ATM

Branch: C.S.E.

B-Tech: 6th Semester

EXPERIMENT 1 CONFIGURING YOUR SERVER AS A DOMAIN CONTROLLER

Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), and DCPromo (the command-line tool that creates DNS and Active Directory) can be installed manually or by using the Windows 2000 Configure Your Server Wizard. This guide uses the wizard; the manual procedures are not covered here. 1. Press Ctrl-Alt-Del and log on to the server as administrator. Leave the password blank. 2. When the Windows 2000 Configure Your Server page appears, select This is the only server in my network and click Next. 3. Click Next to configure the server as a domain controller and set up Active Directory, DHCP, and DNS. 4. On the What do you want to name your domain page, type Reskit. 5. In the Domain name box, type com. Click on the screen outside of the textbox to see the Preview of the Active Directory domain name. Click Next.

Figure 2. Configure Your Server Wizard 6. Click Next to run the wizard. When prompted, insert the Windows 2000 Server CD-ROM. When the wizard is finished, the machine reboots. The Configure Your Server Wizard installs DNS and DHCP and configures DNS, DHCP, and Active Directory. The default values set by the wizard are: DHCP Scope: Preferred DNS Server: IP address: Subnet mask: 10.0.0.3-10.0.0.254 127.0.0.1 10.10.1.1 255.0.0.0

ATM

Branch: C.S.E. Domain Controllers

B-Tech: 6th Semester

Windows NT uses a Primary Domain Controller (PDC) and Backup Domain Controllers (PDC) to control the operations of its domains. The BDC or BDCs back up the operations of the PDC in the event that it fails. Data is constantly replicated between these controllers. Windows 2000 has changed this method of controlling the domain. Windows 2000 may be operated in one of two modes:

Native mode - In this mode Active Directory interfaces only with Windows 2000 domain controllers and directory service client software. Windows 2000 is more efficient in native mode. In this case, the PDC emulator will get password changes faster. Mixed mode - Used to support domains where there are still Windows NT domain controllers. Mixed mode occurs when Active Directory interfaces with NT 4.0 BDCs or ones without Windows 2000 Directory Service client software. In mixed mode, computers without Windows 2000 client software must contact the PDC emulator to change user account information

A domain cannot be changed from native mode to mixed mode. An NT domain controller cannot be added to a Windows 2000 network runing in native mode. Controllers The program "dcpromo.exe" is used to make a Windows 2000 domain member server a domain controller or demote it from domain controller status back to a member server. It can be used to add a domain controller for an existing domain or create a domain controller for a new domain. Terms:

Forest root controller - The first domain controller created when Active Directory is first installed on any computer if there are no previously installed controllers available on the network.

Adding a Computer to a Domain Requirements: 1. Know the DNS domain name such as "server.department.company.com". 2. Have a computer account or administration privileges to create a computer account. 3. The DNS server and domain controller must be working.

ATM

Branch: C.S.E.

B-Tech: 6th Semester

EXPERIMENT- 2 CHANGING PARAMETERS & MATCHING N/W TRAFFIC USING NET WATCHER
NetWatcher is an Internet tool application that enables you to work on a bunch of remote computers from your own computer simultaneously, and with as much speed and efficiency as possible. You will see a remote computer screen in the window of your computer. Now you can supervise the user's every action at the remote computer without disturbing the user or being detected by the user. This program lets you connect to any Windows NT/2000/XP or Windows 9X computer that's running the NetWatcher Client program to view or remotely control the desktop over a LAN. It works over both a dial-up connection and on a network, as long as TCP/IP protocol is set up. Over a busy LAN, the fast response from the remote PC almost creates the illusion that you're sitting in front of the PC. NETwatcher is a connectivity monitoring tool, whose primary use is to monitor the availability of a 24x7 DSL or Cable Modem Internet connection. NETwatcher presents its information as an HTML template (an example is included in the ZIP file), and can optionally run a command file when each update has been made. These are all examples of data sharing which you are aware of and agree to, but what about all the information you send to the internet unwittingly? This is where NetWatcher comes in. NetWatcher 2000 watches what you don't see. It runs quietly in the background, constantly monitoring the information travelling digitally to and from the internet through your phone or cable line. When it detects an intrusion, NetWatcher alerts you immediately and provides you with all the information you need to report the intruder. For added security, NetWatcher 2000 includes a feature that scans all your system ports, looking for any programs (such as the infamous Back Orifice virus) that may be illegally attached Monitoring a Network or Server with NETwatcher Rather than using something protocol-specific (e.g. HTTP for a web server), NETwatcher works using ICMP Ping; in order to check the connection, both a remote and local machine are Pinged. If the local machine is unavailable, then the LAN is assumed to be down, and any downtime events go unrecorded; if the local machine is available but the remote machine is not, then the Internet/WAN connection is assumed to be down. The remote machine should be as near as possible to the connection - certainly within your ISP's network. Again, this is to prevent false downtime reports. Since Pings can be lost, an initial suspected downtime event is followed by a series of further Pings, to verify that the service is indeed unavailable.

ATM

Branch: C.S.E. B-Tech: 6th Semester Installing the NETwatcher Monitoring Service NETwatcher will be automatically registered if you run the configuration GUI setup.exe. Alternatively, you can register the service by entering the command netwatch /install and deinstalled by entering the command netwatch /uninstall. Configuring NETwatcher With NETwatcher now running as a service, all configurations has been moved into the Windows Registry; since editing the registry can be a daunting and possibly risky task, a setup executable has been included. This will also automatically register the NETwatcher service if it has not already been installed. Configuration is very straightforward - the main areas to change are the local and remote target addresses, typically your router or gateway machine, and your ISP's DNS or similar server. It is perfectly possible to use NETwatcher to heartbeat any particular server, rather than monitor a WAN connection, but that one service will only monitor one remote host. For multiple-service monitoring, it makes more sense to use something that is protocol-specific, such as an HTTP GET. Customized HTML Reporting The reporting is very straightforward; it uses specific codes that are replaced with text values. This allows an HTML template to be checked for accuracy in a browser before being deployed with real data. Given an image filename of filename, the file filename.gif will contain the historical network availability, while filename1.gif will contain the downtime, arranged by day of the week. The full list of substitution data is: &application; The name of the NETwatcher application &availability; &corestart; &coreend; &coredaysdown; The second-by-second connection availability The start of the working day The end of the working day The number days where minimum availability was not met over the working day

&coredaysdownpc; The proportion of days failing to meet acceptable standards during core working hours &daydowntime; &daysdown; &daysdownpc; &downtime; &interrupts; &interrupttime; &minuptime; &now; Acceptable downtime per day (i.e. if the minimum standard is 95%, then this represents 5% of a day) The number of days failing to meet minimum availability The proportion of days failing to meet minimum availability Total downtime since monitoring was started The total number of connection outages The average amount of time between connection outages Minimum acceptable uptime, expressed as a percentage The date that the report was written

ATM

Branch: C.S.E. &startdate; &stdavailability; &totaldays; &yeardowntime;

B-Tech: 6th Semester The date that the connection was first monitored The measured connection availability, in terms of the number of days that meet minimum availability The total number of days monitored Annual acceptable downtime

NETwatcher Custom Actions NETwatcher optionally invokes a standard Windows command file whenever a report has been written. Instead of having built-in FTP support, as in earlier versions, any command can now be run. The command is run with two parameters supplied - the first either "Up" or "Down", indicating the current link status, and a second "Changed" parameter is the status has just changed. An example action file is shown below: if "%1"=="Up" goto :Up :Down if "%2"=="Changed" net send Administrator Link lost goto :common :Up if "%2"=="Changed" net send Administrator Link restored :common ; Run common commands, e.g. ftp/pscp the files somewhere In this case, net send is used to send a message to a specific user indicating a state change; common code at the end of the file can be used to copy the generated report to an appropriate place (in the case of codecutters.org, that's the web server in the DMZ).

ATM

Branch: C.S.E.

B-Tech: 6th Semester

EXPERIMENT 3 IMPLEMENTATION OF ETHERNET USING WIN2000 SERVER DESCRIBING CLIENT SERVER

Client-Server Networks: In a client-server environment like Windows NT or Novell NetWare, files are stored on a centralized, high speed file server PC that is made available to client PCs. Network access speeds are usually faster than those found on peer-to-peer networks, which is reasonable given the vast numbers of clients that this architecture can support. Nearly all network services like printing and electronic mail are routed through the file server, which allows networking tasks to be tracked. Inefficient network segments can be reworked to make them faster, and users' activities can be closely monitored. Public data and applications are stored on the file server, where they are run from client PCs' locations, which makes upgrading software a simple task--network administrators can simply upgrade the applications stored on the file server, rather than having to physically upgrade each client PC.

In the client-server diagram, the client computers are separate and subordinate to the file server. The primary applications and files used by each of the clients are stored in 6

ATM

Branch: C.S.E. B-Tech: 6th Semester a common location on the file server. File servers are often set up so that each user on the network has access to his or her "own" directory, along with a range of "public" or shared directories where applications and data are stored. If the clients below want to communicate with each other, they must do so through the file server. A message from one client to another client is first sent to the file server, where it is then routed to its destination by the server. It becomes obvious then, that if you were to have tens or hundreds of client computers, a file server would be the only way to manage the often complex and most times simultaneous operations and transactions that large networks with many clients would generate.

Network Printing: In client-server networks, network printing is normally handled in one of two ways, either by attaching a printer directly to the server (depending upon where the physical server is located) or by attaching a print server to the network. In most cases a print server consists of a small box with at least two connectors, one for a printer and another that attaches directly to the network cabling or into a hub. Depending upon the size of the network and/or the network print requirements, some print servers may have more than two ports. As example, a print server may have 2, 3, or 4 ports to support the same number of printers simultaneously. When a user sends a print job, it travels over the network cabling to the file server where it is stored. When the print server senses that the job is waiting, it moves it from the file server to its attached printer. When the job is finished, the print server returns a result message to the file server, indicating that the process is complete. In the diagram below, a client computer sends a print job to the file server. The file server, in turn, forwards the job to the print server, which sends it to the laser printer when it is on-line and available. Any client on the network can access the printer in this fashion, and it is fast. The print server can be placed anywhere on the network, and a network can have more than one print server, such as one in an office's accounting department, another in marketing, and so on.

ATM

Branch: C.S.E.

B-Tech: 6th Semester

It doesn't stop there though, as there are Print Servers available for peer-to-peer networks as well. They are incredibly convenient because they let you put a printer anywhere along your network even if there isn't a computer nearby. However, users often choose not to use a print-server with their peer-to-peer network, as every computer's resources are available to everyone else on the network. As an example, Sue can print a job on Jim's printer just as if Sue had a printer attached to her computer. In this next example below, a two computer peer-to-peer network, the printer is attached to the computer on the right "B". When the computer on the left "A" sends a print job, "A" thinks that it is printing to a printer of its own. While in actuality, the job travels from "A" over the network cables to computer "B" on the right, which stores (spools) and then prints the job in the background. The user at the computer "B" with the printer is never interrupted while his computer processes and prints the job transparently.

Remote Access & Modem Sharing: When a client-server network needs a gateway to the world, the network administrator in some cases installs a remote-node server, which serves a dual function, providing 8

ATM

Branch: C.S.E. B-Tech: 6th Semester remote access as well as modem sharing. Most remote-node servers attach directly to the network cabling and provide a bridge between the network, a modem, and a telephone line. Obviously, this is only one example, and there are a number of methods that can be utilized to provide the network with Internet access, including a server assigned for that specific purpose. Remote access allows users to dial into a network from anywhere in the world. Once a connection has been established over ordinary phone lines by modem, users can access programs or data on the network just as if they were seated at one the local workstations on the network. Some remote access servers only provide access to a file server's disk drives, while others provide access to both the file server as well as direct access to any computers hard disk on the network (presuming that it has been shared). This saves time because it allows a remote user to communicate directly with any network user without having to go through the file server. Modem sharing allows local network users to dial out from their individual network computers to access the Internet, on-line bulletin boards and much, much more. After starting up their favorite communications software, local users then establish a link with the remote-node server over the network, which then opens up an outgoing telephone line. Users' individual PCs do not need modems, which can be a money saving alternative. Only a single modem and phone line are all that is required for tens or hundreds of users. In the case of peer-to-peer networks however, every PC requires its own modem for access to the outside world unless you're using something like Microsoft's Windows 98 Second Edition, which permits modem sharing.

EXPERIMENT 4 IMPLEMENTATION OF ETHERNET USING WIN98,WIN-NT CLIENTS DESCRIBING PEER-TO-PEER

Peer-to-peer is a communications model in which each party has the same capabilities and either party can initiate a communication session. Other models with which it might be contrasted include the client/server model and the master/slave model. In some cases, peer-to-peer communications is implemented by giving each communication node both server and client capabilities. In recent usage, peer-to-peer has come to describe applications in which users can use the Internet to exchange files with each other directly or through a mediating server. IBM's Advanced Peer-to-Peer Networking (APPN) is an example of a product that supports the peer-to-peer communication model.

ATM

Branch: C.S.E. B-Tech: 6th Semester On the Internet, peer-to-peer (referred to as P2P) is a type of transient Internet network that allows a group of computer users with the same networking program to connect with each other and directly access files from one another's hard drives. Napster and Gnutella are examples of this kind of peer-to-peer software. Major producers of content, including record companies, have shown their concern about what they consider illegal sharing of copyrighted content by suing some P2P users. Meanwhile, corporations are looking at the advantages of using P2P as a way for employees to share files without the expense involved in maintaining a centralized server and as a way for businesses to exchange information with each other directly. How Does Internet P2P Work? The user must first download and execute a peer-to-peer networking program. (Gnutellanet is currently one of the most popular of these decentralized P2P programs because it allows users to exchange all types of files.) After launching the program, the user enters the IP address of another computer belonging to the network. (Typically, the Web page where the user got the download will list several IP addresses as places to begin). Once the computer finds another network member online, it will connect to that user's connection (who has gotten their IP address from another user's connection and so on). Users can choose how many member connections to seek at one time and determine which files they wish to share or password protect. Peer-to-Peer Networks: Peer-to-peer networks allow you to connect two or more computers in order to pool their resources. Individual resources such as disk drives, CD-ROM drives, scanners and even printers are transformed into shared resources that are accessible from each of the computers. Unlike client-server networks, where network information is stored on a centralized file server computer and then made available to large groups of workstation computers, the information stored over a peer-to-peer network is stored locally on each individual computer. Since peer-to-peer computers have their own hard disk drives that are accessible and sometimes shared by all of the computers on the peer-to-peer network, each computer acts as both a client (or node) and a server (information storage). In the diagram below, three peer-to-peer workstations are shown. Although not capable of handling the same rate of information flow that a client-server network would, all three computers can communicate directly with each other and share each other's resources.

10

ATM

Branch: C.S.E.

B-Tech: 6th Semester

A peer-to-peer network can be built with either 10BaseT cabling and a hub (as above) or with a thin coax backbone (10Base2). 10BaseT is best for small workgroups of 16 or fewer computers that are not separated by long distances, or for workgroups that have one or more portable computers that may be disconnected from the network from time to time. Once the networking hardware has been installed, a peer-to-peer network software package must be installed on each of the computers. This software package allows information to be transferred back and forth between the computers, hard disks, and other devices connected to the computers or to the network when users request it. Windows 95 and Windows 98 both have networking software built into the operating system, and you can add other forms of peer-to-peer network operating software such as Artisoft LANtastic, and NetWare Lite. Frankly though, if you already have Windows 95 or Windows 98 (including Windows 98 Second Edition), there's really no need for additional networking software unless you have a software package that requires it. Most network operating system software (such as Windows 95 and Windows 98) allows each peer-to-peer computer to determine which resources will be available for use by all other users of the remaining computers on the network. Specific hard and floppy disk drives, directories, files, printers, and all other resources can be attached or detached from the network via software. When one computers disk has been configured so that it is being shared, it will usually appear as a new or additional drive to the other computer users. As an example, if user A has an A and C drive on his computer, and user B configures his entire C drive so that it is shared, user A can map to the user B's C drive and have an A, C, and D drive (user A's D drive is actually user B's C drive). Directories operate in a similar fashion. If user A has an A & C drive, and user B configures his "C:\WINDOWS" and "C:\DOS" directories as sharable, user A can map to those directories and then have an A, C, D, and E drive (user A's D is user B's C:\WINDOWS, and E is user B's C:\DOS). Did you get all of that? Because drives can be easily shared between peer-to-peer computers, data only needs to be stored on one computer, not two or three. As an example, let's say that three computers have Microsoft Word installed. Instead of saving documents and other data on all three machines, you can save all of the documents on one computer. The advantages of peer-to-peer over client-server NOSs include:

No need for a network administrator. 11

ATM

Branch: C.S.E. B-Tech: 6th Semester Network is fast and inexpensive to setup and maintain. Each computer can make backup copies of its data to other computers for security. Peer-to-peer is, by far the easiest type of network to build for either home or office use.

EXPERIMENT-5 COMPUTER MANAGEMENT TOOL

The computer management console has the following categories of tools:

12

ATM

Branch: C.S.E. System Tools Storage Services and Applications

B-Tech: 6th Semester

System Tools Event Viewer - Used to view logs about events associated with file and directory replication, DNS, security, and more. System Information - Replaces Windows NT Diagnostic Administrative Tool. Listed folders include: o System Summary - Lists operating system version, installed services packs, processor, and memory. o Hardware Resources - Interrupt, DMA, and I/O address usage are listed. o Components - Information about peripheral devices such as modems, ports, USB, and display is listed. o Software Environment - Lists installed software including services and drivers. o Internet Explorer - Internet Explorer configuration information. o Applications - Information about installed application programs. Performance Logs and Alerts - Includes: o Alerts - Alerts can be sent when system performance falls below minimum settings. o Counters - Objects that can be monitored. o Trace Logs 13

ATM

Branch: C.S.E. B-Tech: 6th Semester Shared Folders Tool - Entered from Administrative Tools, "Computer Management" or by right clicking on "My Computer" and selecting "Manage". Categories: o Shares - Used to create shares and list all system shares. o Sessions - Any open session from the local computer or a remote computer is listed. o Open Files - Files being used by users or other computers are listed. Device Manager - Used to view all system resources. Local Users and Groups it is used to make user and group accounts on the local computer. Storage Disk Management - This is a snap-in for the Microsoft Management Console (MMC) and is the replacement for the Windows NT Disk Administrator. Only a member of the Administrators group can use this tool. It can manage local or remote disk volumes. It is used to: o Make and format partitions. o Create, format, or delete simple, spanned, mirrored, striped, or RAID-5 volumes. o Modify a disk from basic to dynamic type or vice versa, create. A disk can only be converted from dynamic to basic by first deleting all the volumes in the dynamic disk. o Display information about the disk including the disk type (basic or dynamic), disk number, disk size and disk status. Disk status can be: Online Foreign - Remote disk No Media - For removable disks. Offline - For dynamic disks that cannot be reached due to various possible reasons. The disk may be remote. Online (errors) - There are errors on the disk. Unreadable - Errors preventing access have occurred. Unrecognized - Unknown type of disk. It will also provide volume information including size, name, and status. Volume status can be:

Healthy Healthy (boot) - Active primary partition on the first drive. Healthy (system) - if same as boot volume, it is called "Healthy (boot)". Failed Failed Redundancy - A fault tolerant volume is not on line. Failed Redundancy (At Risk) - A fault tolerant volume that has lost fault tolerance has errors detected on it. Healthy (At Risk) - Errors have been detected on the volume. Initializing - Dynamic volume being initialized.

14

ATM

Branch: C.S.E.

B-Tech: 6th Semester

Regenerating Resynching - Mirrored volumes are being resynchronized Recover from drive failures.

To install Disk Management:

1. 2. 3.

From an MMC console, click "Add/Remove Snap-in". Click "Add", select "Disk Management". Select the computer to install on, and finish.

To start Disk Management, do one of:

o o

o o

Right click the "My Computer" icon on the desktop and select "Manage" and click "Disk Management" in the left pane. Select "Start", "Programs", "Administrative Tools", and "Computer Management". In the left pane of the computer management box in the MMC, select "Disk Management". Run the program "Diskmgmt.msc" from the command line. Double click Diskmgmt.msc in the SystemRoot\Winnt\System32 directory.

Disk Management Creating New Partition Formatting the partition destroys any data on the partition. Make sure you do this only if necessary, and that you select the correct partition. 1. 2. Log on to the server as the Administrator.

Clear the Show this screen at start-up check box in the Configure Your Server Wizard, and close the wizard. 3. Click Start, point to Programs, then point to Administrative Tools, and click Computer Management. The Computer Management snap-in appears. 4. Click the + next to Storage if the folder is not already expanded. 5. Click the Disk Management folder. 6. Right-click unallocated disk space and click Create partition. 7. The Welcome to the Create Partition wizard appears. Click Next. 8. Select Extended Partition, and click Next. 9. Accept the specified partition size by clicking Next, and then click Finish. 10. Right-click Free space and then click Create logical drive. 11. The Welcome to the Create Partition wizard appears. Click Next. 12. Select Logical drive, and click Next. 13. Accept the specified partition size by clicking Next. 14. Accept the default drive letter by clicking Next. 15. On the Format Partition page, accept the defaults for File system to use (NTFS format and the entire size of the partition), Allocation unit size, and Volume

15

ATM

Branch: C.S.E. B-Tech: 6th Semester label. Click Next and then click Finish. The drive or partition will be formatted. This may take some time depending on the size of the disk and the speed of the computer. At the end, your window should look similar to Figure 3 below.

Figure 3. Disk Management Snap-In Window You might get an error message saying Volume is open or in use. Request cannot be completed. This is a timing error because you just created the partition. If you receive this message, click OK, then right-click the partition again and click Format. Accept all defaults and click OK. You receive a warning that continuing the format will erase all data. Click OK. 16. After the disk or partition has been formatted, close the Disk management snap-in.

Volume and disk properties dialog box tabs:

o

General - Label, volume type, capacity and use are displayed. Options include "Compress drive to save disk space" and "Allow Indexing Service to index this data for fast file searching". Tools - Contains defragmentation, backup and error checking tools.

16

ATM

Branch: C.S.E. B-Tech: 6th Semester o Hardware - Device properties are listed with the type and name of the disk drives. o Sharing - Volume sharing options are set including permissions, user limits and share name. o Security (NTFS volumes) - Can set user, group and computer permissions along with auditing configuration. o Quota (NTFS volumes) - Can enable disk quotas and set disk quota administration values. Quota management must be enabled. Warning levels may be set and hard limits may also be set. Disk space may be denied to users who exceed their quota limit. The events may be logged when the user exeeds their warning and/or quota limit. o Web Sharing - Can share the volume on a web site. Disk properties: Disk - Number Type - Basic, Dynamic, or Removable Status - Online, offline, foreign, or unknown. Capacity Unallocated Space Device Type - IDE, EIDC, SCSI, etc. Hardware Vendor Adapter Name Volumes Contained On This Disk Disk Defragmenter - This is a snap-in for the Microsoft Management Console (MMC) and is used to analyze and defragment volumes.
o o o o o o o o o

To start Disk Defragmenter, do one of: Right click the "My Computer" icon on the desktop and select "Manage" and click "Disk Defragmenter" in the left pane o Select "Start", "Programs", "Administrative Tools", and "Computer Management". In the left pane of the computer management box in the MMC, select "Disk Defragmenter". Logical Drives - This is a snap-in for the Microsoft Management Console (MMC) and is used to change logical drive labels, configure security settings, and view properties.
o

To start Logical Drives, do one of: Right click the "My Computer" icon on the desktop and select "Manage" and click "Logical Drives" in the left pane o Select "Start", "Programs", "Administrative Tools", and "Computer Management". In the left pane of the computer management box in the MMC, select "Logical Drives". Removable Storage - Information about removable storage media such as tapes and CD-ROMS is provided.
o

17

ATM

Branch: C.S.E. Services and Applications

B-Tech: 6th Semester

Is only available on Windows 2000 Servers. It lists information about installed services such as DNS.

WMI Control - Windows Management Instrumentation control allows monitoring and controlling system resources. Services - Lists all computer services Indexing Service - Creates an index of files on the computer allowing search functions to work better. Windows Scripting Host (WSH) assists administrators in creating many users and groups quickly. Fax Service Management Security Configuration and Analysis

18

ATM

Branch: C.S.E. EXPERIMENT - 6

B-Tech: 6th Semester CREATING AND MANAGING USER PROFILE

User Profiles The most powerful method you have of managing user environments is through user profiles. A profile is a file that serves as a snapshot of a users desktop environment. With profiles, you can also restrict users ability to change these settings. You can create profiles for users that have domain accounts and store these profiles on servers. Each user can have a single profile, with one configuration, that is loaded when the user logs on. Types of User Profiles There are two types of server-based user profiles: personal profiles and mandatory profiles. With each type of profile, you assign a profile to a user by specifying the location and filename of the profile in the users account. Each user can have only one profile assigned. Users of personal profiles can permanently change their profiles. A user may not consciously change the personal profile, but every time the user logs off, any changes made to the per-user settings are saved. When the user logs on again, the environment that existed the last time the user logged off is restored. Because the user can change the personal profile, each user must have a unique copy of the personal profile. Personal profiles are useful when you want to allow users to customize their desktop environments. Users of mandatory profiles cannot permanently change their profiles. Although a user with a mandatory profile may be able to change the per-user settings during one session, these changes are not uploaded to the users profile when the user logs off. When the user logs on again, the profiles original settings are reestablished. Because users cannot change the mandatory profile, more than one user can use the same mandatory profile. Mandatory profiles are useful for supporting large number of users with identical requirements. Any changes made to the mandatory profile affect all users of that profile. Using Profiles to Restrict Users Abilities In both personal and mandatory profiles, you can prevent the user from doing one or more of the following: Creating program items Creating program groups Changing the contents of program groups Changing program item properties Running programs from the File menu in Program Manager Making connections to network printers (other than the connections already configured) The Use the "Local Users and Groups" tool is used to create user and group accounts locally and the "Active Directory Users and Computers" tool is used to create users remotely. They are also used to with managed functional user rights, security 19

ATM

Branch: C.S.E. B-Tech: 6th Semester auditing, and account policies. Functional user rights determine what programs the user can run or what system capabilities they have. Passwords are case sensitive, but user names are not. Both can contain spaces.

1. 2. 3. 4.

Open Computer Management In the console tree, in Local Users and Groups, click Users. Now select New User from the Action menu or from pop-up menu. Now give the user name (necessary) and full name, description (optional). We also give the user password also. To confirm password we retype it. 5. There are four properties, when we create a user account. (i) User must change password at first logon: - This option is default. By this option when a user logon his account first time, he can change his password. We can disable it also. When this option is disabled then other options are enabled otherwise disabled. (ii) User cannot change password: - By enabling this option the local user cannot change his password. Only administrator can change the password of that user. (iii) Password never expires: - By default the password is expire after 42 days. By enabling this option the password is never expire. (iv) Disable user A/c - This option is used to create a user templates. This option is used only then, when we want to stop a user from work for a time. We disable his account but the settings of user remains safe.

20

ATM

Branch: C.S.E. B-Tech: 6th Semester When we create a user account then a new dialog box will appear to create a new user. If we want to create a new user then we create or we cancel to exit.

To change the password for a user 1. Open Computer Management 2. In the console tree, in Local Users and Groups, click Users. 3. Click the user account, for which we want to change password. 4. Click Action or from pop-up menu, click Set Password. To modify a user account 1. Open Computer Management 2. In the console tree, in Local Users and Groups, click Users. 3. Click the user account we want to modify. 4. Click Action or from right-click menu click on Properties. 5. Make the changes we want, and then click OK. To disable or activate a user account 1. Open Computer Management 2. In the console tree, in Local Users and Groups, click Users. 3. Click or select the user account to which we want to change. 4. Click Action, and then click Properties. 5. To disable the selected user account, select Account is disabled. 6. To activate the selected user account, clear Account is disabled. We must be logged on as an administrator or a member of the Administrators group to activate or disable the Guest account.

21

ATM

Branch: C.S.E. B-Tech: 6th Semester A disabled account still exists, but the user is not permitted to log on. It appears in the details pane, but the icon has an X in it. When a user account is activated, the user is permitted to log on normally. The built-in Administrator account cannot be disabled. To delete a user account 1. Open Computer Management 2. In the console tree, in Local Users and Groups, click Users. 3. Click the user account which we want to delete. 4. Click Action, and then click Delete. 5. If a confirmation message appears, click OK. 6. When the delete message is displayed, click Yes. When you need to remove user accounts, it is a good idea to disable the accounts first. When you are certain that disabling the account has not caused a problem, you can safely delete it. A deleted user account cannot be recovered. The built-in Administrator and Guest accounts cannot be deleted To rename a user account 1. Open Computer Management 2. In the console tree, in Local Users and Groups, click Users. 3. Click the user account we want to rename. 4. Click Action, and then click Rename. 5. Type the new user name, and then press ENTER. User names may be up to 20 characters long using upper and lowercase letters although it is not case sensitive. Does not use " / \ [ ] : ; | = , + * ? <, > characters in a user name. User accounts should not be made local on various workstations when using domain user accounts. If a user account is deleted, when it is recreated, even though it may have the same name, it will have a different user ID number and resource access for that account must be set up again. Passwords are case sensitive and can be up to 14 characters. User names are not case sensitive and can be up to 20 characters. The user's home directory can be specified when the user is created or set later. The home directory is where data from an application is saved by default and where the command prompt will be when a command line session is begun.

22

ATM

Branch: C.S.E.

B-Tech: 6th Semester

EXPERIMENT-7 IMPLEMENTATION OF SECURITY POLICIES ON ETHERNET USING 2000 SERVER.

Security Policy The local security policy is configured rather well in a default installation, but I usually change the following settings: Clear virtual memory pagefile when system shuts down Enabled Digitally sign server communication (when possible) Enabled Shut down system immediately if unable to log security audits Enabled. Security Checklist

The purpose of this document is to give instructions for configuring a baseline level of security on Windows 2000 server. Step Verify that all disk partitions are formatted with NTFS. Disable unnecessary services. 23

ATM

Branch: C.S.E. B-Tech: 6th Semester Disable or delete unnecessary accounts. Make sure the Guest account is disabled. Protect the Registry from Anonymous Access. Restrict access to public Local Security Authority (LSA) information. Set stronger password policies. Configure the Administrator Account. Set Account Lockout Policy

Revoke the Debug programs user right. Remove all unnecessary File shares. Set appropriate ACLs on all necessary file shares. Enable security Event Auditing. Install Antivirus Software and updates. Install Service Packs and patches. Emergency Repair Disk

24

ATM

Branch: C.S.E.

B-Tech: 6th Semester

EXPERIMENT - 8 TO ASSIGN USER RIGHTS BY ADMINISTRATOR

Limiting Available Rights As an administrator, if you want to allow or limit certain actions your users perform, you can disable or enable the associated right on the virtual server. For example, if you do not want users to be able to add pages to a Web site, you can disable the Add and Customize Pages right. When you disable a right on a virtual server, it cannot be assigned to any site group and, as a result, cannot be granted to any user of a site on the virtual server. Note that if a user already has a right, and you disable that right, the right is also disabled for that user. Use the Manage User Rights for Virtual Server page in the Virtual Server Settings pages to specify which rights are available for site groups per virtual server. Limit the rights for a virtual server 1 . 2 . 3 . 4 . 5 . 6 . On your server computer, click Start, point to All Programs, point to Administrative Tools, and then click SharePoint Central Adminsitration. On the SharePoint Central Administration page, under Virtual Server Configuration, click Configure virtual server settings. On the Virtual Server List page, select the virtual server you want to affect. Under Security Settings, click Manage user rights for virtual server. Select the check boxes next to the rights you want to enable, and clear the check boxes next to those rights you want to disable. You can select all rights by selecting the Select All check box. You can clear all rights by clearing the Select All check box. Click OK.

User Rights User rights are divided into:

Logon rights 25

ATM

Branch: C.S.E. User privileges Logon Rights Right Description Access this The user can connect computer from the computer remotely. network *

B-Tech: 6th Semester

to

Groups with the Rights Administrators, Power the Users, Everyone ?

Deny access to this The user cannot connect to the computer from the computer remotely. network Deny logon as a batch job Deny logon as a service Logon as a batch job This right is used by background Logon as a service * applications. The rights are required for the service to function Log on locally * User Privileges Privilege Act as part of the operating system Add workstations to domain Back up directories * Description

? ? ? ?

All built-in groups, including Everyone, except Replicator

Groups ? ?

Administrators, files The user can back up files or directories to Backup Operators storage media. Everyone

Lets the user or group move through directory Bypass traverse trees even if the group does not have checking * permission to access the directories. Normally this right is given to Power Users. Change the system Can change the current time. 26

Administrators,

ATM

Branch: C.S.E. time *

B-Tech: 6th Semester Power Users

The system memory pagefile size and location Create a page file can be changed. Administrators Create a token object Create permanent shared objects Debug programs Can debug threads ? ? Administrators

Force shutdown Administrators, from a remote A system can be shutdown across the network. Power Users system * Generate security ? audits ? Increase quotas Increase Increase a processes execution priority. scheduling priority Administrators, Power Users

Device drivers may be added or removed from Load and unload the system. Administrators device drivers * Lock pages memory in ?

View auditing log files and control what the Manage auditing system audits. Administrators and security log * Modify firmware environment BIOS firmware may be changed. values Profile process single Administrators

Administrators, View a specific system performance counter. Power Users performance with Administrators

Check the system Profile system Performance Monitor. performance Remove computer from docking station Replace a process level token 27

? ?

ATM

Branch: C.S.E.

B-Tech: 6th Semester

The user can restore files or directories from Restore files and Administrators, storage media. directories * Backup Operators Shut down system * the Shut the system off. Administrators, Backup Operators ?

Synchronize directory service data

Make any objects owned by the user that is Take Ownership of taking ownership. Ownership cannot be Administrators files or objects * assigned to other users.

EXPERIMENT-9 SHARING VARIOUS RESOURCES IN AN ETHERNET .

Accessing Network Resources:-The ThinkPad provides the means to connect to an amazing array of network resources and services, which make gathering, distributing, and using information easier than ever. With an Ethernet connection, you will have access to these resources on the campus network as well as on the Internet. The following section describes the Network Neighborhood as well as some of the more common processes available to you: file sharing, network printing, and accessing the Internet. My Network Places :- On the ThinkPad display is an icon called My Network Places. When you have an Ethernet connection, you can double-click on this icon to see a graphical representation of the computers logged in to the network. Every computer at WFUSM has a unique name, usually the same as the login ID, which identifies it to other users. 1. Double-click on My Network Places. 2. Double-click on Entire Network.

28

ATM

Branch: C.S.E.

B-Tech: 6th Semester

3. Click entire contents to view the networks. 4. Double click Microsoft Windows Network to view the domains.

5. Double click AD1 to display the computers that are logged in to the campus network.

29

ATM

Branch: C.S.E.

B-Tech: 6th Semester

6. Clicking on the X in the top right-hand corner of the window will close the top window on your display. You will use the graphical interface of My Network Places to access shared resources such as folders (stored on other computers) and network printers. Remember that you must have an Ethernet connection in order to access resources through My Network Places. File Sharing You may share information stored on the hard disk of the ThinkPad with other members of the campus community if both parties have an Ethernet connection and if you have set appropriate permissions on the folder. Please be alert to the security issues involved in sharing resources. You are the only person who can allow access to the ThinkPad, so it is very important that you take every precaution in granting access to your information.

30

ATM

Branch: C.S.E.

B-Tech: 6th Semester

To share a file: 1. Make certain that you have an Ethernet connection to the campus network. 2. Place the document you wish to share in a new or existing folder. If you choose to use an existing folder, be certain that the other documents in the folder should also be shared, because you will be granting access to the entire contents of the folder. 3. Use the TrackPoint III to highlight the folder to be shared, and click one time with the right mouse button. You will see a drop-down menu. 4. Choose Sharing.

5. Click on the Share this folder radio button and fill in the "Share Name" and "Comments" field if desired. 31

ATM

Branch: C.S.E.

B-Tech: 6th Semester

6. Click on the Permissions button. Click the Add... button. You will see another dialogue box pop up that will allow you to choose the login ID of the person you want to allow to access the information. 7. Make sure the Look in Box says AD1 8. Type in the login ID of the person, and you will see the automatic seek feature bring their login ID to the top of the list. 9. When you see the correct login ID, click on it and click the Add... button. 10. Click OK and in the resulting window make sure that you have granted appropriate access to the folder. 11. Click the user name from the list and choose a check box under the access level. (i.e. Choose deny under Full Control and allow under Read. This is the most common setting) 12. Click OK at the next two windows, and you will see the shared folder appear with a blue-sleeved hand beneath it. Accessing Shared Folders If someone has shared a folder with you, you will need to know what his or her computer name is. Remember the computer name is usually the same as the login ID. To access a shared file: 1. Double-click on My Network Places. 2. Double-click on Entire Network. 32

ATM

Branch: C.S.E. B-Tech: 6th Semester 3. Click entire contents to view the networks. 4. Double click Microsoft Windows Network to view the domains. 5. Double click AD1 to display the computers that are logged in to the campus network. 6. Double-click on the appropriate computer name. If they have shared the folder with you, you will see a folder in the resulting window. If you receive an error message, the folder has not been shared correctly. 7. Double-click on the folder and you will see the document(s) that you are seeking. Generally it is a good idea place a copy of the document on your hard drive rather than editing it over the network.

EXPERIMENT 10 ACTIVE DIRECTORY USERS AND COMPUTER

These tools are available in "Administrative Tools" after Active Directory is installed.

Active Directory Users and Computers - Active Directory Users and Computers is a Microsoft Management Console snap-in. It is started by selecting "Start", "Programs", "Administrative Tools", and "Active Directory

33

ATM

Branch: C.S.E. B-Tech: 6th Semester Users and Computers". Only members of the Domain Admins or Enterprise Admins group can use this tool. This tool is used to create, configure, locate, move, and delete objects including: o User (automatically published) - Domain user accounts may be copied. o Group (automatically published) o Computer (Those in the domain are automatically published) o Contact (automatically published) o Domain o Organizational Unit (automatically published) o Shared folder To create Organizational Units and Groups 1. 2. Click Start, point to Programs, then point to Administrative Tools, and click Active Directory Users and Computers.

Click the + next to domain name to expand it. Click domain name itself to show its contents in the right pane. 3. In the left pane, right-click domain name, point to New, and click Organizational Unit. 4. Type Accounts in the name box, and click OK.

Figure 5. Create Organizational Units 5. 6. Repeat steps 3 and 4 to create the Groups and Resources OUs. These three OUs now show up in the right pane.

Click Accounts in the left pane. Its contents now display in the right pane (it is empty to start). 7. Right-click Accounts, point to New, and click Organizational Unit. 8. Type Headquarters, and click OK. 9. Repeat steps 6 and 7 to create the Production and Marketing OUs under Accounts. When you have finished, the OU structure should look like Figure 5 below: 10. In the same way, create Desktops, Laptops, and Servers under the Resources OU.

34

ATM

Branch: C.S.E. B-Tech: 6th Semester 11. Create the two security groups by right-clicking Groups, then pointing to New, then clicking Group. The two groups to add are Management and Nonmanagement. The settings for each group should be Global and Security. Click OK to create each group. To create User Accounts 1. 2. In the left-hand screen, click the + next to the Accounts folder to expand it.

Click Headquarters (under Accounts) in the left-hand screen. Its contents now display in the right pane (it is empty at the beginning of this procedure). 3. Right-click Headquarters, point to New, and click User. 4. Type Teresa for the first name and Atkinson for the last name. (Note that the full name is automatically filled in at the full name box.) 5. Type Teresa for the User logon name. The window will look like Figure 6 below:

Figure 6. Adding a User 6. 7. 8. Click Next. Click Next on the Password page to accept the defaults. Click Finish. Teresa Atkinson now displays on the right-hand screen, as a user under Reskit.com/Accounts/Headquarters. 9. Repeat steps 2 through 7, adding the names listed in Appendix A for the Headquarters OU. When you are finished, the Headquarters OU screen appears as illustrated below.

35

ATM

Branch: C.S.E.

B-Tech: 6th Semester

Figure 7. User listing in the Headquarters OU 10. Repeat steps 1 through 8 to create the users in the Production and Marketing OUs.

To add Users to Security Groups 1. 2. 3. In the left pane, click Groups. In the right pane, double-click the group Management. Click the Members tab and then click Add. 4. Select the users in the upper pane as shown in Figure 8 below by holding down the ctrl key while clicking each name; click Add to add them all at once. (The users who should be members of this security group are listed in Appendix A.) Their names will display in the bottom pane. Click OK to accept.

Figure 8. The members of the Management group are drawn from three OUs.

36

ATM

Branch: C.S.E. B-Tech: 6th Semester 5. Repeat steps 2 through 4 to add members to the Non-management group. 6. Close the Active Directory Users and Computers snap-in.

EXPERIMENT 11 STRAIGHT AND CROSS CABLES

Straight-through Cable A "straight-through" cable is used when connecting two ports that are not set to the same MDI mode or not set to the same MDI-X mode. 10Base-T ports 1 through 15 on the Catalyst 3000 are always MDI-X, and port 16 can be set to MDI-X. When connecting these MDI-X ports to ports that are MDI, such as PCs or servers, use a straight-through cable. A straight-through cable has each internal twisted pair of wires connected to the same pin number at each end. The twisted-pair wires must be twisted throughout the entire length of the cable. The wiring sequence must conform to AT&T 258A (not USOC). Figure A-1 shows the wiring diagram for a straightthrough cable, and Table A-1, "10Base-T Cable Pin-Out" is a listing of the signals used on each pin.

37

ATM

Branch: C.S.E. Figure A-1: Straight-through Cable Pin-out

B-Tech: 6th Semester

Pins 1 and 2 must be a twisted pair. Pins 3 and 6 must be a twisted pair. Pins 4, 5, 7, and 8 are not used in this application, although they may be wired in the cable. Straight-through cables are used for connecting computers to a hub. In a straight-through cable, wires 1, 2, 3, and 6 at one end of the cable are also wires 1, 2, 3, and 6 at the other end. To figure out which wire is wire number 1, hold the cable so that the end of the plastic RJ-45 tip (the part that goes into a wall jack first) is facing away from you. Flip the clip so that the copper side faces up (the spring lock clip will now be parallel to the floor). When looking down on the coppers, wire 1 will be on the far left. The following examples will show you graphically what this looks like.

38

ATM

Branch: C.S.E.

B-Tech: 6th Semester

Crossover Cable For cabling between two switches, the transmit and receive pairs must be reversed. You can do this in one of two ways: 1. Use a straight cable with one switch port set to MDI and the other set to MDI-X. 2. Use a crossover cable with both switch ports set to MDI or both ports set to MDI-X. Figure A-2: Crossover Cable Pin-out

Pins 1 and 2 at B, must be a twisted pair wired through to pins 6 and 3, respectively, at A. Pins 3 and 6 at A, must be a twisted pair wired through to pins 2 and 1, respectively, at B.

39

ATM

Branch: C.S.E. B-Tech: 6th Semester Pins 4, 5, 7, and 8 on cable B are not used in this application, although they may be wired in the cable. A short crossover cable can be used to adapt a straight-through twisted-pair cable for "cascading" switches through the twisted-pair ports. Crossed cables are used for connecting a hub to another hub (the exception to this is when some hubs have the built-in uplink port that is crossed internally, which allows you to uplink hubs together using a straight cable). In a crossed cable, the order of the wires change from one end to the other: wire 1 becomes 3, and 2 becomes 6.

40