Scribd Logo
Upload

Welcome to Scribd!

  • Introduction To Computer Hardware and Networking

    Uploaded by

    Sunilkumar Dubey
    274 views183 pages
    This a computer Hardware & Networking Guide and is also helpful to the students those who are appearing for Microsoft Certified Professional Certification (MCP).

    Original Title

    Introduction to Computer Hardware and Networking

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This a computer Hardware & Networking Guide and is also helpful to the students those who are appearing for Microsoft Certified Professional Certification (MCP).

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    274 views183 pages

    Introduction To Computer Hardware and Networking

    Uploaded by

    Sunilkumar Dubey
    This a computer Hardware & Networking Guide and is also helpful to the students those who are appearing for Microsoft Certified Professional Certification (MCP).

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 183

    Tutorial By: Sunilkumar Dubey Location: India (Mumbai) Contact: +91-8007846661 Email: sunilkumardubey@hotmail.

    com

    Microsoft Certified Professional MCP


    Obtaining a Microsoft Certified Professional certification is the first step into proving your skills with Microsoft products. Includes following Modules:

    Windows Quickstart XP-Server 2003 Overview Managing Disks Installations Local Users and Groups Shared Folders NTFS Printing Windows Hardware Monitoring and Optomisation Local Security TCP-IP Interoperability Remote Desktop and Terminal Services

    -1-

    Introduction To Hardware
    The interior of a computer looks very complicated at first glance. When the case is removed there is a mass of bits, cables and components that can intimidate the uninitiated. This lesson will seek to dispense some of the mist that may surround the hardware of a computer.

    Motherboards
    The most important part of any computer is the motherboard. As the name implies a motherboard is the mother of all other components in a computer. The motherboard brings all the core components together such as the Central Processing Unit (CPU), Memory and Hard Disks. In short, the motherboard connects and allows all of the components in the computer to work together. There are two different types of Motherboard: AT style and ATX style.

    AT Motherboards
    The AT-style motherboards represent the classic approach to component placement. ATmotherboards are available in two variations, the baby AT and the full AT. Both variations simply refer to the overall dimensions of the board. AT Boards are generally found in older systems, typically those that use the now aged Pentium Processor. The Majority of AT motherboards had a single keyboard port soldered to the motherboard The I/O ports (e.g. USB, COM and PS/2 ports) are separate from the motherboard and are placed on a riser card or separate headers. To identify an AT motherboard first check the power connectors. AT Motherboards use two sets of 6-pin inline power connectors Caution it is possible to plug these connectors in the wrong order and fuse the motherboard.

    -2-

    ATX Motherboards
    The ATX-style motherboards are a result of the industrys push for standardization and are found in most systems today. Most modern computers contain an ATX motherboard. ATX boards can use Advanced Power Management. Distinguished by having more than just one external connector ATX boards have Keyboard, Mouse, Serial, Parallel and USB connectors. ATX boards can also be distinguished by the monoblock power connectors. Also available in micro ATX enabling the use of smaller cases.

    Motherboard Components
    There are two types of receivers for CPUs Zero insertion force or ZIF sockets. With a ZIF socket, before the CPU is inserted, a lever or slider on the side of the socket is moved, pushing all the sprung contacts apart so that the CPU can be inserted with very little force (generally the weight of the CPU itself is sufficient with no external downward force required). The lever is then moved back, allowing the contacts to close and grip the pins of the CPU, often with a fan attached for cooling. Single Edged Contact (SEC) cartridge slot or Slot 1 seen on PII and PIIIs. Developed by Intel to add Cache memory for the processor cheaply The processor is mounted on a Single Edge Connector Cartridge (SECC), much like a PCI slot, but with a 242-lead edge-connector.

    Bridges
    There are two main bridges on a motherboard the Northbridge and the Southbridge. Bridges control access to the processor from the peripherals. The Northbridge, also known as the Memory Controller Hub (MCH), is traditionally one of the two chips in the core logic chipset on a PC motherboard. The Northbridge typically controls communications between the CPU, RAM, AGP or PCI Express, and the Southbridge.. A Northbridge will typically work with only one or two classes of CPUs and generally only one type of RAM. There are a few chipsets that support two types of RAM (generally these are available when there is a shift to a new standard). -3-

    The Southbridge, also known as the I/O Controller Hub (ICH), is a chip that implements the slower capabilities of the motherboard in a Northbridge Southbridge chipset computer architecture. The Southbridge can usually be distinguished from the Northbridge by not being directly connected to the CPU. Rather, the Northbridge ties the Southbridge to the CPU. The functionality found on a contemporary Southbridge includes:PCI bus, ISA bus, SMBus, DMA controller, Interrupt controller, IDE, (SATA or PATA) controller ,LPC Bridge, Real Time Clock, Power management (APM and ACPI) and Nonvolatile BIOS memory

    BIOS Chips
    The [[BIOS( Basic Input Output System)]] refers to the software code run by a computer when first powered on. The primary function of BIOS is to prepare the machine so other software programs stored on various media (such as hard drives, floppies, and CDs) can load, execute, and assume control of the computer. This process is known as booting up. The BIOS is stored as a ROM (Read-Only Memory) program and is retained when the machine is turned off. Settings within the BIOS may be changed by the user and these changes are stored in the BIOS memory this is maintained by a trickle of charge from the BIOS battery.

    Memory
    SIMMS- Single Inline Memory Modules. An older type of memory only seen on very old motherboards came in 30 pin modules and 72 pin modules. SDRAM chips are rated according to their maximum clock rate and their read cycle time. Common clock ratings include 66MHz, 100MHz, and 133MHz. Common read cycle times include 50ns and 60ns. DDR SDRAM or double-data-rate synchronous dynamic random access memory is a type of memory integrated circuit used in computers. It achieves greater bandwidth than ordinary SDRAM by transferring data on both the rising and falling edges of the clock signal (double pumped). This effectively nearly doubles the transfer rate without increasing the frequency of the front side bus. Stick/module specification PC-1600: DDR-SDRAM memory module specified to operate at 100 MHz using DDR-200 chips, 1.600 GByte/s bandwidth PC-2100: DDR-SDRAM memory module specified to operate at 133 MHz using DDR-266 chips, 2.133 GByte/s bandwidth PC-2700: DDR-SDRAM memory module specified to operate at 166 MHz using DDR-333 -4-

    chips, 2.667 GByte/s bandwidth PC-3200: DDR-SDRAM memory module specified to operate at 200 MHz using DDR-400 chips, 3.200 GByte/s bandwidth

    Drive Connectors
    Integrated Device Electronic (IDE) [Integrated Device Electronic (IDE)]] connectors connect the motherboard, via a ribbon cable to various peripherals, the most common being hard drives and CD ROMs. On most boards there are 2 channels/connectors, each can have 2 devices attached giving a total of four IDE devices. If one device is attached to a cable, it should be configured as the master. If two devices are attached to the same cable then one must be the master device and one the slave. Master and slave are configured by the use of jumpers. Jumpers are small, insulated sleeves with a contact inside used to complete a circuit

    Hard Disks
    Hard disks are used to store data in a non-volatile form within the machine. I.e. the data remains intact even if the power to the device is cut off. Data is stored as magnetic ones and zeros on a steel platen and is read by pickup arms that scan the drive as the platens spin Most major hard drive and motherboard vendors now support self-monitoring, analysis, and reporting technology (S.M.A.R.T.), by which impending failures can be predicted, allowing the user to be alerted to prevent data loss.The mostly sealed enclosure protects the drive internals from dust, condensation, and other sources of contamination. The hard disks readwrite heads fly on an air bearing which is a cushion of air only nanometers above the disk surface. The disk surface and the drives internal environment must therefore be kept immaculate to prevent damage from fingerprints, hair, dust, smoke particles, etc., given the submicroscopic gap between the heads and disk.

    Floppy Disks
    The floppy disc controller is generally situated near the IDE controllers and in fact looks like a small IDE slot

    -5-

    The ribbon has a twist and the first floppy drive (A: drive) should be placed after the twist if the cable has more than three connectors. If the cable is really old it may have a connector for a 5 1/4 Floppy drive.

    SCSI
    SCSI stands for Small Computer System Interface, and is a standard interface and command set for transferring data between devices on both internal and external computer buses. SCSI is most commonly used for hard disks and tape storage devices, but also connects a wide range of other devices, including scanners, printers, CD-ROM drives, CD recorders, and DVD drives. In fact, the entire SCSI standard promotes device independence, which means that theoretically SCSI can be used with any type of computer hardware. On a parallel SCSI bus, a device (e.g. host adapter, disk drive) is identified by a SCSI ID, which is a number in the range 0-7 on a narrow bus and in the range 0-15 on a wide bus.

    SATA
    Serial ATA (SATA) is a computer bus technology primarily designed for transfer of data to and from a hard disk. It is the successor to the legacy AT Attachment standard (ATA). This older technology was retroactively renamed Parallel ATA (PATA) to distinguish it from Serial ATA. Both SATA and PATA drives are IDE (Integrated Drive Electronics) drives, although IDE is often misused to indicate PATA drives. The two SATA interfaces, SATA/150, runs at 1.5 GHz resulting in an actual data transfer rate of 1.2 Gigabits per second (Gb/s), or 150 megabytes per second (MB/s). SATA II 3Gb/s resulting in an actual data transfer rate of 2.4 Gb/s, or 300 MB/s.

    Motherboard Slots
    To add more functionality to a computer, cards such as network or video cards can be added. Sometimes these functions are built into the motherboard. There are several types of expansion slots: The PCI (Peripheral Component

    Interconnect) The PCI bus is common in modern PCs, where it has displaced ISA as the standard expansion bus, but it also appears in many other computer types.

    -6-

    PCI 2 33.33 MHz clock with synchronous transfers peak transfer rate of 133 MB per second for 32-bit bus. PCI 2.2 allows for 66 MHz signalling (requires 3.3 volt signalling) (peak transfer rate of 503 MB/s) PCI 2.3 permitted use of 3.3 volt and universal keying, but did not support 5 volt keyed add in cards. PCI 3.0 is the final official standard of the bus, completely removing 5 volt support. ISA/EISA; Industry Standard Architecture and Extended Industry Standard Architecture An older type of bus connector. Considered obsolete PCI Express, PCIe, or PCI-E is an implementation of the PCI computer bus that uses existing PCI programming concepts, but bases it on a completely different and much faster serial physical-layer communications protocol. PCIe transfers data at 250 MB/s (238 MiB/s), per channel to a maximum of 16 channels, a total combined transfer rate of 4GB/s (3.7 GiB/s). Almost all of the high end graphics cards being released today use PCI Express. NVIDIA uses the high-speed data transfer of PCIe for its newly developed Scalable Link Interface (SLI) technology, which allows two graphics cards of the same chipset and model number to be run at the same time, allowing increased performance. The Accelerated Graphics Port (also called Advanced Graphics Port) is a high-speed point-topoint channel for attaching a graphics card to a computers motherboard, primarily to assist in the acceleration of 3D computer graphics. Some motherboards have been built with multiple independent AGP slots. AGP is slowly being phased out in favour of PCI Express. AGP 1x, using a 32-bit channel operating at 66 MHz resulting in a maximum data rate of 266 megabytes per second (MB/s), doubled from the 133 MB/s transfer rate of PCI bus 33 MHz / 32-bit; 3.3 V signaling. AGP 2x, using a 32-bit channel operating at 66 MHz double pumped to an effective 133 MHz resulting in a maximum data rate of 533 MB/s; signaling voltages the same as AGP 1x; AGP 4x, using a 32-bit channel operating at 66 MHz quad pumped to an effective 266 MHz resulting in a maximum data rate of 1066 MB/s (1 GB/s); 1.5 V signaling; AGP 8x, using a 32-bit channel operating at 66 MHz, strobing eight times per clock, delivering an effective 533 MHz resulting in a maximum data rate of 2133 MB/s (2 GB/s); 0.8 V signaling.

    Peripheral Connections
    There are a number of ports on the motherboard for the connection of additional devices: -7-

    Serial ports connected the computer to devices such as terminals or modems. Mice, keyboards, and other peripheral devices also connected in this way. Parallel ports are most often used to communicate with peripheral devices. The most common kind of parallel port is a printer port, such as a Centronics connector based port which transfers eight bits at a time. Disk drives are also connected via special parallel ports, such as those used by the SCSI and ATA technlogies. However, when people refer to a parallel port, they are usually referring to a printer port, either on a printer or a PC. A USB system has an asymmetric design, consisting of a host controller and multiple daisychained devices. Additional USB hubs may be included in the chain, allowing branching into a tree structure, subject to a limit of 5 levels of branching per controller. No more than 127 devices, including the bus devices, may be connected to a single host controller. Modern computers often have several host controllers, allowing a very large number of USB devices to be connected. USB cables do not need to be terminated. USB supports three data rates. A Low Speed rate of 1.5 Mbit/s (183 KiB/s) that is mostly used for Human Interface Devices (HID) such as keyboards, mice, and joysticks. A Full Speed rate of 12 Mbit/s (1.5 MiB/s). Full Speed was the fastest rate before the USB 2.0 specification and many devices fall back to Full Speed. Full Speed devices divide the USB bandwidth between them in a first-come first-served basis and it is not uncommon to run out of bandwidth with several isochronous devices. All USB Hubs support Full Speed. A Hi-Speed rate of 480 Mbit/s (57 MiB/s).

    -8-

    Networking

    Why use a Network?


    Quite simply explained we use networks for communication between computers, sharing of data and peripherals. In the business world we use networks for ease of administration and to cut costs. Sharing data example imagine an office with 5 secretaries working on 5 different computers, one requires a file from another computer in a non networked office this file would have to be written to a portable media then loaded onto the computer. In a networked office the file could be accessed via the network from a shared folder. Sharing peripherals example the same office with 5 secretaries working on 5 different computers, in order to print their work each computer would need to have a printer attached. In a networked office you could have one shared printer, cutting costs.

    What do you need?


    A common language or protocol (TCP/IP IPX/SPX, APPLE TALK) is a convention or standard that controls or enables the connection, communication, and data transfer between two computing endpoints. A common language or protocol (TCP/IP IPX/SPX, APPLE TALK) is a convention or standard that controls or enables the connection, communication, and data transfer between two computing endpoints. Cabling BNC,Cat5, fibre optic Hardware NIC(Network Interface Card), router, switch, hub, modem wireless access point. Network Service (DNS, WINS, DHCP).

    -9-

    Network Hardware

    Network Interface Card


    A network card, network adapter, network interface card or NIC is a piece of computer hardware designed to allow computers to communicate over a computer network. It has a MAC address. Every network card has a unique 48-bit serial number called a MAC address, which is written to ROM carried on the card. Every computer on a network must have a card with a unique MAC address. The IEEE is responsible for assigning MAC addresses to the vendors of network interface cards. No two cards ever manufactured should share the same address.

    Hubs
    An Ethernet hub or concentrator is a device for connecting multiple twisted pair or fibre optic Ethernet devices together, making them act as a single segment. It works at the physical layer of the OSI model, repeating the signal received at one port out each of the other ports (but not the original one). The device is thus a form of multiport repeater. Ethernet hubs are also responsible for forwarding a jam signal to all ports if it detects a collision. Hubs also often come with a BNC and/or AUI connector to allow connection to legacy 10BASE2 or 10BASE5 network segments. The availability of low-priced Ethernet switches has largely rendered hubs obsolete but they are still seen in older installations and more specialist applications.

    Switches

    - 10 -

    A network switch or switch for short is a networking device that performs transparent bridging (connection of multiple network segments with forwarding based on MAC addresses) at full wire speed in hardware. As a frame comes into a switch, the switch saves the originating MAC address and the originating (hardware) port in the switchs MAC address table. This table often uses content-addressable memory, so it is sometimes called the CAM table. The switch then selectively transmits the frame from specific ports based on the frames destination MAC address and previous entries in the MAC address table. If the destination MAC address is unknown, for instance, a broadcast address or (for simpler switches) a multicast address, the switch simply transmits the frame out of all of the connected interfaces except the incoming port. If the destination MAC address is known, the frame is forwarded only to the corresponding port in the MAC address table.

    Hubs VS Switches
    A hub, or repeater, is a fairly unsophisticated broadcast device. Any packet entering any port is broadcast out on every port and thus hubs do not manage any of the traffic that comes through their ports. Since every packet is constantly being sent out through every port, this results in packet collisions, which greatly impedes the smooth flow of traffic. A switch isolates ports, meaning that every received packet is sent out only to the port on which the target may be found (assuming the proper port can be found; if it is not, then the switch will broadcast the packet to all ports except the port the request originated from). Since the switch intelligently sends packets only where they need to go the performance of the network can be greatly increased.

    Routers
    A router is a computer networking device that forwards data packets across a network toward their destinations, through a process known as routing. A router acts as a junction between two or more networks to transfer data packets among them. A router is different from a switch. A switch connects devices to form a Local area network (LAN). One easy illustration for the different functions of routers and switches is to think of switches as local streets, and the router as the junctions with the street signs. Each house on the local street has an address within a range on the street. In the same way, a switch connects various devices each with their own IP address(es) on a LAN. Routers connect networks together the way that on-ramps or major junctions connect streets to both main roads and motorways. The street signs at the junctions the (routing table) show which way the packets need to flow.

    - 11 -

    Wireless
    Wireless Access Point (WAP) A wireless access point (AP) connects a group of wireless stations to an adjacent wired local area network (LAN). An access point is similar to an Ethernet hub, but instead of relaying LAN data only to other LAN stations, an access point can relay wireless data to all other compatible wireless devices as well as to a single (usually) connected LAN device, in most cases an Ethernet hub or switch, allowing wireless devices to communicate with any other device on the LAN. Wireless Routers A wireless router integrates a wireless access point with an Ethernet switch and an Ethernet router. The integrated switch connects the integrated access point and the integrated Ethernet router internally, and allows for external wired Ethernet LAN devices to be connected as well as a (usually) single WAN device such as a cable modem or DSL modem. A wireless router advantageously allows all three devices (mainly the access point and router) to be configured through one central configuration utility, usually through an integrated web server. However one disadvantage is that one may not decouple the access point so that it may be used elsewhere.

    Cables
    Cable Terminology
    10BASE2 (also known as cheapernet or thinnet) is a variant of Ethernet that uses thin coaxial cable. The 10 comes from the maximum transmission speed of 10 Mbit/s (millions of bits per second). The BASE stands for baseband signaling, and the 2 represents a rounded up shorthand for the maximum segment length of 185 metres (607 feet). 10BASE5 (also known as thicknet) is the original full spec variant of Ethernet cable. The 10 refers to its transmission speed of 10 Mbit/s. The BASE is short for baseband signalling as opposed to broadband, and the 5 stands for the maximum segment length of 500 metres. 10BASE-T is an implementation of Ethernet which allows stations to be attached via twisted pair cable. The name 10BASE-T is derived from several aspects of the physical medium. The 10 refers to the transmission speed of 10 Mbit/s. The BASE is short for baseband.The T comes from twisted pair, which is the type of cable that is used 100BASE-T is any of several Fast Ethernet 100 Mbit/s CSMA/CD standards for twisted pair cables, including: 100BASE-TX (100 Mbit/s over two-pair Cat5 or better cable). The segment length for a 100BASE-T cable is limited to 100 metres

    - 12 -

    Coaxial
    Coaxial cable is an electrical cable consisting of a round conducting wire, surrounded by an insulating spacer, surrounded by a cylindrical conducting sheath, usually surrounded by a final insulating layer. It is used as a high-frequency transmission line to carry a highfrequency or broadband signal. BNC connectors were commonly used on 10base2 thin Ethernet networks, both on cable interconnections and network cards, though these have largely been replaced by newer Ethernet devices whose wiring does not use coaxial cable.

    CAT 5
    Category 5 cable, commonly known as Cat 5, is an unshielded twisted pair cable type designed for high signal integrity. Category 5 has been superseded by the Category 5e specification. This type of cable is often used in structured cabling for computer networks such as Gigabit Ethernet, although they are also used to carry many other signals such as basic voice services, token ring. Category 5 cable included four twisted pairs in a single cable jacket. It was most commonly used for 100 Mbit/s networks, such as 100BASE-TX Ethernet Cat5 cable uses an RJ-45 (Registered Jack-45) connector at each end of the cable with a fixed wiring scheme. The ends are then crimped on to the cable

    - 13 -

    Wiring Scheme
    Patch or straight through cables have Wiring scheme 1 at both ends of the cable and are used to connect computers to network wall sockets or hubs. Crossover cables have Wiring scheme 1 at one end of the cable and Wiring scheme 2 at the other. These cables are used to connect network hardware together e.g. PC to PC, hub to hub.

    Protocols
    A protocol (TCP/IP IPX/SPX, APPLE TALK) is a convention or standard that controls or enables the connection, communication, and data transfer between two computing endpoints. Sending and receiving systems need to use the same protocol unless a gateway service sits between networks and translates from one to the other. Most protocols specify one or more of the following properties:

    Detection of the underlying physical connection (wired or wireless), or the existence of the other endpoint or node Handshaking Negotiation of various connection characteristics How to start and end a message How to format a message What to do with corrupted or improperly formatted messages (error correction) How to detect unexpected loss of the connection, and what to do next Termination of the session or connectio

    NetBIOS
    NetBIOS is an acronym for Network Basic Input/Output System. The NetBIOS API allows applications on separate computers to communicate over a local area network. NetBIOS must be enabled for Windows File and Print Sharing to work. NetBIOS provides three distinct services:

    - 14 -

    Name service for name registration and resolution Session service for connection-oriented communication Datagram distribution service for connectionless communication.

    Name service In order to start Sessions or distribute Datagrams, an application must register its NetBIOS name using the Name service. NetBIOS names are 16 bytes in length Session service Session mode lets two computers establish a connection for a conversation, allows larger messages to be handled, and provides error detection and recovery. In NBT, the session service runs on TCP port 139. Datagram distribution service Datagram mode is connectionless. Since each message is sent independently, they must be smaller; the application becomes responsible for error detection and recovery. In NBT, the datagram service runs on UDP port 138.

    IPX/SPX (NWLINK)
    Internetwork Packet Exchange (IPX) is the OSI-model Network layer protocol in the IPX/SPX protocol stack. The IPX/SPX protocol stack is supported by Novells NetWare network operating system. Because of Netwares popularity through the late 1980s into the mid 1990s, IPX became a popular internetworking protocol. Novell derived IPX from Xerox Network Services IDP protocol. IPX usage is in general decline as the boom of the Internet has made TCP/IP nearly universal. Computers and networks can run multiple network protocols, so almost all IPX sites will be running TCP/IP as well to allow for Internet connectivity. It is also now possible to run Novell products without IPX, as they have supported both IPX and TCP/IP since NetWare reached version 5. Sequenced Packet Exchange (SPX) is a transport layer protocol (layer 4 of the OSI Model) used in Novell Netware networks. The SPX layer sits on top of the IPX layer (layer 3 the network layer) and provides connection-oriented services between two nodes on the network. SPX is used primarily by client/server applications. NWLink is a IPX/SPX-compatible protocol developed by Microsoft and used in its Windows NT product line.NWLink is Microsofts version of Novells IPX/SPX Protocol. The Microsoft version of NWLink includes the same level of functionality as the Novell Protocol. NWLink includes a tool for resolving NetBIOS names.NWLink packages data to be compatible with client/server services on NetWare Networks. However, NWLink does not provide access to NetWare File and Print Services. To access the File and Print Services the Client Service for NetWare needs to be installed.

    AppleTalk
    - 15 -

    AppleTalk is a suite of protocols developed by Apple Computer for computer networking. It was included in the original Macintosh (1984) and is now used less by Apple in favour of TCP/IP networking. AppleTalk contains two protocols aimed at making the system completely self-configuring. The AppleTalk address resolution protocol (AARP) allowed AppleTalk hosts to automatically generate their own network addresses, and the Name Binding Protocol (NBP) was essentially a dynamic DNS system which mapped network addresses to user-readable names. For interoperability Microsoft maintains the file services for Macintosh and the print services for Macintosh

    TCP/IP
    The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. It is sometimes called the TCP/IP protocol suite, after the two most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two defined.The Internet protocol suite like many protocol suites can be viewed as a set of layers, each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted.The OSI model describes a fixed, seven layer stack for networking protocols. Comparisons between the OSI model and TCP/IP can give further insight into the significance of the components of the IP suite, but can also cause confusion, as TCP/IP consists of only 4 layers. The four layers in the DoD model, from bottom to top, are:

    The Network Access Layer is responsible for delivering data over the particular hardware media in use. Different protocols are selected from this layer, depending on the type of physical network.

    The Internet Layer is responsible for delivering data across a series of different physical networks that interconnect a source and destination machine. Routing protocols are most closely associated with this layer, as is the IP Protocol, the Internets fundamental protocol.

    The Host-to-Host Layer handles connection rendezvous, flow control, retransmission of lost data, and other generic data flow management. The mutually exclusive TCP and UDP protocols are this layers most important members. - 16 -

    The Process Layer contains protocols that implement user-level functions, such as mail delivery, file transfer and remote login.

    Network Services
    DNS (Domain Naming System)
    The Domain Name System (DNS) stores and associates many types of information with domain names, but most importantly, it translates domain names (computer hostnames) to IP addresses. It also lists mail exchange servers accepting e-mail for each domain. In providing a worldwide keyword-based redirection service, DNS is an essential component of contemporary Internet use. The DNS pre-eminently makes it possible to attach easy-to-remember domain names (such as es-net.co.uk) to hard-to-remember IP addresses (such as 270.146.131.206). People take advantage of this when they recite URLs and e-mail addresses.

    WINS (Windows Internet Naming Service)


    Windows Internet Naming Service (WINS) is Microsofts implementation of NetBIOS Name Server (NBNS) on Windows, a name server and service for NetBIOS computer names. Effectively, it is to NetBIOS names what DNS is to domain names a central mapping of host names to network addresses. However, the mappings have always been dynamically updated (e.g. at workstation boot) so that when a client needs to contact another computer on the network it can get its up-to-date DHCP allocated address. Networks normally have more than one WINS server and each WINS server should be in push pull replication; the favoured replication model is the hub and spoke, thus the WINS design is not central but distributed. Each WINS server holds a full copy of every other related WINS systems records. There is no hierarchy in WINS (unlike DNS), but like DNS its database can be queried for the address to contact rather than broadcasting a request for which address to contact. The system therefore reduces broadcast traffic on the network, however replication traffic can add to WAN / LAN traffic.

    DHCP (Dynamic Host Configuration Protocol)


    The Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default routers, and other IP parameters. The assignment usually occurs when the DHCP configured machine boots up or regains connectivity to the network. The DHCP client sends out a query requesting a response from a DHCP server on the locally attached network. The DHCP server then replies to the client with its assigned IP address, - 17 -

    subnet mask, DNS server and default gateway information.The assignment of the IP address usually expires after a predetermined period of time, at which point the DHCP client and server renegotiate a new IP address from the servers predefined pool of addresses. Configuring firewall rules to accommodate access from machines who receive their IP addresses via DHCP is therefore more difficult because the remote IP address will vary from time to time. Administrators must usually allow access to the entire remote DHCP subnet for a particular TCP/UDP port. Most home routers and firewalls are configured in the factory to be DHCP servers for a home network. ISPs (Internet Service Providers) generally use DHCP to assign clients individual IP addresses.DHCP is a broadcast-based protocol. As with other types of broadcast traffic, it does not cross a router.

    APIPA (Automatic Private IP Addressing)


    If computers are unable to pick an address up from a DHCP server they use Automatic Private IP Addressing (APIPA). This means the computer will assign itself a random address between 169.254.0.1 169.254.254.254/16, allowing it to communicate with other clients who are also using APIPA. Automatic Private IP Addressing (APIPA), this allows unknowledgeable users to connect computers, networked printers, and other items together and expect them to work. Without Zeroconf or something similar, a knowledgeable user must either set up special servers, like DHCP and DNS, or set up each computer by hand.

    Networks
    A Local Area Network (LAN) is a computer network covering a small local area, like a home, office, or small group of buildings such as a home, office, or college. Current LANs are most likely to be based on switched Ethernet or Wi-Fi technology running at 10, 100 or 1,000 Mbit/s.The defining characteristics of LANs in contrast to WANs (wide area networks) are: their much higher data rates; smaller geographic range; and that they do not require leased telecommunication lines. A Personal Area Network (PAN) is a computer network used for communication among computer devices (including telephones and personal digital assistants) close to one person. The reach of a PAN is typically a few metres and may use Bluetooth, wireless or USB for connection. A Wide Area Network (WAN) is a computer network covering a wide geographical area, involving a vast array of computers. This is different from personal area networks (PANs), metropolitan area networks (MANs) or local area networks (LANs) that are usually limited to a room, building or campus. The most well-known example of a WAN is the Internet. WANs - 18 -

    are used to connect local area networks (LANs) together, so that users and computers in one location can communicate with users and computers in other locations.

    - 19 -

    Introduction To Windows

    Operating Systems
    The most important piece of software on any computer is the operating system. The operating system gives the framework upon which all other services and applications run. The majority of home users use a Windows based machine. Most of todays applications and games are designed to run solely on Microsoft systems. Microsoft Windows is extremely popular in schools and colleges, many businesses also use Windows.

    Introduction to Microsoft Windows


    The oldest of all Microsofts operating systems is MS-DOS (Microsoft Disk Operating System). MS-DOS is a text-based operating system. Users have to type commands rather than use the more friendly graphical user interfaces (GUIs) available today. Despite its very basic appearance, MS-DOS is a very powerful operating system. There are many advanced applications and games available for MS-DOS. A version of MS-DOS underpins Windows. Many advanced administration tasks in Windows can only be performed using MS-DOS. The history of Microsoft Windows dates back to 1985, when Microsoft released Microsoft Windows Version 1.01. Microsofts aim was to provide a friendly user-interface known as a GUI (graphical user interface) which allowed for easier navigation of the system features. Windows 1.01 never really caught on. (The amazing thing about Windows 1.01 is that it fitted on a single floppy disk!). In 1987 Microsoft revamped the operating system and released Windows 2.03. The GUI was very slightly improved but still looked too similar to Windows 1.01. The operating system again failed to capture a wide audience. Microsoft made an enormous impression with Windows 3.0 and 3.1. Graphics and functionality were drastically improved. The Windows 3.x family provided multimedia capabilities as well as vastly improved graphics and application support. Building on the success of Windows 3.x, Microsoft released Microsoft Windows For Workgroups 3.11. This gave Windows the ability to function on a network. It is not uncommon to find companies still using Windows 3.11. - 20 -

    In 1993 Microsoft divided the operating system into two categories; Business and home user. Windows NT (New Technology) was a lot more reliable than Windows 3.x. Windows NT provided advanced network features. On the business front, Windows NT continued to develop with the release of version 3.51. Different versions were provided which offered different functionality. Server provided the higher network functions and Workstation was mainly for the client machines. In 1995 Windows went through a major revamp and Microsoft Windows 95 was released. This provided greatly improved multimedia and a much more polished user interface. The now familiar desktop and Start Menu appeared. Internet and networking support was built in Although Windows 95 was a home user operating system, it proved to be very popular in schools and businesses. After the success of Windows 95, Microsoft improved the GUI interface of Windows NT and released Windows NT 4.0. NT4 could be tailored to the size of the business, NT4 Server for small to medium sized businesses and Enterprise Server for larger networks. Microsoft continued to improve the Windows format. Although Microsoft Windows 98 was very similar to Windows 95, it offered a much tidier display and enhanced multimedia support. Breaking with its own naming conventions, Microsoft released Windows 2000 (initially called NT 5.0) for the business market. It appeared in 4 models: Professional -which replaced Workstation, Server, Advanced Server and Datacenter Server catered for differing business requirements. Although Windows 2000 had a greatly

    improved user interface, the best of the enhancements appeared on the server side. Active Directory was introduced which allowed much greater control of security and organisation. Improvements to the overall operating system allowed for easier configuration and installation. One big advantage of Windows 2000 was that operating system settings could be modified easily without the need to restart the machine. Windows 2000 proved to be a very stable operating system that offered enhanced security and ease of administration. The last incarnation of the Windows 9x family was Windows Millennium Edition (ME). There were many different versions of Windows floating around at this stage that Microsoft decided the next release of Windows would consolidate both the business and home versions. Although Windows ME was visually similar to Windows 2000. Windows ME was - 21 -

    based on the Windows 9x line. Windows 9x/ME systems are not as secure and stable as Windows NT and 2000 systems. Because of the stability of Windows NT/2000, Microsoft decided to end the development of the Windows 9x line, and merge both the consumer and business products. Microsoft Windows XP comes as the Home Edition and Professional, each is based on Windows 2000. Windows 2000 Server has been upgraded to Windows 2003. This appears in four variants: Web Server, Standard Server, Enterprise Server and Datacenter Server, each fulfilling a different business role. Windows XP has a very polished look, but the overall functionality is very similar to Windows 2000.

    Other Operating Systems


    The Windows family is the most widely used Operating System. There are other operating systems in the computing world, and some are a lot older than Microsoft Windows. Luckily most operating systems can interoperate with each other. Many of todays larger networks contain a variety of operating systems.

    UNIX
    A big advantage of UNIX is that it can be run on nearly every computer hardware platform including Apple Macintosh machines. The UNIX operating system is one of the oldest and most powerful operating systems. It was developed by Bell Laboratories. There are many variants of UNIX available.

    Novell NetWare
    Novell NetWare is an advanced network operating system. It has an advanced directory service structure similar to Microsofts Active Directory. Fortunately both directory services are interoperable as both directories use the x500 directory service standard.

    Linux/FreeBSD
    Two of the most popular variations of UNIX come in the form of Linux and FreeBSD. A big advantage of both Linux and FreeBSD is that they are both open-source, that is, any user can contribute to the development of the OS. Versions of both operating systems are completely free. Linux and FreeBSD can easily take the role of a server or client machine. However, they are considered to be more difficult to master as both utilize the command line rather than a user - 22 -

    friendly GUI. There are several different distributions of Linux, but for each the underlying operating system remains the same. Apple Macintosh machines offer high performance sound and graphics editing and are therefore extremely popular in the design industry. Apple have developed their own operating system, the newest version of which is the Mac OS X, which is based on UNIX. Mac OS X is a very user friendly operating system and is increasingly popular for home PCs.

    - 23 -

    Managing Files And Folders


    A file is a collection of numbers which have been written to your computers hard drive. These numbers can be converted into a picture, a sound, text, or a set of instructions for a program to perform certain actions. A clue to a files type is given by its Icon or by its file extension. Folders are containers for anything on a computer including files and other folders. A path lists the folders that have to be opened to get to the required file. Folders were called directories on older Microsoft systems.

    These are some typical file icons. They help the user to identify the file type. There are innumerable file types, some of the common ones are represented here: 1. .bmp a bitmap image 2. .doc a Word document 3. .wav a sound file 4. .ppt animated slides 5. .txt plain text 6. .xls a spreadsheet 7. .dbf a database file 8. A shortcut (note the arrow) 9. .exe an application (a program) Windows allows you to view information about files in different ways. the icon view the default used by Windows XP.

    - 24 -

    To change the icon view, click on View on the menu bar. Select the required view from the available list. By default if a file type is a known one, such as a Microsoft Word Document, Windows wont display its file extension. To view all file extensions click on Tools on the menu bar. Various options can be configured. e.g. Display compressed files and folders with alternate colours. To display all file extensions, untick the Hide file extensions for known file types box. File extensions are best left alone. Opening a file with the wrong application can sometimes damage the file. However you may at some stage need to change a files extension.

    Folders
    Each of these is a folder. They may contain files or other folders (called subfolders) or both. There may be many nestings of folders within folders.

    Files and folders are located on the computer by using a file path. The James folder is located inside a folder called Home, which is located inside a folder called es-net, which is located on the C: drive. The file path will be C:\es-net\Home\James.

    Moving and Copying


    To move a file or folder, either right click on its icon OR left click on the Edit option on the toolbar. Choose cut to move or copy to copy!

    - 25 -

    At this point the item has been placed onto a clipboard an area of memory accessible from nearly any application in Windows. Right click (or open Edit in the toolbar) in an open destination folder and choose Paste (or use drag and drop) . When an attempt is made to move an item between volumes, it is effectively copied, and the original remains.

    Creating Files and Folders


    This is mercifully easy. Simply right-click on some empty space in any suitable folder or the desktop and choose to create a new object from the choices offered. Be careful not to alter the file extension, as this can render the file unreadable. File extensions are usually hidden for this reason.

    - 26 -

    Start Menu
    The Start Menu was introduced in Windows 95 and allows for applications to be easily located and launched. As the name implies, The Start menu is the starting point for most tasks in Windows. Clicking on START is a recommended way to access frequently used applications: Clicking on START reveals the Run option which provides a quick way of launching command-line utilities. The first few characters of a pathname have been typed and the auto-complete feature uses this to make suggestions based upon recent usage. Clicking on one of these completes the entry. This can be useful to avoid mistyping. The Start Menu can also be easily configured by simply right-clicking on it and selecting Properties. Icon sizes can be changed as well as the number of program shortcuts displayed. Select Advanced to view a few in depth options. Various items can be enabled and disabled by choosing the options shown, e.g. The Control Panel can be disabled from the Start Menu. To change the Start Menu to the style used in Windows 2000 select Classic Start Menu. Clicking on Start reveals the older style Start Menu used in pre-Windows XP computers.

    - 27 -

    Desktop and My Documents


    The Windows desktop provides a convenient location for storing files and folders. The desktop can contain shortcuts to applications and documents that you access frequently. This is the Desktop. It is a folder just like any other and it can be manipulated to contain whatever the administrator requires for each user.

    The My Documents Folder is the default destination for a users work. It can be placed, separately from the desktop, on any server in the network. In this guise it can still appear to the user as what is known as a local resource!

    In another course would-be administrators will move home folders to remote servers. They will also have a good reason for doing so.

    - 28 -

    Server Roles
    The term server refers to a machine that is providing a service for other machines, e.g. A computer which shares files on the network would be classed as a file server. For example, A Domain Controller is classed as a server because it is providing a service for the rest of the clients on the network. Windows 2003 can take several different server roles. These are as follows:

    File Server
    A File Server stores files and folders that are used by other machines on the network. It can hold applications, text documents, or a users My Documents Folder. For security, many shared folders are housed on file servers. A distributed file system is housed on more than one file server for the sake of fault-tolerance and ease of access. A Windows XP Professional machine may act as a limited File Server. A Windows Server 2003 Computer can also act as a file server for different operating systems, e.g. Apple Macintosh.

    Print Server
    A Print Server is a computer that has a printer attached to it and shares the printer for use on the network. A Windows XP Professional Machine can be a reasonably capable Print Server.

    Application Server
    Besides being a Domain Controller, Windows Server 2003 can also be a host to many different services e.g. as a Database Server and a Terminal Server.

    - 29 -

    Some Common Microsoft Servers:


    Microsoft Exchange allows you to setup an e-mail server and also allows you setup a messaging and collaboration system for your companys network. Microsoft SQL Server enables you to setup up powerful database servers for your companys network. Microsoft ISA Server allows you to setup an Internet Gateway/Proxy Server for your companys network. These applications require Windows Server 2003. Their integration with Active Directory allows for tighter security and easier administration. A Database Server holds a database! This is not just a list of information. It is structured, and dynamic. It needs to be managed, updated, extended and secure, while at the same time being accessible to users. A dedicated server is required for this. Remote Administration enables an administrator to manage a server from almost any workstation on the network using Terminal Services. Terminal Services lets workstations use powerful applications housed at the server as if they were installed at that workstation.

    Web Servers
    A Web Server hosts and manages websites for the Internet or an intranet. Because of the need to manage heavy and burst-mode traffic while maintaining security, a dedicated server is recommended. Windows 2003 can function as a web server using the Internet Information Services (IIS) service. Windows XP Professional ships with a limited version of IIS which allows a workstation to host a single website.

    - 30 -

    Windows XP Server 2003 Overview


    In September 2001 Microsoft released an upgrade to Windows 2000 Professional called Windows XP Professional. Windows XP comes in four variants, Windows XP Professional, Windows XP Home Edition, Windows XP Media Centre Edition and Windows XP Tablet PC Edition. Unlike Windows XP Professional, Windows XP Home Edition has limited networking support and is designed solely for home users. Windows XP Professional offers all of the features of Windows 2000 with many improvements. Windows XP Professional can easily integrate into existing Windows 2000 networks. In April 2003 Microsoft released the Microsoft Windows Server 2003 family as an upgrade to Windows 2000 Server. Windows Server 2003 offers improvements over Windows NT 4.0/2000 server products. These include many security and reliability enhancements. Windows XP/Server 2003 represents Microsofts shift towards the more stable and secure NT kernel. Windows Server 2003 provides enhanced security and control over networks using a feature called Active Directory. This enables companies to reduce running costs and improve work performance.

    Active Directory
    Active Directory is a fundamental features of Windows 2003 domains. Active Directory is essentially a detailed database containing information about every object on the network. These objects include computers, users, groups, printers and even shared folders. This feature might seem of little importance until you look at how this information is organised. Active Directory can group objects and place restrictions upon them, for example a group of users might be restricted from using the control panel. Essentially every object can be controlled and similar objects may be grouped into manageable units. As you will later learn Active Directory greatly simplifies network administration.

    IntelliMirror
    Windows 2003/XP networks use a feature called IntelliMirror. IntelliMirror allows users to move freely around the network whilst maintaining their own settings, preferences, applications and documents. For example a users desktop wallpaper will follow him from machine to machine. The benefits of IntelliMirror and Active Directory can only be fully utilised on Windows 2000/2003/XP networks. - 31 -

    Enhanced User Interface


    Windows XP has an enhanced user interface where many common tasks are grouped into easy to find locations. This makes Windows easier and more pleasant to use.

    The Microsoft Management Console


    Windows XP/2003 also provides a utility called the Microsoft Management Console (MMC). The MMC provides a single, consistent interface for all aspects of administration. Applications built for Windows 2003 such as Exchange Server also use the MMC. The MMC can also be used to manage other machines on the network running Windows 2000/2003 and XP. This eases the job of the Administrator who doesnt have to present himself physically at each machine, thus improving response times and reducing the general administrative load.

    Remote Desktop Connection

    Windows XP/2003 contains a feature known as Remote Desktop which enables a computer running Windows XP/2003 to be remotely controlled or viewed over a network. Remote Desktop Connection is useful since it allows an administrator to troubleshoot a users problems remotely, thus helping to improve response time and increasing productivity.

    Internet Information Services


    Windows Server 2003 ships with Internet information Services v6.0 (IIS). IIS allows a computer to securely host web based services such as Web and FTP Sites. Unlike Windows 2000, IIS is not installed by default on Windows Server 2003. Windows XP Professional also includes a limited version of IIS that can host a single Web or FTP site.

    - 32 -

    Storage Options
    Windows Server 2003 provides a feature called Shadow Copy. This feature stores point-intime versions of files in network shares. This allows an administrator to view or recover folder contents as they existed at certain points in time. Windows XP/2003 allows a user to directly copy files to a CD-R without the use of any third-party CD-Burning application.

    ClearType Support
    Windows 2003/XP supports anti-aliased fonts using the Microsoft Cleartype technology. With Cleartype technology text becomes sharper and brighter, especially on Laptop displays.

    Microsoft Windows Server 2003 Overview


    As a network administrator you will need to know which product to use in a certain situation. This is important as the cost of different Windows Server 2003 OSs differs considerably. Windows Server 2003 Web Edition; Designed solely as a Web Server.

    Cannot function as a Domain Controller. Can act as a File/Print or Web server Windows Server 2003 Standard Edition; Supports Active Directory. Used in small to medium environments. Ideal for File and Print services Windows Server 2003 Enterprise Edition; Supports Active Directory. Used in large organizations. Ideal for Application/Web servers Windows Server 2003 Datacenter Edition; Supports Active Directory. Used in very large organizations. Ideal for Database Servers (SQL)

    Windows 2003/XP Capabilities


    Each version of Windows Server 2003 has varying capabilities. Below is a list of those capabilities that may be supported in one version but not in another.

    Network Load Balancing Clustering Symmetric Multiprocessing (SMP) Pre-emptive Multitasking Remote Access - 33 -

    Network Load Balancing

    Network Load Balancing is a feature of Windows Server 2003 Enterprise/Datacenter. This allows network traffic to be distributed between servers each running the same website. Up to 32 machines can be linked together using the same IP address. If a machine fails, no clients will be connected to it until it is restored. The service to the client remains unimpaired throughout. As the client may connect to one of the other machines

    Clustering
    Clustering means having more than one server dedicated to running a particular application. This is only supported in Windows Server 2003 Enterprise Edition and Windows Server 2003 Datacenter Edition. There are two types of clustering: 1. Active/Active 2. Active/Passive

    Active/Passive Clustering
    In Active/Passive Clustering, One machine is running an application, while the other sits quietly watching it. In this format, all machines in a cluster are connected to an external hard-drive. The fact that the passive server merely waits in case of a failure, this can be a very expensive implementation. If the active machine fails, the passive machine takes over the running of the application from the failed machine. This is known as Redundancy.

    Active/Active Clustering
    - 34 -

    Here, both machines are running different applications. However each machine constantly monitors the other. If one of the servers fail, the other machine will take over whatever application the failed machine was running providing fault tolerance.

    Multi-Processing
    Some computers (especially Servers) need a lot of Processing Power. Installation of additional processors allows machines to perform more tasks and calculations in a given period of time. There are two different types of Multi Processing, SMP and ASMP.

    Symmetric Multi-Processing (SMP)


    An application is started and its demands are spread evenly across both processors. A second application is started and its demands are also spread evenly across both processors.

    Asymmetric Multi- Processing (ASMP)


    With this system one processor is dedicated to the computers internal operations, including managing the other CPU. The other CPU handles user applications. An application is started and it runs solely on the first processor. Other applications are then started and will continue to run on the first processor. Only when the first processor is fully loaded will another be processor utilised.

    Multi-Tasking
    Windows XP/2003 allows Multi-Tasking. Multi-Tasking allows the user to run multiple applications at the same time. There are two types of multi-tasking: Co-operative and Preemptive.

    Cooperative Multi-tasking
    This is the form of Multi-tasking found in Windows 95, 98 and NT. Subsequent processes rely upon either the first process finishing, or it choosing to share resources. Not only is this inefficient, it can be dangerous. If the first process hangs without completion it still retains those resources, then NOBODY gets to use the processor and a restart is usually required. When a process starts, it keeps hold of the processors resources until it chooses to release them.

    Pre-emptive Multi-tasking
    - 35 -

    This is the form of Multi-tasking found in Windows 2000/XP/2003. In this system the operating system is responsible for the allocation of processor resources. Should a second process (also called a thread) start before a first has finished, it is the OS which determines how much of the processor time is given to each thread. The Operating Systems choices are influenced by the priority settings of each process.

    Remote Access
    Many people work away from their offices, so Windows provides the Routing and Remote Access Service, (installed by default with Windows 2000/2003 Server) which lets users connect to their office machines. The Routing and Remote Access Service (RRAS) allows a client machine to connect to the network from a remote location either using a standard dial-up connection or via the internet. Once the client has connected to the network from the remote location, he/she will be able to access the network resources as though they were on the same physical network.

    Windows Server 2003 Capabilities


    When designing and building networks you will need to evaluate the companys requirements and choose the right product for the right situation. The following is a list of the the capabilities of Windows XP Professional and the four different versions of Windows Server 2003:

    Supports 2-way SMP (Symmetric Multi-Processing) Supports 4GB of memory (RAM) Supports up to 10 client connections Supports one RAS (Remote Access Server) Connection

    Windows Server 2003 Web Editions Capabilities


    Supports 2-way SMP (Symmetric Multi-Processing) Supports 2GB of memory (RAM) 10 Remote Access connections File and Print Services No 64Bit processor Support Unable to function as a Domain Controller Unlimited web connections

    Windows Server 2003 Standard Editions Capabilities

    4-Way SMP (Symmetric-Multi Processing) i.e. 4 processors - 36 -

    Supports 4GB of Memory (RAM) Unlimited Client Connections 256 RAS (Remote Access) Connections No 64Bit Itanium Support. 5 connections to the built in SQL engine Network load balancing POP3 and SMTP mail server

    Windows Server 2003 Enterprise Editions Capabilities


    8 CPUs (Intel 32-Bit), 8 CPUs (Itanium 64-Bit) Supports 32GB of Memory (RAM), 64 GB of Memory on Itanium 64-Bit systems. Unlimited Client Connections 256 RAS (Remote Access) Connections Network Load Balancing 8-Node Clustering

    Windows Server 2003 Datacenter Editions Capabilities


    32 CPUs (Intel 32-Bit), 64 CPUs (Itanium 64-Bit)- can be grouped to provide 128 way SMP Supports 64GB of Memory (RAM), 512 GB of Memory on Itanium 64-Bit systems. Unlimited Client Connections 256 RAS (Remote Access) Connections Network Load Balancing 8-Node Clustering

    Windows Accessibility
    Microsoft Windows supports users with limited sight, hearing or mobility through accessibility options. These facilities include:

    The Accessibility Wizard The Magnifier Utility The Narrator Utility The On-Screen Keyboard The Utility Manager

    To view the various Accessibility utilities available, click on Start. Select All Programs.

    - 37 -

    Accessories. Accessibility. The various options are then shown.

    The Accessibility Wizard


    The Accessibility Wizard configures a computer based on the users vision, hearing and mobility needs. The user selects the text size that is easiest to read. It also collects information about the users difficulty with vision, hearing and mobility. Windows will remember the accessibility options for each user. In a network environment these options can be configured to follow the user if they move from computer to computer. e.g. A user who is visually impaired might choose options to create a desktop that looks like this screenshot. The Windows magnifier utility helps people with poor vision by placing a magnified view of the cursor location at the top of the screen. Various options such as the colour and zoom level can be configured.

    Narrator
    Narrator provides voice feedback to visually impaired users. Narrator can be configured to read out screen events and keystrokes, it can also be configured to move the mouse pointer to the active screen item. Narrator may not work correctly if it is used with 3rd party applications i.e. non Microsoft applications and only works well when used with Windows programs such as Notepad. The on-screen keyboard utility displays a keyboard image which lets the user type by using the mouse. keyboard Notepad, keyboard. The Utility Manager can be used to specify which utilities will be started when Windows starts. To configure the various Accessibility options the Accessibility applet is used. Click on Start. - 38 is When in using the on-screen the focus application, rather than e.g. the ensure

    - 39 -

    Windows Task Scheduler


    Microsoft Windows includes a Task Scheduler utility that allows you to run programs automatically at a specific time and at a set interval. This is useful for scheduling important administration tasks such as Windows Backup. To create a new scheduled task, click on Start. Select Control Panel. Select Switch to Classic View. Double-click the Scheduled Tasks Folder. Select the Add Scheduled Task Icon. The Scheduled Task Wizard will appear. Click on Next to continue. Select the Application from the list, if the application is not on the list then click on Browse. For the sake of illustration the Windows calculator has been selected. Click on One time only to specify that this task should run once only. Click on Next to continue. Select a start date and time and click Next. When the task starts it will run as if it was started by the displayed user. This can be changed here if needed, e.g. An administrative task may need to use the Administrator Account. Click on Next to continue. Click on Finish to create the new task. Right-click on the new task to view its advanced properties. Select Properties. The information and user you specified about the Task is displayed in the Task tab.

    - 40 -

    The Schedule tab can be used to change or fine-tune the time that you specified previously. The options in the Scheduled Task Completed section allows you to delete the task if it will not be run again and specify how long the task should be allowed to run before it is stopped. The options in the Idle Time section are a way to make use of otherwise non-productive PC time. You can specify how long the computer must be idle before the task begins, and whether to stop the task if the computer ceases to be idle. Windows also provides a command line utility called AT for scheduling tasks. For more information on the AT utility type AT with the /? switch from the command prompt. You can also schedule tasks over the network on remote machines as long as you have permission to do so on that machine. To open the schedule tasks folder on a remote machine type in its UNC path \\computername and open the scheduled tasks folder.

    - 41 -

    Multi-Language and Regional Support


    Windows XP/2003 can support multiple languages. With multiple language support installed documents can be created and read in foreign languages. Microsoft provides localized editions of Windows XP/2003. For example users in Japan can buy a Japanese version. There is also a Multi language version of Windows XP/2003 which provides user interfaces in a number of different languages. This is useful in a multinational organisation where users speak different languages but must use the same computers. When using a multi language version of Windows XP/2003 you must specify which languages to use. Windows XP/2003 uses approximately 45MB of disk space for each language installed. Multiple language support can be configured by using the Muisetup.exe utility from a command prompt. N.B. Muisetup.exe will only work on multi language versions of Windows XP/2003.

    Code Pages
    Traditionally computers have used tables called code pages. A code page is a table of characters. Each character has a number. Due to the way a computer works a code page can have a total of 256 numbers. A single code page doesnt contain enough characters to support all the possible characters in all possible languages. Because of this computer systems use different code pages for different languages. In order to be able to read and write with other characters the correct code page/pages will need to be installed on the system. In a system which uses code pages, a program will need to know two pieces of information to correctly display a character: the number of the character and the code page to use. Since different languages have different code pages, problems may arise when a user is viewing a document intended for a different code page. The document may then be unreadable.

    Unicode
    Because of these limitations a standard was introduced known as Unicode. Unicode is an international-standard character table that has extra characters that dont appear in

    - 42 -

    the standard ASCII (American Standard Code for Information Interchange) character set. This works because unlike ASCII codes, Unicode uses a double-byte character code. This means that Unicode can support more than 256 characters in a set. Windows XP/2003 and 2000/NT 4.0 all support Unicode version 2.0, which has around 40,000 possible characters. Windows 95 and 98 however do not. To configure language options the Windows regional options utility is used. Click on Start. Select Control Panel. Select Switch to Classic View to enable all Control Panel options. Select The Regional and Language Options icon. The Regional Options Tab displays which Standards and Formats are currently used. Click on Customize to fine-tune these settings. The Numbers tab allows you to configure how numbers are displayed on the system. The Currency Tab allows you to configure how currency is displayed by the system. e.g. A French user would change these settings to use Euros. The Time Tab allows you to configure how the time is displayed. The Date Tab allows you to configure how the Date is displayed. Click on OK to close the Customize Regional Options dialog box. Select the Languages Tab to configure the Keyboard Layout and Languages used by the system. Select the Details button to view or change the languages and input methods used. Currently the UK and US input languages are installed. Click on Add to add an additional input language. Select your choice from the drop-down list. For Example French(France) for a French user. - 43 -

    Click on OK to add the new French input language. French support has now been added to the computer. N.B. This will not change the user interface to French but will allow the use of French characters and French keyboards. The Input language can be changed at any time by clicking on the language bar on the taskbar.

    Troubleshooting Regional Options


    On a machine with multiple languages and locales installed, problems may sometimes arise. You should ensure that, when adding additional languages, the computer and applications are restarted.Verify the applications you are using support Unicode. If they dont you may need to change the system locale from the regional options. When moving documents between PCs, ensure that both have the same language groups installed.

    - 44 -

    The Microsoft Management Console


    The MMC utility provides tools for managing system functions, such as Users and Groups, Disk Management and Security Settings. In many respects the MMC resembles an empty toolbox. An administrator can choose which tools it contains, and set up further toolboxes for different tasks if required. These toolboxes are referred to as Consoles. Tools are added to the console as snap-ins. This is intended to be a common environment for all utilities for the management of Windows XP/2003/2008 computers. Consoles can be created and configured to suit different purposes. They can be saved under descriptive names. Saved consoles appear in the Administrative Tools folder and can be accessed through Start>All Programs>Administrative tools. Consoles can be exported for use by other administrators or assistants for monitoring common tasks. Consoles are also a way for administrators to manage remote machines without having to leave their own workstations. Computer Management provides a toolbox for managing common administrative tasks. There are three main sections in the computer management console; System Tools, Storage, Services and Applications. Frequently the management console appears already expanded. Many exam questions however refer to the three primary divisions. Be familiar with the contents of all three sections.

    Creating a Microsoft Management Console (MMC)


    Click START then RUN. Type MMC. As many Consoles as are required can be created, containing the tools needed for a range of tasks. This is a Console. It can be tailored to display the tools an administrator requires for a particular job. Click the File button to add tools. Choose to Add/Remove a Snap-in. Currently this Console has no snap-ins. Click Add. Highlight a choice and click Add.

    - 45 -

    It is possible to make a single console which can manage many computers. This can save an administrator a lot of effort over time. Most MMCs can be used with computers other than the local machine. Make a choice and click Finish. Further Snap-ins can be added to a console.. When all the required snap-ins have been added click OK. Finally, save the newly created Console with a meaningful name. Note the file extension for MMC files. Before the new Console is employed, some options should be examined. Anybody can use the new Console, but it may need protecting from misuse or alteration. There are four modes of operation for a Console to aid this control: 1. Author Mode: Grants users every permission including adding or deleting snap-ins. 2. User Mode Full Access: Grants users every permission except adding or deleting snapins. 3. User Mode Limited Access single window: User must use the console as it is. 4. User Mode Limited Access full window: User cannot close any windows previously saved, but can create new windows for own use.

    Remote Administration

    The MMC

    utility

    can

    also be used to

    administer other machines over a network. You can remotely administer both Windows 2000 and Windows XP Professional computers as long as you have a suitable user account on the machine you are administering. You can also administer a Windows 2000 Server/Server 2003 computer from Windows XP Professional by installing the i386/adminpak.msi file on the Windows Server CD-ROM.

    - 46 -

    In this example, a new console will be created to administer three separate machines on a network In order to administer server side components, you will need to install the I386/ADMINPAK.MSI file on the Windows Server 2003 CD-ROM. The Windows Server 2003 Administration Tools Pack Setup Wizard is launched. Click on Next to continue. The Server Administration Tools are then installed. Once the Administration tools are installed you will need to create a new MMC. Click on Start. Select Run Type in MMC into the Run command-line box. Click on OK to continue. A new blank console is launched. Select File to begin adding new snap-ins. Select Add/Remove Snap-in Click on Add Select Active Directory Users and Computers. Click on Add. The snap-in will automatically connect to a domain controller. N.B. You will need to be connected to a domain and have sufficient privileges in order to perform administration of Active Directory. The Active Directory Users and Computers console has been added. Scroll down to find the Computer Management snap-in. Select Computer Management. Click on Add.

    - 47 -

    The Computer Management utility will prompt you for which machine you wish to administer. Select Another computer. Specify or Browse for the machine you wish to administer and click Finish. The computer management utility for 10.0.0.1 has been added. N.B. You cannot use Disk Defragmenter or Add and Remove hardware remotely using an MMC. Select the Event Viewer console and click Add to continue. As before, select the Another computer option and choose or specify the machine you wish to administer. With the machine specified, click on Finish. Once you have added all of the relevant snap-ins, click on Close. Hit OK to close the Add/Remove Snap-in dialog box. The new console is then shown. You can now administer three separate machines from one location. e.g. You can administer users and groups on the Domain Controller. ..stop and start services on 10.0.0.1 And view the Event Logs on 10.0.0.8

    Remote Shutdown
    Using the Computer Management MMC you can shutdown, logoff or reboot a remote machine. This is a highly useful feature, but can also cause security issues. You should always ensure that the Administrator password is hidden. A user with administrative rights can potentially destroy a computer remotely. Launch Computer Management and right-click on Computer Management (Local). Select Connect to another computer. N.B. This function will work with most MMC snap-ins. Browse for or specify the remote machine.

    - 48 -

    Click OK to continue. The console is now connected to 10.0.0.1. Right-click on Computer Management (10.0.0.1). Select Properties. Information about the remote computer is shown. Click on Advanced. Select Settings from Startup and Recovery. This powerful page allows you to configure the machines boot order and memory dump file location. Click on Shut Down. Select the action you would like to perform and click OK.

    - 49 -

    Microsoft Licensing
    Every Installation of Windows requires a license. You also need a Client Access License (CAL) for all clients that attach to a server over the network. Licenses arent required for Internet Information Services (IIS), Telnet and File Transfer Protocol (FTP) connections.

    Licensing Modes
    Per Server Licensing Mode

    The Per Server licensing mode requires a license for each concurrent connection to a server. 4 Client Access Licenses (CALs) required. The key here is that the server holds the licenses. If it only held 3 licenses only 3 of the 4 clients could connect at any one time.

    Per Seat Licensing Mode


    The Per Seat Licensing Mode requires a license for each client accessing a server (This can be any Windows Server) 4 Per Seat Licenses (CALs) required or 12 Per Server Licenses. The clients hold the licenses. A client with a per seat license can access any Windows 2003 Server

    - 50 -

    Windows Domains and Workgroups


    A Windows 2000/2003/XP Professional machine can be either a member of a Domain or a Workgroup. The full benefits of Windows 2000/2003/XP can only be achieved by placing all of the computers on the network into domains. N.B. In order to utilise all of the features of Windows 2x domains, computers must be running either Windows 2000/XP Professional or Windows 2000/2003 Server families.

    Workgroups
    In a Workgroup configuration, computers are connected but there is no central control. Although files and folders may still be shared, security policies have to be set at each individual computer.

    In a workgroup, every computer stores its own security database. For example, a new userFred -would have to be created on every single computer. This can become troublesome in larger environments. Although the User Account Fred has been created four times, Freds profile might be different on each machine, e.g. Fred might see a different desktop screen on each computer.

    Domains
    In a domain environment all security policies are managed centrally, i.e. The Domain Controller decides what all the client machines can and cannot do, allowing for a more secure and easily managed network environment.

    - 51 -

    Partitions and Volumes


    Hard Disks perform a very simple function to store data and then reliably retrieve it on command. However, before any information can be stored on a hard disk it must be both partitioned and formatted with a file system. A hard disk can contain multiple partitions and file-systems. As you will learn later this can be extremely useful. A partition is a persistent division of a physical hard drive into logical segments. Each partition appears to the user like a separate hard drive. Volume is the terminology used by post-Windows 2000 machines for partition. Volumes are much more flexible in their configuration than the more rigid partitions. Partitioning a hard drive makes each segment behave like a separate disk. This is ideal for dual-booting different operating systems.

    Basic Partitions
    Primary Partitions

    There may be up to 4 Primary Partitions per physical disk. The Boot partition may only be located on a primary partition.

    Extended Partitions

    Extended Partitions can use up any free space not used by the Primary Partitions. You may have up to 3 Primary partitions and one extended partition on any physical disk. Extended Partitions need to be further divided into Logical DOS drives.

    Logical-DOS Partitions

    Logical Partitions are placed inside the extended partition. The number of Logical partitions you may have is only limited by the number of free drive letters. The boot partition cannot be placed on a logical partition.

    Basic Partitions
    The oldest Windows operating system is always installed first as the newer operating system normally writes a new boot record.

    - 52 -

    A Logical Drive can contain an operating system but never the System partition. Different Partitions may contain a File Systems not used by Windows, so if an additional operating system is required it can also be installed on the non Windows partition.

    Creating a Primary Partition


    To create a Primary Partition from within Windows 2003/XP, the Disk Management Utility is used. To access Disk Management, click on Start. Right-click on My Computer. Select Manage. Computer Management will appear. Click on Disk Management. Disk Management will appear. From this screen you may view, create and delete partitions. To create a new Primary partition on Disk 1 right-click on the unallocated space on Disk 1. From the choices menu, select New Partition. The New Partition Wizard will appear. Select Next to continue. The Partition Type page will appear. Select the type of partition required. Primary Partition is selected here. Click Next to continue. Select a size for the new partition, in this case we will chose 2048MB. Click on Next to Continue. A drive may be made to appear as a folder on an existing drive (This is called Mounting). The Default Drive is the next available drive letter, in this case D. Select Next to continue. You can also choose a Volume Label, which can be used to identify the volume. In order for the partition to be used by the operating system it will have to be formatted with a file system. NTFS is the file-system of choice for a Windows Server 2003 system. Click Next to accept the default values. The summary page will appear. To close the wizard and create the partition click Finish.

    - 53 -

    The new Primary partition is now displayed on Disk 1 and has been assigned the drive letter D:. The new partition also appears in My Computer.

    Creating an Extended Partition


    To create a new Extended Partition the Disk Management Utility is used. To create a new Extended Partition on Disk 1, right-click on the Unallocated space on Disk 1. Select New Partition. The New Partition Wizard will appear. Select Next to continue. The Partition Type page will appear. Select Extended Partition. and then hit Next. Specify the size of the partition. The maximum amount of space available on this disk is 2039 MB. To accept the default click Next. The summary page will appear. To close the wizard and create the partition click Finish. The new Extended Partition is displayed on Disk 1. In order to use the partition, logical drives will have to be created inside it. N.B. The extended partition does not appear in My Computer as an extended partition without any formatted logical drives cannot hold any data.

    Creating a Logical Drive


    To create a new Logical Drive within the Extended Partition, right click on the Extended Partition on Disk 1. Select New Logical Drive. The New Partition Wizard will appear. Select Next to continue. Logical Drive is selected, click Next to continue.

    - 54 -

    To specify the Logical Drive size click in the Partition size in MB box and change the value. 1024MB will create a 1GB Logical Drive . Click Next to continue. A drive may be made to appear as a folder on an existing drive (This is called Mounting). The Default Drive is the next available drive letter, in this case E. Select Next to continue. NTFS has been selected for the file system. Select Volume label in order to give the new partition a recognizable name. The new Logical Drive has been named WebSite, this describes the data the Logical Drive may contain. Click Next to continue The summary page will appear. To close the wizard and create the Logical Drive , click Finish. The new Logical Drive is now displayed inside the Extended Partition on Disk 1 and has been labeled WebSite (E:). Similarly, the new Logical Drive appears in My Computer and is ready for use.

    Dynamic Volumes
    Because of the limitations of basic partitions, dynamic volumes where introduced in Windows 2000 and continue to be supported in Windows XP and Windows Server 2003. Dynamic volumes offer more flexibility than standard partitions. One of the main reasons for using dynamic volumes is to make use of volume sets (which are covered later).

    - 55 -

    Unfortunately pre-Windows 2000 computers cannot read or utilise dynamic volumes, furthermore you should not use dynamic volumes in a dual-boot environment even if all the operating systems are capable of supporting dynamic disks. Dynamic Volumes are only supported on Windows 2000/XP/2003. There is no limit to the number of volumes you may have on a disk. Dynamic Volumes may be fault tolerant. There are no Primary, Logical or Extended volumes.

    - 56 -

    Converting to Dynamic Disks


    In order to use a dynamic volume on a Windows XP/2003 system the original basic disk will need to be converted to a dynamic disk. Existing basic partitions on the disk will be upgraded to volumes, however upgraded volumes may not then be extended. To convert a disk to dynamic there must be at least 1MB of unpartitioned space available on the disk. To convert a basic disk to dynamic the disk management utility is used. Right Click on Disk 1 to upgrade the disk to dynamic. Select Convert to Dynamic Disk. Select the disks to be upgraded to dynamic disks, in this case Disk 1 then click OK. Disk 1 has now been upgraded to a dynamic disk. N.B. This is a one way conversion i.e. the disk cannot now be converted back to a basic disk without first repartitioning the disk.

    - 57 -

    File Systems
    Once a partition/volume has been created, it then needs to be formatted with a File System. A File System organises and allows for the retrieval of the data stored on the disk. This mechanism is similar to how office file systems operate. Files are stored in folders and then indexed so that they can be found easily. Without a file system, the finding and organising of files would be very time-consuming. For example, when you open a Word Document, the parts of the word file are retrieved by the file system from the hard disk assembled together and then opened. Without a filesystem this task would be extremely difficult. When the file is saved it may end up in a completely different physical location on the hard disk, the file system keeps track of the locations on the hard disk where the files are stored. To fully-understand how data is stored on a disk, we need to look at disk-clusters. These are the actual data storage containers within a partition. Partitions are divided into clusters. Clusters are storage units into which files are placed. When files are written to the disks, they are split and placed inside the clusters. Sadly, if a cluster is left part-filled, the computer considers it to be filled and therefore writes no more data to it! Thus, the remaining 32k in this Cluster is wasted, a new file is written to a new cluster. As you can see a large file may end up scattered all over the hard disk in many different clusters. The file would then need to be reassembled in order for it to be opened. This scattering of a file across a disk is known as disk fragmentation. A heavily fragmented file can take considerably longer to access than a file which is stored in consecutive clusters. Windows XP/2003 ships with a Disk Defragmenter utility which can be used to reduce fragmentation. The Disk Defragmenter should be run regularly to help speed up access to data stored on the disk. (Disk Defragmenter is accessed via Computer Management just above the Disk Management Console).

    - 58 -

    There are many different file systems in use. Older file systems gradually fall into disuse whilst new ones are created. The file systems most commonly encountered in a Windows environment are:

    FAT (File Allocation Table)


    Can support long filenames under Windows 2000/XP/2003 Partition sizes up to 2GB (4GB in Windows 2000/XP/2003) Supported under all Microsoft Windows Systems (Ideal for dual-booting) Low-system overhead Inefficient cluster-usage (64K clusters) No local security Does not support native compression, shadow copying, encryption or disk quotas

    Link-List File System


    This is the system used by FAT file systems to find a particular file. References to the location of the files appears within lists. Sadly, these lists are unstructured and can be very long, consequently, a search may take a long time.

    NTFS (New Technology File System)


    Supports long filenames More efficient use of clusters (16K clusters) File and folder local security Supports native compression, encryption, disk quotas, mount points and shadow copies Higher-system overhead than FAT Only supported in Windows 2000, XP, 2003 and NT 4.0 (with Service Pack 4 for v.5) Hence not good for dual booting

    B-Tree File System


    This is the system used by NTFS to find a particular file. References to the location of files appears on a Master File Table

    - 59 -

    and this can be searched in the same manner as a phone directory. Each search is fast as a character-alphabetical search.

    Transaction-Based Writes (NTFS)


    Unlike FAT/FAT32, NTFS records the progress of an event into a transaction log, this allows data to be recovered if there is a power failure whilst a file is being copied or moved. On the downside, NTFS requires a little more resource overhead than FAT and FAT32.

    Disk Fragmentation on a NTFS Partition.


    Under NTFS, when a file is written to the disk, space is left after the last used cluster and the next file on the disk. NTFS will always presume that a file will increase in size. Therefore when any file increases in size, the extra data can be written to the space between the end of the original file and the start of the next. This method lessens the fragmentation of the drive.

    CDFS and UDF


    CDFS is the File System used by CD-ROM drives and is compatible with most operating systems. DVD drives use a file-system called UDF (Universal Disk Format).

    File Systems
    Considerable care should be taken when using a dual-boot system, i.e. A computer that has more than one operating system installed For example, if you are dual-booting a computer between Windows 98 and Windows XP and you convert the partition Windows 98 uses to NTFS, Windows 98 will no longer be able read the partition and be unable to boot.

    Dual Booting
    Dual booting allows you to install two or more operating system on the same machine. It is ideal for testing other operating systems, without deleting the original. As a rule, the older operating system should be installed first, e.g. Install Windows 98 before you install Windows 2000.

    - 60 -

    If dual-booting with non-Windows operating systems, e.g. Linux, install the Microsoft system first. You must Ensure that the file-systems are compatible. If using Windows NT 4.0 with NTFS 5.0, upgrade NT 4.0 to Service Pack 4. If you are dual-booting between Windows 9x and 2000, ensure that the boot partition remains FAT or FAT32, otherwise you will be unable to boot into Windows 9x. When dual-booting between different operating systems a boot-menu is created. From the boot-menu you may select which operating system to boot.

    Converting to NTFS
    In order to use native compression, encryption, disk quotas, shadow copies and security. FAT/FAT32 partitions will need to be converted to NTFS. Converting to NTFS is a one-way conversion. You cannot convert NTFS back to FAT/FAT32 without reformatting the drive. If dual-booting with Windows NT 4.0, ensure that it has been upgraded to Service Pack 4. Remember!! Window 9x/3.x and MS-DOS cannot read NTFS partitions. This is the command you need to remember: convert <drive_letter> /fs:ntfs

    - 61 -

    Volume Sets
    Fault-Tolerance/Redundancy of data and high speed data access are essential requirements in many of todays businesses. Using dynamic disks in Windows 2003 enables the use of Volume Sets. A volume consists of a part or parts of one or more physical disks grouped in either a simple, spanned, mirrored, striped, or RAID-5 configuration. Simple, Spanned, RAID-0 (Disk Striping) Not-Fault Tolerant -Supported in Windows XP Professional and Windows Server 2003. RAID-1 (Disk Mirroring), RAID-5 (Disk Striping with Parity) These are Fault Tolerant only supported in the Windows Server 2003 Family. Striping is designed solely to improve the speed of read & write access to data. Stripping improves response time as each drive in the set is performing fewer operations and thus the time required to deliver the data is reduced. Spanned Volumes are designed solely to use up available space in nooks and crannies of a disk array. Raid-5 provides fault tolerance and an improved speed of access at the cost of drive space. (An entire RAID-5 array can be mirrored, too).

    - 62 -

    Spanned Volumes
    Spanned Volumes can make use of any unused drive space on separate drives. Spanned Volumes are not fault tolerant. If one of the disks were to fail the entire volume would be lost with the data along with it. There can be up to 32 disks in a spanned volume. Spanned Volumes are supported in both Windows XP Professional and Server 2003. It appears to the user as a single disk. To create a Spanned Volume the Disk Management utility is used. Notice that both Disks 1 and 2 are dynamic. To create a new volume, right-click on the Unallocated space on Disk 1. Select New Volume. The New Volume Wizard will appear, click on Next to continue. Select the Spanned Volume type from the choices shown. Click Next to continue. Disk 1 has already been added to the set. Select the amount of space in MB option to change the space to be used on this disk for the new volume We have selected to use 1024MB of space from Disk 1. Highlight Disk 2 in the available disks selection menu. Click on Add to add Disk 2 to the spanned set. We will use all the available space on Disk 2 for the volume. Note, the total volume size is the sum of both Disks and the size on each disk may be different. Click on Next to continue. The new volume will be assigned a drive letter, in this case D: Click Next to continue. Specify a name for the volume by selecting the Volume label box.

    - 63 -

    The volume will be called UserData. N.B. Under Windows Server 2003, volumes can only be formatted as NTFS. Click on Next to continue. The Summary page will appear. Click on Finish to create the new volume. The new volume has been created and spanned across two physical disks. The new volume appears to the user as a single drive.

    - 64 -

    Striped Volumes
    Striped Volumes are similar to spanned in that they use the space available on both disks and appear to the user as one single volume. There can be 2-32 disks in a striped set. Striped Volumes are supported in both Windows XP Professional and Windows Server 2003. When files are written to the disk they are striped across both disksso read & write performance is improved. Striped volumes are not fault tolerant. If one of the disks were to fail, all data contained within the volume would be lost. To create a striped volume using Disks 1 and 2, right-click on the Unallocated space on Disk 1. Select New Volume. The New Volume Wizard will appear. Click Next to continue. Choose the type of volume that you want to create, in this case Striped. Click Next to continue. Disk 1 has already been added to the striped set, to add disk 2, select Disk 2 from the available dynamic disks box. Disk 2 has been selected, click on Add to add the disk. Since all partitions in a striped set have to be the same size the total sum of this volume is 24095 or 8190MB. Click on Next to continue. The new partition will be assigned the next available drive letter, in this case D:. Click Next to continue. The volume will be called New Volume. Click on Next to continue. The summary page will appear, click on Finish to create the new striped volume.

    - 65 -

    The volume is displayed below and is striped across two physical disks. The new striped volume appears as a single 7.99GB drive.

    - 66 -

    Mirrored Volumes
    Mirrored Volumes store exactly the same information on each drive, making the information on the second drive available for fault tolerance. Mirrored Volumes are supported by Windows Server 2003 but not Windows XP. When files are written to the disk they are written to both disks at the same time. It is beneficial to place each drive in a mirror on a separate IDE channel. If one of the drives were to fail then the information would still be available on the other drive. Mirroring adds expense to the system as an additional drive is required. To create a mirrored volume using Disks 1 and 2, right-click on the Unallocated space on Disk 1. Select New Volume. The New Volume Wizard will appear. Click Next to continue. Choose the type of volume that you want to create, in this case Mirrored. N.B. This option will be greyed out on Windows XP computers. Mirrored volume has been selected. Click on Next to continue. Disk 1 is already selected. To add Disk 2 to the mirrored set, click on Disk 2 in the available dynamic disks box. Disk 2 has been selected, click on Add to add the disk to the mirrored set. Both the partitions in a mirrored volume have to be the same size. Since each partition is a copy of the other, the total size of the volume is the size of a single partition. Click Next to continue. The next screen allows the drive to be assigned a letter or to be mounted to an empty folder. To mount the volume to a folder select and specify the location of the folder into the dialog box.

    - 67 -

    The mirrored volume will be mounted to a folder called important data on the C: drive. N.B. This folder must be located on an NTFS partition/volume. Click on Next to continue. The volume will be formatted using the NTFS file system. Click on Next to continue. The summary page will appear. Click on Finish to create the volume. The new mirrored volume has been created and is displayed across two physical disks. Note the Fault Tolerance and Overhead settings. The new volume appears as a new folder on the C: drive. If one of the disks fail, the drive will still remain intact as shown below. And will still be accessible.

    - 68 -

    RAID-5 Volumes
    RAID 5 Volumes are similar to striped volumes. However, as well as striping the information across 3 disks it also creates parity information, which can be used to recover lost data in the event of a disk failure. Therefore this system is fault-tolerant. You can use anywhere between 3-32 disks in a RAID-5 set. RAID-5 Volumes are only supported by Windows Server 2003 not XP. If one disk fails, its data can be regenerated from the compressed parity information and the remaining data from the other drives in the set. In a RAID-5 set, read speed is increased but write speed is decreased due to the generation of the parity information. Space is used less efficiently than a single drive as the equivalent of one disk in the array is needed for parity information. To create a RAID-5 volume using Disks 0,1 and 2, Right-click on the Unallocated space on Disk 0.

    Select New Volume. The New Volume Wizard will appear. Click on Next to continue. Select the type of volume to be created, in this case RAID-5. Click on Next to continue. Disk 0 has already been added. To change the size of the volume, specify the size in MB into the amount of disk space box.

    - 69 -

    The size of the volume has been changed to 2048MB. To add Disk 1 to the RAID-5 set highlight Disk 1. Click on Add. Disk 1 has been added to the RAID-5 set, notice that 2048MB of space has also been taken from Disk 1. Click on Add to add Disk 2. All partitions in a RAID-5 set have to be the same size. Space equivalent to one of the partitions will be used for the parity information, making the total size 4096MB. Click on Next to continue. This RAID-5 volume will be assigned the drive letter E:. Click on Next to continue. The drive will be formatted with NTFS. Click on Next to continue. The summary page will appear, click on Finish to create the new volume. The new volume is displayed and is spread across three physical disks, notice the fault tolerance and overhead settings The volume appears as a single drive in My Computer. If one the drives fails as shown below, the RAID-5 volume will remain intact. ..and will still be accessible as before, if slightly slower due to the rebuilding of the original data from the parity and remaining data.

    - 70 -

    Local Users and Groups


    Windows allows for multiple users to log on to a single machine, each user will posses differing access rights to the resources located on the machine. Users and the groups to which they belong form the cornerstone of Windows file and folder security. For each physical user on a machine, a user account must be created. Permission to access a resource, such as a file may be granted to an individual user and denied to another. Users can also be given permission to perform differing administrative tasks such as installing drivers. If multiple users require access to a file, rather than assign permissions to each user, all users who access the file may be placed into a group and permissions to access the file given to that group. Any user who is a member of that group may then access the file. Users may be members of more then one group thereby building a catalogue of permissions to multiple resources. Groups may also be members of other groups this is known as groupnesting. User accounts are stored in an encrypted database called the SAM (Security accounts Manager). When a user logs on, credentials are verified with the SAM database.

    Windows XP has 4 built in user accounts these are as follows:

    Administrator: The Administrator user account has full access to the system and this account should be secure. An administrator can read and access any other users files and change any of the settings on the computer. A good security practice is to rename the Administrator account to something less obvious.

    Guest: The Guest user account has very limited access to the computer and is disabled by default. HelpAssistant: The HelpAssistant account can be used to allow a user to remotely access the computer via remote assistance for the sole purpose of troubleshooting user problems. This account is disabled by default.

    - 71 -

    Support: The support user account is used by the Microsoft help and support service and is disabled by default.

    Windows XP has 9 built in group-accounts these are as follows:


    Administrators: Members of the administrator group have full access to the system. By default the administrator user account is a member. Backup Operators: Members of the Backup Operators group are allowed to backup and restore the system even if they do not have permission to access the files and folders.

    Guests: Members of the guests group have very limited access to the operating system. The guest user account is a member by default Network Configuration Operators: Members of the network configuration operators group are allowed to configure network related settings on the local machine. Power Users: Members of the Power Users group have slightly less privileges that members of the administrators group. Power Users cannot install device drivers. Members of the power users group can run legacy software not compatible with Windows XP/2003 security.

    Remote Desktop Users: Members of the Remote Desktop Users group are allowed to access the local machine remotely by using a Remote Desktop Connection. Replicator: A group account used by the computer to control replication on a domain. Users: Members of the Users group have just enough access to the computer to work, users are not allowed to install and remove software or configure disks and hardware or create new user accounts..

    HelpServicesGroup: The HelpServicesGroup is used by the Windows Help and Support Centre.

    Roaming Profiles
    Roaming profiles are a way of allowing a user to log onto any computer in a workgroup or domain and have the same user profile as if he was logging onto his own local machine. The users documents, settings and home folders will be available to him no matter which machine he/she is using. A user profile is stored on a network share. This profile is then downloaded to the relevant machine when the user logs onto that machine. User profiles are covered in greater detail later on in this course.

    - 72 -

    Creating and Configuring User Accounts


    To configure user accounts on a local machine the Local Users and Groups console is used. Click on Start. Right-click on My Computer. Select Manage. The Computer Management Console will

    appear. Expand Local Users and Groups to configure user and group accounts. Open the Users folder to configure user accounts. A list of all current user accounts is shown. To create a new account right-click on the Users folder. Select New User. Fill out all of the details for the new user account. The User name is the name the person will use to logon to the machine. Choose a password for the user. The User must change password at next logon is a handy option which allows the user to choose his or her own password. The User cannot change password and Password never expires option are only enabled when the User must change password at next logon box is unchecked. Its a good idea to disable a user account when the user goes away on holiday. Certain security settings can also disable accounts. Click on Create to create the new account. Click on Close once you are finished creating user accounts.

    - 73 -

    The new user has now been created. Right-click on the user to view additional properties. Select Properties. N.B. To reset a users password select Set Password. The General page displays the settings you selected when you created the user. Select Member Of to view group memberships. Currently this user is a member of the Users group. The user can be added to additional groups from here. Click on Profile to view the users profile settings. By default a users profile is stored on the local computer. A network path can be entered here so that the profile becomes roaming. A home folder is a folder where the user can store his/her files. A home folder can be stored on a remote machine and automatically mapped to a drive letter when the user logs on. Roaming Profiles and Home folders are dealt with in greater detail later on in this course. Ross Jacksons details now appear alongside other users folders in the Documents and Settings folder. Ross Jacksons details now appear alongside other users folders in the Documents and Settings folder. The Default User Profile folder contains the settings that are copied to every new user created. By changing the contents of this folder, you can set a standard desktop environment for any new users on a system.

    - 74 -

    Creating a new group


    To create a new group the Computer Management console is used. Expand Local Users and Groups. Select Groups. A list of all current groups is displayed. To create a new group right-click on Groups. Select New Group. While in theory an Administrator can assign any name to a group, this is normally done in line with company policy. Whereas a user has a list of groups within his membership tabs, a group has a list of users in its membership. Click Add. Type in the name of the user you wish to add. Multiple users can be added by adding a semicolon(;) after each name. e.g. Pauline Potter; jacksonr will add both the Pauline Potter and Jacksonr user accounts. Click OK. Once you are finished. Click create. The Create New Groups dialogue box stays open for more groups to be created. This view shows both Pauline and Jacksonrs membership of the MD group. Both users consequently have the cumulative permissions of all the groups of which he has membership. N.B. All users are members of the Users group by default.

    - 75 -

    Shared Folders and UNC Paths


    Sharing folders allows users to access resources on other machines on the network. Both machines must have file and print services for Microsoft Networks installed to allow shared folders to be accessed. Only folders, and not individual files, may be shared. Any files that need to be shared should be placed within a shared folder.

    The Universal Naming Convention (UNC) Path


    A shared folder is accessed through its UNC Path. This has the general form of \\server\share. \\server\public This command would open a shared folder called public held on a computer called server. \\10.0.0.1\share. This address also adheres to the UNC path formula of \\server\share. where the computer name is substituted by the IP address of the server

    Share Permissions
    Shared folder access can be restricted by using Share Permissions. For example, John might be able to read the accounts folder whilst David might be denied access. Share permissions can also be applied to groups. If a user is a member of more than one group then he/she will get the cumulative permissions of all groups. However, the DENY permission will always take precedence. A user or group can be either allowed or denied the following permissions to a folder. READ: Allows a user to view the contents of a folder, and execute files within the folder CHANGE: Allows a user the Read permission, as well as allowing him/her to modify the contents of the folder.

    - 76 -

    FULL CONTROL: Allows a user the Read and Change Permission as well as changing file permissions and ownership. CAUTION: Shared Folder Permissions only apply to folders being accessed over the network and not for local logons. To restrict access for local logons use NTFS permissions.

    Multiple Share Permissions


    Share permissions can be assigned to multiple groups, therefore certain users may have different permissions. Managers Read Permission Accounts Change Permission If Fred is a member of both Managers and Accounts, Fred would have both Read and Change Permission. Caution has to be taken when using multiple groups and the DENY permission. The DENY permission will always take precedence. As noted before if a user is a member of more than one group then he will get permissions of both groups. Managers Full Control Permission Accounts Deny Read Permission If Fred is a member of both Managers and Accounts, Fred would be denied access.

    Administrative Shares
    Windows 2000/XP and 2003 have a number of hidden shares which are created by default when the operating system is installed. These shares are known as administrative shares. Administrative shares are only accessible by the administrator and are hidden when browsing the network. The following are the default administrative shares on a Windows 2000/XP and 2003 computer. <driveletter>$ Each drive on the computer is shared as <driveletter>$ example to access drive C: on server01 you would use \\server01\C$ admin$ The windows folder is shared as admin$ - 77 -

    ipc$ The IPC share is used by the Windows File Replication Service.

    Sharing a Folder
    Before sharing specific folders on a Windows XP Professional machine, simple file sharing needs to be disabled. Click on Tools. Select Folder Options. Select the View tab. Scroll down to the bottom of the Advanced Settings list. Uncheck the Use simple file sharing option. Click on OK to close the Folder Options dialog box. Right-click on the folder you wish to share. Select Sharing and Security Click on Share this folder. A share name is automatically given, however this can be changed here. A comment can also be added if needed. A user limit for the share can also be specified. Remember that Windows XP can only support 10 simultaneous connections. To configure share permissions click on Permissions. Every folder has an Access Control List (ACL) which specifies which users and groups have access to it. Currently the Everyone group has Read permission to the share. Click on Remove to remove the Everyone Group. N.B. You should never deny the Everyone group access since every user on the system would be denied access no matter what other groups they were a member of. It is safer to simply remove the everyone group from the list. - 78 -

    Click on Add to add a new user. Enter the name or names of the users and groups that you wish to add to the Access Control List. jacksonr;pauline potter will add the two users jacksonr and Pauline Potter. Click on OK to accept. The users have now been added to the Access Control List. Currently Pauline has Read access to the share. Click on Ross Jackson to configure permissions. Select Allow Full Control to give Ross Jackson full control over the shared folder. Full Control will automatically enable Change and Read. Click on OK to accept. Click on OK to close the folder properties window. The shared folder is displayed with a hand underneath it ..and can be accessed over the network by using the UNC path \\tonypc\UserData. Shared Folders can also be created and managed through the Shared Folders management console in System Tools. Click on Start. Right-click on My Computer. Select Manage. The Computer Management Console will appear. Expand Shared Folders. From here you can create shares, view and disconnect any current sessions and view or disconnect any open files. Click on Shares to create a new share. All the current shares are displayed. To create a new share right-click on the empty space in the share list. Select New File Share. Type or browse for the folder you wish to share into the Folder to share box.

    - 79 -

    Choose a Share name and an optional description for the new share. D:\Home will be shared as homefolder. Click on Next to continue. Choose the level of permissions that you want and click on Finish. Click on No to close the Create Shared Folder dialog box. The new share has now been created.

    - 80 -

    Mapping Network Drives


    Mapping means attaching to a shared folder from another machine so it appears to be a new drive letter on the local machine. This is used, for example, to point to the source folder for installation files. Any machine accessing that folder could copy the required files to complete the installation. This submenu can be accessed by right-clicking on the My Computer icon or the My Network Places icon: A drive letter is suggested by the wizard, but others are available. The UNC path may be typed in directly, or the path may be browsed. The share is accessed using a UNC path of the form \\server\share in this case the shared folder Tony on the computer 10.0.0.1. The shared folder Tony now appears as just another drive on the local machine.

    You can also map a drive by using a command line. The command is the form of net use <driveletter> \\server\share. e.g. net use z: \\10.0.0.1\public would automatically map drive Z to the share public share located on 10.0.0.1

    - 81 -

    Offline Files and Folders


    Windows XP/2003 allows access to shared folders even when the computer is offline. This works by storing a copy of the shared folder on the local machine, which is then synchronised upon reconnection to the network. The shared folder is cached on a users machine so it is available even when disconnected from the network. Changes to a file can be automatically synchronised with the original folder when the network is reconnected. For files to be successfully used offline there are four requirements: 1. The folder in question must be shared. Offline settings may then be configured. 2. When the share has been accessed, its make available offline attribute needs to be checked. 3. At disconnection or reconnection, or after modification, the two copies of the folder must be synchronised. (This process can be made automatic.) 4. Fast User Switching must be disabled on Windows XP To allows users to create an offline copy of a shared folder, right-click on the folder. Select Sharing and Security Select the Caching Button. Check the Allow caching of files in this shared folder option. Select the drop-down list to view the various caching options available. With manual caching of documents, users manually specify which files they want available offline. Also when available the server version of the file is always opened. With automatic caching of programs and documents, the contents of the folder are made available offline when the files are accessed. Any older copies are automatically deleted. This setting is normally used for read-only documents and over the network applications since the offline copy on the client is opened rather than the copy on the server. Automatic caching of documents is recommended for file shares containing only user documents. Documents are automatically made available offline when opened. If available the version on the server is always opened. Older copies are also automatically deleted. Click on OK to make the folder available offline. - 82 -

    And close the folder properties page. N.B. The dialog boxes differ slightly in Windows Server 2003. The Optimized for Performance checkbox specifies that users will work on their local copies of files even when online. This option would help to improve performance for the server. Select Folder Options Select the Offline Files tab. Check the box for Enable Offline Files. There are various options which allow you to configure when synchronization should take place. The default Synchronize all offline files before logging off is the most sensible option.. All of your offline files can be accessed from the Offline Files folder. Selecting this box will add a convenient shortcut to the desktop. The Encrypt offline files to secure data option is generally a good option on laptop machines containing sensitive data. Unfortunately the data is still unencrypted when it is transferred over the network. Click on OK to enable Offline Files. Right-click on the share or network drive that you wish to make available offline. Select Make Available Offline. Click on OK to make the entire contents of the folder available offline. The folder is then synchronized. The icon indicates that this folder is now available offline. The folder can be synchronized at any time by right-clicking on it and selecting synchronize. Offline files and folder settings can be changed by selecting the Setup button during synchronization or by selecting the reminder icon on the taskbar. - 83 -

    You can choose when you want synchronization to take place and change settings depending on what type of network connection you are using. Theres a wide variety of settings for when synchronisation should occur. There are advantages and disadvantages to each. Examine the contents of each tab carefully. Questions about this are examination favourites.

    - 84 -

    Volume Shadow Copies


    Volume Shadow Copies is a new feature of Windows Server 2003 that allows previous versions of files and folders on a share to be restored in the event of the current version becoming corrupt or deleted. Shadow copies are only available on shared folders and are managed by the Volume Shadow Copy service (VSC). Shadow copies are a fast way to recover missing data e.g. A user might accidentally delete important information from a Word document but he/she would be able to restore it to the previous days version. This puts a lot less burden on an Administrator because a backup doesnt need to restored. It is also a lot quicker. In order to use shadow copies, clients must install the Previous Versions client software which is compatible with both Windows 2000 and Windows XP computers. In order to use shadow copies, clients must install the Previous Versions client software which is compatible with both Windows 2000 and Windows XP computers. N.B. Shadow copies should not be used in place of a backup strategy. Volume Shadow Copies can only be enabled on a per Volume basis. From My Computer right-click on the relevant Drive. Select Properties. N.B. The drive must be formatted with NTFS. Select the Shadow Copies Tab. Select Enable to enable Shadow Copies on Drive F: Click on Settings to configure the new Shadow Copy. You can specify the amount of disk-space to use for the Shadow Copy. If there is not enough space available to create the copy then an older copy will be overwritten. Select the Schedule button to configure when copies should be taken.

    - 85 -

    The current schedule is every day at 7am. Click on Advanced to view additional schedule options. From the Advanced Schedule Options page you can specify a repeat task schedule. e.g. Once every four hours, twice a day. Before using shadow copies from client machines the Previous Versions client software needs to be installed. This can be found on the Server hosting the shadow copy inside the windows\system32\clients\twclient folder. The easiest way to deploy the Shadow Client software is through Group Policy. This will install the software automatically on all Windows XP and 2000 machines on the domain. Group Policy is covered later in this course. Run the twcli32 installer package to install the Previous Versions client on the computer. Once installed connect to the server which has Shadow Copies enabled, and right-click on the share. Select Properties. Select the Previous Version Tab. From here you can view, copy or restore any of the copies of the share displayed.

    - 86 -

    NTFS Security
    NTFS permissions can be used to secure files and folders on an NTFS Partition. Unlike share permissions, NTFS permissions can be assigned to individual files as well as folders. Permissions can be assigned to individual users or groups of users. NTFS permissions apply to the local machine as well as the network. NTFS permissions differ slightly for files and folders. Here is a list of the permissions available:

    NTFS Folder Permissions


    Read Allows a user to see the files and subfolders in a folder, and to view folder properties. Write Allows a user to create new files and folders within the folder, change folder attributes and view folder properties. List Folder Contents Allows a user to view the contents of the folder. Read and Execute Allows a user to read the contents of a folder and Traverse Folders. Modify Allows a user to delete and modify the contents of a folder, and enables Read/Execute and Write permissions. Full Control Allows a user to modify permissions and to take ownership.

    NTFS File Permissions


    Read Allows a user to read a file and view its properties. Write Allows a user to overwrite a file, change attributes, and view ownership and permissions. Read and Execute Allows a user the right to run applications and read a file.

    - 87 -

    Modify Allows a user to modify and delete a file and also allows Read/Execute and Write Permissions. Full Control Gives the user full-control over a file, allowing the user to modify permissions and take ownership.

    Permission Inheritance
    By default all files and folders inherit permissions from their parent. If Read Permission is allowed to the parent folder, all child files and folders below it will also be given Read Permission. This is known as Permission Inheritance. Windows also allows you to block Permission Inheritance, and assign permissions to files and folders individually.

    Taking Ownership
    Every file and folder created has an owner. This owner is called the creator owner. The owner of an object can deny access to other users including the Administrator. Fortunately the administrator can take ownership of any file or folder on the computer and regain access. To configure folder permissions right-click on the relevant folder. Select Properties. Select Security. The Access Control List (ACL) for the folder is displayed. Click on Add to add a new user to the list. Type in the name of the user, e.g. Pauline Potter. Click on OK to continue. The user Pauline Potter has been added to the ACL and has been given the Read & Execute and List Folder Contents permissions. As well as securing folders, NTFS can also secure individual files. Right-click on the file to configure file permissions. - 88 -

    Select Properties. Select the Security Tab. Notice that this file has inherited all the permissions of its parent. Highlight the user Pauline Potter. and select the Deny Full Control Permission. N.B. Similar to share permissions, the Deny permission will always take precedence. Pauline Potter has now been denied access to the file. Click on Advanced to view the advanced options for this file. The Permissions tab allows you to fine-tune permissions. To view the special permissions available for this file click on Add. and specify a user. Click on OK. A list of permissions are shown which allows an administrator to fine-tune access to the file or folder. The owner tab displays the owner of the file. Users with the right to take ownership can take control of the file from here. The Effective Permissions page can be used to determine what level of access a user or group will have to this file. For example, the user Pauline Potter has no access to the file. Even though she has read and execute permission to the parent folder. The user will receive an error message when attempting to open the file.

    Copying and Moving Files on the same Partition.


    The follow rules should be remembered when moving or copying files and folders. A new file or folder automatically inherits permissions from its parent. When moving a file on the same NTFS partition, the file will keep its original permissions, no matter where it is placed. When

    - 89 -

    copying a file on the same NTFS partition, a new version of the file is made, so it will inherit the permissions of its parent.

    Moving files between folders within a NTFS partition


    When moving a file from one folder to another, the file keeps its original permissions. This is because no new resource is made; it is merely moved.

    Copying Files Between Folders


    When copying a file from one folder to another, the file inherits the permissions of its parent. This is because you are making a new version of the file.

    Copying and Moving Files and Folders to another partition.


    When copying or moving files and folders to another NTFS partition, a new resource is created, therefore the file/folder will inherit permissions from its parent. When copying or moving files and folder to a non-NTFS partition, the file/folder will lose all of its attributes.

    - 90 -

    Disk Quotas
    Disk Quotas enable an administrator to limit the amount of disk space available to users on a partition. 3 users, each with different Quotas Fred 500MB George- 8MB Susan 500MB Disk Quotas are only available on NTFS partitions. To create a quota, right-click on the relevant drive. Select Properties. Select the Quota Tab. Select the Enable Quota management checkbox to enable quotas for this drive. Select the Deny Disk space to users exceeding quota limit checkbox to prevent users from exceeding their quota limits. Select the Limit Disk space to option to set the disk quota limits. Select the Limit Disk space to option to set the disk quota limits. Select the Limit and Warning levels. It is a good idea to log when a user exceeds his quota limit or reaches his warning level. This quota will apply to all users of the system except the Administrator. Select Quota Entries to configure individual quota limits. Select Quota. Select New Quota Entry. Specify the user you want to set the quota limit for.

    - 91 -

    Click OK Select the quota limits you want to apply to the user. Click OK. The quota limits are displayed in the quota entries box. N.B. The administrator has no quota limit. Click on Apply to start the quota. Click on OK to accept the warning. The disk quota is now active. The user jacksonr is now only allowed 20MB on Disk D:.

    - 92 -

    Compression and Encryption


    NTFS v5.0 allows files to be encrypted using the EFS utility (Encrypting File System). Only the person who has encrypted the file and the Recovery Agent can decrypt the file. Encrypted data cant be moved from one machine to another without first decrypting the data. Compression and Encryption follow the same inheritance rules as NTFS permissions. Compression is an integral feature of NTFS. It reduces the space a file takes up. The penalty for this is that access times are increased as files need to be uncompressed each time they are opened. (Also, files need sufficient disk space to allow decompression or else they must remain in a compressed state) Right click on any of your files within an NTFS volume and select properties. Select the Advanced button

    This is the window seen when encrypting or compressing a file. The corresponding window for a folder is very similar. You cannot Encrypt and Compress a file or folder Files can also be compressed or encrypted from a command line These commands can also be used to discover the attributes of objects, or to change the attribute of a particular file type.

    Switches for the Cipher command


    /e encrypts /d decrypts - 93 -

    /f forces action /s:x affects directory x /s: affects current directory /q gives no reports /i ignores error and continues /file1 file2 file3 (note spaces between multiple files) /*.txt *.doc *.htm (note use of wildcard)

    Switches for Compact command


    /c compresses /u decompresses /s:x affects directory x /s: affects current directory /q gives no reports /i ignores error and continues /file1 file2 file3 (note spaces between multiple files) /*.txt (note use of wildcard) /f forces action /a displays hidden or system files

    - 94 -

    Printing Overview
    One of the most important devices in any of todays offices is a printer. A printer, just like files and folders, can be shared amongst other users on the network. A Windows Server or XP Professional machine can act as a print server to share the printer and make it available to other machines on the network. A printer is a software representation of a physical print device. It must not be confused with the printing device itself. A print driver is a piece of software that converts print jobs into a format that the print device understands. A print server is a computer that receives print jobs before processing them and passing them onto the print device. A print device is the physical device that produces the final hard copy.

    The print process starts with a user making a request to print from their computer. This print job is passed onto a printer (remember, a printer is a software device) configured on the local machine. If the client operating system is Microsoft 32-bit then the local printer formats the print job. If it is Windows 2000/2003/XP or Windows NT 4 then the client also contacts the print server to ensure it has the most recent version of the printer drivers. If it does not, the newer version is downloaded. If the client operating system is not Microsoft 32-bit then a remote procedure call is made to pass the job to the print server. If the print server is not available, the print job is held in a local spooler until the print server can be contacted. When the print server receives the job (in RAW format) the job is written directly to disk. It is also assigned a position in the print queue. The default behavior is to place the job at the end of the queue so that the first job sent to the print server is the first printed. However, this can be changed with priority levels. Once the job reaches the front of the queue, it is converted into a bitmap format and passed on to the physical print device. When IIS (Internet Information Services) is installed, a client can manage and connect to printers using a web-browser. When connecting to a network printer a URL can be specified - 95 -

    as the printer, this will allow a user to submit print jobs over the Internet. IPP (Internet Printing Protocol) is only available on machines with IIS installed. IIS is covered in greater detail later on in this course. Windows can connect to printers on other platforms such as the Line Printer Remote Protocol (LPR) used by UNIX. A Windows Server 2003 or XP machine can also share drivers for other platforms such as Windows XP 64Bit or Windows NT 4.0. A printer can be set up to work with the Fax Service which will allow a Windows machine to send and receive faxes.

    - 96 -

    Installing and Configuring Printers


    This Lesson will show you how to configure printers, both locally and on a network. Also covered is Sharing a Printer, Print Scheduling and Spooling. To Add a new Local Printer, open the Printers and Faxes folder from the start menu and click on Add a printer. The Add Printer Wizard will appear. Click on Next. Select Local Printer to install a new Local Printer. Click on Next to continue. The wizard will ask you which port the printer is connected to. You can also create a new port such as a TCP/IP port for network printers that are not connected to a print server. Click on Next to continue. Choose the Manufacturer and Printer from the list shown. You may need a driver disk at this stage if your printer isnt supported. Click on Next to continue. The wizard will ask you to choose a name for the printer and whether you want it to be the default. The wizard will ask you if you want to share the printer. Select Do not share this printer and click Next to continue. You can test the printer by sending it a test page. Click on Next to continue. A summary page will appear, verify all options are correct and click Finish. The new local printer has now been installed and is marked as the default printer.

    Connecting to a Network Printer


    A network printer is added in pretty much the same way. Click on Add a printer. Click on Next. - 97 -

    Select A network printer. Click on Next to continue. The wizard will ask you where the printer is, you can either browse for or specify a printer using a URL or an UNC path. For example \\10.0.0.243\hplaserj.2 will connect to a printer shared on the machine 10.0.0.243. Click on Next to continue. The computer will automatically download drivers from the Print Server. Click on Yes to accept the warning. Choose whether you want the printer to be your default and click Next. A summary page will appear, verify all options are correct and click Finish. The new printer is displayed in the Printers and Faxes window and is marked as default.

    Sharing a Print Device


    To share a print device, right-click on the print device from the Printers and Faxes Window. Select Sharing. Select the Share this printer option. A share name is suggested for you although this can be easily changed. If the printer is to be shared on a mixed network (i.e. Older version of Windows) then select Additional Drivers. Additional Drivers can be installed for the supported platforms by selecting the relevant checkboxes. To configure permissions click on the Security Tab. The Security Tab is used to configure permissions for the printer. The Manage Printers permission allows a user to pause and restart the printer, change its settings and manage its permissions.

    - 98 -

    The Print permission allows a user or group to print to a printer. The Manage Documents permission allows a user to pause, restart and delete queued documents. This permission does not allow a user to change any of the printer settings. For example the Everyone group has been given the Print permission by default so all users can print to the printer but not manage the printer or other peoples print jobs. Click on OK to continue. The printer has now been shared.

    Print Scheduling
    Printer Scheduling is a method of preventing print jobs from being processed until a set time. It can be used in situations such as a department printing large, non-urgent reports and another that prints single page urgent documents. You can configure two printers for one physical print device. One of the printers can be set to only print outside office hours. Another can be set to print immediately. Only those people who need to print the urgent documents have the Print permission for that printer. This means that the single page documents will print out immediately, and the large reports will be waiting for their owners when they come into work the next day. Printer Scheduling is set up from the Advanced tab of the printers properties page. Click Available from. This might be set to be from 10:00 to 18:00. Another printer can be shared using the same print device with a different schedule. The two printers can then be used by different users. A printer can be given a priority, so that jobs sent to this print device using this printer can be given higher precedence over jobs from other printers. 1 is the lowest priority and 99 is the highest. For example two printers can be created, one for the Managers having a priority of 99 and one for standard users having a priority of 1. The Managers Documents will always print before the users documents.

    - 99 -

    Printer Pooling

    Printer pooling involves assigning multiple print devices to a single printer. A printer pool would be used in a setting where there is a large amount of printing done, such as in a secretarial environment. Printer pools reduce the amount of time employees spend waiting for their printouts, and thus increase productivity. When print devices are pooled the printer sends the print job to the first available print device. To create a printer pool, all the printers MUST be identical, i.e., they must all function using the same driver. Printer pooling is configured from the Ports tab. First, you click the Enable printer pooling checkbox at the bottom. If you dont click the Enable printer pooling checkbox first, then you can only select one port from the list. When you click OK, the print devices will be pooled, and the printer will send each print job to the first available print device.

    - 100 -

    Hardware in Windows XP/2003


    Hardware Support; Windows XP/2003 includes support for numerous devices, including DVD, multiple monitors, cameras and wireless communication. Plug and Play (PnP); Plug and Play is a standard that allows hardware to configure itself, with the least amount of user-intervention. Universal Serial Bus (USB); Allows you to connect devices to your computer without restarting. USB1 runs at 1 to 12Mb/sec, USB2 at 480Mb/sec and both support Plug and Play. Power Management; Supports APM (Advanced Power Management). Supports ACPI (Advanced Configuration and Power Interface)

    Interrupt Requests (IRQ)


    Devices work by interrupting the processor. Once a device has the processors attention it can send or retrieve data or carry out a function. The interruption of the processors run time is called an Interrupt Request (IRQ). Each device has an IRQ so the processor knows which device is asking for its time.

    Interrupt Requests (IRQ) Conflicts


    Here, both the Printer and the Network Card are using the same IRQ number. This has confused the processor, so it doesnt know which device to service.

    Input/Output (I/O) addresses


    Sometimes devices CAN share IRQ numbers. Consider this case of two COM ports. Every device on the computer has a unique address, called an I/O address. This address acts like a mailbox number that the processor uses to communicate with the device. While here, both COM ports share an IRQ number but they have different I/O numbers. All I/O numbers must be unique and cannot be shared.

    Direct Memory Access


    - 101 -

    Using DMA, a device can directly transfer data to the RAM without using the processor, thus freeing up the processor for other tasks. . If two devices tried to use the same DMA channel, this would cause a hardware conflict.

    Multiple Displays
    Multiple Display Support. Windows XP/2003 adds support for up to nine display adapters. Any video adapters used for multiple displays must either be PCI or AGP cards. All video adapters must support multiple displays including any on-board cards. On-board Video Adapters. If the the on-board video card is to be used as well as a separate video adapter, then install Windows XP/2003 before installing the new device. Windows setup will disable any on-board video card if a separate video-adapter is located. In some systems the BIOS will disable the on-board card if another adapter is found, there may be no way to overcome this. Configuration. One video adapter must be set as the primary. This adapter cannot be switched off as the other adapters will use it as a marking point when extending the desktop.

    Device Manager
    Hardware is administered through the Device Manager utility, which is the users main administrative interface with a machines hardware. It can be used to:

    Check the configuration of hardware devices Install or update drivers Remove or disable hardware

    This utility can be accessed from Start > Settings > Control Panel > System > Hardware tab > Device Manager. Alternatively, right-click on My Computer > Properties > Hardware tab > Device Manager. A device can be uninstalled from this window. When the device is selected, the window changes subtly. Note this icon. Hardware changes can be detected in the device by clicking this. - 102 -

    This feature is available from the Action menu or from right-clicking on an item. If the item is expanded, more operations are available: Note these icons. Hardware devices can be disabled or deleted from here. Alternatively, right-click on the highlighted device, or click on the Action button. You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. Domain wide policies must also permit this! An Exclamation Mark indicates a device has a problem. Generally this will be a driver issue. A red cross indicates that the device has been disabled. To check the properties of a hardware item, double click on the icon, or right click and select Properties. The message that a device is working properly does not always means its doing what is required of it. Devices can be enabled or disabled as required dependent upon the hardware profile required. The number and type of tabs varies according to the particular Hardware Device selected. The Driver tab allows you to configure drivers for the device. A driver is a software interface that allows the operating system to use the hardware. Common to all devices is the Resources Tab. This lists the computer resources used by the particular device to interact with the processor and the computer memory. Any conflict reported here implies that changes have to be made to the IRQ or I/O resources allocated to this device.

    - 103 -

    Installing New Devices


    When a physical device such as a PCI card is inserted into a machine it may still require installing within the operating system. A logical device can be removed while the physical device remains connected! Plug and Play (PnP) devices are fairly easy to work with. A computer can usually deal with these without much help. Older devices like ISA cards or externally connected devices may need configuring. This may also apply to newer PnP devices if they have been disabled or removed. Using the Add Hardware wizard from the Control Panel is the recommended way to install hardware. Alternatively, a device can be installed using the Add Hardware Wizard from the System Applet. (The system applet can be accessed by right-clicking on My Computer and selecting Properties) In either case the Add Hardware Wizard will appear. Click Next to Continue. The wizard will attempt to search for any new hardware connected to the computer. If the device is not found the wizard will ask you if you have connected the hardware. Select the desired option and click Next. Select Add a new device, and click Next. This routine is common to most hardware installation The wizard will ask you if you want to automatically detect the device or manually select from a list. Selecting Manual will bring up this screen. Select the desired device category and click Next. If the device isnt listed then you may need to contact the manufacturer to obtain a driver. Select the device and Click Next. The Hardware is then installed. Click on Finish to complete the wizard.

    - 104 -

    Driver Signing
    Driver signing is a digital imprint that is Microsofts way of guaranteeing that a driver has been tested and will work with the operating system. Digitally signing a file is the process by which you can guarantee that a particular file comes from the source that it claims to come from. The application of driver signing is governed by a policy set using the System program in the Control Panel. Driver Signing is configured through the system applet in Control Panel or from the Properties of My Computer. Select the Hardware Tab. Click the Driver Signing button. Ignore will allow all device drivers to be installed whether they are digitally signed or not. Warn will display a warning message where an Installation is attempted on a device driver without a digital signature. Block will prevent an installation of an unsigned device driver. Notice the default Setting is Warn. Choose an option and click OK.

    - 105 -

    Hardware Profiles
    Hardware Profiles tell your Windows computer which devices to start and what setting to use for each device. You can have more than one hardware profile on a Windows XP/2003 computer. Hardware profiles are useful if you have a portable computer and use it in a variety of locations. When you first install Windows Server 2003 or XP, a hardware profile called Profile 1 is created. By default, this profile contains every device that is installed on your computer at the time you install the operating system.

    Creating a New Hardware Profile


    Hardware profiles are created from the System applet in Control Panel. If there is more than one hardware profile, you are given a choice as to which profile you desire as the machine boots into windows. Device Manager can be used to enable or disable devices for each profile. When you disable a device from within a hardware profile, that device will no longer be available and will not be loaded the next time you start your computer. To create a Hardware Profile use the System Applet in Control Panel (or Right-click on My Computer and Select Properties) Select the Hardware tab. Click the Hardware Profiles button. Select Properties. From here any of the options can be selected. To create a new hardware profile, you need to make a copy of the original. Select Copy to copy the original Profile. Choose a name and select OK to continue. The New Profile has now been created. To disable devices in the new profile, restart the machine and select the new Hardware Profile The Hardware Profile screen is displayed once the computer has been restarted. Select the New Profile.

    - 106 -

    The computer is now running in the second hardware profile. Device manager can disable any devices that wont be used in this profile. Right-Click on the Device to be disabled and select Properties. Select Device usage. Select Do not use this device in the current hardware profile (disable). Select OK to continue. The Modem has now been disabled. When the user logs on with this profile, there will be no Modem operational.

    - 107 -

    Power Management and UPS


    A computers Basic Input/Output System (BIOS) is software through which the operating system communicates with hardware devices. Advanced Configuration and Power Interface (ACPI) is the current standard for the way the BIOS works. Windows supports not only ACPI but also some BIOS versions based on older Advanced Power Management (APM) designs. Some machines arent capable of supporting the ACPI standard, and in some the APM feature actually conflicts. Consult the HCL and be prepared to disable APM in the BIOS. Power consumption of a computers devices or an entire system can be reduced using Power Options. This is done by choosing a power scheme, a collection of settings that manages the computers power usage. A user can create his or her own power schemes ,or use the schemes provided with Windows. Power consumption of a computers devices or an entire system can be reduced using Power Options. This is done by choosing a power scheme, a collection of settings that manages the computers power usage. A user can create his or her own power schemes ,or use the schemes provided with Windows. Power Options are available to any Windows XP machine, but they are especially important to preserve battery life for laptop users. Start > Control Panel > reveals this window. If Power Options are available on the machine, this icon will be seen. Click on itand the Power Options applet is revealed. The tabs available may vary from machine to machine, but these are typically seen on a desktop machine. This is the more complex display typically seen on a laptop computer. The current settings are for a light use desktop computer. Note the power-hungry monitor will shut down if its idle for 20 minutes, but the hard drives remain live for a quick resumption of working. In this configuration the monitor and the hard drive shut down to preserve battery power. These settings can be altered to give a more ruthless power saving. Save these changes to make a new Power Option. Once given a distinctive name, the option becomes available for future use. The drop down window reveals the list of ready-made power options. A basic ready-made option can be selected and used as it is, or settings for the monitor and hard drive can be modified for each option. This tab presents an unimpressive set of choices. The option to have the indicator on the taskbar is a useful one, however. - 108 -

    Hibernation will allow you to save your computers current state before powering down. This will allow you to reboot the computer quickly, returning you to your previous session.

    UPS Devices

    These come in all shapes and sizes but essentially do the same job. In the event of a mains failure they provide emergency battery power to keep a system alive until it can be safely shut down, or until the power is restored. A UPS device should do its basic job merely by being plugged in. However, it can only be configured by starting the UPS service. First, the device has to be identified to the system. Once a device has been selected options for configuration become availableChoose one, and click finish. While the basic UPS function works as soon as the unit is plugged in, the configurable settings only work when the UPS Service is started. Unfortunately, no clue appears on screen as to whether the service is running or not. Delve into Administrative tools for this This list of services is accessed through Computer Management > Services. The service needs to be started manually. (Right-clicking brings up the required menu.)

    - 109 -

    Monitoring and Optimisation


    In order to keep a computer running smoothly, you must monitor its performance by using the Windows performance monitor tool. Using the performance monitor tool you can identify potential bottlenecks and resolve them. Windows also provides an event viewer which allows you to view possible system errors and conflicts.

    The Event Viewer


    When a system fails one of the Administrators first ports of call is the Event Viewer. Event Viewer provides information to help identify the possible cause of the system failure and help point the way to a solution. Event Viewer can also be used for security purposes. It is possible to monitor the other users on the system as well as log their usage.

    To access the Windows Event Viewer, click on Start. Right-click on My Computer and select Manage. In the left pane are the different Logs available. The information in the right pane shows the events that have been logged. The Application log records the applications which are running on the computer and also their status. The Security Log records events which relate to the security of the network e.g. failed login attempts.

    - 110 -

    The System Log records Events which relate to the operating system. E.g. the failure of a device. Double-Click on an event to view its Properties. An error with the time service has been identified. This may lead to strange problems on the network. Over time log files will grow and need to be managed. A log can be cleared or saved for future analysis. Right-Click on the Log to be cleared. Over time log files will grow and need to be managed. A log can be cleared or saved for future analysis. Select Clear all Events. You are now given the option to save the Event Log before you erase it. Click on No if you do not wish to save the log. The System Log has now been cleared. Sometimes you can have too much information. The log may be filtered to display only the information required. Right-click on the Event log to be filtered. Select Properties. Select the Filter tab. The Event Types box determines what is to be displayed. Untick any event that shouldnt be displayed. Click On OK to apply the filter. A filter has been created to display only Error messages. This can make errors easier to locate and troubleshoot.

    Task Manager
    The Windows Task Manager is a useful utility which is most frequently used to close hung applications. - 111 -

    The Task Manager can also be used to view basic performance information about the machine such as Processor and Network Usage. For more in-depth performance monitoring the Windows performance monitor should be used. To Access the Task Manager right-click on the Taskbar. Task Manager can also be accessed from the Windows Security Dialog Box by holding down Ctrl, Alt and Delete and selecting Task Manager. Select Task Manager. The Task Manager shows the current Applications that are running on the machine. Applications can be stopped and started using the Task Manager. Click on the End Task button to close down the highlighted application. Notepad has been closed down. To start a new task, select New Task. The Create New Task box appears. Type in the name of the Task e.g. Notepad. Then click OK. To view the Processes currently running on the system select the Processes Tab. From here you can stop a running process. If, for example, Windows explorer crashes you can stop explorer.exe and restart it using the New Task command from the Applications tab. To close down Windows explorer highlight explorer.exe. and select End Process. Windows explorer will then be closed down. Select New Task from the Applications tab and restart explorer.exe. To view the computers current Performance statistics, select the Performance Tab. From the here you can view current Processor and Page file usage. For a more in-depth reading you should use the Windows Performance Monitor. From the Networking tab you can view information about how much traffic a network adapter is sending and receiving.

    - 112 -

    The Users tab displays which users are currently logged on to the system. You can also Disconnect, Logoff and Send Messages to other local users from here.

    - 113 -

    Performance Monitor
    Performance Monitor allows you to view your computers performance for such things as the Processor and Hard Disk usage. Using Performance Monitor can help identify potential bottlenecks which may be slowing a system down. It can also be used to monitor the performance of other machines on the network. To access the Windows Server 2003 Performance Monitor click on Start. Highlight All Programs. Highlight Administrative Tools. Click Performance. Another and quicker way of accessing the Performance monitor is by using the Run command. Click on Start. Click Run. Type in Perfmon in the Run dialog box. Then click OK. The Windows 2003 Performance Monitor will appear. The current window shows a chart. This chart can show multiple Counters i.e. the objects to be monitored. Click on the Add icon to add a Counter.

    Default Counters
    Pages/sec: This counter measures the amount of times the page file on a hard drive is accessed. A high value of pages/sec indicates low available RAM (a value over 20 is considered high with a value of 4/5 being ideal). The solution would be to add more memory Average disk queue length: This measures the number of operations waiting to be written to the hard drive. A high value indicates a slow disk drive (a consistent value of 2 or above is considered high). The solution would be to add a faster hard drive or split operations between multiple hard drives. %processor time is a measure of how much work the processor is doing. A consistently high value (80% and above) indicates an overworked processor. The solution would be to either add additional processors and/or upgrade to a faster processor.

    - 114 -

    This is the Add Counters Window. The Performance object is the actual device you want to monitor, e.g. The Processor. The counters list allows you to monitor various settings for the Performance object you have selected. e.g. % Processor Time. Click on the Add button to add a counter to monitor the Processor Time. Click on the down arrow in the Performance Object to select additional Performance Objectsand a list of additional Performance objects is displayed. Click on the Memory Object. Select the Available MBytes counter to monitor how much Memory is available. If this value drops below 4MB there may be a memory bottleneck. Click Add and then select Close to begin Monitoring. Now the chart shows the current Processor time and Available Mbytes. (There are also two other views, the Histogram View and the Report View.) Click here to select the Histogram view. Click here to select the Report View. The Report view gives the most accurate reading. The information gleaned from the performance monitor suggests that both the Processor and Memory are in working order. It is best to monitor a machine during peak usage time.

    The Processor Object


    The Processor counter gives detailed reports on how the Processor is performing. Processor performance should be monitored regularly. - 115 -

    The Memory Object


    The Memory object gives detailed reports on how well the Memory is performing. Memory performance should be regularly monitored to determine if and when an upgrade is needed.

    Monitoring Disk Performance.


    Physical disk Counters are enabled in Windows 2003 by default, so this option should be available through Perfmon. Perfmon opens the Performance console which is used for setting and viewing counters. From Start, choose Run and type in perfmon. (There are other ways of opening this utility.) Scroll to find the Physical Disks option. Selecting the object reveals a choice of counters. For the sake of illustration, two disk queue counters will be selected. First the Average disk write queue length is selected. Secondly the Current Disk Queue Length is selected. The two traces are displayed now in the right pane. This value suggests that the present disks configuration can cope with the current usage. Remember the caveat about sampling during times of peak usage e.g. when the most read/write operations are occurring. The option to add counters to monitor Logical Disk performance is available. Once Logical Disk is selected, a particular counter must be chosen: This is a useful tool, for a brief description of the function of the selected counter. If there is more than one logical drive available then you will be able to select it here. For illustration, the C partition will be chosen. This display shows that the drive is in first class shape. If the visible peak is a sustained feature however, then this is a sign of fragmentation.

    Additional Monitors
    NTDS Is used for monitoring the Active Directory. By using System Monitor you can track the performance of the active directory database. Domain Name System (DNS) Monitoring is used to check and troubleshoot DNS servers, also to troubleshoot the DNS configuration for Active Directory.

    - 116 -

    Dynamic Host Configuration Protocol (DHCP) Monitoring is used for troubleshooting and monitoring the performance of DHCP Servers.

    Identifying and Troubleshooting Bottlenecks


    Bottlenecks can be caused by resources not being used efficiently, a resource being too slow or too small, or the overuse of memory intensive applications. By using Performance Monitor, the performance of various parts of the system can be measured allowing system bottlenecks to be identified. It is not enough to view one set of counters and pronounce that a disk or processor cannot cope in its present configuration. For example, processor bottlenecks can be caused by memory bottlenecks, unintelligent network cards, or even outrageously demanding screen savers! Often one set of counters must be compared with another to get a truer picture. For example, the % Disk Time counter gives a reading which needs to be compared with the % Idle Time counter to give a meaningful result. Various counters can be considered together to detect possible conflicts. Even though the problem may appear to be with one device it may lie with another entirely. If Processor is above 80%, then there may be a problem with the processor, or the processor is too slow for the applications that are running on the system. If there is a high split I/O sec rate on the drive then the disk might need defragmenting. If there is a high %page file usage then the addition of more memory is indicated. Lack of memory is the most common cause of performance problems in your Windows computer. Physical memory installed can be identified by accessing the System Properties page after right clicking My Computer then selecting Properties.

    Paging File
    The Paging File also known as the Swap File/Virtual Memory is a file on the hard drive that acts as temporary memory space when the physical memory is full. A good way to troubleshoot paging file problems is to move the paging file to a separate physical disk and IDE channel (Or a separate hard drive for SCSI systems). This is good practice in any event.

    - 117 -

    Windows uses dynamic page file sizing. The continual re-sizing of the page file, as demand increases and decreases, puts additional load on system resources. By setting the minimum size to the maximum size, the page file stays at a constant size regardless of the system usage. This lowers the overhead on the processor and the hard drive. If performance with the Swap File becomes an ongoing problem, a better long-term solution may be to increase a computers memory. To amend the size of the paging file, right click My Computer and select Properties. Select the Advanced tab. Click on Performance Settings. The visual effects tab allows you to tune the machine to enhance performance by reducing visual effects. Both processor and memory can be tuned to enhance server function or application function. Click on Change to open the Virtual Memory window. To change the location of the page file select a different drive and set the size required. Then on the original drive select no paging file. After every single change click the Set button otherwise your settings will be forgotten by the machine.

    - 118 -

    Performance Logs and Alerts


    Windows allows alerts to be set so that if a certain counter goes over a specified limit, the Administrator can be alerted, e.g. If the Processor usage goes above 80% a network message will be sent to the administrator. Log files can be created to help analyse system performance and establish baselines values for the system, this will help to identify any subsequent aberrant behaviour. These logs can be viewed through the Windows System Monitor, and exported to a database or a spreadsheet application.

    Creating a Counter Log


    To create a new log open the Performance Console and Expand Performance Logs and Alerts. Click on Counter Logs. This shows that there is a sample log in place. If the log is in red then it indicates that the log is currently not running. To create a new log, right-click on Counter Logs. Select New Log Settings. Type in a name for the new log. Click on OK. To add a counter to log, click on Add Counters. Choose the counter to log and click on Add. Once all counters have been added, click on Close. The Processor Time counter has been added. The Sample data every control allows you to specify how often the data is recorded. The value can be lowered if a more accurate log is required. Note. The shorter the sample interval and the more counters added the more load on the system. Click on the Log Files tab next. Here the location of the log file is specified. The Log file type sets a format for displaying in Excel or Word.

    - 119 -

    Explore the Schedule Tab next. The maximum log file size can also be set. The Schedule tab specifies when the log should start. Click on Manually (using the shortcut menu) to start the log manually and select OK. To start the log, right-click on the Processor Performance log. Click on Start. Green indicates that the log has started. The file is located inside the PerfLogs folder. The log file can be opened with an application such as Excel and displayed as a graph or chart or in system monitor. Remember to add the correct counters to system monitor before you import the log.

    Creating an Alert
    To create a new alert, right-click on Alerts. Select New Alert Settings. Type in a name for the new alert. Click on Add to add a counter. Select the relevant counter and click Add. Once all necessary counters have been added, click on Close. Change the Alert value to over 60%. Click on the Action tab. The form of the alert can be set here. (Having a network message sent is perhaps the most fun) Type in the IP address or name of the machine to which the message should be sent.

    - 120 -

    Click on the Schedule Tab. The schedule tab specifies when the alert should start. Click on Manually to start the alert manually. Click on OK to create the alert. To start the alert, right-click on the Processor alert. Click on Start. Green indicates that the alert has started, and is ready for the triggering event. Every time the processor time goes above 60% a network message is sent to 10.0.0.219. The alert is also logged to the event viewer.

    - 121 -

    Network Monitor
    Network Monitor is a utility that allows the monitoring of network traffic between machines. The Network Monitor is an essential troubleshooting tool for diagnosing network performance and protocol problems. The Network Monitor provided with Windows 2003 only allows viewing traffic to and from the local machine. The Network Monitor on the Windows 2003 Resource Kit allows monitoring of all parts of the network. To install Network Monitor, Open the Add/Remove programs wizard and Click on Add/Remove Windows Components. Highlight Management and Monitoring Tools. Then click Details. Tick the Network Monitor Tools check box. Then click OK. Installation of the components will then begin. Click Finish to complete the installation of Network Monitor. Once installed, the facility can be called. Click on Start button. Highlight Administrative Tools. Click on Network Monitor. Click on OK to select the network. Select Local Area Connection. Click on OK to start monitoring. Network Monitor now opens. Click on Capture. Click on Start to monitor network traffic. From a different computer on the same network a message is sent using the net send command. Click on OK to acknowledge the message has been received. Click on Stop to end Network Monitoring. To view the report of network activity click on Display Captured Data. Once the data is displayed three different panes can be viewed together (as shown) or separately by activating the different buttons on the toolbar.

    - 122 -

    The Summary Pane gives an account of each packet collected. The Detail Pane gives a review of the highlighted frame from the Summary Pane. The Hex Pane shows the data inside the packets e.g.the mac address and the message itself. Amongst other things, this highlights the need for encryption of sensitive data over a network. Plaintext passwords, for example, can be easily read.

    - 123 -

    Security Overview
    The object of security is to protect data and its availability being compromised by malice or by accident. In Windows there are two main strands to security specific access permissions and authentication. Specific permissions can be applied to users, groups, or resources. Authentication confirms to the machine or network that a user has an account with permissions to log on. Individual servers and workstations need protection. As do the connections between them especially if the connection is over the internet. In addition to making organisational precautions through software settings, attention should be given to the physical security of the system. The items illustrated can all be physically removed from a machine or indeed a building and therefore may require physical security. A last theme of security is that of Auditing. This allows the administrator to view the history of who has attempted to access a resource and whether they succeeded. Security can be set at the level of the individual machine or across a wider unit such as a domain. In each case the principles of securing the hardware, software and user access apply.

    Security Considerations
    Passwords are a principal device for restricting access to a machine or network. However, passwords can be guessed or stolen. To guard against theft or discovery, passwords should be changed frequently. Windows can enforce a password changing policy upon its users. To counter guessing, quite simply, the passwords need to be made as long and as complex as is practicable. A single letter password chosen from az might be guessed after 26 attempts. A two letter password has 26 times more possibilities (676). The following table shows this sequence of increasing complexity: 1 26 possibilities 2 676 possibilities 4 456976 possibilities 8 208827064576 possibilities For passwords using az Windows permits passwords of up to 127 characters, but recommends at least 7 for a password.

    - 124 -

    A single letter password chosen from a to z gives a base of 26 elements, but if the choice of elements includes upper-case letters and other symbols, thus the complexity level is increased significantly, and the password integrity is strengthened. The length and the composition of a users password can be specified in a security policy, either for an individual machine or for a domain. The lifetime of a password can also be set by this policy and the reuse of old passwords may also be prevented. In summary, for a password to be strong and difficult to crack, it should:

    Be at least seven characters long. Be significantly different from your previous passwords. Not contain your own name or user name. (Nor the name of spouse, children, pets etc.) Not be a common word or name. Have at least one symbol character in the second through sixth positions. Contain Letters a-z, A-Z, Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 and Symbols` ~ ! @ # $ % ^&*()_+={}|[]\:;<>?,./

    There are many facets of computer operation which need protection from unwarranted interference. Files Files need to be read by some users, modified by other users, backed up by yet other users, encrypted by owners and hidden from most! This is apart from needing to create files, delete files and share them across a network. Each of these is possible simultaneously in Windows because of the facility to set individual detailed permissions. Granting Permissions There is a permission for viewing and changing permissions on files and folders. When new resources are created, this permission needs to be configured carefully. Domains And Sites Permissions for access to larger units such as a domain are separate from those granted for local resources. Changes to one arent reflected in the other. For example if a users account is disabled for a local resource, the domain account may still be active.

    - 125 -

    Configuration Settings for users or sites can be made so that such things as Control Panel and Administrative Tools are not available to a user or range of users. This is used to enhance security, but it can also be used to enforce corporate themes and identities across users desktops. Installing Applications The facility to install applications should not be distributed lightly. Non-standard, unsupported or defective applications can be a drain upon available technical support time, and interfere with multi-layer processes. This facility can be controlled quite closely with Windows. Network Access Rogue servers and users can attach themselves to a network, pretending to be something theyre not and gain access to private data. Long cable runs and internet links are weak points for the monitoring of traffic hence a need for encryption.

    Kerberos v5
    Kerberos V5 is the primary security protocol for authentication within a domain. (Windows can use others such as SSL, TLS & NTLM.) The Kerberos V5 protocol verifies both the identity of the user to the network services and the service to the user. This form of verification is known as mutual authentication. Kerberos is named after the legendary 3headed hound which guarded the gateway to Hades, the ancient Greek version of Hell. The Kerberos V5 authentication mechanism issues tickets for accessing network services. These tickets contain encrypted data, including a users encrypted password and unique SID that confirms the users identity to the requested service. Except for possibly entering an additional password or smart card credentials, the entire authentication process is invisible to the user. Kerberos v5 authentication is automatically enabled when you install Windows 2000/XP and Server 2003. For Kerberos to work, both the client and the machine the resource resides upon must be running Windows 2000 or later. Tickets that are successfully Authenticated against the records in Active Directory grants the user access to the various resources in the domain for which he has permission without him having to identify himself with a user name and password each time. All this is invisible to the user and also largely, to the administrator. However, it is useful to be able to understand the authentication procedure Kerberos uses. - 126 -

    NTLM Authentication
    Pre-Windows 2000 clients use a protocol called NTLM (NT LAN Manager) to authenticate on the network. For backward compatibility Windows Server 2003 continues to support NTLM authentication. NTLM uses less secure authentication and is not as preferable as Kerberos however for NT 4.0 and Windows 9x/Me it is the only available authentication protocol.

    - 127 -

    Local Security Policies


    A local security policy specifies various security settings on the local machine. These can include password and account lockout policies, audit policies and user rights assignments. Domain security policies will override local security policies so care should be taken when applying local policies on a domain. Local Policies are set through the Local Security Policy MMC. This can be easily accessed from the Administrative Tools folder from the Start Menu. Expand Account policies ..then Password Policy Each of these options adds to the burden on the user logging in, but increases the security accordingly. Password history can be set to prevent a user reusing the same set of passwords over and over, as these might be inadvertently disclosed or guessed. Up to 24 passwords can be remembered, Passwords need to be changed regularly. How frequently they should change is determined by these two settings. The maximum settings makes a user refresh a password after a set period of time, whilst the minimum age prevents a user changing his password too often. The maximum value for both settings is 999 days. A longer password is harder to crack. Therefore a user can be required to use a password of a minimum length. 7 characters is recommended for most networks. Up to 14 characters is the most that can be required by the security policy. A machine will accept a password of 127 characters Although secure, very long passwords are a nuisance as users tend to forget passwords and assigning a very long password requiring varied characters is making a rod for your own back as you will have to reset them. For less critical data and functions, simpler passwords can be acceptable.

    - 128 -

    Password complexity rules prevent a user using, for example, a long string of zeroes or their name as a password. Once enabled, an administrator might be warned that a new password doesnt meet complexity rules, but it wouldnt tell him what these are. Strangely, a user required to change a password at next login IS informed what the complexity rules are. ( See Security Considerations.) The complexity rules are fixed in unless the Microsoft Software Development kit is installed. The Default rules are as follows.

    Password Complexity Rules


    Passwords must be at least 6 characters (regardless of minimum lengths set in security policy). Passwords must contain characters from three of the following groups: capitals, lowercase letters, numerals, punctuation symbols. Passwords must not include a login name, or any of a users real names. Jo, JSmith, js1234, do not meet complexity rules Joh?#n, JS2ith, Js1234, meet complexity rules Connection to non-Windows machines requires CHAP authentication. For this, passwords are stored in an encrypted form so they can be more safely passed over a network. To set one of these policies, right-click on it and choose Properties. Set the number of characters required. 7 is recommended by Microsoft for most purposes. A user is free to use more. Click OK to complete this. The policy is now configured.

    Account Policies
    Malicious (or capricious) persons may occasionally attempt to guess at passwords, especially those for the administrator account. It is possible to deter this practice by locking out further attempts for a period of time.

    - 129 -

    If the Account Lockout Policy object is expanded, the pane of options is revealed. Lockout Duration determines how long attempts at login are ignored after a specific number of failed logons. This can be anywhere between 1 and 99999 minutes (over two months) The 0 minute option locks the machine until an administrator unlocks it. Lockout threshold determines how many wrong attempts at login are allowed before lockout. Up to 999 attempts can be allowed. A figure of zero permits unlimited guesses at the login name and password. The Reset Counter has its function in the following sort of scenario: A user mistypes her password a couple of times and, to avoid the inconvenience of being locked out for the next half hour, chooses to wait a shorter period of time before making another hopefully correct attempt. There is a logical connection between these three lockout policy settings, and a change in one has an implication for the others. By way of illustration, right-click on the Lockout Threshold item and select Properties. Select a sensible figure for the number of invalid logon attempts, and see what happens when OK is clicked. Whichever option is set, this dialogue box appears to suggest reasonable settings for the other two. Click OK to review all the settings which result. The suggested selection of settings is usually entirely reasonable.

    Local Policies
    Expand Local Policies. Expand Security Options. These are some of the options that can be configured as part of a security policy. Some, all or none of these options can be configured depending on your requirements. For example If the security requirements of the local machine dictate that the last users name not be displayed in the logon screen then, Right click on this setting and select properties. Enabling this setting is simply a matter of checking the radio button: and clicking OK. - 130 -

    Now the security list has this setting listed as Enabled.

    User Rights Assignment


    User rights assignment determines which users or groups have logon or task privileges on the computer. Using these is the best and most flexible way to secure a workstation, while still permitting access to a variety of users. Remember that these can be set locally, but domain-wide settings can override these. Theres a lot of them, and they each have their uses, depending upon the circumstances of the Company using the network. For example users can be given Back up and restore rights by selecting this option. Notice the default groups that have this privilege are the Administrators and Backup Operators group. Additional Users and Groups can easily be added from here by selecting the Add User or Group button.

    Auditing and Audit Policies


    Auditing allows you to log security related events on the local computer. These events can be anything from a user logging on, to a specific file being accessed. Security events can be either audited for success or failure or both. You should only audit what is absolutely necessary as auditing can use up valuable disk space. By default Windows Server 2003 has auditing already enabled. However a Windows XP or 2000 machine does not. All auditing events are logged to the event viewer. The event viewer is covered in the Monitoring and Optimisation Module. Selecting the Audit Policy folder reveals the options above. The most common types of events that are audited apart from the default options are: 1. Access to objects, such as files and folders 2. Management of user and group accounts. Account logon events relate to user accounts who are logging on to this computer over the network from another machine. This option is mainly used on Domain Controllers. Every time a change is made to a user account an account management event is audited.

    - 131 -

    Directory Service is used to audit access to Active Directory Objects. Again, this is more useful on a Domain. Auditing Logon events is a useful option because it allows you to log who is logging on to the local machine. Object access can be used to audit access to resources on the local machine. As well as enabling it here the object will also need to be configured. Policy Change audits will log anything relating to security policies being modified on the machine. Users who are using their privileges to perform tasks on the machines can be logged by enabling Audit privilege use. Process tracking can be used to log which processes are running on the machine. This should be not be enabled unless absolutely necessary because of the large amount of entries it can create. The Audit system events setting determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. Right-click on the item to be audited and select Properties. (Alternatively, click on the Action button in the toolbar.) Checking either or both of these boxes is all thats required to enable auditing of logon events. Click OK to close this window. confirm that auditing for this action has been enabled. The event viewer contains a security log which shows audit events. Double-click on an entry to view its contents. This entry shows that someone attempted to login as an Administrator and failed to type the correct password. From here the date, time and the machine which was used to make the logon attempt can be seen. Sometimes details need to be printed to a file. Clicking here copies the details to the clipboard. - 132 -

    Auditing Object Access


    Auditing Object Access allows you to log when specific resources on the machine are accessed, e.g. A file. Auditing Object Access is a two stage process. Object Access Auditing firstly needs to be enabled for either success, failure or success and failure and then the object needs to be configured. Right-click on the object to be audited, e.g. a file on an NTFS partition. Select the security tab and click Advanced. Select the Auditing Tab. Click on Add to add an audit entry. Choose a user and click OK. And then specify what you want auditing on the file. If an attempt is made to delete this file by the user Ross Jackson an entry will be added to the security log.

    Refreshing Policies
    Security Policies arent immediately applied to the machine and often a restart is required. However a command line utility gpupdate can be used to refresh the computers security policy without a restart. The command gpupdate /target:computer can be used to refresh the computer policy. The gpupdate /target:user policy is used when refreshing user group policy settings, which are covered later.

    - 133 -

    Local Group Policy


    Group Policies are a convenient way for an administrator to prescribe the behaviour of computers, and the rights and permissions of users, from a single console. Group Policies can be applied to single computer and its users, or to wider groups such as domains. A local computer can have only one group policy (a Group Policy Object) in operation. A group policy MMC is not installed by default on a local machine, but part of its content appears as the Local Security Policy MMC, which is installed by default. The MMC Console is called from START > RUN. Add the group policy console from the Add/Remove Snap-ins Wizard. Options here fall into two broad groups, namely settings for the machine as a whole, and settings for the users of the machine. Software Settings is really only of use within a domain where programs are published or assigned. Windows Settings is more relevant until the computer is joined to a domain. This is a way to specify programs to run before the user begins to interact with Windows. Double-click on the item to view its properties. No script files have been selected, but one can be added now: Browse to find a file in the Start-up folder. One way to specify that all the scripts execute at the same time as far as possible is to use the Administrative Templates facility expand System Then Scripts. There is a bewildering array of options, here. Fortunately, there are explanations for each policy setting Double-click on Run startup scripts asynchronously.

    - 134 -

    select the appropriate radio button. The Explain tab gives a detailed explanation of the objects function The previous and next policy buttons allow the administrator to scroll through all the available policies until he finds one that fulfils his requirements The quick scan facility is very useful in view of the enormous number of options available: The best way to get familiar will all of these settings is to play around with them. Be careful not to lock yourself out of the machine. There are as many options again for configuring users rights As can be seen from the panel on the left. The foregoing configuration opportunities give an administrator a wide range of options for setting security. However, a basic list of essential security features might include disabling the following :

    Command Prompt, Control Panel, MMC, Installing programs from floppy, CD or DVD, Shutdown, Previous Login name, Registry editing tools

    (You might also consider configuring a Web Home Page.) Group Policy is applied to the machine and all users of it including the Administrator. He can permanently remove his own control.

    - 135 -

    Security Templates
    Security settings can be set through predefined Security Templates. There are various grades of these of increasingly restrictive security. Each of them can be customised, and saved to be used in various group policies for local machines and domains. This is such a handy and much-used facility that there is an MMC Snap in just for it: The Security Templates snap-in is used to manage security templates. This tool permits an existing template to be customised if required and saved in the default folder systemroot\security\templates as an .inf file, for deployment later. These templates have descriptive names. For example workstations (wk ws, or w), servers (sv or s) and domain controllers (dc) are clearly indicated. This is a useful aide-memoire for the exam. Compatible Templates This is needed for compatibility with older applications. These applications should be run under Power Users accounts. Secure Templates Amongst other things, these have restricted settings for Security options in Account Policies. Windows NT 4.0 machines must have Service Pack 4 installed to use this Highly Secure Templates Communicates only with Windows 2000+ machines, empties the Power Users group, protects network traffic with IPSec. Setup security This is the default policy applied to servers and clients and can be used to restore a machine to its original settings. rootsec Rootsec applies permissions to the root of the system drive and all its subfolders

    - 136 -

    iesacls Iesacls sets permissions on registry keys for internet explorer. While its perfectly possible to edit the .inf files in the Templates folder using Notepad, a safer alternative is suggested here. Highlight an existing template and save it under a different name. (Right-click and select Save As) Settings can then be viewed and altered just as if you are editing the local security policy. Security templates can be easily transferred to other machines and applied. Templates are also a great way of backing up your security settings.

    Security Configuration & Analysis


    Analysis is done by comparing the current system security settings against a security template imported to a personal database. This template contains the preferred or recommended security settings (base configuration). Values found are compared to the base configuration. If the current system settings match the base configuration settings, they are assumed to be correct. If not, the attributes in question are displayed for investigation. To perform analysis and configuration using a security template the Security Configuration and Analysis MMC snap-in is used. The first time the Security Configuration and Analysis MMC is created and opened, no database has been defined. The instructions about how to proceed are quite clear, however! No existing databases are available, so create oneand click Open A template for comparison needs to be selected here, Now click Open. The security settings may now be adjusted (Configured) or examined (Analysed). Its recommended that an analysis is done first. Right-click on Security Configuration and Analysis and Select Analyze Computer Now. The results of the analysis need to be collected into a log file. Windows makes a suggestion for the location of this log but other locations can be selected. - 137 -

    Clicking here reveals the analysing display. This checks items as they are compared with the model in the database. Nothing appears to have happened after all this, but the items which might need to be altered appear in the tree. To find out if anything needs to be altered, the log file needs to be viewed. Right click here and select view log file. There are two displays of the analysis results here, shown in the left and right panes. Scroll the right pane, looking for the flagged mismatches. The analysis can be displayed graphically by browsing through the various policy folders. Items with a red-cross do not match the settings in the template. You can then apply the template to the machine by right-clicking on Security Configuration and Analysis. And selecting Configure Computer Now. All settings in the template are now applied to the computer. N.B. You will need to reanalyze the computer to obtain this page.

    Using the Command Line


    As well as using the easy to use MMC tools Microsoft Windows ships with the secedit utility which can be used to apply templates via the command line. Secedit is a more powerful option because it allows you to apply specific parts of a template rather than the entire template. For more information on how to use the Secedit command run secedit help from a command prompt.

    - 138 -

    Configuring services
    There are a great many services within the Windows operating system. Services are normally accessed from other applications e.g. When the computer needs an IP address from a DHCP server a call is made to the DHCP client service to contact a DHCP server and request an IP address. Services can be started in 2 ways: Automatically. The service is started as by the operating system when needed and runs continually until the operating system shuts down. e.g. the event log, thus logging all events occurring on the machine. Manually. The administrator accesses the service and manually starts the service. e.g. the routing service. Routing service is only required if the machine is performing routing functions. Services can be configured from the Services Management Console from Computer Management. Expand Services and Applications. Open the Services Console. This console can also be added as a snap-in to an MMC console (See Earlier). The Services Console shows a list of all the services currently installed on the computer as well as there status. Rightclick on a Service to view its configuration options. The Service can be Started, Stopped, Paused and Restarted from the rightclick menu. Select Properties to configure the service. An explanation of the service is shown. The Service status shows that the service is currently not running. Click on Startup type to configure how the service will be started. Automatic specifies that the service is started when needed by the computer. Manual specifies that it can only be started Manually and Disabled completely disables the service. The Service has now been disabled and cannot be started by the Operating System unless enabled again.

    - 139 -

    The Log On tab specifies which user the service will run as well as which hardware profile it will use. The Recovery Tab specifies which failovers to use if the service doesnt start. Some services are absolutely vital to the proper functioning of the computer. Some services depend on other services. The Dependencies Tab shows this. If other services depend on this service then they would also stop when this service is stopped. You should take the time to become familiar with the various services as you will need this knowledge later when designing and implementing security.

    - 140 -

    The Backup Utility


    One of the most important tasks for any network administrator is the creation and management of a solid backup and restore procedure. Microsoft Windows Server 2003 provides many powerful tools that will enable you to perform backups of local and remote data, active directory and open and locked files. Windows provides a powerful utility for this purpose known as the Backup Utility or ntbackup. The Backup Utility will enable you to schedule backups for periods of low utilization, such as during the night, additionally the backup utility also supports Incremental, Differential and System State Backups.

    Backup Types
    When using the backup utility you must decide which backup type to perform. The different backup types relate in one way or another to an attribute maintained by every file, this attribute is known as the The Archive Attribute. The archive (A) attribute is a flag that is set whenever a file is created or changed. Once a file has been backed up, the archive bit is cleared until the file is modified. You can also modify this attribute manually. To do this, right-click on any file, select Properties and then Advanced. The archive flag can then be set by using the File is ready for archiving control.

    Normal Backups
    With a normal backup, all selected files and folders are backed up. As each file is backed up, the archive attribute is cleared. A normal backup does not use the archive attribute to determine which files to backup. Every backup strategy should begin with a normal backup. A normal backup is often the most time and space consuming method. However, restores from a normal backup are the most efficient.

    Incremental Backups
    With incremental backups, selected files with the archive attribute set are backed up. The archive bit for the file is then cleared. If you perform an incremental backup one day after a normal backup, the job will contain only files that were created or changed during the day. Incremental backups are the fastest and smallest type of backup. However, they are less efficient to restore. You must first restore a normal backup and then restore, in order of creation, each incremental backup.

    - 141 -

    Differential Backups
    With differential backups, selected files with the archive attribute are backed up, but the archive attribute is not cleared. A differential backup will contain files that have changed since the last normal or incremental backup but not the last differential backup. Differential backups are more efficient than incremental backups, however they may take up a lot of space. To restore a system, you would perform a normal backup followed by the most recent differential backup.

    Incremental Backup Strategy


    Monday Normal Backup Tuesday Incremental Backup Wednesday Incremental Backup Thursday Incremental Backup Friday Incremental Backup In this backup strategy, all files are backed up on a Monday. All files that have changed each day are backed up with an Incremental Backup. If the server was to fail on a Thursday, then you would need to restore Mondays Normal backup, followed by Tuesdays and Wednesdays Incremental Backups.

    Differential Backup Strategy


    Monday Normal Backup Tuesday Differential Backup Wednesday Differential Backup Thursday Differential Backup Friday Differential Backup

    - 142 -

    With a Differential backup strategy, all files are backed up on a Monday. All files that have changed since the normal backup are backed up with each Differential Backup. If the hard disk fails on the server on a Friday, then you would restore Mondays Normal Backup, followed by Thursdays Differential Backup.

    Backup Types
    With copy backups, all selected files and folders are backed up. A copy backup neither clears or uses the archive bit. A copy backup can be used to copy or backup the computer without affecting a normal backup schedule. With daily backups, all selected files and folders that have changed during the day are backed up based on the modify date of the files. The archive attribute is neither used or cleared. Daily backups can be used to perform a backup without affecting a normal backup schedule.

    - 143 -

    Performing a Backup
    This lesson will show you, step by step, how to perform the various types of backup as described in the previous lesson. In the following example, the C:\Data folder will be backed up using the Backup Utility. Notice that the A (Archive Attribute) is currently set for all of the files. The backup utility can be quickly accessed by typing the command ntbackup. By default, the Backup Utility will use Wizard Mode. Uncheck the Always start in wizard mode checkbox. Select Advanced Mode, which enables you to configure the backup exactly as you want it. Select the Backup tab. From the tree view, select the location of the backup. Check the box next to the folder you wish to backup, e.g. Data. You can also backup an entire drive by selecting the checkbox next to the relevant drive letter. Once you have selected all the files you wish to backup, you can save the selection by clicking Job. And selecting Save Selections. Choose a name for the backup selection and click Save. You can now open the backup selection each time you perform a backup, rather than reselecting all of the files. Next, specify a location for the backup, e.g. A network share or removable hard disk. Once a location has been specified, select the Start Backup button.

    - 144 -

    Because this is a new backup, you should select the Replace the data on the media with this backup radio button. Select the Advanced Option. The Disable volume shadow copy option allows the backup of locked and open files. If this option is selected, some files that are open or in use might be skipped. You can choose the Backup type from the Backup Type drop-down list. In this case, a Normal backup is required. Click on OK once all options have been configured. To begin the backup select Start Backup. The backup will then begin. Once completed, you can either view a Report or Close the Backup dialog box. Notice that the Archive attribute on the files in the data folder have now been cleared. The backup has been saved to the network share as databackup.bkf.

    Performing a Differential Backup


    In this scenario, a differential backup is performed the day after the normal backup. Because the current.txt file has been modified, the archive attribute is set. Open the ntbackup utility and select Job. Select Load Selections. And open the backup selection saved previously. Specify a new name for the backup file. Select Start Backup. Click the Advanced Button. - 145 -

    Select the Backup type drop-down list. Select the Differential Option. Click on OK once all options have been configured. Click on Start Backup to begin the backup process. Once the backup is complete, click on Close. Notice that the archive bit on the modified file stays selected. The differential backup will only contain this file.

    Performing an Incremental Backup


    With an incremental backup, the archive bit will be cleared. In this example, two files in the folder have been modified since the normal backup. Again, using the ntbackup utility, open the backup selection, and begin the backup process. This time, select the Incremental Backup type. Once the backup has finished, click on Close. Notice that, unlike a differential backup, the archive bit has now been cleared.

    Creating a Backup Schedule


    Incremental Backup Strategy
    Monday Normal Backup of entire computer Tuesday Incremental Backup of Data folder Wednesday Incremental Backup of Data folder Thursday Incremental Backup of Data folder Friday Incremental Backup of Data folder - 146 -

    The backup utility allows you to schedule backup jobs to run at pre-set times. In this example, every Monday a normal backup of the entire computer is performed. Every Tuesday, Wednesday, Thursday and Friday nights, an incremental backup of the data folder is performed. Launch the ntbackup utility and select the Schedule Jobs tab. Select the Add Job button. Click on Next to continue. Select which files you would like to backup, in this case Back up everything on this computer. Once selected, click Next. Choose a name and location for the backup and click Next. Ensure Normal backup is selected and click Next. Click on Next to continue. Because this is a normal backup, data should not be appended to the end of an existing backup. Select the Replace the existing backup radio button. Click on Next to continue. Choose a name for the Schedule and then select the Set Schedule button. Using the Schedule options, a backup schedule for the job can be set. In this example, a normal backup will be performed every Monday night. Click on OK to continue. The scheduled task will need to run with the permissions of a user with the relevant rights, e.g. A member of the Administrators or Backup Operators group. Click on OK to continue. Click on Next to continue. Click on Finish to close the wizard.

    - 147 -

    The normal backup job has now been created. Click on Add Job to create the incremental backup schedule. Click on Next to continue. Select which files you would like to backup, in this case Back up selected files, drives, or network data. Once selected, click Next. Select the files to be backed up. Click on Next to continue. Click on Next to continue. Select the Backup type drop-down list and select Incremental. Click on Next to continue. Click on Next to continue. Because this is an incremental backup, it is often easier to append data to the end of an existing backup. Click on Next to continue. N.B. You should set the Tuesday backup to replace the existing backup . Choose a name for the backup job and click Set Schedule. Choose a schedule from the available options. The backup will be performed at midnight every Tuesday, Wednesday, Thursday, and Friday. Click on Next to continue. Click on Next to continue. Click on Finish to close the wizard. The backup schedule has now been set.

    - 148 -

    Restoring Data
    Restoring a normal backup is a straightforward procedure, however when restoring data from incremental or differential backups, you will often need to restore both the normal backup and the relevant incremental backups, or differential backup. The ntbackup utility is used to restore data from a backup. Select the Restore and Manage Media tab. When performing a complete restore, you should always start with the normal backup. Select the box next to the backup media. The Data folder will be restored to its original location, although this can be changed by selecting the Restore files to drop-down list. Once configured, select the Start Restore button. Click on OK to begin the restore process. Click on Close once the restore has complete.

    - 149 -

    The Recovery Console


    The Recovery Console is a text-mode command interpreter that allows you to access the hard disk of a computer running Windows Server 2003 for basic troubleshooting and system maintenance. The Recovery Console is particularly useful when the operating system cannot be started, as the recovery console can be used to run diagnostics, disable drivers and services, replace files, and partition disks. You can start the recovery console by booting from the Windows Server 2003 CD-ROM and, when prompted, pressing R to choose the repair and recover option. Alternatively, you install the recovery console and use it as a standard boot-up option. This option is preferred since the Windows Server 2003 CD-ROM is not needed. To install the Recovery Console, insert the Windows Server 2003 CD-ROM and from a command-prompt use the winnt32 command with the /cmdcons switch. For example e:\i386\winnt32 /cmdcons will use the winnt32 command from the Windows Server 2003 CD-ROM with the /cmdcons switch. Click on Yes to install the Recovery Console. The Recovery Console is then installed. Once installed, Click on OK. The Recovery Console can now be accessed from the boot choices menu when starting the computer. To load the Recovery Console hit Enter. The Console is then loaded. Choose which operating system you would like to log onto, in this case 1. Specify the Administrator password. Once logged in you can access various options from the installation: Listsvc: Displays the services and drivers that are listed in the registry as well as their startup settings. You can use this to find out the name of a driver or service that is causing a problem. - 150 -

    Enable/Disable: Controls the start-up status of a service or driver. You can obtain the name of the service or driver by using the listsvc command. Diskpart: Provides the ability to create and delete partitions by using an interface similar to that of the text-based portion of setup. Bootcfg: Enables you to manage the start-up menu. For more options specify Help at the command line. Or for help on a specific command type help command. e.g. The listsvc command shows a list of all services and drivers on the machine as well as their status. The command disable messenger will prevent the messenger service from starting.

    - 151 -

    Transmission Control Protocol/Internet Protocol (TCP/IP)


    In order for communication to occur on a network all parties must use a common language. In IT networks this is known as a protocol. There are many different protocols available for computer networks. The most common and widely used being TCP/IP. TCP/IP is the standard protocol that is used on the internet. In order for any network to access the internet you must use the TCP/IP protocol suite. TCP/IP is required by Active Directory. For this reason, TCP/IP is the default protocol for Windows XP and 2003.

    Protocols
    Reference is often made to the TCP/IP stack. This consists of layers of mini applications which perform the discrete job of sorting and filtering the data packets picked up by the NIC and then passing the packet on to the next layer for further processing. Eventually a coherent message pops out of the top of the stack into the operating system for the user to read. The reverse is also true i.e. converting of the reply into data packets that can be sent over the network media. The layers in a TCP/IP stack write headers for network messages as well as decoding them. Each level in the stack adds a portion to the network packet which its counterpart in the receiving computer will understand. Strictly speaking, the NIC isnt part of TCP/IP, but protocols are bound to a particular adapter. At the receiving computer, the headers are stripped off as they pass up through the TCP/IP stack until only the bare payload is presented to the user.

    The DOD Four Layer Model

    - 152 -

    TCP/IP is often referred to as the TCP/IP protocol suite. TCP/IP is in fact a group of protocols/applications working together to provide network communication. TCP/IP was invented by the US Department of Defence (DOD) to allow machines to communicate over a network. It is a simpler model than the 7 layer OSI model. The different components of TCP/IP all function at different layers. These layers group the different components into four different categories.

    The Application Layer


    The Application Layer contains the applications that use TCP/IP such as Internet Explorer and Outlook. The Application Layer also contains Application Programming Interfaces (API) such as Winsock, which enables applications to use TCP/IP.

    The Transport Layer


    The Transport Layer is responsible for the transfer of data on the network. There are two different transport protocols TCP and UDP. Both protocols provide transport but work in different ways.

    Transmission Control Protocol (TCP)


    TCP is a connection-orientated protocol. Both sides confirm that the data is being sent and received.

    User Datagram Protocol (UDP)


    UDP is a connectionless-orientated Protocol. Both computers presume the other side has received the data. As an example, name resolution uses UDP. If the query fails then a TCP name query is made.

    The Internet Layer


    To send data the sender must have a method of distinguishing the recipient. This is called an IP address and they take the form of a unique number on the network . The Internet Protocol is responsible for these addresses. The Internet Control Messaging Protocol (ICMP) is used to test connectivity between machines by sending ICMP messages using the PING command. The Internet Group Messaging Protocol (IGMP) is used to send data to groups of machines, e.g. Streaming Video. This is known as Multicast. The Address Resolution Protocol (ARP) is responsible for changing an IP address into the network cards physical address.

    - 153 -

    Every network card has a unique physical address hardwired into the card itself which is needed for communication on a network.

    The Physical Layer


    The Physical Layer is responsible for the actual physical media and how the data is sent to another machine, e.g. Fibre Optic, ATM. There are many ways to send data down the cable, the most common technologies for LANs are Token Ring and Ethernet. In order for two machines to communicate they must be using the same technology or be connected via a bridge.

    - 154 -

    Binary Numbers
    The thinking bits of a computer use flip-flops to show up or down or on or off. Its just as easy to think of these as on/off light bulbs. Arrays of these flip-flops are used for storing and manipulating numbers. The point is that they can only have two states like a light bulb. These two states can also be stores as N/S magnets on a hard disk, or pits in foil on CD, or high and low voltages in a cable etc. etc. Computers similarly use groups of switches to represent numbers and perform calculations. These groups of switches are known as registers and show numbers in Binary form. Denary numbers (which we also call Decimal) use 10 symbols to represent numbers 0123456789, whereas Binary needs just two symbols 01. The number of digits in a binary number can be represented by a corresponding number of switches. In computer parlance, these are bits. A bit is either a 1 or a 0. The different bits in a binary number represent different values which are used to create a number.

    If the bit is switched on (1) then we use that bit. If the bit is switched off (0) then we ignore it. Add all the (1) switches together, 128+64+16+8+1, and you get the number 217. So the binary number for 217 is 11011001.

    Binary Number Examples


    11111010 128+64+32+16+8+2=250 00011010 16+8+2=26 11110000 128+64+32+16=240

    - 155 -

    The IP Address
    Every computer on a network and the internet needs an address. This address is known as an IP address. Two computers can never have the same address. An IP Address is a group of 4 eight bit binary numbers represented in decimal. Each number is separated by a period, e.g. 10.1.0.1. Any machines that are connected to a network will each need a unique address. Two machines cannot use the same address. The IP address is divided into the network ID and the host ID. The network ID represents what network the machine is on. For two machines to communicate they have to be using the same network ID. The host ID represents a unique number assigned to the machine attached to the end of the network ID. For two machines to communicate they need to Have the same network address. They must, however have different host numbers. A machine can identify which part of its IP address is the host ID and which part is the network ID by using a set of numbers called a subnet mask.

    Subnet Masks
    As well as an IP address every machine using TCP/IP needs a subnet mask. The subnet mask splits the IP address into two parts, allowing the computer to identify which part is the network ID and which part is the host ID. The subnet mask divides the IP address into two parts by using on (1) and off (0) switches. 1 represents a network ID and 0 represents a host ID. A computer with an IP address of 10.1.0.1 and a subnet mask of 255.255.0.0 would have a network ID of 10.1 and a host ID of 0.1. This is worked out by converting both numbers into binary.

    10 .1 .0. 1 00001010.00000001.00000000.00000001 255 .255. 0. 0 11111111.11111111.00000000.00000000 Using the subnet mask, divide the IP address up by using the 1s to represent the network ID and the 0s to represent the host ID. 00001010.00000001.00000000.00000001 11111111.11111111.00000000.00000000.

    - 156 -

    Using this, we can assume that the network ID is 00001010.00000001 (10.1) and the host ID is 00000000.00000001 (0.1). A subnet mask doesnt have to be a full octet. It is possible to use a subnet mask that is only a partial octet. For example 255.255.240.0: This enables the administrator to create custom subnets to divide a private network into several discrete sub- networks

    Bit Notation
    An easier way of writing an IP address and its subnet mask is by using the form xxx.xxx.xxx.xxx/bits in the mask. The address 10.1.0.1 with a subnet mask of 255.255.0.0 can also be written as 10.1.0.1/16. This form of notation shows the number of Bits in the subnet mask, e.g. /8 represents 11111111.00000000.00000000.00000000 or 255.0.0.0. /20 would represent 11111111.11111111.11110000.00000000 or 255.255.240.0.

    IP Address Classes
    When TCP/IP first appeared, IP addresses were placed into different classes A,B,C and D. The subnet mask of the machine would be determined by its IP address class. To determine what class an IP address is , refer to the first octet of the address, e.g. 100 for 100.23.23.1 To determine what class an IP address is , refer to the first octet of the address, e.g. 100 for 100.23.23.1 Class Subnet Mask Host IDs A 255.0.0.0 16,777,214 B 255.255.0.0 65,534 C 255.255.255.0 254 D 255.255.255.255 (Multicast) N/A

    - 157 -

    Of the 32 bits available, the bits required for the network ID cant be used. In a class B network for example this takes away 16 bits, leaving 16 bits for the host addresses. This can be used to make numbers up to 65536 (2 to the power 16). Host addresses using all 1s or all 0s are reserved for special use, hence the figure in the above table of 65534. You have been assigned the address 134.34.0.0/20, how many hosts will you have? /20 represents the subnet mask of 11111111.11111111.11110000.00000000 (255.255.240.0) Therefore the Host ID is 0000.00000000, giving a total of 12 host IDs to play with. Therefore (212)-2=4094. So there are 4092 different host IDs Why take off 2? Two host ID addresses are reserved for every network. If the host ID contains all 0s it represents the Network it is on and cant be used, e.g. 10.1.0.0/24 (00000000) is invalid. This is known as the Network Address. If the host ID contains all 1s then this represents every computer in the network. This is known as the Broadcast Address, e.g. 194.34.23.255/24 (11111111) represents every computer in the 194.34.23 network. Reserved addresses: If the host part of the address is all zeroes, this looks similar to the subnet mask and is called the Network Address. By convention, this address is not used for any host. If the host part of the address is all ones, this represents not a single host but all hosts on that network. It is termed the broadcast address, and it shouldnt be used for any host. Although these days you can have any subnet mask, classes are still used when a subnet mask isnt given. There are a number of private address ranges available for use in internal networks. These addresses will never be seen on the internet. As internet routers will not pass packets that originate from these addresses. Class A : 10.0.0.0 10.255.255.255 Class B : 172.16.0.0 172.31.255.255 Class C : 192.168.0.0 192.168.255.255

    Custom Subnet Masks


    Imagine a scenario where you have been assigned the address range 193.28.34.0 for your companys network. You need to have 14 separate networks each with ten computers in. - 158 -

    193.28.34.0 is a class C address which means you have 254 hosts but only the one network (the 193.28.34) network. Considering that you only need 10 hosts and not 254 we can take some of the host IDs and turn them into Network IDs. You can do that by creating a custom subnet mask We have the 8 host digits to play with. This equates to (28)-2=254 addresses. However we only need 140. Some of the host IDs can be used as network IDs.

    Routers
    Routers are network devices that are used to connect separate networks and to enable network traffic to pass between the networks. We have seen that machines on separate networks cannot pass data between themselves without assistance. A router or default gateway passes data to addresses that are not on the senders network. With the help of a router computers on both networks would be able to communicate. The router is physically connected to both networks and has two IP addresses. When a client wants to send a packet out on the network it checks the network ID of the destination machine. If it is different from its own it would send the packet to its default gateway. Routers can communicate with other routers so that network packets can be passed to their correct destinations. A network packet travelling out on the internet may pass through several routers before reaching its target. Each router forwards the packet on to the next router until it either reaches or fails to reach its destination. Routing is covered in much greater detail later on in this course.

    - 159 -

    Configuring TCP/IP
    This free lesson will teach you how to configure TCP/IP in windows and how to use the ipconfig command. To configure TCP/IP click on Start. Right-click on My Network Places. Select Properties. Right-click on the connection you want to configure select Properties. Highlight Internet Protocol (TCP/IP). Select Properties. machine is currently configured to obtain an IP address automatically. Select Use the following IP address and fill out the relevant details. Additional gateways and IP addresses can be added clicking the Advanced Button ..and configuring the appropriate options. by This and

    Using the ipconfig command


    The ipconfig command can be used to display IP address information from a command prompt Running ipconfig with /all switch produces a much more verbose display.

    - 160 -

    Internet Connection Firewall


    Windows XP ships with a basic built-in firewall. The firewall helps protect the computer from outside attacks on the internet. A firewall controls which network traffic is allowed in and out of a computer. It does this by opening and closing ports. When communications take place between two machines different port numbers are used depending on the service. As an example a Web Browser will communicate with a Web Server on port 80, which is the default port for HTTP (The language used to display web pages). There a thousands of port numbers available many of the lower range numbers being reserved for common services. A few of the common port numbers are listed below. Port 80: HTTP (Web Pages) Port 21: FTP (File Transfer Protocol) Port 25: SMTP (E-Mail) Port 110: POP3 (E-Mail) Port 443: SSL (Secure Web Pages) A hacker can sometimes compromise security on a machine by gaining access to the machine through an unused port. A Trojan horse virus opens a port on a client machine allowing a hacker to gain access to the machine. A firewall can be configured to allow only specific ports in and out of the computer thus greatly reducing the risk of a cracker gaining access. To enable and configure the Internet Connection Firewall navigate to the properties of your network connection and selected Advanced. Check the Internet Connection Firewall box to enable the firewall. And select Settings to configure it. A list of services allowed to connect to this machine is shown. New services can be added by selecting Add. And filling out the details for the service. For example this machine is hosting a Puma chat room server. Click on OK to add the service. - 161 -

    Connections on port 270 are now allowed to connect to this machine. The Security Logging Tab specifies settings relating to the security log. For example you can log any unsuccessful connections. The ICMP tab can be used to configure ICMP packets on the computer. ICMP packets are used during ping requests. The options for the Internet Connection Firewall have been improved slightly for Windows XP Service Pack 2 however the principals remain exactly the same. Although the firewall is good enough to protect home users, for larger corporate networks and servers a third-party firewall should be used such as Microsoft ISA server.

    - 162 -

    Troubleshooting TCP/IP
    These are the two main utilities for troubleshooting TCP/IP: ping used to test connectivity ipconfig used to view IP address information. Before launching into detailed settings investigation, always check that the hub/switch has power to it, or that the network cable hasnt been pulled out. The ping command does the following: Verifies connections to one or more remote computers by sending ICMP echo packets to the computer and listening for echo reply packets. Waits for up to one second for each packet sent. Prints the number of packets transmitted and received. Each received packet is validated against the transmitted message to check that no data loss occurs. The first item to ping is the local NIC. The loopback address is 127.0.0.1. (Pinging localhost does pretty much the same thing.). If this fails then either your TCP/IP stack isnt installed correctly, or the network card is not functioning. The first item to ping is the local NIC. The loopback address is 127.0.0.1. (Pinging localhost does pretty much the same thing.). If this fails then either your TCP/IP stack isnt installed correctly, or the network card is not functioning. Note that an address or computer name can be pinged. Here a computer jacklap (ip address 10.1.0.104) cant be pinged. This doesnt necessarily imply a connection problem. It may be a name resolution problem, and can be tested by pinging the ip address. If you can ping your own machine and others on the local network, then try pinging the default gateway. A message such as the one above implies that either the address is a

    - 163 -

    wrong one, or if the report reads destination host unavailable then there may a problem with the gateway machine (router).

    Ipconfig
    Default gateways or DNS servers can be discovered using the Ipconfig utility. Typing Ipconfig at a command prompt brings up useful information. No settings can be altered from this window, but it reports the current settings for TCP/IP. Typing Ipconfig with the /all switch presents additional items such as the adapters MAC address and name resolution information.

    - 164 -

    Interoperability
    This free lessons gives an overview of the Interoperability modules NWLink and Appletalk.

    NWLink Overview
    Novell NetWare systems uses the IPX/SPX protocol to communicate. Microsoft has its own implementation of IPX/SPX known as NWLink. NWLink enables Microsoft machines to communicate with Novell machines. Windows XP and Windows Server 2003 32Bit editions both ship with NWLink. Although newer NetWare systems now use TCP/IP. IPX/SPX will need to be installed on the NetWare system and NWLink on the Microsoft system. As well as installing NWLink, a gateway service will also need to be installed this enables the two operating systems to share and access resources. IPX/SPX uses the network interface cards MAC address for communicating. Every network card has a unique address called the MAC address. No two network cards will ever have the same MAC address.

    The AppleTalk Protocol


    The AppleTalk protocol is required to provide interoperability with Macintosh computers, AppleTalk is provided with Windows 2003. AppleTalk is a routable protocol and a Windows 2003 Server can act as a router for the Macintosh machines. Once the protocol is installed, the File Server and Print Server services for Macintosh also need to be installed. AppleTalk cant be used on the internet.

    - 165 -

    Installations
    These free lessons form part of the Microsoft Certified Professional exam 70-270: Installing, Configuring and Administering Windows XP Professional. The lessons are; Windows XP2003 Attended Installations Deploying Windows XP/2003 Upgrading to Windows XP2003 Files and Settings Transfer Wizard

    - 166 -

    - 167 -

    - 168 -

    - 169 -

    - 170 -

    - 171 -

    - 172 -

    - 173 -

    Terminal Services and Remote Administration Overview


    Using Terminal Services, a client can appear to run Windows Server 2003 locally. All the processing power is done by the server. Windows XP and Windows Server 2003 has a feature called Remote Desktop which will allow you to connect remotely to the computer and logon as if you are sat at the machine. Although Windows Server 2003 can be administered remotely by using an MMC or a Web Administration Interface it is still handy and necessary to be able to physically logon to the server to perform specific tasks. Windows XP and Windows Server 2003 has a feature called Remote Desktop which will allow you to connect remotely to the computer and logon as if you are sat at the machine. Once connected you will see the desktop as it is on the server and you will be able to work as if you were physically located at the machine. You can disconnect from the session at any time and reconnect to the same session, continuing where you left of. Using Windows XPs fast user switching you can easily transfer your desktop to another machine, e.g. To ask for assistance or to show a file on your desktop. Remote Desktop on Windows Server 2003 will allow two concurrent connections and doesnt require any special licenses. Remote Desktop can be further extended by enabling Terminal Services. Using Terminal Services, a client can appear to run Windows Server 2003 locally. All the processing power is done by the server. The server receives keyboard and mouse requests from the clients (terminals) and transmits the display back. Only one copy of Windows Server 2003 is required. Rather than installing a full version of Windows on every client, a Windows terminal server can be deployed instead. Clients whose hardware might not be supported by Windows can still take advantage of the Windows Server 2003 features. Clients can continue to use their old operating system and benefit from the features and applications from Windows Server 2003. Many different devices can act as terminal clients (called thin clients). e.g. A Windows 3.11 machine can run terminal services client and appear to be running Windows Server 2003. Although the client terminals can be very lowend machines with no hard-drive and no operating system, the clients will still need client

    - 174 -

    software to run terminal services. Terminal Services is also a good way to run applications such as Microsoft Office on incompatible clients. N.B. Once a server is installed with Terminal Services, applications MUST be installed by using Add/Remove Programs from the Control Panel.

    Remote Administration

    Unlike Remote Desktop, Terminal Services requires licenses. However Terminal Services allows a lot more clients to connect and enables the use of application sharing. Terminal Services can only be enabled on a machine running Windows Server 2003.

    Terminal Services Overview


    Using Terminal Services, users can log in multiple times to the same server using different sessions. This allows users to perform many tasks at once. Users can easily cut and paste between applications running locally and applications running on the Terminal Server. Using Remote Control, two users can use the same terminal session, in other words one user can control and view another users session. This can be used to train users or diagnose problems. Printers that are connected locally to the client will continue to work from a terminal session. Terminal Services and Remote Desktop use the RDP (Remote Desktop Protocol) v5.2. A terminal session can be disconnected and reconnected at a later time from another client. The session will effectively remain active until logged off or closed by the server. The logon process is also encrypted and such things as the number of logon attempts can be controlled through security policies. Data transmitted between the client and server can also be encrypted at four different levels (low, compatible, FIPS compliant or high). User Accounts created locally on the terminal server or in Active Directory can be used with terminal services.

    - 175 -

    Terminal Services Requirements


    The hardware requirements for a Terminal Server depend upon on how many clients will be connecting and what the clients will be doing once connected. A Terminal Server requires at least the recommended Windows Server 2003 requirements plus an additional 10Mb RAM for each client connecting. All though not a requirement, using SCSI disk drives can greatly improve performance. You could also use a high-performance bus architecture such as EISA or PCI. Since many clients will be connecting simultaneously, using a high performance network card will help. You could also install two adapters and dedicate one adapter solely to the RDP protocol. When running Terminal Services, ensure that only 32-bit applications are used. In order to run 16-bit applications, Windows uses an emulation service called Windows-on-Windows (WOW), which consumes a lot of system resources. Because 16-bit applications will take up more system resources than 32-bit applications its better to use solely 32-bit applications. Terminal Services client runs on a variety of machines. They must support VGA and have at least 4MB of memory. Terminal Services client is available to Windows-based terminals and Intel & Alpha based computers running Windows for Workgroups 3.11, 95, 98, NT 3.51, NT 4.0 2000, XP and 2003. There is also third-party support for Macintosh and UNIX-based computers.

    Terminal Services Licences


    Terminal Services has its own licensing method. A Terminal Client must have a valid licence when connecting to a Terminal Server. Either a Windows 2003 Terminal Services Client Access License or a Windows Server 2003 license is required as well as a Client Access License (CAL). Windows 2003 machines that are used as clients already have a Terminal Services Client Access License. You can use Terminal Services for 90 days before you need to install Terminal Services Licensing and Activate them. N.B. Even after 90 days you will still be able to use Remote Desktop and Remote Assistance connections.

    - 176 -

    Remote Assistance
    As well as a Remote Desktop connection users can also use a feature called Remote Assistance. Remote Assistance provides a way for users to get helpdesk assistance easier and at less cost. The user can request assistance by either saving a request to a file, using e-mail or Windows Messenger. Remote Assistance runs on top of Terminal Services which means it will use the same port as Terminal Services. In order to use Terminal Services you must open port 3389. Instant Messenger which can be used with Remote Assistance requires port 1863 to be open. Remote Assistance may also have some problems working with NAT (Network Address Translation) and Internet Connection Sharing. Remote Assistance uses Universal Plug and Play (UPnP) to traverse NAT devices. N.B. Windows 2000 ICS does not support UPnP.

    Making a Request for Assistance


    To ask for Remote Assistance click on Start. Right-click on My Computer. Select

    Properties. Select the Remote Tab. Enable the box for Remote Assistance. Click OK to close the System Properties Dialog. Click on Start. Select Help and Support. Choose the option for Remote Assistance. Select Invite someone to help you. Choose a method to contact the assistant, e.g. Save invitation as a file. Choose a name and configure the Expiry options. Once finished click Continue. Specify a password and select Save Invitation. Save the file to an accessible location, e.g. A File share or floppy. When a user using Windows XP or Server 2003 opens the invitation, a Remote connection will be established to your desktop.

    - 177 -

    Remote Desktop
    This free lesson will teach how to install and connect to a Remote Desktop. To enable Remote Desktop click on Start. Right-click on My Computer. Select Properties. Select the Remote Tab. Select the Allow users to connect remotely checkbox. Read the warning and click OK. Although the administrator is allowed to connect remotely, standard users must be added to the Remote Desktop Users group. If the server is a Domain Controller then you will also need to configure the Domain Controller Policy to allow the users to logon locally. Add the relevant users and click OK.

    Connecting to a Remote Desktop


    The Remote Desktop Connection client is installed by default on Windows XP / Server 2003 machines. It can be launched from Start > All Programs > Accessories > Communications. For older clients, the Remote Desktop Client can be downloaded from Microsofts Website or obtained from a Terminal Server in the windows\system32\clients\tsclient folder. From the Remote Desktop Connection window click on Options. Fill out the details for your user account and specify the name or IP address of the server. The Display Tab is used to configure the desktop size and colour resolution. You should choose a smaller screen when connecting over a slow connection. The Local Resources Page is used to configure devices connected to the terminal, e.g. Printers and Sound. The Programs Tab can be used to automatically start a program once logged on. The Experience Tab allows you to configure the user experience once connected. Enabling features such as Wallpapers and Themes will slow the connection speed. Bitmap caching can improve performance slightly for the client. Click Connect once all settings are configured. You should be automatically logged on to your Windows Server 2003 Desktop. - 178 -

    ..and be able to work as if logged on locally.

    - 179 -

    Interoperability with Apple Macintosh


    Many companies with Windows 2003 Servers may also have Apple Macintosh computers. For this reason, Windows 2003, continues to support three tools for Macintosh interoperability :

    The AppleTalk Protocol Print server for Macintosh File server for Macintosh

    The File Server for Macintosh allows your Windows 2003 computer running AppleTalk to act as a file server for Macintosh computers. In order to act as a Macintosh file server, your Windows 2003 server must have NTFS volumes available on which to create a Macintoshaccessible volume.

    Installing AppleTalk
    To install AppleTalk, right-click on My Network Places. Select Properties. Right-click on the connection on which AppleTalk is to be installed. Select Properties. Click on Install to install a new protocol. Select Protocol. Click on Add. A list of protocols is displayed. AppleTalk has been highlighted by default, click on OK to continue. AppleTalk has been installed for the Local Area Connection.

    Installing File Server for Macintosh


    To install File Server for Macintosh, the Add/Remove Windows Components wizard is used. Click on Start.

    - 180 -

    Select Control Panel. Select Add or Remove Programs. Double-click on Add/Remove Windows Components. Select the check box next to Other Network File and Print Services. Click on Details to view the available File and Print Services. Deselect Print Services for Unix as this is not required. Both File Services for Macintosh and Print Services for Macintosh have been selected. Click on OK to continue. Click on Next to install the selected components. Windows will install and configure the selected components. The Windows CD-ROM may be needed during this stage. Click on Finish to close the Components Wizard.

    Creating a Macintosh Accessible Volume


    To create a Macintosh accessible volume, the Shared Folders management tool is used. Right-click on My Computer. Select Manage. Computer Management will appear, expand Shared Folders. To create a new share, right-click on Shares. Select New Share. The Share a Folder Wizard appears. Click Next to continue. In the Folder to share box, type the name of the folder to share. The folder can also be browsed for. (N.B. This folder must be located on an NTFS volume.)

    - 181 -

    Check the Apple Macintosh check box to make the folder available for Macintosh machines. Click on Next to continue. Choose the level of access clients will have to the share. Select Administrators have full control; other users have read-only access. Click on Finish to create the volume. The newly created shares appear in the shares list.

    Print Server for Macintosh


    Print Server for Macintosh provides for 2 functions on a network: The ability for Macintosh clients to print to printers controlled by Windows 2003 servers. The ability for Windows clients to connect to Macintosh printers through a Windows 2003 Print Server. To configure this functionality, AppleTalk protocol and the Print Server for Macintosh must be installed.

    Source: http://www.free-online-training-courses.com/microsoftaccreditation/?gclid=CLLX27n6oa8CFYUc6wodoUmlYg

    - 182 -

    You might also like