You are on page 1of 40


Run the following commands and write the use of each command
C:\Documents and Settings\Administrator>ipconfig
Windows 2000 IP Configuration
Ethernet adapter Local Area Connection:
IP Address. . . . .
Subnet Mask . . . .
Default Gateway . .

. .
. .
. .

. . . .
. . . .
. . . .



C:\Documents and Settings\Administrator>ping
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] destination-list

Ping the specified host until stopped.
To see statistics and continue - type Control-Br
To stop - type Control-C.
Resolve addresses to hostnames.
Number of echo requests to send.
Send buffer size.
Set Don't Fragment flag in packet.
Time To Live.
Type Of Service.
Record route for count hops.
Timestamp for count hops.
Loose source route along host-list.
Strict source route along host-list.
Timeout in milliseconds to wait for each reply.

Microsoft (R) Windows 2000 (TM) Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Client
Telnet Client Build 5.00.99206.1
Escape Character is 'CTRL+]'
Microsoft Telnet>
C:\Documents and Settings\Administrator>diskperf

Physical Disk Performance counters on this system are currently set to start

C:\Documents and Settings\Administrator>netdiag
'netdiag' is not recognized as an internal or external command,
operable program or batch file.
C:\Documents and Settings\Administrator>netstat
Active Connections

Local Address

Foreign Address

C:\Documents and Settings\Administrator>pathping
Usage: pathping [-n] [-h maximum_hops] [-g host-list] [-p period]
[-q num_queries] [-w timeout] [-t] [-R] [-r] target_name
Do not resolve addresses to hostnames.
Maximum number of hops to search for target.
Loose source route along host-list.
Wait period milliseconds between pings.
Number of queries per hop.
Wait timeout milliseconds for each reply.
Test connectivity to each hop with Layer-2 priority tags.
Test if each hop is RSVP aware.
C:\Documents and Settings\Administrator>ftp

C:\Documents and Settings\Administrator>tftp
Transfers files to and from a remote computer running the TFTP service.
TFTP [-i] host [GET | PUT] source [destination]


Specifies binary image transfer mode (also called
octet). In binary image mode the file is moved
literally, byte by byte. Use this mode when
transferring binary files.
Specifies the local or remote host.
Transfers the file destination on the remote host to
the file source on the local host.
Transfers the file source on the local host to
the file destination on the remote host.
Specifies the file to transfer.
Specifies where to transfer the file.


C:\Documents and Settings\Administrator>sfc
Microsoft(R) Windows 2000 Windows File Checker Version 5.00
(C) 1999 Microsoft Corp. All rights reserved
Scans all protected system files and replaces incorrect versions with correct
Microsoft versions.

Scans all protected system files immediately.
Scans all protected system files once at the next boot.
Scans all protected system files at every boot.
Cancels all pending scans of protected system files.
Replaces all incorrect file versions without prompting the user.

Enables Windows File Protection for normal operation
/PURGECACHE Purges the file cache and scans all protected system files
/CACHESIZE=x Sets the file cache size
C:\Documents and Settings\Administrator>nbtstat
Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).
NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]

(adapter status) Lists the remote machine's name table given its name
(Adapter status) Lists the remote machine's name table given its

IP addresses

IP address.
Lists NBT's cache of remote [machine] names and their
Lists local NetBIOS names.
Lists names resolved by broadcast and via WINS
Purges and reloads the remote cache name table
Lists sessions table with the destination IP

Lists sessions table converting destination IP
addresses to computer NETBIOS names.
(ReleaseRefresh) Sends Name Release packets to WINs and then, starts

IP address

Remote host machine name.
Dotted decimal representation of the IP address.
Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying

C:\Documents and Settings\Administrator>rcp
Copies files to and from computer running the RCP service.
RCP [-a | -b] [-h] [-r] [host][.user:]source [host][.user:] path\destination

Specifies ASCII transfer mode. This mode converts
the EOL characters to a carriage return for UNIX
and a carriage
return/line feed for personal computers. This is
the default transfer mode.
Specifies binary image transfer mode.
Transfers hidden files.
Copies the contents of all subdirectories;
destination must be a directory.
Specifies the local or remote host. If host is
specified as an IP address OR if host name contains
dots, you must specify the user.
Specifies a user name to use, rather than the
current user name.
Specifes the files to copy.
Specifies the path relative to the logon directory
on the remote host. Use the escape characters
(\ , ", or ') in remote paths to use wildcard
characters on the remote host.
C:\Documents and Settings\Administrator>lpr
Sends a print job to a network printer
Usage: lpr -S server -P printer [-C class] [-J job] [-o option] [-x] [-d]
-S server

Name or ipaddress of the host providing lpd service

0.x and prior Send data file first tracert C:\Documents and Settings\Administrator>tracert Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name Options: -d -h maximum_hops -j host-list -w timeout Do not resolve addresses to hostnames.1 route C:\Documents and Settings\Administrator>route Manipulates network routing tables.1. Maximum number of hops to search for target. Wait timeout milliseconds for each reply.5 -P -C -J -o -x -d printer class job option Name of the print queue Job classification for use on the burst page Job name to print on the burst page Indicates type of the file (by default assumes a text file) Use "-o l" for binary (e. ROUTE [-f] [-p] [command [destination] [MASK netmask] [gateway] [METRIC metric] [IF interface] . postscript) files Compatibility with SunOS 4.g. verifier nslookup C:\Documents and Settings\Administrator>nslookup *** Default servers are not available Default Server: UnKnown Address: 127.0. Loose source route along host-list.

it defaults to 255. Diagnostic Notes: Invalid MASK generates an error. routes are not preserved when the system is restarted. This option is not supported in Windows 95.0 destination^ ^mask > > > > lpq 157.1. One of these: PRINT Prints a route ADD Adds a route DELETE Deletes a route CHANGE Modifies an existing route Specifies the host.0. route PRINT route PRINT 157* ..*.0 MASK 255.. and only matching destination routes are printed. that is when (DEST & MASK) != DEST.6 -f Clears the routing tables of all gateway entries. it tries to find the best interface for a given gateway. All symbolic names used for destination are looked up in the network database file NETWORKS.0.0 157. Destination or gateway can be a wildcard.0 MASK 155. (wildcard is specified as a star '*').0 route PRINT .0. and '?' matches any one char.1 METRIC 3 IF 2 ^gateway metric^ ^ Interface^ If IF is not given. Only prints those matching 157* route DELETE 157. Example> route ADD 157. If Dest contains a * or ?. By default.55. 157. 127. makes a route persistent -p across command destination MASK netmask gateway interface METRIC boots of the system. If this is used in conjunction with one of the commands. which always affect the appropriate persistent routes. When used with the ADD command.255. specifies the metric. mask parameter is invalid.0. Examples: > route PRINT > route ADD 157. *224*.80.*.0. ie. The symbolic names for gateway are looked up in the host name database file HOSTS. Examples: 157. The '*' matches any string. If the command is PRINT or DELETE.0. Specifies a subnet mask value for this route entry.0. If not specified. Specifies that the next parameter is the 'netmask' value. Specifies gateway.255. it is treated as a shell pattern.0.*.55. the interface number for the specified route.0.80.0. Ignored for all other commands. or the gateway argument may be omitted.1 IF 1 The route addition failed: The specified (Destination & Mask ) != Destination. the tables are cleared prior to running the command.255. cost for the destination..

File and folder verification is complete.7 C:\Documents and Settings\Administrator>lpq Displays the state of a remote lpd queue. rsh C:\Documents and Settings\Administrator>rsh Runs commands on remote hosts running the RSH service. Windows has checked the file system and found no problem. If omitted. 53.058.. operable program or batch file. operable program or batch file. Usage: lpq -Sserver -Pprinter [-l] Options: -S server -P printer -l Name or ipaddress of the host providing lpd service Name of the print queue verbose output C:\Documents and Settings\Administrator> net session C:\Documents and Settings\Administrator>net session There are no entries in the list.223 folders. nettime C:\Documents and Settings\Administrator>nettime 'nettime' is not recognized as an internal or external command. Redirects the input of RSH to NULL.. 1. RSH host [-l username] [-n] command host -l username -n command Specifies the remote host on which to run command. Specifies the command to run. 39.440 KB in 3. Volume HCL created 22/08/2002 5:53 PM Volume Serial Number is 3A51-1906 Windows is verifying files and folders. drivers C:\Documents and Settings\Administrator>drivers 'drivers' is not recognized as an internal or external command. chkdsk C:\Documents and Settings\Administrator>chkdsk The type of the file system is FAT32.992 KB total disk space. Specifies the user name to use on the remote host.888 KB in 734 hidden files. the logged on user name is used. .287.

328..389.464 KB in 67. -s Adds the host and associates the Internet address inet_addr with the Physical address eth_addr. inet_addr Specifies an internet address.55. this specifies the Internet address of the interface whose address translation table should be modified.384 bytes in each allocation unit..85. hostname C:\Documents and Settings\Administrator>hostname Amb net account C:\Documents and Settings\Administrator>net account The syntax of this command is: NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] arp C:\Documents and Settings\Administrator>arp Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP)...441.8 22. ARP -s inet_addr eth_addr [if_addr] ARP -d inet_addr [if_addr] ARP -a [inet_addr] [-N if_addr] -a Displays current ARP entries by interrogating the current protocol data. Adds a static entry.. if_addr If present. The entry is permanent.187 total allocation units on disk. 16. Displays the arp table.. -N if_addr Displays the ARP entries for the network interface specified by if_addr. > arp -a . . The Physical address is given as 6 hexadecimal bytes separated by hyphens. 2. entries for each ARP table are displayed. 961. 15.626 files.212 00-aa-00-62-c6-09 . -d Deletes the host specified by inet_addr. eth_addr Specifies a physical address. Example: > arp -s 157. If inet_addr is specified. -g Same as -a.184 KB are available. the IP and Physical addresses for only the specified computer are displayed. inet_addr may be wildcarded with * to delete all hosts. If more than one network interface uses ARP. the first applicable interface will be used.824 allocation units available on disk. If not present.

netsh>set mode interface 'mode' is not an acceptable value for 'interface'. set mode . netsh>set machine .00 Unable to open transport \Device\NwlnkIpx.One of the following values: online: Commit changes immediately offline: Delay commit until explicitly requested Remarks: Sets the current mode to online or offline.Sets the current mode to online or offline.9 AIM: Modify the routing table using ipzroute C:\Documents and Settings\Administrator>ipxroute NWLink IPX Routing and Source Routing Control Program v2. netsh>set mode Usage: set mode [ mode= ] { online | offline } Parameters: Tag mode Value . AIM: Show tcp/ip netsh>show mode tcp/ip online AIM: Configure interfaces: netsh>set The following commands are available: Commands in this context: set machine . netsh>set interface The following command was not found: set interface. The parameter is incorrect.Sets the current machine on which to operate.

3. Right-click the dial-up connection we want to configure. Open Network and Dial-up Connections.10 AIM: To configure remote access 1. and then click Network and Dial-up Connections . configure. Validate my Automatically use my Windows Require data identity as logon name and password (and encryption follows domain if any) (disconnect if none) Allow unsecured Unavailable Unavailable password Require secured Available Available password Use smart card Unavailable Available o To individually enable. click Typical (recommended settings). click Advanced (custom settings). and in Validate my identity as follows. 2. do one of the following: o To select preconfigured combinations of identity authentication methods and data encryption requirements. and then click Properties. On the Security tab. and then click Settings. click Start. point to Settings. Note • To open Network and Dial-up Connections. click a method to use for validation. and disable authentication methods and encryption requirements. Important • Modifying Advanced (custom settings) requires a knowledge of security protocols.

Have atleast 6 characters .txt \linu AIM: Change the permission of ignou.txt AIM: Find the files in home directory those names are starting with s and redirect the output into a file redirecting.-r-33 root root 5 oct 2 12:30 a2 -rwxr-x— 33 root root 4 oct 2 12:45 a.log Ls –al drwxr-x.Find out what different commands available to change the permissions of files are the Chmod a+x ignou.c AIM: Make subdirectories called uni and linu in home directory Made? Now delete the subdirectory called uni Mkdir uni Mkdir linu Rmdir linu AIM: Create a file called “ignou.txt \ab\a.txt Ls –l s* >redirecting.txt Mv ignou.txt”.txt to rwxrwxr-x.out desktop frmstat.txt Chmod g-w ignou.different from previous password 2.ui install.txt Chmod o-w ignou.Now copy this file and paste directory . drwx—xr-x 33 root root 6 oct 2 10:42 a1 -rw-r.txt Cp ignou. Copied move the file also from one directory to other to other Cat > ignou.c agm a.txt AIM: Change the password and write down the restrictions for given password Passwd Enter new password: Re enter new password: Restrictions to password 1.11 LINUX / UNIX OPERATING SYSTEM AIM: Try to execute following commands and write the results of each Ls aa ab abc agm rajesh biju sem2 Pwd home\sem Ls –x a1 a2 a.33 root root 4096 oct 2 10:12 .

Mesg n AIM: Send a mail to yourself.12 3. Repeat the same exercise using kill to terminate the process and use & for sending into backgound. Save the piece of message and file into some folder. and include ignou. Use talk to send all process running in background. Make provision so that you can send messages to other users but others cannot. bring any process back into the foregound with fg.txt inside the” AIM: Use the ls command and grep to display all names starting with “s” Ls|grep[^s] .ignou. suspend it with Ctrl-z and then put it into the backgound with Read the mail you have sent to yourself. Sleep 25 –s AIM: Write a shell script which returns the PID of a process and accept the name of process Ps e | grep init Echo $a | cut –f1 –d “ “ AIM: Send a message to all users which are online.Are not common words found in dictionary AIM: Execute sleep 25 in the foregound. Reply to yourself. Mail root(user 1) -> Mail amb(user 2) AIM: Use ping to find the round-trip delay to Ping “www.

13 SYSTEM ADMINISTRATION USING UNIX & LINUX AIM: Delete the user which just now added Deluser abc AIM: Write a message to inform all user “they should shut down their machine after completing the lab exercise” Wall “they should shut down their machine after completing the lab exercise” .

• Manage server applications and services such as the Domain Name System (DNS) service or the Dynamic Host Configuration Protocol (DHCP) service. • Create and manage shares. • View device configurations and add new device drivers. • View a list of users connected to a local or remote computer. Event Viewer . This can be done after or instead of importing or applying a security template. Local Security Settings The Security Settings node allows a security administrator to configure security levels assigned to a Group Policy object or local computer policy. • Start and stop system services such as the Task Scheduler and the Spooler. consolidated desktop tool.14 WINDOWS 2000: INTRODUCTION TO NETWORKING AIM: Different System Tools And Administartive Tools Computer Management Use Computer Management to manage local or remote computers using a single. Use Computer Management to: • Monitor system events such as logon times and application errors. • Set properties for storage devices. providing easy access to a specific computer's administrative properties and tools. It combines several Windows 2000 administration utilities into a single console tree.

. the failure of a driver or other system component to load during startup is recorded in the system log.15 Using the event logs in Event Viewer. An administrator can specify what events are recorded in the security log. such as creating. you can: • Manage services on local and remote computers. With Services. • Set up recovery actions to take place if a service fails. For example. For example. you can gather information about hardware. or deleting files. stop. and configure startup and recovery options. The system log The system log contains events logged by the Windows 2000 system components. The security log The security log can record security events such as valid and invalid logon attempts. The developer decides which events to record. a database program might record a file error in the application log. such as restarting the service automatically or restarting the computer (on computers running Windows 2000 only). if you have enabled logon auditing. you can start. • Create custom names and descriptions for services so that you can easily identify them (on computers running Windows 2000 only). For example. pause. Windows 2000 records events in three kinds of logs: The application log The application log contains events logged by applications or programs. opening. including remote computers running Windows NT 4.0. or resume services on remote and local computers. attempts to log on to the system are recorded in the security log. software. and system problems and monitor Windows 2000 security events. Services Using Services. You can also enable or disable services for a particular hardware profile. as well as events related to resource use. The event types logged by system components are predetermined.

including such things as the Active Directory service database. or you could lose data as well as some file and folder features. and the system files. disk quota information. if you have backed up data from an NTFS volume used in Windows 2000. which includes such things as the registry. • Back up services on servers and domain controllers. • Make a copy of your computer's System State. the Certificate Services database. For example. you can easily restore the data from the backed up copy. permissions.16 Backup The Backup utility helps you protect data from accidental loss due to hardware or storage media failure. the boot files. • Restore the backed up files and folders to your hard disk or any other disk you can access. it is recommended that you restore the data to an NTFS volume used in Windows 2000. You can use Backup to back up and restore data on either FAT or NTFS volumes. • Schedule regular backups to keep your backed up data up to date. and the File Replication service SYSVOL directory. or becomes inaccessible because of a hard disk malfunction. Using Backup. • Create an Emergency Repair Disk (ERD). you can: • Back up selected files and folders on your hard disk. In the event that the original data on your hard disk is accidentally erased or overwritten. • Make a copy of any Remote Storage data and any data stored in mounted drives. which will help you repair system files in the event they get corrupted or are accidentally erased. using Backup you can create a duplicate copy of the data on your hard disk by backing up the data to another storage device such as a hard disk or a tape. and Remote Storage information will . For example. However. mounted drive information. encrypting file system (EFS) settings.

the amount of fragmentation. FAT32. The amount of time that defragmentation takes depends on several factors. System Information displays a comprehensive view of your hardware. the number of files on the volume. As a result.17 be lost if you back up data from an NTFS volume used in Windows 2000 and then restore it to a FAT volume or an NTFS volume used in Windows NT 4. Creating new files and folders also takes longer because the free space available on the volume is scattered.0. and NTFS formatted volumes. Disk Defragmenter also consolidates your free space. System Information System Information collects and displays your system configuration information. You can use System Information to quickly find the data they need to resolve your system problem. making it less likely that new files will be fragmented. By consolidating your files and folders. your system can gain access to your files and folders and save new ones more efficiently. Disk Defragmenter Disk Defragmenter locates fragmented files and folders on local volumes. Disk Defragmenter moves the pieces of each file or folder to one location on the volume. contiguous space on the disk drive. see Related Topics. A fragmented file or folder is split up into many pieces and scattered over a volume. The displayed system information is organized into a system summary and three top-level categories that . system components. and software environment. including the size of the volume. Windows takes longer to gain access to them because it requires several additional disk drive reads to collect the various pieces. For more information. You can find all of the fragmented files and folders before defragmenting them by analyzing the volume first. Support technicians require specific information about your computer when they are troubleshooting your configuration. Windows must then save new files and folders to various locations on the volume. Disk Defragmenter can defragment FAT. When a volume contains a lot of fragmented files and folders. The process of finding and consolidating fragmented files and folders is called defragmentation. so that each occupies a single. You can see how many fragmented files and folders are saved on the volume and then decide whether or not you would benefit from defragmenting the volume. and the available local system resources.

In addition. and multimedia software. and Software Environment nodes on the console tree. • The System Summary node displays general information about your computer and the version of Windows 2000 operating system installed. System Information that display You can use the View menu to switch between the display of Basic and Advanced information. regional options. • The Hardware Resources node displays hardware-specific settings. namely DMA. This information can be used to see if a process is still running or to check version information. • The Software Environment node displays a snapshot of the software loaded in computer memory. This summary includes the name and type of your system. there is a comprehensive driver history. networking. and statistics about physical and virtual memory. This can help identify problems with a device. The Advanced view shows all of the information in the Basic view plus additional information that may be of interest to the more advanced user or to Microsoft Product Support Services. and memory addresses. which shows changes made to your components over time. The Conflicts/Sharing node identifies devices that are sharing resources or are in conflict. Components. • The Components node displays information about your Windows configuration and is used to determine the status of your device drivers. Other applications may add nodes to information specific to the application. IRQs. the name of your Windows system directory.18 correspond to the Resources. . I/O addresses.

Full Control Full Control is the default permission applied to any new shares you create. point to Settings. For more information. You should not add a new user to the Administrators group unless the user will perform only administrative tasks. o Viewing data in files. o Changing data in files. o Running program files. plus: o Changing permissions (NTFS files and folders only). In Local Users and Groups. If the computer is not part of a domain. click the Advanced tab and then click the Advanced button. click Action. you can only add existing domain users with Users and Passwords. It allows all Read and Change permissions. plus: o Adding files and subfolders. If the computer is part of a domain. Read Read permission allows: o Viewing file names and subfolder names. o Deleting subfolders and files. To open a Control Panel item. o Taking ownership (NTFS files and folders only). o Traversing to subfolders. • • • Types of access permissions for shares The following types of access permissions can be applied to shared folders. click Control Panel. Click Add. 3. Note When a folder is shared. Notes • • You must be logged on as an administrator or a member of the Administrators group to use Users and Passwords. and then click Create User. Open Users and Passwords in Control Panel. Add New User gives an existing domain user permission to use the computer. To add a new local user. Add New User creates a new local user. click Start.19 AIM: To add a new user to the computer 1. . Follow the instructions on the screen. click Users. 2. If the computer is part of a domain. and then double-click the appropriate icon. see Related Topics. Change Change permission allows all Read permissions. the default is to grant Full Access permissions to the Everyone group.

Printers. .20 AIM: To add a local Printer 1. 2. Name the printer and Set to share the Printer if it has to be available in the Network. Select The Printer Manufacturer and Model. Say LPT1. Select the Printer Port. and start the add printer wizard. Go to Settings. 4. Select Local Printer and Click next 3. 5.

If all are ok.21 6. Finalise the setting and complete the wizard. After giving Location command and Print the test page. .

3. Follow the instructions on the screen to finish connecting to the network printer. please see your printer's documentation or contact your network administrator. the option to Find a printer in the Directory will not be available. Double-click Add Printer to start the Add Printer wizard. . If you are not logged on to a Windows 2000 domain running Active Directory. or by simply right-clicking the icon and then clicking Connect. click Start. Notes • • • • • • To open Printers. Connect to the desired printer by: o Searching for it in the Active Directory. You can also connect to a printer by dragging the printer from the Printers folder on the print server and dropping it into your Printers folder. 2. If you cannot connect to your printer using the general URL format above. Click Network printer. or clicking Next to locate the printer on the network: o Typing its URL using the following format: 5. point to Settings. o Typing its name using the following format.22 AIM: To connect to a printer on a network 1. you can use it as if it were attached to your computer. and then click Next. and then click Next. Open Printers. 4. After you have connected to a shared printer on the network. and then click Printers. Connecting to a printer using its URL allows you to connect to printers across the Internet providing you have permission to use that printer.

manage. describe. To Start Active Directory Installation. applications. we want a controller for a new Active Directory infrastructure .23 AIM: Windows 2000 Active Directory and Domain controller. localize. The process takes approximately ten minutes and is described briefly in the following. users and groups. secure and access these resources. We assume that there are no other servers in your network and therefore. Microsoft's text describes it concisely: Active Directory provides a standard way to name. Run Dcpromo from Command Prompt The dcpromo command is used to raise the level of the server to become an Active Directory controller. The Active Directory (AD) of Windows 2000 Server and Windows Server 2003 basically manages all the information that is relevant in the network's operation. databases. printers. This includes connections.

the database as well as the log files should be swapped out to a separate hard disk in order to keep system performance as high as possible. . Provided your environment could grow quickly and the server could take on additional tasks.24 Afterwards. Active Directory uses its own database system in order to manage the described information efficiently. we define whether the new AD domain is to be integrated into an existing system.

There is no DNS Server running. The location of this folder can of course be changed according to need.25 The SYSVOL folder is another specialty of the Active Directory because its contents are replicated by all the Active Directory controllers in a domain. This includes login scripts. . group policies and other things that must be available on other servers as well. First We Create a Primary Zone. So we need to install DNS Server. After that We set Dynamic updates for this zone. We have to install Reverse lookup zone also. After Installing Forward Lookup zone.

168.26 After confirmation.1. .0. the Reverse Lookup Zone is installed. which points to our subnet 192. The last thing we still need is a pointer.

27 By this The DNS and Active Directory Installation Finished. .

Windows Explorer uses a tree view to display the resources that are attached to a computer or a network. AIM: Share and Share Permissions. files. For example. .28 AIM: Create a Hierarchical Directory Tree A hierarchical representation of the folders. and other resources connected to a computer or network. disk drives. I create a follows. folder test uder c:\temp directry and set permissions as Take Properties of Local Area Connction.

AIM: Install a caching DNS server and find out how it reduces the network traffic Windows 2000 authentication is implemented in two steps: an interactive logon process and a network authentication process. a zone is a subtree of the DNS database that is administered as a single separate entity. You can avoid this by logging on to your computer using your Windows domain name. In a DNS (Domain Name System) database. a DNS server. Subnet Mask. Add WINS server Entries and Complete the Settings. the same set of credentials is used by the interactive logon process and the network authentication process. If you log on without being connected to the network. You have been logged on using previously stored account information. This ." When you connect to your network.29 AIM: Install and Configure TCP/IP Properties of TCP/IP Enter Ip address. you are prompted to provide Windows domain credentials each time you access a network resource. If your credentials differ. It is similar to a domain in Windows 2000 Server networking. and DNS Server entries. and Windows domain password before you try to connect to a network resource. the cached credentials are passed to your Windows 2000 domain and you are able to access network resources without having to provide a password again. Limiting the number of protocols on performance and reduces network traffic your computer enhances network AIM: Implement delegated zones for a Doman Name server In the Macintosh environment. You receive the message "Windows cannot connect to a server to confirm your logon settings. Default Gateway. such as servers and printers. a logical grouping that simplifies browsing the network for resources. Typically. Windows 2000 recognizes the information from a previous successful logon. your Windows domain user name.

. A DNS zone administrator sets up one or more name servers for the zone.30 administrative unit can consist of a single domain or a domain with subdomains.

2 or later •32 MB Ram and Intel x86 Linux (Intel).0 (with Service Pack 6. a Linux desktop. The VPN Client on a remote PC. or higher) •Windows 2000 •Windows XP •Microsoft TCP/IP installed.0 or 50 MB hard disk space later The VPN Client supports the following Cisco VPN devices: •Cisco VPN 3000 Concentrator Series. (Confirm via Start > Settings > Control Panel > Network > Protocols or Configuration.) •50 MB hard disk space. you need–CD-ROM drive (if you are installing from CD-ROM) –Administrator privileges •The following table indicates the system requirements to install the VPN Client on each of the supported platforms. System Requirements To install the VPN Client on any system. Version 10. the term "PC" applies generically to all these computers. or a Macintosh (Mac) personal computer that meets the system requirements stated in the next section. using kernel Versions 2. In this document.2. This secure connection is a Virtual Private Network (VPN). Version 3. •RAM: –32 MB for Windows 98 –64 MB for Windows NT and Windows ME –64 MB for Windows 2000 (128 MB recommended) –128 MB for Windows XP (256 MB recommended) Computer with RedHat Version 6. creates a secure connection over the Internet that lets you access a private network as if you were an on-site user.31 WINDOWS 2000: SERVER MANAGEMENT AIM: Configuring Windows client as VPN client VPN Client is an application that runs on a Microsoft ® Windows®-based PC.1. . unless specified otherwise.12 or later Note The VPN Client does not support SMP (multiprocessor) or 64-bit processor kernels. a Sun ultraSPARC workstations. or compatible •50 MB hard disk space processor libraries with glibc Version 2. communicating with a Cisco VPN device at an enterprise or service provider.1-6 or later.6 or • 32 MB Ram 50 MB hard disk space Mac OS X. Computer Operating System Requirements Computer with a Pentium®class processor or greater •Microsoft® Windows® 98 or Windows 98 (second edition) •Windows ME •Windows NT® 4. Sun UltraSPARC 32-bit computer kernel later Macintosh computer or OS 64-bit Version Solaris • 2.0 and later.2.

00.6 Windows users: includes the following installation considerations for Installing the VPN Client Software Using InstallShield Installing the VPN Client software on Windows NT. Windows 2000.32 •Cisco PIX Firewall.00. or Windows XP with InstallShield requires Administrator privileges.0045. you must have someone who has Administrator privileges install the product for you. The version 4.0. you must have Windows NT-based products such as Windows NT 4.6.00. When installing the Windows MSI installation Windows client IS installer vpnclient-darwin-4.tar. Installation Notes The following files are included in this release: vpnclient-win-msi-4. the installation Windows and non-Windows platforms also differ.6. Version 6.0 (with SP6). Once a version VPN Client AutoUpdate package Because of platform differences.3(1). Service Pack 2 or higher. use version 5. Installation Notes . Installing with MSI also requires Administrator privileges. or Windows XP.6. the user must manually uninstall the previous VPN Client if it is older than version 4.1.bin VPN 30xx Concentrator code vpn3005-4. Version 12.00. future client versions will be able to detect the existing version 4.6 installation and automatically begin the uninstallation process.dmg Mac OS X installer vpnclient-linux-4.0045-k9.0045-k9.00.6 MSI installer does not detect older versions.2. •isco IOS Routers.Windows Platforms Release 4.gz Linux package vpnclient-solaris-4.6. and the installer will attempt to install before aborting Windows client MSI installer vpnclient-win-is- and later If you are using Internet Explorer. VPN Client Installation Using Windows Installer (MSI) Requires Windows NT SP6 .2(122) or Version 6. instructions for The following notes are important for users who are upgrading to Windows XP and users who want to downgrade to an earlier version of the VPN Client software.0045-k9. Note The VPN Client Installer does not allow installations from a network drive (CSCeb43490).Z Solaris package vpn3000-4. Windows 2000. If you do not have Administrator privileges. Installing the VPN Client Software Using the MSI Installer If you are using the MSI installer.bin VPN 3005 Concentrator code update-4.0049-k9.6 MSI package has been installed.6.

exe on Windows NT SP3. Using the VPN Client •To use the VPN Client. you must uninstall the older VPN Client before installing a new VPN Client. or This is caused by a conflict between the vpnclient kernel module cipsec and the ipfilter firewall module. or SP5 you see the following messages: "Cannot find the file instmsiw. no other messages are displayed and the installation is aborted.netscape. the reboot after installation of the VPN Client takes an inordinate amount of time. if one is present. Installation Notes . Uninstall an Older VPN Client If Present on a Solaris Platform If you have a previous version of the VPN Client running under –Microsoft Certificate Services — Windows 2000 –A digital certificate stored on a smart card. Make sure the path and filename are correct and that all the required libraries are available. Once the errors occur. To work around this issue. Disable the ipfilter Firewall Kernel Module Before Installing the VPN Client on a Solaris Platform If have an IP firewall installed on your workstation. SP4. .com) –Verisign. When you attempt to run vpnclient_en. the error messages do not indicate that the VPN Client cannot be installed on those operating systems because they are unsupported.exe (or one of its components).baltimoretechnologies. SP4.33 When you attempt to install the VPN Client using MSI install (vpnclient_en. or –Internal or external modem. and •To connect using a digital certificate for authentication. The VPN Client supports smart cards via the MS CAPI – Netscape (www. You are not required to uninstall an old VPN Client.exe) on NT SP3. Inc. you need a digital certificate signed by one of the following Certificate Authorities (CAs) installed on your PC: –Baltimore Technologies (www. before installing a new VPN Client for Linux or Mac OS –Entrust Technologies (www.entrust. disable the ipfilter firewall kernel module before you install the VPN Client (CSCdw27781). (www." The Windows Installer (MSI) can be installed only on NT SP6.Solaris Platforms The following sections describe actions you must take when installing the VPN Client on a Solaris platform." -then"Cannot find the file MSIEXEC (or one of its components). Make sure the path and filename are correct and that all the required libraries are available. so the error messages you see using earlier service packs are due to an MSI incompatibility (CSCdy05049). you need –Direct network connection (cable or DSL modem and network adapter/interface card).

tab: Security Logging Allows to activate a log-file . that the checkmark is placed for the Internet Connection Firewall. Using Settings. for which you would need to install a Non-Microsoft Firewall. Unless you need to grant such an access.34 WINDOWS 2000. like ZoneAlarm ) . SECUTIRY AIM: Protect client machine by using Internet Connection Firewall(ICF) Windows 2000 includes a Firewall to protect your system against unwanted "visitors" from the Internet ( but not controlling connections from your system to the Internet. no access is allowed from the Internet to your system to any of these services. which could run on your system. you can configure the firewall. By default. make sure. tab : Services The list of programs. which is configured using the Properties of the modem-connection :( using the Firewall on a LAN connection will cause network access problems to your system ) In the properties of the Internet Connection : tab: Advanced. do NOT activate any of these services.

PING. which people need to access from the Internet. then you need to place the Check-marks (you are prompted to confirm the system allowed to be accessed) Activate ONLY the service. the most common use is the PING program to test a network connection.35 tab : ICMP ICMP (Internet Control Message Protocol is part of TCP/IP. incl. Advanced Setup: In case you have the Internet Information Server (maybe including the FTPserver) installed and you like to allow access from the Internet. from the Internet. . the firewall will NOT respond to any ICMP . By default.

you should allow incoming echo requests (PING-requests). Warning: now your systems becomes also visible for all these "bad boys and girls". that the connection is working to your system.36 tab: ICMP To allow people on the Internet to test. which probe all IP-addresses on the Internet and then try to find out which system they had found. and some of them may try to damage your system ! .

In the Internet Protocol (TCP/IP) Properties dialog box. but do not add any port numbers in the UDP Ports or TCP Port column. If you want to permit all packets for TCP or UDP traffic. and then click Properties . Select the Enable TCP/IP Filtering (All adapters) check box. When you select this check box. leave Permit All activated. Note that you cannot block ICMP messages. and then double-click Network and Dial-up Connections . You cannot block UDP or TCP traffic by selecting Permit Only for IP Protocols and excluding IP protocols 6 and 17. Click Start . and then click Properties . you must select either of the following options: Permit All . 8. If you want to block all UDP or TCP traffic. The same filters do not apply to all adapters. There are three columns with the following labels: TCP Ports UDP Ports IP Protocols In each column. you enable filtering for all adapters. 2. 3. click Permit Only . Use IPSec Policies or packet filtering if you require more control over outbound access. click Internet Protocol (TCP/IP) . Permit Only . 7. but you configure the filters on a per-adapter basis. . click Advanced . click Permit Only . In the Components checked are used by this connection box. even if you select Permit Only in the IP Protocols column and you do not include IP protocol 1. 4. and then type the appropriate port in the Add Filter dialog box. Click TCP/IP filtering .37 AIM: Configure TCP/IP packet filter 1. TCP/IP Filtering can filter only inbound traffic. This feature does not affect outbound traffic or response ports that are created to accept responses from outbound requests. Click the Options tab. point to Settings . If you want to allow only selected TCP or UDP traffic. 6. and then click Properties . click Control Panel . Right-click the interface on which you want to configure inbound access control. 5. click Add .

Router# mstat source [destination] [group] Display IP multicast packet rate and loss information. The IP Security Policy Wizard appears. right-click IP Security Policies on Local Machine. Click Next to proceed through the Security started at the end of the previous section. Rule Wizard. Clear the Activate the default response rule check box. ensure that Use Add Wizard check box in the lower-right corner is selected. and then click Next.38 AIM: Monitoring IP Multicast Routing Command Purpose Router# mrinfo [hostname | address] [source-address | interface] Query a multicast router about which neighboring multicast routers are peering with it. Type Partner as the name of your policy. In the Properties dialog box for the policy you have just created. Click Next. Make sure the Edit Properties check box is selected (it is by default). (selected by default) and then click Next. for All network connections. 5. Using HQ-RES-WRK-01. 6. and then click Create IP Security Policy. 3. (selected by . Router# mtrace source [destination][group] Traces the path from a source to a destination branch for a multicast distribution tree for a given group. 9. and then click Add to start the Security Rule Wizard. and then click Finish. in the left pane of the MMC Console. and click Next. 4. 7. 2. Select This rule does not specify a tunnel. Select the radio button default) and click Next. AIM: To create an IPSec Policy 1. which you 8.

39 WINDOWS 2000: NETWORK MANAGEMENT AIM: Creation of Group Policy objects 1. Open Active Directory Users and Computers. open a Remote Desk Top connection to either a Windows 2000 domain controller or a member server that has Windows 2000 Administration Tools installed. You must log on to the server as a domain administrator in order to complete this procedure. Being a member of the Group Policy Creator Owners group gives the user full control of only those Group Policy objects that the user creates or those Group Policy objects that are explicitly delegated to that user. 4. 5. The reason for this is that. click Users. nonadministrators cannot manage links. by default. Click OK in the Select Users. 3. only domain administrators. Group Policy Creator Owners. also consider delegating the ability to manage the links for a specific organizational unit. In the Group Policy Creator Owners Properties dialog box. . When an administrator creates a Group Policy object. and then double click the name of each user or security group to whom you want to delegate creation rights. therefore. that user or group can be added to the Group Policy Creator Owners security group. and the inability to manage links prevents them from being able to use the Active Directory Users and Computers snap-in to create a Group Policy object. click the Members tab. and then click OK in the Group Policy Creator Owners Properties dialog box. creates a Group Policy object. the Domain Administrators group becomes the Creator Owner of the Group Policy object. By default. that user becomes the creator and owner of the Group Policy object. In the Name column in the details pane. but who is a member of the Group Policy Creator Owners group. 6. 2. It does not give the nonadministrator user any additional rights over other Group Policy objects for the domain—these users are not granted rights over Group Policy objects that they did not create. Notes • • • • To start Active Directory Users and Computers. double-click Group Policy Creator Owners. When you delegate this task to nonadministrators. that user can edit the Group Policy object. Click Add. In the console tree. or Computers dialog box. When a user who is not an administrator. and the operating system can create new Group Policy Objects. enterprise administrators. If the domain administrator wants a nonadministrator or a group to be able to create Group Policy objects. Contacts.

see Related Topics. 3. click Start.  . you can use the Import command from Certificates in MMC to replace the damaged or deleted certificate and private key with the ones you have backed up on the floppy disk. point to All Programs. You can also physically transport the recovery agent's private key and certificate. Right-click the file or folder and then click Properties. On the General tab. on a floppy disk. use the Export command from Certificates in Microsoft Management Console (MMC) to export the file recovery certificate and private key to a floppy disk. click Advanced.40 WINDOWS 2000 : TROUBLESHOOTING AIM: Backup the recovery agent Encrypting File System9EFS) Private key: 1. 6. For more information about using Certificates in MMC. Notes • • • • • To open Windows Explorer. Open windows Explorer. decrypt the file or folder. or on a network share. Then. Clear the Encrypt contents to secure data check box. import the private key and certificate. point to Accessories. Use Backup or another backup tool to restore a user's backup version of the encrypted file or folder to the computer where your file recovery certificate and recovery key are located. and then click Windows Explorer. if the file recovery certificate or private key on your computer is ever damaged or deleted. Make a backup version of the decrypted file or folder and return the backup version to the user. This procedure exposes the private key more than the procedure above but does not require any backup or restore operations or file transportation. Keep the floppy disk in a secure location. 5. If you are the recovery agent. 2. You can return the backup version of the decrypted file or folder to the user as an e-mail attachment. 4. and then delete the imported private key and certificate.