Managing a Microsoft Windows

Server
 Windows Server Network
Administration Goals
• To ensure that network resources such as files,
folders, and printers are available to users
• To secure the network so that available resources
are only accessible to users who have been
granted the proper permissions

2
 Windows Server Editions
• Multiple versions of Windows Server (for
example 2003) exist
• Each version is defined to meet the need of a
certain market segment
• Versions Include:
• Standard Edition
• Enterprise Edition
• Datacenter Edition
• Web Edition
3
 Standard Edition
• Designed for everyday needs of small to medium
businesses or as a departmental server for larger
organizations
• Provides file and print services, secure Internet
connectivity, centralized management of network
resources
• Logical upgrade path for Windows 2000 Server
• Can be used as a domain controller, member
server, or standalone server

4
Standard Edition (continued)

5
 Enterprise Edition
• Generally used for medium to large businesses
• Designed for organizations that require better
performance, reliability, and availability than
Standard Edition provides
• Provides support for mission-critical applications
• Available in both 32 and 64-bit editions

6
Enterprise Edition (continued)

7
Enterprise Edition (continued)

8
 Datacenter Edition
• Designed for mission-critical applications, very
large databases, and information access that
requires the highest levels of availability
• Can only be obtained from Original Equipment
Manufacturers (OEMs)

9
Datacenter Edition Continued

10
 Web Edition
• Lower-cost edition
• Designed for hosting and deploying Web services
and applications
• Meant for small to large companies or
departments that develop and/or deploy Web
services

11
Web Edition (continued)

12
 Activity : Determining the
Windows Server 2003 Edition
Installed on a Server
• Objective is to determine the edition of Windows
Server 2003 installed on your server using System
Properties
• Follow the instructions in the book to log in
• Start  My Computer  Properties  General
tab

13
Windows Networking Concepts
Overview
• Two different security models used in Windows
environments
• Workgroup
• Domain
• Three roles for a Windows Server 2003 system in
a network
• Standalone server
• Member server
• Domain controller
14
 Workgroups
• A workgroup is a logical group of computers
• Characterized by a decentralized security and and
administration model
• Authentication provided by a local account database –
Security Accounts Manager (SAM)
• Limitations
• Users need unique accounts on each workstation
• Users manage their own accounts (security issues)
• Not very scalable

15
 Domains
• A domain is a logical group of computers
• Characterized by centralized authentication and
administration
• Authentication provided through centralized Active
Directory
• Active Directory database can be physically distributed
across domain controllers
• Requires at least one system configured as a domain
controller

16
 Member Servers
• A member server
• Has an account in a domain
• Is not configured as a domain controller
• Typically used for file, print, application, and host
network services
• All 4 Windows Server 2003 Editions can be configured
as member servers

17
 Domain Controllers
• Explicitly configured to store a copy of Active
Directory
• Service user authentication requests
• Service queries about domain objects
• May be a dedicated server but is not required to be

18
Domain Controllers
(continued)

19
 Activity : Determining the
Domain or Workgroup
Membership of a Windows
Server 2003 System
• Objective is to determine the domain or
workgroup membership of a system
• Start  My Computer  Properties  Computer
Name tab
• Displays computer name and domain
• Change  OK

20
 Computer Accounts
• Assigned in Windows NT, 2000, XP, and 2003
• Assigned when joining a domain
• Method for authentication and access auditing
• Accounts are represented as computer objects
• Accounts can be viewed using administrative tools
• e.g., Active Directory Users and Computers

21
 Activity : Viewing and
Configuring Computer Account
Settings in Active Directory Users
and Computers
• Objective is to use the Users and Computers tool
to view and configure account settings/properties
• Start  Administrative Tools  Active Directory
Users and Computers
• Follow directions in book to view and configure
various account settings

22
Using Active Directory Users and
Computers to View a Computer
Object

23
 Network Management and
Maintenance Overview
• Five major focus areas of administrative tasks
• Managing and maintaining physical and logical devices
• Managing users, computers, and groups
• Managing and maintaining access to resources
• Managing and maintaining a server environment
• Managing and implementing disaster recovery

24
 Managing and Maintaining
Physical and Logical Devices
• Network administrator responsibilities include:
• Installing and configuring hardware devices
• Managing server disks
• Monitoring and managing performance
• Tools include
• Control panel applets
• Device Manager
• Disk Defragmenter

25
 Managing Users, Computers,
and Groups
• User accounts
• Creation, maintenance, passwords
• Group accounts
• Assign network rights and permissions to multiple users
• Support e-mail distribution lists
• Computer accounts
• Active Directory tools and utilities used to create and
maintain computer accounts

26
Activity : Resetting a Domain User
Account Password Using Active
Directory Users and Computers
• Objective is to reset a user password
• Force user to change password at next log-in
• Other techniques discussed
• Start  Administrative Tools  Active Directory
Users and Computers  Users
• Follow directions in book to complete exercise

27
The Reset Password Dialog Box
in Active Directory Users and
Computers

28
 Managing and Maintaining
Access to Resources
• Server 2003 uses sharing technique
• Sharing setup
• Through Windows Explorer interface and Computer
Management administrative tool
• Shared folder and NTFS permissions
• Terminal services
• Allows access to applications through a central server
• Allows access from desktops running different
operating systems

29
 Managing and Maintaining a
Server Environment
• Covers a wide variety of tasks including:
• Managing server licensing
• Managing patches and software updates
• Managing Web servers
• Managing printers, print queues, disk quotas
• A wide variety of tools are available including:
• Event Viewer and System Monitor
• Software Update Services
• Microsoft Management Console

30
 Activity : Creating a Custom
Microsoft Management
Console
• The objective is to create a custom MMC
• MMC groups commonly used tools for
administrator’s convenience
• Start  Run  mmc  OK  File 
Add/Remove Snap-in
• Follow directions in book to view and select snap-
ins to add to MMC

31
The Add Standalone Snap-in
Dialog Box

32
Selecting the Snap-In Focus

33
 Managing and Implementing
Disaster Recovery
• Main component of disaster recovery is system
backup
• Backup tool provided is Windows Backup
• Different types of backup
• Automated scheduling of backups
• Back up critical system state information
• Automated system Recovery
• Shadow Copies of Shared Folders

34
 Introduction to Windows
Server 2003 Active Directory
• Provides the following services
• Central point for storing and managing network objects
• Central point for administration of objects and
resources
• Logon and authentication services
• Delegation of administration

35
 Introduction to Windows
Server 2003 Active Directory
Continued
• Stored on domain controllers in the network
• Changes made to any Active Directory will be
replicated across all domain controllers
• Multimaster replication
• Fault tolerance for domain controller failure
• Uses Domain Name Service (DNS) conventions
for network resources

36
 Active Directory Objects

• An object represents a network resource such as a

user, group, computer, or printer
• Objects have attributes depending on object type
• Objects are searchable by attributes

37
 Active Directory Schema
• Schema defines the set of possible objects for
entire Active Directory structure
• Only one schema for a given Active Directory,
replicated across domain controllers
• Two main definitions
• Object classes
• Attributes
• Attributes and object classes have a many-to-many
relationship

38
 Active Directory Logical
Structure and Components
• Active Directory comprises components that:
• Enable design and administration of a network structure
• Logical
• Hierarchical
• Components include:
• Domains and organizational units
• Trees and forests
• A global catalog

39
 Domains and Organizational
Units
• Domain
• Has a unique name
• Is organized in hierarchical levels
• Has an Active Directory replicated across its domain
controllers
• Organizational unit (OU)
• A logical container used to organize domain objects
• Makes it easy to locate and manage objects
• Allows you to apply Group Policy settings
• Allows delegation of administrative control

40
An Active Directory Domain
and OU Structure

41
 Trees and Forests
• Sometimes necessary to create multiple domains
within an organization
• First Active Directory domain is the forest root
domain
• A tree is a hierarchical collection of domains that
share a contiguous DNS naming structure
• A forest is a collection of trees that do not share a
contiguous DNS naming structure
• Transitive trust relationships exist among
domains in trees and, optionally, in and across
forests
42
 Global Catalog

• An index and partial replica of most frequently used

objects and attributes of an Active Directory
• Replicated to any server in a forest configured to be
a global catalog server

43
 Global Catalog (continued)
• Four main functions
• Enable users to find Active Directory information
• Provide universal group membership information
• Supply authentication services when a user logs on from
another domain
• Respond to directory lookup requests from Exchange
2000 and other applications

44
An Active Directory Forest

45
 Active Directory
Communications Standards
• The Lightweight Directory Access Protocol
(LDAP) is used to query or update Active
Directory database directly
• LDAP follows convention using naming paths
with two components
• Distinguished name: the unique name of an object in
Active Directory
• Relative distinguished name: the portion of a
distinguished name that is unique within the context of
its container

46
 Active Directory Physical
Structure
• Physical structure distinct from logical structure
• Important to consider the effect of Active
Directory traffic and authentication requests on
physical resources
• A site is a combination of 1+ Internet Protocol
(IP) subnets connected by a high-speed connection
• A site link is a configurable object that represents
a connection between sites

47
 Summary
• Windows Server 2003 network administration
goals:
• Make network resources available to users as permitted
• Secure the network from unauthorized access
• Four editions of Windows Server 2003 with
different features and costs
• Two network security models with three possible
server roles

48
 Summary (continued)

• Five broad categories of network administration

tasks in a Windows Server 2003 environment
• Native directory service is Active Directory
• Objects and schema
• Domains, organizational units and controllers
• Trees and forests
• Sites and site links

49
 Disk Partitioning

2021-2022 50
 File System

• Windows 2000/2003 manages two file systems: the Windows 2000 file
system (NTFS: New Technology File system) and the FAT (File
Allocation Table) file system

2021-2022 51
2021-2022 52
 File System

FAT and FAT32

FAT and FAT32 systems provide compatibility with other
operating systems and allow them to access the computer.
If you want to be able to dual boot with Windows 2000
and another operating system, choose FAT or FAT32
formatting of the system [Link] on the size of
the installation partition, the installer determines whether
to format the hard drive with FAT or FAT32.

2021-2022 53
 File System

NTFS

Choose NTFS if you want to use the following features on the Windows 2000
installation partition:

• File and folder level security. NTFS allows you to control access to files and
folders.
• Disk compression. NTFS compresses files to store more data on the partition.
• Disk quotas. NTFS allows you to control disk usage by each user.
• Encryption. NTFS allows you to encrypt file data on the physical hard drive.

Windows 2000 NTFS also supports remote data storage, dynamic volumes, and
mounting volumes in folders. Windows 2000 and Windows NT are the only
operating systems capable of accessing data stored on a local hard drive formatted
with NTFS.

2021-2022 54
 File System

Introduction to NTFS Permissions

Windows 2000/2003 only provides NTFS permissions on NTFS

formatted partitions. To secure files and folders on NTFS
partitions, you grant NTFS permissions for each user account or
group that needs access to the resource. Users must be granted
explicit permission to gain access to resources. If no permission is
granted, the user account cannot gain access to the file or folder.
NTFS security is effective whether a user gains access to a folder
or file at the computer or over the network.

2021-2022 55
 NTFS Permissions

• You use NTFS permissions to specify which users, groups, and

computers can access files and folders. NTFS permissions also dictate
what users, groups, and computers can do with the contents of the file
or folder.

2021-2022 56
 NTFS File and Folder Permissions

• NTFS permissions are used to specify which users, groups, and computers can
access files and folders. NTFS permissions also dictate what users, groups, and
computers can do with the contents of the file or folder.

2021-2022 57
 NTFS folder permissions

2021-2022 58
 NTFS File Permissions

2021-2022 59
 NTFS File Permissions

Important : When you format a partition with NTFS, Windows 2000

automatically grants the Full Control permission for the root folder to
the Everyone group. By default, the Everyone group will have Full
Control to all folders and files that are created in the root folder. To
restrict access to authorized users, you should change the default
permissions for folders and files that you create.

2021-2022 60
 How Windows 2000/2003 Applies NTFS Permissions

• By default, when you grant permissions to users and groups for a

folder, the users or groups have access to the subfolders and files
contained in the folder. It is important that you understand how
subfolders and files inherit NTFS permissions from parent folders
so that you can use inheritance to propagate permissions to files
and folders.
• If you grant permissions to an individual user account or to a group
of which the user is a member for a file or folder, then the user has
multiple permissions for the same resource. There are rules and
priorities that are associated with how NTFS combines multiple
permissions. In addition, you can also affect permissions when you
copy or move files and folders.

2021-2022 61
 Multiple NTFS Permissions

• If you grant NTFS permissions to an individual user account in

addition to a group to which the user belongs, then you have granted
multiple permissions to the user. There are rules for how NTFS
combines these multiple permissions to produce the user's effective
permission.

2021-2022 62
 Copying and Moving Files and Folders

• When you copy or move a file or folder, the

permissions may change depending on
where you move the file or folder.

2021-2022 63
 Copying Files and Folders

• When you copy files or folders from one folder to another folder, or
from one partition to another partition, permissions for the files or
folders may change. permissions:

2021-2022 64
 Moving Files and Folders

• When you move a file or folder, permissions may change, depending

on the permission of the destination folder

2021-2022 65
 Copying and Moving Files and Folders

Summary:

 Move within the same partition: Retain

 Other cases: inherit the new permissions of destination

2021-2022 66
 Using NTFS Permissions

• Administrators, users with the Full Control permission, and owners of

files or folders can grant permissions to user accounts and groups for
files and folders. When granting NTFS permissions and controlling
inheritance, you should follow best practices to help you grant
permissions in the most effective manner. You should always grant
permissions according to the needs of your groups and users
• You grant NTFS permissions in the Properties dialog box for the
folder. When you grant or modify NTFS permissions for a file or a
folder, you can either add or remove users, groups, or computers for
the file or folder. By selecting a user or group, you can modify the
permissions for the user or group.

2021-2022 67
 Using NTFS Permissions

2021-2022 68
 Using NTFS Permissions

• On the Security tab of the Properties dialog box for the file or folder, configure
the options described in the following table.

2021-2022 69
 Setting Permission Inheritance

• In general, you should allow Windows 2000 to propagate

permissions from a parent folder to subfolders and files contained
in the parent folder. Permissions propagation simplifies the
assignment of permissions for resources.

• However, there are times when you may want to prevent

permission inheritance. For example, you may need to keep all
sales department files in one sales folder for which everyone in the
sales department has the Write permission. However, you need to
limit permissions for a few files in the folder to the Read
permission only. To do this, you would prevent inheritance so that
the Write permission does not propagate to the files contained in
the folder.

2021-2022 70
 Setting Permission Inheritance

• By default, subfolders and files inherit permissions that you grant for their parent folders,
as shown on the Security tab in the Properties dialog box when the Allow inheritable
permissions from parent to propagate to this object check box is selected.

71
2021-2022
 Setting Permission Inheritance

• To prevent a subfolder or file from inheriting permissions from a parent folder, clear
the Allow inheritable permissions from parent to propagate to this object check
box, and then select one of the two options described in the following table.

72
2021-2022
 Setting Permission Inheritance

2021-2022 73
 Compressing Data on an NTFS Partition

• NTFS file system data compression enables you to compress files

and folders. Compressed files and folders occupy less space on an
NTFS-formatted partition, enabling you to store more data. You set
the compression state, either compressed or uncompressed, of files
and folders. Files and folders that you copy or move can retain
their compression states, or they can inherit the compression state
of the target folder to which they are copied or moved. You should
follow the best practices for managing data compression.

2021-2022 74
 Introduction to Compressed Files and Folders

• Each file and folder on an NTFS partition has a compression state, which
is either compressed or uncompressed. The compression state for a folder
does not necessarily reflect the compression state of the files and
subfolders in that folder. For example, a folder can be compressed, yet all
of the files in that folder can be uncompressed. Note that an
uncompressed folder can contain compressed files.

75
2021-2022
 Introduction to Compressed Files and Folders

Consider the following when working with compressed files or folders:

 Space allocation. NTFS allocates disk space based on the uncompressed file
size. If you copy a compressed file to an NTFS partition that does not have
enough space for the uncompressed file, you will get an error message stating
that there is not enough disk space for the file.
 Compression state display color. You can change the color that displays
compressed files and folders in order to distinguish them from uncompressed
files and folders.
 Access to compressed files through applications. Compressed files can be
read, and written to, by any Windows-based or MS-DOS-based application
without first being uncompressed by another program. When an application or
an operating system command requests access to a compressed file, Windows
2000 automatically uncompresses the file. When you close or save a file,
Windows 2000 compresses it again.

2021-2022 76
 Compressing Files and Folders

• Windows Explorer enables you to set the compression state of files and folders and change the display color
for compressed files and folders.
Setting Compression State

• To set the compression state of a folder or file, in the Advanced attributes dialog box, select the Compress
contents to save disk space check box.

2021-2022 77
 Compressing Files and Folders

• If you compress a folder, Windows 2000 displays the Confirm Attribute

Changes dialog box, which has the two additional options. These options are
described in the following table.

2021-2022 78
 Configuring Disk Quotas on NTFS Partitions

• Use disk quotas to manage storage growth in

distributed environments. Disk quotas allow you to
allocate available disk space to users based on the files
and folders that they own. Disk quotas allow you to
control the amount of disk space users have for storing
files. It is important that you have an understanding of
how disk quotas work so that you can implement them
in your network in an efficient manner.

2021-2022 79
 Using Disk Quotas

• You can configure disk quotas to enforce disk quota

warnings and limits for all users and for individual
users.

80
2021-2022
 Enabling Disk Quotas

2021-2022 81
 Enabling Disk Quotas
To enable disk quotas, open the Properties dialog box for a disk. On the Quota tab,

configure the options that are described in the following table

2021-2022 82
Enforcing Disk Quotas for All Users

To enforce quota limits for all users,

perform the following steps:
• In the Limit disk space to and Set
warning level to boxes, enter the
values for the limit and warning level
that you want to set.
• Select the Deny disk space to users
exceeding quota limit check box.
• Windows 2000 will monitor usage and
will not allow users to create files or
folders on the partition when they
exceed the limit.

83
2021-2022
 Enforcing Disk Quotas for Individuals

To enforce quota limits for a specific user,

perform the following steps:
• In the Properties dialog box for a disk,
on the Quota tab, click the Quota
Entries button.
• In the Quota Entries for dialog box,
create an entry by clicking New Quota
Entry on the Quota menu, and then
selecting a user.
• Configure the disk space limit and the
warning level for the individual user.

84
2021-2022
 Securing Data by Using EFS

• The Encrypting File System (EFS) provides file-level encryption

for NTFS files. EFS encryption technology is public key-based,
runs as an integrated system service, and enables file recovery by a
designated EFS recovery agent.
• EFS is easy to manage because when it is necessary to gain access
to critical data that a user has encrypted, and the user or his or her
key is unavailable, the EFS recovery agent (typically an
administrator) can decrypt the file.
• Understanding the benefits of EFS will help you efficiently use this
technology on your network.

2021-2022 85
 Introduction to EFS

• EFS allows users to store data on the hard disk in encrypted format. After a user encrypts a file, the
file remains encrypted for as long as it is stored on disk. Individual users can use EFS to encrypt files
for confidentiality.
• EFS has several key features:
• It operates in the background and is transparent to users and applications.
• It allows only the authorized user to gain access to an encrypted file. EFS automatically decrypts the
file for use and then encrypts the file again when it is saved. Administrators can recover data that was
encrypted by another user. This ensures that data is accessible if the user that encrypted the data is
unavailable or his other private key.

2021-2022 86
 Encrypting a Folder or File

To encrypt files or folders, create an NTFS folder, and then

encrypt it in the Properties dialog box for the folder. On
the General tab, click Advanced, and then click Encrypt
contents to secure data.
After you encrypt the folder, the files saved in that folder are
automatically encrypted with file encryption keys. File
encryption keys are fast, symmetric keys that are
designed for bulk encryption. Windows 2000 encrypts
the file in blocks, with a different file encryption key for
each block. All of the file encryption keys are stored in
the Data Decryption Field (DDF) and the Data Recovery
Field (DRF) in the file header.
All files and subfolders that you create in an encrypted folder
are also automatically encrypted. Each file has a unique
encryption key, making it safe to rename files. If you
move a file from an encrypted folder to an unencrypted
folder on the same partition, the file remains encrypted.

87
2021-2022
 Decrypting a Folder or File

When you open an encrypted file, EFS automatically detects an encrypted file and
locates a user certificate and the associated private key in the file header. EFS
applies your private key to the DDF to unlock the list of file encryption keys,
allowing the file contents to appear in plain text.
Access to the encrypted file is denied to everyone except the owner of the private
key. Only the owner of the file or a recovery agent can decrypt the file. This is
true even if administrators change permissions or file attributes, or take
ownership of the file. Even if you own an encrypted file, you cannot read it
unless you have the private key or you are a recovery agent.

2021-2022 88
 Sharing

2021-2022 89
 Sharing

• Shares open a door to files stored on other computers on the network.

Share access rights determine whether users can use the files they
contain.

• It is not possible to set the security of each file individually: the user
has access to all the share, or else does not have access to any of the
files. To secure individual files, combine shares and NTFS
permissions.

2021-2022 90
 Permissions of Sharing

There are three types of access permissions for shares:

N.B.
 In Windows 2000, By default, when a folder is shared, the everyone group is given the Full
Control
 permissionWhen a user accesses a file through a share located on an NTFS volume, the more
restrictive permission applies.

2021-2022 91
 Partages masqués

Alternatively referred to as an Administrative share, a hidden share is a network share on

a Microsoft network that is not visible when viewing another computer's shares.
However, it is still accessible if the name of the hidden share is known.
Below are examples of Microsoft Windows default administrative hidden shares.
ADMIN$ - The default system root or Windows directory.
C$ and x$ - The default drive share, by default C$ is always enabled. The x$ represents
other disks or volumes that are also shared, e.g., D$, E$, etc.

A Microsoft Windows hidden share is created by adding a $ at the end. For example, if the
share was hope, adding a $ to the end and making it hope$ would turn it into a hidden
share.
Accessing a Windows hidden share
Assuming we were attempting to access the "hope$" share that we created above from
another computer, we would type the network path below to access the hidden share.
\\<computer_name>\hope$

2021-2022 92
 Managing Access to Shared Files Using Offline
Caching
Offline Files is an important document-
management feature that provides the
user with consistent online and offline
access to files. When the client
disconnects from the network,
anything that has been downloaded to
the local cache remains available.
Users can continue working as though
they were still connected to the
network. They can continue editing,
copying, deleting, …

93
2021-2022
 How Offline Files Are Synchronized

2021-2022 94
 Implementing Printing

Overview
• Introduction to Printing in the Windows Server 2003 Family
• Installing and Sharing Printers
• Managing Access to Printers Using Shared Printer Permissions
• Setting Printer Priorities
• Scheduling Printer Availability
• Configuring a Printing Pool

2021-2022 95
 Implementing Printing

• Introduction
Printers are common resources that are shared by multiple users on a
network. As a systems administrator, you should set up a network-wide
printing strategy that meets the needs of users. To set up an efficient
network of printers, you must know how to install and share network
printers and how to mange printer drivers and printer locations. The
Microsoft® Windows® Server 2003 family helps you to perform these
tasks efficiently though an easy-to-use interface.

2021-2022 96
 What Is a Local Printer and a Network Printer?

2021-2022 97
 What Is a Local Printer and a Network Printer?

The following table lists the advantages and disadvantages of printing to a

local printer or a network printer.

2021-2022 98
 What Are Shared Printer Permissions?

• Windows provides the following levels of shared printer

permissions:

 Print
 Manage Printers
 Manage Documents

• When multiple permissions are granted to a group of users,

the least restrictive permission applies. However, when a
Deny permission is applied, it takes precedence over any
permission.

2021-2022 99
 Tasks that can be performed at each permission
level
The following is a brief explanation of the types of tasks a user can perform at
each permission level:

2021-2022 100
 Printer permissions

• Printer permissions assigned to default groups

2021-2022 101
 What Are Printer Priorities?

• Set priorities between printers to

prioritize documents that print to the
same print device. To do this, create
multiple printers pointing to the same
print device. Users can then send
critical documents to a high-priority
printer and documents that are not
critical to a low-priority printer. The
documents sent to the high-priority
printer will print first.

102
2021-2022
 Schedule Printer Availability

2021-2022 103
 TCP/IP Utilities

2021-2022 104
 TCP/IPUtility

• To help you troubleshoot TCP/IP, Windows 2000 provides several utilities,

described in the following table:

2021-2022 105
 TCP/IPUtility

• These troubleshooters all run from the Command Prompt window. For more information on using all
of these commands except Hostname and Tracert, open the Command Prompt window, type the
command followed by /? and press ENTER. For example, to get information about the ping
command, open the Command Prompt window, type ping /? and press ENTER.

2021-2022 106
 TCP/IP Utility

Hostname

To use the Hostname utility, open the Command Prompt window, type
Hostname, and press ENTER. The local computer name is displayed.
For more information on using the Tracert command, open a
Command Prompt window, type Tracert, and press ENTER.

2021-2022 107
 TCP/IP Utility
ipconfig
The ipconfig utility allows you to check the current network adapter's
TCP/IP configuration settings. This way, you will be able to see if the
configuration is initialized, or if there is a duplicate IP address.

2021-2022 108
 TCP/IP Utility
Ipconfig/all
Add the /all switch to the ipconfig command to verify configuration information.

2021-2022 109
 TCP/IPUtility

Netstat
Displays protocol statistics and current TCP/IP network connections.

2021-2022 110
 TCP/IP Utility

ARP : Address Resolution Protocol

The arp command is used to display and modify the resolution tables used by the
ARP protocol to resolve IP addresses to physical Ethernet or Token Ring
addresses

2021-2022 111
 TCP/IP Utility

Tracert
This diagnostic program determines the route to a target by
transmitting ICMP (Internet Control Message Protocol) Echo
packets. This information is useful if you think a router is
[Link] command is used to determine why the
connection is slow between a source and a [Link]:
tracert adrese_ip
Or
tracert name_host

2021-2022 112
 TCP/IP Utility

FTP: File Transfer Protocol

FTP transfers files between two computers, one of which is running

the FTP service (also called a daemon). FTP can be run
interactively. This command is only available if the TCP/IP
protocol is installed. FTP is a service which, when launched,
creates a specific environment within which FTP commands are
executed and which also allows you to return to the Windows 2000
command prompt. A specific command prompt "ftp> " allows to
see that the FTP environment is running. In the ftp environment,
type the command help (or ?) to know all the ftp commands. To
exit ftp, type the command bye (or!).

2021-2022 113
 TCP/IP Utility

2021-2022 114
 DHCP
• Dynamic Host Configuration Protocol
(DHCP) is an English term designating a
network protocol whose role is to ensure the
automatic configuration of the IP
parameters of a station, in particular by
automatically assigning it an IP address and
a subnet mask.

2021-2022 115
• Click Start, point to Control Panel, and then click Add
or Remove Programs.
• In the Add or Remove Programs dialog box, click
Add/Remove Windows Components.
• In the Windows Components Wizard, click
Networking Services in the Components list, and then
click Details.
• In the Networking Services dialog box, click to select
the Dynamic Host Configuration Protocol
(DHCP) check box, and then click OK.
• In the Windows Components Wizard, click Next to
start Setup. Insert the Windows Server 2003 CD-ROM
into the computer's CD-ROM or DVD-ROM drive if it
is prompted to do so. Setup copies the DHCP server
and tool files to your computer.
• When Setup is completed, click Finish.

2021-2022 116
2021-2022 117
2021-2022 118
2021-2022 119
 Active directory
The main purpose of Active Directory is to provide centralized identification and
authentication services to a network of computers using the Windows system. It also
enables policy assignment and enforcement, software distribution, and installation of
critical updates by administrators.

Active Directory lists elements of an administered network such as user accounts, servers,
workstations, shared folders, printers, etc. A user can thus easily find shared resources,
and administrators can control their use thanks to features for distributing, duplicating,
partitioning and securing access to listed resources. If the administrators have filled in the
correct attributes, it will be possible to query the directory to obtain for example: "All
color printers on this floor of the building".

2021-2022 120
 DNS
DNS (Domain name system): Le Domain Name System
(ou DNS, système de noms de domaine) est un service
permettant d'établir une correspondance entre une
adresse IP et un nom de domaine et, plus généralement,
de trouver une information à partir d'un nom de
domaine.

2021-2022 121
 What is a profile?
A user profile is made up of a set of folders and a registry key file:
[Link]. This file contains the part of the register specific to
the user.
The user profile allows you to act on the configuration, behavior and
appearance of the Windows system. The first time a user logs on
under a new account, Windows creates a local user profile. Any
changes made by the user (for example the modification of desktop
themes, etc.) will only apply to him and only on this computer.

2021-2022 122
The different types of profiles: There are three
types of profiles:
• The local profile
• The roaming profile
• The Mandatory profile

2021-2022 123
 Local Profile
It is created the first time a user logs on to a computer.
This profile (largely stored in the user's [Link] file)
will be loaded by the system each time the user logs on
to this computer. It is found on the local hard disk, in the
directory:
C:\Documents and Settings\.... (windows XP)
C:\users (windows 7 windows10)

2021-2022 124
 Roaming Profile
• In a Windows Server/Client environment, roaming user profiles are local user
profiles that are stored in a share on the server. Thus, users can load their
environment (stored in the profile) on any computer located in the same
network as the server.
• Thus, when a user logs on to a computer on the network, the system will "see"
on the server if the stored profile is more recent than that of the local machine.
It then loads the most recent profile and copies it into the local profile. When
the user logs off, Windows stores a copy of the profile, with any changes
made, on the server, where the profile is stored, updating the latest copy. The
user will thus find his new environment at the next session. Note that this type
of profile is specific to the user, and not to the machine used in the network.

2021-2022 125
 Mandatory Profile
These profiles are created and configured by the network administrator. The very name of
the profile shows that they are not modifiable by the user. So even if the user makes
changes to their environment, those changes will not be updated when they log off.
In a server/client environment, when the user logs on, the system of the computer on which
he logs on checks the server to see if the user's account is assigned a mandatory profile.
If so, the profile in question is assigned to the user. When the session is closed, this
profile remains stored on the local machine (unlike roaming profiles).

For the registry part of the profile to become mandatory, the administrator just needs to
rename the [Link] file to [Link] and place it in the appropriate profile folder on
the server.

2021-2022 126
 Start rundcpromo
Name of AD:
[Link]
Join Domain In AD, we create a user,
then we give

Profile path:
\\IPserver\profiles\userna
me

2021-2022 127
 Internet Information Services
Internet Information Services, formerly Internet Information Server,
commonly referred to as IIS is a web server (HTTP) of various expthe
website root path, by default, is
C:\inetpub\wwwroot.

FTP: File Transfer Protocol, is a communications protocol for the

computer exchange of files over a TCP/IP network. It allows, from a
computer, to copy files to another computer on the network, to feed a
website, or to delete or modify files on this computer.

2021-2022 128
2021-2022 129
 NAT and ICS
NAT: In computer networking, a router is said to do Network Address Translation (NAT)1
when it matches non-unique and often non-routable internal IP addresses of an intranet to a set
of unique, routable external addresses. This mechanism notably makes it possible to match a
single public external address visible on the Internet to all the addresses of a private network,
and thus overcomes the exhaustion of IPv4 addresses.

ICS: The Internet Connection Sharing service, or Internet Connection Sharing (ICS), lets you
use Windows 2000 Professional to connect a small office or home network to the Internet.
The ICS service provides network address translation (NAT), IP addressing, and name
resolution for all computers in a small business network. This article describes the step-by-
step procedure for installing the ICS service on Windows 2000 Professional operating
systems.

2021-2022 130
 Remote Access Service (RAS)
Remote Access Service (RAS) allows you to connect to your network
through a modem link. Once connected, you can operate as if you
were connected to a computer physically connected to the network.
You can notably run the User Manager, the Server Manager, or the
Event Viewer. Unless you need to physically access the server for
some reason (like inserting a floppy disk), you can do anything with
RAS that you could do from sitting at the server's keyboard.

2021-2022 131
2021-2022 132
 RIS
Remote Installation Services (RIS) is a feature for server versions
of Microsoft operating systems that allows computers whose BIOS
supports the Preboot eXecution Environment (PXE) to run remote
boot environment variables.

2021-2022 133
 RIS
In short, a PC can start up (boot) in a variety of ways - via floppy disks, via
the local hard drive and other media, or via the network. At boot time, a
machine that has been configured to PXE boot first will issue a BOOTP
request over the network. BOOTP and DHCP are related - a workstation
sends a request for a unique TCP/IP second-level identifier (IP address)
based on the MAC address of the machine's network card (a unique number
consisting of two parts - a manufacturer code and a unique number
corresponding to the card).

2021-2022 134
2021-2022 135
 Software Update Services (SUS)
Software Update Services (SUS) is a free service to centralize Microsoft Windows
updates for a corporate computer fleet. It was replaced, in July 2007, by Windows
Server Update Services (WSUS).

SUS is an optional service that is installed on a company server. It uses the HTTP
protocol to connect to client computers. SUS can be scheduled to download updates
for specified Windows versions from the Windows Update website or another SUS
server. Client computers download updates from the internal SUS server. A SUS
server in the company significantly reduces traffic to the Internet, allows you to
choose the updates you want to deploy and allows you to produce status reports on
deployments.

2021-2022 136
2021-2022 137
 Broadband Remote Access
Server (BRAS)
• A broadband remote access server (BRAS, B-RAS or BBRAS)
routes traffic to and from broadband remote access devices such
as digital subscriber line access multiplexers (DSLAM) on an Internet
service provider's (ISP) network. BRAS can also be referred to as
a Broadband Network Gateway (BNG).
• The BRAS sits at the edge of an ISP's core network, and aggregates
user sessions from the access network. It is at the BRAS that an ISP
can inject policy management and IP quality of service (QoS).

2021-2022 138
2021-2022 139
 Print server
A print server is a server that allows one or more printers to be shared among
multiple users (or computers) located on the same computer network.

The server therefore has:

a network connection (for example, an RJ45 port for an ethernet network)

handling network protocols (for example, TCP/IP);

2021-2022 140
 Print server
•one or more connections to printers. Most print servers have USB connections; some
also have parallel ports. Some print servers are not directly connected by their
interface cable to the printers. These are connected via the network, in fact,
professional printers are generally connected directly to the network to allow
distribution within the premises of the company.

•The print server can consist of a computer that shares a printer connected directly to
it (or across the network), it can also be a small dedicated specialized device. The
advantage of the latter solution is its low price. A print server should always be
powered on and it is best if it has a fixed IP address.

2021-2022 141
2021-2022 142
2021-2022 143
2021-2022 144
2021-2022 145
2021-2022 146
 SAN and NAS
In computing, a storage area network, or SAN
(Storage Area Network), is a specialized
network for pooling storage resources.

2021-2022 147
 SAN and NAS
A storage area network differs from other storage
systems such as NAS (Network attached
storage) by low-level access to disks. To
simplify, the traffic on a SAN is very similar to
the principles used for the use of internal disks
(ATA, SCSI). It is a pooling of storage
resources.

2021-2022 148
 SAN and NAS
In the case of NAS, the storage resource is directly connected to
the corporate IP network. The NAS server integrates support
for multiple network file systems, such as Common Internet
File System (CIFS) sharing protocol from Microsoft and
Samba, Network File System (NFS) which is a Unix file
sharing protocol, or AFP (AppleShare File Protocol) which is
the equivalent for Apple technology. Once connected to the
network, it can act as multiple shared file servers.

2021-2022 149
 SAN et NAS
In the case of SAN, storage arrays do not
appear as shared volumes on the network.
They are directly accessible in block mode
by the file system of the servers. Clearly,
each server sees the disk space of a SAN
bay to which it has access as its own hard
disk.

2021-2022 150
 SAN et NAS

2021-2022 151
2021-2022 152
2021-2022 153
2021-2022 154
2021-2022 155
2021-2022 156
 Backup with tape

2021-2022 157