Windows Server 2008 Environment

2

To my loving wife of more than 9 years, who continues to provide me love

and encouragement even when I don’t deserve it.

3

Acknowledgments

No book is written alone. Instead, there is a wealth of people working behind the scenes

to help make a book the best possible. I‟m grateful for the hard work put in behind the

scenes by several people. Kamal Harmoni, Kharizan, Hj. Shukri, Fadhlina, Ruslan,

Azzahari, Alanto, and Nor Izwan, all provided a significant amount of work that helped

produce this book. I‟m grateful to each of them.

About the Author

Zulfadli Mohd Saad has been teaching Microsoft networking concepts since the DOS

days and has been teaching a myriad of other topics since many years before then. He‟s

been a Malaysia Skills Competition Coach for trade IT PC/Network Support since 2003

and holds many other certifications, including Certified Ethical Hacker, National

Industrial Specialist (IT02-00 Information & Communication Technology), National

Industrial Specialist Instructor (IT02-00 Information & Communication Technology),

Certificate of Excellent MySkills-ASEAN 2009 (IT PC/Network Support), Diploma of

Excellent MySkills 2008 (IT PC/Network Support) and Bronze Medal MySkills 2010 (IT

PC/Network Support)

Zulfadli has developed several video training courses for People Trust Council (Majlis Amanah Rakyat) and has written and co-authored several other technical books. He has a passion for teaching and enjoys sharing knowledge in the classroom as much as he does through books.

He currently works full-time on a government contract providing a wide array of technical training to government personnel in support of a network operations support center. He moonlights as an adjunct instructor at a local college (MARA Vocational Institute) teaching Network System Administration courses.

Zulfadli lives with his wife and four children in Ipoh, Perak, but on most weekends they can‟t be found because they always travel. He‟s found that configuring networks is a piece of cake compared to building a good house and happy family, but he hasn‟t given up yet.

4

Table Of Contents

Title Page

Exercise 1 Installing Windows Server 2008 6

Exercise 2 Initial Configuration

17

Exercise 3 Installing And Configuring DNS

29

Exercise 4 Installing Active Directory

55

Exercise 5 Creating Organization Units And Users

74

Exercise 6 Configuring Client Computer

96

Exercise 7 Viewing Computers In Active Directory

106

Exercise 8 Delegating Management Of Users

124

Exercise 9 Exploring Group Scopes and Types

141

Exercise 10 Creating And Applying Group Policies

155

Exercise 11 Creating And Sharing Resources

174

Exercise 12 Logon Scripts

208

5

Table Of Contents Title Page

Exercise 13 Home Directories 226

Exercise 14 Disk Quotas 247

Exercise 15 Managing Software Applications

261

Exercise 16 Viewing Events

319

Exercise 17 Auditing

327

Exercise 18 Installing And Configuring Printer 367

Exercise 19 Other Administrative Tools

399

Exercise 20 Installing And Configuring DHCP Server 453

Exercise 21 Installing And Configuring Web Server 481

Exercise 22 Installing And Configuring FTP Server 519

6

Exercise 1

Installing Windows Server 2008

Zulfadli Bin Mohd Saad

Computer Engineering Technology, Department of Electronic

MARA Vocational Institute, Lumut, Perak.

7

Exercise 1 : Installing Windows Server 2008 In this section, you should be able to :

Describe the different editions of Server 2008 Describe the requirements for a full installation Get a free evaluation copy of Windows Server 2008 (if you don‟t already have

one) and how to install it. Perform Full Installation of Server 2008

Hardware Requirements Table 1.1 lists the basic system requirements for Windows Server 2008 editions.

Standard Enterprise Datacenter

Processor (min) 1 GHz (x86) 1.4 GHz (x64)

1 GHz (x86) 1.4 GHz (x64)

1 GHz (x86) 1.4 GHz (x64)

Processor (recommended) 2 GHz or faster 2 GHz or faster 2 GHz or faster

Memory (min) 512 MB 512 MB 512 MB

Memory (recommended) 2 GB or more 2 GB or more 2 GB or more

Memory (max) 4 GB (32 bit) 32 GB (64 bit)

64 GB (32 bit) 2 TB (64 bit)

64 GB (32 bit) 2 TB (64 bit)

Disk space (min) 10 GB 10 GB 10 GB

Disk space (recommended) 40 GB 40 GB 40 GB

TABLE 1.1 Hardware requirements for Windows Server 2008 editions. Hardware resources would need to be increased for any systems using Hyper-V technology and running virtual machines. For example, if you‟re running three virtual servers within a Windows Server 2008 Enterprise edition, you would need additional processing power, more memory, and more disk space.

How to Obtain a Copy of Windows Server 2008? It‟s common for Microsoft to provide free evaluation copies of Server operating systems for use. Currently, you can download Windows Server 2008 30-day and 60-day evaluation editions free of charges at : http://www.micosoft.com/windowsserver2008/en/us/trial-software.aspx

8

Beware, though. These files are quite large. If you‟re using a slower dial-up link, you might want to see whether Microsoft is currently offering an evaluation DVD via regular mail. There‟s a nominal cost involved with this option, but it‟s better than trying to download more than 2GB at 56KB. The download is an .iso image of the actual DVD. Search with your favorite search engine for Download Windows Server 2008, and you‟ll find the link. Once you download the .iso image, you can burn it to a DVD. If you don‟t have the software needed to burn it to DVD, you can use one of many freeware utilities (such as ImgBurn) to burn the .iso image to your DVD. EXERCISE 1.1 Installing Windows Server 2008 1. Insert the Windows Server 2008 DVD into your DVD drive. Boot your PC using

Windows Server 2008 DVD.

2. Language and Keyboard Options.

This allows you to specify your language and your keyboard layout. By default, text input language and method is : US Keyboard layout (Figure 0001).

Figure 0001 : Language and Keyboard Options

2.1. Click Next to continue.

9

3. Windows Server 2008 Setup You are presented with options to Install, brief information about Server 2008 or repair (Figure 0002).

Figure 0002 : Windows Server 2008 Setup

3.1 Click Install now to start setup Windows Server 2008 on this computer.

4. Product Key and Activation

Figure 0003 : Product Key and Activation

4.1 Enter your "Product Key" for activation now or you can enter it later (Figure

0003).

10


Figure 0004 : Product Key Warning

4.3. If you leave the product key box blank, the warning window will appear (Figure

0004); just click No to continue.

5. Windows Server Version

5.1. Select Windows Server 2008 Enterprise (Full Installation), (as shown in the

Figure 0005).

Figure 0005 : Windows Version

5.2. Tick the box of I have selected the edition of Windows that I purchased.

5.3. Click Next.

11

6. Windows Server 2008 License Agreement

6.1. Read the terms of the license agreement.

If you accept (which, of course, you have to do to continue installation), tick the box of I accept the license terms (Figure 0006).

Figure 0006 : Windows Server 2008 License Agreement


12

7. Installation Options. You are presented with options to Upgrade or Custom (advanced). Click Custom (advanced), (Figure 0007).

Figure 0007 : Installation Options

8. Partition Options

8.1. Click Drive options (advanced), (Figure 0008).

Figure 0008 : Drive options

13

8.2. Click New, (Figure 0009).

Figure 0009 : New Partition

8.3. Change the size to 40,000 MB, (Figure 0010).

Figure 0010 : Partition Size

8.4. Click Apply.

14

8.5. Select Disk 0 Partition 1 (Figure 0011).

Figure 0011 : Partition

8.6. Click Next. The partition will be formatted with NTFS as part of the installation. At this point, take a break. The installation will continue on its own.

Figure 0012 : Installing Windows

15

9. First Time Login When you first time login, the windows warning will appear ask you to change the user password before logging on for the first time (Figure 0013).

Figure 0013 : First time login

9.1 Click OK.

10. Change Administrator Password. 4.1 Enter a new password in the two test boxes (Figure 0014). Enter

Pr@ctice in this exercise. It meets complexity requirements and doesn‟t require you to remember multiple passwords. Don‟t use this password on a production server.

Figure 0014 : Change Administrator password

10.2 Hit Enter button after the passwords are entered.

16

Figure 0015 : Password changed successfully

10.3 Once the password has been changed, the screen indicates success

(Figure 0015). Click OK. Congratulation! You have finish install the Windows Server 2008.

Summary In this section you installed Windows Server 2008 on a computer. In the following exercises you will setting time zone, install Active Directory and other services, creating a small network for you to administer.

17

Exercise 2

Initial Configuration




18

Exercise 2 : Initial Configuration In this section, you should be able to :

Complete the Initial Configuration Tasks Setup time zone for your server. Configure networking on your server Change your server name

Setting Time Zone In this section, you‟ll learn how to setup time zone for your server. EXERCISE 2.1 Setting Time Zone

1. In Initial Configuration Tasks, select Set time zone (Figure 0016).

Figure 0016 : Set time zone

2. Click Change time zone (Figure 0017).

Figure 0017 : Change time zone

19

3. Select time zone appropriate for your location.

e.g. (GMT+08:00) Kuala Lumpur, Singapore (Figure 0018).

Figure 0018 : Time zone

4. Click OK.

5. Click OK again (Figure 0019).

Figure 0019 : Change time zone

20

Configuring Network In this section, you‟ll learn how to configure networking on your server. Make sure you have hook up your server to the network before you start. EXERCISE 2.2 Configuring Network

1. In Initial Configuration Tasks, select Configure networking (Figure 0020).

Figure 0020 : Configure networking

2. Double-click Local Area Connection (Figure 0021).

Figure 0021 : Local Area Connection

21

3. Click Properties button (Figure 0022).

Figure 0022 : Local Area Connection Properties

4. Uncheck Internet Protocol Version 6 (TCP/IPv6), because we only use

TCP/IPv4 only (Figure 0023).

Figure 0023 : TCP/IPv6

22

5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button

(Figure 0024).

Figure 0024 : TCP/IPv4

6. Now set your server IP address, and ensure that you are using a static IP

address. For this exercise, I‟m using number 21 as my server station number (Figure 0025).

Tips:

Use the following IP address:

IP address : 192.168.2.SN (server station number)

Subnet mask : 255.255.255.0

Default gateway : 192.168.2.ISIP (internet server IP address)

Use the following DNS server address:

Preferred DNS server : 192 . 168 . 2 . DNS (1st DNS server IP address) Alternate DNS server : ___ . ___ . ___ . ___ (2nd DNS server IP address)

23

Figure 0025 : Static IP address

7. Click Advanced button after complete setting your IP address (Figure 0025).

8. Select the DNS tab (Figure 0026).

Figure 0026 : Advanced TCP/IP Setting

9. Specify myserver.com as the DNS suffix for this connection (Figure 0026).

10. Tick Use this connection’s DNS suffix in DNS registration box (Figure 0026).

24

11. Click OK (Figure 0026).

12. Click OK again.

13. Click Close button to close Local Area Connection Properties (Figure 0027).


14. Click Close button to close Local Area Connection Status. 15. Close Network Connection properties (Figure 0028).

Figure 0028 : Network Connection properties

25

Changing Computer Name In this section, you‟ll learn how to change your server name. EXERCISE 2.3 Changing Computer Name

1. In Initial Configuration Tasks, select Provide computer name and domain

(Figure 0029).

Figure 0029 : Provide computer name and domain

2. Click Change... button (Figure 0030).

Figure 0030 : System Properties

26

3. Key-in your server name at Computer name: box. In this exercise I user

server21 as my computer name (Figure 0031). And click OK.

Figure 0031 : Computer Name

4. Windows remind you to restart your computer to apply the changes. Click OK.

Figure 0032 : Computer Name – Restart Reminder

27

5. Click Close button on System Properties dialog box (Figure 0033).


6. Click Restart Now to reboot your computer (Figure 0034).

Figure 0034 : Restart Computer

28

7. After restart, login your server as Administrator (Figure 0035)

Figure 0035 : Login

Summary In this section you have configure Time Zone, Networking and Computer Name for your Server 2008. In the following exercises you will install Active Directory and other services for you to administer.

29

Exercise 3

Installing and Configuring DNS




30

Exercise 3 : Installing and Configuring DNS Installing Domain Name System (DNS) Services Role

In this section, you‟ll learn how to implement a domain name server for your network. Domain Name System (DNS) provides a standard method for associating names with numeric Internet addresses. This makes it possible for users to refer to network computers by using easy-to-remember names instead of a long series numbers.

Windows DNS services can be integrated with Dynamic Host Configuration Protocol (DHCP) services on Windows, eliminating the need to add DNS records as computers are added to the network.

The first step is required to ensure that you are using a static IP address and that the DNS settings on the computer have been correctly configured. Make sure your have hook up your PC to the network and you are using a static IP address before you start. EXERCISE 3.1 Installing Domain Name System (DNS) Services Role

1. Launch Server Manager. Click Start ►Administrator Tools ► Server Manager (Figure 0036).

Figure 0036 : Launch Server Manager

31

2. In Server Manager, select Roles (Figure 0037).

Figure 0037 : Roles

3. Select Add Roles (Figure 0038).

Figure 0038 : Add Roles

4. On the Before You Begin page, review the requirements, and click Next (Figure

0039).

Figure 0039 : Add Roles – Before You Begin

32

5. On the Select Server Role page, select the check box next to DNS Server, and click Next (Figure 0040).

Figure 0040 : Server Roles – DNS Server

6. On the DNS Server page, review the information, and click Next (Figure 0041).

Figure 0041 : DNS Server

33

7. On the Confirm Installation Selections page, click Install (Figure 0042).

Figure 0042 : Confirm Installation Selections

Please wait. This operation will take a few minutes.

Figure 0043 : Installation Progress

34

8. On the Installation Result page, review the information. Click Close to continue (Figure 0044).

Figure 0044 : Installation Result

35

EXERCISE 3.2 Configuring Domain Name System (DNS)

9. Launch DNS Manager. Click Start ►Administrator Tools ► DNS (Figure 0045)

Figure 0045 : Launch DNS Manager

10. Double-click on the computer icon to expand the DNS Server (Figure 0046).

Figure 0046 : DNS Manager

36

EXERCISE 3.2.1 Configuring Forward Lookup Zones

11. Click on Forward Lookup Zones first, and then right-click on it.

12. Select New Zone (Figure 0047)

Figure 0047 : Create New Zone

13. New Zone welcome wizard appear. Click Next to continue (Figure 0048).

Figure 0048 : New Zone Welcome Wizard

37

14. Select Primary zone and click Next button (Figure 0049).

Figure 0049 : Zone Type

15. The New Zone Wizard dialog box requests the name for the zone. Enter the

name that has been assigned to your domain (this example uses myserver.com). (Figure 0050).

Figure 0050 : Zone Name

16. Once you have entered the correct name for the zone name, click Next button to

continue.

38

17. The dialog box now displays the name that will be used to the new zone file. Leave the filename as suggested, then click Next (Figure 0051).

Figure 0051 : Zone File

18. Select the option "Allow both nonsecure and secure dynamic updates". Click

Next to continue (Figure 0052).

Figure 0052 : Dynamic Update

39

19. Click Finish to close the wizard and create the new zone (Figure 0053).

Figure 0053 : Successfully Completed the New Zone Wizard

40

EXERCISE 3.2.2

Creating Forward Lookup Zones New Host

20. Double click to expand Forward Lookup Zones.

21. Right click myserver.com and select New Host (Figure 0054).

Figure 0054 : Create New Host

22. Enter IP address for DNS server (myserver.com) and click Add Host (Figure 0055).

Figure 0055 : New Host

23. Click OK button.

24. Click Done button to exit New Host Wizard.

41

25. After finish configuring Forward Lookup Zones, recheck myserver.com must have minimum three(3) types resource record – (SOA), (NS) and (A). (Figure 0056).

Figure 0056 : Forward Lookup Zones

42

EXERCISE 3.3

Configuring Reverse Lookup Zones

26. Click on Reverse Lookup Zones.

27. Right click Reverse Lookup Zones and select New Zone (Figure 0057).

Figure 0057 : Add a New Zone

28. New Zone welcome wizard appear. Click Next to continue (Figure 0058)

Figure 0058 : New Zone Welcome Wizard

43

29. Select Primary zone and click Next button (Figure 0059)

Figure 0059 : Zone Type

30. Select IPv4 Reverse Lookup Zone and click Next to continue (Figure 0060).

Figure 0060 : Reverse Lookup Zone Name

44

31. A reverse zone maps IP addresses to computer names, so it has to know what range of IP addresses it will be responsible for. Enter the first 3 octets of the IP address that has been allocated to your network domain (Figure 0061).

Figure 0061 : Network ID

32. After entering the network ID, click Next button to continue.

33. The wizard will display the name of the reverse zone file that it will create. Leave

the filename as suggested, then click Next (Figure 0062).

Figure 0062 : Zone File

45

34. Select the option "Allow both nonsecure and secure dynamic updates". Click Next to continue (Figure 0063)

Figure 0063 : Dynamic Updates

35. Click Finish to close the wizard and create the new zone (Figure 0064).

Figure 0064 : Successfully Completed the New Zone Wizard

46

EXERCISE 3.3.1

Creating Reverse Lookup Zones New Pointer (PTR)

36. In the DNS manager window, double-click the computer icon and expand the Reverse Lookup Zone field.

37. Expand the subnet field.

38. Right-click the subnet field and select New Pointer (Figure 0065).

Figure 0065 : Create New Pointer

39. Enter the IP address of your domain server (Figure 0066).

Figure 0066 : Host IP Address

40. Click Browse button to browse for host name.

47

41. Double click your server icon (Figure 0067).

Figure 0067 : Browse Host Name - Domain

42. Double click Forward Lookup Zones (Figure 0068).

Figure 0068 : Browse Host Name - Forward Lookup Zones

48

43. Double click your domain (Figure 0069).

Figure 0069 : Browse Host Name – Domain.com

44. Double click Host (A) record (Figure 0070).

Figure 0070 : Browse Host Name – Host (A)

49

45. Click OK to create new pointer (Figure 0071).

Figure 0071 : New Pointer Complete Data

46. After finish configuring Reverse Lookup Zones, recheck the subnet field. The subnet field must have minimum three(3) types resource record – (SOA), (NS) and (PTR). (Figure 0072).

Figure 0072 : Reverse Lookup Zones

50

EXERCISE 3.4

Testing The DNS Server

In this section you verify that the DNS Server is installed, running, and correctly configured.

47. In the DNS manager window, right-click the computer icon and select properties (Figure 0073).

Figure 0073 : DNS Manager – Server Properties

48. Click the Monitoring tab (Figure 0074).

Figure 0074 : DNS Server Properties

51

49. Enable both tests and click Test Now button (Figure 0075).

Figure 0075 : DNS Server Properties - Monitoring

Do not proceed till the test results for Simple Query indicate Pass. Your recursive query result will indicate Fail because we did not configure our DNS to query to other DNS server.

50. Click OK to continue

51. Close the DNS Manager.

52

EXERCISE 3.5

Testing The DNS Server Using NSLOOKUP To Query DNS In this exercise you will use a client tool to check the operation of the DNS server. You will query both a forward and reverse lookup.

52. Launch Run. Click Start ►Run (Figure 0076).

Figure 0076 : Launch RUN

53

53. Enter nslookup and click OK (Figure 0077).

Figure 0077 : Launch Nslookup Program

54. A command prompt DOS window will appear with the program nslookup running in it (Figure 0078). The default server name and IP address of the DNS server will be shown.

Figure 0078 : Running Nslookup

55. To perform a forward lookup (resolve a computer name to an IP address) enter the name of the computer (e.g. myserver.com) (Figure 0079).

Figure 0079 : Query Forward Lookup

54

56. Press ENTER. Your query result will be same as Figure 0080 below.

Figure 0080 : Query Forward Lookup Result

57. To perform a reverse lookup (resolve an IP address to a computer name), enter the IP address given in step 56 and press ENTER (Figure 0081).

Figure 0081 : Query Reverse Lookup

58. Close the command prompt windows (Figure 0082).

Summary

The DNS server is a database that manages computer names and their IP addresses. Zone files are used to store this information. Within a zone, a forward lookup resolves computer names to IP addresses. A reverse zone resolves IP addresses to computer names.

A client tool such as NSLOOKUP can be used to test the operation of a DNS server.

55

Exercise 4

Installing Active Directory




56

Exercise 4 : Installing Active Directory In this exercise you will install active directory services (ADS) and change to native mode (where the server acts purely with ADS). Once ADS is installed, you will be able to take advantage of many of the new features of Windows 2008 in managing users, computers and sites.

Adding Active Directory Domain Services Role In this section, you‟ll learn how to adding Active Directory Domain Services Role. EXERCISE 4.1 Adding Active Directory Domain Services Role

1. Launch Server Manager. Click Start ►Administrator Tools ► Server Manager (Figure 0082).

Figure 0082 : Launch Server Manager

57


Figure 0083 : Roles



4. On the Before You Begin page, review the requirements, and click Next (Figure 0085).


58

5. On the Select Server Role page, select the check box next to Active Directory

Domain Services, and click Next (Figure 0086).

Figure 0086 : Server Roles

6. On the Active Directory Domain Services page, review the information, and click

Next (Figure 0087).

Figure 0087 : Active Directory Domain Services

59

7. On the Confirm Installation Selections page, click Install (Figure 0088).




60

8. On the Installation Result page, review the information.

Click Close (Figure 0090).


Note : You still must run the Active Directory Domain Services Installation Wizard (DCPromo) to make the server a fully functional domain controller.

61

Installing Active Directory Domain Services In this section, you‟ll learn how to installing Active Directory Domain Services. EXERCISE 4.2 Installing Active Directory Domain Services

9. Logon into a Windows Server 2008 server as Administrator.

10. Click Start ►Run. At the Run line, enter DCPromo, and click OK (Figure 0091).

Figure 0091 : Run dcpromo

11. On the Welcome screen, click Next (Figure 0092).

Figure 0092 : Welcome Screen

62

12. On the Operating System Compatibility screen, review the information, and click Next (Figure 0093).

Figure 0093 : Operating System Compatibility Screen

13. On the Choose a Deployment Configuration screen, select Create a New Domain in a New Forest. Click Next (Figure 0094).

Figure 0094 : Choose a Deployment Configuration Screen

63

If your computer were part of an existing forest, you could create a replica domain controller within an existing domain. However, this exercise is assuming your server will be the first domain controller in the forest.

14. On the Name the Forest Root Domain screen, enter MYServer.com as the fully qualified domain name.

Click Next (Figure 0095).

Figure 0095 : Name the Forest Root Domain Screen

15. If Domain NetBIOS Name page appears, accept the default of MYSERVER.

16. On the Set Forest Functional Level screen, select the Forest functional level of

Windows Server 2008. This ensures that any new domains created in this forest will automatically operate at the Windows Server 2008 domain functional level, which does provide unique features. If you had a network that has a Windows 2000 Remote Access Server, you would select the compatible option (Figure 0096).

Figure 0096 : Set Forest Functional Level Screen

64

17. Click Next to continue.

18. On the Additional Domain Controller Options screen, note that both the DNS

server and the global catalog are selected as options. Active Directory Domain Services requires DNS, and if not available on the network, DCPromo will give you the option of installing it. Additionally, the first domain controller within a domain is a global catalog server.

Figure 0097 : Additional Domain Controller Options Screen

Note : If you have dynamically assigned IP addresses, a warning will appear indicating you must assign static IP addresses for both IPv4 and IPv6. Either assign static IP addresses or click Yes; the computer will use a dynamically assigned IP address and configure static IP addresses later. As a best practice, domain controllers should use statically assigned IP addresses. Click Next to continue (Figure 0097).

65

19. If this server is on an isolated network without other DNS servers, a warning

dialog box will appear indicating that a delegation for this DNS server can‟t be created and other hosts may not be able to communicate with your domain from outside the domain. This is normal when installing DNS for the first domain controller in a forest. Click Yes to continue (Figure 0098).

Figure 0098 : Warning Dialog Box

20. On the Location for Database, Log Files, and SYSVOL screen, accept the defaults. Click Next (Figure 0099).

Figure 0099 : Location for Database, Log Files, and SYSVOL Screen

66

21. On the Directory Services Restore Mode Administrator Password screen, enter @xercisE in both the Password and Confirm password boxes. This password is needed if you need to restore Active Directory Domain Services. On a production domain controller, a more secure password would be required. Click Next (Figure 0100).

Figure 0100 : Directory Services Restore Mode Administrator Password Screen

22. On the Summary screen, review your selections, and click Next (Figure 0101). Active Directory Domain Services will be installed.

Figure 0101 : Summary Screen

67

23. After a few minutes, the wizard will complete (Figure 0102).

Figure 0102 : AD Installation Progress

24. If a warning message appeared same as below, just click OK. This message appeared because we already created the DNS zone before (Figure 0103).

Figure 0103 : Warning Message

25. On the Completion screen, click Finish (Figure 0104).

Figure 0104 : Completion Screen

68

26. On the Active Directory Domain Services dialog box, click Restart Now (Figure 0105). Once your system reboots, Active Directory Domain Services will be installed.

Figure 0105 : Restart Confirmation Screen

27. After restart, login your server as Administrator (Figure 0106).

Figure 0106 : Login

69

EXERCISE 4.3

Recheck Network Configuration

Now you need to recheck your network configuration because sometime after installing Active Directory Domain Services, the network configurations change to localhost setting.

28. Launch Network and Sharing Center. Click Start ► Right click Network ►

Properties (Figure 0107).

Figure 0107 : Network Properties

70

29. Under myserver.com (Domain network), click View status (Figure 0108).

Figure 0108 : View Network Status

30. Click Properties button to open Local Area Connection Properties (Figure 0109).

Figure 0109 : Local Area Connection Status

71

31. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button (Figure 0110).


Figure 0111 : Internet Protocol Version 4 (TCP/IPv4) Properties

72

32. Check your network configurations; make sure the configurations correct (Figure

0112).

Figure 0112 : Network Configurations

33. Now click the Advanced button (Figure 0112).

34. Select the DNS tab (Figure 0113).

35. Specify myserver.com as the DNS suffix for this connection (Figure 0113).

36. Tick Use this connection’s DNS suffix in DNS registration box (Figure 0113).


38. Click OK again.

73

Figure 0113 : Advanced TCP/IP Setting

39. Close all remaining windows.

Summary

Windows Server 2008 brings a lot of new features and benefits that will drive a lot of migrations to the new operating system. This chapter presented many of these new additions.

One of the significant benefits of Windows Server 2008 is virtualization. Three editions (Windows Server 2008 Standard with Hyper-V, Windows Server 2008 Enterprise with Hyper-V, and Windows Server 2008 Datacenter with Hyper-V) support virtualization.

Each edition can be purchased with or without Hyper-V, which is the technology that supports virtualization. The Standard edition supports one virtual server, the Enterprise edition supports as many as four virtual servers, and the Datacenter edition supports an unlimited number of virtual servers. Virtualization is supported only on 64-bit operating systems.

In this chapter, you learned about the new features of Windows Server 2008. These included Server Manager, Server Core, PowerShell, Windows Deployment Services, and read-only domain controllers.

Exercises led you through the process of installing Windows Server 2008 on a PC. After reviewing many of the basics of Active Directory Domain Services, you learned how to promote the server to a domain controller.

74

Exercise 5

Creating Organization Units

And Users




75

Exercise 5 : Creating Organizational Units And Users In this section, you‟ll use active directory to view the default settings that apply to user accounts when they are created. These settings can be overridden for a particular user, a group of users, or all users. You will create a number of organizational units. An OU acts as a container that holds objects such as users.

Creating Organization Units In the following exercise, you will create some organizational units that will act as containers for some users. These organizational units model the departments within a small organization.

EXERCISE 5.1 Creating Organization Units

1. Logon server as administrator.

2. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0114)

Figure 0114 : Run Active Directory Users and Computers

76

3. Click on the myserver.com icon to select it (Figure 0115).

Figure 0115 : Expand Domain

4. On the menu bar, click Action, New, Organizational Unit (Figure 0116).

Figure 0116 : Create New Organization Unit

77

5. Enter Stkm as the name for the new organizational unit (Figure 0117).

6. Uncheck Protect container from accidental deletion (Figure 0117).


Figure 0117 : Create Organization Unit

8. Repeat step 3 to 7 to create the organizational units Sted and Sklr (Figure 0118).

Figure 0118 : Organization Unit

Creating organizational units lets you place users directly into units and assign permissions and rights based on these units. This leads to better administration and delegation control than if you placed users directly into the user container.

When users move from one department to another, it is a simple matter to move the user to the corresponding organizational unit. In this way, they inherit all the new features and rights and of the new organizational unit, ensuring they have full access to all the resources they are entitled to.

78

EXERCISE 5.2 Creating Users within Organizational Units

For proper control, it is better to create users within an OU rather than the Users container. In the following exercise you will create a number of users, modify their properties, and move them from one organizational unit to another.

9. Click the Stkm OU to highlight it (Figure 0119).

Figure 0119 : Stkm OU

Creating new user accounts for Zul

10. Right click Stkm and select New ► User from the menu (Figure 0120).

Figure 0120 : Stkm OU

79

11. Enter the following details for Zul (Figure 0121).

First Name Last Name Full Name User logon name

Zul Zcomby Zul Zcomby zul.zcomby

Figure 0121 : Create New User

12. Click Next.

13. Enter the password as comby. Check the boxes “User cannot change password” and “Password never expires”, then click Next (Figure 0122).

Figure 0122 : Create Password

80

14. Click Finish to create the new user Zul (Figure 0123).

Figure 0123 : New User Account Confirmation

15. The warning below will appear. This warning appears because your password does not meet the password policy requirements. Click OK to continue (Figure 0124).

Figure 0124 : Password Policy Warning

16. Click Cancel to close new user account confirmation window (Figure 0125).

Figure 0125 : New User Account Confirmation

81

EXERCISE 5.2 Configuring Password Policy

17. To disable password policy requirements; launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy Management (Figure 0126)

Figure 0126 : Launch Group Policy Management

82

18. Double click to expand Forest: myserver.com.

19. Expand Domains.

20. Expand myserver.com.

21. Click Default Domain Policy (Figure 0127).

Figure 0127 : Group Policy Management

22. If any warning box appeared; just click OK (Figure 0128).

Figure 0128 : Group Policy Management Console Warning

83

23. Right click Default Domain Policy and select Edit (Figure 0129).

Figure 0129 : Group Policy Management – Default Domain Policy

24. Double click to expand Policies (Figure 0130).

25. Expand Windows Settings.

26. Expand Security Settings (Figure 0130).

Figure 0130 : Group Policy Management – Security Settings

84

27. Double click to expand Account Policies (Figure 0131).

Figure 0131 : Group Policy Management – Password Policy

28. Click Password Policy (Figure 0132).

29. Double click Password must meet complexity requirements under Password Policy to open Password must meet complexity requirements Properties.

Figure 0132 : Group Policy Management - Password Must Meet Complexity Requirements

85

30. Select Disabled under Security Policy Setting tab (Figure 0133).

Figure 0133 : Password Must Meet Complexity Requirements Properties

31. Click OK.

32. Double click Minimum password length under Password Policy to open Minimum password length Properties (Figure 0134).

Figure 0134 : Group Policy Management - Minimum Password Length

86

33. Set No password required to 0 characters (Figure 0135).

Figure 0135 : Minimum Password Length Properties

34. Click OK.

35. Recheck your configuration. Your configuration should be same as figure below (Figure 0136).

Figure 0136 : Group Policy Management - Password Policy

36. Close all windows and RESTART your server. After restarting server, login as Administrator and start create user Zul Zcomby again (follow step 10 to 14). There should be no problem anymore.

87

Creating Users within Organizational Units (Continue)

37. Now create the new user Ocah in the Stkm OU using the following properties (Figure 0137).

First Name Ocah

Last Name Blue

Full Name Ocah Blue

User logon name ocah.blue

Password ocah

User cannot change password

Password never expires

Figure 0137 : Ocah Blue Properties

38. Create the following user account in the Sted OU (Figure 0138).

First Name Ahmad

Last Name Akmal

Full Name Ahmad Akmal

User logon name zul.akmal

Password akmal



Figure 0138 : Ahmad Akmal Properties

39. Create the following user account in the Sklr OU.

First Name Ain

Last Name Syahmi

Full Name Ain Syahmi

User logon name ain.syahmi

Password ain



Figure 0139 : Ain Syahmi Properties

88

First Name Ali

Last Name Uddin

Full Name Aliuddin

User logon name ali.zul

Password ali



Figure 0140 : Aliuddin Properties

First Name Wan

Last Name Saad

Full Name Md Saad

User logon name wan.saad

Password masuri

User must change password at next logon

Account is disabled

Figure 0141 : Md Saad Properties

40. Note the down arrow that appears on the icon for the user Md Saad, indicating this account has been disabled (Figure 0142).

Figure 0142 : AD Users and Computers – User Disabled

89

EXERCISE 5.3 Moving Users within Organizational Units

41. It is easy to delete, rename or move a user from an organization unit. In the above exercise the user Md Saad was inadvertently placed in the wrong OU. Right-click the user Md Saad and select move from the list (Figure 0143).

Figure 0143 : Move Users

42. Click Stkm as the destination OU (Figure 0144).

Figure 0144 : Move Users – Stkm OU

43. Click OK

90

44. Expand the Stkm OU to confirm that the user Md Saad is now a member of Stkm OU (Figure 0145).

Figure 0145 : Stkm OU Members

You have now created a number of users within the organizational units created earlier. At this stage, you cannot see the benefits of doing this. However, the later exercises will start to illustrate why this has been done, by allocating resources to organizational units. Thus, a user will get access to a resource based on their OU membership properties. If a user moves from one organizational unit to another, they will inherit all the resources associated with the new OU.

91

EXERCISE 5.4 Updating User Information In this exercise we will look at default user properties such as logon times and how often they need to change their passwords. Active Directory allows organizations to store significantly more information than in previous versions of Windows. For example, you can store telephone and office information in the Active Directory with the user information.

45. Double click the user Md Saad in the Stkm OU (Figure 0146).

Figure 0146 : User Properties

46. Enter the following details (Figure 0147).

Office Integration

Telephone Number 012-5740157

E-Mail [email protected]

Job Title (Organization) Senior Instructor

Department Computer Technology

Company IKM

Figure 0147 : User Details

92

Figure 0148 : Md Saad Properties - General

Figure 0149 : Md Saad Properties - Organization

47. Click OK to apply the changes.

93

EXERCISE 5.5 Restrict User Logon Hours

48. Double click the user Md Saad in the Stkm OU (Figure 0150).

Figure 0150 : Md Saad Properties

49. Click Account tab (Figure 0151).

Figure 0151 : Md Saad Properties - Account

94

50. Click the Logon Hours button (Figure 0152).

Figure 0152 : Logon Hours

51. Select all areas and click Logon Denied (Figure 0153).

Figure 0153 : Logon Hours for Md Saad – Logon Denied

Restrict the logon hours (under Account Tab) to Monday-Friday, 8am-5pm.

52. Select the areas Monday to Friday and 8am to 5pm (Figure 0154).

Figure 0154 : Logon Hours for Md Saad – Select Areas

95

53. Select Logon Permitted (Figure 0155).

Figure 0155 : Logon Hours for Md Saad – Set Logon Permitted

54. Click the OK button.

55. Click the OK button again. In the above exercise you assigned some organizational information to a user. You also explored some of the properties that can be applied.

96

Exercise 6

Configuring Client Computer




97

Exercise 6 : Configuring a Client Computer In this section you will configure Windows XP Professional on the other computer that will be part of your network. This computer will act as a client computer that users of your network can use to access shared resources such as files, software and printers. Make sure that the Windows Server 2008 previously installed is running. Please refer to the following table for client configuration.

Name of This Computer clientxpSN

Name of Organization IKM

Role of This Computer Client Workstation

Name of Installer Administrator

Domain Name same domain name as you did for the Server

TCP/IP Address 192.168.2.SN

TCP/IP Subnet mask 255.255.255.0

TCP/IP Gateway 192.168.2.ServerNumber

Preferred DNS server 192.168.2.ServerNumber

Note : SN = Station Number

Use the same domain name as you did for the Server.

98

EXERCISE 6.1 Network Setting (Windows XP)

1. Run Network Connections application program. Click Start ► All Programs ►Accessories ►Communications ►Network Connections (Figure 0156).

Figure 0156 : Run Network Connections

2. Right click Local Area Connection (Figure 0157).


3. Select Properties (Figure 0157).

99

4. Double click Internet Protocol (TCP/IP) (Figure 0157).


5. Now set your client (Windows XP) IP address, and ensure that you are using a

static IP address. For this exercise, I‟m using number 61 as my Windows XP client station number (Figure 0159).

Use the following IP address:

IP address : 192.168.2.SN (client station number)

Subnet mask : 255.255.255.0

Default gateway : 192.168.2.ServerNumber (server IP address)

Use the following DNS server address: Preferred DNS server : 192 . 168 . 2 . ServerNumber (1st server IP address) Alternate DNS server : ___ . ___ . ___ . ___ (2nd server IP address)

100

Figure 0159 : Internet Protocol (TCP/IP) Properties

7. Click the “OK” button (Figure 0159).


8. Click “OK” button (Figure 0160) and close all remaining windows.

101

EXERCISE 6.2 Joining Domain (Windows XP client)

9. Click Start ►Right-click My Computer (Figure 0161).

Figure 0161 : My Computer

10. Select Properties. (Figure 0162).

Figure 0162 : My Computer - Properties

102

11. Click the Computer Name tab, and then click Change. (Figure 0163).


12. Click the More button. (Figure 0164).

Figure 0164 : Computer Name Changes - Workgroup

103

13. Specify yourdomain.com as the Primary DNS Suffix for This Computer (Figure 0165).

Figure 0165 : DNS Suffix and NetBIOS Computer Name


15. Change Computer Name to clientxpSN (Figure 0166).

16. Select "Member of ....... Domain" and enter the name of your Domain (Figure 0166).

Figure 0166 : Computer Name Changes - Domain


104

18. Now Domain Server will prompt you for Username and Password. Enter any username and password you have created before. (Figure 0167).

Figure 0167 : Join Domain Verification

19. If you get this welcome message : Windows : "Computer Name Changes" - Welcome to the ....... domain"; it means you are successfully joining a domain. (Figure 0168).

Figure 0168 : Domain Welcome Message

20. Since joining a domain is a major change in the security configuration of your system, you will be reminded that you have to restart your system. Click OK (Figure 0169).

Figure 0169 : Restart Reminder

105

21. You will be back in the System Properties, where you are now listed as being part of a domain (Figure 0170).

Figure 0170 : System Properties – Computer Name

22. Click OK to close the remaining dialog boxes (Figure 0170).

23. Click YES to restart the computer. (Figure 0171).

Figure 0171 : Restart Confirmation

.

.

106

Exercise 7

Viewing Computer In Active Directory




107

Exercise 7 : Viewing Computer In Active Directory

In this section you will use Active Directory Users and Computers to view information for computers and servers.

When a client workstation is installed using Windows XP Professional or Windows 2000 Professional or Windows Vista or Windows 7, it has its own accounts database and rights. When that client computer joins a domain or Windows Server 2008 network, this means that the domain wide accounts are available for use at the workstation. When a user logs on using the client computer, any policies are applied to the client computer.

Client workstations running Windows XP Professional have their own local accounts database. This means it is possible for an administrator on the workstation to create a local workstation account, which is not the same as the domain account, and allow users to logon to the local computer rather than the domain.

Currently, you should have the Windows Server 2008 and a Windows XP Professional client workstation running.

Log on as administrator to the Windows Server 2008.

EXERCISE 7.1

Viewing Computers and Servers in Active Directory In this exercise, you will use Active Directory Users and Computers to view the workstations and servers in the domain.

1. Log on the Windows Server 2008 as administrator.

2. Launch Active Directory Users and Computers. Click Start ► Administrative

Tools ► Active Directory Users and Computers (Figure 0172)

108

Figure 0172 : Launch Active Directory Users and Computers

3. Expand the domain icon (Figure 0173).

Figure 0173 : AD – myserver.com

109

4. Click on the Computers folder from the list (Figure 0174).

Figure 0174 : AD – Computers

You can see CLIENTXP61 listed under Computer folder.

5. Double-click on the CLIENTXP61 to display its properties (Figure 0175).

Figure 0175 : CLIENTXP61 Properties

Now you can see the general information about CLIENTXP61 including it DNS name and it role.

110

6. Click on the Operating System tab (Figure 0176).

Figure 0176 : CLIENTXP61 Properties - Operating System

Here you can find information about Operating System, version and service pack using by client.

7. Click OK to close the properties box.

8. Click on the Domain Controllers folder under myserver.com (Figure 0177)

Figure 0177 : AD - Domain Controllers

111

9. Double-click on the domain controllers to display its properties (Figure 0178).

Figure 0178 : SERVER21 Properties

10. Click on the Operating System tab (Figure 0179.)

Figure 0179 : SERVER21 Properties - Operating System

Here you can find information about Operating System, version and service pack using by server.

11. Click OK to close the properties box and close all remaining dialog box.

In this exercise you viewed properties of workstations and servers in your network using Active Directory.

112

EXERCISE 7.2

Using the Local Workstation Account

In this exercise you will log on the Windows XP Professional workstation using a local administrator account.

12. Log on the Windows XP Professional as administrator (Figure 0180).

Figure 0180 : Log on to Windows XP

13. Log off the client computer. Click Start ► Shutdown and select Logoff Administrator (Figure 0181).

Figure 0181 : Log off Windows XP

113


Figure 0182 : Log off Windows XP Administrator

EXERCISE 7.3

Using Domain wide account at the client computer

In this exercise you will log on the client computer using a domain account.

15. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0183).

Figure 0183 : Windows XP Logon

114

16. Log on the Windows XP Professional as zul.zcomby and comby as password (Figure 0184).


17. Click OK.

18. You will receive a Logon Message. Why? (Figure 0185) Because zul.zcomby not created on the local client account, it was created in the server active directory account. Just now, you were tried to logon to the client using active directory user account.

Figure 0185 : Logon Message

19. Click OK to dismiss the dialog box.

115

20. Now, look at the logon box. There is an extra field displayed, called Logon to: (Figure 0186).


21. Click the Logon to: box, and select MYSERVER (Figure 0187)

Figure 0187 : Log on to server

116

22. Enter the same user credentials as previously (Figure 0188).

Figure 0188 : Log on to server using client workstation

23. Click OK.

What happened? Could you log on? It should be no problem.

24. Log off the client computer. But leave it running Windows XP Professional (do not shut the computer down yet).

25. If you are currently logged in to the Windows Server 2008, log off.

26. Attemp to log on to the server as zul.zcomby.

26.1. Click Switch User button (Figure 0189).

Figure 0189 : Switch User button

26.2. Click Other User button (Figure 0190).

Figure 0190 : Other User button

117

26.3. Enter user as zul.zcomby and password as comby (Figure 0191).

Figure 0191 : Logon to server using user account

26.4. Press ENTER.

27. What happened? Could you log on? A error message appeared (Figure 0192).

Figure 0192 : Logon Error Message

Why? Because the user account you are using to login into server do not have permission to login into server directly.

28. Click OK.

29. Logon to the server as administrator.

118

30. Launch Active Directory Users and Computers. Click Start ► Administrative Tools ► Active Directory Users and Computers (Figure 0193).


31. Click on the Stkm Organizational Unit (Figure 0194).

Figure 0194 : Active Directory Users and Computers - Stkm

119

32. Double-click on the user Zul Zcomby to display the properties box (Figure 0195).

Figure 0195 : Zul Zcomby Properties

33. Click the Member Of tab (Figure 0196).

Figure 0196 : Zul Zcomby Properties - Member Of

120

34. Click Add… button (Figure 0197).

Figure 0197 : Add Button

35. Click Advanced button (Figure 0198).

Figure 0198 : Select Groups

36. Click Find Now button (Figure 0199).

Figure 0199 : Select Groups - Advanced

121

37. Double-click Server Operators from the list (Figure 0200).

Figure 0200 : Select Groups – Find Now

38. Click OK.


Figure 0201 : Select Groups

122


Figure 0202 : Zul Zcomby Properties - Member Of

41. Log off server. Click Start ► Log Off (Figure 0203).

Figure 0203 : Log Off Server


42.1. Press Ctrl + Alt + Del.



123





42.5. Press ENTER.

What happened? Could you log on? It should be no problem.

Summary Servers do not allow normal users to logon locally. Servers run the network and provide resources, which users connect to remotely across a network. Servers are not designed to have users physically sitting at their keyboards trying to log on and run programs. Users actually logon to a client computer in the network and access resources using a network connection.

Client computers running Windows XP Professional have their own accounts database.

124

Exercise 8

Delegating Management Of

Users




125

Exercise 8 : Delegating Management Of Users In this exercise you will create new local groups and look at assigning managers to users and organizational units. EXERCISE 8.1 DelegatingControl

In this portion of the exercise you will make zul.zcomby a manager of the Stkm organizational unit. Once he is a manager, he will be able to modify user accounts within the Stkm OU.

1. Log on the Windows Server 2008 as administrator.

2. Launch Active Directory Users and Computers. Click Start ► Administrative

Tools ► Active Directory Users and Computers (Figure 0207)


126


Figure 0208 : AD – myserver.com

4. Right click the Stkm OU and select Delegate Control (Figure 0209).

Figure 0209 : AD – Stkm

5. This starts the Delegation of Control Wizard (Figure 0210).

Figure 0210: Delegation of Control Wizard

127

6. Click Next (Figure 0210).

7. Click the Add… button (Figure 0211).

Figure 0211: Delegation of Control Wizard – Users or Groups

8. Click the Advanced… button (Figure 0212).

Figure 0212: Select Users, Computers, or Groups

128

9. Click the Find Now button (Figure 0213).

Figure 0213: Select Users, Computers, or Groups – Advanced

10. Select Zul Zcomby account (Figure 0214).

Figure 0214: Select Users, Computers, or Groups – Find Now

129



Figure 0215: Select Users, Computers, or Groups – User Added


Figure 0216: Delegation of Control Wizard – Users Added

130

14. Delegate the following tasks as illustrated (Figure 0217).

Figure 0217: Task to Delegate


16. Click Finish (Figure 0218).

Figure 0218: Delegation of Control Wizard – Finish

131

17. Log off server. Click Start ► Log Off (Figure 0219).

Figure 0219 : Log Off Server

132

EXERCISE 8.2 Managing Users In this portion of the exercise you will log on to server as zul.zcomby and attempt to manage users.









18.5. Press ENTER.

133


Figure 0223: Launch Active Directory Users and Computers

20. You will be asked to reenter your password for security measure. Just reenter

password for zul.zcomby (Figure 0224).

Figure 0224: User Account Control Permission

134


Figure 0225: Active Directory Users and Computers - Domain

22. Click on the Stkm OU (Figure 0226).

Figure 0226: Active Directory Users and Computers - Stkm

23. Double-click the user Ocah Blue (Figure 0227).

Figure 0227: Active Directory Users and Computers – User

135

24. Click the Account tab (Figure 0228).

Figure 0228: Ocah Blue Properties

25. Click the Logon Hours… button (Figure 0229).

Figure 0229: Logon Hours button

136

26. Select all areas and click Logon Denied (Figure 0230).

Figure 0230 : Logon Hours for Ocah Blue – Logon Denied

Change Ocah’s the logon hours (under Account Tab) to Monday-Friday, 8am-5pm.

27. Select the areas Monday to Friday and 8am to 5pm (Figure 0231).

Figure 0231 : Logon Hours for Ocah Blue – Select Areas

137

28. Select Logon Permitted (Figure 0232).

Figure 0232 : Logon Hours for Ocah Blue – Set Logon Permitted

29. Click OK.

30. Click OK again.

31. Click the Sklr OU (Figure 0233).

Figure 0233: Active Directory Users and Computers – Sklr

138

32. Double-click Ain Syahmi user account to display the properties of this user (Figure 0234).

Figure 0234: Active Directory Users and Computers – User

33. Attemp to change the logon hours of this user. Click Account tab (Figure 0235).

Figure 0235: Ain Syahmi Properties

139

34. Click the Logon Hours… button (Figure 0236).

Figure 0236: Logon Hours Button

35. A warning message will be displayed (Figure 0237). Why do you think you are not able to modify this account?

Figure 0237: AD Error Message

Because Zul Zcomby only have permission to modify user under Stkm OU only. He only have read permissioin for other OU‟s.

36. Click OK to close the message (Figure 0237).

37. Close all remaining windows except Active Directory Users and Computers.

38. Click the Stkm OU (Figure 0238).

Figure 0238: Active Directory Users and Computers – Stkm

140

39. Right-click Ocah Blue account and select Reset Password… from the list (Figure 0239).

Figure 0239: AD – Ocah Blue – Reset Password

This display a reset password box that will allow the password to be changed.

40. Click Cancel (Figure 0240).

Figure 0240: Reset Password


42. Log off the server.

In the above exercise you delegated control of an Organizational Unit to a user. You then modified account details of users belonging to that OU as the designated manager of the OU.

Delegating control of users using the delegation control wizard is simple. When control of users and groups is delegated, administrators can be relieved of simple administrative tasks such as resetting passwords and modification of user accounts.

141

Exercise 9

Exploring Group Scopes and Types




142

Exercise 9 : Exploring Group Scopes and Types EXERCISE 9.1 Exploring Group Scopes and Types In the following exercise you will create a number of groups. These groups will be used to demonstrate group scope. From the notes, group scope determines who can be a member and where that group can be used in the enterprise.

Group Type

Scope

Local User accounts, Global groups and Universal groups from any domain in the forest, as well as local groups from the same domain.

Global User accounts and global groups from the same domain.

Universal User accounts, global groups and universal groups from any domain in the forest.

The recommended strategy for using groups in Windows Server 2008 is to use both global and domain local groups. Place users into global groups and then place the global groups into domain local groups and assign permissions to the domain local groups.

Global groups have access to accounts in the local domain. Where the enterprise consists of more than one domain, local groups allow the use of accounts across all the domains. Where the enterprise has combined a number of domains into a forest, Universal groups provide access to any accounts in the forest.

1. Log on server as Administrator (Figure 0241).

Figure 0241 : Administrator Login

143



3. Right-click the domain icon and select New - Group from the list (Figure 0243).

Figure 0243 : Active Directory Users and Computers – New Group

144

4. Create a global group called Technical Support (Figure 0244).

4.1 Key-in Technical Support in the Group name: box 4.2 Verify Group scope set to Global. 4.3 Verify the Group type is set to Security.

Figure 0244 : New Object - Group


6. Add Ali Uddin as a member of Technical Support. 6.1 Double-click Technical Support (Figure 0245).

Figure 0245 : Active Directory Users and Computers – Technical Support

145

6.2 Click Members tab (Figure 0246).

Figure 0246 : Technical Support Properties

6.3 Click Add … button (Figure 0247).

Figure 0247 : Add button

6.4 Click Advanced … button (Figure 0248).

Figure 0248 : Select Users, Contacts, Computers, or Group box

146

6.5 Click Find Now button (Figure 0249).

Figure 0249 : Select Users, Contacts, Computers, or Group - Advanced

6.6 Select Ali Uddin user account (Figure 0250).

Figure 0250 : Select Users, Contacts, Computers, or Group – Find Now

147

6.7 Cick OK (Figure 0250).


Figure 0251 : Select Users, Contacts, Computers, or Group



148

7. Create a new Domain Local group called Intranet Users (Figure 0253). 7.1. Right-click the domain icon and select New - Group from the list (Figure

0253).

Figure 0253 : Active Directory Users and Computers – New Group

7.2. Key-in Intranet Users in the Group name: box (Figure 0254).

7.3. Verify Group scope set to Domain Local (Figure 0254). 7.4. Verify the Group type is set to Security (Figure 0254).

Figure 0254 : New Object - Group

7.5. Click OK (Figure 0254).

149

8 Double-click Intranet Users (Figure 0255).

Figure 0255: Active Directory Users and Computers

9 Add the Intranet Users group as a Member Of Technical Support.

9.1. Click Member Of tab (Figure 0256).

Figure 0256 : Intranet Users Properties

9.2. Click Add … button (Figure 0257).


150

9.3. Click Advanced … button (Figure 0258).

Figure 0258 : Select Groups - Add

9.4. Click Find Now button (Figure 0259).


151

9.5. Select Technical Support. What happened? (Figure 0260).

Figure 0260 : Select Groups – Search Results

Can you find Technical Support? Why do you think this happened?

9.6. Close all windows except Active Directory Users and Computers.

10 Now try adding the Technical Support group as a Member Of Intranet Users.

10.1. Double-click Technical Support group (Figure 0261).

Figure 0261 : Active Directory Users and Computers - Technical Support

152

10.2. Click Member Of tab (Figure 0262).


10.3. Click Add … button (Figure 0263)


10.4. Click Advanced … button (Figure 0264)

Figure 0264 : Select Groups - Add

153

10.5. Click Find Now button (Figure 0265)


10.6. Select Intranet Users and click OK button (Figure 0266).

Figure 0266 : Select Groups – Search Result

What happened?

154

10.7. Click OK button (Figure 0267).

Figure 0267 : Select Groups – Intranet Users Group Added

Can you add the Technical Support group as a Member Of Intranet Users? Why do you think this is so?

11 Click OK button (Figure 0268).

Figure 0268 : Technical Support Properties – Member Of Intranet Users

12 Log off Administrator.

Summary

Windows Server 2008 running in native mode supports the use of different group types. Global groups have access to user accounts and other global groups in the same domain. Local groups allow you to access accounts outside the current domain, and universal groups provide access across organizations (forests).

155

Exercise 10

Creating And Applying Group

Policies




156

Exercise 10 : Creating And Applying Group Policies In this exercise you will create a new group policy and apply it to users within an organizational unit.

Group Policies Group policies are settings or configurations that can be applied to users, groups, organizational units and domains. An administrator can create a group policy that configures the computer or user settings, such as menu and desktop settings, folder locations and default password settings.

Windows NT 4 and Windows 98 introduced system policies. Windows 2000, 2003 and 2008 extends these further using group policies. EXERCISE 10.1 Creating a Group Policy



157

2. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy Management (Figure 0270).


3. Expand the Forest (Figure 0271).

Figure 0271 : Group Policy Management - Forest

158

4. Expand the Domains (Figure 0272).

Figure 0272 : Group Policy Management – Domains

5. Expand your domain.com (Figure 0273).

Figure 0273 : Group Policy Management – myserver.com

Now, you will create a new group policy for the Stkm OU. This new policy will apply to all members of the Stkm OU though in another exercise that follows, you will override this.

6. Right-click the Stkm OU and select the Create a GPO in this domain, and

Link it here… (Figure 0274).

Figure 0274 : Group Policy Management – Create new GPO

159

7. Rename the policy as STKM Group Policy (Figure 0275).

Figure 0275 : Create New GPO

8. Click OK to continue (Figure 0275).

9. Right-click the STKM Group Policy and select Edit (Figure 0276).

Figure 0276 : Default Domain Policy - Edit

10. The group policy editor allows you to specify user and computer settings. In the following steps, you will change some of these settings (Figure 0277).

Figure 0277 : Group Policy Management Editor

160

11. Expand User Configuration (Figure 0278).

Figure 0278 : Group Policy Management Editor – User Configuration

12. Expand the Policies folder (Figure 0279).

Figure 0279 : Group Policy Management Editor – Policies

13. Expand the Administrative Templates folder (Figure 0280).

Figure 0280 : Group Policy Management Editor – Administrative Templates

14. Click the Start Menu and Taskbar folder (Figure 0281).

Figure 0281 : Group Policy Management Editor – Start Menu and Taskbar

161

15. A large list of selections is available. Double click the option Add Logoff to the

Start Menu (Figure 0282).

Figure 0282 : Group Policy Management Editor – Add Logoff to the Start Menu

16. The Add Logoff to the Start Menu Properties appears. Click the Disabled button to disable this setting (Figure 0283).

Figure 0283 : Add Logoff to the Start Menu Properties

17. Click OK to apply setting (Figure 0283).

18. The setting now displays as Disabled in the Group Policy Editor (Figure 0284).

Figure 0284 : Add Logoff to the Start Menu – Disabled

162

19. Configure the following settings. Remove Run menu from Start Menu – Enabled Remove Clock from the system notification area – Enabled Desktop\Desktop\Enable Active Desktop – Enabled Desktop Wallpaper – Enabled

Wallpaper Name : C:\WINDOWS\Web\Wallpaper\Autumn.jpg Wallpaper Style : Stretch (This uses wallpaper from the Windows XP Pro installed on C drive of client PC)

20. Close the group policy editor.

21. Refresh the Group Policy Management. On the Menubar; click Action ► Refresh (Figure 0285).

Figure 0285 : Group Policy Management – Refresh

22. Close the Group Policy Management windows.

163

Update Group Policy

23. Launch the Run application. Click Start ► Run… (Figure 0286).

Figure 0286 : Launch the Run Application

24. Key-in gpupdate in the Open : box (Figure 0287).

Figure 0287 : Run Windows

25. Click OK to run the gpupdate (Figure 0288).

Figure 0288 : Updating Policy


164

EXERCISE 10.2 Test the Group Policy The group policy has been applied to members of the Stkm Organizational Unit. There are two members; Zul Zcomby and Ocah Blue. You will now test this policy to see if it works.

27. Log on the server as zul.zcomby.








27.5. Press ENTER.

165

28. Do you have the RUN command on the Start Menu? YES / NO

29. Do you have Clock on the system notification area? YES / NO

Now verify that the settings are also applied to the client computer. Log on to the Client computer as ocah.blue.



31. Log on the client computer as ocah.blue and ocah as password (Figure 0293).

Figure 0293 : Log On To Server Using Client Workstation

166

32. Do you have the RUN command on the Start Menu? YES / NO

33. Do you have Clock on the system notification area? YES / NO

34. Were the wallpaper displayed on the client computer? YES / NO

35. All the group policy setting should be applied (Figure 0294).

Figure 0294 : Client Computer – Ocah Blue

36. Log off the client computer.

37. Log off the Server.

167

Log on to client computer as zul.akmal 38. Press CTRL+ALT+DEL to display the logon dialog box (Figure 0295).


39. Log on the Windows XP Professional as zul.akmal and akmal as password (Figure 0296).


40. Were the group policy setting applied?

YES / NO

41. If not, why do you think this is so?

Because zul.akmal not a member of the Stkm OU. The group policy applied only to the members of the Stkm OU.


168

EXERCISE 10.3

Disabling The Group Policy

In this exercise you will disable the group policy of Stkm OU.





169







170

You are now going to disable the policy of Stkm OU. This is a better option than removing the policy, as if you decide to re-implement the policy at a later date, it will still be there.

48. Expand the Stkm OU (Figure 0302).

Figure 0302 : Group Policy Management – Stkm

49. Click the Stkm Group Policy (Figure 0303).

Figure 0303 : Group Policy Management – STKM Group Policy

50. A warning box appears. The Group Policy Management remind you that you have selected a link to a GPO and changes you make will impact all other locations linked with the GPO (Figure 0304).

Figure 0304 : Group Policy Management Console – Warning

51. Click OK to continue (Figure 0304).

171

52. Right-click the Stkm Group Policy and select Link Enabled (Figure 0305).

Figure 0305 : STKM Group Policy – Details

53. Now you can see under Link Enabled; the status Yes have changed to No (Figure 0306).

Figure 0306 : STKM Group Policy – GPO Status

54. Close the Group Policy Management windows.

172

Update Group Policy








173

Now verify that the group policy is disabled. Log on to the Client computer as zul.zcomby.



60. Log on the Windows XP as zul.zcomby and comby as password (Figure 0311).


61. Were the policies now disabled?

YES / NO


Summary

In this exercise you created a group policy and applied it to an organizational unit. Only a fraction of the available settings were explored. Applying a group policy is a way of controlling security and configuring groups of users with common settings. This can help reduce the cost of ownership and the level of administrator support by restricting what users can do or change on their computers.

174

Exercise 11

Creating And Sharing Resources




175

Exercise 11 : Creating And Sharing Resources One important aspect of a Windows Domain is the ability to share applications, files, printers and other resources on the network. Resources created on Windows Server computers are available to all users in the domain, and it is a simple administration task to allocate permissions to users.

Preliminary Setup

Add zul.akmal, ocah.blue and ain.syahmi to the Intranet Users group.





176

3. Click myserver.com (your domain.com) and double-click the Intranet Users

group from the list (Figure 0314).

Figure 0314 : Active Directory Users and Computers – Intranet Users Group

4. Click the Members tab (Figure 0315).

Figure 0315 : Active Directory Users and Computers – Intranet Users Properties

5. Add Ocah Blue as a member of Intranet Users.

5.1 Click Add … button (Figure 0316).


177

5.2 Click Advanced … button (Figure 0317).

Figure 0317 : Select Users, Contacts, Computers, or Group box

5.3 Click Find Now button (Figure 0318).

Figure 0318 : Select Users, Contacts, Computers, or Group - Advanced

178

5.4 Select Ocah Blue user account (Figure 0319).

Figure 0319 : Select Users, Contacts, Computers, or Group – Find Now




179

5.7 You can see Ocah Blue is added as a member of Intranet Users group (Figure 0321).

Figure 0321 : Intranet Users Properties

6. Now repeat steps 5 to add zul.akmal and ain.syahmi as a member of Intranet Users group.

7. After finish adding all the user to Intranet Users group, your Intranet Users properties should be same as figure below (Figure 0322).

Figure 0322 : Active Directory Users and Computers – Intranet Users Properties

8. Cick OK to finish added members to Intranet Users group (Figure 0322).

180

EXERCISE 11.1 Creating and Sharing a Resource Using Windows Explorer In this exercise, you will use Windows Explorer to create a folder and verify the NTFS file permissions. The folder will then be shared and permissions assigned. You will then access this shared resource from the client computer.

1. Log on to the server as Administrator (Figure 0323).


2. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore (Figure 0324).

Figure 0324 : Launch Windows Explorer

181

3. Access D: drive (Figure 0325). (Make sure your D drive are NTFS formatted. If not, you have to convert or format it to NTFS)

Figure 0325 : Windows Explorer – D Drive

4. Create a folder named tempSN (SN represents you‟re Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be temp21. 4.1. Right-click D drive ► select New ► Folder (Figure 0326).

Figure 0326 : Windows Explorer – Create New Folder

182

4.2. Rename the folder as temp21 (Figure 0327).

Figure 0327 : Rename Folder

5. Open the temp21 folder properties. Right-click temp21 folder ► select Properties (Figure 0328).

Figure 0328 : Open the temp21 folder properties

6. Click the Security tab. A list of security permissions is displayed. Note that the group Administrators is given Full Control access at the folder level (Figure 0329).

Figure 0329 : temp21 Folder Properties

183

When users access a folder across the network, both the share and NTFS permission lists define the user permissions.

7. Click the Sharing tab (Figure 0330).

Figure 0330 : temp21 Folder Properties - Sharing

8. Click Advanced Sharing… button (Figure 0331).

Figure 0331 : Advanced Sharing… button

9. Enable the Share this folder option (Figure 0332).

Figure 0332 : Advanced Sharing

184

10. Specify the share name as Common (Figure 0333).

Figure 0333 : Advanced Sharing – Share name

11. Click the Permissions button (Figure 0334).

Figure 0334 : Permissions button

Now you will restrict permissions at the share level. Remember that user permissions to a network resource are made up of the share permissions and the NTFS permissions.

12. Remove the Everyone group.

12.1. Select the Everyone group from the list (Figure 0335).

Figure 0335 : Permissions for Common

185

12.2. Click the Remove button (Figure 0336).

Figure 0336 : Remove button


Figure 0337 : Add… button

14. Add the Tech Support group with permissions of Full Control. 14.1. Click the Advanced… button (Figure 0338).

Figure 0338 : Advanced… button

14.2. Click the Find Now button (Figure 0339).

Figure 0339 : Find Now button

14.3. Select the Technical Support from the list of Search results (Figure 0340).

Figure 0340 : Search Results

14.4. Click OK button (Figure 0340).

186

14.5. Click OK button to add Technical Support (Figure 0341).


14.6. Click the Full Control allow box to enable the Full Control permission (Figure 0342).

Figure 0342 : Permission for Common – Full Control

15. Repeat steps 13 to 14 to add the Intranet Users group with Read permissions.

16. The share permissions should look like same as figure below (Figure 0343).

Figure 0343 : Permission for Common

187

17. Once you have set the permissions as describe, click OK button to close the dialog box (Figure 0343).

18. Click OK to close the advanced sharing dialog box for folder temp21 (Figure 0344).


19. Click Close button to close temp21 properties (Figure 0345).

Figure 0345 : temp21 Properties

188

20. In the Explorer window you will note a small double head icon on the folder D:\temp21, which indicates the folder is now shared (Figure 0346).

Figure 0346 : Windows Explorer – temp21 Folder


22. Log on the client computer as ali.zul and ali as password (Figure 0347).


189

23. Launch My Computer. Start My Computer (Figure 0348).

Figure 0348 : Launch My Computer

24. Click the My Network Places (Figure 0349).


190

25. Click the Entire Network (Figure 0350).

Figure 0350 : Entire Network Link

26. Double-click the Microsoft Windows Network (Figure 0351).

Figure 0351 : Entire Network

27. Double-click the Myserver workgroup (Figure 0352).

Figure 0352 : Microsoft Windows Network

191

28. Double-click the Server21 and view the available resources (Figure 0353).

Figure 0353 : Myserver Workgroup

29. You should see the Common resource listed (Figure 0354).

Figure 0354 : Server21 Resources

30. Double-click the Common resources so that you are connected to it (Figure 0354).

31. A new window will open up and display the contents of the folder (it will be empty as there are no files in the folder) (Figure 0355).

Figure 0355 : Common Folder on Server21

192

32. Attempt to create a new text file. 32.1. Right-click in the windows and select New Text Document (Figure 0356).

Figure 0356 : Create New Text Document

32.2. Could you create the file? YES / NO

32.3. Log off the client computer.

33. Log on the client computer as ocah.blue (Figure 0357).


193





194

36. Click the Entire Network (Figure 0360).


37. Double-click the Microsoft Windows Network (Figure 0361).


38. Double-click the Myserver workgroup (Figure 0362).


195

39. Double-click the Server21 and view the available resources (Figure 0363).


40. You should see the Common resource listed (Figure 0364).


41. Double-click the Common resources so that you are connected to it (Figure 0364).

42. A new window will open up and display the contents of the folder (Figure 0365).

Figure 0365 : Common Folder on Server21

196

43. Attempt to create a new text file. 43.1. Right-click in the windows and select New Text Document (Figure 0366).


43.2. Could you create the file?

YES / NO If NO, why do you think this happened? Before we begin this exercise, we have done some preliminary setup.

We add mad.akmal, ocah.blue and ain.syahmi to the Intranet Users group

and we set permissions to the folder temp21 as Read only for Intranet

Users. But for Tech Support group, we set Full Control permissions.

In the earlier exercise, we add ali.zul as member of the Tech Support

group. That‟s why user ali.zul can create new text document in the

Common folder on the Server21.


197

EXERCISE 11.2 Creating Network Drive Mapping

Instead of using My Network Places, you can map a drive letter to the resource. This is an alternative way of accessing the resource, but requires that you know the location of the resource (you can use My Network Places to view the available resources, so you don‟t really need to know the location)

45. Log on the client computer as ali.zul and ali as password (Figure 0367).


46. Launch Map Network Drive wizard. Start right-click My Computer Map Network Drive… (Figure 0368).

Figure 0368 : Launch Map Network Drive Wizard

198

47. Select Z as drive and enter the location of the network resource in the Folder:

box (Figure 0369). You must specify the name of the server and the share name. In this exercise, it is \\Server21\Common.

Figure 0369 : Map Network Drive Wizard

48. Click Finish button to apply.

49. A new window will open up and display the contents of the Common folder (Figure 0370).

Figure 0370 : Common Folder on „Server 21‟

199

50. Attempt to create a new test file (Figure 0371).

50.1. Right-click in the windows and select New Text Document (Figure 0371).


50.2. Could you create the file?

YES / NO


200

EXERCISE 11.3 Publishing a Shared Resource in Active Directory One of the problems of publishing shares in the way you have just done (which is the way they done in NT 4 or 98) is that you have to browse the network or know which server the resource is located on in order to find it. This can be time-consuming and frustrating for users. Resources can be published in Active Directory, making them easy to find. In the next exercise you will publish the resource into Active Directory.





201

54. Right-click domain (myserver.com) and select New ► Shared Folder (Figure 0374).

Figure 0374 : Launch Shared Folder Wizard

55. Enter the name as Common Files and the Network path as your server name and share name – in this exercise it is \\Server21\Common (Figure 0375).

Figure 0375 : Shared Folder Wizard

56. Click OK button to finish.

57. The new shared folder appears in the right windows pane of Active Directory (Figure 0376).

Figure 0376 : Active Directory Users and Computer

58. Close Active Directory Users and Computer windows.

202

EXERCISE 11.4 Locating a Shared Resource in Active Directory Now that the shared folder is published in Active Directory, it is easy for users to locate and connect to the resource.

59. Log on to the client computer as ocah.blue (Figure 0377).




203



62. Click the Search Active Directory (Figure 0380).

Figure 0380 : My Network Places

204

63. In the Find drop box, select Shared Folders and in the In drop box, select you domain - myserver (Figure 0381).

Figure 0381 : Find Shared Folders


Figure 0382 : Find Now button

65. A list of shared folders available is displayed (Figure 0383).

Figure 0383 : Find Shared Folders – Find Now

205

66. Right-slick the Common Files shared folder from the list and select Map Network Drive (Figure 0384).

Figure 0384 : Find Shared Folders - Map Network Drive

67. Select U as drive and enter the location of the network resource in the Folder: box (Figure 0385). Note how the location for the server share is filled in automatically.

Figure 0385 : Map Network Drive Wizard

68. Click Finish button to apply.


206



71. There are now one additional drive appears at the bottom (Figure 0387).

Figure 0387 : Network Drive

207


Summary Permissions are assigned at the SHARE and at the File system level. By default,

Windows Server 2003 places every use created into the group EVERYONE, and, when

creating a new directory or share, automatically assigns rights to that resource so the

group EVERYONE can access it.

If you want to secure any resources by restricting access, you should ensure that the

appropriate permissions have been set at both the share and file system level.

Publishing shared folders in Active Directory simplifies the task of locating resources.

208

Exercise 12

Logon Scripts




209

Exercise 12 : Logon Scripts In this exercise you will create logon and logoff scripts and apply these to users in an organizational unit. You will specify a network home directory for users and arrange for this directory to be mapped when the user logs on. Finally, you will specify disk space restrictions for specific users. EXERCISE 12.1 Logon Scripts A logon script is a sequence of commands that executes when a user logs onto the network.



210





211





6. Right-click the STKM Group Policy and select Edit (Figure 0393).

Figure 0393 : STKM Group Policy - Edit

212

7. The group policy editor allows you to specify user and computer settings. In the following steps, you will change some of these settings (Figure 0394).

Figure 0394 : Group Policy Management Editor





213

10. Expand the Windows Setting folder (Figure 0397).

Figure 0397 : Group Policy Management Editor – Windows Setting

11. Click the Scripts (Logon/Logoff) (Figure 0398).

Figure 0398 : Group Policy Management Editor – Scripts (Logon/Logoff)

12. Double-click Logon (Figure 0399).

Figure 0399 : Group Policy Management Editor – Logon

214

13. In the Logon Properties windows, click Show Files… button (Figure 0400).

Figure 0400 : Logon Properties

14. Create new text document. Right-click inside the new windows and select New ► Text Document (Figure 0401).


215

15. Double-click the text document. This will load the Notepad editor. Type the following text into the file (Figure 0402). echo off cls echo This is a log on script for the Stkm OU echo Welcome %USERNAME% , member of the Stkm OU pause

Figure 0402 : Notepad editor – New Text Document

16. Save the file as Stkm.cmd

16.1. From Menu bar, click File ► Save As… (Figure 0403).

Figure 0403 : Menu bar - Save As…

16.2. Enter Stkm.cmd in the “File name:” box (Figure 0404).

Figure 0404 : Save As – File Name

216

16.3. Select All Files from the “Save as type:” drop menu (Figure 0405).

Figure 0405 : Save As Type – All Files

16.4. Click Save button (Figure 0406).

Figure 0406 : Save Button

17. Close the Notepad editor.

18. Close the Script windows by clicking the X button at the right top corner of the windows (Figure 0407).

Figure 0407 : Script Windows

217

19. On the Logon Properties window, click Add… button (Figure 0408).

Figure 0408 : Logon Properties – Add…

20. Click Browse… button on the Add a Script window (Figure 0409).

Figure 0409 : Add a Script – Browse…

218

21. Select Stkm.cmd file from the list (Figure 0410).

Figure 0410 : Browse – Stkm.cmd

22. Click Open button (Figure 0411).

Figure 0411 : Open Button

23. Now you can see the Stkm.cmd appear in the “Script Name:” box. Click OK button to continue (Figure 0412).

Figure 0412 : Add a Script Window

219

24. Stkm.cmd now listed under Logon Properties Script. Click OK button to close the Logon Properties window (Figure 0413).

Figure 0413 : Logon Properties window

25. Close the Group Policy Management Editor window.

26. On the Group Policy Management window, right-click STKM Group Policy and uncheck all options except Link Enabled (Figure 0414).

Figure 0414 : Link Enabled

220

27. Open STKM Group Policy. Right-click the STKM Group Policy and select Edit (Figure 0415).

Figure 0415 : STKM Group Policy - Edit

28. In the Group Policy Management Editor, expand User Configuration (Figure 0416).




221

30. Expand the Administrative Templates folder (Figure 0418).

Figure 0418 : Group Policy Management Editor – Administrative Templates

31. Expand the System folder (Figure 0419).

Figure 0419 : Group Policy Management Editor – System

32. Click the Scripts folder (Figure 0420).

Figure 0420 : Group Policy Management Editor – Scripts

222

33. Double-click the Run logon scripts visible option (Figure 0421).

Figure 0421 : Group Policy Management Editor – Run logon scripts visible

34. The Run logon scripts visible Properties appear. Click the Enabled button to enable this setting (Figure 0422).

Figure 0422 : Run logon scripts visible Properties


36. In the same folder, double-click the Run logon scripts synchronously option (Figure 0423).

Figure 0423 : Group Policy Management Editor – Run logon scripts synchronously

223

37. The Run logon scripts synchronously Properties appear. Click the Enabled button to enable this setting (Figure 0424).

Figure 0424: Run logon scripts visible Properties


39. The setting now displays as Enabled in the Group Policy Editor (Figure 0425).

Figure 0425 : Run logon scripts visible – Enabled

40. Close the Group Policy Management Editor.

41. On Group Policy Management, click Refresh button and close the Group Policy Management window.

224

Update Group Policy




Figure 0427 : Run Window




225

Test The Logon Script



47. The logon script should appear same as figure below (Figure 0430).

Figure 0430 : Logon Script

48. Press ENTER or any key to continue.


Summary Scripts allow for both user and computer environments to be configured. The four scripts

available are startup, shutdown, logon and logoff.

226

Exercise 13

HOME DIRECTORIES




227

Exercise 13 : Home Directories In this exercise, you will create a shared folder on the server that will be used for user home directories. You will map a home directory for a specific user, so that when they log on to the network, they will have a drive mapped to their home directory on the server. EXERCISE 13.1 Create Sharing Folder


Figure 0431: Administrator Login



228


Figure 0433: Windows Explorer – D Drive

4. Create a folder named UserSN (SN represents you‟re Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be User21. 4.3. Right-click D drive ► select New ► Folder (Figure 0434).


229

4.4. Rename the folder as User21 (Figure 0435).

Figure 0435: Rename Folder

5. Open the User21 folder properties. Right-click User21 folder ► select Properties (Figure 0436).

Figure 0436: Open The User21 Folder Properties

230


Figure 0437 : User21 Folder Properties - Sharing





231

9. Specify the share name as Users (Figure 0440).


Set Sharing Folder Permissions

10. Click Permissions button (Figure 0441).


11. Select Everyone and click Remove button to remove Everyone from the “Group or user names:” list (Figure 0442).

Figure 0442 : Remove Everyone

232




Figure 0444 : Select Users, Computers, or Groups


Figure 0445 : Select Users, Computers, or Groups – Advanced

233

15. Select Ahmad Akmal account from the list (Figure 0446).

Figure 0446 : Select Users, Computers, or Groups – Find Now


17. Click OK (Figure 0447)

Figure 0447 : Select Users, Computers, or Groups – User Added

234

18. Tick Allow box for Full Control permission. This will give Ahmad Akmal full control over the folder User21. So he can read and write to the User21 folder on the myserver.com server (Figure 0448).

Figure 0448: Folder Permissions For Users

19. Now we add Administrator account to give Administrator permission to manage the shared folder. Click Add… button (Figure 0449).




235



22. Select Administrator user account from the list (Figure 0452).


236


24. Click OK (Figure 0453)


25. Tick Allow box for Full Control permission. This will give Administrator full control over the folder User21. So the Administrator can manage the User21 folder on the myserver.com server (Figure 0454).

Figure 0454 : Folder Permissions For Users


237

27. Click OK for Advanced Sharing window (Figure 0455).

Figure 0455 : Advanced Sharing window

28. Click OK again for User21 Properties window (Figure 0456).

Figure 0456 : User21 Properties window

29. Click Close all remaining windows.

238

Set User Home Directories



31. Expand myserver.com (Figure 0458).

Figure 0458 : Active Directory Users and Computers – domain

32. Click the Sted Organization Unit (Figure 0459).

Figure 0459 : Active Directory Users and Computers – Sted OU

239

33. Right-click Ahmad Akmal and select Properties (Figure 0460).

Figure 0460 : Active Directory Users and Computers – Ahmad Akmal

34. Click Profile tab (Figure 0461).

Figure 0461 : Ahmad Akmal Properties - Profile

240

35. Select drive L: connect to \\Server21\Users\zul.akmal under Home folder section (Figure 0462). (Specify the name of your server instead of Server21 as in this example).

Figure 0462: Ahmad Akmal Properties – Home Folder


37. Click Sted OU and click Refresh button .

38. Close Active Directory Users and Computer window.

39. Log off server.

241

Test User Home Directories

40. On the client computer, press CTRL+ALT+DEL to display the logon dialog box (Figure 0463).

Figure 0463: Windows XP Welcome Window

41. Log on the Windows XP Professional as zul.akmal and akmal as password

(Figure 0464).


242

42. Launch My Computer. Start ► My Computer (Figure 0465).


43. There are now one additional drive appears at the bottom (Figure 0466).


243

44. Double-click the Network Drives to access the zul.akmal folder on the server

(Figure 0467). The folders are empty.

Figure 0467 : Ahmad Akmal Home Directory

50. Create new text document. Right-click inside the new windows and select New ► Text Document (Figure 0468).


244

45. Rename the file as Test (Figure 0469).

Figure 0469: Computer


Checking The Users Home Directories



245

48. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore

(Figure 0471).


49. Expand D: drive (Figure 0472).

Figure 0472 : Windows Explorer – D: Drive

50. Expand User21 folder (Figure 0473).

Figure 0473 : Windows Explorer – User21 Folder

246

51. You can see the folder zul.akmal is automatically created. Click zul.akmal folder (Figure 0474).

Figure 0474 : Windows Explorer – zul.akmal Folder

What are the contents of the zul.akmal folder? Are there any files on it? You should see the Test.txt file (created earlier from the client computer) listed in the zul.akmal home directory.


Summary

Home directories allow users to store their files on the network. This is especially suited

to roaming users.

247

Exercise 14

DISK QUOTAS




248

Exercise 14 : Disk Quotas In this exercise you will apply disk space restrictions to users. EXERCISE 14.1 Create Disk Quotas





249

3. Right-click D: drive and select Properties (Figure 0477).

Figure 0477 : Windows Explorer – D Drive Properties

4. Click the Quota tab (Figure 0478).

Figure 0478 : Quota Tab

250

5. Enable the check box Enable quota management (Figure 0479).

Figure 0479 : Enable quota management

6. Enable the check box Deny disk space to users exceeding quota limit (Figure 0479).

7. Select Limit disk space to option and set to 25 MB (Figure 0480).

8. Set the Set warning level to option to 5 MB (Figure 0480).

Figure 0480 : Limit Disk Space

251

Add Quota Entries

9. Click the Quota Entries… button (Figure 0481).

Figure 0481 : Quota Entries… button

10. A list of quota entries will be displayed (Figure 0482).

Figure 0482 : Quota Entries

11. On the Menu Bar, click Quota ► New Quota Entry… (Figure 0483).

Figure 0483 : Add New Quota Entry

252

12. Key-in zul.akmal and click Check Names button (Figure 0484).

Figure 0484 : Select Users

13. After button Check Names are clicked, Active Directory will locate all matching or similar object names for zul.akmal. If there are matching or similar object names found, the complete name with email will be shown (Figure 0485).

Figure 0485 : Select Users – Ahmad Akmal

14. Click OK button to confirm (Figure 0485).

253

15. Set the following parameters for zul.akmal quota entry (Figure 0486).

Select the option Limit disk space to and set the value to 10MB. Set the value for Set warning level to option to 8MB.

Figure 0486 : Add New Quota Entry


17. Now there is a new quota entries added to the Quota Entries list for zul.akmal (Figure 0487).

Figure 0487 : Quota Entries For D: Drive

18. Close the Quota Entries window.

254

19. Click OK button to close the Local Disk (D:) Properties window (Figure 0489).

Figure 0489 : Local Disk (D:) Properties window

20. The Disk Quota confirmation message appear, just click OK to enable the quota system now (Figure 0490).

Figure 0490 : Disk Quota Confirmation Message

255

Test The Quota Setting

21. Log on the client computer as zul.akmal and akmal as password (Figure 0491).


22. Launch My Computer. Start ► My Computer (Figure 0492).


256

23. View Home Directory capacity. Right-click on L: drive and select Properties

(Figure 0493).


24. The zul.akmal Home Directory properties appear. Look at the directory capacity, it only 10 MB. Same as the Disk Quota Entry we set earlier (Figure 0494).

Figure 0494 : Ahmad Akmal Home Directory Properties

257

25. Click OK button to close (Figure 0494).

26. Launch Windows Explorer. Start ► right-click My Computer ► Explore (Figure 0495).


27. Access the C:\WINDOWS\Web\Wallpaper sub-folder (Figure 0496).

Figure 0496 : C:\WINDOWS\Web\Wallpaper sub-folder

258

28. Copy Bliss.bmp file. Right-click Bliss.bmp file and select Copy (Figure 0497).

Figure 0497 : Copy Bliss.bmp file

29. Paste the Bliss.bmp file into zul.akmal home directory on L: drive. Right-click L: drive and select Paste (Figure 0498).

Figure 0498 : Paste Bliss.bmp file

259

30. Copy and Paste another file into zul.akmal home directory on L: drive until the

disk quota warning appears (Figure 0499).

Figure 0499 : Disk Quota Warning

Why this happen?

31. Click OK button to close the warning message (Figure 0499).

32. Right-click on L: drive and select Properties (Figure 0500).


260

33. The zul.akmal Home Directory properties appear. Look at the Used space: size, you have used almost 10 MB. The home directory almost full (Figure 0501).

Figure 0501 : Ahmad Akmal Home Directory Properties




Summary Disk quotas allow administrators to restrict disk space to users so that disk space can be effectively managed.

261

Exercise 15

MANAGING SOFTWARE

APPLICATIONS




262

Exercise 15 : Managing Software Applications In this exercise you will deploy software to a Windows 2008 client computer. You will deploy WinZip, a file compression program that does not have an associated MSI file. This means you will need to create a ZAP file in order to publish the application. In the second part of this exercise you will publish this software to members of the Sklr OU, and then test the deployment of the software. EXERCISE 15.1 Establish a Software Distribution Point

To support this exercise, you will need a shared folder on the network that contains the software applications that will be deployed.



263




Figure 0504: Windows Explorer – D Drive

4. Create a folder named SoftDistSN (SN represents you‟re Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be SoftDist21.

264

4.1. Right-click D drive ► select New ► Folder (Figure 0505).


4.2. Rename the folder as SoftDist21 (Figure 0506).


265

EXERCISE 15.2 Sharing The SoftDist21 Folder

5. Open the SoftDist21 folder properties. Right-click SoftDist21 folder ► select


Figure 0507: Open The SoftDist21 Folder Properties


Figure 0508 : SoftDist21 Folder Properties - Sharing



266



9. Specify the share name as ESoftware (Figure 0511).


267

EXERCISE 15.3

Set Sharing Folder Permissions

Set read access to the share folder for the Sklr OU users and Administrator.

10. Click Permissions button (Figure 0512).


11. Select Everyone and click Remove button to remove Everyone from the “Group or user names:” list (Figure 0513).

Figure 0513: Remove Everyone



268





269

15. First, we add first user of Sklr OU. Select Ain Syahmi account from the list (Figure 0517).


16. Click OK button (Figure 0517).



270

18. Tick Allow box for Read permission. This will give Ain Syahmi Read permission

over the folder SoftDist21. So she can read from the SoftDist21 folder on the

myserver.com server (Figure 0519).


19. Click Apply button(Figure 0519).

20. Now we add second user of Sklr OU. Click Add… button (Figure 0520).




271



23. Select Aliuddin account from the list (Figure 0523).



272



26. Tick Allow box for Read permission. This will give Aliuddin Read permission

over the folder SoftDist21. So she can read from the SoftDist21 folder on the

myserver.com server (Figure 0525).


27. Click Apply button (Figure 0525).

28. Now we add Administrator account to give Administrator permission to manage the shared folder. Click Add… button (Figure 0526).


273





274

31. Select Administrator user account from the list (Figure 0529).



33. Click OK button (Figure 0530)


275

34. Tick Allow box for Full Control permission. This will give Administrator full

control over the folder SoftDist21. So the Administrator can manage the

SoftDist21 folder on the myserver.com server (Figure 0531).



36. Click OK button to close Advanced Sharing window (Figure 0532).

Figure 0532 : Advanced Sharing window

276

37. Click Close button to close SoftDist21 Properties window (Figure 0533).

Figure 0533 : SoftDist21Properties window

38. Click Close all remaining windows.

277

EXERCISE 15.4

Copy Software Application files to the Software Distribution Point

The next step is to copy some software applications to the distribution share.

39. Download file WinRar 3.9.3 from site below:

http://zcomby-server2008.blogspot.com under Downloads section and save to the software distribution share point (or download it from the internet from http://www.rarlab.com) .

40. Download file Sample.rar from site below:

http://zcomby-server2008.blogspot.com under Downloads section and save to the software distribution share point (or create a rar file that has a readme.txt file in the achive).

EXERCISE 15.5

Create a ZAP file for the application

To deploy the WinRar application, you will need to create a ZAP file, as no MSI file is available.

41. Create New text document inside E:\SoftDiskx, and rename the text document

as winrar.zap. 41.1 Launch Notepad. Click Start ► All Programs ► Accessories ► Notepad

(Figure 0534).

Figure 0534: Launch Notepad

http://zcomby-server2008.blogspot.com/

http://www.rarlab.com/

http://zcomby-server2008.blogspot.com/

278

41.2 Click File ► Save As… (Figure 0535).

Figure 0535: Notepad

41.3 Change the file name to winrar.zap and select All Files for “Save as

type:” box (Figure 0536).

Figure 0536 : Notepad – Save As

41.4 Click Browse Folders button (Figure 0536).

279

41.5 Click Computer ► double click Local Disk (D:) ► double click SoftDist21 folder (Figure 0537).

Figure 0537 : Notepad – Save As – Browse Folders

41.6 Click Save button to confirm save location (Figure 0537).

42. Key-in the following text into the winrar.zap file (Figure 0538).

Figure 0538: winrar.zap

43. After finish insert the text, save and close the winrar.zap file.

280

EXERCISE 15.6

Publish the Software Application to Users of the Production OU

In this step, you will edit the group policy for the Sklr OU and specify a new software installation for users.

44. Launch Group Policy Management. Click Start ► Administrative Tools ► Group Policy Management (Figure 0539)


45. Expand Forest: myserver.com (Figure 0540).


281





48. Right-click the Sklr OU and select the Create a GPO in this domain, and Link it here… (Figure 0543).

Figure 0543 : Group Policy Management – Create new GPO

282

49. Rename the policy as SKLR Group Policy (Figure 0544).

Figure 0544 : Create New GPO

50. Click OK button to continue (Figure 0544).

51. Right-click the SKLR Group Policy and select Edit (Figure 0545).




283



54. Expand the Software Settings folder (Figure 0548).

Figure 0548 : Group Policy Management Editor – Software Settings

55. Right-click Software installation and select New ► Package… (Figure 0549).

Figure 0549 : Software installation – New - Package

284

56. Browse the network and locate the winrar.zap file.

56.1 Click the Network (Figure 0550).

Figure 0550 : Network

56.2 Double-click your server icon (Figure 0551).

Figure 0551 : Network – Server21

285

56.3 Double-click the ESoftware folder (Figure 0552).

Figure 0552 : Network – Server21 - ESoftware

56.4 Click file types drop-down box and select ZAW Down-level application packages (*.zap) (Figure 0553).

Figure 0553 : Network – Server21 – ESoftware – File types

286

56.5 Select the winrar.zap file and click Open button (Figure 0554).

Figure 0554 : Network – Server21 – ESoftware – winrar.zap

57. Select Published (Figure 0555).

Figure 0555 : Deploy Software


287

59. Now you can see the Win Rar package are listed under “Software installation” policy (Figure 0556).

Figure 0556 : SKLR Group Policy


Update Group Policy





288




289

EXERCISE 15.7

Test the software deployment

In this step, you will log on to the client computer and test to see if the software can be deployed. In order for the software to install however, the user needs sufficient rights on the local computer. 65. Log on the client computer (Windows XP Professional) as local Administrator

65.1 Press CTRL+ALT+DEL to display the logon dialog box (Figure 0560).


65.2 Key-in “User name:” as Administrator and select Log on to: CLIENT (this computer) (Figure 0561).


65.3 Click OK button (Figure 0561).

290

66. Launch Control Panel. Start ►Control Panel (Figure 0562).

Figure 0562 : Launch Control Panel

67. Click Performance and Maintenance (Figure 0563).

Figure 0563 : Control Panel

291

68. Click Administrative Tools (Figure 0564).

Figure 0564 : Performance and Maintenance

69. Double-click Computer Management icon (Figure 0565).

Figure 0565 : Administrative Tools

292

70. Expand System Tools ►Local Users and Groups ►Groups (Figure 0566).

Figure 0566 : Computer Management

71. Double-click Power Users (Figure 0566).


Figure 0567 : Power Users Properties

293

73. Key-in ain.syahmi in the box and click Check Names button (Figure 0568).


74. Enter username as ain.syahmi and her password [ain] (Figure 0569).

Figure 0569 : Enter Network Password

294



76. Click OK button for the “Power User Properties” (Figure 0571).

Figure 0571 : Power User Properties

77. Close all the remaining windows.


295

79. Log on to the server from client computer as ain.syahmi.



79.2 Key-in “User name:” as ain.syahmi and ain as password. (Figure 0573).


79.3 Select Log on to: MYSERVER (Figure 0573).


296

80. Copy the file sample.rar from Server.

80.1 Launch My Computer. Start My Computer (Figure 0574).


80.2 Click the My Network Places (Figure 0575).


297

80.3 Click the Entire Network (Figure 0576).


80.4 Double-click the Microsoft Windows Network (Figure 0577).


80.5 Double-click the Myserver workgroup (Figure 0578).


298

80.6 Double-click the Server21 and view the available resources (Figure

0579).


80.7 You should see the ESoftware resource listed (Figure 0580).


80.8 Double-click the ESoftware to view the available resources (Figure 0580).

299

80.9 Copy Sample.rar file. Right-click on Sample.rar file ►select Copy (Figure

0581).

Figure 0581 : ESoftware on Server21

80.10 Paste on the client PC desktop. Right-click on Desktop ►Select Paste (Figure 0582).

Figure 0582 : Windows XP Desktop

300

81. Double-click the sample.rar file. What happened?

WinRar installation wizard appeared. Install the WinRar (Figure 0583).

Figure 0583 : WinRar installation wizard

82. After finish install WinRar, close all remaining windows. And then double-click the sample.rar file. The Sample.rar now opened with WinRar program. Now you can read or extract contents of the Sample.rar file (Figure 0584).

Figure 0584 : Sample.rar opened with WinRar


301

EXERCISE 15.8

Installing Application with MSI support In this exercise you will deploy Microsoft FrontPage 2003.





302

86. Access D: drive (Figure 0587).


87. Access D:\SoftDist21 folder (Figure 0588).

Figure 0588 : Windows Explorer – D:\SoftDist21 folder

303

88. Create subfolder called FrontPage.

88.1. Right-click D drive ► select New ► Folder (Figure 0589)


88.2. Rename the folder as FrontPage (Figure 0590).

Figure 0590 : Windows Explorer – Rename Folder

304

89. Insert the Microsoft Office 2003 AIO CD and copy all files and folders in the FrontPage folder to the D:\SoftDistx\FrontPage folder 89.1. Select the CD drive (Figure 0591).

Figure 0591 : Windows Explorer – CD Drive

89.2. Copy the FRONTPAGE folder. Right-click FRONTPAGE folder ►Copy

(Figure 0592).

Figure 0592 : Windows Explorer – Copy FRONTPAGE Folder

305

89.3. Expand the SoftDist folder. Right-click the FrontPage folder ►Paste (Figure

0593).

Figure 0593 : Windows Explorer – Paste Folder

89.4. Click the FrontPage folder to confirm all files are copied (Figure 0594).

Figure 0594 : Windows Explorer – FrontPage Contents

306

90. Launch Group Policy Management. Click Start ► Administrative Tools ► Group

Policy Management (Figure 0595)




307





94. Right-click the SKLR Group Policy and select Edit (Figure 0599).


308





97. Expand the Software Settings folder (Figure 0602).

Figure 0602 : Group Policy Management Editor – Software Settings

309

98. Right-click Software installation and select New ► Package… (Figure 0603).

Figure 0603 : Software installation – New - Package

99. Browse the network and locate the FP11.msi file.

99.1 Click the Network (Figure 0604).

Figure 0604 : Network

310

99.2 Double-click your server icon (Figure 0605).

Figure 0605 : Network – Server21

99.3 Double-click the ESoftware folder (Figure 0606).

Figure 0606 : Network – Server21 - ESoftware

311

99.4 Double-click the FrontPage folder (Figure 0607).

Figure 0607: Network – Server21 – ESoftware – FrontPage

99.5 Double-click the FRONTPAGE folder (Figure 0608).

Figure 0608 : Network – Server21 – ESoftware – FrontPage – FRONTPAGE

99.6 Select the FP11.msi file and click Open button (Figure 0609).

Figure 0609 : Network – Server21 – ESoftware – FP11.msi

312

100. Select Advanced (Figure 0610).

Figure 0610 : Deploy Software


102. Click the Deployment tab and select Assigned (Figure 0611).

Figure 0611 : Assigned Software


313

104. Now you can see the Microsoft Office FrontPage package are listed under “Software installation” policy (Figure 0612).

Figure 0612 : SKLR Group Policy


Update Group Policy





314




315

EXERCISE 15.9

Test the software deployment

Now you will test the deployment of FrontPage 2003 by logging onto the client computer as a member of the Sklr OU.

110. Log on to the server from client computer as ain.syahmi.



110.2 Key-in “User name:” as ain.syahmi and ain as password. (Figure 0617).

Figure 0617: Log on to Windows XP

110.3 Select Log on to: MYSERVER (Figure 0617).


316

111. Click Start ► All Programs ► Microsoft Office ► Microsoft Office FrontPage

2003. Note how FrontPage appears on the start menu (Figure 0618).

Figure 0618 : Start Menu - Microsoft Office FrontPage 2003

112. The installation process will begin. When requested, enter the CD key and click Next button (Figure 0619).

Figure 0619 : Microsoft Office FrontPage 2003 - Setup

317

113. Click Next button until reach the Summary windows (Figure 0620).

Figure 0620 : Microsoft Office FrontPage 2003 - Install

114. Click the Install button (Figure 0620).

115. Wait until the installations complete (Figure 0621).

Figure 0621 : Setup Completed

116. Click Finish button to complete the FrontPage 2003 installation (Figure 0621).

117. After running FrontPage 2003, log off the client computer.

118. Log on to the client computer as zul.akmal.

318

119. Is FrontPage 2003 available on the Start menu? YES NO

Your answer must be NO. Why? Because we zul.akmal were member of Sted OU not the Sklr OU. We only deployed a software application to a Sklr OU users.



Summary

In this exercise you deployed a software application to a group of users. The application was not supported by Windows Installer so required you to create a ZAP file.

The software application and Zap file were placed on a network share. This software was then associated with a group policy for the Sklr Organizational Unit. The software deployment was then tested when a user of the Sklr OU logged onto a client computer.

In installing software on the client computer, the installer needed the required permissions. In this exercise, the users were made members of the Power Users group to enable the installation of the software. In actual use, members would be set up with the required permissions, rather than perhaps being made a member of this group on the local computer.

Managing the software distribution can simply the administration of the network and ensure that users only get the applications that have been assigned to them.

319

Exercise 16

VIEWING EVENTS




320

Exercise 16 : Viewing Events In this exercise you will look at events generated on the server. This is important because when there is a problem, often the cause is logged by the system. The event logs are a good source to look for problems in configuration or access. EXERCISE 16.1 Running Event Viewer



321

2. Launch Event Viewer. Click Start ►Administrative Tools ►Even Viewer (Figure 0623).

Figure 0623 : Launch Event Viewer

3. Expand Windows Logs ►System. The Event Viewer windows displays the current

event logs. There are a number of logs available (Figure 0624).

Figure 0624 : Even Viewer windows

322

EXERCISE 16.2 Viewing the Different Log Files

To view events, you need to select a specific log file. 4. Under Windows Logs, click the Security log.

Note the large number of events that are listed in the middle windows (Figure 0625).

Figure 0625 : Even Viewer – Security Logs

5. All events have a Source and Task Category. Note these two columns in the

window (Figure 0625). It is handy to sometimes restrict the events being viewed to just those events that are of interest.

323

EXERCISE 16.3 Filtering Events

In this exercise you will use the filtering function to display only those events of interest. Often the event log has hundreds of events listed, so you need the ability to look for only those events that are relevant to what you are trying to resolve.

6. On the right window, click the Filter Current Log… (Figure 0626).


7. Select all Event level: (Figure 0627).

Figure 0627 : Filter Current Log window - Event level

324

8. In Event sources: drop-down menu, select Microsoft Windows security auditing

(Figure 0628).

Figure 0628 : Filter Current Log window - Event sources

9. Set the Task category: to Logon (Figure 0629).

Figure 0629 : Filter Current Log window - Task category

325


Figure 0630 : Filter Current Log window

11. Note that only Microsoft Windows security auditing events with Logon task

category are now listed (Figure 0631).

Figure 0631 : Even Viewer – Security events

12. Double-click the first event to see the event properties (Figure 0631).

326

13. The event properties of the first event appeared. The dialog box gives an indication

of the event [including the event ID, which is helpful when exploring your server as to possible problems] (Figure 0632).

Figure 0632 : Event Properties

14. Click Close button (Figure 0632).

15. Close the event viewer.


Summary Windows Server 2008 logs activity to event logs. These events can be viewed with Event Viewer. Typical events are printing, security, auditing, logon and logoff, as well as other events generated by application software or other services such as DNS. Events are helpful in determining problems with configuration or security.

327

Exercise 17

AUDITING




328

Exercise 17 : Auditing In this exercise, you shall look at enabling auditing on selected resources, so that their usage and access can be monitored. You will use event viewer to view the logged accesses. Often, if you find that you cannot resolve problems in user access, enabling auditing and viewing the audit logs with event viewer can help you determine the cause of the problem. EXERCISE 17.1 1. Log on to the server as Administrator (Figure 0633).


2. Launch Group Policy Management. Click Start ► Administrative Tools ► Group

Policy Management (Figure 0634).


329







330

6. Edit the Default Domain Policy. Right-click Default Domain Policy ►Edit (Figure 0638).

Figure 0638 : Edit the Default Domain Policy.

7. Expand Computer Configuration (Figure 0639).

Figure 0639 : Expand Computer Configuration.

8. Expand Policies (Figure 0640).

Figure 0640 : Expand Policies.

331

9. Expand Windows Settings (Figure 0641).

Figure 0641 : Expand Windows Settings.


Figure 0642 : Expand Security Settings.

11. Expand Local Policies (Figure 0643).

Figure 0643 : Expand Local Policies.

332

12. Expand Audit Policy (Figure 0644).

Figure 0644 : Expand Audit Policy.

13. Open Audit logon events properties. Right-click Audit logon events ►Properties (Figure 0645).

Figure 0645 : Open Audit logon events properties.

14. Enable the Success and Failure attempts (Figure 0646).

Figure 0646 : Define policy settings.

333


16. Click OK button to close (Figure 0646). 17. Enable the following events (Figure 0647):

i. Audit account logon events – Success ii. Audit account management – Success iii. Audit directory service access – Success iv. Audit logon events – Success, Failure v. Audit object access - Success, Failure vi. Audit policy change – Success vii. Audit system events - Success

Figure 0647 : Group policy management editor.

18. Close the group policy management editor.


334

Update Group Policy








335

EXERCISE 17.2 Set Auditing at the file object level. 1. Log on to the server as Administrator (Figure 0651).




336




Figure 0654 : Windows Explorer – Properties

337

5. Select Security tab; and then click the Advanced button (Figure 0655).

Figure 0655 : D: drive properties

338

6. Select Auditing tab (Figure 0656).

Figure 0656 : Advanced Security Settings for Local Disk (D:).

7. Click the Edit … button (Figure 0656).

8. Click Add … button (Figure 0657).

Figure 0657 : Advanced Security Settings for Local Disk (D:) – Auditing tab.

339

9. Key-in zul.zcomby in the box, and click Check Names button (Figure 0658).

Figure 0658 : Select User, Computer, or Group.


Figure 0659 : Select User, Computer, or Group – Check Names.

340

11. Enable the following options (Figure 0660):

List folder read data – Successful and Failed

Create files / write data - Successful and Failed

Figure 0660 : Auditing Entry for Local Disk (D:).


341




Figure 0662 : Advanced Security Settings for Local Disk (D:)

342




343

EXERCISE 17.3 Access the resource to generate the audit event. Now it is time to test the auditing. What you did in the previous exercise was setup a group policy for domain controllers. You enabled auditing on the server using Local Security Policy. Next, you enabled auditing on the files and sub-folder D:\tempx. In the next step you will log on and access this resource, thus generating an audit event.

17. Log on to the server computer as zul.zcomby.








17.5. Press ENTER.

344

18. Launch Notepad. Click Start ►All Programs ►Accessories ►Notepad.

19. Write your name (Figure 0667).

Figure 0667 : Notepad

20. Press Ctrl + S to save the files.

21. Click the Browse Folder button (Figure 0668).

Figure 0668 : Save As - Browse Folder

22. Access the Local Disk (D:). Click Computer ►double-click Local Disk (D:) (Figure 0669).

Figure 0669 : Save As - Access the Local Disk (D:)

345

23. Double-click the D:\tempx folder (Figure 0670).

Figure 0670 : Save As – D:\tempx folder

24. Set the files name as Readme and click the Save button (Figure 0671).

Figure 0671 : Save As – Readme.txt

25. Close the Notepad editor.


346

EXERCISE 17.4 View the audit events. In the last exercise, you accessed the resource and this would have generated an audit event. These events are stored in the security log and are viewed with event viewer.





347

29. Expand Windows Logs ►Security. The Event Viewer window displays the current

event logs. There are a number of logs available (Figure 0674).


30. On the right window, click the Filter Current Log… (Figure 0675).


348

31. Now configure the Filter Current Log. Please refer to the following table for

configuration (Figure 0676).

Logged: Any time

Event level: Information

Event sources: Microsoft Windows security auditing.

Task category: File System

Keywords: Audit Success

User: <All Users>

Computer(s): <All Computer>

Figure 0676 : Filter Current Log window


349

33. Note that only Microsoft Windows security auditing events with File System task

category are now listed (Figure 0677).


34. Double-click the first event to see the event properties (Figure 0677).

35. The event properties of the first event appeared. The dialog box gives an indication

of the event [including the event ID, which is helpful when exploring your server as to possible problems] (Figure 0678).


36. You will notice from Account Name: section, there are user name zul.zcomby are

login into the server (Figure 0678).

350

37. Drag the right-hand side scroll bar until you see the Process Information: section (Figure 0679).


38. From this section, you can see the process or application zul.zcomby run while he login to the server. As you can see, zul.zcomby are launch Notepad application software. Maybe he writing something or maybe he open a text file (Figure 0679).

39. Click Close button (Figure 0679). 40. Now let find the location of the text file zul.zcomby opened. Double-click the second

event to see the event properties (Figure 0680)


351

41. Scroll until you find the Object: section. As you can see the log reports same as the first event (Figure 0681).


42. Click the Close button (Figure 0681).

43. Now try double-click the third event to see the event properties (Figure 0682).

Figure 0682: Even Viewer – Security events

352

44. Scroll until you find the Object: section. Can you find the differences between third

event and the first event? In the third event there is extra information under Object: section. Object Type: and Object Name: (Figure 0683). Object Type: state the type of the object. Object Name: state the object name.

Figure 0683: Even Viewer – Security events

From this event log, you can trace and viewed the security log. You can check what happened to the server behind the screen or while you were gone. This also can help you to determine the cause of the problem in user access.

45. Click the Close button (Figure 0683). 46. Close the event viewer.

353

EXERCISE 17.5 Disable Auditing Auditing places a performance penalty overhead on the computer. In this step, you will disable auditing. 47. Launch Group Policy Management. Click Start ► Administrative Tools ► Group

Policy Management (Figure 0684).




354





51. Edit the Default Domain Policy. Right-click Default Domain Policy ►Edit (Figure

0688).

Figure 0688 : Edit the Default Domain Policy.

355

52. Expand Computer Configuration (Figure 0689).

Figure 0689 : Expand Computer Configuration.

53. Expand Policies (Figure 0690).

Figure 0690 : Expand Policies.

54. Expand Windows Settings (Figure 0691).

Figure 0691 : Expand Windows Settings.

356


Figure 0692 : Expand Security Settings.

56. Expand Local Policies (Figure 0693).

Figure 0693 : Expand Local Policies.

57. Expand Audit Policy (Figure 0694).

Figure 0694 : Expand Audit Policy.

357

Change auditing to No Auditing.

58. Open Audit logon events properties. Right-click Audit logon events ►Properties

(Figure 0695).

Figure 0695 : Open Audit logon events properties.

59. Disable the Success and Failure attempts; uncheck both boxes (Figure 0696).

Figure 0696 : Define policy settings.



358

62. Change auditing to No Auditing the following events (Figure 0697):

i. Audit account logon events ii. Audit account management iii. Audit directory service access iv. Audit logon events v. Audit object access vi. Audit policy change vii. Audit privilege use viii. Audit process tracking ix. Audit system events

Figure 0697 : Group policy management editor.

63. Close the group policy management editor.


359

Update Group Policy







360

Remove User From Auditing Entry.

68. Launch Windows Explorer. Click Start ► Right-click Computer ► select Explore

(Figure 0701).




361


Figure 0703 : Windows Explorer – Properties

71. Select Security tab; and then click the Advanced button (Figure 0704).


362

72. Select Auditing tab and select Zul Zcomby (Figure 0705).

Figure 0705 : Advanced Security Settings for Local Disk (D:).

73. Click the Edit … button (Figure 0705).

74. Select Zul Zcomby and click Remove button (Figure 0706).



363


Figure 0707 : Advanced Security Settings for Local Disk (D:)



364

EXERCISE 17.6 Clear the Security Log Events In this exercise you will clear all the events in the Security log.



365

79. Expand Windows Logs ►Security. The Event Viewer window displays the current event logs. There are a number of logs available (Figure 0710).


80. Right-click Security log and select Clear Log… (Figure 0711).

Figure 0711 : Even Viewer window

366

81. Click Clear button so that the events are not saved (Figure 0712).

Figure 0712 : Even Viewer – Clear Log

82. Close Even Viewer.


Summary

Both Directories and Files can be audited. When auditing is enabled, events that are specified are written to an event log, which can be viewed in Event Viewer. It is possible to apply a filter when viewing events to be more selective. Applying auditing creates an overhead penalty on the server, and can fill the event logs quickly.

367

Exercise 18

INSTALLING AND CONFIGURING

PRINTER




368

Exercise 18 : Installing and Configuring Printer In this exercise, you shall look at creating a local printer on the Server and access that printer remotely from the client computer. This exercise used an HP Color LaserJet

CP1515n printer, attached to the network. EXERCISE 18.1 1. Log on to the server as Administrator (Figure 0713).


2. Open the Control Panel. Click Start ► Control Panel (Figure 0714).

Figure 0714 : Open Control Panel

369

3. Double-click Printer icon (Figure 0715).

Figure 0715 : Control Panel - Printer

4. Click Add a printer button to run the Add Printer wizard (Figure 0716).

Figure 0716 : Printer – Add a printer

370

5. Click Add a local printer (Figure 0717).

Figure 0717 : Add Printer wizard - Add a local printer

6. Select Create a new port. And select Standard TCP/IP Port from the “Type of port:” drop down menu (Figure 0718).

Figure 0718 : Add Printer wizard – Create new port

7. Click Next button (Figure 0718).

371

8. Now select Device type: as TCP/IP Device and enter your printer IP address in the

Hostname or IP address: box. For this exercise, my printer IP address is 192.168.2.254 (Figure 0719).

Figure 0719 : Add Printer wizard – Printer IP address

9. Click Next button (Figure 0719). 10. Wait until the detecting of the TCP/IP port process finish. After finish the detection

process, the windows will automatically move to the next page (Figure 0720).

Figure 0720 : Add Printer wizard – TCP/IP port detection process

372


Figure 0721 : Add Printer wizard – Port type

12. Now the Add Printer wizard will try to detect the printer driver. The Add Printer wizard will automatically move to the next page after the detection process done (Figure 0722).

Figure 0722 : Add Printer wizard – Printer driver detection

373

13. In the list of Manufacturer, select HP.

And in the list of Printer, select your printer model. But if your printer is not listed, consult your printer documentation for compatible printer driver or just select the nearest model or select the Family or common driver. In this exercise, my printer is not listed under the printer list. So I will select the Family Driver of my printer; HP Color LaserJet Family Driver PCL5 (Figure 0723).

Figure 0723 : Add Printer wizard – Install printer driver

14. Click Next button (Figure 0723). 15. Enter your printer name. Normally same as printer model. So here I enter my printer

model; HP Color LaserJet CP1515n as printer name (Figure 0724).

Figure 0724 : Add Printer wizard – Printer name


374

17. Enter HPCP1515n as the shared printer name and STKM for the Location field

(Figure 0725).

Figure 0725 : Add Printer wizard – Printer sharing


19. Click Finish button to complete the adding printer process (Figure 0726).

Figure 0726 : Add Printer wizard – Finish

375

EXERCISE 18.2 Assign a Print Manager For The Printer In this exercise, you will assign a user to manage the printer. This printer manager will be able to delete jobs and perform other administrative tasks. 20. Right-click the installed printer and select Sharing… (Figure 0727).

Figure 0727 : Printer – Sharing

21. You will see that Windows Server 2008 has already shared the printer on the network, but the printer not listed in the Active Directory. To list the printer in the Active Directory, tick the List in the directory option (Figure 0728).

Figure 0728 : Printer Properties – Sharing tab

376

22. Click the Security tab (Figure 0728).

23. The current security setting for the printer is similar to the Figure 0729. You will note that everyone (all users) has print access, whilst Administrators have all rights. Print Operators also have all rights.

Figure 0729 : Printer Properties – Security tab


377

25. Click Advanced… button (Figure 0730).

Figure 0730 : Add Users, Computers, or Groups wizard


Figure 0731 : Add Users, Computers, or Groups wizard - Advanced

378

27. Select Ocah Blue from the list and click OK button (Figure 0732).

Figure 0732 : Add Users, Computers, or Groups wizard – Find Now


Figure 0733 : Add Users, Computers, or Groups wizard

379

29. Give Ocah Blue full rights to this printer. This effectively makes her a manager for

this printer (Figure 0734).

Figure 0734 : Printer Properties

30. After setting the rights as indicated, click OK button (Figure 0734).

31. Close the Printers window.

380

EXERCISE 18.3 Locating Printers using Active Directory In this exercise, you will use Active Directory to locate printers.

32. Launch Active Directory Users and Computers. Click Start ► Administrative Tools

► Active Directory Users and Computers (Figure 0735).


33. From the Menu bar, click Action ►Find (Figure 0736).

Figure 0736 : Active Directory Users and Computers

34. Choose Printers in the Find: list, and enter STKM in the Location: field (Figure 0737).

Figure 0737 : Find Printer wizard

381


36. The search results will display all the printers installed and listed in your Active Directory. In the previous exercise, you have installed one printer and set the printer to be listed in the Active Directory. So the search results display only one printer founded (Figure 0738).

Figure 0738 : Find Printer wizard – Search results

37. Close the Find Printers wizard (Figure 0738).

38. Close the Active Directory Users and Computers.


382

EXERCISE 18.4 Accessing The Printer From The Client Computer In this exercise, you will log on to the client computer and set up access to the shared printer on the server.



41. Open Printers and Faxes. Click Start ► Printers and Faxes (Figure 0740).

Figure 0740 : Open Printers and Faxes

383

42. Click the Add a printer icon to run the Add Printer Wizard (Figure 0741).

Figure 0741: Printers and Faxes


Figure 0742 : Add Printer Wizard

384

44. Select A network printer, or ……… to another computer and click Next button

(Figure 0743).

Figure 0743 : Add Printer Wizard – Type of printer

45. Select Find a printer in the directory and click Next button (Figure 0744).

This option makes finding a printer easier as you do not need to know the name of the server on which the printer is located.

Figure 0744 : Add Printer Wizard – Specify a Printer

385

46. Enter STKM in the Location: field and click Find Now button (Figure 0745).


47. Select your printer from the search results list and click OK button (Figure 0746).

Figure 0746 : Find Printer wizard - Search results

386

48. Click Finish button (Figure 0747).

Figure 0747: Add Printer Wizard - Finish

387

EXERCISE 18.5 Printing a File In this exercise, you will print a page to the printer. 49. Right-click the printer icon and select Properties (Figure 0748).

Figure 0748 : Printers and Faxes

50. Click the Print Test Page button (Figure 0749).


388


Figure 0750 : Print Test Page



389

EXERCISE 18.6 Managing The Printer In this exercise, you will manage the printer by deleting all print jobs, and then pausing the printer.

53. Make the printer ERROR (open the printer tonner compartment door).

54. Launch Notepad. Click Start ► All Programs ► Accessories ► Notepad (Figure 0752).

Figure 0752 : Launch Notepad

390

55. Key-in your name in the Notepad text editor (Figure 0753).

Figure 0753 : Notepad text editor

56. Print the file. Click File ► Print… (Figure 0754).

Figure 0754 : Notepad – File ►Print

57. Select your printer and click Print button (Figure 0755).

Figure 0755 : Notepad - Print

391



59. Right-click the printer icon and select Pause Printing (Figure 0757).

Figure 0757 : Printers and Faxes – Pause Printing

392

60. Right-click the printer icon and select Cancel All Documents (Figure 0758).

Figure 0758 : Printers and Faxes – Cancel All Documents

61. Click Yes button to confirm (Figure 0759).

Figure 0759 : Cancel Printing Confirmation


393

63. Log on to the client computer as zul.akmal with akmal as his password (Figure

0760).

Figure 0760 : Notepad



394

65. Click the Add a printer icon to run the Add Printer Wizard (Figure 0762).

Figure 0762 : Printers and Faxes


Figure 0763 : Add Printer Wizard

395

67. Select A network printer, or ……… to another computer and click Next button

(Figure 0764).

Figure 0764 : Add Printer Wizard – Type of printer

68. Select Find a printer in the directory and click Next button (Figure 0765).

This option makes finding a printer easier as you do not need to know the name of the server on which the printer is located.

Figure 0765 : Add Printer Wizard – Specify a Printer

396

69. Enter STKM in the Location: field and click Find Now button (Figure 0766).


70. Select your printer from the search results list and click OK button (Figure 0767).

Figure 0767 : Find Printer wizard - Search results

397

71. Click Finish button (Figure 0768).

Figure 0768 : Add Printer Wizard - Finish

72. Right-click the printer icon and select Resume Printing (Figure 0769).

Figure 0769 : Printers and Faxes – Resume Printing

398

73. What was the message displayed? (Figure 0770).

Figure 0770 : Printers and Faxes – Access denied

74. Why do you think this happened? Because in the previous exercise, you give Ocah Blue full rights to this printer. This effectively makes her a manager for this printer. Whilst other users (everyone) only has print access.


Summary

In this exercise you established a network printer and connected to it using a client computer. A print manager responsible for the printer was established and you tested the printer and management functions. You also learnt to locate a printer using the search function of active directory.

399

Exercise 19

OTHER ADMINISTRATIVE

TOOLS




400

Exercise 19 : Other Administrative Tools In this exercise you will look at other administrative tools.

Backup Restore Disk Management – Chkdsk and Defrag Safe Mode Directory Service Repair Mode

Backup In this exercise you will use the Backup utility provided with Windows Server 2008 to perform a selective backup of files. EXERCISE 19.1 Installing Windows Server Backup.



401

2. Launch the Server Manager. Click Start ► Administrative Tools ► Server Manager

(Figure 0772).

Figure 0772 : Launch Server Manager.

3. Click Features ► Add Features (Figure 0773).

Figure 0773 : Server Manager - Add Features

402

4. Select Windows Server Backup Features (Figure 0774).

Figure 0774 : Add Features Wizard - Select Features


6. Click Install button (Figure 0775).

Figure 0775 : Add Features Wizard - Install

403

7. After finish installation of Windows Server Backup, the Add Features Wizard

show the installation results. Make sure the result is success, if not you have to reinstall the features.

Click Close button to continue (Figure 0776).

Figure 0776 : Add Features Wizard - Installation Results

8. Close all the remaining windows

404

EXERCISE 19.2 Full Server Backup

9. Launch the Windows Server Backup. Click Start ► Administrative Tools ► Windows Server Backup (Figure 0777).

Figure 0777 : Launch the Windows Server Backup.

10. Click Backup Once… (Figure 0778).

Figure 0778 : Windows Server Backup

405

11. Select Different options and click Next button (Figure 0779).

Figure 0779 : Backup Once Wizard

12. Select Full server (recommended) option and click Next button (Figure 0780).

Figure 0780 : Backup Once Wizard – Backup configuration

406

13. Select Local drives option and click Next butoon (Figure 0781).

Figure 0781 : Backup Once Wizard – Type of storage

14. Select drive D as your backup destination, but make sure the drive is NTFS

formatted (Figure 0782).

Figure 0782 : Backup Once Wizard – Backup destination


407

16. Select VSS full backup option and click Next button (Figure 0783).

Figure 0783 : Backup Once Wizard – Advanced option

17. Check you backup configuration, make sure the backup items and the backup

destination are correct. Click Backup button to start backup (Figure 0784).

Figure 0784 : Backup Once Wizard – Confirmation

408

18. After all files have been archived, the Backup Wizard displays a completion

summary. Click Close button to close the Backup Wizard (Figure 0785).

Figure 0785 : Backup Once Wizard – Backup progress

19. Close the Windows Server Backup window (Figure 0786).

Figure 0786 : Windows Server Backup window

409

EXERCISE 19.3 Restore Files and Folders In this exercise you will use the Backup utility provided with Windows Server 2008 to perform a restore of files and folder.

20. Launch the Windows Server Backup. Click Start ► Administrative Tools ► Windows

Server Backup (Figure 0787).

Figure 0787 : Launch the Windows Server Backup.

21. Click Recover… (Figure 0788).


410

22. Select This server option and click Next button (Figure 0789).

Figure 0789 : Recovery Wizard

23. The Recovery Wizard will show the entire available backup. Backups are available for dates shown in bold. Select the date of a backup to use for recovery. Select the latest backup available (Figure 0790).

Figure 0790 : Recovery Wizard – Select backup date


411

25. Select Files and folders option to restore files and folders. This option only can restore selected files and folder (Figure 0791).

If you want to restore the entire volume, select Volumes option.

Figure 0791 : Recovery Wizard – Select recovery type

26. Click Next button (Figure 0791). 27. Browse the folders tree to find the files or folders that you want to recover. Click

an item to select it for recovery. Let try recover Common Files folder. Select Common Files folder and click Next button (Figure 0792).

Figure 0792 : Recovery Wizard – Select items to recover

412

28. Select Original location for the “Recovery destination” option and select

Overwrite existing files with recovered files for the “When this wizard finds files and folders in the recovery destination” option (Figure 0793).

Figure 0793 : Recovery Wizard – Specify recovery options

29. Click Next button (Figure 0793). 30. Click Recover button to start your recovery (Figure 0794).

Figure 0794 : Recovery Wizard – Confirmation

413

31. After all files have been restored, the Recovery Wizard displays a completion

summary. Click Close button to close the Recovery Wizard (Figure 0795).

Figure 0795 : Recovery Wizard – Finish

32. Close the Windows Server Backup window (Figure 0796).


414

EXERCISE 19.4 Restore Volume In this exercise you will perform a restore an entire volume (all data stored on C: drive).

33. Insert the Windows Server 2008 DVD into your DVD drive. 34. Restart your Server. Click Start ► Restart (Figure 0797).

Figure 0797 : Restart Server.

415

35. Select Hardware: Maintenance (Planned) and click OK button (Figure 0798).

Figure 0798 : Shutdown Event Tracker

36. Boot your PC using Windows Server 2008 DVD. 37. Language and Keyboard Options. Select your language and keyboard; and

click Next button to continue (Figure 0799).

Figure 0799 : Language and Keyboard Options

416

38. Windows Server 2008 Setup You are presented with options to Install, brief information about Server 2008 or repair (Figure 0800).

Click Repair your computer to start System Recovery Wizard on this computer. (Figure 07).

Figure 0800 : Windows Server 2008 Setup

39. Select an operating system to repair and click Next button (Figure 0801).

Figure 0801 : System Recovery Options

417

40. Click Windows Complete PC Restore option to restore entire server from a

backup image (Figure 0802).

Figure 0802 : System Recovery Options – Choose a recovery tool

41. Select Use the latest available backup (recommended) option and click the Next button (Figure 0803).

Figure 0803 : Windows Complete PC Restore wizard

418

42. Click the Next button (Figure 0804).

Figure 0804 : Windows Complete PC Restore wizard – restore options

43. Click the Finish button to start restore (Figure 0805).

Figure 0805 : Windows Complete PC Restore wizard – Start restore

44. Tick the I confirm that ……… restore the backup option and click the OK button (Figure 0806).

Figure 0806 : Windows Complete PC Restore wizard – Confirm to restore

419

45. At this point, take a break. The restoring process will continue on its own. This will take several minutes (Figure 0807).

Figure 0807 : Windows Complete PC Restore wizard – Restoring process

46. Windows will automatically reboot your system after the restoring process complete. Press CTRL + ALT + DELETE to log on to your server (Figure 0808).

Figure 0808 : Windows log on

420




Congratulation! You have finish restore the Windows Server 2008

421

COMPUTER MANAGEMENT This is an administrative tool that allows you view the physical drives, file systems, partitions, and logical drives on the computer. This tool can also be used to check the file systems and defragment. EXERCISE 19.5 In this exercise you will use Computer Management to check the file system. If files are currently in use, Windows Server 2008 is unable to check the state of the file system, and will flag the file system for checking on the next reboot.



422

2. Launch Computer Management. Click Start ► Administrative Tools ►

Computer Management (Figure 0811).

Figure 0811 : Launch Computer Management

3. Expand the Storage folder and select the Disk Management (Figure 0812).

Figure 0812 : Computer Management window

423

4. Right click C: drive and select Properties (Figure 0813).

Figure 0813 : Computer Management – Disk Management

5. From the Properties window, click the Tools tab (Figure 0814). This tab displays options for you to check the file system, defragment the drive or backup files.

Figure 0814 : Local Disk (C:) Properties

424

6. Click the Check Now… button to check the drive for errors (Figure 0814).

7. Tick the option Automatically fix file system errors and click Start button (Figure 0815).

Figure 0815 : Check Disk Local Disk (C:)

8. If C: drive is not in use, check disk will now scan the drive for errors. If the drive is in use, you will be presented with the option to schedule the disk check when the computer is restarted. Click Schedule disk check to continue (Figure 0816).

Figure 0816 : Schedule disk check option

425

9. Use the same procedure to scan D: drive.

Right click D: drive and select Properties (Figure 0817).


10. From the Properties window, click the Tools tab. Then click the Check Now… button to check the drive for errors (Figure 0818).

Figure 0818 : Local Disk (D:) Properties

426

11. Tick the option Automatically fix file system errors and click Start button

(Figure 0819).

Figure 0819 : Check Disk Local Disk (D:)

12. If D: drive is not in use, check disk will now scan the drive for errors. If the drive is in use, you will be presented with the option to schedule the disk check when the computer is restarted. Click Schedule disk check to continue (Figure 0820).

Figure 0820 : Schedule disk check option

427

13. Restart your Server. Click Start ► Restart (Figure 0821).

Figure 0821 : Restart Server

428

14. Select Hardware: Maintenance (Planned) and click OK button (Figure 0822).


You will be able to observe the process of checking the file system occurring once the computer restarts (Figure 0823).

Figure 0823 : File system checking process

Once this process has finish, the computer will restart and load Windows Server 2008. The file system should be checked on a regular basis for integrity by running Check disk. Unfortunately, this process often requires restarting the server.



429

DEFRAGMENTING THE FILE SYSTEM Over a period of time, portions of files can become scattered over the surface of the disk and this makes accessing files slower. The process of defragmenting a disk involves moving the portions of each file back together so they are all next to each other. EXERCISE 19.6 In this exercise you will use Computer Management to defragment the current drive.



430

2. Launch Computer Management. Click Start ► Administrative Tools ►

Computer Management (Figure 0825).

Figure 0825 : Launch Computer Management

3. Expand the Storage folder and select the Disk Management (Figure 0826).

Figure 0826 : Computer Management window

431

4. Right click C: drive and select Properties (Figure 0827).


5. From the Properties window, click the Tools tab (Figure 0828). This tab displays options for you to check the file system, defragment the drive or backup files.

Figure 0828 : Local Disk (C:) Properties

432

6. Click Defragment Now… button (Figure 0828).

7. Click Defragment now… button (Figure 0829).

Figure 0829 : Disk Defragmenter window

8. Select all disks for defragment and click OK button (Figure 0830).

Figure 0830 : Disk Defragmenter : Defragment Now

433

9. After the drive has been defragmented, click the Close button to close the Disk

Defragmenter window (Figure 0831).

Figure 0831 : Disk Defragmenter window

Defragmenting the file system should occur on a regular basis to ensure files can be accessed and loaded quickly. Files in use cannot be defragmented, so administrators should schedule this to occur during periods of inactivity. A heavily fragmented file system is often the cause of poor performance.

434

SAFE MODE Safe mode provides a means of recovering from loading device drivers that do not work properly. For instance, an administrator might install a new graphics card, and rather than let Windows Server 2008 install the appropriate drivers, may select an alternative driver. This can result in a system that results in an unreadable screen display. To recover from such a possibility, Windows Server 2008 provides Safe mode. EXERCISE 19.7 In this exercise you will restart the computer in Safe Mode. This is a special mode only available when the computer is restarted and you press F8 before the computer starts loading Windows Server 2008.



435



436

3. Select Operating System: Reconfiguration (Planned) and click OK button

(Figure 0834).


4. When the computer restarts, repeatedly press the F8 key while it displays the boot sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0835).

Figure 0835 : Boot Screen

437

5. Select the Safe Mode option and press Enter (Figure 0836).

Figure 0836 : Advanced Boot Options



438

7. When your computer in safe mode, you‟ll see the word Safe Mode in the corners

of the display (Figure 0838).

Figure 0838 : Safe Mode

439

8. After the computer has started in safe mode, shut the computer down. Click Start

► Shut Down (Figure 0839).

Figure 0839 : Shut Down Server

440

ACTIVE DIRECTORY SERVICE REPAIR MODE The active directory database is stored in the file ntds.dit in the folder NTDS. As changes occur to Active Directory over time, the database file becomes fragmented. An administrator should perform a backup of the Active Directory database file. In this exercise you will boot the computer using a startup option by pressing F8 at startup. This will allow you to enter a mode where you can repair the Active Directory files, or back-up and restore Active Directory.

9. Switch ON your server and repeatedly press the F8 key while it displays the boot

sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0840).


441

10. Select the Directory Services Restore Mode option and press Enter (Figure 0841).


11. Press CTRL + ALT + DELETE and log on to the server as Administrator with Active Directory password you set in the earlier exercise - @xercisE (Figure 0842).


442

Backup Active Directory Service EXERCISE 19.8 In this exercise you will back-up Active Directory.



13. Key-in cmd in the Open : box and click the OK button to launch the Command Prompt application (Figure 0844).


14. Access the C:\Windows\ntds folder Type the following command in command prompt: 14.1. cd\ and press Enter (Figure 0845).

Figure 0845 : Command Prompt – cd\

443

14.2. cd c:\windows\ntds and press Enter (Figure 0846).

Figure 0846 : Command Prompt – cd c:\windows\ntds

14.3. dir/w and press Enter (Figure 0847).

Figure 0847 : Command Prompt – dir/w

444

15. Backup the Active Directory Service database by copying the ntds.dit file to a

new file named ntdsbackup.dit Key-in the following command to back-up the ntds.dit file:

copy ntds.dit ntdsbackup.dit and press Enter (Figure 0848).

Figure 0848 : Command Prompt – copy file

16. Reconfirm the backup file is successfully created by typing the following

command:

dir/w and press Enter (Figure 0849).

Figure 0849 : Command Prompt – display directory contents

445

Create The Active Directory Service Error

EXERCISE 19.9 In this exercise you will create Active Directory error by deleting the Active Directory Service database file.

17. Delete the ntds.dit file by execute the following command:

del ntds.dit and press Enter (Figure 0850).

Figure 0850 : Command Prompt – delete file



446


(Figure 0852).


Could you log on to the server? Why this happened? This problem happened normally because the server cannot find the Active Directory Service database file or maybe the Active Directory Service database file is corrupted. In the earlier exercise you have deleted the Active Directory database file (ntds.dit) to create this problem.

20. Press CTRL + ALT + DELETE to restart your server.

447

21. When the computer restarts, repeatedly press the F8 key while it displays the

boot sequence at the bottom of the screen. You need to press F8 key before the Windows logo appears. If the Windows logo appears, you will need to try again (Figure 0853).


22. Select the Directory Services Restore Mode option and press Enter (Figure 0854).


448

Restore Active Directory Service EXERCISE 19.10 In this exercise you will restore Active Directory.

23. Press CTRL + ALT + DELETE and log on to the server as Administrator with

Active Directory password you set in the earlier exercise - @xercisE (Figure 0855).




449

25. Key-in cmd in the Open : box and click the OK button to launch the Command

Prompt application (Figure 0857).


26. Access the C:\Windows\ntds folder Type the following command in command prompt: 26.1. cd\ and press Enter (Figure 0858).

Figure 0858 : Command Prompt – cd\

26.2. cd c:\windows\ntds and press Enter (Figure 0859).

Figure 0859 : Command Prompt – cd c:\windows\ntds

450

26.3. dir/w and press Enter (Figure 0860).

Figure 0860 : Command Prompt – dir/w

27. Restore the Active Directory Service by copying the ntdsbackup.dit file to ntds.dit file Key-in the following command to restore the ntds.dit file:

copy ntdsbackup.dit ntds.dit and press Enter (Figure 0861).

Figure 0861 : Command Prompt – copy file

451

28. Reconfirm the file is successfully restore by typing the following command:

dir/w and press Enter (Figure 0862).

Figure 0862 : Command Prompt – display directory contents



452


(Figure 0864).


What happen? Could you log on to the server?


Summary In this exercise you learn how to make a backup copy of the Active Directory database by copying it to another file. You also learn how to recover and restore the Active Directory database.

453

Exercise 20

INSTALLING AND CONFIGURING DHCP SERVER




454

Exercise 20 : Installing And Configuring DHCP Server "Dynamic Host Configuration Protocol (DHCP) is an IP standard designed to reduce the complexity of administering IP address configurations." - Microsoft's definition. A DHCP server would be set up with the appropriate settings for a given network. Such settings would include a set of fundamental parameters such as the gateway, DNS, subnet masks, and a range of IP addresses. Using DHCP on a network means administrators don't need to configure these settings individually for each client on the network. The DHCP would automatically distribute them to the clients itself. In this exercise you will set DHCP server and deploy DHCP to a Windows Server 2008 client computer. You will configure DHCP service and limit it to 3 hosts. Preliminary Setup To support this exercise, you will need to change your network cable from straight cable to cross cable and hook-up cross cable to your server and your client.

EXERCISE 20.1 Installing DHCP Service. This will serve as a step-by-step guide on how to setup a DHCP server.



455


(Figure 0866).



Figure 0867 : Server Manager - Roles

456



5. On the Before You Begin page, review the requirements, and click the Next (Figure 0869).


457

6. On the Select Server Roles page, select the check box next to DHCP Server,

and click the Next button (Figure 0870).

Figure 0870 : Server Roles – DHCP Server

7. On the DHCP Server page, review the information, and click the Next button (Figure 0871).

Figure 0871 : DHCP Server page

458

8. On the Network Connection Binding page, select your server IP address and

click the Next button (Figure 0872).

Figure 0872 : Select Network Connection Binding page

9. On the IPv4 DNS Server Settings page, review the information. Make sure all the information is correct. Click the Next button to continue (Figure 0873).

Figure 0873 : Select IPv4 DNS Server Settings page

459

10. Select WINS is required for applications on this network option, and enter your server IP address in the Preferred WINS Server IP Address box. Click the Next button to continue (Figure 0874).

Figure 0874 : Specify IPv4 WINS Server Settings page

11. Create DHCP Scopes. Just click the Next button, we will create the DHCP scopes later (Figure 0875).

Figure 0875 : Add or Edit DHCP Scopes page

460

12. In this exercise you only use IPv4, so select Disable DHCPv6 stateless mode

for this server option and click the Next button to continue (Figure 0876).

Figure 0876 : Configure DHCPv6 Stateless Mode page

13. Select the Use current credentials option and click the Next button (Figure 0877). This option specifies the credentials of the current user will be used to authorize the DHCP server in AD DS.

Figure 0877 : Authorize DHCP Server

461

14. On the Confirm Installation Selections page, click Install button (Figure 0878).




462


Click Close to continue (Figure 0880).


16. Close the Server Manager.

463

EXERCISE 20.2 Creating a Range of Address: DHCP Scopes. In this exercise you will specify range of IP address

17. Launch the DHCP manager. Click Start ► Administrative Tools ► (Figure 0881).

Figure 0881 : Launch the DHCP manager

18. Double-click on the server icon to expand the domain (Figure 0882).

Figure 0882 : DHCP manager

464

19. Click the IPv4 server icon (Figure 0883).

Figure 0883 : DHCP manager - IPv4

20. On the Action menu, click New Scope to start New Scope wizard (Figure 0884).

Figure 0884 : DHCP manager - New Scope

465

21. New Scope Wizard window. Click the Next button to continue (Figure 0885).

Figure 0885 : New Scope Wizard

22. Scope Name. Enter DHCP 1 – 3 as the Name of the scope and DHCP range for 3 host as the Description (Figure 0886).

Figure 0886 : New Scope Wizard – Scope Name

23. Click the Next button to continue (Figure 0886).

466

24. Specifying IP Address Range.

Now you will configure DHCP service and limit it to 3 hosts. Define the scope address range as following (Figure 0887): Start IP address : 192.168.2. Server Number End IP address : 192.168.2. Server Number + 2

Figure 0887 : New Scope Wizard – IP Address Range

25. Configure the Length and Subnet mask as the following (Figure 0887): Length : 24 Subnet mask : 255.255.255.0 You can specify the subnet mask by length or as an IP address. A subnet mask defines how many bits of an IP address to use for the network/subnet IDs and how many bits to use for the host ID. In this exercise we use class C default subnet (255.255.255.0), which is equal to 24 bit length. You can learn more about this under “IP address Subnetting” topic.


467

27. IP Address Exclusions.

IP Address Exclusions are addresses or a range of addresses that are not distributed by the DHCP server. In your DHCP IP address range, you set a range for 3 hosts. If you notice, the first IP address is your server IP address. If you not exclude your server IP address, the DHCP server will distribute all the IP address in the range including your server IP address. Later you will faces with the IP conflict problem. To prevent this, you have to exclude your server IP address. To exclude a single address, type an address in “Start IP address” only. So, enter your server IP address at the Start IP address: box to exclude it IP from distributed by the DHCP server and click the Add button (Figure 0888).

Figure 0888 : New Scope Wizard – IP Address Exclusions

468


Figure 0889 : New Scope Wizard – IP Address Exclusions

29. Lease Duration. The lease duration specifies how long a client can use an IP address from scope. Lease durations should typically be equal to the average time the computer is connected to the same physical network. Let set the lease duration to 8 hours this equal to 8 hour working time per day. Click the Next button to continue (Figure 0890).

Figure 0890 : New Scope Wizard – Lease Durations

469

30. DHCP Options.

DHCP can provide default values for a whole host of TCP/IP parameters, including these basic items:-

o Default Gateway o Domain Name o DNS Server o WINS Server

Select Yes, I want to configure these options now and click the Next button to start configure the DHCP options (Figure 0891).

Figure 0891 : New Scope Wizard – Configure DHCP Options

470

31. Router (Default Gateway)

In the previous exercise I use another server as the router (192.168.2.25). You can use the same router or you can use your server router or another router to be distributed by this scope. I will use the same router for this scope in this exercise (192.168.2.25). To add an IP address for a router used by client, enter the address in the IP address: box and click the Add button (Figure 0892).

Figure 0892 : New Scope Wizard – Router (Default Gateway)


Figure 0893 : New Scope Wizard – Add Router (Default Gateway)

471

33. Domain Name and DNS Servers.

33.1. Set the Parent domain: same as your domain name. In this exercise, my

domain name is myserver.com (Figure 0894). 33.2. Set the Server name: same as your DNS server name (myserver.com) and

click the Resolve button to resolve the DNS server IP address (Figure 0894).

Figure 0894 : New Scope Wizard – Parent domain and Server name

33.3. Click the Add button to add the DNS server IP address to the DNS server

IP address list (Figure 0895).

Figure 0895 : New Scope Wizard – DNS server IP address

472

33.4. Click the Next button to continue (Figure 0896).

Figure 0896 : New Scope Wizard – Domain Name and DNS Servers

473

34. WINS Servers. Computers running Windows can use WINS servers to convert NetBIOS computer names to IP address. Entering WINS server IP address here enables Windows clients to query WINS before they use broadcasts to register and resolve NetBIOS names. 34.1. Set the Server name: same as your WINS server name (myserver.com)

and click the Resolve button to resolve the WINS server IP address (Figure 0897).

Figure 0897 : New Scope Wizard – WINS server name

34.2. Click the Add button to add the WINS server IP address to the WINS

server IP address list (Figure 0898).

Figure 0898 : New Scope Wizard – WINS server IP address

474

34.3. Click the Next button to continue (Figure 0899).

Figure 0899 : New Scope Wizard – WINS Servers

35. Activate Scope.

This is the last configuration for the new scope. Clients can obtain address leases only if a scope is activated. Select Yes, I want to activate this scope now and click the Next button (Figure 0900).

Figure 0900 : New Scope Wizard – Activate Scope

475

36. Completing the New Scope Wizard.

Click the Finish button to close the New Scope Wizard (Figure 0901).

Figure 0901 : New Scope Wizard – Finish

Congratulation! You have successfully completed creating the New DHCP Scope (Figure 0902).

Figure 0902 : DHCP Manager

37. Close the DHCP manager.


476

EXERCISE 20.3 Testing The DHCP Server. In this exercise you will test your DHCP server functionality.

39. Log on to the client computer using a local administrator account. Enter the User

name: as Administrator and select Log on to : CLIENTXP61 (this computer) and click the OK button to log on (Figure 0903).

Figure 0903 : Windows XP Log On Screen

40. Launch Network Connections application program. Click Start ► All Programs ►Accessories ►Communications ►Network Connections (Figure 0904).

Figure 0904 : Launch Network Connections

477

41. Right click Local Area Connection and select Properties (Figure 0905).


42. Double click Internet Protocol (TCP/IP) (Figure 0906).


478

43. Set your client to get IP address automatically from DHCP server by selecting the Obtain an IP address automatically option and Obtain DNS server address automatically option (Figure 0907).

Figure 0907 : Internet Protocol (TCP/IP) Properties

44. Click the OK button to save the setting (Figure 0907).

45. Click the OK button (Figure 0908) and close all the remaining windows.


479





480

48. List the client computer IP configuration by typing the following command:

ipconfig and press Enter (Figure 0911).

Figure 0911 : Command Prompt – ipconfig

This will display the IP address, subnet mask and default gateway for your ethernet adapter (Figure 0912).

Figure 0912 : Command Prompt – IP Configuration

Now your client computer is set to obtain an IP address automatically from DHCP server. So you can see the IP address has changed accordingly to the IP range you have set in the DHCP server setting earlier.


Summary In this exercises, you are setting up a DHCP server. The DHCP server provides you with an easy way of assigning IP addresses to workstations on your network. You were shown how to install and configure a DHCP Server and how to avoid overlapping scopes.

481

Exercise 21

INSTALLING AND CONFIGURING WEB SERVER




482

Exercise 21 : Installing And Configuring WEB Server In this exercises, you will install and configure your server to run as Web Server. This exercise also describes the basics of managing a Web site's infrastructure, from setting a site home directory and default Web Page, to redirecting requests and dynamically altering Web pages. Web Server Overview

Web servers are computer that have specific software that allow them to accept requests from client computers and return responses to those requests. Web servers let you share information over the internet or through intranet and extranets. The Web server role in Windows Server 2008 lets you share information with users on the internet, an intranet, or an extranet. Windows Server 2008 delivers IIS 7.0, which is a unified Web platform that integrates IIS, ASP.NET and Windows Communication Foundation. The key features and improvements in IIS 7.0 include the following:

A unified Web platform that delivers a single, consistent Web solution for both administrators and developers.

Enhanced security and the ability to customize the server to reduce the attack surface.

Simplified diagnostic and troubleshooting features to aide in resolution of problems.

Improved configuration and support for server forms.

Delegated administration for hosting and enterprise workloads. Installing IIS and Web Server

When you install IIS initially, the service is installed in a highly secure mode. Because IIS only serves static content by default, you must enable features such as ASP, ASP.NET, Common Gateway Interface (CGI), Internet Server Application Programming Interface (ISAPI), and Web Distributed Authoring and Versioning (WebDAV), if you need them. During installation, IIS installs optional components such as common files and IIS Manager. You can choose not to install the optional components. However, if you do not install specific components, you can decrease IIS functionality or disable IIS services. If you are unfamiliar with the optional components and how they affect IIS, install IIS with the default settings.

483

EXERCISE 21.1 Installing Internet Information Services (IIS).



2. Launch the Server Manager. Click Start ► Administrative Tools ► Server Manager (Figure 0914).


484





485

5. On the Before You Begin page, review the requirements, and click the Next

(Figure 0917).


6. On the Select Server Roles page, select the check box next to the Web Server (IIS) (Figure 0918).

Figure 0918 : Server Roles – Web Server (IIS)

486

7. If you are asked to add features for Web Server (IIS), just click the Add

Required Features button to add the features. You cannot install Web Server (IIS) unless the required features are also installed (Figure 0919).

Figure 0919 : Add Roles – Add Required Features


Figure 0920 : Server Roles – Web Server (IIS)

487

9. On the Web Server (IIS) page, review the information, and click the Next button

(Figure 0921).

Figure 0921 : Web Server (IIS) page

10. Role Services. Just use the default setting and click the Next button to continue (Figure 0922).

Figure 0922 : Add Roles Wizard – Select Role Services

488

11. On the Confirm Installation Selections page, click Install button (Figure 0923).




489


Click Close to continue (Figure 0925).



490

Configuring Web Server. IIS creates a default Web site configuration on your hard disk at the time of installation. You can use the C:\inetpub\wwwroot directory to publish your Web content, or create any directory or virtual directory you choose. Creating a Web site using IIS Manager does not create content, but merely creates a directory structure and configuration files from which to publish the content. EXERCISE 21.2 Use the default Web site.



491

15. Launch the Internet Information Services (IIS) Manager. Click Start ►

Administrative Tools ► Internet Information Services (IIS) Manager (Figure 0927).

Figure 0927 : Launch Internet Information Services (IIS) Manager

16. In the Internet Information Services (IIS) Manager, expand your server (Figure 0928).

Figure 0928 : Internet Information Services (IIS) Manager

492

17. Expand the Sites folder (Figure 0929).

Figure 0929 : Internet Information Services (IIS) Manager - Sites

You can see, IIS already create a default Web site on your hard disk. The default folder for the default Web site is set to the C:\inetpub\wwwroot folder.

18. View the default web page. Click Default Web Site and click the Browse *:80 (http) link (Figure 0930).

Figure 0930 : IIS Manager - Default Web Site

493

19. The windows will launch the Internet Explorer. You can see the address on the

address bar is http://localhost/ and a picture with the word IIS7 at the middle of the page. This means your Web Server and your Default Web Site is running successfully (Figure 0931).

Figure 0931 : Web Server – Default Web page

20. Close the Internet Explorer window.

http://localhost/

494

21. View contents of the default web folder. On the IIS Manager, click the Explore link (Figure 0932).

Figure 0932 : IIS Manager - Default Web Folder

22. The Windows Explorer shows the path of the Default Web Folder. There are only two files listed under C:\inetpub\wwwroot folder (Figure 0933):

iisstart.htm - HTML document welcome.png - image file

Figure 0933 : Windows Explorer - Default Web Folder

23. Close the Windows Explorer.

495

EXERCISE 21.3 Change the Default Web Folder. In this exercise you will change the default Web folder from C:\inetpub\wwwroot to D:\mywebserver.

24. Click Default Web Site and click the Basic Settings… link (Figure 0934).

Figure 0934 : IIS Manager - Default Web Site

25. Click the … button to browse for folder (Figure 0935).

Figure 0935 : IIS Manager – Edit Site

496

26. Select Local Disk (D:) and click the Make New Folder button (Figure 0936).

Figure 0936 : Edit Site - Browse For Folder

27. Rename the folder name to mywebserver and click the OK button (Figure

0937).

Figure 0937 : Edit Site - Browse For Folder - Make New Folder

497

28. Make sure the Physical path: is D:\mywebserver. If correct, click the OK button

to continue (Figure 0938).

Figure 0938 : Edit Site - Physical path:

498

EXERCISE 21.4 Create a Simple Web page. In this exercise you will create a simple web page to act as your first web page and the file to the D:\mywebserver folder.

29. Launch Notepad Editor. Click Start ► All Programs ► Accessories ► Notepad (Figure 0939).

Figure 0939 : Launch Notepad Editor

499

30. Type the following text into the file (Figure 0940):

<html> <head> <title>Web Server</title> </head> <body> <p><h1>Welcome To My Web Server</h1></p> </body> </html>

Figure 0940 : Notepad Editor

31. Save document as index.htm. 31.1. Click File ►Save As… (Figure 0941).

Figure 0941 : Notepad Editor - Save As

500

31.2. Browse to the D:\mywebserver folder (Figure 0942).


31.3. Select Save as type: All Files (Figure 0943).

Figure 0943 : Notepad Editor - Save as type:

501

31.4. Key-in index.htm in the File name: box (Figure 0944).


31.5. Click the Save button to save (Figure 0944).

31.6. Close the Notepad Editor (Figure 0945) and log off the server.

Figure 0945 : Notepad Editor – index.htm

502

EXERCISE 21.5 Test the Web Server. In this exercise you will test the functionality of your Web server using client workstation.

32. Log on to the client computer as Administrator (Figure 0946).


33. Launch Internet Explorer. Click Start ►All Programs ►Internet Explorer (Figure 0947).

Figure 0947 : Launch Internet Explorer

503

34. On the Address box, key-in http://yourdomain.com (e.g. http://myserver.com)

and click the Go button (Figure 0948).

Figure 0948 : Internet Explorer - http://myserver.com

35. Your webpage will appear in the browser (Figure 0948).

504

EXERCISE 21.6 Create a New Web Site. In this exercise you will create a new Web site for your web server.





505



39. Create a new folder named newwebSN (SN represents you‟re Station Number). In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be newweb21. 39.1. Right-click D drive ► select New ► Folder (Figure 0952).


506

39.2. Rename the folder as newweb21 (Figure 0953).


40. Launch Notepad Editor. Click Start ► All Programs ► Accessories ► Notepad

(Figure 0954).

Figure 0954 : Launch Notepad Editor

507


<html> <head> <title>New Web Site</title> </head> <body> <p><h1 align="center">Welcome To My New Web Site</h1> <h3 align="right">Hosted by My <font color="#FF0000">Web Server</font></h3></p> </body> </html>


42. Save document as default.htm. 42.1. Click File ►Save As… (Figure 0956).


508

42.2. Browse to the D:\newweb21 folder (Figure 0957).


42.3. Select Save as type: All Files (Figure 0958).

Figure 0958 : Notepad Editor - Save as type:

509

42.4. Key-in default.htm in the File name: box (Figure 0959).


42.5. Click the Save button to save (Figure 0959).

42.6. Close the Notepad Editor (Figure 0960) and all remaining window.

Figure 0960 : Notepad Editor – default.htm

510

43. Launch the Internet Information Services (IIS) Manager. Click Start ►

Administrative Tools ► Internet Information Services (IIS) Manager (Figure 0961).

Figure 0961 : Launch Internet Information Services (IIS) Manager

44. In the Internet Information Services (IIS) Manager, expand your server (Figure 0962).


511

45. Right-click the Sites folder and select Add Web Site… (Figure 0963).

Figure 0963 : IIS Manager – Add Web Site

46. In the Site name: box, type the name of your site (e.g. Tutorial Site) (Figure 0964).

Figure 0964 : Add Web Site window - Site name

512

47. In the Physical path: box, type or browse to the directory that contains the site content (D:\newweb21) (Figure 0965).

Figure 0965 : Add Web Site window - Physical path

48. Select your Web server IP address from IP Address: drop-down menu (Figure 0966).

Figure 0966 : Add Web Site window – IP address

513

49. Enter Host name: as www.myserver.com for this site, and click the OK button (Figure 0967).

Figure 0967 : Add Web Site window

50. On IIS Manager, Select the new web site (Tutorial Site) and click the Start button to start the new web site service (Figure 0968).

Figure 0968 : page

514

EXERCISE 21.7 Configure DNS Service for Host Name. In this exercise you will configure host name for your new Web site.

51. Launch DNS Manager. Click Start ►Administrator Tools ► DNS (Figure 0969).


52. Double-click the computer icon to expand the DNS Server (Figure 0970).


515

53. Expand the Forward Lookup Zones; right click myserver.com and select New Host (A or AAAA)… (Figure 0971).


54. In the Name box, type www (Figure 0972).

55. Enter IP address for your Web server (www.myserver.com) and make sure you select the Create associated pointer (PTR) record option (Figure 0972).


56. Click Add Host (Figure 0972).

57. Click the OK button (Figure 0973).

Figure 0973 : Host Record Successfully Created Message

516

58. Click Done button to exit New Host Wizard (Figure 0974).

Figure 0974 : New Host Wizard

59. Click the Refresh button and close the DNS Manager (Figure 0975).



517

EXERCISE 21.8 Test the New Web Site on Web Server In this exercise you will test the functionality of your New Web Site from client workstation.





518

63. On the Address box, key-in http://www.yourdomain.com

(e.g. http://www.myserver.com) and click the Go button (Figure 0978).

Figure 0978 : Internet Explorer - http://www.myserver.com

64. Your new web site page will appear in the browser (Figure 0978).


Summary Whether your site is on an intranet or the Internet, the principles of providing content are the same. You place your Web files in directories on your server so that users can establish an HTTP connection and view your files with a Web browser. But beyond simply storing files on your server, you must manage how your site is deployed, and more importantly, how your site evolves. Today, an engaging Web site is seldom a static collection of pages. Most successful Web administrators are kept busy accommodating ever changing Web content. Each Web site must have a home directory. The default Web site home directory is LocalDrive:\inetpub\wwwroot. You can change a Web site home directory using IIS Manager.

519

Exercise 22

INSTALLING AND CONFIGURING FTP SERVER




520

Exercise 22 : Installing And Configuring FTP Server In this exercises, you will install and configure your server to run as FTP Server. This exercise also describes installation of the FTP service, and changing default FTP settings globally and for specific FTP sites. File Transfer Protocol (FTP) is a protocol used to transfer files over the internet. People commonly use FTP to make files available for others to download, but you can also use FTP to upload webpages for building a website or for putting digital photos on a picture sharing site. IIS includes the File Transfer Protocol (FTP) service for publishing and managing files. This version of IIS includes FTP user isolation to help administrators (particularly Internet hosting providers) efficiently secure and commercialize FTP services for their customers. The FTP service is not installed by default. To set up an FTP site, you must first install the FTP service through the Server Manager. Installing the FTP service creates a default FTP site, which you can then customize to your needs using IIS Manager.

EXERCISE 22.1 Installing FTP Server.



mk:@MSITStore:D:/WINDOWS/Help/iismmc.chm::/HTM/wsa_ftp_isolate.htm

521


(Figure 0980).




522

4. Scroll down until you reach the Web Server (IIS) section (Figure 0982).

5. Click the Add Role Services at the Role Services: section (Figure 0982).

Figure 0982 : Add Role Services

523

6. On the Select Role Services page, select the check box next to the FTP

Publishing Service (Figure 0983).

Figure 0983 : Role Services – FTP Server

7. If you are asked to add role services for FTP Publishing Service, just click the Add Required Role Services button to add the role services. You cannot install FTP Publishing Service unless the required role services are also installed (Figure 0984).

Figure 0984 : Add Role Services – Add Required Role Services

524


Figure 0985 : Role Services – FTP Publishing Service

9. On the Confirm Installation Selections page, click Install button to start installation process (Figure 0986).


525



10. On the Installation Result page, review the information. Click Close to continue (Figure 0988).



526

Configuring FTP Server IIS creates a default FTP site configuration on your hard disk at the time of installation. You can use the C:\inetpub\ftproot directory to store your FTP files, or create any directory or virtual directory you choose. Setting up the FTP service for the first time involves first setting global FTP settings, then settings for the default FTP site, and finally adding the content to the FTP site. IIS uses an inheritance model, which means that settings on higher levels are automatically inherited by lower levels. Settings at lower levels can be edited individually to override inherited settings from the next level up. If you change a setting at a lower level, then later change a setting at a higher level that conflicts with the lower-level setting, you will be prompted to choose whether you want to change the lower-level setting to match the new higher-level setting. EXERCISE 22.2 Change the Default FTP Site Setting.



527

13. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start ►

Administrative Tools ► Internet Information Services (IIS) 6.0 Manager (Figure 0990).

Figure 0990 : Launch Internet Information Services (IIS) 6.0 Manager

14. In the Internet Information Services (IIS) 6.0 Manager, expand your server (Figure 0991).


528

15. Expand the FTP Sites folder (Figure 0992).

Figure 0992 : Internet Information Services (IIS) 6.0 Manager – FTP Sites

You can see, IIS already create a default FTP site on your hard disk. The default folder for the default FTP site is set to the C:\inetpub\ftproot folder.

16. Right-click the Default FTP Site and select Properties (Figure 0993).

Figure 0993 : IIS 6.0 Manager - Default FTP Site

529

17. On the FTP Site tab, under FTP site description, type the name of your FTP

site in the Description: box. (e.g. Server 21 FTP Site) and select IP address for your FTP site (Figure 0994).

Figure 0994 : Default FTP Site Properties

18. Click the OK button. The name of the new site appears in IIS 6.0 Manager (Figure 0995).

Figure 0995: IIS 6.0 Manager – Server 21 FTP Site

19. Click the Refresh button and close the IIS 6.0 Manager.

530

EXERCISE 22.3 Change the FTP Site Home Directories.

Each FTP site on a computer must have its own home directory. The default home directory for the default FTP site is LocalDrive:\inetpub\ftproot. There are two ways to change the home directory of an FTP site:

Use IIS Manager Edit the MetaBase.xml file directly.

But in this exercise we only use IIS Manager.

20. Make sure you are log on to the server as Administrator.

21. Launch the Internet Information Services (IIS) 6.0 Manager. Click Start ► Administrative Tools ► Internet Information Services (IIS) 6.0 Manager (Figure 0996).


531

22. In the Internet Information Services (IIS) 6.0 Manager, expand your server

(Figure 0997).




24. Make sure the FTP Site service is stop. Right-click the Server 21 FTP Site and select Stop (Figure 0999).

Figure 0999 : IIS 6.0 Manager – Server 21 FTP Site

532

25. Right-click the Server 21 FTP Site again, and select Properties (Figure 1000).


26. Click the Home Directory tab (Figure 1001).

Figure 1001 : Server 21 FTP Site Properties – Home Directory

533

27. Select the A directory located on this computer option, and enter the location

of your ftp home directory in the Local path: box (e.g. D:\newweb21) or press the Browse… button to find the location of your ftp home directory (Figure 1002).


Note: If you select a directory on a network share, you might need to enter a user name and password to access the resource. IUSR_computername is the default account used if another account is not specified. If you use an account with administrative credentials on the server, clients can gain access to server operations. This seriously jeopardizes the security of your network. For more information on security see, Security Best Practices in Windows Help.


ms-its:SEconcepts.chm::/sag_SEconceptsbp.htm

534

29. Right-click the FTP site you‟ve just configured, and select Start (Figure 1003).


30. Click the Yes button to start the FTP Server service (Figure 1004).

Figure 1004 : IIS 6.0 Manager – Start Server 21 FTP Site


535

EXERCISE 22.4 Create a Text Document in FTP Home Directory.

32. Launch the Windows Explorer and go to the FTP Home Directory (e.g. D:\newweb21) (Figure 1005).

Figure 1005 : Windows Explorer - D:\newweb21

33. Create a new text document inside FTP Home Directory and rename the text document as testing.txt.

33.1. Right-click in the windows and select New Text Document (Figure 1006).


536

34. Right click testing.txt file and select Edit. This will load the Notepad Editor

(Figure 1007).

Figure 1007 : Edit Text Document


This only test document to test the FTP server.


36. Save the file by pressing Ctrl + S key and close the file.

37. Close all the remaining window.


537

EXERCISE 22.5 Test The FTP Site.





538

41. On the Address box, key-in ftp://www.yourdomain.com

(e.g. ftp://www.myserver.com) and click the Go button (Figure 1011).

Figure 1011 : Internet Explorer - ftp://www.myserver.com

42. Your FTP site will appear in the browser (Figure 1011).

43. Attempt to create a new folder (right click in the window and select New ► Folder) (Figure 1012).

Figure 1012 : ftp://www.myserver.com – Create New Folder

Could you create the folder? YES / NO

539

If NO, why do you think this happened? This happened because you log on to the FTP server as guest (anonymous user). By default, FTP server only allow read permission to anonymous user. And we also not configure the FTP server to allow any user to have write permission on the FTP server.

44. Close all window.


540

EXERCISE 22.6 Configure The FTP Server to Allow User to Upload or Modify File and Directory.





541

48. In the Internet Information Services (IIS) 6.0 Manager, expand your server

(Figure 1015).




50. Right-click the Server 21 FTP Site again, and select Properties (Figure 1017).


542

51. Click the Home Directory tab. Under the FTP site directory, tick the Write

option (Figure 1018).




543

EXERCISE 22.7 Test The FTP Site.





544

56. On the Address box, key-in ftp://www.yourdomain.com

(e.g. ftp://www.myserver.com) and click the Go button (Figure 1021).

Figure 1021 : Internet Explorer - ftp://www.myserver.com


58. Attempt to create a new folder (right click in the window and select New ► Folder) (Figure 1022).

Figure 1022 : ftp://www.myserver.com – Create New Folder

Could you create the folder? YES / NO

545

59. Now try copy any file and paste it to this FTP site.

Could you paste any files? YES / NO Why do you think this is so? You should be could paste a files to the FTP site because you have given permission to everyone to read and write to the FTP site.

60. Close all window.


546

Create New FTP Site Using Multiple IP Address.

You can create multiple FTP sites using multiple IP addresses and multiple ports. While creating multiple sites with multiple IP addresses is a common and recommended practice, it can be more complicated because, by default, clients call port 21 when using the FTP protocol. Therefore, if you create multiple FTP sites using multiple ports, you need to inform users of the new port number so their FTP clients can locate and connect to the port. If you create a new site using the same port as an existing site with the same IP address, the new site will not start. The general rule is that you can have multiple sites using the same IP and port, but only one site from this group can run at a time. If you try to start another site from this group, you receive an error message. Before you start create multiple FTP site using multiple IP address, you need to make sure your server have set with multiple IP address. If not, you have to set your server to use multiple IP address. EXERCISE 22.8 Creating Multi IP Address in Single NIC



547

2. Launch Network and Sharing Center. Click Start ► Right click Network ►


Figure 1024 : Network Properties

3. Under myserver.com (Domain network), click View status (Figure 1025).

Figure 1025 : View Network Status

548

4. Click Properties button to open Local Area Connection Properties (Figure 1026).


5. Select Internet Protocol Version 4 (TCP/IPv4), and click Properties button (Figure 1027).


549

6. Now click the Advanced button (Figure 1028).


7. Select the IP Settings tab (Figure 1029).

8. Under IP addresses field, click Add… button (Figure 1029).

Figure 1029 : Advanced TCP/IP Setting - IP Settings

550

9. Enter second IP address for your server [e.g. 192.168.2.24] (Figure 1030).

Figure 1030 : TCP/IP Address

10. Enter your subnet mask number (e.g. 255.255.255.0) and click the Add button

(Figure 1030).

11. As you can see, now your server has 2 IP address (Figure 1031).

Figure 1031 : Advanced TCP/IP Setting - IP Settings


551





552




553

EXERCISE 22.8.1 Creating New FTP Site for Specific User Using Multiple IP Address. FTP Site can be set to be login only by specific user. You can allow specific users to establish an FTP connection and transfer files with an FTP client or FTP-enabled Web browser. But beyond simply storing files on your server, you must manage how your site is deployed, and more importantly, how your site evolves. This section presents the basics of managing the infrastructure of an FTP site, from securing your site to hosting multiple sites. This exercise to help administrators, and particularly Internet hosting providers, efficiently secure and commercialize the FTP services for their customers. Let's say we want to set Ain Syahmi as administrator for the Student FTP Site.



554

18. Launch Windows Explorer. Click Start ► Right-click Computer ► select

Explore (Figure 1036).




555

20. Create a new folder named StudentSN (SN represents you‟re Station Number).

In previous exercise I use number 21 as my Station Number. So in this exercise my folder named will be Student21. 20.1. Right-click D drive ► select New ► Folder (Figure 1038).


20.2. Rename the folder as Student21 (Figure 1039).


556

21. View the default permission of your Student21 folder. Right-click D:\Student21 folder, and select Properties (Figure 1040).

Figure 1040 : Windows Explorer – D:\Student21

22. Click the Security tab. You should see your default folder security setting permissions for your new Student21 folder (Figure 1041).

Figure 1041 : Student21 Properties

557

23. Delete all users except Administrator. 23.1. Click the Advanced button (Figure 1042).


23.2. Click the Edit… button (Figure 1043).

Figure 1043 : Advanced Security Setting for Student21

558

23.3. Uncheck the check box Include inheritable ….. object’s parent (Figure

1044).

Figure 1044 : Advanced Security Setting for Student21 - Permissions

23.4. Windows Security warnings appear, click Remove button to confirm

remove the inheritable permission (Figure 1045).

Figure 1045 : Windows Security warning

559

23.5. Click the OK button (Figure 1046).

Figure 1046 : Advanced Security Setting for Student21 - Permissions


Figure 1047 : Advanced Security Setting for Student21

560

24. Add Ain Syahmi and set her permissions.

24.1. Click the Edit… button (Figure 1048).


24.2. Click the Add… button (Figure 1049).

Figure 1049 : Permissions for Student21

561

24.3. Key-in Ain Syahmi to add Ain Syahmi and click Check Names button.

(Figure 1050).

Figure 1050 : Select Users, Computer, or Groups window


Figure 1051 : Select Users, Computer, or Groups – Ain Syahmi

562

24.5. Give Ain Syahmi Full Control of this FTP site because we want her to act as administrator for the Student FTP Site. Click the OK button after finish configure (Figure 1052).

Figure 1052 : Permissions for Student21 – Ain Syahmi

24.1. Click the OK button to close the Student21 Properties (Figure 1053).


25. Close all the remaining windows.

563

EXERCISE 22.8.2 Creating New FTP Site – Student FTP Site.

26. Make sure you‟re log on to the server as Administrator.



28. In the Internet Information Services (IIS) 6.0 Manager, expand your server (Figure 1055).


564

29. Right-click the FTP Sites folder, and select New ► FTP Site… (Figure 1056).


30. FTP Site Creation Wizard appears. Click the Next button (Figure 1057).

Figure 1057 : FTP Site Creation Wizard

565

31. FTP Site Description dialog boxes appear. Key-in Student FTP Site in the

Description: box and click the Next button (Figure 1058).

Figure 1058 : FTP Site Creation Wizard - FTP Site Description

32. Now the wizard asking for IP Address and Port Setting, key-in your server

second IP address (e.g. 192.168.2.24) and use the TCP port default setting (Default = 21) . Click the Next button to continue (Figure 1059).

Figure 1059 : FTP Site Creation Wizard - IP Address and Port Setting

566

33. In the FTP User Isolation dialog box, select Do not isolate users, and click

Next button (Figure 1060).

Figure 1060 : FTP Site Creation Wizard - FTP User Isolation

34. Set the FTP Site Home Directory. Under the Path: field, key-in the FTP site home directory (e.g. D:\Student21) and click he Next button (Figure 1061).

Figure 1061 : FTP Site Creation Wizard - FTP Site Home Directory

567

35. Set the FTP Site Access Permissions to Read and Write to allow user upload

and modify the FTP site contents, and then click the Next button to continue (Figure 1062).

Figure 1062 : FTP Site Creation Wizard - FTP Site Access Permissions

36. Click the Finish button to close the FTP Site Creation Wizard (Figure 1063).

Figure 1063 : FTP Site Creation Wizard - Finish


568

EXERCISE 22.8.3 Configure DNS Service for Host Name. In this exercise you will configure host name for your new FTP site (Student FTP Site).

38. Launch DNS Manager. Click Start ►Administrator Tools ► DNS (Figure 1064).


39. Double-click the computer icon to expand the DNS Server (Figure 1065).


569

40. Expand the Forward Lookup Zones (Figure 1066).

Figure 1066 : DNS Manager - Forward Lookup Zones

41. Right click myserver.com and select New Host (A or AAAA)… (Figure 1067).


570

42. In the Name box, type ftpstudent (Figure 1068).

43. Enter IP address for your Student FTP Site (ftpstudent.myserver.com) and make

sure you select the Create associated pointer (PTR) record option (Figure 1068).


44. Click Add Host (Figure 1068).


Figure 1069 : Host Record Successfully Created Message

571

46. Click Done button to exit New Host Wizard (Figure 1070).

Figure 1070: New Host Wizard

47. Click the Refresh button and close the DNS Manager (Figure 1071).



572

EXERCISE 22.8.4 Test FTP Site for Specific User Using Internet Browser.





573

51. On the Address bar, key-in ftp://ftpstudent.yourdomain.com

(e.g. ftp://ftpstudent.myserver.com) and click the Go button (Figure 1074).

Figure 1074 : Internet Explorer - ftp://ftpstudent.myserver.com

52. You will be asking for username and password. Key-in ain.syahmi as username and ain for password. Click the Log On button (Figure 1075).

Figure 1075 : FTP Log On window

574


Figure 1076 : ftp://ftpstudent.myserver.com

54. Use Windows explorer to access the C:\Windows\Web\Wallpaper folder.

55. Click on the file Azul.bmp; drag and drop it into the Student FTP Site window (Figure 1077).

Figure 1077 : ftp://www.myserver.com – Drag and Drop

575

56. Now try copy any files and paste it to this FTP server.

Could you paste any files? YES / NO

57. Try to delete the Azul.bmp file (Figure 1078).

Figure 1078 : ftp://www.myserver.com – Delete File

What happen? Could you delete the files? YES / NO You should can copy and delete files in this FTP site because you have given permission to Ain Syahmi with Full Control permissions.


576

EXERCISE 22.8.5 Test FTP Site for Specific User Using Command Prompt.





577

61. At command prompt, key-in ftp ftpstudent.yourdomain.com

(e.g. ftp ftpstudent.myserver.com) and press Enter (Figure 1081).

Figure 1081 : Command Prompt – ftp log on

62. You'll be asking to enter the username. Key-in ain.syahmi as username and ain for password (Figure 1082).

Figure 1082 : Command Prompt – ftp ain.syahmi log in

63. Key-in ls and press Enter to display contents of the Student FTP site contents (Figure 1083).

Figure 1083 : Command Prompt – ftp content list

578

64. Attempt to upload file from C:\Windows\Web\Wallpaper\Ascent.jpg to the

Student FTP Site. Use the following command to upload the file (Figure 1084):

put C:\Windows\Web\Wallpaper\Ascent.jpg and press Enter.

Figure 1084 : Command Prompt – upload file to FTP server



You can see the file is successfully uploaded to the FTP server.

579

66. Now attempt to change the name of the Ascent.jpg file to AaBbCc.jpg in the

Student FTP Site. Use the following command to rename the file (Figure 1086):

rename Ascent.jpg AaBbCc.jpg and press Enter.

Figure 1086 : Command Prompt – rename file



You can see the Ascent.jpg file is successfully renamed to AaBbCc.jpg.

68. Now attempt to download AaBbCc.jpg file from the Student FTP Site. Use the following command to download (Figure 1088):

get AaBbCc.jpg and press Enter.

Figure 1088 : Command Prompt – download file from FTP server

580

69. Key-in Bye and press Enter to logout from FTP server (Figure 1089).

Figure 1089 : Command Prompt – logout from FTP server

70. Close the Command Prompt.

71. Lunch the Windows Search application. Click Start ► Search (Figure 1090).

Figure 1090 : Lunch the Windows Search application

581

72. Click All files and folders (Figure 1091).

Figure 1091 : Windows Search application

73. Key-in the filename you want to search (e.g. AaBbCc.jpg) in the All or part of the file name: box and click the Search button (Figure 1092).

Figure 1092 : Windows Search application

582

74. You should got one file name AaBbCc after finish the search process. If you want to know the location of the file, place your mouse pointer on the top of the file and the short summary about the file will appear (Figure 1093).

Figure 1093 : Search Results

Normally, all the download files are store in the user home folder.

75. Close all windows and log off the client computer.

Summary

In this exercise you have learn how to:

Changing FTP Site Home Directories: Describes the concept of a home directory and methods for changing the home directory of an FTP site.

Naming FTP Sites: Describes assigning a descriptive name to an FTP site.

Stopping and Starting FTP Sites: Describes why you would need to stop and restart your FTP sites and how to perform these actions.

Changing Default FTP Site Settings: Describes how to change default settings globally or on an individual site.

Creating Multiple FTP Sites: Describes how to use IP addresses or port numbers to differentiate multiple FTP sites.

Adding FTP Sites to Your Server: Describes the process of adding a new FTP site to a server running IIS.

Securing FTP Sites: Describes some of the misconceptions about FTP security and how to establish a secure FTP site.

Isolating FTP Users: Describes the concept of FTP user isolation and which type of isolation to use to restrict users to their own directories.

mk:@MSITStore:F:/webserver/iismmc.chm::/HTM/wsa_ftp_ftphomedirectory.htm

mk:@MSITStore:F:/webserver/iismmc.chm::/HTM/wsa_ftp_ftpnamingsites.htm

mk:@MSITStore:F:/webserver/iismmc.chm::/HTM/wsa_ftp_startstop.htm

mk:@MSITStore:F:/webserver/iismmc.chm::/HTM/wsa_ftp_changeinherited.htm

mk:@MSITStore:F:/webserver/iismmc.chm::/HTM/wsa_ftp_createmultsite.htm

mk:@MSITStore:F:/webserver/iismmc.chm::/HTM/wsa_ftp_addsites.htm

mk:@MSITStore:F:/webserver/iismmc.chm::/HTM/wsa_ftp_secure.htm

mk:@MSITStore:F:/webserver/iismmc.chm::/HTM/wsa_ftp_isolate.htm

Windows Server 2008 Environment

Documents

Transcript of Windows Server 2008 Environment