You are on page 1of 140

N+ Journal

Install Microsoft DNS Server


1. Click Start, point to Settings, and then click Control Panel. 2. Double-click Add/Remove Programs. 3. Click Add and Remove Windows Components. 4. The Windows Components Wizard starts. Click Next. 5. Click Networking Services, and then click Details. 6. Click to select the Domain Name System (DNS) check box, and then click OK. 7. Click OK to start server Setup. The DNS server and tool files are copied to your computer. 8. Continue to the next step to configure the DNS server.

Configure the DNS Server Using DNS Manager


These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft Management Console (MMC). 1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone. 2. The DNS Server Configuration Wizard starts. Click Next. 3. If the Wizard does not auto-start, right-click your server name object in the DNS Manager console and choose Configure your Server.

Page 1

N+ Journal
4. Choose to add a forward lookup zone. Click Next. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. Click Primary, and then click Next.

5. The zone name must be exactly the same as your Active Directory Domain name, or, if on a stand-alone or workgroup environment - the same as the suffix for all of the network computers that are to register with this DNS server. Type the name of the zone, and then click Next.

Page 2

N+ Journal

6.

Accept the default name for the new zone file. Click Next.

7.

Choose to add a reverse lookup zone now. Click Next.

Page 3

N+ Journal

8. Click Primary, and then click Next. 9. Type the name of the zone, and then click Next. The zone name should match the Network ID of your local subnet. For example, if your subnet range is from 192.168.0.1 to 192.168.0.254, type 192.168.0 in the name value.

Page 4

N+ Journal
10. Accept the default name for the new zone file. Click Next.

11.

Click Finish to complete the Server Configuration Wizard.

Page 5

N+ Journal

Configure VPN Server


1. Go to Start > Administrative Tools > Routing and Remote Access. 2. Right click on server and select Configure and Enable Routing and Remote Access.

Page 6

N+ Journal

3. This is the wizard for configuration, Click Next.

Page 7

N+ Journal

4. Select Custom Configuration.

Page 8

N+ Journal

5. Now, select VPN access.

Page 9

N+ Journal

6. Click Finish to complete configuration Wizard.

7. It will ask for starting Routing and Remote Access service. Click Yes.

Page 10

N+ Journal

8. Wait for some time because it is starting the service.

Page 11

N+ Journal

9. Now, the server has been configured success fully. You can see the Network Interfaces, Ports etc of your VPN server.

Page 12

N+ Journal

10. The following window is showing that the one remote access client is connected with VPN server via VPN dialer. You can send message to that client, you cam also disconnect that client from here.

Page 13

N+ Journal

Create VPN Connection at Client Side


1. Click Start Control Panel Network Connections Click Create

a new connection from Network task panel from left side.

Page 14

N+ Journal
2. Click Next to create VPN Connection.

Page 15

N+ Journal
3. Select Connection to the network at my workplace option and then click Next.

4. Select Virtual Private Network Connection and then click Next.

Page 16

N+ Journal

5. Type your company name and then click Next.

Page 17

N+ Journal

6. Type IP address of VPN Server or name of network machine on which VPN Server is running.

7. Click Finish to complete the process.

Page 18

N+ Journal

Page 19

N+ Journal

Setting up a DHCP Server


This will serve as a step-by-step guide on how to setup a DHCP server. Installing the DHCP server is made quite easy in Windows 2003. By using the "Manage your server" wizard, you are able to enter the details you require and have the wizard set the basics for you. Open to "Manage your server" wizard, select the DHCP server option for the list of server roles and press Next. You will be asked to enter the name and description of your scope. Scope: A scope is a collection of IP addresses for computers on a subnet that use DHCP.

The next window will ask you to define the range of addresses that the scope will distribute across the network and the subnet mask for the IP address. Enter the appropriate details and click next.

Page 20

N+ Journal

You are shown a window in which you must add any exclusions to the range of IP addresses you specified in the previous window. If for example, the IP address 10.0.0.150 is that of the company router then you won't want the DHCP server to be able to distribute that address as well. In this example I have excluded a range of IP addresses, 10.0.0.100 to 10.0.0.110, and a single address, 10.0.0.150. In this case, eleven IP's will be reserved and not distributed amongst the network clients.

Page 21

N+ Journal

It is now time to set the lease duration for how long a client can use an IP address assigned to it from this scope. It is recommended to add longer leases for a fixed network (in the office for example) and shorter leases for remote connections or laptop computers. In this example I have set a lease duration of twelve hours since the network clients would be a fixed desktop computer in a local office and the usual working time is eight hours.

Page 22

N+ Journal

You are given a choice of whether or not you wish to configure the DHCP options for the scope now or later. If you choose Yes then the upcoming screenshots will be of use to you. Choosing No will allow you to configure these options at a later stage.

Page 23

N+ Journal

The router, or gateway, IP address may be entered in next. The client computers will then know which router to use.

Page 24

N+ Journal
In the following window, the DNS and domain name settings can be entered. The DNS server IP address will be distributed by the DHCP server and given to the client.

If you have WINS setup then here is where to enter the IP Address of the WINS server. You can just input the server name into the appropriate box and press "Resolve" to allow it to find the IP address itself.

Page 25

N+ Journal

The last step is to activate the scope - just press next when you see the window below. The DHCP server will not work unless you do this.

Page 26

N+ Journal
The DHCP server has now been installed with the basic settings in place. The next stage is to configure it to the needs of your network structure.

Configuring a DHCP server


Hereunder is a simple explanation of how to configure a DHCP server. The address pool displays a list of IP ranges assigned for distribution and IP address exclusions. You are able to add an exclusion by right clicking the address pool text on the left hand side of the mmc window and selecting "new exclusion range". This will bring up a window (as seen below) which will allow you to enter an address range to be added. Entering only the start IP will add a single IP address.

DHCP servers permit you to reserve an IP address for a client. This means that the specific network client will have the same IP for as long as you wanted it to. To do this you will have to know the physical address (MAC) of each network card. Enter the reservation name, desired IP address, MAC address and description - choose whether you want to support DHCP or BOOTP and press add. The new reservation will be added to the list. As an example, I have reserved an IP address (10.0.0.115) for a client computer called Andrew.

Page 27

N+ Journal

Page 28

N+ Journal

Installing Active Directory


Here is a quick list of what you must have:

An NTFS partition with enough free space An Administrator's username and password The correct operating system version A NIC Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway) A network connection (to a hub or to another computer via a crossover cable) An operational DNS server (which can be installed on the DC itself) A Domain name that you want to use The Windows Server 2003 CD media (or at least the i386 folder) Brains (recommended, not required...)

Running DCPROMO After completing all the previous steps (remember you didn't have to do them) and after double checking your requirements you should now run Dcpromo.exe from the Run command. 1. Click Start, point to Run and type "dcpromo".

2.

The wizard windows will appear. Click Next.

3. In the Operating System Compatibility windows read the requirements for the domain's clients and if you like what you see - press Next.

Page 29

N+ Journal

4. 4. Choose Domain Controller for a new domain and click Next.

5.

Choose Create a new Domain in a new forest and click Next.\

Page 30

N+ Journal

6.

6. Enter the full DNS name of the new domain, for example - kuku.co.il - this must be the same as the DNS zone you've created in step 3, and the same as the computer name suffix you've created in step 1. Click Next.

This step might take some time because the computer is searching for the DNS server and checking to see if any naming conflicts exist.

Page 31

N+ Journal
7. Accept the the down-level NetBIOS domain name, in this case it's KUKU. Click Next

8.

Accept the Database and Log file location dialog box (unless you want to change them of course). The location of the files is by default %systemroot%\NTDS, and you should not change it unless you have performance issues in mind. Click Next.

Page 32

N+ Journal
9.
Accept the Sysvol folder location dialog box (unless you want to change it of course). The location of the files is by default %systemroot%\SYSVOL, and you should not change it unless you have performance issues in mind. This folder must be on an NTFS v5.0 partition. This folder will hold all the GPO and scripts you'll create, and will be replicated to all other Domain Controllers. Click Next.

10. If your DNS server, zone and/or computer name suffix were not configured correctly you will get the following warning:

Page 33

N+ Journal
This means the Dcpromo wizard could not contact the DNS server, or it did contact it but could not find a zone with the name of the future domain. You should check your settings. Go back to steps 1, 2 and 3. Click Ok. You have an option to let Dcpromo do the configuration for you. If you want, Dcpromo can install the DNS service, create the appropriate zone, configure it to accept dynamic updates, and configure the TCP/IP settings for the DNS server IP address. To let Dcpromo do the work for you, select "Install and configure the DNS server...". Click Next. Otherwise, you can accept the default choice and then quit Dcpromo and check steps 1-3. 11. If your DNS settings were right, you'll get a confirmation window.

Just click Next. 12. Accept the Permissions compatible only with Windows 2000 or Windows Server 2003 settings, unless you have legacy apps running on Pre-W2K servers.

Page 34

N+ Journal

13. Enter the Restore Mode administrator's password. In Windows Server 2003 this password can be later changed via NTDSUTIL. Click Next.

14.

Review your settings and if you like what you see - Click Next.

Page 35

N+ Journal

15. See the wizard going through the various stages of installing AD. Whatever you do - NEVER click Cancel!!! You'll wreck your computer if you do. If you see you made a mistake and want to undo it, you'd better let the wizard finish and then run it again to undo the AD.

Page 36

N+ Journal

16.

If all went well you'll see the final confirmation window. Click Finish.

Page 37

N+ Journal

17.

You must reboot in order for the AD to function properly.

18.

Click Restart now.

Page 38

N+ Journal
Recover Deleted Objects of Active Directory.

To manually undelete objects in a deleted object's container, follow these steps: 1. Click Start, click Run, and then type LDP.exe.

Note: If the LDP.exe utility is not installed, install the support tools from the Windows Server 2003 installation CD, or get them from Windows 2003 SP1 Support Tools. 2. Use the Connection menu in LDP to perform the connect operations and the bind operations to a Windows Server 2003 domain controller. Specify domain administrator credentials during the bind operation.

Page 39

N+ Journal

3. Click Options > Controls. 4. In the Load Predefined list, click Return Deleted Objects. Under Control Type, click Server, and the click OK.

Page 40

N+ Journal
5. Click View > Tree. Now type the distinguished name path of the deleted objects container in the domain where the deletion occurred, and then click OK.

Note: The distinguished name path is also known as the DN path. For example, if the deletion occurred in the petri.local domain, the DN path would be the following path:

6. In the left pane of the window, double click the Deleted Object Container. Note: As a search result of LDAP query, only 1000 objects are returned by default. For example, if more than 1000 objects exist in the Deleted Objects container, not all objects appear in this container. If your target object does not appear, use NTDSUTIL, and then set the maximum number by using maxpagesize to get the search results. 7. Double-click the object that you want to undelete or to reanimate. 8. Right-click the object that you want to reanimate, and then click Modify.

Page 41

N+ Journal

9. Next, change the value for the isDeleted attribute and the DN path in a single Lightweight Directory Access Protocol (LDAP) modify operation. To configure the Modify dialog, follow these steps: a. In the Edit Entry Attribute box, type isDeleted. Leave the Value box blank. b. Click the DELETE option button, and then click Enter to make the first of two entries in the Entry List dialog.

Important: Do not click Run at this phase!!! c. In the Attribute box, type distinguishedName. In the Values box, type the new DN path of the reanimated object. For example, to reanimate the TestUser user account to the Sales OU, use the following DN path:

Note: If you want to reanimate a deleted object to its original container, append the value of the deleted object's lastKnownParent attribute to its CN value, and then paste the full DN path in the Values box.

Page 42

N+ Journal
d. In the Operation box, click REPLACE. Click ENTER.

e. Click to select the Synchronous check box, and the Extended check box.

f. Click RUN. Note the results pane on the right side showing you that the operation was successful.

Page 43

N+ Journal
10. After you reanimate the objects, click Options > Controls and click the Check Out button to remove (1.2.840.113556.1.4.417) from the Active Controls box list.

11. Open Active Directory Users and Computers, and reset the user account passwords, profiles, home directories and group memberships for the deleted users. You need to do this because when the object was deleted, all the attribute values except SID, ObjectGUID, LastKnownParent and SAMAccountName were stripped. 12. Enable the reanimated account in Active Directory Users and Computers.

Note: The restored object has the same primary SID as it had before the deletion, but the object must be added again to the same security groups to have the same level of access to resources. The RTM release of Windows Server 2003 does not preserve the sIDHistory attribute on reanimated user accounts, computer accounts, and security groups, however, Windows Server 2003 with Service Pack 1 does preserve the sIDHistory attribute on deleted objects.

Page 44

N+ Journal
13. If you do not reset the reanimated user account's password you will get an error saying: Windows cannot enable object TestUser because:

Page 45

N+ Journal

To install SNMP on Windows XP or 2000 follow the steps given below:


1. You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 2. Click Start, point to Settings, click Control Panel, double-click Add or Remove Programs, and then click Add/Remove Windows Components. 3. In Components, click Management and Monitoring Tools (but do not select or clear its check box), and then click Details. 4. Select the Simple Network Management Protocol check box, and click OK. 5. Click Next. 6. Insert the respective CD or specify the complete path of the location at which the files stored. 7. SNMP starts automatically after installation.

Configuring SNMP Agent


To configure SNMP agent in Windows XP and 2000 systems, follow the steps given below:
Step 1 - Click Start, point to Settings, and then click Control Panel. Doubleclick Administrative Tools and then double-click Computer Management. Step 2 - In the console tree, click Services and Applications and then click Services. Step 3 - In the details pane, scroll down and click SNMP Service. Step 4 - On the Action menu, click Properties. Step 5 - On the Security tab, select Send authentication trap if you want a trap message to be sent whenever authentication fails. Step 6 - Under Accepted community names, click Add. Step 7 - Under Community Rights, select a permission level for this host to process SNMP requests from the selected community. Step 8 - In Community Name, type a case-sensitive community name, and then click Add. Step 9 - Specify whether or not to accept SNMP packets from a host:

Page 46

N+ Journal
To accept SNMP requests from any host on the network, regardless of identity, click Accept SNMP packets from any host. o To limit acceptance of SNMP packets, click Accept SNMP packets from these hosts, click Add, type the appropriate host name, IP or IPX address, and then click Add again.
o

Step 10 - Click Apply to apply the changes.

Configuring Traps
Step 1 - Click Start, point to Settings, and then click Control Panel. Doubleclick Administrative Tools, and then double-click Computer Management. Step 2 - In the console tree, click Services and Applications and then click Services. Step 3 - In the details pane, click SNMP Service. Step 4 - On the Action menu, click Properties. Step 5 - On the Traps tab, under Community name, type the case-sensitive community name to which this computer will send trap messages, and then click Add to list. Step 6 - In Trap destinations, click Add. Step 7 - In Host name, IP or IPX address, type information for the host, and click Add. Step 8 - Repeat steps 5 through 7 until you have added all the communities and trap destinations you want. Step 9 - Click OK to apply the changes.

Page 47

N+ Journal

Configure Web Printer


1.

1. First Install Web Printing Service.

Click Start Control Panel Add/Remove Programs Add/Remove Windows Components.

2. Select the Application Server Option and click Details

3. Select the Internet Information Services (IIS) option and click Details

Page 48

N+ Journal

4. Select Internet Printing option and click OK.

5. After the complete the process then click the Next.

Page 49

N+ Journal

6. Click Finish to complete.

2. Second Install Printer At Local Machine ( Print Server or Any Local Machine On Which Web Printing Service Running )

Page 50

N+ Journal
1.

Click start Control Panel Printer and Faxes

2. Click Add a Printer from Printer task. 3. Click Next to install printer

4. Select the port or create a new port and then click Next.

Page 51

N+ Journal

5. Select the printer manufacture and select printer model and then click Next to install printer driver.

6. Type the name of printer and then click Next.

Page 52

N+ Journal

7. Type the share name of printer and then click Next.

Page 53

N+ Journal

8. Give the location of printer and description and then click Next.

9. If you want to print a test page then select Yes otherwise No and then click Next.

Page 54

N+ Journal

10.

Click Finish to complete the process.

Page 55

N+ Journal

3. Install the Printer at client end.


1.

Click start Control Panel Printers and Faxes

2. Click Add a printer from Printer task panel. 3. Click Next to install printer.
Page 56

N+ Journal

4. Select a network printer and click Next.

5. Select the third option and give the URL of printer on the internet and then click Next.

Page 57

N+ Journal

6. Give the appropriate security and then click Next.

7. Click Finish to complete the process.

Page 58

N+ Journal

Page 59

N+ Journal

Configure TFTP.
The TFTP Server runs in a background mode, it does not have any user interface. There are number of ways to monitor and configure your server:

TFTP Server Configuration Manager Service Manager Log Files Windows NT/2000 EventLog

TFTP Server Configuration Manager TFTP Server Configuration Manager is a special utility intended for TFTP Server configuration. You can run the TFTP Server Configuration Manager from the WinAgents TFTP Server group in Start menu. The main window of the application contains four property sheets allowing you to manage different aspects of the service configuration.

Figure 1. TFTP Software Configuration (page 1).

The first page allows to configure basic parameters of the TFTP software. You can specify TFTP root directory, port which the TFTP Server will listen, timeout and number of retries here. On the first page you can specify if the server will overwrite existing files during write requests. In addition you can increase base priority of the server process usgin the 'High priority level'

Page 60

N+ Journal
checkbox. It will make the server more efficient under heavy load. Finaly, you can specify TFTP options supported by the server. Currently, the following options are available:

timeout - allows the server to accept tftp timeout setting from tftp clients. blocksize - allows the server to accept size of transfer blocks setting from tftp clients. TFTP protocol uses 512-byte blocks to transfer data by default. However, tftp clients can request to use large blocks in order to increase performance. tsize - if this option supported, tftp clients can request size of fiel before the transfer will start.

Figure 2. TFTP Server Configuration (page 2).

The second page allows you to configure access rights based on the clients IP addresses. There are two sorts of access rights available: default rights and per-client rights. The server applies default rights until the client has per-client rights. The following rights are available:

No access - client does not have access to TFTP server Read - client can only read files from TFTP server Write - client can only write files to TFTP server. Read/Write - client have both Read and Write access to TFTP server

We recommend to specify No Access by default and grant neccessary access rights only to restricted set of TFTP clients.

Page 61

N+ Journal
Also, you can add exceptions to the default rule. After you click 'Add' button at the bottom of the exceptions list, you will get the rule editing dialog. It allows you to configure custom access right for specified network or single IP address. The Figure 3 illustrates the rule editing dialog.

Figure 3. Editing IP-based access rule.

The fourth page allows network administrators to specify UDP port range used by TFTP Server to transfer data. TFTP protocol uses fortuitous UDP ports for client sessions. It makes hard to specify firewall rules permitting traffic to TFTP Server. This page helps to restrict port range and makes possible to describe incoming TFTP traffic on firewall.

Figure 4. TFTP Server Configuration (page 3).

Page 62

N+ Journal
The fifth page allows you to define logging options. You can turn logging on by clicking 'Write Log' checkbox on the first page. In case you want to log server messages, you should specify directory where the logfiles would be stored. Also, you can specify the number of logfiles in the directory, logging level and timestamp type. The service rotates logfiles if the number of logfiles you specified are exceeded.

Figure 5. TFTP Server Configuration (page 4).

Service Manager Service Manager allows you to manage the state of your TFTP Server. Please see special page for more information related to Service Manager. Log Files During the operation time, the TFTP Server writes information messages into the logfiles. You can view these logfiles using any text viewer. The logfiles contain timestamped text messages. The server uses UNC timestamps, so you should apply timezone offset in order to get local time related to appropriate message. For example, the text log can contain the following strings: 2002/10/15 12:03:41 2002/10/15 12:04:44 2002/10/15 12:04:44 2002/10/15 12:18:27 2002/10/15 12:18:27 192.168.1.2:53549 UTC UTC UTC UTC UTC [1896/1776]: [2248/1896]: [2248/1896]: [2248/1896]: [2248/1896]: Listener stopped. Starting TFTP listener... Listening for requests... Processing TFTP request... Request from

Page 63

N+ Journal
2002/10/15 12:18:27 UTC [2248/1204]: Write request for borderconfig; mode=octet 2002/10/15 12:18:27 UTC [2248/1204]: Write request for borderconfig completed successfully. 2759 bytes received from the client. Each string corresponds to the following format: yyyy/mm/dd hh:mm:ss timezone [ProcessID/ThreadID]: message You can quickly access to TFTP Server log files through the 'Log Files' shortcut located in 'Start->Programs>WinAgents TFTP Service' group. Windows NT/2000 EventLog The TFTP Server uses Windows NT/2000 EventLog to write most critical messages. You can view EventLog using EventLog Viewer utility. TFTP Server messages have source named 'TFTPd'. Please refer to EventLog if you do not have any messages in TFTP Server logfiles - it will help you to solve the problem.

Page 64

N+ Journal

Install And Configure FTP Server


IIS is not installed by default during a standard installation of Windows Server 2003, and if you installed IIS using Manage Your Server as described in the previous article this installs the WWW service but not the FTP service. So before we can create FTP sites we first have to install the FTP service on our IIS machine. To do this, we need to add an additional component to the Application Server role we assigned our machine when we used Manage Your Server to install IIS. Begin by opening Add or Remove Programs in Control Panel and selecting Add/Remove Windows Components. Then select the checkbox for Application Server:

Click Details and select the checkbox for Internet Information Services (IIS):

Page 65

N+ Journal

Click Details and select the checkbox for File Transfer Protocol (FTP) Services.

Click OK twice and then Next to install the FTP service. During installation you''ll need to insert your Windows Server 2003 product CD or browse to a network distribution point where the Windows Server 2003 setup files are located. Click Finish when the wizard is done. Page 66

N+ Journal

Creating an FTP Site


As with web sites, the simplest approach to identifying each FTP site on your machine is to assign each of them a separate IP address, so let''s say that our server has three IP addresses (172.16.11.210, 172.16.11.211 and 172.16.11.212) assigned to it. Our first task will be to create a new FTP site for the Human Resources department, but before we do that let''s first examine the Default FTP Site that was created when we installed the FTP service on our machine. Open IIS Manager in Administrative Tools, select FTP Sites in the console tree, and right-click on Default FTP Site and select Properties:

Just like the Default Web Site, the IP address for the Default FTP Site is set to All Unassigned. This means any IP address not specifically assigned to another FTP site on the machine opens the Default FTP Site instead, so right now opening either ftp://172.16.11.210, ftp://172.16.11.211 or ftp://172.16.11.212 in Internet Explorer will display the contents of the Default FTP Site. Let''s assign the IP address 172.16.11.210 for the Human Resources FTP site and make D:\HR the folder where its content is located. To create the new FTP site, right-click on the FTP Sites node and select New --> FTP Site. This starts the FTP Site Creation Wizard. Click Next and type a description for the site:

Page 67

N+ Journal

Click Next and specify 172.16.11.210 as the IP address for the new site:

Click Next and select Do not isolate users, since this will be a site that anyone (including guest users) will be free to access: Page 68

N+ Journal

Click Next and specify C:\HR as the location of the root directory for the site:

Click Next and leave the access permissions set at Read only as this site will only be used for downloading forms for present and prospective employees: Page 69

N+ Journal

Click Next and then Finish to complete the wizard. The new Human Resources FTP site can now be seen in IIS Manager under the FTP Sites node:

To view the contents of this site, go to a Windows XP desktop on the same network and open the URL ftp://172.16.11.210 using Internet Explorer:

Page 70

N+ Journal

Note in the status bar at the bottom of the IE window that you are connected as an anonymous user. To view all users currently connected to the Human Resources FTP site, right-click on the site in Internet Service Manager and select Properties, then on the FTP Site tab click the Current Sessions button to open the FTP User Sessions dialog:

Page 71

N+ Journal

Setting up Windows 2003 as a Terminal Server


Open the configure your server wizard from Administrative Tools and in the select a role section, choose Terminal Server and click Next twice to confirm your actions. The wizard will then start to install the required files and warn you that the machine will have to be restarted during the installation process. Close any open programs and click OK.

The installation will continue for a few minutes before the machine is restarted. After the machine has booted and you logon, you are presented with a confirmation screen that states the computer is now a terminal server.

Page 72

N+ Journal

It is important to take note that a 120-day evaluation period has been allocated for unlicensed clients. If you do not obtain a license within that period then terminal services clients will no longer be able to initiate a session.

Licensing
This is probably where the most changes have been made. Microsoft have introduced a per user license to add to the already familiar per device method. To make your machine a terminal server license server you will have to install it separately. This can be done from the windows components wizard section in the add/remove window from the control panel.

Page 73

N+ Journal

Once you have installed this option your server will be listed in the terminal server licensing console. You will have to activate the server before it can start distributing licenses. Activation of the licensing server can be done via a direct connection to the internet, a web browser or over the telephone. The following is a screenshot of the terminal server licensing console demonstrating what you would have to do to start the activation process.

Page 74

N+ Journal
This will bring up a wizard asking you to enter details and select options to suite your needs. Follow the on screen instructions and press Finish when you are done. Terminal Services Manager When you select the server name you can choose to view and manage the Users, Sessions or Processes tab. The green icons indicate that the server is online. If you had to disconnect it, the icons would be gray. The Users tab allows you to see who is connected, how long they have been connected and the state of their connection. If you select a user and right click you can disconnect or reset the users session, send a message (which will be displayed as a pop-up message box on the client side), view the status or log the person out of the terminal server session. The Sessions tab permits the viewing and control of the terminal server sessions. You can right click a session and select the status to see the incoming and outgoing data or reset to reset the session. The processes tab shows all the processes that are running and which user they belong to (this is a simplified version of the processes tab found on the windows task manager). Select a user, click the right mouse button and choose end process to kill the process. The image below shows the Terminal Services Manager with an active connection initiated by a user (andrew).

If you select the RDP-Tcp#12 (username) option you can view the processes and session information specific to that user. Note: The #12 number will be different for each session. Favorite servers will list all the servers that you have added as a favourite - you can do this by right clicking a server and selecting add to favorites. Page 75

N+ Journal
You are able to connect to multiple terminal servers by press Actions > Connect to computer. These will be listed in the All Listed Servers node. Terminal Services Configuration The screenshot below is that of the Terminal Services Configuration.

Any connections that have been setup will be displayed in the connections part of the console. Double click a connection to open the properties page.

Page 76

N+ Journal

The following table will describe what actions you may take on each tab. Tab Description General add a comment, change the encryption level, enable standard windows authentication Logon Settings select whether or not to always use the same credentials for logging on, enable always prompt for password Sessions select whether to override the users settings with a set of predefined settings Environment choose to override settings of a user profile and run a program when the user logs on Remote Control change the way the remote control facility is used, disable remote control Client Settings change connection, colour and mappings settings

Page 77

N+ Journal
Network Adapter specify the type of network adapter you want to use and change the connection limit Permissions specify the user permissions (who has access to the terminal server and who doesnt) The server settings section enables you to modify the settings of the server. Double click a setting from the list to bring up the appropriate window and be given the option to make a change.

Each setting shown in the above window is self explanatory. The settings in the list each have an attribute which you can set according to your preferences. Web Client The terminal services web client will allow you to logon to a terminal server from your web browser. This is very handy as it provides quick and easy access from anywhere. Open your web browser and in the address bar type the following details: http://server_name/tsweb

Page 78

N+ Journal
where server_name is the name of the terminal server (this can also be the IP address). If the WWW service and the tsweb website has been started on the server then you will be directed to a page like the one seen below:

Enter the name of the server you want to connect to and choose the size of the screen before clicking connect. If you do not already have the required ActiveX component installed then you will be prompted to install it click Yes when the window pops up and asks you to confirm the setup. In my example I have chosen for the screen to use a 800x600 display size. The web browser will act as a place holder for the terminal services screen to be displayed, as shown in the following screenshot.

Page 79

N+ Journal

Page 80

N+ Journal
Block ICMP PING
1. Go to Start>Run. 2. Type gpedit.msc (i.e. Group Policy).It will open the Group Policy Winow. 3. Go to Computer Configuration > Windows Settings > Security Settings > IP Security Polices on Local Computer 4. Right Click in the right window and click on Create IP Security Policy. This will open a wizard for Creating a new Policy. 5. Give the name of the new ip security policy.

Page 81

N+ Journal
6. Click on Activate default response rule.

Page 82

N+ Journal
7. Define the response rule authentication Method.

Page 83

N+ Journal
8. This will open the window that allow you to add properties of that policy.

Page 84

N+ Journal
9. Click on Add to define new IP security rule. NOTE:-Remove the use Ad Wizard check mark.

Page 85

N+ Journal
10. Click on Add button to add new IP Filter List.

Page 86

N+ Journal
11. Give the name and click Add button.

Page 87

N+ Journal
12. Provide the filtering for that filter action. For example if you want to block the any outside machine to ping your machine give the following settings

Page 88

N+ Journal
13. Because you are blocking the ICMP you have to select the ICMP from the list.

Page 89

N+ Journal
14. Set that list as default by clicking on it.

Page 90

N+ Journal
15. Click on filter action to define a filter action and then click on Add Button.

Page 91

N+ Journal
16. Because you want to block the ping you have to select the block.

Page 92

N+ Journal

17. Set it as default by clicking on it. Press apply and ok button for all open windows.

Page 93

N+ Journal

18. To apply this policy, right click on the policy and click on Assign.

Page 94

N+ Journal
You have block the ICMP ping using this policy. If any machine try to ping your IP address it will get the following window.

Page 95

N+ Journal
Prevent Any Windows Application
1. Go to Start > Run and type gpedit.msc 2. Go to User Configuration > Administrative Templates >System and Double Click on Dont Run Specified Windows Application

Page 96

N+ Journal
3. If it is Disabled or Not Configured, enable it and click on Show Button.

Page 97

N+ Journal
4. Click on Add button to add program path that you want to block. For example if you want to block command prompt type cmd.exe.

5. Press ok button and update the Group Policy. To update Group Policy go to run and type gpupdate /force 6. Try to open the Command Prompt you will get the following Message.

Page 98

N+ Journal

Red hat Installation


There are two way to install the Red hat Linux Operating System. 1. Graphical Mode. 2. Text Mode.

1. Graphical Mode Installation of Red hat Linux.

1. Press the Enter Key to install the red hat graphically.

Page 99

N+ Journal
2. Select Skip and press Enter to Skip the CD testing.

3. Click Next to installation process.

Page 100

N+ Journal
4. Select the language would you like to use during the installation process and then Click Next.

5. Select the appropriate keyboard language and then click Next.

Page 101

N+ Journal
6. Select Skip entering Installation Number and then Click OK.

7. Click the Skip the Installation Number process.

Page 102

N+ Journal
8. Read the instruction and give the appropriate answer for warning message box.

9. If you want to create portions manually then select Create custom layout and then Click Next.

Page 103

N+ Journal
10. Select the Free Area of Drive and click New to create partition As your requirement. If you want to edit the particular partition then select the Partition that you want edit then click Edit button. If you want to delete particular Partition then select the partition that you want delete and then click the Delete Button. Click Next.

11. If you want to set boot loader password then check mark the Use a boot loader Password and then give the password. And configure the advance boot loader Options as your requirements. Click Next.

Page 104

N+ Journal
12. Select the region and then click Next.

13. Give the Root Password and then Click Next.

Page 105

N+ Journal
14. If you want to customize installation then select Customize now option and then click Next other wise click Next

15. Click Next.

Page 106

N+ Journal
16. After all package is installed, click Next.

17. Click Reboot to restart the computer or system.

Page 107

N+ Journal
18. Click Forward to configure the installed Red hat operating system.

19. Select the Yes, I agree to the License Agreement and click Forward.

Page 108

N+ Journal
20. Configure the Firewall as your requirements.

21. Set SELinux Setting as Permissive and click Forward.

Page 109

N+ Journal
22. If you want to set Kdump memory then check mark Enable kdump and then click Forward.

23. Set the date and time and then click Forward.

Page 110

N+ Journal
24. Set up software updates and then click Forward.

25. Create the user and then click Forward.

Page 111

N+ Journal
26. Test the sound card and then click Forward.

27. If you want to install additional packages from CD then click install button other Wise click Finish.

Page 112

N+ Journal
2. Text Mode Installation of Red hat Linux.
1. Type the linux text and then enter

2. Click Skip to skip the CD testing process.

Page 113

N+ Journal
3. Click OK to setup Red hat Linux.

4. Select Language would you like to use during the installation and press OK.

Page 114

N+ Journal
5. Select the model of keyboard attached to this computer and click OK.

6. Select Skip entering Installation Number and click OK.

Page 115

N+ Journal
7. Select Skip and press enter.

8. Click Yes to initialize the drive and erase all data on drive.

Page 116

N+ Journal
9. Select Create custom layout and click OK.

10. Select Free space and create the partitions as your requirements you also delete and Edit the partitions. After create all partitions select OK and press enter.

Page 117

N+ Journal
11. Click Yes to continue.

12. Select Use GRUB Boot Loader if you want to use it otherwise select No Boot Loader And then click OK.

Page 118

N+ Journal
13. Configure the Boot Loader and then click OK.

14. If you want to set password on boot loader then select Use a GRUB Password, give The password and then click OK otherwise click OK.

Page 119

N+ Journal
15. Configure the boot loader and Edit and click OK.

16. Give the location on which you want to install boot loader and then click OK.

Page 120

N+ Journal
17. Select the time zone and click OK.

18. Give the root password and then click OK.

Page 121

N+ Journal
19. If you want to install only specific package then select Customize software selection and then click OK.

20. Click OK.

Page 122

N+ Journal
21. All your selected software will be installed.

22. Click Reboot to restart the machine or system.

Page 123

N+ Journal
23. Select the listed item and click Run Tool to configure the item otherwise click Exit.

Page 124

N+ Journal

Install and Configure the IIS (Internet Information Services)


1. Install the Internet Information Services.
1. Select Start Settings Control Panel. 2. Double click Add or Remove Programs.

Page 125

N+ Journal

3. Click Add/Remove Windows Components.

4. Select Application Server components. 5. Click Next.

Page 126

N+ Journal

6. During configuration, IIS setup prompts for windows server 2003, Enterprise Edition CD-ROM. The Insert Disk message box appears.

7. Insert the windows server 2003 Enterprise Edition CD. 8. Click OK.

9. Click Finish.

Page 127

N+ Journal

2. Configure Internet Information Services.

1. Select Start Programs Administrative Tools Internet

Information Services (IIS) Manager.

2. Expand ANGELSOF-E05P9P(local computer).

Page 128

N+ Journal

3. Expand Web Services Extensions to display the status of the Web Service Extensions Supported by IIS.

4. Select Active Server Pages from the Web Service Extension list. 5. Click Allow.

Page 129

N+ Journal

3. Configure IIS to enable Internet Data Connector.


Select Start Programs Administrative Tools Internet Information Services (IIS) Manager.
1.

2. Expand ANGELSOF-E05P9P(local computer). 2. Expand Web Services Extensions to display the status of the Web Service Extensions Supported by IIS. 4. Select Internet Data Connector from the Web Service Extension list. 5. Click Allow.

4. Administrating the IIS (To Access a Remote Server Running IIS)


Page 130

N+ Journal
1.

Select Start Programs Administrative Tools Internet Information Services (IIS) Manager. Expand ANGELSOF-E05P9P(local computer). 3. Select Connect.

2.

4. Enter the remote server name in the Computer Name text box. 5. Select the Connect As. Check box. 6. Enter the Appropriate user name and password to connect as an administrator. 7. Click OK. A IIS Manger console screen appears.

Page 131

N+ Journal

5. Create a Web Site


1. Create a folder, Windows_2003 under the D: drive. 2. Open the notepad. 3. 4.
5.

Enter the text Welcome to the IIHT Institute. Save the file as iiht.htm under the D:\Windows_2003.

Select Start Programs Administrative Tools Internet Information Services (IIS) Manager. 6. 7. Expand ANGELSOF-E05P9P(local computer). Expand Web Sites.

Page 132

N+ Journal

8. 9.

Right click Default Web Site. Select Stop. 10. Select Web Sites. 11. Select Action New Web Site.

Page 133

N+ Journal
12. Click Next.

13. Enter Windows_2003 in the Description text box. 14. Click Next. The IP Address and Port Settings screen appears.

Page 134

N+ Journal
15. Click Next. The Web Site Home Directory screen appears.

16. 17.

Enter the D:\WINDOWS_2003 in the Path text box. Click Next. Web Site Permissions screen appears.

Page 135

N+ Journal

18. 19. 20.

Select Read, Run scripts and Browse check boxes. Click Next. Click Finish.

6. Securing IIS By Assigning Basic Authentication.


Page 136

N+ Journal
Select Start Programs Administrative Tools Internet Information Services (IIS) Manager.
1.

2. 3.

Right click Windows_2003. Select Properties.

4.

Click the Directory Security tab.

Page 137

N+ Journal

5.

Click Edit from the Authentication and access control group box.

6. Clear the Enable anonymous access check box to prevent any unauthorized user from accessing Windows_2003 Web Site.
Page 138

N+ Journal
7. Clear Integrated Windows authentication check box.

8. Select the Basic authentication (password is sent in clear text) check box to implement the authentication method.

9. 10. 11. 12. 13.

Click Yes to return to Authentication Methods screen. Click OK to return to Directory Security dialog box. Click Apply. Click OK. Close the Internet Information Services (IIS) Manager console.

14. After Securing Web Site, you need to verify whether authentication is applied. 15. Open the Internet Explorer window.

Enter the http://Windows_2003/iiht.htm. The Enter Network Password dialog box appears.
16. Page 139

N+ Journal

17. 18. 19.

Enter the user name in the User Name text box. Enter the password in the Password text box. Click OK. The Web Site window appears.

Page 140