Download presentation
Presentation is loading. Please wait.
Published byRachael Wale Modified over 9 years ago
3
1.Preparing For Installation 2:Installing windows 2000 Professional Compact Disc. 3. Installing Windows 2000 Advance Server from a Compact disc. 4: Upgrading to Windows 2000 Professional 5: Upgrading to Windows 2000 Advance Server 6: identifying Setup Errors.
4
1: Determining Which Operating System to Use. 2: Identifying System Requirements 3: Determining Disk Partition Options 4: Determining Which File System To Select 5: Determining Which Licensing Mode to Select 6: Determining Whether to Join A Workgroup or Domain 7: Completing a Pre-Installation
5
CPU DISPLAY OTHER DRIVES MEMORY WINDOWS 2000 PRO 64MB RECOMMAND WIN 2000 SER 128 MB SUPPORT 256 RECOMAND 20 GB HARD DISK SPACE ACCESSORIES NETWORKING
6
Create New Partition Unpartitioned Hard Disk Create New Partition on Partitioned Hard Disk Install On Existing Partition Delete Existing Partition to Disk Space Available
7
File and Folder-Level Security File Compression Disk Quotas File Encryption Supports Dual Boot Configurations No File And Folder Level Security
8
CAL
9
SAM Single user Account Active Directory
10
Determine the Operating system to Install Verify Hardware Supported Verify That Hardware Meets Minimum Requirements Verify 2GB or More of available Disk Space Select File System for the Windows 2000 Partition Select Licensing Mode for Windows 2000 Advance server Determine Domain or Workgroup Cerate Domain Computer Account in The Domain Create Password for the Local Administrator Account
11
Running the Setup Program Completing the Setup Wizard Installing network Components
12
Start The Computer from the Compact Disc Select To Install A New Copy of Windows 2000 Read and Accept The Licensing Agreement Select the Partition on Which to Install Select the File System
13
Change Regional Setting (If Necessary) Enter Your Name and Organization Enter The Computer Name and Password For Local Administrator Account Select Date And Time Setting
14
Choose A Network Setting Provide a Workgroup or Domain Name Click Finish to Restart the Computer Configure the Network ID for the Computer
15
1: Running the Setup Program 2: Completing the Setup Wizard 3: Installing Network Components 4: Configuring the Server
16
Start the Computer from the Compact Disc Select To Install A New Copy of Windows 2000 Read and Accept The Licensing Agreement Select the Partition on Which to Install Select the File System
17
Change Regional Setting (If Necessary) Enter Your Name and Organization Select The Licensing Mode Enter The Computer Name and Password For Local Administrator Account Select Windows 2000 Optional Components Select Date And Time Setting
18
Choose a Network Setting Provide a Workgroup or Domain Name Enter Local Administrator Account Password
19
Identifying Client Upgrade paths Upgrading Clients Running Windows 95 0r Windows 98 Upgrading Clients Running Windows NT Workstation 4.0 Installing the Directory Service Clients
20
Windows 95 Windows 98 Windows 2000 Professional Windows NT Workstation 3.5.1 o4 4.0 Windows 2000 Professional Windows Workgroup 3.1 Windows NT Workstation 3.5.1 o4 4.0 Windows 2000 Professional
21
Windows 95 And Windows 98 Generate A Compatibility report Run the Setup Program to Install Windows 2000 Specifying Update Packets Reviewing Upgrade reports Windows 2000 Professional
22
Windows NT Workstation 3.51 or 4.0 Windows 2000 Professional Same Registry Same Application Support Same Device Support Easiest Upgrade to Windows 200 Professional
23
The Directory Services Clients Allows Computers Running Windows 95, windows 98 That Cannot Run Windows 200 To: Use Domain-Base Dfs Search Active Directory Change Password or Any Domain Controller
24
Identifying Server Upgrade Paths Backing Up Critical Data Files And Setting
25
PDC Or BDC Win NT 3.5 or 4.0 Domain Control Win 2000 Member Server Win NT Member Server Win 2000 Domain Control Win 2000 Win NT 3.5 or 4.0 Win NT 3.5 OR 3.1
26
Perform the Following Tasks to Back Up Critical Files And Setting: Fix Errors Listed In Event Viewer Back Up All Drives Back Up Registry Update Emergency Repair Disk Remove Virus Scanners, Third Party Network Services, Or Clients Software Disconnect Serial Cables to UPS Reserve IRQs For Non-Plug And Play Isa Devices
27
Error Media Errors Error Non-Supported CD-ROM Drive Error Insufficient Disk Space Error Failure of Dependency Service To Start Error Inability To Connect to the Domain Controller Error Failure of Windows 2000 to Install or Start
29
Introduction to User Accounts Guidelines For New User Accounts Creating Local Use Accounts Creating And Configuring Domain user Accounts Setting Propties for Domain User Accounts Customizing for Setting With User Profiles Best Practices
30
Local User Account Enable User to log on And Access Resources on a Specific Reside in Sam Domain User Accounts Enable Users To Perform Administrative Tasks or join Access to Network Reside in Active Directory Administrator And Guest Built-in User Accounts Enable user to perform Administrative Task or join Temporary Access To Network Reside in Sam (Local Built-in Use Accounts) Reside In Active Directory (Domain User Accounts)
31
Naming Conventions Password Guidelines Account Option
32
User Logon Names And Full Names must be Unique. User Logon Name. Can Contain up to 20 Characters Can Include a Combination of Special Alphanumeric Characters A Naming Convention Should. Accommodates Duplicate employee Names Identifies temporary Employees
33
Assign a Password for the Administrator Account Determine Who Has Control Over Password Educate User on How to Use Passwords Avoid Obvious Associations, Such As a Family Name Use Long Passwords Use a Combination Of Uppercase and Lowercase Characters
34
Set Logon Hours to Match Users’ Work Hours Specify the Computers from Which a User Can Log On o Domain Users can log on at any computer in the Domain, By default o Domain Users Can be restricted to Specific Computers to increase Security Specify When a User Account Expires
35
Created On Computers Running Windows 2000 Professional. Created in Stand- Alone or Member Server Running Win 2000 Server or Win 2000 adv server. Reside in SAM
36
Installing Windows 2000 Administration Tools Creating A Domain User Account Setting Password Requirements Managing User Data by Creating Home Folders
37
Active Directory Domain And Trust Active Directory Sites and Services Active Directory Users and Computers Components Services Computer Management DHCP DNS Domain Controller Security Policy Event Viewer Internet Services Manger Local Security Policy Services Routing and Remote Access
40
Home User 1 User 2 User 3 Consider the following when You Create a home Folder: Backup and Restore capability Sufficient space on the server Sufficient space on user Computers Network performance To create a home Folder: 1.Create a shared folder on a server 2.Assign the appropriate permission 3.Provide a Path for the user Account
41
Setting Propties for Domain User Accounts Setting personal properties Setting accounts properties Specifying logon option Coping domain user accounts Creating user account templates
42
Setting personal properties Add personal information about users As store in active directory use personal properties to search Active directory
43
Setting accounts properties
44
Specifying logon option
45
Copying an Existing Domain User Account to Simply the Process of creating a New Domain User Account. Domain User Account User 1 Domain User Account User 2 Copy Domain User 1Domain User 2
47
User Profile types creating roaming And Mandatory user Profiles
48
User Profile types Modify Display Regional Setting Mouse Sound User Profile Default user Profile Serves as the bases for all User profiles Local User Profiles Created the first time a user logs on to a Computer stored on a computer’s Local hard disk Roaming User profile Created by the System Administrator Store on a Server Mandatory user profile Created by the System Administrator Store on a Server Display Regional Setting Mouse Sound Win 2000 Client Win 2000 Client Win 2000 Client Profile Server
49
Creating Roaming User Profile Create a Shared folder on the Server Specify the shared Folder in Path Information Create a Mandatory user profile Create a shared Folder on the Server with a User profile folder inside Set up a configured roaming user Profile Rename Ntuser.dat to ntuser.man
51
Introduction to Windows 2000 Groups Implementing Groups In a Workgroup Implementing Groups In a Domain Best Practices
52
How Windows 2000 Groups Work Groups in Workgroups And Domain
53
Permissions Assigned Once for a group Permissions Assigned Once for Each User Account Group Permissions Permissions User o Group Members Have the Rights and Permissions Granted to the Group o User can Be Members of Multiple Groups o Groups And Computers Can Also Be Members of Group
54
SAM Member Server Client Computer Domain Controller Created in Computers That are not Domain Controllers Reside in SAM Used to Control Access to Resources for the Computer Created on Domain Controller Reside in Active Directory Used to Control Resources in the Domain SAM
55
Local group Built-in Local groups the Strategy for using Local Groups in a Workgroup Creating Local Groups
56
o The Guidelines for a Local Groups: Use Local groups on computers that do not belong to a Domain Use Local Groups to control Access to resources and and who can perform System tasks on the Local Computer o Membership Rules for Local Groups: Local groups can only contain local user account that are on the local Computer Local Groups cannot be a member of any other group o Members of the Administration group or Account Operators Group on the Local Computers can Create Local Groups
57
Built-in Groups Have a Predetermined set of rights And they can not be deleted Built-in Local Groups: o Members have rights to perform system tasks o User accounts can be added Special Identities (Special Groups) o Organize users for system Use o Have automatic membership that cannot be Modified
58
A L P A L P A L P A L P Add Assign Win 2000 professional Win 2000 professional Win 2000 professional Win 2000 Server User Account A Local Group L Permissions P Add Assign Workgroup
59
Computer Management Action View Tree Computer Management System tools Event Viewer System information Shared Folder Device Manger Local User User Group New Group Refresh Help New Group Group Name Description: Members: Add…Remove Create Close
60
Group Types And Scopes Built-in and Predefined groups in Domain The Strategy for using groups in a Single Domain Guidelines for Creating Domain Groups Creating and Deleting Domain Groups
61
Group Types And Scopes Group types Security Groups Distribution Groups Used to assign Permission can be used As an e-main Distribution List Can not Used to assign Permission can be used As an e-main Distribution List Group Scopes Global group Domain Local Group Universal group Used to organize users who share Similar network access requirements Used to Assign permissions to domain Resources. Used to assign Permissions to related Resources in multiple Domains
62
Built-in and Predefined groups in Domain Built-in Domain Local Groups Give user predefined Rights and Permissions to Perform tasks: o On Domain Controllers o In Active Directory Special Identities: o Organize users for System use o Membership in automatic and can cont be modified Predefined Global groups give Administrators Control Of Domain Resources
63
The Strategy for using groups in a Single Domain A G DL P Strategy for Groups in a Domain User Account Global Group Domain Local group A G DL P Add
64
Guidelines for Creating Domain Groups Determine Which Group Scope To use Determine Whether you Have Permissions to Create Groups Determine the Name of the group
65
Creating and Deleting Domain Groups You are Active Directory Users And Computers to Create And Delete Group When you Delete a Group Its: o Right and Permission are Removed o Members are not Deleted o SID in Never Used Again Group Name
66
Select Add
68
Introduction to NTFS Permission How Windows 2000 Applies NTFS Permissions Using NTFS Permissions Using Special NTFS Permissions Compressing Data on an NTFS partition Configuring Disk Quotas On NTFS Partitions Securing Data By Using EFS
69
User1 User2 Read ACL Group 1 Full Control User 1 Read Group 1 Full Control No Access
70
How Windows 2000 Applies NTFS Permissions Multiple NTFS Permissions NTFS Permissions Inheritance Copying and Moving Files and Folders Class Discussion: Apply NTFS Permissions
71
NTFS Permissions Are Cumulative File Permission override Folder Permission Deny Overrides Other Permission Group B Write Group A Deny Write to File 2 User 1 Read Read/ Write Folder A File 1 File 2 NTFS Partition
72
NTFS Permissions Inheritance Read/Write Folder A File 1 Prevent Inheritance Read/Write Folder A File 1 Access to File 1 No Access to File 1
73
NTFS Partition D:\ NTFS Partition C:\ Copy Move NTFS Partition E:\ Copy or Move All copying inherits Permissions Only Moving to the Same Partition Retains Permissions
74
User group User 1 Sales Group User Group 1 Write to Folder1 Sales Group Read to Folder 1 Users Group Read to Folder 1 Sales Group Write to folder 2 2 User Group Modify to folder 1 File 2 should only be Accessible to sales Group, and only for Read access 3 Folder 1 File 1 Folder 2 File 1
75
Using NTFS Permissions Granting NTFS Permissions Setting Permission Inheritance Best Practices For Granting NTFS permissions
76
Granting NTFS Permissions
77
Setting Permission Inheritance
78
Best Practices For Granting NTFS permissions grant permissions to Groups As Opposed to Users Group resources to simplify Administration Only Allow Users the Level of Access That they Require Create Groups According to The Access that the Group Members Require Grant read & Execute Permissions for application Folders grant Read & Execute and Write Permissions for data Folders
79
Using NTFS Permissions Introduction to Special NTFS Permissions Granting Special NTFS Permissions
80
Introduction to Special NTFS Permissions Owner Administrator ---------- Permission to Change Permissions & take ownership User, Groups Change Permissions Take ownership Read Standard permissions Special Access Permissions Read Data Read Attributes Read Permissions Read extended attributes
82
Compressing Data on an NTFS partition Introduction to Compressed files and Folder Compressing files and folders Copying and Moving Compressed files and folder Best practices for compressing data
83
File A File B NTFS Partition Space Allocation Compression State Display Color Access to Compressed Files Through Applications
84
Compressing files and folders
85
Copy Inherits A NTFS Partition Copy Retains B NTFS Partition Copy Inherits NTFS Partition CD Copying and Moving Compressed files and folder
86
Best practices for compressing data Determine Which File Types to Compress Do Not Compress Already Compressed files Use different Display Colors For compressed files and Folders Compress static Data Rather Than Data That Changes Frequently
87
Configuring Disk Quotas On NTFS Partitions Using Disk Quotas Setting Disk Quotas
88
Using Disk Quotas Usage Calculation based on file and folder ownership Compression Ignored when Calculating Usage Free Space for Applications Based on Quota Limit Disk Quotas tracked for Each NTFS Partition
89
Setting Disk Quotas Option Description Enable Quota Management Deny disk space to users Exceeding quota limit User cannot write to volume when they exceed their Hard disk space allocation Do not limit disk usage No hard disk space limit for users Set warning level to Specify amount of disk space users can fill before Event is logged Limit disk space to Specify amount of disk space user can use Quota entries Add entries, delete entries, view properties for entries User 1 100 MB User 2 35 MB NTFS Partition
90
Securing Data By Using EFS o Introduction to EFS o Encrypting a Folder or File o Decrypting a Folder or File o Recovering an Encrypted Folder or file
91
o Introduction to EFS Key features of EFS: Operates in the background In Accessible Only to an Authorized User Provides built-in Data Recovery Support Requires at Least One Recovery Agent …….. ……… ……..
92
o Encrypting a Folder or File......... ………......... ……… Encrypt Contents To Secure Data Open File in Folder When file is saved, It is encrypted by Using file encrypted Keys File encrypted Keys are Stored in the data decryption Field and the Data recovery field In the file header
93
o Decrypting a Folder or File......... ……… EFS automatically detects Encryption And Locates User certificate and Assoc tied Private Key......... ……… Your Private Key is Applied to the DDF......... ……… File Content Appears On Screen In Plain Text
94
o Recovering an Encrypted Folder or file......... ……… Owner’s Key is Unavailable......... ……… Recovery agent uses His Private key to recover file
96
Windows 2000 Disk Types Creating partitions on basic Disk Creating volumes on a dynamic disk Performing Common disk Management Task Best Practices
97
Windows 2000 Disk Types F D E C BASIC DISK DYNAMIC DISK
98
BASIC DISK F E D C G F E D C OR PRIMARY PARTITIONS EXTENDED PARTITION WITH LOGICAL DRIVES A Basic is the default storage medium for Windows 2000 the Characteristics of Basic Disks Are That: It can have up to Four partitions It is compatible with other types of Disk storage The Partition types Are: Primary Extended Logical Drives
99
DYNAMIC DISK A Dynamic Disk Can Include Noncontiguous space on Any Available Disk There is No Limit on the number of volumes per Disk windows 2000 Stores disk configuration information on The Dynamic disk Simple Volume Striped VolumeSpanned Volume Mirrored vol Raid-5
100
Creating partitions on basic Disk
101
Creating volumes on a dynamic disk upgrading from a Basic Disk To a Dynamic Disk Creating Simple Volumes Extending Simple Volumes
102
Upgrading from a Basic Disk To a Dynamic Disk Basic Dynamic System and Boot Partitions Primary and extended Partitions, and Logical Drives Volume set ( Win NT 4.0) Stripe set (win NT 4.0) Mirror Set ( Win NT 4.0) Stripe Set with Parity (Win NT 4.0) Simple Volume Spanned Volume Striped Volume Mirrored Volume RAID-5 Volume Dynamic Volume Version To Revert to a Basic Disk, All Data and Volume must be Removed
103
Creating Simple Volumes A SIMPLE VOLUME: o Contains space on Single disk o Has Less Restrictions than a Basic Disk Partition o Can Use the NTFS, FAT, or FAT32 File system o Can Be Mirrored to Provide Fault Tolerance o Is Created by Using the Create Volume Wizard
104
Repairing and deleting Partitions And Volumes Adding Disk Managing drive Letters and Paths Managing disks remotely Defragmenting partitions
105
Repairing and deleting Partitions And Volumes Repair a Disk When The Partition or Volume is Marked Missing Or Offline
106
Adding Disk Adding Disk From other computers Importing Incomplete volume Produces Status Message: Failed: Incomplete volume Failed Redundancy
107
For Drive Letters You Can: Use Only 25 Letters Assign, remove or Modify Drive Letters For Drive Paths You Can Have More Than 26 drives Mount and remove Mount Points You Can Change drive letters to other Letters or Mount Points Managing drive Letters and Paths
109
Defragmenting partitions
111
Introduction to Active Directory Active Directory Structure Active Directory physical structure Methods for Administering A Windows 2000 Network
112
Introduction to Active Directory What is Active Directory? Active directory Objects Active directory Schema lightweight directory access protocol (LDAP)
113
What is Active Directory? Directory Service functionality Organize Manage Control Resources Centralized Management Single point of Administration Full User access to directory Resources by a single Logon
114
Active directory Objects Objects Printers Attributes Printer Name Printer Location Users Attributes First Name Last Name Logon name Active directory Printers Printer1 Printer2 Printer3 Users Don Hall Suzan Fine Attribute Value Objects Represent Network Resources Attributes Store information About an Object
115
Active directory Schema Objects Class Examples Computers Users Printers Arrtibutes of User Might contain: Account expires Department Distinguished name Middle Name List of Attributes Account Expires Department Distinguished name Direct Reports Dns Host Name Operating system Reps form Middle Name Attributes Examples Active Directory Schema is: Dynamically Available Dynamically Updateable Protected By DACLs
116
LDAP provides a Way to Communicate with Active Directory by Specifying Unique naming Paths for Each Object in the Directory. LDAP Naming Paths Include: Distinguished Names CN= Suzan Fine OU= Sales DC= Contoso DC= Msft Relative Distinguished Names
117
Domains Organizational Units Trees and Forest Global catalog
118
Domains A Domain is a Security Boundary A domain Administrator can Administer only within the Domain, Unless Explicitly granted Administration Rights In Other Domain A Domain is a Unit of replication Domain Controllers in a Domain Participate in Replication and contain a complete copy of the directory information for their domain Windows 2000 Domain Replication
119
Organizational Units Network Administrative Model Sales Users Computers Organizational structure Vancouver Sales Repair Use OUs to group Objects into a Logical Hierarchy that Best suits the Needs of your Organization Delegate administrative control over the Objects within an OU by assigning specific permissions to users and Groups
120
Trees and Forest Syed. Com Asia.syed.com Asia.syed.com Tree Syed. Com Root Asia.syed.com Asia.syed.com Two-Way Transitive trust Forest Two-Way Transitive trust
121
Global catalog Subset of the Attributes of all Objects Global Catalog Global Catalog Server Domain Queries Group Membership When User Logs on
122
Active Directory physical structure Domain Controllers Sites
123
Domain Controllers o Participate in Active Directory Replication o Perform Single Master Operations Roles in a Domain Replication Domain Controller Domain Controller = A Writeable copy of the Active directory database
124
Seattle Los Angeles Chicago New York Site Ip Subnet Ip Subnet Sites: Optimize replication traffic Enable Users to Log on to a Domain controller by Using A reliable, High-speed connection
125
Methods for Administering A Windows 2000 Network Using Active directory for centralized Management Managing the User environment
126
Using Active directory for centralized Management Search Domain OU1OU2 User 1User2 Printer 1 Active directory: Enables a Single Administrator to centrally Mange Resources Allows Administrators to Easily Locate Information Allows Administrators to group objects into Ous Uses Group Policy to specify Policy-based setting Computer
127
Managing the User environment Apply Group Policy Once Windows 2000 Enforces continually OU1OU2OU3 Domain Use Group Policy: Control and Lock Down What user can Do Centrally Manage software installation, repairs, Updates and removal Configure user data to follow Users Whether they are Online or Offline
129
Introduction to Creating a Windows 2000 Domain Installing Active Directory The Active Directory Installation Process Examining the Default Structure of Active Directory Performing Post Active Directory Installing Tasks Troubleshooting the Installation of Active Directory Removing Active Directory Best Practices
130
Introduction to Creating a Windows 2000 Domain Domains Are the Core Administrative Unit The First Domain Created is the Root Domain of Entire Forest or the Forest Root Using The Active Directory Installation Wizard, you Can Create Domain And Domain Controllers New Forest First Domain Controller Forest Root (First Domain) Additional Domain Controller (Replica)
131
Installing Active Directory Preparing to Install Active Directory Creating the First Domain Adding a Replica Domain Controller Using an Unattended Setup Script to Install Active Directory
132
Preparing to Install Active Directory Active Directory Installation Requirements Computer Running Windows 2000 Server, Window 2000 Advance Server, Or 2000 Datacenter Server Minimum Disk Space of 200 MB for Active Directory and 50 MB for Log Files Partition or Volume That is Formatted With The NTFS File System TCP/IP Installed And Configured to Use DNS Appropriate Administrative Privileges For Creating a Domain in An Existing Network
133
Creating the First Domain o Start the Active Directory Installation Wizard o Select The Domain Controller and Domain Type o Specify the Required Information Domain, DNS, And NetBIOS Names Database, Log, and Shared System Volume Locations Select To Weaken Permission Specify a Password to use in Directory Services Restore Mode o The Active Directory Installation Wizard: Installs Active Directory Converts the Computer to a Domain Controller
134
Adding a Replica Domain Controller Fault Tolerance Requires a Minimum of Two Domain Controllers in A Single Domain More than one Domain Controller in a Domain Also Ensure that a single Domain Controller in Not Overloaded Run Dcpromo to Add a Domain Controller to an Existing Domain The Active Directory Installation Wizard: Converts the computer to a domain controller Replicates Active directory from an existing domain Controller
135
Using an Unattended Setup Script to Install Active Directory An answer File: Contains all of the parameters needed for an unattended Session of Installing active directory contains only the (dc install) section of the unattended setup parameters file Can be run After windows 2000 server setup has been completed and a user has logged on to the computer dcpromo /answer: Notepad (unattended) (dc install) Answer file
136
The Active Directory Installation Process configuring Parameters Site Configuration Directory services configuration Services and Security configuration Additional Active Directory Installation Operations
137
configuring Parameters Checks Performed By the Active Directory Installation Wizard Before Installing Active Directory Verifies User Interface Parameters Verifies NetBIOS Name And Server Name Verifies TCP/IP Configuration Validates the DNS and NetBIOS Domain Name Verifies User Credentials Verifies File Locations
138
Site Configuration The Domain Controller is Added to the Site that is Assoctied with its Subnet The Server is Placed in the Default-First-site-Name Site if No Subnet Object is Found The Active Directory Installation Wizard Creates a server Objects.
139
Directory services configuration Directory Service Configuration Operations Operations for All types of Installation creates the Required Registry Set up performance counters for Active directory Configures the server to automatically enroll for an x.509 Domain Controller certificate Starts the Keyboards V5 Authentication service Set the Local Security Authority (LSA) Policy Installs shortcuts to Administration Tools in Active directory Directory Partitions configuration Creates the Schema directory Partition Create the configuration directory Partition Create the domain directory Partition
140
Services and Security configuration Configuration Services and Security Setting services to start Automatically Remote Procedure Call (RPC) Locator Net Logon KDC Intersite Messaging Distributed Link Tracking server Windows Time Setting Security Sets Security for the directory services and the file Replication folders Configures default DACLs on the file and object in Active directory Configures default group Policy by using the security templates
141
Additional Active Directory Installation Operations Additional Operations Sets Computer DNS root Domain Name Determine whether the server computer is a members of the Domain Creates a Computer Account in the Domain Controllers OU Applies the User-provide Password for the Administrator Account Creates a Cross-Reference Object in the Configuration Controller Add Shortcuts Create the SYSVOL Folder Create Schema And Configuration Contains
142
Examining the Default Structure of Active Directory Hold the Default Win 2000 Security groups Default Location for Computer Accounts Default Location for Domain Computer Accounts Holds Security Identify From external, trust Domain Default Location of user And Group Accounts
143
Performing Post Active Directory Installing Tasks Verifying the Active directory Installation Implementing Active directory Integrated Zones Securing Updates for Active Directory Integrated Zones Changing The Domain Mode Implementing An Organizational Unit Structure
144
Verifying the Active directory Installation Verifying the Active directory Installation Verify SRV Resource Records Verify SYSVOL Verify the Directory Database and Log Files Verify the installation Results by Examining the Event Logs SYSVOL DNS Database And Logs Files
145
Implementing Active directory Integrated Zones Use DNS to Integrate a DNS Zone with Active Directory Implement a Forward Lookup Zone Implement a Reverse Lookup Zone DNS Server Contoso.msft Zone Database Active Directory Integrated Zone
146
Securing Updates for Active Directory Integrated Zones Use DNS to secure Update for Active directory Integrated Zones Secure the Active directory Integrated Zones to Enable You to control Access to Zones and Resource Records Zone Database Client DNS Server Contoso.msft Active Directory Integrated Zone Secure Update
147
Changing The Domain Mode Active directory Installs in Mixed Mode to Provide Support for Existing Domain Controllers Group Nesting and Universal Security groups Requires A Domain to be in Native Mode Domain Controller (Win 2000) Domain Controller Win NT 4.0 And Mixed Mode Domain Controller (Win 2000 Only)
148
Implementing An Organizational Unit Structure Implement an OU Structure if You Want To: Enhance Administrative Control Delegate Administrative control over Network Resources Group similar Network Resources under one OU Simplify Object Administration, and control Visibility of Network Resources Make Resources Administration More Efficient Create and OU in a Domain or within Another OU by Using Active Directory Users and Computers
149
Troubleshooting the Installation of Active Directory Error Access Denied While Creating or Adding Domain Controllers Error DNS or NetBIOS Domain Names are not Unique Error Domain Cannot Be Contacted Error Insufficient Disk Space
150
Removing Active Directory Remove Active Directory by: Using the Active Directory Installation wizard Providing Appropriate Administrative Credentials The Active Directory Installation Wizard perform specific Removal Operations Depending on the type of Domain Provide Credentials: Enterprise admin group member Domain Admin group Member Remove Active Directory
152
Overview of DHCP Installing the DHCP Service Authorizing The DHCP Service Creating and Configuring A Scope Customizing DHCP Functionality Configuring DHCP in A Routed Network Supporting DHCP
153
Overview of DHCP Manual vs. Automatic TCP/IP Configuration DHCP Operation The DHCP Lease Generation Process The DHCP Lease Renewal Process Requirements for DHCP Servers and Clients
154
Manual vs. Automatic TCP/IP Configuration Manual TCP/IP Configuration IP Address Entered Manually On Each Client Computer Possibility of Entering In Correct or Invalid IP Address Incorrect Configuration can Lead to Communication and Network Problems Administrative Overload on Networks where computers Are Frequently Moved Disadvantages Automatic TCP/IP Configuration advantages IP Address are Supplied Automatically to Client Computers Ensures that Clients Always Use Correct Configuration Information Elimination of common Source of Network Problems Client Configuration Updated Automatically to Reflect Changes in Network Structure
155
DHCP Operation Non-DHCP Client: Static IP Configuration DHCP Server IP Address 2 IP Address 1 DHCP Client: IP Configuration From DHCP Server DHCP Client: IP Configuration From DHCP Server DHCP Database IP Address 1 IP Address 2 IP Address 3
156
The DHCP Lease Generation Process DHCP ClientDHCP Servers 1 IP Lease Request 2 3 IP Lease Offer IP Lease Selection IP Lease Acknowledgement 4
157
The DHCP Lease Renewal Process DHCP Request Source IP Address= 192.168.0.77 Dest. IP Address = 192.168.0.108 Requested IP Address= 192.168.0.77 Hardware Address= 08004------- DHCP Client DHCP Server DHCPCK Source IP Address= 192.168.0.108 Dest. IP Address = 192.168.0.77 Offered IP Address= 192.168.0.77 Client Hardware Address= 08004--- Subnet Mask = 255.255.255.0 Length Of Lease= 8 Days Server Identifier= 192.168.0.108 DHCP Option: Router= 192.168.0.1
158
Requirements for DHCP Servers and Clients DHCP Server Requirements (Windows 2000 Server) The DHCP Service Static IP Address, Subnet Mask, Default Gateway Range of Valid IP Address DHCP Clients Windows 2000 Professional or Windows 2000 Server Windows NT Server or Workstation 3.51 Or later Windows 95 or Windows 98 Windows for Workgroup 3.11, Running TCP/IP Microsoft Network Client 3.0 for MS-DOS LAN Manger 2.2c Non-Microsoft Operating System
159
Installing the DHCP Service
160
Authorizing The DHCP Service DHCP Server Clients Domain Controller/ DHCP Server DHCP Services Checks for Authorization If authorized the Service starts Properly If unauthorized, the Service Logs an error and will not respond to Clients
161
Overview Of Scopes DHCP Server IP Address Available Lease to client Computers Scope 192.168.1.0 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4
162
Using the New Scope Wizard You Use the New Scope Wizard to: o Configure Scope Parameters o Change the Default Lease Duration o Activate a Scope
163
Configuring a Scope with Options Scope Options Supported by DHCP Include: IP Address of a Router IP Address of a DNS Server DNS Domain Name IP Address of WINS Server Type of NetBIOS over TCP/IP Name Resolution
164
Customizing the Use of Scope Option Scope Options Server Level Scope Level Class Level Reserved Client Level
165
Reserving IP Address for Clients Computers
166
Customizing DHCP Functionality Using Option classes Combining Scopes by Using Super Scopes Issuing Multicast Address by Using Multicast Scopes
167
Using Option classes Vendor-Defined classes manage DHCP Options Identified by Operating System vender Type User-Defined Classed Manage DHCP Option With Common Configuration Requirements DHCP Server Configuration A Configuration B Configuration C Client 1 Client 2 Client 3
168
Combining Scopes by Using Super Scopes Super Scope A Scope 1 192.168.1.1 192.168.1.254 Scope 2 192.168.2.1 192.168.2.254 DHCP Server 192.168.1.1192.168.1.254192.168.2.1192.168.2.254
169
Issuing Multicast Address by Using Multicast Scopes DHCP Server Computer 2 Computer 3 Computer 4 Computer 1 Multicast Group Request for Multicast address Assigned
170
Configuring DHCP in A Routed Network Routed Network configuration Options Using a DHCP Relay Agent
171
Routed Network configuration Options DHCP Client DHCP Relay Agent Windows 2000 Server Router DHCP Server DHCP Client Non RFC Compliant RFC Compliant
172
Using a DHCP Relay Agent DHCP Client DHCP Relay Agent Subnet 1 Router DHCP Server Subnet 2
173
Supporting DHCP Monitoring the DHCP Server Services Troubleshooting DHCP Database Problems Removing A DHCP Server from service
174
Monitoring the DHCP Server Services When you Enable Logging, the DHCP Server Creates Log Files Called DHCPSrvlog. The DHCP Server Stores These Files in the DHCP Database Directory DHCP Database Dhcp Srvlog
175
DHCP Database Store Systemroot\system32\dhcp Store Systemroot\system32\dhcp\backup\jet\new Troubleshooting DHCP Database Problems
176
Removing A DHCP Server from service Before Removing a DHCP Server for Service Set short Lease Durations For Clients Ensure New Lease for Clients Record Any Reserved Addresses Large Address Pool In Other DHCP Servers Transfer IP Address to the New Scope
178
Overview Of the DNS Query Process Query Types Iterative Query Recursive Query The DNS Server return the Best answer That it can Provide With out help form Other server The DNS server return a complete answer To the query, not a pointer to another DNS Server Lookup Types Forward Lookup Reverse Lookup Requires Name-to-Address resolution Requires Address-to-Name resolution
179
Installing the DNS Server Service
180
IP Address can be Provide by a DHCP Server or Manually Configured Configuring Name Resolution for Client Computers
181
Creating Zones Identifying Zone Types Examining the zone File Creating Lookup Zones
182
Identifying Zone Types Change Primary Zone Secondary Zone Zone Transfer Standard Zone Change Zone Transfer Active directory Integrated zones
183
Examining the Zone File Resources Record in a zone file can contain a computers FQDN IP Address Alias Record @ NS casablanca.africa.nwtrades.msft. Casablanca A 192.168.11.1 Marrakech CNAME casablanca.africa.nwtrades.msft. 1.11.168.192. in-add.arpa. PTR casablanca.africa.nwtrades.msft. Zone Database File Zone DNS Server
184
Creating Lookup Zones Forward Lookup IP Address for Khan.com ? IP Address 192.168.1.50 Reverse Lookup Name Of 192.168.1.50 ? Name = khan.com DNS Server
185
Configuring Standard Zones Zone Transfer Process Configuring Zone transfers Creating A Sub domain configuring Active directory Integrated Zones Migrating zones to the windows 2000 DNS server Service Configuring Zones
186
Configuring Standard Zones You can Configure A DNS Server to host standers primary Zones, Strand Secondary Zones, or any Combination of Zones. You can designate a primary server or a Secondary server as a master server for a standers Secondary zone A Primary Zone B Secondary Zone Master DNS Server DNS Server A C Secondary Zone Master DNS Server DNS Server A DNS Server B DNS Server C Zone Information
187
Zone Transfer Process A master DNS server send Notification of zone Changes to The Secondary server or Servers The Secondary server queries a master DNS Server for changes to the zone File DNS Server (Master) DNS Server Primary Zone Database File Secondary Zone Database File nwtraders SupportTraining Zone 1
188
Configuring Zone transfers
189
Creating A Sub domain Create a Sub Domain to Better Organize you Namespace Delegate Authority of a Sub Domain To Delegate Management of Portions of the Namespace Delegate Administration tasks of Maintaining on Large DNS Database Org. Com. Edu.Au. Microsoft.com Training.microsoft.com RootTop-level DomainSecond-level DomainSub Domain
190
configuring Active directory Integrated Zones Active Directory Integrated zone Data Is Stored as an Active directory Object Replicated as part of Domain Replication DNS Server Nwtradres.msft Active Directory Integrated zone Active directory
191
Migrating zones to the windows 2000 DNS server Service Files in the windows 2000 DNS server service Domain_name.dns The forward Lookup file that is used to Translate Host Names to IP Address z.y.x.w.in-addr.arpa The Reverse Lookup file that is used to Translate IP Address to Host Names Cache.dns Contains the required Host information for Resolving Names outside authoritative Boot Control How the DNS Server service Start
192
configure a Root Zone on a DNS Server When: your Intranet is not connected to the internet you are using a proxy to gain access to the internet Org. Com. Edu. Au. Com Microsoft.com Delegate Microsoft.com Private Network Internet Root domain Com. Delegate Microsoft.com Record for Com Microsoft.com Root Domain Proxy Server Private Network Configuring DNS for Internal Use
193
Integrating DNS and DHCP Overview of Dynamic Update Configuring Dynamic Updates Securing Dynamic Updates
194
Overview of Dynamic Update Computer 1 Request for IP Address Assign IP Address Of 192.168.120.133 Dynamic Update Computer 1 192.168.120.133 DNS Server Zone database DHCP Server
195
Configuring Dynamic Updates Configure the DNS Server to Allow Dynamic Updates Configure the DHCP Server for Dynamic Updates Configure windows 2000 –Based clients Dynamic Updates
196
Securing Dynamic Updates Active directory Integrated zone Secure Dynamic Update
197
Maintaining and troubleshooting DNS Servers Reducing Network traffic by Using caching-Only Server Maintaining DNS Zones Monitoring DNS Servers Verifying Resources Records by Using NSlookup Troubleshooting Name Resolution Problems
198
Reducing Network traffic by Using caching-Only Server Caching-Only Servers Perform name Resolution on behalf of client computers and cache the results Can be used to reduce DNS-related traffic across a WAN Client Caching-Only Servers Remote Office DNS Server Slow Wan Link Corporate Headquarters
199
Maintaining DNS Zones
200
Monitoring DNS Servers
201
Verifying Resources Records by Using NSlookup Use Nslookup to verify that the information contained in Resources records is correct
202
Troubleshooting Name Resolution Problems troubleshooting Name resolution on Clients computers Registering Client Computers Troubleshooting Zone transfer Problems
204
Introduction ISA Server Using Caching Using Firewalls Deployment scenarios for ISA Server
205
Introduction ISA Server o ISA Server Editions o Benefits of ISA Server o Installation Modes
206
o ISA Server Editions ISA Server Standard Edition ISA Server Enterprise edition
207
Benefits of ISA Server Acceleration Fast web access with a High performance Cache Security Secure Internet connectivity a Multilayered Firewall Management Unified Management with Integrated Administration Extensibility Extensible and open platform
208
o Installation Modes o Cache Mode o Firewall Mode o Integrated Mode o Features Available with Each Mode
209
Using Caching The Caching Process Types of caching Cache
210
The Caching Process ISA Server Internet 2 GET www.nwtraders.msft Client 1Client 2 Cache 1 GET www.nwtraders.msft 4 GET www.nwtraders.msft 3 Object is sent from internet 5 object is sent from cache
211
Types Of Caching Forward Caching Cache Internet Reverse Caching Cache Internet Distributed Caching Internal Network Web Server Internal Network Cache Internet
212
Using Firewalls Firewall Overview Bastion Host Perimeter network with Three-Homed firewall Perimeter Network with Back-to-Back Firewalls Filters and Network Access
213
Firewall Overview A firewall is: Controlled point of access for all traffic that enters the internet Network A Controlled Point of Access for all Traffic that Leaves the internet network
214
Bastion Host Internet Firewall Internal Network
215
Perimeter network with Three-Homed firewall Internet Perimeter Network Internal Network Firewall
216
Perimeter Network with Back-to-Back Firewalls Internal Firewall External Firewall
217
Filters and Network Access Access Policy Allow Http All destinations Streaming Media Streaming Media STMP DNS IntrusionFirewall Internal Network External Network
218
Deployment scenarios for ISA Server Branch Office/Small Business Cache Server Branch Office/Small Business Firewall Enterprise Cache Enterprise Firewall
219
Branch Office/Small Business Cache Server Main Office Cache Branch Office ISA Server Cache ISA Server Small business Internet
220
Branch Office/Small Business Firewall Internet ISA Server Actual Connection Branch Office or Small Business Perceived connection
221
Enterprise Cache Server Cache Internet ISA Server Array Corporate Network
222
ISA Server Perimeter Network Internet Enterprise Firewall
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.