Presentation is loading. Please wait.

Presentation is loading. Please wait.

1.Preparing For Installation 2:Installing windows 2000 Professional Compact Disc. 3. Installing Windows 2000 Advance Server from a Compact disc. 4:

Similar presentations


Presentation on theme: "1.Preparing For Installation 2:Installing windows 2000 Professional Compact Disc. 3. Installing Windows 2000 Advance Server from a Compact disc. 4:"— Presentation transcript:

1

2

3 1.Preparing For Installation 2:Installing windows 2000 Professional Compact Disc. 3. Installing Windows 2000 Advance Server from a Compact disc. 4: Upgrading to Windows 2000 Professional 5: Upgrading to Windows 2000 Advance Server 6: identifying Setup Errors.

4 1: Determining Which Operating System to Use. 2: Identifying System Requirements 3: Determining Disk Partition Options 4: Determining Which File System To Select 5: Determining Which Licensing Mode to Select 6: Determining Whether to Join A Workgroup or Domain 7: Completing a Pre-Installation

5 CPU DISPLAY OTHER DRIVES MEMORY WINDOWS 2000 PRO 64MB RECOMMAND WIN 2000 SER 128 MB SUPPORT 256 RECOMAND 20 GB HARD DISK SPACE ACCESSORIES NETWORKING

6 Create New Partition Unpartitioned Hard Disk Create New Partition on Partitioned Hard Disk Install On Existing Partition Delete Existing Partition to Disk Space Available

7  File and Folder-Level Security  File Compression  Disk Quotas  File Encryption  Supports Dual Boot Configurations  No File And Folder Level Security

8 CAL

9 SAM Single user Account Active Directory

10  Determine the Operating system to Install  Verify Hardware Supported  Verify That Hardware Meets Minimum Requirements  Verify 2GB or More of available Disk Space  Select File System for the Windows 2000 Partition  Select Licensing Mode for Windows 2000 Advance server  Determine Domain or Workgroup  Cerate Domain Computer Account in The Domain  Create Password for the Local Administrator Account

11  Running the Setup Program  Completing the Setup Wizard  Installing network Components

12 Start The Computer from the Compact Disc Select To Install A New Copy of Windows 2000 Read and Accept The Licensing Agreement Select the Partition on Which to Install Select the File System

13  Change Regional Setting (If Necessary)  Enter Your Name and Organization  Enter The Computer Name and Password For Local Administrator Account  Select Date And Time Setting

14  Choose A Network Setting  Provide a Workgroup or Domain Name  Click Finish to Restart the Computer  Configure the Network ID for the Computer

15 1: Running the Setup Program 2: Completing the Setup Wizard 3: Installing Network Components 4: Configuring the Server

16  Start the Computer from the Compact Disc  Select To Install A New Copy of Windows 2000  Read and Accept The Licensing Agreement  Select the Partition on Which to Install  Select the File System

17  Change Regional Setting (If Necessary)  Enter Your Name and Organization  Select The Licensing Mode  Enter The Computer Name and Password For Local Administrator Account  Select Windows 2000 Optional Components  Select Date And Time Setting

18 Choose a Network Setting Provide a Workgroup or Domain Name Enter Local Administrator Account Password

19  Identifying Client Upgrade paths  Upgrading Clients Running Windows 95 0r Windows 98  Upgrading Clients Running Windows NT Workstation 4.0  Installing the Directory Service Clients

20 Windows 95 Windows 98 Windows 2000 Professional Windows NT Workstation o4 4.0 Windows 2000 Professional Windows Workgroup 3.1 Windows NT Workstation o4 4.0 Windows 2000 Professional

21 Windows 95 And Windows 98 Generate A Compatibility report Run the Setup Program to Install Windows 2000 Specifying Update Packets Reviewing Upgrade reports Windows 2000 Professional

22 Windows NT Workstation 3.51 or 4.0 Windows 2000 Professional  Same Registry  Same Application Support  Same Device Support  Easiest Upgrade to Windows 200 Professional

23 The Directory Services Clients Allows Computers Running Windows 95, windows 98 That Cannot Run Windows 200 To:  Use Domain-Base Dfs  Search Active Directory  Change Password or Any Domain Controller

24 Identifying Server Upgrade Paths Backing Up Critical Data Files And Setting

25 PDC Or BDC Win NT 3.5 or 4.0 Domain Control Win 2000 Member Server Win NT Member Server Win 2000 Domain Control Win 2000 Win NT 3.5 or 4.0 Win NT 3.5 OR 3.1

26  Perform the Following Tasks to Back Up Critical Files And Setting: Fix Errors Listed In Event Viewer Back Up All Drives Back Up Registry Update Emergency Repair Disk Remove Virus Scanners, Third Party Network Services, Or Clients Software Disconnect Serial Cables to UPS Reserve IRQs For Non-Plug And Play Isa Devices

27 Error Media Errors Error Non-Supported CD-ROM Drive Error Insufficient Disk Space Error Failure of Dependency Service To Start Error Inability To Connect to the Domain Controller Error Failure of Windows 2000 to Install or Start

28

29 Introduction to User Accounts Guidelines For New User Accounts Creating Local Use Accounts Creating And Configuring Domain user Accounts Setting Propties for Domain User Accounts Customizing for Setting With User Profiles Best Practices

30 Local User Account  Enable User to log on And Access Resources on a Specific  Reside in Sam Domain User Accounts  Enable Users To Perform Administrative Tasks or join Access to Network  Reside in Active Directory Administrator And Guest Built-in User Accounts  Enable user to perform Administrative Task or join Temporary Access To Network  Reside in Sam (Local Built-in Use Accounts)  Reside In Active Directory (Domain User Accounts)

31  Naming Conventions  Password Guidelines  Account Option

32 User Logon Names And Full Names must be Unique. User Logon Name.  Can Contain up to 20 Characters  Can Include a Combination of Special Alphanumeric Characters A Naming Convention Should.  Accommodates Duplicate employee Names  Identifies temporary Employees

33  Assign a Password for the Administrator Account  Determine Who Has Control Over Password  Educate User on How to Use Passwords  Avoid Obvious Associations, Such As a Family Name  Use Long Passwords  Use a Combination Of Uppercase and Lowercase Characters

34  Set Logon Hours to Match Users’ Work Hours  Specify the Computers from Which a User Can Log On o Domain Users can log on at any computer in the Domain, By default o Domain Users Can be restricted to Specific Computers to increase Security  Specify When a User Account Expires

35 Created On Computers Running Windows 2000 Professional. Created in Stand- Alone or Member Server Running Win 2000 Server or Win 2000 adv server. Reside in SAM

36  Installing Windows 2000 Administration Tools  Creating A Domain User Account  Setting Password Requirements  Managing User Data by Creating Home Folders

37  Active Directory Domain And Trust  Active Directory Sites and Services  Active Directory Users and Computers  Components Services  Computer Management  DHCP  DNS  Domain Controller Security Policy  Event Viewer  Internet Services Manger  Local Security Policy  Services  Routing and Remote Access

38

39

40 Home User 1 User 2 User 3  Consider the following when You Create a home Folder:  Backup and Restore capability  Sufficient space on the server  Sufficient space on user Computers  Network performance  To create a home Folder: 1.Create a shared folder on a server 2.Assign the appropriate permission 3.Provide a Path for the user Account

41 Setting Propties for Domain User Accounts Setting personal properties Setting accounts properties Specifying logon option Coping domain user accounts Creating user account templates

42 Setting personal properties  Add personal information about users As store in active directory  use personal properties to search Active directory

43 Setting accounts properties

44 Specifying logon option

45 Copying an Existing Domain User Account to Simply the Process of creating a New Domain User Account. Domain User Account User 1 Domain User Account User 2 Copy Domain User 1Domain User 2

46

47  User Profile types  creating roaming And Mandatory user Profiles

48  User Profile types Modify Display Regional Setting Mouse Sound User Profile Default user Profile  Serves as the bases for all User profiles Local User Profiles  Created the first time a user logs on to a Computer  stored on a computer’s Local hard disk  Roaming User profile  Created by the System Administrator  Store on a Server  Mandatory user profile  Created by the System Administrator  Store on a Server Display Regional Setting Mouse Sound Win 2000 Client Win 2000 Client Win 2000 Client Profile Server

49 Creating Roaming User Profile Create a Shared folder on the Server Specify the shared Folder in Path Information Create a Mandatory user profile Create a shared Folder on the Server with a User profile folder inside Set up a configured roaming user Profile Rename Ntuser.dat to ntuser.man

50

51  Introduction to Windows 2000 Groups  Implementing Groups In a Workgroup  Implementing Groups In a Domain  Best Practices

52  How Windows 2000 Groups Work  Groups in Workgroups And Domain

53 Permissions Assigned Once for a group Permissions Assigned Once for Each User Account Group Permissions Permissions User o Group Members Have the Rights and Permissions Granted to the Group o User can Be Members of Multiple Groups o Groups And Computers Can Also Be Members of Group

54 SAM Member Server Client Computer Domain Controller Created in Computers That are not Domain Controllers Reside in SAM Used to Control Access to Resources for the Computer Created on Domain Controller Reside in Active Directory Used to Control Resources in the Domain SAM

55  Local group  Built-in Local groups  the Strategy for using Local Groups in a Workgroup  Creating Local Groups

56 o The Guidelines for a Local Groups:  Use Local groups on computers that do not belong to a Domain  Use Local Groups to control Access to resources and and who can perform System tasks on the Local Computer o Membership Rules for Local Groups:  Local groups can only contain local user account that are on the local Computer  Local Groups cannot be a member of any other group o Members of the Administration group or Account Operators Group on the Local Computers can Create Local Groups

57 Built-in Groups Have a Predetermined set of rights And they can not be deleted  Built-in Local Groups: o Members have rights to perform system tasks o User accounts can be added  Special Identities (Special Groups) o Organize users for system Use o Have automatic membership that cannot be Modified

58 A L P A L P A L P A L P Add Assign Win 2000 professional Win 2000 professional Win 2000 professional Win 2000 Server User Account A Local Group L Permissions P Add Assign Workgroup

59 Computer Management Action View Tree Computer Management System tools Event Viewer System information Shared Folder Device Manger Local User User Group New Group Refresh Help New Group Group Name Description: Members: Add…Remove Create Close

60  Group Types And Scopes  Built-in and Predefined groups in Domain  The Strategy for using groups in a Single Domain  Guidelines for Creating Domain Groups  Creating and Deleting Domain Groups

61  Group Types And Scopes Group types Security Groups Distribution Groups Used to assign Permission can be used As an e-main Distribution List Can not Used to assign Permission can be used As an e-main Distribution List Group Scopes Global group Domain Local Group Universal group Used to organize users who share Similar network access requirements Used to Assign permissions to domain Resources. Used to assign Permissions to related Resources in multiple Domains

62 Built-in and Predefined groups in Domain  Built-in Domain Local Groups Give user predefined Rights and Permissions to Perform tasks: o On Domain Controllers o In Active Directory  Special Identities: o Organize users for System use o Membership in automatic and can cont be modified  Predefined Global groups give Administrators Control Of Domain Resources

63  The Strategy for using groups in a Single Domain A G DL P Strategy for Groups in a Domain User Account Global Group Domain Local group A G DL P Add

64  Guidelines for Creating Domain Groups  Determine Which Group Scope To use  Determine Whether you Have Permissions to Create Groups  Determine the Name of the group

65  Creating and Deleting Domain Groups  You are Active Directory Users And Computers to Create And Delete Group  When you Delete a Group Its: o Right and Permission are Removed o Members are not Deleted o SID in Never Used Again Group Name

66 Select Add

67

68 Introduction to NTFS Permission How Windows 2000 Applies NTFS Permissions Using NTFS Permissions Using Special NTFS Permissions Compressing Data on an NTFS partition Configuring Disk Quotas On NTFS Partitions Securing Data By Using EFS

69 User1 User2 Read ACL Group 1 Full Control User 1 Read Group 1 Full Control No Access

70 How Windows 2000 Applies NTFS Permissions  Multiple NTFS Permissions  NTFS Permissions Inheritance  Copying and Moving Files and Folders  Class Discussion: Apply NTFS Permissions

71  NTFS Permissions Are Cumulative  File Permission override Folder Permission  Deny Overrides Other Permission Group B Write Group A Deny Write to File 2 User 1 Read Read/ Write Folder A File 1 File 2 NTFS Partition

72 NTFS Permissions Inheritance Read/Write Folder A File 1 Prevent Inheritance Read/Write Folder A File 1 Access to File 1 No Access to File 1

73 NTFS Partition D:\ NTFS Partition C:\ Copy Move NTFS Partition E:\ Copy or Move All copying inherits Permissions Only Moving to the Same Partition Retains Permissions

74 User group User 1 Sales Group  User Group 1 Write to Folder1  Sales Group Read to Folder 1  Users Group Read to Folder 1  Sales Group Write to folder 2 2  User Group Modify to folder 1  File 2 should only be Accessible to sales Group, and only for Read access 3 Folder 1 File 1 Folder 2 File 1

75  Using NTFS Permissions  Granting NTFS Permissions  Setting Permission Inheritance  Best Practices For Granting NTFS permissions

76  Granting NTFS Permissions

77  Setting Permission Inheritance

78 Best Practices For Granting NTFS permissions  grant permissions to Groups As Opposed to Users  Group resources to simplify Administration  Only Allow Users the Level of Access That they Require  Create Groups According to The Access that the Group Members Require  Grant read & Execute Permissions for application Folders  grant Read & Execute and Write Permissions for data Folders

79 Using NTFS Permissions Introduction to Special NTFS Permissions Granting Special NTFS Permissions

80 Introduction to Special NTFS Permissions Owner Administrator Permission to Change Permissions & take ownership User, Groups Change Permissions Take ownership Read Standard permissions Special Access Permissions Read Data Read Attributes Read Permissions Read extended attributes

81

82 Compressing Data on an NTFS partition  Introduction to Compressed files and Folder  Compressing files and folders  Copying and Moving Compressed files and folder  Best practices for compressing data

83 File A File B NTFS Partition  Space Allocation  Compression State Display Color  Access to Compressed Files Through Applications

84  Compressing files and folders

85 Copy Inherits A NTFS Partition Copy Retains B NTFS Partition Copy Inherits NTFS Partition CD  Copying and Moving Compressed files and folder

86  Best practices for compressing data  Determine Which File Types to Compress  Do Not Compress Already Compressed files  Use different Display Colors For compressed files and Folders  Compress static Data Rather Than Data That Changes Frequently

87 Configuring Disk Quotas On NTFS Partitions  Using Disk Quotas  Setting Disk Quotas

88  Using Disk Quotas  Usage Calculation based on file and folder ownership  Compression Ignored when Calculating Usage  Free Space for Applications Based on Quota Limit  Disk Quotas tracked for Each NTFS Partition

89  Setting Disk Quotas Option Description Enable Quota Management Deny disk space to users Exceeding quota limit User cannot write to volume when they exceed their Hard disk space allocation Do not limit disk usage No hard disk space limit for users Set warning level to Specify amount of disk space users can fill before Event is logged Limit disk space to Specify amount of disk space user can use Quota entries Add entries, delete entries, view properties for entries User MB User 2 35 MB NTFS Partition

90 Securing Data By Using EFS o Introduction to EFS o Encrypting a Folder or File o Decrypting a Folder or File o Recovering an Encrypted Folder or file

91 o Introduction to EFS  Key features of EFS:  Operates in the background  In Accessible Only to an Authorized User  Provides built-in Data Recovery Support  Requires at Least One Recovery Agent …….. ……… ……..

92 o Encrypting a Folder or File ……… ……… Encrypt Contents To Secure Data Open File in Folder When file is saved, It is encrypted by Using file encrypted Keys File encrypted Keys are Stored in the data decryption Field and the Data recovery field In the file header

93 o Decrypting a Folder or File ……… EFS automatically detects Encryption And Locates User certificate and Assoc tied Private Key ……… Your Private Key is Applied to the DDF ……… File Content Appears On Screen In Plain Text

94 o Recovering an Encrypted Folder or file ……… Owner’s Key is Unavailable ……… Recovery agent uses His Private key to recover file

95

96  Windows 2000 Disk Types  Creating partitions on basic Disk  Creating volumes on a dynamic disk  Performing Common disk Management Task  Best Practices

97  Windows 2000 Disk Types F D E C BASIC DISK DYNAMIC DISK

98 BASIC DISK F E D C G F E D C OR PRIMARY PARTITIONS EXTENDED PARTITION WITH LOGICAL DRIVES  A Basic is the default storage medium for Windows 2000  the Characteristics of Basic Disks Are That:  It can have up to Four partitions  It is compatible with other types of Disk storage  The Partition types Are:  Primary  Extended  Logical Drives

99 DYNAMIC DISK  A Dynamic Disk Can Include Noncontiguous space on Any Available Disk  There is No Limit on the number of volumes per Disk  windows 2000 Stores disk configuration information on The Dynamic disk Simple Volume Striped VolumeSpanned Volume Mirrored vol Raid-5

100 Creating partitions on basic Disk

101  Creating volumes on a dynamic disk  upgrading from a Basic Disk To a Dynamic Disk  Creating Simple Volumes  Extending Simple Volumes

102  Upgrading from a Basic Disk To a Dynamic Disk Basic Dynamic System and Boot Partitions Primary and extended Partitions, and Logical Drives Volume set ( Win NT 4.0) Stripe set (win NT 4.0) Mirror Set ( Win NT 4.0) Stripe Set with Parity (Win NT 4.0) Simple Volume Spanned Volume Striped Volume Mirrored Volume RAID-5 Volume Dynamic Volume Version  To Revert to a Basic Disk, All Data and Volume must be Removed

103  Creating Simple Volumes A SIMPLE VOLUME: o Contains space on Single disk o Has Less Restrictions than a Basic Disk Partition o Can Use the NTFS, FAT, or FAT32 File system o Can Be Mirrored to Provide Fault Tolerance o Is Created by Using the Create Volume Wizard

104  Repairing and deleting Partitions And Volumes  Adding Disk  Managing drive Letters and Paths  Managing disks remotely  Defragmenting partitions

105  Repairing and deleting Partitions And Volumes Repair a Disk When The Partition or Volume is Marked Missing Or Offline

106  Adding Disk  Adding Disk From other computers  Importing Incomplete volume Produces Status Message:  Failed: Incomplete volume  Failed Redundancy

107  For Drive Letters You Can:  Use Only 25 Letters  Assign, remove or Modify Drive Letters  For Drive Paths You Can  Have More Than 26 drives  Mount and remove Mount Points  You Can Change drive letters to other Letters or Mount Points  Managing drive Letters and Paths

108

109  Defragmenting partitions

110

111  Introduction to Active Directory  Active Directory Structure  Active Directory physical structure  Methods for Administering A Windows 2000 Network

112 Introduction to Active Directory What is Active Directory? Active directory Objects Active directory Schema lightweight directory access protocol (LDAP)

113 What is Active Directory? Directory Service functionality  Organize  Manage  Control Resources Centralized Management  Single point of Administration  Full User access to directory Resources by a single Logon

114 Active directory Objects Objects Printers Attributes Printer Name Printer Location Users Attributes First Name Last Name Logon name Active directory Printers Printer1 Printer2 Printer3 Users Don Hall Suzan Fine Attribute Value  Objects Represent Network Resources  Attributes Store information About an Object

115 Active directory Schema Objects Class Examples Computers Users Printers Arrtibutes of User Might contain: Account expires Department Distinguished name Middle Name List of Attributes Account Expires Department Distinguished name Direct Reports Dns Host Name Operating system Reps form Middle Name Attributes Examples Active Directory Schema is:  Dynamically Available  Dynamically Updateable  Protected By DACLs

116  LDAP provides a Way to Communicate with Active Directory by Specifying Unique naming Paths for Each Object in the Directory.  LDAP Naming Paths Include:  Distinguished Names CN= Suzan Fine OU= Sales DC= Contoso DC= Msft  Relative Distinguished Names

117 Domains Organizational Units Trees and Forest Global catalog

118 Domains  A Domain is a Security Boundary A domain Administrator can Administer only within the Domain, Unless Explicitly granted Administration Rights In Other Domain  A Domain is a Unit of replication Domain Controllers in a Domain Participate in Replication and contain a complete copy of the directory information for their domain Windows 2000 Domain Replication

119 Organizational Units Network Administrative Model Sales Users Computers Organizational structure Vancouver Sales Repair  Use OUs to group Objects into a Logical Hierarchy that Best suits the Needs of your Organization  Delegate administrative control over the Objects within an OU by assigning specific permissions to users and Groups

120 Trees and Forest Syed. Com Asia.syed.com Asia.syed.com Tree Syed. Com Root Asia.syed.com Asia.syed.com Two-Way Transitive trust Forest Two-Way Transitive trust

121 Global catalog Subset of the Attributes of all Objects Global Catalog Global Catalog Server Domain Queries Group Membership When User Logs on

122  Active Directory physical structure  Domain Controllers  Sites

123 Domain Controllers o Participate in Active Directory Replication o Perform Single Master Operations Roles in a Domain Replication Domain Controller Domain Controller = A Writeable copy of the Active directory database

124 Seattle Los Angeles Chicago New York Site Ip Subnet Ip Subnet Sites: Optimize replication traffic Enable Users to Log on to a Domain controller by Using A reliable, High-speed connection

125 Methods for Administering A Windows 2000 Network  Using Active directory for centralized Management  Managing the User environment

126 Using Active directory for centralized Management Search Domain OU1OU2 User 1User2 Printer 1 Active directory:  Enables a Single Administrator to centrally Mange Resources  Allows Administrators to Easily Locate Information  Allows Administrators to group objects into Ous  Uses Group Policy to specify Policy-based setting Computer

127  Managing the User environment Apply Group Policy Once Windows 2000 Enforces continually OU1OU2OU3 Domain Use Group Policy:  Control and Lock Down What user can Do  Centrally Manage software installation, repairs, Updates and removal  Configure user data to follow Users Whether they are Online or Offline

128

129  Introduction to Creating a Windows 2000 Domain  Installing Active Directory  The Active Directory Installation Process  Examining the Default Structure of Active Directory  Performing Post Active Directory Installing Tasks  Troubleshooting the Installation of Active Directory  Removing Active Directory  Best Practices

130  Introduction to Creating a Windows 2000 Domain  Domains Are the Core Administrative Unit  The First Domain Created is the Root Domain of Entire Forest or the Forest Root  Using The Active Directory Installation Wizard, you Can Create Domain And Domain Controllers New Forest First Domain Controller Forest Root (First Domain) Additional Domain Controller (Replica)

131  Installing Active Directory  Preparing to Install Active Directory  Creating the First Domain  Adding a Replica Domain Controller  Using an Unattended Setup Script to Install Active Directory

132 Preparing to Install Active Directory Active Directory Installation Requirements Computer Running Windows 2000 Server, Window 2000 Advance Server, Or 2000 Datacenter Server Minimum Disk Space of 200 MB for Active Directory and 50 MB for Log Files Partition or Volume That is Formatted With The NTFS File System TCP/IP Installed And Configured to Use DNS Appropriate Administrative Privileges For Creating a Domain in An Existing Network

133  Creating the First Domain o Start the Active Directory Installation Wizard o Select The Domain Controller and Domain Type o Specify the Required Information Domain, DNS, And NetBIOS Names Database, Log, and Shared System Volume Locations Select To Weaken Permission Specify a Password to use in Directory Services Restore Mode o The Active Directory Installation Wizard: Installs Active Directory Converts the Computer to a Domain Controller

134  Adding a Replica Domain Controller  Fault Tolerance Requires a Minimum of Two Domain Controllers in A Single Domain  More than one Domain Controller in a Domain Also Ensure that a single Domain Controller in Not Overloaded  Run Dcpromo to Add a Domain Controller to an Existing Domain  The Active Directory Installation Wizard:  Converts the computer to a domain controller  Replicates Active directory from an existing domain Controller

135 Using an Unattended Setup Script to Install Active Directory An answer File:  Contains all of the parameters needed for an unattended Session of Installing active directory  contains only the (dc install) section of the unattended setup parameters file  Can be run After windows 2000 server setup has been completed and a user has logged on to the computer dcpromo /answer: Notepad (unattended) (dc install) Answer file

136  The Active Directory Installation Process configuring Parameters Site Configuration Directory services configuration Services and Security configuration Additional Active Directory Installation Operations

137 configuring Parameters Checks Performed By the Active Directory Installation Wizard Before Installing Active Directory Verifies User Interface Parameters Verifies NetBIOS Name And Server Name Verifies TCP/IP Configuration Validates the DNS and NetBIOS Domain Name Verifies User Credentials Verifies File Locations

138 Site Configuration  The Domain Controller is Added to the Site that is Assoctied with its Subnet  The Server is Placed in the Default-First-site-Name Site if No Subnet Object is Found  The Active Directory Installation Wizard Creates a server Objects.

139 Directory services configuration Directory Service Configuration Operations Operations for All types of Installation  creates the Required Registry  Set up performance counters for Active directory  Configures the server to automatically enroll for an x.509 Domain Controller certificate  Starts the Keyboards V5 Authentication service  Set the Local Security Authority (LSA) Policy  Installs shortcuts to Administration Tools in Active directory Directory Partitions configuration  Creates the Schema directory Partition  Create the configuration directory Partition  Create the domain directory Partition

140 Services and Security configuration Configuration Services and Security Setting services to start Automatically Remote Procedure Call (RPC) Locator Net Logon KDC Intersite Messaging Distributed Link Tracking server Windows Time Setting Security Sets Security for the directory services and the file Replication folders  Configures default DACLs on the file and object in Active directory  Configures default group Policy by using the security templates

141 Additional Active Directory Installation Operations Additional Operations  Sets Computer DNS root Domain Name  Determine whether the server computer is a members of the Domain  Creates a Computer Account in the Domain Controllers OU  Applies the User-provide Password for the Administrator Account  Creates a Cross-Reference Object in the Configuration Controller  Add Shortcuts  Create the SYSVOL Folder  Create Schema And Configuration Contains

142 Examining the Default Structure of Active Directory Hold the Default Win 2000 Security groups Default Location for Computer Accounts Default Location for Domain Computer Accounts Holds Security Identify From external, trust Domain Default Location of user And Group Accounts

143  Performing Post Active Directory Installing Tasks  Verifying the Active directory Installation  Implementing Active directory Integrated Zones  Securing Updates for Active Directory Integrated Zones  Changing The Domain Mode  Implementing An Organizational Unit Structure

144  Verifying the Active directory Installation Verifying the Active directory Installation Verify SRV Resource Records Verify SYSVOL Verify the Directory Database and Log Files Verify the installation Results by Examining the Event Logs SYSVOL DNS Database And Logs Files

145  Implementing Active directory Integrated Zones  Use DNS to Integrate a DNS Zone with Active Directory  Implement a Forward Lookup Zone  Implement a Reverse Lookup Zone DNS Server Contoso.msft Zone Database Active Directory Integrated Zone

146 Securing Updates for Active Directory Integrated Zones  Use DNS to secure Update for Active directory Integrated Zones  Secure the Active directory Integrated Zones to Enable You to control Access to Zones and Resource Records Zone Database Client DNS Server Contoso.msft Active Directory Integrated Zone Secure Update

147 Changing The Domain Mode  Active directory Installs in Mixed Mode to Provide Support for Existing Domain Controllers  Group Nesting and Universal Security groups Requires A Domain to be in Native Mode Domain Controller (Win 2000) Domain Controller Win NT 4.0 And Mixed Mode Domain Controller (Win 2000 Only)

148 Implementing An Organizational Unit Structure Implement an OU Structure if You Want To:  Enhance Administrative Control Delegate Administrative control over Network Resources Group similar Network Resources under one OU Simplify Object Administration, and control Visibility of Network Resources Make Resources Administration More Efficient Create and OU in a Domain or within Another OU by Using Active Directory Users and Computers

149 Troubleshooting the Installation of Active Directory Error Access Denied While Creating or Adding Domain Controllers Error DNS or NetBIOS Domain Names are not Unique Error Domain Cannot Be Contacted Error Insufficient Disk Space

150  Removing Active Directory  Remove Active Directory by: Using the Active Directory Installation wizard Providing Appropriate Administrative Credentials  The Active Directory Installation Wizard perform specific Removal Operations Depending on the type of Domain Provide Credentials:  Enterprise admin group member  Domain Admin group Member Remove Active Directory

151

152 Overview of DHCP Installing the DHCP Service Authorizing The DHCP Service Creating and Configuring A Scope Customizing DHCP Functionality Configuring DHCP in A Routed Network Supporting DHCP

153 Overview of DHCP  Manual vs. Automatic TCP/IP Configuration  DHCP Operation  The DHCP Lease Generation Process  The DHCP Lease Renewal Process  Requirements for DHCP Servers and Clients

154 Manual vs. Automatic TCP/IP Configuration Manual TCP/IP Configuration IP Address Entered Manually On Each Client Computer Possibility of Entering In Correct or Invalid IP Address Incorrect Configuration can Lead to Communication and Network Problems Administrative Overload on Networks where computers Are Frequently Moved Disadvantages Automatic TCP/IP Configuration advantages IP Address are Supplied Automatically to Client Computers Ensures that Clients Always Use Correct Configuration Information Elimination of common Source of Network Problems Client Configuration Updated Automatically to Reflect Changes in Network Structure

155  DHCP Operation Non-DHCP Client: Static IP Configuration DHCP Server IP Address 2 IP Address 1 DHCP Client: IP Configuration From DHCP Server DHCP Client: IP Configuration From DHCP Server DHCP Database IP Address 1 IP Address 2 IP Address 3

156  The DHCP Lease Generation Process DHCP ClientDHCP Servers 1 IP Lease Request 2 3 IP Lease Offer IP Lease Selection IP Lease Acknowledgement 4

157  The DHCP Lease Renewal Process DHCP Request Source IP Address= Dest. IP Address = Requested IP Address= Hardware Address= DHCP Client DHCP Server DHCPCK Source IP Address= Dest. IP Address = Offered IP Address= Client Hardware Address= Subnet Mask = Length Of Lease= 8 Days Server Identifier= DHCP Option: Router=

158 Requirements for DHCP Servers and Clients  DHCP Server Requirements (Windows 2000 Server)  The DHCP Service  Static IP Address, Subnet Mask, Default Gateway  Range of Valid IP Address  DHCP Clients  Windows 2000 Professional or Windows 2000 Server  Windows NT Server or Workstation 3.51 Or later  Windows 95 or Windows 98  Windows for Workgroup 3.11, Running TCP/IP  Microsoft Network Client 3.0 for MS-DOS  LAN Manger 2.2c  Non-Microsoft Operating System

159 Installing the DHCP Service

160 Authorizing The DHCP Service DHCP Server Clients Domain Controller/ DHCP Server DHCP Services Checks for Authorization  If authorized the Service starts Properly  If unauthorized, the Service Logs an error and will not respond to Clients

161  Overview Of Scopes DHCP Server IP Address Available Lease to client Computers Scope

162  Using the New Scope Wizard You Use the New Scope Wizard to: o Configure Scope Parameters o Change the Default Lease Duration o Activate a Scope

163  Configuring a Scope with Options Scope Options Supported by DHCP Include:  IP Address of a Router  IP Address of a DNS Server  DNS Domain Name  IP Address of WINS Server  Type of NetBIOS over TCP/IP Name Resolution

164  Customizing the Use of Scope Option Scope Options Server Level Scope Level Class Level Reserved Client Level

165 Reserving IP Address for Clients Computers

166 Customizing DHCP Functionality Using Option classes Combining Scopes by Using Super Scopes Issuing Multicast Address by Using Multicast Scopes

167 Using Option classes  Vendor-Defined classes manage DHCP Options Identified by Operating System vender Type  User-Defined Classed Manage DHCP Option With Common Configuration Requirements DHCP Server Configuration A Configuration B Configuration C Client 1 Client 2 Client 3

168 Combining Scopes by Using Super Scopes Super Scope A Scope Scope DHCP Server

169 Issuing Multicast Address by Using Multicast Scopes DHCP Server Computer 2 Computer 3 Computer 4 Computer 1 Multicast Group Request for Multicast address Assigned

170 Configuring DHCP in A Routed Network  Routed Network configuration Options  Using a DHCP Relay Agent

171 Routed Network configuration Options DHCP Client DHCP Relay Agent Windows 2000 Server Router DHCP Server DHCP Client Non RFC Compliant RFC Compliant

172  Using a DHCP Relay Agent DHCP Client DHCP Relay Agent Subnet 1 Router DHCP Server Subnet 2

173 Supporting DHCP  Monitoring the DHCP Server Services  Troubleshooting DHCP Database Problems  Removing A DHCP Server from service

174 Monitoring the DHCP Server Services When you Enable Logging, the DHCP Server Creates Log Files Called DHCPSrvlog. The DHCP Server Stores These Files in the DHCP Database Directory DHCP Database Dhcp Srvlog

175 DHCP Database Store Systemroot\system32\dhcp Store Systemroot\system32\dhcp\backup\jet\new Troubleshooting DHCP Database Problems

176 Removing A DHCP Server from service Before Removing a DHCP Server for Service  Set short Lease Durations For Clients  Ensure New Lease for Clients  Record Any Reserved Addresses  Large Address Pool In Other DHCP Servers  Transfer IP Address to the New Scope

177

178  Overview Of the DNS Query Process Query Types Iterative Query Recursive Query The DNS Server return the Best answer That it can Provide With out help form Other server The DNS server return a complete answer To the query, not a pointer to another DNS Server Lookup Types Forward Lookup Reverse Lookup Requires Name-to-Address resolution Requires Address-to-Name resolution

179  Installing the DNS Server Service

180 IP Address can be Provide by a DHCP Server or Manually Configured  Configuring Name Resolution for Client Computers

181  Creating Zones Identifying Zone Types Examining the zone File Creating Lookup Zones

182  Identifying Zone Types Change Primary Zone Secondary Zone Zone Transfer Standard Zone Change Zone Transfer Active directory Integrated zones

183  Examining the Zone File Resources Record in a zone file can contain a computers  FQDN  IP Address  Alias NS casablanca.africa.nwtrades.msft. Casablanca A Marrakech CNAME casablanca.africa.nwtrades.msft in-add.arpa. PTR casablanca.africa.nwtrades.msft. Zone Database File Zone DNS Server

184 Creating Lookup Zones Forward Lookup IP Address for Khan.com ? IP Address Reverse Lookup Name Of ? Name = khan.com DNS Server

185  Configuring Standard Zones  Zone Transfer Process  Configuring Zone transfers  Creating A Sub domain  configuring Active directory Integrated Zones  Migrating zones to the windows 2000 DNS server Service  Configuring Zones

186  Configuring Standard Zones  You can Configure A DNS Server to host standers primary Zones, Strand Secondary Zones, or any Combination of Zones.  You can designate a primary server or a Secondary server as a master server for a standers Secondary zone A Primary Zone B Secondary Zone Master DNS Server DNS Server A C Secondary Zone Master DNS Server DNS Server A DNS Server B DNS Server C Zone Information

187  Zone Transfer Process A master DNS server send Notification of zone Changes to The Secondary server or Servers The Secondary server queries a master DNS Server for changes to the zone File DNS Server (Master) DNS Server Primary Zone Database File Secondary Zone Database File nwtraders SupportTraining Zone 1

188  Configuring Zone transfers

189  Creating A Sub domain  Create a Sub Domain to Better Organize you Namespace  Delegate Authority of a Sub Domain To Delegate Management of Portions of the Namespace Delegate Administration tasks of Maintaining on Large DNS Database Org. Com. Edu.Au. Microsoft.com Training.microsoft.com RootTop-level DomainSecond-level DomainSub Domain

190 configuring Active directory Integrated Zones Active Directory Integrated zone Data Is  Stored as an Active directory Object  Replicated as part of Domain Replication DNS Server Nwtradres.msft Active Directory Integrated zone Active directory

191 Migrating zones to the windows 2000 DNS server Service Files in the windows 2000 DNS server service Domain_name.dns The forward Lookup file that is used to Translate Host Names to IP Address z.y.x.w.in-addr.arpa The Reverse Lookup file that is used to Translate IP Address to Host Names Cache.dns Contains the required Host information for Resolving Names outside authoritative Boot Control How the DNS Server service Start

192  configure a Root Zone on a DNS Server When:  your Intranet is not connected to the internet  you are using a proxy to gain access to the internet Org. Com. Edu. Au. Com Microsoft.com Delegate Microsoft.com Private Network Internet Root domain Com. Delegate Microsoft.com Record for Com Microsoft.com Root Domain Proxy Server Private Network  Configuring DNS for Internal Use

193  Integrating DNS and DHCP Overview of Dynamic Update Configuring Dynamic Updates Securing Dynamic Updates

194 Overview of Dynamic Update Computer 1 Request for IP Address Assign IP Address Of Dynamic Update Computer DNS Server Zone database DHCP Server

195 Configuring Dynamic Updates Configure the DNS Server to Allow Dynamic Updates Configure the DHCP Server for Dynamic Updates Configure windows 2000 –Based clients Dynamic Updates

196 Securing Dynamic Updates Active directory Integrated zone Secure Dynamic Update

197  Maintaining and troubleshooting DNS Servers  Reducing Network traffic by Using caching-Only Server  Maintaining DNS Zones  Monitoring DNS Servers  Verifying Resources Records by Using NSlookup  Troubleshooting Name Resolution Problems

198 Reducing Network traffic by Using caching-Only Server Caching-Only Servers  Perform name Resolution on behalf of client computers and cache the results  Can be used to reduce DNS-related traffic across a WAN Client Caching-Only Servers Remote Office DNS Server Slow Wan Link Corporate Headquarters

199  Maintaining DNS Zones

200  Monitoring DNS Servers

201  Verifying Resources Records by Using NSlookup Use Nslookup to verify that the information contained in Resources records is correct

202  Troubleshooting Name Resolution Problems troubleshooting Name resolution on Clients computers Registering Client Computers Troubleshooting Zone transfer Problems

203

204  Introduction ISA Server  Using Caching  Using Firewalls  Deployment scenarios for ISA Server

205 Introduction ISA Server o ISA Server Editions o Benefits of ISA Server o Installation Modes

206 o ISA Server Editions  ISA Server Standard Edition  ISA Server Enterprise edition

207 Benefits of ISA Server Acceleration Fast web access with a High performance Cache Security Secure Internet connectivity a Multilayered Firewall Management Unified Management with Integrated Administration Extensibility Extensible and open platform

208 o Installation Modes o Cache Mode o Firewall Mode o Integrated Mode o Features Available with Each Mode

209  Using Caching  The Caching Process  Types of caching Cache

210 The Caching Process ISA Server Internet 2 GET Client 1Client 2 Cache 1 GET 4 GET 3 Object is sent from internet 5 object is sent from cache

211  Types Of Caching Forward Caching Cache Internet Reverse Caching Cache Internet Distributed Caching Internal Network Web Server Internal Network Cache Internet

212  Using Firewalls  Firewall Overview  Bastion Host  Perimeter network with Three-Homed firewall  Perimeter Network with Back-to-Back Firewalls  Filters and Network Access

213  Firewall Overview  A firewall is:  Controlled point of access for all traffic that enters the internet Network  A Controlled Point of Access for all Traffic that Leaves the internet network

214 Bastion Host Internet Firewall Internal Network

215 Perimeter network with Three-Homed firewall Internet Perimeter Network Internal Network Firewall

216 Perimeter Network with Back-to-Back Firewalls Internal Firewall External Firewall

217  Filters and Network Access Access Policy Allow Http All destinations Streaming Media Streaming Media STMP DNS IntrusionFirewall Internal Network External Network

218 Deployment scenarios for ISA Server  Branch Office/Small Business Cache Server  Branch Office/Small Business Firewall  Enterprise Cache  Enterprise Firewall

219 Branch Office/Small Business Cache Server Main Office Cache Branch Office ISA Server Cache ISA Server Small business Internet

220  Branch Office/Small Business Firewall Internet ISA Server Actual Connection Branch Office or Small Business Perceived connection

221  Enterprise Cache Server Cache Internet ISA Server Array Corporate Network

222 ISA Server Perimeter Network Internet  Enterprise Firewall


Download ppt "1.Preparing For Installation 2:Installing windows 2000 Professional Compact Disc. 3. Installing Windows 2000 Advance Server from a Compact disc. 4:"

Similar presentations


Ads by Google