Post on 02-Jan-2016
description
New SA TrainingTopic 2: Virtualization
You job requires the use of hardware virtualization
Virtualization allows our company to create virtual computers that act like traditional server and desktop machines
During your training period, you will be using Microsoft’s Virtual PC as your hypervisor
Our training focus is on concepts (thus, you will not necessarily use production tools, OS versions, etc.)
Differencing disks
You will be creating differencing disk images for your hard drives
Creating a differencing disk
Disk Differencing works by storing only the changes to an original image in a new VPC virtual hard-disk. We can create the disk or the machine first.
Steps for creating the disk first follow. They were taken from:http://csciwww.etsu.edu/nielsen/4417/VPC_a.htm.
A machine first example can be found at:http://csciwww.etsu.edu/nielsen/4417/VPC.htm
Creating a differencing disk (cont.)
Create a new Virtual Hard Disk using the Wizard
Creating a differencing disk (cont.)
Creating a differencing disk (cont.)
Create the differencing VHD in a folder of your choice. (This is the disk that will hold the changes made to the parent)
Creating a differencing disk (cont.)
Then select the Parent VHD. (The one with the OS installed on it)
Creating a virtual machine
Create a New Virtual Machine using the Wizard
Creating a virtual machine (cont.)
Creating a virtual machine (cont.)
New SA TrainingTopic 3: User Management
What is a user to you? How do we group classes/categories of
users? Location of information (host or centralized) Home directory Opportunities for pre-login scripting/
initialization Passwords “Object” identifiers (SID, UID, GID)
Windows Specifics
Domain Controllers Active Directory Windows user/group setup:
Local vs. Domain GUI vs. Command line (manage via MMC
vs. “net user”, “addusers”, etc.) Groups: primarily useful for administration Windows groups: complex (stick to domain
groups for now)
Windows Specifics
Where are passwords stored? Local? Network?
What makes a password “acceptable”? “Complex” passwords –
Can’t contain the username or parts of the user's full name
At least six characters long At least three of: uppercase, lowercase, numbers,
special characters/symbols (ex: !, $, #, %) Additional settings – max age, min age,
history, etc. http://technet.microsoft.com/en-us/library/cc264456.aspx
Windows Specifics (cont.)
Windows logon: Computer logon Interactive user logon Network user logon Service logon
Profiles (controls the user desktop environment) Local profiles Roaming profiles Mandatory profiles
Windows Specifics (cont.)
Group policies – Computer or user based; flow down from Site, to Domain, to OU
Example settings: User security Application installation Boot Logon Logoff Shutdown Various “look-and-feel”
Windows Specifics (cont.)
Group Policy Container (GPC) The AD portion of a GPO is called the Group
Policy Container The GPC stores GPO properties, containers
(computer and user), status, version, etc. Group Policy Template (GPT)
The portion of a GPO that is stored as folders and files in SYSVOL directory
The GPT is where the majority of actual settings are stored when you edit a GPO
Windows Specifics (cont.)
While most policy settings are stored in the GPT, some policy areas use both the GPC and GPT, others use only the GPC and some don’t use either the GPC or GPT.
Windows Scripting Host and ADSI: Take a look at Windows 2000 User Management or Windows 2000 Power Toolkit (in Safari, or Microsoft).
Windows User/GP/Profile Exercise
Let’s look at the MMC Users Groups Computer accounts Group Policy View Group Policy Settings with RSoP
Let’s look at a Default Profile
Linux Specifics
Linux user/group setup: Local vs. Network GUI vs. Command line vs. editing files
(Red Hat User Manager vs. “useradd”, “addusers”, etc. vs. edit /etc/passwd)
Linux Specifics
Where are passwords stored? Network? Local?
Where is group information stored?
What makes a password “acceptable” to a Linux system?
Linux Specifics (cont.)
/etc/passwd: username, passwd, uid, gid, GECOS, home directory, login shell/program
GECOS contains general information about the user. The exact type of information depends on the UNIX variant, but for example it may contain real name and phone number.
/etc/group: name, passwd, gid, user list Groups: Avoid user private groups (UPG) as it is
RedHat-specific. Why tie yourself to a vendor if you don't have to?
/etc/shadow: (days, in terms of days since Jan 1, 1970)
Linux Specifics (cont.)
Shadow file format username encrypted passwd date password was last changed days before PW may be changed (minlife) days after which PW must be changed
(maxlife) days before password expires to warn user days after password expires to disable
account day that account expires and is disabled Reserved (i.e., nothing useful)
Linux Specifics (cont.) Shell environments & customizations
/etc/shells - Contains the pathname of every shell available on your system; Some daemons disallow access to users with unlisted shells
/bin/sh – Bourne shell /bin/bash – bash shell /bin/csh – C shell /sbin/nologin – a program to politely disallow
logins /etc/skel - The home directory for each new user is
initialized with files from the /etc/skel directory; The SA can use /etc/skel to provide a default environment for users
Linux Specifics (cont.)
SA Environment settings /etc/profile – System wide environment and startup
programs that are executed at login (default path, umask, terminal type, etc.)
/etc/bashrc, /etc/csh_cshrc, or others– System wide functions, aliases, etc. that are set when shell starts (may update path, modify your prompt, set command aliases, etc.)
User Environment settings – similar to above, but are set by the user in their home directory
.*login / .*profile (.login, .profile, csh.login, .bash_profile, etc.) - Stores settings executed at login
.*rc (.cshrc, .bashrc, etc.) - Stores settings executed at shell session start
Linux Specifics (cont.) NIS (Network Information Service)
Distributed database that allows one configuration to be used for many computers
Assumes a high degree of trust (so can be insecure)
LDAP (Lightweight Directory Access Protocol – not just Linux)
Allows for quick location of information Can provide enterprise-level user
authentication Can provide access control
Linux User/Profile Exercise
Let’s look at the important files passwd group shadow /etc/shells /etc/skel .profile ENV (.bashrc)