Windows 2000 Server Practicum Ac. J Prof. Koen De Bosschere ir. Ronny Blomme

Doel van de oefening ! Configureren en beheren van een Windows 2000 server 1 File system: partition, share, … 1 Accounts: user, group, … 1 Security: access rights, policy, …

VMWare  Virtuele PC, 128MB ram  Non-persistent disk, 4GB: Reset (of Power Off + Power On) = oefening herbeginnen. Windows2000 shutdown = oefening herbeginnen. Windows2000 Restart is OK  Network: host only  in VMWare venster of via Power menu

Win2000 Edities  Windows 2000 Professional  vergelijk: Windows NT Workstation  Windows 2000 Server  active directory services: netwerkbeheer van gebruikers en andere middelen  Windows 2000 Advanced Server  high availability (clustering), scalability (smp: 8)  Windows 2000 Datacenter Server  load balancing, enhanced clustering

Domain/Workgroup

Active Directory  Stored collection of information about objects  Database of network objects  Information related to network resources to facilitate locating and managing objects  Identifies users and resources  Provides a way to organize and access users and resources  Allows you to perform a number of functions  Acts as administration tool and end-user tool

Structuur  Objecten (verzameling attributen) * object class = logische groepering van objecten (vb. Users, Groups, Computers)  Organizational units (OUs) * logische administratieve groepen in een domein  Domains: security boundary  Trees: hiërarchie van domeinen  Forests: verzameling trees (zonder dns hiërarchie)

Installatie Win Voorbereiding  Minimum hardware vereisten  Hardware Compatibility List  Disk partitionering  FAT of NTFS  Licentie-schema: “per-server” of “per-seat”  Workgroup of Domain  Nieuwe installatie of Update  Backup huidige configuratie

Installatie Win2000  Bootable CDROM  4 setup-floppies + CDROM e: cd bootdisk makeboot a:  Update vanuit WinNT3.51, WinNT4.0 (geen conversie van workstation naar server)  Unattended install

Bestandensysteem  NTFS  file en directory beveiliging  disk compressie  disk quota  encryptie  FAT16 - FAT32  compatibiliteit met andere besturingssystemen

Installatieverloop  Pre-Copy phase  Text Mode phase  GUI Mode phase

Disk Management: storage types

Disk management snap-in

NTFS 5.0 (skip)  Reparse points (hierarchical storage management + monteren van een logisch volume in een lege directory)  Native Structured Storage (NSS)  Disk quotas  Sparse file support  Line tracking and object identifiers  Change Journal  CD and DVD support

Shared Folder Permissions  van toepassing op folders, niet op individuele bestanden.  bieden geen bescherming indien de toegang gebeurt via de lokale computer, enkel bescherming indien toegang via netwerk  enige bescherming op FAT volumes.  default folder permission: Everyone Full Control.  allow or deny shared folder permissions to individual users or to user groups.  Assign permissions to groups instead of user accounts to simplify access administration.

Administrative Shared Folders  C$, D$, E$,...  Admin$ = C:\Winnt (the system root folder)  Print$ = C:\Winnt\System32\Spool\Drivers (voor gedeelde printers)

NTFS Permissions: richtlijnen  Group resources into application, data, and home folders.  Use NTFS permissions to control access to files and folders.  Assign permissions to groups rather than individual user accounts.  When assigning permissions to home folders, centralize home folders on a network volume separate from applications and the operating system.  When assigning permissions to working data or applications folders, remove the default Full Control permission from the Everyone group.  When assigning permissions to public data folders, assign Modify permission and Read & Execute permission to the Users group and Full Control permission to the Creator Owner.  It is better not to assign permissions than to deny permissions.  Users should assign permissions to files and folders they own.

Distributed File System (Dfs)

Dfs links

Active Directory Services  Domain Modes: Mixed of Native  Organizational Units en hun objecten: – Each Active Directory object is a distinct named set of attributes that represents a specific network resource. – Before objects are added to Active Directory services, you should create the OUs that will contain those objects.

Active Directory Objects  Wijzigen van “attributes values”: Object Properties  Verplaatsen van Objecten  Opzoeken van Objecten (skip) ContactGroupUser Shared Folder Printer Computer

Win2000 User Accounts  Domain user accounts:  worden gecreëerd in een OU  Local user accounts:  niet in de Active Directory  Built-in user accounts:  Administrator  Guest

User Profile / Home Directory  C:\Documents and Settings\  Roaming profiles vs local user profile  Mandatory profiles  Ntuser.dat vs Ntuser.man  Home directory  shared folder, NTFS permissions

Groepen  Security en Distribution groepen  Scope: " Domain local (assign permissions to resources) " Global (users met dezelfde rechten) " Universal (enkel in native mode) - domeinoverschrijdend  Nesting (beperk u tot 2 niveaus)  Builtin: Account Operators, Admins, Guests...

Group Policy  Centraal beheer van de gebruikers- (desktop)omgeving  Controle over de programma’s die beschikbaar zijn voor de gebruiker, welke beschikbaar zijn op zijn desktop of in het Start menu  Active Directory - Group Policy Container - Group Policy Object  Group Policy Template (o.a. logon logoff scripts) %systemroot%\SYSVOL\sysvol\microsoft.com\Policies\...

Niet in deze oefening...  Beheer van Printer services  Netwerkprotocollen en services  Routing en Remote Access Service (o.a. VPN)  Security: PKI, Cryptografie, Certificaten, Kerberos, Auditing  Reliability / Availability  Monitoring en optimalisatie  Application servers, IIS