied files. File encryption on NUTS volumes is made possible by Encrypting File System (FEES) and works in a similar manner to file compression.
You can set the encryption attribute on a ill or folder but not on a volume. If encryption is set on a folder, as with compression, you’re prompted with the option to set the attribute on the folder only or on the folder, suborders, and files. By default, encrypted folders and files can be identified by their filenames displayed in green. The rules for encryption behavior when copying and moving files are different from the rules for compression: Encrypted files that are copied or moved always stay encrypted, regardless of the destination’s encryption attribute.
The exception is if the file is copied or moved to a FAT volume, in which case he file is decrypted because FAT doesn’t support encryption. Unencrypted files that are moved or copied to a folder with the encryption attribute set are always encrypted. Encrypted files can usually be opened only by the user who encrypted the file. However, this user can designate other users who are allowed to access the file. In addition, in a domain environment, the domain Administrator account is designated as a recovery agent. A designated recovery agent can decrypt a file if the user account that encrypted it can no longer access it.
Default and Administrative Shares Every Windows SO since Windows NT (excluding Windows xx and Windows Me) includes administrative shares, which are hidden shares available only to members of the Administrators group. On computers that aren’t domain controllers, these shares are as follows: Admit$?This share provides network access to the Windows folder on the boot volume (usually DriveS?The drive represents the drive letter of a disk volume (for example, C$). The root of each disk volume (except removable disks, such as DVD’s and floppy disks) is shared and accessible by using the drive letter followed by a dollar sign. EPIC$?EPIC means interpreters communications. This share is less an administrative share than it is a system share. The EPIC$ share is used for temporary connections between clients and servers to provide communication between network programs. Short answer DDCD The Dynamic Host Configuration Protocol (DDCD) Server role provides automatic IP address assignment and configuration for client computers. A DDCD server responds to requests from network computers for their IP address configurations, which include an IP address and subnet mask.
Optionally, a DDCD server can provide a default gateway address, DNS server dresses, WINS server addresses, and other options. Limited GUI server core. A DNS server resolves the names of Internet computers and computers that are members of a Windows domain to their assigned IP addresses. FQDN Fully Qualified Domain Name example: Brian. Com Routing and Remote Access Services (ARRAS), which gives remote users access to a private network through traditional dial-up or, more commonly today, through a virtual private network (VPN). Network Policy Server (NAPS) Health Registration Authority (HEAR) Host Credential Authorization Protocol (HACK).
Network Access Protection (NAP). Line Printer Daemon (LIP) role service provides print compatibility with Linux/Lax clients. Terminal Services (T S) enables users and administrators to control a Windows desktop remotely or run applications hosted on a Windows sender remotely. By default, the Terminal Server role service is enabled when this role is installed and permits up to two simultaneous remote desktop sessions. Universal Description, Discovery, and Integration (UDDI) Services enables administrators to manage, catalog, and share Web services with an organization’s intranet users, corporate extranet partners, and Internet users.
Windows Deployment Services (WADS) makes installing multiple Windows systems across the net. Work fast and simple. Administrators can not only install, but also remotely configure Windows Vista and Server 2008 systems. JohnD@siast. Ski. Ca “john doe” considered the attribute In AD what account is not found “local user What folder under the computer configuration mode contains fire wall settings? Administration Templates. Upgrade from 2000 to 2008 not possible. An upgrade from 2003 to 2008 is possible from 32 to 32 bit and from 64 bit to 64 bit.
Windows Server 2003 Standard Edition Windows Server 2008 Standard r Enterprise Edition. Windows Server 2003 Enterprise Edition Windows Server 2008 Enterprise Edition. Windows Server 2003 Decanter Edition Windows Server 2008 Decanter Edition. There’s no upgrade path to Windows Server 2008 Titanium Edition or Windows Web Server 2008. You can’t upgrade to a Server Core installation. Network Directory Services- A network directory service, as the name suggests stores information about a computer network and offers features for retrieving and managing that information. Essentially, it’s a database com. Used of records or objects describing users ND available network resources, such as servers, printers, and applications. Windows Active Directory became part of the Windows family of server JOSS starting with Windows 2000 Server. Before Windows 2000, Windows NT Server had a directory service that was little more than a user manager; it included centralized logon and grouped users and computers into logical security boundaries called domains. Active Directory’s hierarchical database enables administrators to organize users and network resources to reflect the organization of the environment in which it is used.
For example, if a many identifies its users and resources primarily by department or location, Active Directory can be configured to mirror that structure. Active Directory offers the following features, among others, that make it a highly flexible directory service: Hierarchical organization?This structure makes management of network resources and administration of security policies easier. Centralized but distributed database?All network data is centrally located, but it can be distributed among many servers for fast, easy access to information from any location.
Automatic replication of information also revised load balancing and fault tolerance. Active Directory replication is the transfer of information among domain controllers to make sure all domain controllers have consistent and up-to-date information. Scalability?Advanced indexing technology provides high-performance data access, whether Active Directory consists of a few dozen or few million objects. Security?Fine-grained access controls enable administrators to control access to each directory object and its properties.
Active Directory also supports secure authentication protocols to maximize compatibility with Internet applications and other systems. Flexibility?Active Directory is installed with some predefined objects, such as user accounts and groups, but their properties can be modified, and new objects can be added for a customized solution. Policy-based administration?Administrators can define policies to ensure a secure and consistent environment for users yet maintain the flexibility to apply different sets of rules for departments, locations, or user classes as needed.
Each domain controller contains a full replica of the objects that make up the domain and is responsible for the allowing functions: Storing a copy of the domain data and replicating changes to that data to all other domain controllers throughout the domain providing data search and retrieval functions for users attempting to locate objects in the directory Providing authentication and authorization services for users who log on to the domain and attempt to access network resources.
The logical structure of Active Directory makes it possible to pattern the directory service’s look and feel after the organization in which it runs. There are four organizing components of Active Directory: Organizational units US) Domains Trees Forests. These four components can be thought of as containers and are listed from most specific to broadest in terms of what they contain. To use a geographical analogy, an OIL represents a city, a domain is the state, a tree is the county, and a forest is the continent.
An organizational unit (OIC) is an Active Directory container used to organize a network’s users and resources into logical administrative units. An OH contains Active Directory objects, such as user accounts, groups, computer accounts, printers, shared folders, applications, servers, and domain controllers. The OIL structure often mimics a company’s internal administrative structure, although this structure isn’t required. For example, a corporation might create an OIC for each department, but an educational institution might create separate US for students, faculty, and administration or for campus sites.
A domain is Active Directory’s core structural unit. It contains US and represents administrative, security, and policy boundaries. A small to medium company usually has one domain with a single administrative group. However, a large company or a company with several locations might benefit from having little domains to separate administration or accommodate widely differing network policies. An Active Directory tree is less a container than it is simply a grouping of domains that share a common naming structure.
A tree consists of a parent domain and possibly one or more child domains that have the same second-level and top-level domain names as the parent domain. An Active Directory forest is a collection of one or more trees. A forest can consist of a single tree with a single domain, or it can contain several trees, each with a hierarchy of parent and child domains. Each tree in forest has a different naming structure, so although one tree might have colleagues. Com as the parent, another tree in the forest might have infliction. Mom as its parent domain. A forest’s main purpose is to provide a common Active Directory environment, in which all domains in all trees can communicate with one another and share information yet allow independent operation and administration of each domain. Windows NT-The Windows NT domain system was a flat database of users and computers with no way to organize users or resources by department, function, or location, no matter owe many users you had. This single, unstructured list made managing large numbers of users cumbersome.
All information in the Active Directory database is organized as objects. An object is a grouping of information that describes a network resource, such as a shared printer, or an organizing Structure, such as a domain or OIC. An LOG is the primary container Object for organizing and managing resources in a domain. Administrators can use US to organize objects into logical administrative groups, which makes it possible to apply policies to the OH that affect all objects in it. For example, you could apply a policy that prohibits access to Control Panel for all users in that 013.
In addition, you can delegate administrative authority for an OH to a user, thereby allowing that user to manage objects in the OH without giving the user wider authority. Object types typically found in an OH include user accounts, group accounts, computer accounts, shared folders, shared printers, published applications, and other Olds. The schema defines the type, organization, and structure of data stored in the Active Directory database and is shared by all domains in an Active Directory forest.
The information the chem. defines is divided into two categories: schema classes and schema attributes. Schema classes define the types of objects that can be stored in Active Directory, such as user or computer accounts. Schema attributes define what type of information is stored in each object, such as First name, Last name, and Password for a user account object. The information stored in each attribute, such as “Mary” in the First name attribute, is called the attribute value. When Active Directory is first installed, a default schema describes all available default objects.
Folder Objects- When Active Directory s installed, four folder objects are created: Built in?Houses default groups created by Windows and is mainly used to assign permissions to users who have administrative responsibilities in the domain Computers?The default location for computer accounts created when a new computer or server becomes a domain member Foreign Security Principals?lineally empty but later contains user accounts from other domains added as members of the local domain’s groups Users?Stores two default users (Administrator and Guest) and several default groups.
Domain Objects The domain is the core social structure container in Active Directory. Domains contain OIL and folder container objects but can also contain leaf objects, such as users, groups, and so forth. A domain typically reflects the organization of the company in which Active Directory is being used, but in large or geographically dispersed organizations, you can create multiple domains, each representing a business unit or location. The main reasons for using multiple domains are to allow separate administration, define security boundaries, and define policy boundaries.
Each domain object has a default GPO linked to it that can affect al objects in the domain. The domain object in Active Directory Users and Computers is represented by an icon with three tower computers A leaf object doesn’t contain other objects and usually represents a security account, network resource, or GPO. Security account objects include users, groups, and computers. Network resource objects include servers, domain controllers, file shares, printers, and so forth. Loser Accounts A user account object contains information about a network user.
Typically, when a user account is created, the administrator enters at least the user’s name, logon name, and password. However, the user account object contains much more information, such as group memberships, account restrictions (allowed logon hours and account expiration date. Authentication confirms a user’s identity, and the account is then assigned permissions and rights that authorize the user to access resources and perform certain tasks on the computer or domain.
A local user account is defined on a local computer and is authorized to access resources only on that specific computer. A domain user account is created in Active Directory and provides a single logon for users to access all resources in the domain for which they have been authorized. Windows creates two built-in user accounts automatically: Administrator and Guest. Groups A group object represents a collection of users with common permissions or rights requirements on a computer or domain.
Permissions define which resources users can access and what level of access they have to resources. For example, a user might have permission to open and read a certain document but not to change it. A right specifies what types of actions a user can perform on a computer or network. For example, a user might have the right to log on to and log off a computer but not shut down the computer. Groups are used to assign members permissions and rights. ADDS is a command-line tool used to Create new objects in Active Directory.
Locating Active Directory Objects In a large Active Directory environment with hundreds or thousands of users, groups, computers, and other domain objects, locating objects can be difficult for administrators and users alike. Luckily, Active Directory Users and Computers has a search function for administrators, and Windows Explorer incorporates an Active Directory search function for users. You search for Active Directory objects by first selecting the type of object you’re searching for.
For example, you can search for users, contacts, groups, computers, printers, shared folders, and so forth. A Group Policy Object (GPO) is a list of settings that administrators use to configure user and computer operating environments remotely. Group policies can specify security settings, deploy software, and configure a user’s desktop, among many other computer and network settings. They can be configured to affect an entire domain, a site, and, most commonly, users or computers in an OIL. The objects a GPO affects are said to be within that Goop’s scope.
Despite the name, Goops don’t apply to group objects. You can link Goops to sites, domains, and Us, and Goops linked to these containers affect only user or computer accounts in the containers. When Active Directory is installed, TV&’0 Goops are created and linked to two containers: Default Domain Policy?This GPO is linked to the domain object and specifies default settings that affect all users and computers in the domain. The settings in this policy are related mainly to account policies, such as password and logon requirements, and some network security policies. Default Domain Controllers Policy?This GPO is linked to the Domain Controllers OH ND specifies default policy settings for all domain controllers in the domain (provided the computer objects representing domain controllers aren’t moved from the Domain Controllers 01]). The settings in this policy pertain mainly to user rights assignments, which specify the types of actions users can perform on a domain controller. You can view and edit default Goops as well as create and manage Goops by using the Group policy Management MAC.
In the Group Policy Management MAC, there are two nodes for every GPO: Computer Configuration?used to set policies that apply to mutters within the Goop’s scope. These policies are applied to a computer when the computer starts. User Configuration?used to set policies that apply to all users within the Goop’s scope. User policies are applied when a user logs on to any computer in the domain. Each node contains a Policies folder and a Preferences folder. Settings configured in the Policies folder are applied to users or computers and can’t be overridden by users.
Settings in the Preferences folder are applied to users or computers but are just that: preferences. Schema-Schema Information that defines the type, organization, ND structure of data stored in the Active Directory database. Disk quotas don’t apply to admit Published applications are not installed automatically What is not available in server core? It’s not available in Titanium Edition. It doesn’t include a full GUI and doesn’t run the MAC. Server Core has no Start menu or task, just a command prompt window on a plain background.
It lacks many of the user interface features that consume valuable hardware resources and slow critical processes down. Application Server Active Directory Rights Management Services Fax Server UDDI Services Windows Deployment Services Active Directory Certificate Services Network Policy and Access Services Terminal Services Active Directory Federation Services Administrative Templates?This folder contains Control panel, Network, Printers, System, and Windows Components folders.
The settings in these folders affect computer settings that apply to all logged-on users. For example, the Network folder contains settings for configuring Windows Firewall, and Windows Components contains settings for configuring Windows Update. You can control hundreds of computer settings with the Administrative Templates folder. You can remember the order in which Goops are applied with the acronym OLSON: local computer, site, domain, and OIC. Suppurated. Ex, which applies the group policy immediately to the computer on which Suppurated. Exe is running and to the currently logged-on user. Suppurated. Exe is an invaluable tool for testing Goops because it saves consider? able time.