Windows 2000 ServerWindows 2000 Serverandand

Windows Server 2003Windows Server 2003

Chapter 8Chapter 8

History of Microsoft NOS’sHistory of Microsoft NOS’s

Windows for Workgroups 3.11Windows for Workgroups 3.11 2000/2003 line started with Windows NT 2000/2003 line started with Windows NT

3.03.0 Evolved to first widespread use in NT 3.51Evolved to first widespread use in NT 3.51 NT 4.0 included Windows 95-like interfaceNT 4.0 included Windows 95-like interface Windows 2000 followed introducing Active Windows 2000 followed introducing Active

DirectoryDirectory Windows 2003 builds on 2000’s strengthsWindows 2003 builds on 2000’s strengths

Introduction to Windows Introduction to Windows 2000/2003 Server2000/2003 Server

Based on Windows NT technologyBased on Windows NT technology Advanced directory serviceAdvanced directory service Built-in internet and LAN servicesBuilt-in internet and LAN services Several flavors based on needs:Several flavors based on needs:

StandardStandard Enterprise (adds clustering, higher RAM, greater Enterprise (adds clustering, higher RAM, greater

SMP)SMP) Datacenter (higher RAM, greater SMP over Datacenter (higher RAM, greater SMP over

Enterprise)Enterprise) Web (low-end for web serving only)Web (low-end for web serving only)

Some Benefits of Windows Some Benefits of Windows 2000/2003 Server NOS2000/2003 Server NOS

Advanced system of organizing and managing Advanced system of organizing and managing network objects, called Active Directorynetwork objects, called Active Directory

Multiple, integrated services manageable from a Multiple, integrated services manageable from a graphical interfacegraphical interface

Support for multiple, modern protocols and Support for multiple, modern protocols and security standards (Kerberos, LDAP)security standards (Kerberos, LDAP)

Integration with other NOSsIntegration with other NOSs Simple, centralized management of multiple Simple, centralized management of multiple

clientsclients Flexible, customizable network management Flexible, customizable network management

interfaceinterface Single management tool called MMCSingle management tool called MMC Installation ServicesInstallation Services Enterprise-wide management capabilitiesEnterprise-wide management capabilities

Active DirectoryActive Directory

Standards-based directory serviceStandards-based directory service Stores basic user info and provides Stores basic user info and provides

authenticationauthentication Extensible to fit needs of organizationExtensible to fit needs of organization Database-likeDatabase-like

Active DirectoryActive Directory

SchemaSchema Set of Set of

definitions of definitions of kinds of kinds of objects and objects and information information associated associated with those with those objects that objects that the Active the Active Directory Directory database can database can containcontain

Figure 8-10: Active Directory and a simple user schema

AD AttributesAD Attributes

KeyKey AttributeAttribute

CNCN Common NameCommon Name

LL LocalityLocality

STST State or ProvinceState or Province

OO OrganizationOrganization

OUOU Organizational UnitOrganizational Unit

CC CountryCountry

STREETSTREET Street AddressStreet Address

DCDC Domain ComponentDomain Component

UIDUID UseridUserid

Example: ldap://cn=Mickel, Jason T (mickelj),ou=Administration,dc=juniata,dc=edu

DomainsDomains

Group of Group of users, users, servers, and servers, and other other resources resources that share a that share a database of database of account and account and security security informationinformation

Figure 8-12: Multiple domains in one organization

DomainsDomains

Domain controllerDomain controller Windows 2000/2003 server that contains a Windows 2000/2003 server that contains a

replica of the Active Directoryreplica of the Active Directory Member serverMember server

Does not hold directory information and, Does not hold directory information and, therefore, cannot authenticate userstherefore, cannot authenticate users

ReplicationReplication Process of copying Active Directory data to Process of copying Active Directory data to

multiple domain controllersmultiple domain controllers

DomainsDomains

Figure 8-13: A Windows 2000/2003 domain model network

Organizational UnitsOrganizational Units

Container Container within an NOS within an NOS directory used directory used to group to group objects with objects with similar similar characteristics characteristics or privilegesor privileges

Figure 8-14: A tree with multiple domains and OUs

Domain Layout at JuniataDomain Layout at Juniata

juniata.edu(Domain)

Administration(Users)

Faculty(Users)

Students(Users)

Computers Graduates Groups Guests

Student Faculty Administration Shares Mailboxes

Active Directory Active Directory Beyond Usernames & PasswordsBeyond Usernames & Passwords

AD stores limitless information about users, AD stores limitless information about users, computers, printers, etc.computers, printers, etc.

Built-in fields include:Built-in fields include: Address/telephoneAddress/telephone DepartmentDepartment SupervisorSupervisor

Extended by applications to store other infoExtended by applications to store other info Exchange mailboxesExchange mailboxes

Can be extended manually to include Can be extended manually to include organization specific dataorganization specific data uPortal groups and grad yearuPortal groups and grad year

Most configuration data has a home in ADMost configuration data has a home in AD

User TypesUser Types

The The GuestGuest account is a predefined user account is a predefined user account with limited privileges that allows a account with limited privileges that allows a user to log onto the computeruser to log onto the computer

The The AdministratorAdministrator account is a predefined account is a predefined user account that has the most extensive user account that has the most extensive privileges for resources both on the computer privileges for resources both on the computer and on the domain it controlsand on the domain it controls

A A local accountlocal account only has rights on the only has rights on the server they are logged ontoserver they are logged onto

A A domain accountdomain account has rights throughout has rights throughout the domainthe domain

Group TypesGroup Types

A A domain local groupdomain local group is one that allows its is one that allows its members access to resources within a single members access to resources within a single domaindomain

A A global groupglobal group allows its members access to allows its members access to resources within a single domainresources within a single domain

A A universal groupuniversal group is one that allows its is one that allows its members to access resources across multiple members to access resources across multiple domains and forestsdomains and forests

Services on Services on Windows 2000/2003 ServerWindows 2000/2003 Server

File/Print Server (Windows, UNIX, File/Print Server (Windows, UNIX, Macintosh)Macintosh)

Networking (DNS, DHCP, WINS, RAS, VPN)Networking (DNS, DHCP, WINS, RAS, VPN) Mail (SMTP, POP3, IMAP)Mail (SMTP, POP3, IMAP) Web (HTTP, HTTPS, ASP)Web (HTTP, HTTPS, ASP) File System (DFS)File System (DFS) Security (Certificate Authority)Security (Certificate Authority) Streaming MediaStreaming Media

Windows 2000/2003 @ JCWindows 2000/2003 @ JC AD Domain controllers (3)AD Domain controllers (3)

DNS, DHCP, WINSDNS, DHCP, WINS Exchange e-mail/groupware (Webmail)Exchange e-mail/groupware (Webmail) VPNVPN

Outside accessOutside access Wireless authenticationWireless authentication

File/Print ServerFile/Print Server Shares and user directoriesShares and user directories Public and shared office printersPublic and shared office printers

Tape BackupTape Backup SQL Database ServerSQL Database Server Systems Management ServerSystems Management Server Miscellaneous…Miscellaneous…

Techniques and Tools to Manage It Techniques and Tools to Manage It AllAll

Microsoft Management Console (MMC)Microsoft Management Console (MMC) Event LogsEvent Logs Windows Management Instrumentation (WMI)Windows Management Instrumentation (WMI) Command Prompt (cmd)Command Prompt (cmd) Batch/Command FilesBatch/Command Files ScriptingScripting Group PolicyGroup Policy Remote Installation ServicesRemote Installation Services Systems Management Server (SMS)Systems Management Server (SMS)

MMCMMC

GUI Framework to add in all management GUI Framework to add in all management toolstools

Tools are called “snap-ins”Tools are called “snap-ins” Can add any MMC-aware snap-in from Can add any MMC-aware snap-in from

Microsoft or third partyMicrosoft or third party MMC Demo…MMC Demo…

Event LogsEvent Logs

Information about your server and processesInformation about your server and processes All servers have:All servers have:

Application – applications and processesApplication – applications and processes Security – user and computer login informationSecurity – user and computer login information System – services and boot processesSystem – services and boot processes

Domain Controllers have DNS, File Replication Domain Controllers have DNS, File Replication Service, and Directory Service logsService, and Directory Service logs

Best place to check first when problems ariseBest place to check first when problems arise

WMIWMI

Service that contains all computer-specific Service that contains all computer-specific infoinfo CPU, Memory, Drives, Services, etc.CPU, Memory, Drives, Services, etc.

Can be queried from batch files and scriptsCan be queried from batch files and scripts Instrumental to SMS and any other Instrumental to SMS and any other

inventory processinventory process Built-in to all Windows 2000, XP, 2003 Built-in to all Windows 2000, XP, 2003

installationsinstallations

Command PromptCommand Prompt

This is where it all started!This is where it all started! Most Windows commands can be run from Most Windows commands can be run from

cmdcmd Some are cmd onlySome are cmd only Quick way to get info and run commands Quick way to get info and run commands

vs. stepping through the GUIvs. stepping through the GUI Despite GUI, Windows has a powerful Despite GUI, Windows has a powerful

command languagecommand language

Batch/Command FilesBatch/Command Files

Series of commands that the server should Series of commands that the server should executeexecute

Quick to write, but…Quick to write, but… Not very sophisticatedNot very sophisticated

Simple programming languageSimple programming language

ScriptingScripting

Windows Scripting HostWindows Scripting Host Sophisticated programming languageSophisticated programming language Based on Visual Basic/VBScriptBased on Visual Basic/VBScript Interfaces with WMI and other Windows Interfaces with WMI and other Windows

internalsinternals Automate TasksAutomate Tasks

User/Group creation, modification, or deletionUser/Group creation, modification, or deletion Computer inventoryComputer inventory Manage sharesManage shares

Group PolicyGroup Policy

Centralized management tool for all or part of the Centralized management tool for all or part of the enterpriseenterprise

Collection of user and computer configuration settingsCollection of user and computer configuration settings Ability to make configuration changes from a central Ability to make configuration changes from a central

location to all machines and userslocation to all machines and users Enforce common security standards and configurationsEnforce common security standards and configurations Simplify PC deployment processSimplify PC deployment process Handles:Handles:

Registry, software deployment, disk quotas, folder redirection, Registry, software deployment, disk quotas, folder redirection, software settings (IE, Office, etc.), software restrictionssoftware settings (IE, Office, etc.), software restrictions

RISRIS

Centralized method of deploying WindowsCentralized method of deploying Windows Can be as manual or automatic as desiredCan be as manual or automatic as desired Simplifies process of installing and Simplifies process of installing and

configuring PCsconfiguring PCs Third party methods available such as Third party methods available such as

Symantec GhostSymantec Ghost

SMSSMS

The ultimate Microsoft management tool!The ultimate Microsoft management tool! Allows centralized:Allows centralized:

Hardware/Software inventoryHardware/Software inventory Remote software installationRemote software installation Patch managementPatch management Help desk PC takeoverHelp desk PC takeover

Planning for Installation:Planning for Installation:Preinstallation DecisionsPreinstallation Decisions

How many, how large, and what kind of How many, how large, and what kind of partitions will the server requires?partitions will the server requires?

What type of file system will the server What type of file system will the server use?use?

What will the server’s name be?What will the server’s name be? Which protocols and network services Which protocols and network services

should the server use?should the server use? What will the Administrator password be?What will the Administrator password be?

Planning for Installation:Planning for Installation:Preinstallation DecisionsPreinstallation Decisions

Should the network use domains or Should the network use domains or workgroups, and, if so, what will they be workgroups, and, if so, what will they be called?called?

Will the server support additional services?Will the server support additional services? Which licensing mode should I choose?Which licensing mode should I choose?

Per serverPer server Per seatPer seat

How can I remember all of this How can I remember all of this information?information?

CreditsCredits

Allen, Robbie, Allen, Robbie, Active Directory, 2Active Directory, 2ndnd Edition Edition, , O’Reilly, 2003.O’Reilly, 2003.